Hewlett Packard Enterprise Aruba 3810, Aruba 5400R Management And Configuration Manual

Download

Page 1

Aruba 3810 / 5400R Management and Configuration Guide for ArubaOSSwitch 16.08

Part Number: 5200-5491a Published: January 2019 Edition: 2

Page 2

Notices

The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.

Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise website.

Acknowledgments

Intel®, Itanium®, Pentium®, Xeon®, Intel Inside®, and the Intel Inside logo are trademarks of Intel Corporation in the U.S. and other countries.

Microsoft® and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated.

Java® and Oracle® are registered trademarks of Oracle and/or its affiliates.

UNIX® is a registered trademark of The Open Group.

Page 3

Chapter 1 About this guide........................................................................... 33

Applicable products..................................................................................................................................33

Switch prompts used in this guide........................................................................................................... 33

Chapter 2 Time synchronization...................................................................34

NTP..........................................................................................................................................................34

NTP related commands................................................................................................................ 34

timesync............................................................................................................................. 34

timesync ntp....................................................................................................................... 35

ntp...................................................................................................................................... 35

[no] ntp............................................................................................................................... 35

ntp enable...........................................................................................................................36

ntp authentication............................................................................................................... 37

ntp max-associations..........................................................................................................38

ntp server........................................................................................................................... 38

ntp server key-id.................................................................................................................40

ntp ipv6-multicast............................................................................................................... 40

debug ntp........................................................................................................................... 41

ntp trap............................................................................................................................... 41

show ntp servers ............................................................................................................... 42

show ntp statistics.............................................................................................................. 42

show ntp status.................................................................................................................. 43

show ntp authentication......................................................................................................43

show ntp associations........................................................................................................ 44

FQDN support for NTP servers ....................................................................................................45

FQDN support for NTP servers.......................................................................................... 45

Elements of time synchronization............................................................................................................ 47

Time synchronization protocols................................................................................................................47

timesync........................................................................................................................................ 48

Setting a time protocol on the switch....................................................................................................... 48

The SNTP protocol.................................................................................................................................. 48

Selecting and configuring SNTP................................................................................................... 49

Prerequisites...................................................................................................................... 49

sntp.....................................................................................................................................50

Enabling SNTP in Broadcast mode....................................................................................51

Configuring SNTP in unicast mode.................................................................................... 51

Viewing SNTP parameters............................................................................................................53

Viewing SNTP server addresses using the CLI..................................................................53

Enabling SNTP client authentication.............................................................................................54

Requirements to enable SNTP client authentication..........................................................54

Viewing all SNTP authentication keys that have been configured on the switch............... 55

SNTP poll interval......................................................................................................................... 55

sntp poll-interval................................................................................................................. 55

SNTP unicast time polling with multiple SNTP servers...................................................... 56

SNTP server priority......................................................................................................................56

sntp server priority .............................................................................................................56

SNTP software version................................................................................................................. 57

sntp server <version>.........................................................................................................57

SNTP server address....................................................................................................................57

Contents 3

Page 4

sntp server <ip-address>....................................................................................................57

Adding SNTP server addresses......................................................................................... 57

SNTP authentication trusted keys.................................................................................................58

trusted................................................................................................................................ 58

Configuration files and the include-credentials command .................................................58

Configuring the key-identifier, authentication mode, and key-value..............................................59

sntp authentication............................................................................................................. 59

Configuring a key-id as trusted...........................................................................................60

Associating a key with an SNTP server............................................................................. 61

sntp server priority..............................................................................................................62

Enabling and disabling SNTP client authentication............................................................62

Viewing SNTP authentication configuration information.....................................................62

Viewing statistical information for each SNTP server.........................................................64

SNTP messages in the event log..................................................................................................65

Storing security information in the running-config file................................................................... 66

The TimeP Protocol................................................................................................................................. 66

Enabling TimeP mode...................................................................................................................66

timesync timep................................................................................................................... 67

TimeP in DHCP mode........................................................................................................ 67

Enabling TimeP for DHCP..................................................................................................67

TimeP operation in manual mode................................................................................................. 68

timesync timep................................................................................................................... 68

ip timep...............................................................................................................................68

Current TimeP configuration......................................................................................................... 69

show timep......................................................................................................................... 69

show management............................................................................................................. 70

Change from one TimeP server to another ..................................................................................70

TimeP poll interval.........................................................................................................................70

ip timep...............................................................................................................................70

Disable time synchronization protocols ...................................................................................................70

Disabling TimeP in manual mode..................................................................................................70

no ip timep..........................................................................................................................71

Disabling time synchronization......................................................................................................71

no timesync........................................................................................................................ 71

Disabling timsync using the GUI........................................................................................ 71

Disabling the TimeP mode............................................................................................................ 71

no ip timep..........................................................................................................................72

Disabling time synchronization without changing the SNTP configuration................................... 72

timesync............................................................................................................................. 72

Disabling SNTP mode...................................................................................................................73

Disabling SNTP Mode...................................................................................................................73

no sntp................................................................................................................................73

Deleting an SNTP server....................................................................................................73

Disabling SNTP by deleting a server..................................................................................74

Disabling time synchronization in DHCP mode by disabling the TimeP mode parameter............74

ip timep ......................................................................................................................... 74

Other time protocol commands................................................................................................................75

Show management command...................................................................................................... 75

show management............................................................................................................. 75

Show SNTP command..................................................................................................................75

show sntp........................................................................................................................... 75

Show TimeP command................................................................................................................. 77

show................................................................................................................................... 77

Chapter 3 Resource usage............................................................................ 79

4 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 5

Viewing current resource usage...............................................................................................................79

showquos...................................................................................................................................... 79

Viewing information on resource usage...................................................................................................80

When insufficient resources are available.....................................................................................81

Policy enforcement engine............................................................................................................81

Usage notes for show resources output........................................................................................82

Chapter 4 Hardware components................................................................. 84

Services................................................................................................................................................... 84

Show services............................................................................................................................... 84

No parameters.............................................................................................................................. 84

show services.....................................................................................................................84

Show services locator................................................................................................................... 85

Show services device....................................................................................................................86

show services device......................................................................................................... 86

Requesting a reboot......................................................................................................................87

Services in Operator/Manager/Configure context......................................................................... 87

Services (operator).............................................................................................................87

Services (manager)............................................................................................................ 88

Services (configure)........................................................................................................... 89

Enable or disable devices.................................................................................................. 90

no services......................................................................................................................... 90

Accessing CLI-passthrough............................................................................................... 90

Show services set locator module.................................................................................................91

command name..................................................................................................................91

Reloading services module........................................................................................................... 91

command name..................................................................................................................91

Connection to the application via a serial port.............................................................................. 91

command name..................................................................................................................92

Shutdown the services module..................................................................................................... 92

command name..................................................................................................................92

Transceiver status....................................................................................................................................92

Operating notes.............................................................................................................................92

show interfaces transceivers.........................................................................................................93

Configuring the type of a module............................................................................................................. 93

module type...................................................................................................................................93

Clearing the module configuration........................................................................................................... 94

Configuring transceivers and modules that have not been inserted........................................................ 94

Transceivers..................................................................................................................................94

Modules.........................................................................................................................................94

Clearing the module configuration................................................................................................ 94

Power consumption................................................................................................................................. 95

show system power-supply........................................................................................................... 95

Fans......................................................................................................................................................... 98

show system ................................................................................................................................ 99

show system fans..................................................................................................................100

show system power-supply......................................................................................................... 102

Fan failures and SNMP traps...................................................................................................... 106

System boot diagnostics........................................................................................................................ 106

show system post..................................................................................................................106

show system post member...................................................................................................107

show system post vsf member..........................................................................................108

Chapter 5 Port status and configuration....................................................110

Contents 5

Page 6

Viewing port status and configuration.................................................................................................... 110

show interfaces.................................................................................................................... 110

Viewing transceiver information............................................................................................................. 112

The port VLAN tagged status.................................................................................................................113

Dynamically updating the show interfaces command............................................................................ 114

command name...........................................................................................................................114

Customizing the show interfaces command...........................................................................................115

show interfaces custom...............................................................................................................115

show interface smartrate............................................................................................................. 116

show interface port utilization ..................................................................................................... 116

Enabling or disabling ports and configuring port mode.......................................................................... 117

interface.......................................................................................................................................117

Basic USB port commands.................................................................................................................... 118

usb-port................................................................................................................................... 119

show usb-port........................................................................................................................ 119

Enabling or disabling flow control...........................................................................................................119

interface flow-control................................................................................................................... 120

Configuring auto-MDIX.......................................................................................................................... 121

interface mdix-mode....................................................................................................................121

show interfaces config.................................................................................................................121

show interfaces brief................................................................................................................... 122

Configuring friendly port names............................................................................................................. 123

interface name............................................................................................................................ 123

Configuring a single port name................................................................................................... 123

Configuring the same name for multiple ports............................................................................ 123

Viewing friendly port names with other port data........................................................................ 124

show name....................................................................................................................... 124

show interface.................................................................................................................. 124

show config...................................................................................................................... 124

Listing all ports or selected ports with their friendly port names............................................................ 124

show name..................................................................................................................................124

Including friendly port names in per-port statistics listings.......................................................... 125

show interface.................................................................................................................. 125

Searching the configuration for ports with friendly port names................................................... 127

show config...................................................................................................................... 127

Configuring uni-directional link detection............................................................................................... 127

interface link-keepalive................................................................................................................127

Enabling UDLD........................................................................................................................... 128

Changing the keepalive interval.................................................................................................. 128

Changing the keepalive retries....................................................................................................129

Configuring UDLD for tagged ports.............................................................................................129

Viewing UDLD information.......................................................................................................... 129

show link-keepalive.......................................................................................................... 129

clear link-keepalive......................................................................................................................130

Viewing summary information on all UDLD-enabled ports..........................................................130

Viewing detailed UDLD information for specific ports................................................................. 130

Port status and Port parameters............................................................................................................ 131

Connecting transceivers to fixed-configuration devices.............................................................. 131

Error messages associated with the show interfaces command................................................ 133

Using pattern matching with the show interfaces custom command .....................134

Auto-MDIX configurations...................................................................................................................... 134

Manual override.......................................................................................................................... 134

About using friendly port names............................................................................................................ 135

Configuring and operating rules for friendly port names............................................................. 135

Uni-directional link detection (UDLD).....................................................................................................136

Configuring UDLD....................................................................................................................... 136

6 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 7

Prerequisites.................................................................................................................... 137

Uplink Failure Detection.........................................................................................................................137

Configuration Guidelines for UFD............................................................................................... 139

UFD enable/disable.....................................................................................................................139

uplink-failure-detection..................................................................................................... 139

UFD configuration....................................................................................................................... 139

uplink-failure-detection track.........................................................................139

show uplink-failure-detection...........................................................................140

Port Shutdown with Broadcast Storm.................................................................................................... 141

Configuration Commands........................................................................................................... 141

fault-finder broadcast-storm............................................................................................. 141

Viewing broadcast-storm configuration....................................................................................... 142

show fault-finder broadcast-storm.................................................................................... 143

Broadcast-storm event logs........................................................................................................ 145

Multicast Storm Control..........................................................................................................................146

Overview..................................................................................................................................... 146

fault-finder multicast-storm........................................................................................146

fault-finder multicast-storm action.........................................................................148

show running-config................................................................................................ 149

show logging.......................................................................................................................... 150

Restrictions................................................................................................................................. 150

Chapter 6 Power over ethernet (PoE/PoE+) operation............................. 151

PoE ....................................................................................................................................................... 151

PoE terminology..........................................................................................................................151

Planning and implementing a PoE configuration................................................................................... 151

Power requirements.................................................................................................................... 151

Assigning PoE ports to VLANs....................................................................................................152

Applying security features to PoE configurations........................................................................152

Assigning priority policies to PoE traffic...................................................................................... 152

PoE operation........................................................................................................................................ 152

PoE configuration options........................................................................................................... 153

PD support.................................................................................................................................. 153

PoE power priority.......................................................................................................................154

Assigning PoE priority with two or more modules............................................................ 154

About configuring PoE........................................................................................................................... 154

Disabling or re-enabling PoE port operation.......................................................................................... 156

interface...................................................................................................................................... 157

Enabling support for pre-standard devices............................................................................................ 157

power-over-ethernet....................................................................................................................157

Configuring the PoE port priority............................................................................................................157

interface...................................................................................................................................... 157

Controlling PoE allocation......................................................................................................................158

int................................................................................................................................................ 158

Manually configuring PoE power levels................................................................................................. 159

Detection status: fault..................................................................................................................160

Configuring PoE redundancy (chassis switches only)........................................................................... 160

power-over-ethernet redundancy................................................................................................ 160

Changing the threshold for generating a power notice.......................................................................... 161

power-over-ethernet slot............................................................................................................. 161

Enabling or disabling ports for allocating power using LLDP.................................................................161

int poe-lldp-detect........................................................................................................................161

Enabling PoE detection via LLDP TLV advertisement........................................................................... 162

lldp config.................................................................................................................................... 162

Negotiating power using the DLL...........................................................................................................162

Contents 7

Page 8

int poe-lldp-detect........................................................................................................................162

Initiating advertisement of PoE+ TLVs................................................................................................... 164

lldp config.................................................................................................................................... 164

Temporary PoE+ power drop...................................................................................................... 164

Viewing PoE when using LLDP information...........................................................................................165

show lldp config...........................................................................................................................165

Viewing the global PoE power status of the switch................................................................................167

show power-over-ethernet.......................................................................................................... 167

Viewing PoE status on all ports..............................................................................................................168

show power-over-ethernet.......................................................................................................... 169

Viewing the PoE status on specific ports............................................................................................... 170

show power-over-ethernet.......................................................................................................... 170

Configuring thresholds for generating a power notice........................................................................... 173

PoE/PoE+ allocation using LLDP...........................................................................................................173

LLDP with PoE............................................................................................................................ 173

LLDP with PoE+..........................................................................................................................173

PoE+ with LLDP Overview............................................................................................... 173

PoE allocation.................................................................................................................. 174

Operation note............................................................................................................................ 174

Chapter 7 Port trunking............................................................................... 175

Port trunking overview........................................................................................................................... 175

Port trunk connections and configuration....................................................................................175

Viewing and configuring port trunk groups.............................................................................................176

Viewing static trunk type and group for all ports or for selected ports.........................................176

show trunks...................................................................................................................... 176

Viewing static LACP and dynamic LACP trunk data................................................................... 177

show lacp......................................................................................................................... 177

Configuring a static trunk or static LACP trunk group................................................................. 177

trunk................................................................................................................................. 177

Removing ports from a static trunk group................................................................................... 178

no trunk............................................................................................................................ 178

Enabling dynamic LACP trunk groups........................................................................................ 178

interface lacp active..........................................................................................................178

Remove ports from a dynamic LACP trunk group.......................................................................179

no interface lacp............................................................................................................... 179

Set the LACP key........................................................................................................................179

lacp...................................................................................................................................179

Specifying Minimum Active Links for LACP................................................................................ 180

lacp min-active-links............................................................................................ 180

lacp enable-timer.....................................................................................................181

show lacp min-active-links................................................................................. 182

Limitations........................................................................................................................ 183

Viewing and configuring a static trunk group (Menu).............................................................................183

Enable L4-based trunk load balancing...................................................................................................185

trunk-load-balance...................................................................................................................... 185

Viewing trunk load balancing................................................................................................................. 186

show trunks................................................................................................................................. 186

Operating notes...........................................................................................................................187

Distributed trunking................................................................................................................................ 187

Configure ISC ports.....................................................................................................................187

switch-interconnect...........................................................................................................187

Configuring distributed trunking ports......................................................................................... 188

trunk................................................................................................................................. 188

Configuring peer-keepalive links................................................................................................. 188

8 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 9

distributed-trunking...........................................................................................................189

Viewing distributed trunking information......................................................................................189

show lacp distributed........................................................................................................189

show distributed-trunk...................................................................................................... 190

Viewing peer-keepalive configuration..........................................................................................191

Viewing switch interconnect........................................................................................................ 191

Port trunk operations..............................................................................................................................191

Fault tolerance ........................................................................................................................... 191

Trunk configuration methods..................................................................................................................191

Dynamic LACP trunk...................................................................................................................191

Dynamic LACP Standby Links.................................................................................................... 192

Viewing LACP Local Information.................................................................................................192

Viewing LACP Peer Information..................................................................................................192

Viewing LACP Counters..............................................................................................................193

Using keys to control dynamic LACP trunk configuration........................................................... 193

Static trunk.................................................................................................................................. 193

Operating port trunks........................................................................................................194

Show port-security log......................................................................................................196

Static or dynamic trunk group overview...................................................................................... 197

Enabling a dynamic LACP trunk group....................................................................................... 197

Dynamic LACP standby links...................................................................................................... 198

Viewing LACP local information.................................................................................................. 198

Viewing LACP peer information.................................................................................................. 199

Viewing LACP counters...............................................................................................................199

Trunk group operation using LACP........................................................................................................200

Default port operation..................................................................................................................202

LACP operating notes and restrictions........................................................................................204

802.1X (Port-based access control) configured on a port................................................ 204

Port security..................................................................................................................... 204

Changing trunking methods............................................................................................. 204

Static LACP trunks........................................................................................................... 204

Dynamic LACP trunks...................................................................................................... 205

VLANs and dynamic LACP.............................................................................................. 205

Blocked ports with older devices...................................................................................... 205

Spanning Tree and IGMP.................................................................................................206

Half-duplex, different port speeds, or both not allowed in LACP trunks........................... 206

Dynamic/static LACP interoperation.................................................................................206

Trunk group operation using the "trunk" option......................................................................................206

Viewing trunk data on the switch............................................................................................................207

Outbound traffic distribution across trunked links.................................................................................. 207

Trunk load balancing using Layer 4 ports.............................................................................................. 208

Distributed trunking overview.................................................................................................................208

Distributed trunking interconnect protocol...................................................................................210

Configuring distributed trunking.................................................................................................. 210

Configuring peer-keepalive links............................................................................................................ 211

Maximum DT trunks and links supported....................................................................................212

Forwarding traffic with distributed trunking and spanning tree....................................................213

Forwarding unicast traffic................................................................................................. 213

Forwarding broadcast, multicast, and unknown traffic .................................................... 214

IP routing and distributed trunking.............................................................................................. 215

Distributed trunking restrictions...................................................................................................217

Updating software versions with DT...................................................................................................... 218

Chapter 8 Port Traffic Controls................................................................... 221

ICMP rate-limiting.................................................................................................................................. 221

Contents 9

Page 10

Guidelines for configuring ICMP rate-limiting..............................................................................221

Configuring ICMP rate-limiting.................................................................................................... 222

Using both ICMP rate-limiting and all-traffic rate-limiting on the same interface.........................223

Viewing the current ICMP rate-limit configuration....................................................................... 223

Operating notes for ICMP rate-limiting........................................................................................224

ICMP rate-limiting trap and Event Log messages.......................................................................225

Determining the switch port number used in ICMP port reset commands....................... 225

Configuring inbound rate-limiting for broadcast and multicast traffic.......................................... 226

Operating Notes............................................................................................................... 228

Guaranteed minimum bandwidth (GMB)............................................................................................... 228

GMB operation............................................................................................................................ 228

Impacts of QoS queue configuration on GMB operation..................................................229

Configuring GMB for outbound traffic...............................................................................230

Viewing the current GMB configuration............................................................................232

GMB operating notes.................................................................................................................. 233

Impact of QoS queue configuration on GMB commands................................................. 233

Rate-limiting Unknown Unicast Traffic................................................................................................... 233

rate-limit unknown-unicast in percent.................................................................... 233

rate-limit unknown-unicast in kbps...........................................................................234

show rate-limit unknown-unicast................................................................................. 235

Jumbo frames........................................................................................................................................ 236

Operating rules............................................................................................................................236

Jumbo traffic-handling...................................................................................................... 237

Configuring jumbo frame operation.............................................................................................238

Overview.......................................................................................................................... 238

Viewing the current jumbo configuration.......................................................................... 238

Enabling or disabling jumbo traffic on a VLAN................................................................. 240

Configuring a maximum frame size.............................................................................................240

Configuring IP MTU..........................................................................................................241

SNMP implementation......................................................................................................241

Displaying the maximum frame size.................................................................................241

Operating notes for maximum frame size........................................................................ 241

Troubleshooting...........................................................................................................................242

A VLAN is configured to allow jumbo frames, but one or more ports drops all inbound

jumbo frames....................................................................................................................242

A non-jumbo port is generating "Excessive undersize/giant frames" messages in the

Event Log......................................................................................................................... 242

Fault Finder............................................................................................................................................242

Fault Finder thresholds............................................................................................................... 243

Enabling Fault Finder.................................................................................................................. 243

Chapter 9 Configuring for Network Management Applications...............247

Configuring the switch to filter untagged traffic...................................................................................... 247

ignore-untagged-mac.................................................................................................................. 247

Viewing configuration file change information........................................................................................247

show running-config.................................................................................................................... 247

Minimal interval for successive data change notifications..................................................................... 249

setmib..........................................................................................................................................249

Viewing the current port speed and duplex configuration on a switch port............................................249

show interfaces........................................................................................................................... 250

Viewing the configuration.......................................................................................................................251

show running-config.................................................................................................................... 251

RMON advanced management............................................................................................................. 251

rmon alarm.................................................................................................................................. 252

Configuring UDLD verify before forwarding........................................................................................... 255

10 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 11

UDLD time delay......................................................................................................................... 255

Restrictions.......................................................................................................................255

UDLD configuration commands.................................................................................................. 255

link-keepalive mode..........................................................................................................256

show link-keepalive..................................................................................................................... 256

RMON generated when user changes UDLD mode................................................................... 257

MAC configurations................................................................................................................................257

Configuring the MAC address count option................................................................................ 257

snmp-server mac-count-notify..........................................................................................257

Configuring the MAC address table change option.....................................................................257

snmp-server mac-notify....................................................................................................258

Per-port MAC change options for mac-notify.............................................................................. 258

mac-notify traps................................................................................................................258

Viewing the mac-count-notify option........................................................................................... 259

show mac-count-notify..................................................................................................... 259

Viewing mac-notify traps configuration........................................................................................261

show mac-notify traps...................................................................................................... 261

Configuring sFlow.................................................................................................................................. 261

sflow............................................................................................................................................ 262

sFlow Configuring multiple instances..........................................................................................263

Viewing sFlow Configuration and Status.....................................................................................263

show sflow agent..............................................................................................................263

show snmpv3 user...................................................................................................................... 265

Configuring SNMP................................................................................................................................. 266

Network security notifications......................................................................................................266

SNMP traps on running configuration changes................................................................266

Source IP address for SNMP notifications....................................................................... 267

Listening mode................................................................................................................. 267

Group access levels....................................................................................................................267

SNMPv3 communities...................................................................................................... 269

SNMPv2c informs....................................................................................................................... 269

SNMP notifications......................................................................................................................269

Supported Notifications.................................................................................................... 270

Configuring SNMP notifications........................................................................................270

SNMPv1 and SNMPv2c Traps......................................................................................... 270

SNMPv3 users............................................................................................................................ 277

Adding users.................................................................................................................... 278

SNMP tools for switch management........................................................................................... 278

SNMP management features........................................................................................... 278

SNMPv1 and v2c access to the switch............................................................................ 279

SNMPv3 access to the switch.......................................................................................... 279

Enabling SNMPv3....................................................................................................................... 280

Configuring users in SNMPv3..................................................................................................... 281

snmpv3 user.....................................................................................................................281

Switch access from SNMPv3 agents.......................................................................................... 281

snmpv3 enable................................................................................................................. 281

Restrict access from SNMPv3 agents.........................................................................................281

snmpv3 only..................................................................................................................... 281

Restrict non-SNMPv3 agents to read-only access......................................................................282

snmpv3 restricted-access.................................................................................................282

Operating status of SNMPv3.......................................................................................................282

show snmpv3................................................................................................................... 282

Non-SNMPv3 message reception status.................................................................................... 282

show snmpv3 only............................................................................................................282

Non-SNMPv3 write message status........................................................................................... 282

show snmpv3 restricted-access....................................................................................... 282

Viewing and configuring non-version-3 SNMP communities (Menu).......................................... 282

Contents 11

Page 12

SNMP trap receiver configuration............................................................................................... 283

snmp-server host..............................................................................................................283

SNMPv2c inform option.............................................................................................................. 284

snmp-server host..............................................................................................................284

Configuring SNMPv3 notifications (CLI)......................................................................................285

SNMPv3 community mapping.....................................................................................................288

snmpv3 community.......................................................................................................... 288

Running configuration changes and SNMP traps....................................................................... 289

Startup configuration changes and SNMP traps......................................................................... 289

snmp-server enable traps startup-config-change.............................................................290

Source IP address for SNMP notifications.................................................................................. 291

snmp-server response-source..........................................................................................291

snmp-server trap-source.................................................................................................. 292

SNMP replies and traps configuration.........................................................................................293

SNMP notification configuration.................................................................................................. 293

show snmp-server............................................................................................................ 293

Assign users to groups................................................................................................................294

snmpv3 group...................................................................................................................294

snmp-server community..............................................................................................................295

Community names and values....................................................................................................296

Enabling or disabling notification/traps for network security failures and other security events

(CLI)............................................................................................................................................ 297

Viewing the current configuration for network security notifications (CLI)...................................298

Link-Change Traps......................................................................................................................299

snmp-server enable traps link-change............................................................................. 299

Viewing SNMP notification configuration (CLI)............................................................................299

Listening mode............................................................................................................................300

snmp-server listen............................................................................................................ 300

CDP configuration..................................................................................................................................301

CDP mode...................................................................................................................................301

cdp moden........................................................................................................................301

CDPv2 for voice transmission..................................................................................................... 301

cdp mode pre-standard-voice...........................................................................................302

CDP operation on individual ports...............................................................................................303

cdp enable........................................................................................................................303

CDP Operation............................................................................................................................304

cdp run............................................................................................................................. 304

CDP information filter.................................................................................................................. 304

CDP switch configuration view....................................................................................................304

show cdp.......................................................................................................................... 304

CDP neighbors switch table view................................................................................................305

show cdp neighbors......................................................................................................... 305

LLDP configuration................................................................................................................................ 306

LLDP and CDP data management..............................................................................................306

LLDP and CDP neighbor data..........................................................................................306

CDP operations................................................................................................................ 307

LLDP........................................................................................................................................... 307

LLDP operations...............................................................................................................308

Packet boundaries in a network topology.........................................................................308

LLDP operation configuration options.............................................................................. 308

Transmit and receive mode..............................................................................................309

Options for reading LLDP information collected by the switch......................................... 311

LLDP and LLDP-MED standards compatibility.................................................................311

Port trunking..................................................................................................................... 311

IP address advertisements............................................................................................... 311

Spanning-tree blocking.....................................................................................................312

802.1X blocking................................................................................................................312

12 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 13

LLDP operation on the switch.......................................................................................... 312

Time-to-Live for transmitted advertisements.................................................................... 312

Delay interval between advertisements............................................................................312

Re-initialize delay interval.................................................................................................313

SNMP notification support................................................................................................313

Changing the minimum interval........................................................................................313

Basic LLDP per-port advertisement content.....................................................................313

Port VLAN ID TLV support on LLDP.................................................................................314

LLDP-MED.................................................................................................................................. 314

LLDP-MED classes.......................................................................................................... 316

LLDP-MED operational support....................................................................................... 316

Configuring per-port transmit and receive modes....................................................................... 316

lldp admin-status.............................................................................................................. 317

Remote management address for outbound LLDP advertisements........................................... 317

lldp config ipAddrEnable...................................................................................................317

lldp config basicTlvEnable................................................................................................318

Port speed and duplex advertisement support............................................................................318

lldp config dot3TlvEnable................................................................................................. 319

Location data for LLDP-MED devices......................................................................................... 319

lldp config medPortLocation............................................................................................. 319

LLDP data change notification for SNMP trap receivers.............................................................320

lldp enable-notification......................................................................................................320

LLDP operation on the switch..................................................................................................... 321

lldp run..............................................................................................................................321

LLDP-MED fast start control....................................................................................................... 321

lldp fast-start-count...........................................................................................................321

Changing the packet transmission interval................................................................................. 322

lldp refresh-interval...........................................................................................................322

Changing the time-to-live for transmitted advertisements...........................................................322

lldp holdtime-multiplier......................................................................................................322

Delay interval ............................................................................................................................. 322

set mib lldpTxDelay.0....................................................................................................... 323

Changing the reinitialization delay interval..................................................................................323

setmib lldpReinitDelay.0................................................................................................... 323

PVID mismatch log messages.................................................................................................... 324

logging filter...................................................................................................................... 324

Viewing port configuration details................................................................................................324

show lldp config................................................................................................................324

Available switch information available outbound advertisements............................................... 325

show lldp info local-device................................................................................................325

LLDP statistics............................................................................................................................ 327

show lldp stats..................................................................................................................327

Global LLDP, port admin, and SNMP notification status.............................................................329

show lldp config................................................................................................................329

LLDP-MED connects and disconnects—topology change notification....................................... 329

lldp top-change-notify....................................................................................................... 330

Device capability, network policy, PoE status and location data................................................. 330

Network policy advertisements.........................................................................................330

Policy elements................................................................................................................ 331

PoE advertisements......................................................................................................... 331

Location data for LLDP-MED devices.............................................................................. 332

Viewing the current port speed and duplex configuration................................................ 334

Viewing LLDP statistics.................................................................................................... 334

LLDP over OOBM............................................................................................................ 334

LLDP operating notes.......................................................................................................339

Advertisements currently in the neighbors MIB...........................................................................340

show lldp info remote-device............................................................................................340

Contents 13

Page 14

PoE advertisements.................................................................................................................... 341

show lldp info remote-device............................................................................................342

show power...................................................................................................................... 342

Overview................................................................................................................................................ 342

Commands.............................................................................................................................................342

[no] lldp config basicTlvEnable management_addr.................................................................... 342

lldp config.................................................................................................................................... 343

Show commands................................................................................................................................... 343

TVL configuration...................................................................................................................................344

VLAN ID TLV...............................................................................................................................344

lldp config dot1T1vEnable................................................................................................ 344

Advertised TLVs.......................................................................................................................... 344

show lldp config................................................................................................................344

TLVs controlled by medTLvEnable..............................................................................................346

lldp config medTlvEnable................................................................................................. 346

Generic header ID in configuration file...................................................................................................347

DHCP auto deployment.............................................................................................................. 347

Add-Ignore-Tag option.................................................................................................................347

Configuration commands for the add-ignore-tag option..............................................................348

Show logging commands for the add-ignore-tag option..............................................................348

Exclusions................................................................................................................................... 348

Chapter 10 DHCPv4 server..........................................................................349

Overview................................................................................................................................................ 349

IP pools.................................................................................................................................................. 349

DHCP options........................................................................................................................................ 349

BootP support........................................................................................................................................ 349

Authoritative server and support for DHCP inform packets................................................................... 349

Authoritative pools................................................................................................................................. 350

Authoritative dummy pools.....................................................................................................................350

Change in server behavior.....................................................................................................................350

DHCPv4 configuration commands.........................................................................................................351

DHCPv4 server........................................................................................................................... 351

dhcp-server...................................................................................................................... 351

DHCP address pool name.......................................................................................................... 351

dhcp-server pool...............................................................................................................351

Authoritative..................................................................................................................... 353

DHCP client boot file................................................................................................................... 353

bootfile-name ...................................................................................................................353

DHCP client default router.......................................................................................................... 353

default-router.................................................................................................................... 353

DNS IP servers .......................................................................................................................... 353

dns-server........................................................................................................................ 354

Configure a domain name...........................................................................................................354

domain-name................................................................................................................... 354

Configure lease time................................................................................................................... 354

lease.................................................................................................................................354

NetBIOS WINS servers...............................................................................................................354

NetBIOS node type..................................................................................................................... 355

net bios-ode-type..............................................................................................................355

Subnet and mask ....................................................................................................................... 355

network.............................................................................................................................355

DHCP server options.................................................................................................................. 355

Configure DHCP server options....................................................................................... 355

IP address range.........................................................................................................................357

14 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 15

range................................................................................................................................ 357

Static bindings.............................................................................................................................357

static-bind......................................................................................................................... 357

TFTP server domain name......................................................................................................... 357

tftp-server......................................................................................................................... 358

Configure the TFTP server address............................................................................................358

tftp-server......................................................................................................................... 358

Number of ping packets.............................................................................................................. 358

dhcp-server ping...............................................................................................................358

Save DHCP server automatic bindings.......................................................................................359

dhcp-server database.......................................................................................................359

DHCP server and SNMP notifications.........................................................................................359

snmp-server enable traps.................................................................................................359

Conflict logging on a DHCP server............................................................................................. 359

dhcp-server conflict-logging............................................................................................. 360

Enable the DHCP server on a VLAN.......................................................................................... 360

dhcp-server...................................................................................................................... 360

Clear commands......................................................................................................................... 360

clear dhcp-server conflicts................................................................................................360

Reset all DHCP server and BOOTP counters.............................................................................360

clear dhcp-server statistics...............................................................................................360

Delete an automatic address binding..........................................................................................361

clear dhcp-server statistics...............................................................................................361

Show commands................................................................................................................................... 361

show dhcp-server........................................................................................................................361

Event log................................................................................................................................................ 362

Event Log Messages...................................................................................................................362

Chapter 11 DHCPv6 server.......................................................................... 365

DHCPv6 hardware address................................................................................................................... 365

DHCPv6 snooping and relay..................................................................................................................365

dhcpv6–snooping........................................................................................................................ 365

dhcpv6 snooping trust................................................................................................................. 366

dhcpv6–snooping authorized-server........................................................................................... 367

ddhcpv6–snooping database file.................................................................................................367

dhcpv6–snooping max-bindings..................................................................................................368

dhcpv6–relay option 79............................................................................................................... 369

snmp-server enable traps dhcpv6-snooping............................................................................... 369

clear dhcpv6–snooping stats.......................................................................................................370

debug security dhcpv6–snooping................................................................................................370

ipv6 source-lockdown ethernet................................................................................................... 370

ipv6 source-binding..................................................................................................................... 372

snmp-server enable traps dyn-ipv6-lockdown.............................................................................373

debug security dynamic-ipv6-lockdown...................................................................................... 374

Show commands for DHCPv6–snooping...............................................................................................374

show dhcpv6-snooping............................................................................................................... 374

show dhcpv6 snooping bindings................................................................................................. 374

show dhcpv6 snooping statistics.................................................................................................374

show ipv6 source-lockdown........................................................................................................ 375

show ipv6 source-lockdown status .............................................................................................375

show snmp-server traps..............................................................................................................376

show distributed-trunking consistency-parameters..................................................................... 376

show distributed-trunking consistency-parameters..................................................................... 377

show dhcpv6 relay...................................................................................................................... 378

DHCPv6 event log................................................................................................................................. 379

Contents 15

Page 16

DHCPv6 event messages......................................................................................................................383

Chapter 12 Zero Touch Provisioning with AirWave and Central............. 385

ZTP with AirWave.................................................................................................................................. 385

DHCP-based ZTP with AirWave................................................................................................. 385

Configuring DHCP-based ZTP with AirWave................................................................... 386

DHCP server configuration for DHCP based ZTP............................................................387

Limitations................................................................................................................................... 401

Best Practices............................................................................................................................. 401

Configure AirWave details manually........................................................................................... 401

amp-server....................................................................................................................... 402

debug ztp..........................................................................................................................404

Stacking support......................................................................................................................... 404

Disabling ZTP..............................................................................................................................404

Image Upgrade........................................................................................................................... 405

Troubleshooting...........................................................................................................................405

AMP server messages..................................................................................................... 405

Activate based ZTP with AirWave...............................................................................................405

Configuring Activate-based ZTP with AirWave.................................................................405

IPsec for AirWave Connectivity..............................................................................................................406

Overview..................................................................................................................................... 406

IPsec for Management Traffic.......................................................................................... 406

IPsec Tunnel Establishment.............................................................................................407

IPsec Tunnel Failures.......................................................................................................408

IPsec tunnel to secondary controller................................................................................ 408

AirWave IP after discovery............................................................................................... 411

Configuring the Aruba controller.......................................................................................411

AirWave Controller IP configuration commands..........................................................................411

aruba-vpn type........................................................................................................... 411

Show commands.........................................................................................................................412

show aruba-vpn................................................................................................................412

show ip route.................................................................................................................... 413

show interfaces tunnel aruba-vpn.................................................................................... 413

show crypto-ipsec sa........................................................................................................414

show running-configuration.............................................................................................. 415

ZTP with Aruba Central..........................................................................................................................416

LED Blink feature........................................................................................................................ 417

Aruba Central Configuration manually........................................................................................ 417

Activating ArubaOS-Switch Firmware Integration............................................................ 417

activate software-update enable...................................................................................... 418

activate software-update check........................................................................................418

activate software-update update...................................................................................... 419

show activate software-update.........................................................................................419

Show activate provision....................................................................................................420

aruba-central.................................................................................................................... 422

Troubleshooting...........................................................................................................................423

Show aruba-central.......................................................................................................... 423

Error reason for Aruba Central......................................................................................... 424

debug ztp..........................................................................................................................426

Error Reason log for Activate Provision........................................................................... 426

Stacking support......................................................................................................................... 427

Fault finder switch events............................................................................................................427

interface device-type network-device.......................................................................427

HTTP Proxy support with ZTP overview................................................................................................ 428

e Proxy Configuration..................................................................................................................428

16 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 17

proxy server.......................................................................................................................... 434

proxy exception ip | host.............................................................................................. 434

show proxy config................................................................................................................435

Chapter 13 File transfers............................................................................. 436

File transfer methods............................................................................................................................. 436

TFTP...................................................................................................................................................... 436

Prerequisites............................................................................................................................... 436

Downloading switch software......................................................................................................436

copy tftp flash................................................................................................................... 437

boot system flash............................................................................................................. 437

reload............................................................................................................................... 437

Enabling tftp................................................................................................................................ 438

tftp ................................................................................................................................... 438

Automatic software download from a TFTP server..................................................................... 439

auto-tftp............................................................................................................................ 439

Downloading to primary flash using TFTP.................................................................................. 440

Disabling TFTP and auto-TFTP for enhanced security...............................................................441

Enabling SSH V2 (required for SFTP)..............................................................................443

Authentication...................................................................................................................444

Troubleshooting SSH, SFTP, and SCP operations.......................................................... 445

Use USB to transfer files to and from the switch..............................................................446

SCP and SFTP...................................................................................................................................... 447

Enabling SCP and SFTP.............................................................................................................447

Using SCP and SFTP................................................................................................................. 447

Xmodem.................................................................................................................................................448

Downloading software using Xmodem........................................................................................448

Prerequisites.................................................................................................................... 449

Downloading to Flash.......................................................................................................449

Downloading to primary flash using Xmodem (Menu)................................................................ 450

USB........................................................................................................................................................451

Downloading switch software using USB....................................................................................451

Enable or disable the USB port........................................................................................ 451

Prerequisites.................................................................................................................... 451

USB port status........................................................................................................................... 451

show usb-port............................................................................................................. 451

......................................................................................................................................... 452

Switch to Switch.....................................................................................................................................452

Switch-to-switch download..........................................................................................................452

OS download from another switch................................................................................... 452

copy tftp flash................................................................................................................... 453

copy tftp flash os ............................................................................................................. 453

Copying..................................................................................................................................................454

Software images......................................................................................................................... 454

copy flash tftp................................................................................................................... 454

copy flash xmodem.......................................................................................................... 454

Copying using USB.......................................................................................................... 455

Copying diagnostic data to a remote host, USB device, PC, or UNIX workstation..................... 455

copy command-output......................................................................................................455

copy command-log........................................................................................................... 456

copy event-log.................................................................................................................. 456

copy crash-data................................................................................................................457

copy crash-data (redundant management)...................................................................... 457

copy crash-log.................................................................................................................. 458

copy crash-log (redundant management)........................................................................ 458

Contents 17

Page 18

copy core-dump (standby module)..............................................................................................459

copy fdr-log.......................................................................................................................460

Copy diagnostic data to a remote host, USB device, PC or UNIX workstation...........................460

Transferring............................................................................................................................................460

Switch configuration transfer.......................................................................................................461

TFTP ............................................................................................................................... 461

Xmodem .......................................................................................................................... 463

USB.................................................................................................................................. 464

ACL command file transfer..........................................................................................................465

tftp.................................................................................................................................... 465

Xmodem........................................................................................................................... 466

USB.................................................................................................................................. 467

Switch software download..................................................................................................................... 467

Switch software download rules..................................................................................................468

TFTP download failures................................................................................................... 468

Single copy command............................................................................................................................469

copy source.................................................................................................................................469

copy crash-files........................................................................................................................... 472

copy crash-files member............................................................................................................. 472

copy crash-files crash-file-options...............................................................................................473

Chapter 14 Monitoring and Analyzing Switch Operation......................... 474

Switch and network operations.............................................................................................................. 474

Status and counters data....................................................................................................................... 474

show system .............................................................................................................................. 474

chassislocate....................................................................................................................475

Chassislocate at startup................................................................................................... 476

Collecting processor data with the task monitor..........................................................................477

task-monitor cpu...............................................................................................................477

Switch management address information access.......................................................................477

show management........................................................................................................... 477

Component information views.....................................................................................................477

show modules.................................................................................................................. 478

Compatibility mode for v2 zl and zl modules..........................................................................................479

allow-v1-modules........................................................................................................................ 479

Port status..............................................................................................................................................480

show interfaces brief................................................................................................................... 480

Accessing port and trunk group statistics.............................................................................................. 480

Trunk bandwidth utilization..........................................................................................................480

show interfaces......................................................................................................... 480

show interfaces trunk-utilization.................................................................. 482

Statistic interactions of interface counters........................................................................483

Reset port counters.....................................................................................................................484

clear statics............................................................................................................. 484

MAC address tables...............................................................................................................................485

MAC address views and searches..............................................................................................485

show mac-address.......................................................................................................485

show mac-add detail................................................................................................ 486

show mac-address <MAC-ADDRESS> detail..........................................................487

Using the menu to view and search MAC addresses.......................................................487

Finding the port connection for a specific device on a VLAN........................................... 488

Viewing and searching port-level MAC addresses...........................................................489

Determining whether a specific device is connected to the selected port........................ 490

MSTP data............................................................................................................................................. 490

show spanning-tree.....................................................................................................................490

18 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 19

IP IGMP status.......................................................................................................................................491

show ip igmp............................................................................................................................... 491

VLAN information...................................................................................................................................493

show vlan.................................................................................................................................... 493

WebAgent status information.................................................................................................................495

Configuring local mirroring..................................................................................................................... 495

Local mirroring sessions............................................................................................................. 496

Traffic-direction criteria................................................................................................................496

interface monitor all.......................................................................................................... 496

ACL criteria for inbound traffic — deprecated............................................................................. 496

interface monitor ip...........................................................................................................497

Mirror policy for inbound traffic....................................................................................................497

class [ipv4|ipv6]................................................................................................................ 497

policy mirror......................................................................................................................497

MAC-based criteria to select traffic............................................................................................. 497

monitor mac......................................................................................................................497

Remote mirroring destination on a remote switch..................................................................................498

Remote mirroring destination on a local switch..................................................................................... 498

mirror remote ip...........................................................................................................................498

Local mirroring destination on the local switch...................................................................................... 498

mirror port....................................................................................................................................498

Monitored traffic..................................................................................................................................... 498

interface...................................................................................................................................... 499

monitor all....................................................................................................................................499

service-policy.............................................................................................................................. 499

Configuring local mirroring (Menu).........................................................................................................499

Destination mirror on a remote switch................................................................................................... 501

mirror endpoint............................................................................................................................ 501

Source mirror on the local switch...........................................................................................................502

mirror remote ip...........................................................................................................................502

Traffic-direction criteria...........................................................................................................................502

Configure ACL criteria to select inbound............................................................................................... 502

interface monitor ip access-group............................................................................................... 502

Mirror policy for inbound traffic...............................................................................................................502

class [ipv4|ipv6]...........................................................................................................................502

policy mirror.................................................................................................................................503

Configuring a destination switch in a remote mirroring session.............................................................503

Configuring a source switch in a local mirroring session....................................................................... 504

Configuring a source switch in a remote mirroring session................................................................... 504

Selecting all traffic on a port interface for mirroring according to traffic direction...................................506

Selecting all traffic on a VLAN interface for mirroring according to traffic direction............................... 507

Configuring a MAC address to filter mirrored traffic on an interface...................................................... 507

Configuring classifier-based mirroring................................................................................................... 508

Applying a mirroring policy on a port or VLAN interface............................................................. 510

Viewing a classifier-based mirroring configuration.................................................................................510

Viewing all mirroring sessions configured on the switch........................................................................ 511

Viewing the remote endpoints configured on the switch........................................................................512

Viewing the mirroring configuration for a specific session..................................................................... 513

Viewing a remote mirroring session.......................................................................................................514

Viewing a MAC-based mirroring session............................................................................................... 515

Viewing a local mirroring session...........................................................................................................515

Viewing information on a classifier-based mirroring session................................................................. 516

Viewing information about a classifier-based mirroring configuration....................................................516

Viewing information about a classifier-based mirroring configuration....................................................517

Viewing information about statistics on one or more mirroring policies................................................. 517

Viewing resource usage for mirroring policies....................................................................................... 518

Viewing the mirroring configurations in the running configuration file....................................................519

Contents 19

Page 20

Compatibility mode................................................................................................................................ 520

Port and trunk group statistics and flow control status...........................................................................521

Traffic mirroring overview.......................................................................................................................521

Mirroring overview.......................................................................................................................521

Mirroring destinations..................................................................................................................522

Mirroring sources and sessions.................................................................................................. 522

Mirroring sessions....................................................................................................................... 522

Mirroring session limits.....................................................................................................523

Selecting mirrored traffic...................................................................................................523

Mirrored traffic destinations.........................................................................................................523

Local destinations.............................................................................................................523

Remote destinations.........................................................................................................524

Monitored traffic sources.............................................................................................................524

Criteria for selecting mirrored traffic............................................................................................ 524

Mirroring configuration................................................................................................................ 524

Remote mirroring endpoint and intermediate devices.................................................................525

Migration to release K.12.xx........................................................................................................525

Booting from software versions earlier than K.12.xx........................................................ 525

Maximum supported frame size....................................................................................... 525

Frame truncation.............................................................................................................. 525

Migration to release K.14.01 or greater.......................................................................................526

Using the Menu to configure local mirroring.......................................................................................... 526

Menu and WebAgent limits......................................................................................................... 526

Remote mirroring overview.................................................................................................................... 527

Quick reference to remote mirroring setup..................................................................................527

High-level overview of the mirror configuration process........................................................................ 528

Determine the mirroring session and destination........................................................................528

For a local mirroring session............................................................................................ 528

For a remote mirroring session........................................................................................ 528

Configure a mirroring destination on a remote switch.................................................................528

Configure a destination switch in a remote mirroring session.......................................... 529

Configure a mirroring session on the source switch................................................................... 529

Configure a source switch in a remote mirroring session.................................................529

Configure the monitored traffic in a mirror session......................................................................529

Traffic selection options....................................................................................................529

Mirroring-source restrictions.............................................................................................530

About selecting all inbound/outbound traffic to mirror............................................................................530

Untagged mirrored packets.........................................................................................................530

About using SNMP to configure no-tag-added ........................................................... 531

Operating notes................................................................................................................531

About selecting inbound traffic using an ACL (deprecated)........................................................ 532

About selecting inbound/outbound traffic using a MAC address.................................................532

About selecting inbound traffic using advanced classifier-based mirroring.................................533

Classifier-based mirroring configuration................................................................................................ 534

Classifier-based mirroring restrictions.........................................................................................536

About applying multiple mirroring sessions to an interface......................................................... 537

Mirroring configuration examples................................................................................................ 538

Maximum supported frame size.............................................................................................................542

Enabling jumbo frames to increase the mirroring path MTU.......................................................542

Effect of downstream VLAN tagging on untagged, mirrored traffic........................................................543

Operating notes for traffic mirroring.............................................................................................543

Troubleshooting traffic mirroring............................................................................................................ 545

Chapter 15 Virtual Technician..................................................................... 546

Cisco Discovery Protocol (CDP)............................................................................................................ 546

20 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 21

show cdp traffic........................................................................................................................... 546

clear cdp counters.......................................................................................................................546

show cdp neighbors detail...........................................................................................................547

Enable/Disable debug tracing for MOCANA code................................................................................. 547

debug security ............................................................................................................................547

User diagnostic crash via Front Panel Security (FPS) button................................................................547

front-panel-security password-clear............................................................................................ 548

front-panel-security diagnostic-reset........................................................................................... 548

show front-panel-security............................................................................................................ 549

Diagnostic table...........................................................................................................................550

Validation rules............................................................................................................................551

FPS Error Log............................................................................................................................. 551

User initiated diagnostic crash via the serial console............................................................................ 553

front-panel-security diagnostic-reset serial-console....................................................................553

Serial console error messages....................................................................................................554

Chapter 16 Troubleshooting........................................................................555

Overview................................................................................................................................................ 555

Troubleshooting approaches..................................................................................................................555

Browser or Telnet access problems....................................................................................................... 556

Cannot access the WebAgent.....................................................................................................556

Cannot Telnet into the switch console from a station on the network......................................... 556

Unusual network activity........................................................................................................................ 557

General problems........................................................................................................................557

The network runs slow; processes fail; users cannot access servers or other devices... 557

Duplicate IP addresses.................................................................................................... 557

Duplicate IP addresses in a DHCP network.....................................................................557

The switch has been configured for DHCP/Bootp operation, but has not received a

DHCP or Bootp reply........................................................................................................558

802.1Q Prioritization problems....................................................................................................558

Ports configured for non-default prioritization (level 1 to 7) are not performing the

specified action.................................................................................................................558

Addressing ACL problems.......................................................................................................... 558

ACLs are properly configured and assigned to VLANs, but the switch is not using the

ACLs to filter IP layer 3 packets....................................................................................... 558

The switch does not allow management access from a device on the same VLAN........ 559

Error (Invalid input) when entering an IP address............................................................ 559

Apparent failure to log all "deny" matches........................................................................559

The switch does not allow any routed access from a specific host, group of hosts, or

subnet...............................................................................................................................560

The switch is not performing routing functions on a VLAN...............................................560

Routing through a gateway on the switch fails................................................................. 560

IGMP-related problems............................................................................................................... 561

IP multicast (IGMP) traffic that is directed by IGMP does not reach IGMP hosts or a

multicast router connected to a port................................................................................. 561

IP multicast traffic floods out all ports; IGMP does not appear to filter traffic................... 561

LACP-related problems...............................................................................................................561

Unable to enable LACP on a port with the interface <port-number> lacp

command .........................................................................................................................562

Port-based access control (802.1X)-related problems................................................................562

The switch does not receive a response to RADIUS authentication requests................. 562

The switch does not authenticate a client even though the RADIUS server is properly

configured and providing a response to the authentication request.................................562

During RADIUS-authenticated client sessions, access to a VLAN on the port used for

the client sessions is lost..................................................................................................562

Contents 21

Page 22

The switch appears to be properly configured as a supplicant, but cannot gain access

to the intended authenticator port on the switch to which it is connected........................ 563

The supplicant statistics listing shows multiple ports with the same authenticator MAC

address.............................................................................................................................563

The show port-access authenticator <port-list> command shows one

or more ports remain open after they have been configured with control

unauthorized ...............................................................................................................563

RADIUS server fails to respond to a request for service, even though the server's IP

address is correctly configured in the switch....................................................................563

The authorized MAC address on a port that is configured for both 802.1X and port

security either changes or is re-acquired after execution of aaa port-access

authenticator <port-list> initialize ..........................................................564

A trunked port configured for 802.1X is blocked.............................................................. 564

QoS-related problems................................................................................................................. 564

Loss of communication when using VLAN-tagged traffic................................................. 564

Radius-related problems............................................................................................................. 564

The switch does not receive a response to RADIUS authentication requests................. 564

RADIUS server fails to respond to a request for service, even though the server's IP

address is correctly configured in the switch....................................................................565

MSTP and fast-uplink problems.................................................................................................. 565

Broadcast storms appearing in the network..................................................................... 565

STP blocks a link in a VLAN even though there are no redundant links in that VLAN.....565

Fast-uplink troubleshooting.............................................................................................. 566

SSH-related problems.................................................................................................................566

Switch access refused to a client..................................................................................... 566

Executing IP SSH does not enable SSH on the switch....................................................566

Switch does not detect a client's public key that does appear in the switch's public

key file (show ip client-public-key) ....................................................................566

An attempt to copy a client public-key file into the switch has failed and the switch

lists one of the following messages..................................................................................566

Client ceases to respond ("hangs") during connection phase..........................................567

TACACS-related problems..........................................................................................................567

Event Log......................................................................................................................... 567

All users are locked out of access to the switch...............................................................567

No communication between the switch and the TACACS+ server application................ 567

Access is denied even though the username/password pair is correct............................568

Unknown users allowed to login to the switch..................................................................568

System allows fewer login attempts than specified in the switch configuration................568

TimeP, SNTP, or Gateway problems........................................................................................... 568

The switch cannot find the time server or the configured gateway.................................. 568

VLAN-related problems...............................................................................................................568

Monitor port...................................................................................................................... 568

None of the devices assigned to one or more VLANs on an 802.1Q-compliant switch

are being recognized........................................................................................................569

Link configured for multiple VLANs does not support traffic for one or more VLANs.......569

Duplicate MAC addresses across VLANs........................................................................ 569

Fan failure................................................................................................................................... 570

Mitigating flapping transceivers...................................................................................................570

Fault Finder thresholds.....................................................................................................571

Viewing transceiver information............................................................................................................. 574

Viewing information about transceivers (CLI)..............................................................................576

MIB support.................................................................................................................................576

Viewing transceiver information.................................................................................................. 576

Information displayed with the detail parameter...............................................................577

Viewing transceiver information for copper transceivers with VCT support................................ 581

Testing the Cable..............................................................................................................581

22 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 23

Using the Event Log for troubleshooting switch problems..................................................................... 583

Event Log entries........................................................................................................................ 583

Using the Menu........................................................................................................................... 584

Using the CLI.............................................................................................................................. 585

Clearing Event Log entries..........................................................................................................586

Turning event numbering on....................................................................................................... 586

Using log throttling to reduce duplicate Event Log and SNMP messages.................................. 586

Log throttle periods...........................................................................................................586

Example: of event counter operation................................................................................588

Reporting information about changes to the running configuration.............................................588

Debug/syslog operation......................................................................................................................... 589

Debug/syslog messaging............................................................................................................ 589

Hostname in syslog messages................................................................................................... 589

Logging origin-id...............................................................................................................590

Viewing the identification of the syslog message sender................................................. 592

SNMP MIB........................................................................................................................593

Debug/syslog destination devices...............................................................................................593

Debug/syslog configuration commands...................................................................................... 594

Configuring debug/syslog operation............................................................................................594

Viewing a debug/syslog configuration.............................................................................. 595

Debug command.........................................................................................................................597

Debug messages............................................................................................................. 598

Debug destinations...........................................................................................................598

Logging command.......................................................................................................................598

Configuring a syslog server..............................................................................................599

Adding a description for a Syslog server.....................................................................................602

Adding a priority description........................................................................................................602

Configuring the severity level for Event Log messages sent to a syslog server......................... 603

Configuring the system module used to select the Event Log messages sent to a

syslog server.................................................................................................................... 603

Enabling local command logging................................................................................................ 604

Operating notes for debug and Syslog........................................................................................604

Diagnostic tools......................................................................................................................................605

Port auto-negotiation...................................................................................................................605

Ping and link tests....................................................................................................................... 605

Ping test........................................................................................................................... 605

Link test............................................................................................................................ 605

Executing ping or link tests (WebAgent)...........................................................................606

Testing the path between the switch and another device on an IP network..................... 606

Issuing single or multiple link tests................................................................................... 607

Tracing the route from the switch to a host address................................................................... 607

Halting an ongoing traceroute search.............................................................................. 608

A low maxttl causes traceroute to halt before reaching the destination address............. 608

If a network condition prevents traceroute from reaching the destination........................ 608

Viewing switch configuration and operation...........................................................................................609

Viewing the startup or running configuration file......................................................................... 609

Viewing the configuration file (WebAgent).................................................................................. 609

Viewing a summary of switch operational data........................................................................... 609

Saving show tech command output to a text file.............................................................. 610

Viewing more information on switch operation............................................................................611

Searching for text using pattern matching with show command...................................... 612

Displaying the information you need to diagnose problems........................................................613

Restoring the factory-default configuration............................................................................................ 614

Resetting to the factory-default configuration..............................................................................614

Using the CLI....................................................................................................................614

Using Clear/Reset............................................................................................................ 615

Restoring a flash image......................................................................................................................... 615

Contents 23

Page 24

Recovering from an empty or corrupted flash state.................................................................... 615

DNS resolver..........................................................................................................................................617

Basic operation........................................................................................................................... 617

Configuring and using DNS resolution with DNS-compatible commands...................................618

Configuring a DNS entry............................................................................................................. 619

Using DNS names with ping and traceroute: Example:.............................................................. 620

Viewing the current DNS configuration....................................................................................... 621

Operating notes...........................................................................................................................622

Event Log messages...................................................................................................................622

Chapter 17 Job Scheduler........................................................................... 623

Job Scheduler........................................................................................................................................ 623

Commands.............................................................................................................................................623

Job at | delay | enable | disable ...........................................................................623

Show job..................................................................................................................................... 624

Show job <Name>.......................................................................................................................625

Chapter 18 Configuration backup and restore without reboot................ 626

Overview................................................................................................................................................ 626

Benefits of configuration restore without reboot..........................................................................626

Recommended scenarios...................................................................................................................... 626

Use cases.............................................................................................................................................. 626

Switching to a new configuration.................................................................................................627

Rolling back to a stable configuration using job scheduler......................................................... 628

Commands used in switch configuration restore without reboot............................................................629

Configuration backup............................................................................................................................. 629

cfg-backup...............................................................................................................................630

show config files................................................................................................................630

Configuration restore without reboot .....................................................................................................632

cfg-restore.............................................................................................................................632

Force configuration restore.............................................................................................. 634

cfg-restore non-blocking......................................................................................635

cfg-restore recovery-mode................................................................................... 636

cfg-restore verbose................................................................................................ 638

cfg-restore config_bkp..........................................................................................639

Configuration restore with force option....................................................................................... 640

System reboot commands................................................................................................641

Configuration restore without force option.................................................................................. 642

show cfg-restore status...................................................................................................642

Viewing the differences between a running configuration and a backup configuration...............644

Show commands to show the SHA of a configuration........................................................................... 646

show hash.................................................................................................................................646

Scenarios that block the configuration restoration process................................................................... 647

Limitations..............................................................................................................................................647

Blocking of configuration from other sessions.............................................................................647

Troubleshooting and support................................................................................................................. 648

debug cfg-restore................................................................................................................648

Chapter 19 Virtual Switching Framework (VSF)........................................ 649

Overview of VSF.................................................................................................................................... 649

Benefits of VSF...................................................................................................................................... 650

Member roles......................................................................................................................................... 650

Commander................................................................................................................................ 650

24 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 25

Standby....................................................................................................................................... 650

Management module............................................................................................................................. 650

VSF member ID..................................................................................................................................... 651

VSF link..................................................................................................................................................651

vsf member link........................................................................................................................... 651

Validation rules for VSF member......................................................................................652

Physical VSF ports.................................................................................................................................653

VSF domain ID.......................................................................................................................................653

VSF split.................................................................................................................................................654

VSF merge.............................................................................................................................................654

Member priority...................................................................................................................................... 654

Interface naming conventions................................................................................................................ 654

Running-configuration synchronization .................................................................................................655

VSF deployment methods......................................................................................................................655

Discovered configuration mode procedure................................................................................. 655

Provisioned configuration mode procedure.................................................................................655

Configuration commands....................................................................................................................... 656

copy core-dump.......................................................................................................................... 656

copy crash-data...........................................................................................................................656

copy crash-files........................................................................................................................... 656

copy crash-log vsf-member.........................................................................................................657

copy fdr-log................................................................................................................................. 657

erase fdr-log vsf.......................................................................................................................... 658

power-over-ethernet vsf-member................................................................................................658

redundancy switchover............................................................................................................... 659

snmp-server enable traps vsf......................................................................................................659

Validation rules................................................................................................................. 659

vsf domain...................................................................................................................................659

Validation rules................................................................................................................. 659

vsf enable....................................................................................................................................659

vsf disable........................................................................................................................ 660

Validation rules................................................................................................................. 660

vsf member reboot...................................................................................................................... 660

vsf member remove.................................................................................................................... 661

Validation rules................................................................................................................. 661

vsf member shutdown................................................................................................................. 662

Validation rules................................................................................................................. 662

vsf member priority......................................................................................................................663

vsf member type .........................................................................................................................663

Validation rules................................................................................................................. 664

Show commands................................................................................................................................... 664

show vsf...................................................................................................................................... 664

Validation rules................................................................................................................. 665

show vsf link................................................................................................................................665

show vsf member........................................................................................................................ 666

show system information vsf member ........................................................................................667

show system chassislocate.........................................................................................................668

show boot-history........................................................................................................................ 669

show system temperature........................................................................................................... 669

show system fans........................................................................................................................670

show CPU................................................................................................................................... 671

show CPU process slot............................................................................................................... 672

show modules............................................................................................................................. 673

show power-over-ethernet.......................................................................................................... 675

show system power-supply......................................................................................................... 676

OOBM-MAD commands........................................................................................................................ 680

vsf oobm-mad............................................................................................................................. 680

Contents 25

Page 26

Validation rules................................................................................................................. 680

oobm vsf member....................................................................................................................... 680

oobm vsf member interface speed-duplex.................................................................................. 681

show oobm vsf member.............................................................................................................. 682

show oobm ip.............................................................................................................................. 682

show oobm discovery..................................................................................................................683

show running-config oobm.......................................................................................................... 684

show vsf trunk-designated-forwarder............................................................................... 684

Validation rules................................................................................................................. 685

LLDP-MAD.............................................................................................................................................685

VSF split and MAD operation......................................................................................................685

MAD readiness check................................................................................................................. 686

vsf lldp-mad ipv4......................................................................................................................... 686

Validation rules................................................................................................................. 687

show vsf lldp-mad....................................................................................................................... 687

VSF re-join after a split................................................................................................................688

Mad assist device requirements..................................................................................................688

Limitations of MAD...................................................................................................................... 688

VSF restrictions......................................................................................................................................688

Updates for a VSF virtual chassis..........................................................................................................688

VSF Fast Software Upgrade.................................................................................................................. 688

Upgrading the VSF stack software..............................................................................................689

vsf sequenced-reboot.......................................................................................................689

Chapter 20 Simplifying Wireless and IoT Deployments........................... 691

Overview................................................................................................................................................ 691

Auto configuring Aruba APs...................................................................................................................691

Associating a device with a profile.............................................................................................. 691

device-profile name.......................................................................................................... 691

device-profile type............................................................................................................ 693

device-profile type device-name.......................................................................................694

show device-profile..................................................................................................................... 694

show command device-profile status............................................................................... 695

show device-profile config................................................................................................ 696

show device-profile status................................................................................. 697

Default AP Profile............................................................................................................. 698

allow-jumbo-frames.......................................................................................................... 698

Auto configuring IoT Devices................................................................................................................. 698

Creating a device identity and associating a device type............................................................698

show device-identity......................................................................................................... 699

device-profile type-device associate........................................................................................... 700

show device-profile config...........................................................................................................700

show device-profile status...........................................................................................................701

Support for Aruba device types...................................................................................................701

Isolating Rogue APs.............................................................................................................................. 702

Using the Rogue AP Isolation feature......................................................................................... 702

rogue-ap-isolation....................................................................................................................... 703

rogue-ap-isolation action.............................................................................................................703

rogue-ap-isolation whitelist..........................................................................................................704

clear rogue-ap-isolation...............................................................................................................704

Feature Interactions.................................................................................................................... 705

L3 MAC............................................................................................................................ 705

Limitations................................................................................................................................... 705

Troubleshooting...........................................................................................................................706

Switch does not detect the rogue AP TLVs...................................................................... 706

26 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 27

Show commands..............................................................................................................706

Requirements.........................................................................................................................................706

Limitations..............................................................................................................................................706

Feature Interactions............................................................................................................................... 707

Profile Manager and 802.1X....................................................................................................... 707

Profile Manager and LMA/WMA/MAC-AUTH..............................................................................707

Profile manager and Private VLANs........................................................................................... 707

MAC lockout and lockdown ........................................................................................................707

LMA/WMA/802.1X/Port-Security.................................................................................................708

Troubleshooting..................................................................................................................................... 708

Dynamic configuration not displayed when using “show running-config”....................................708

The show run command displays non-numerical value for untagged-vlan...............................708

Show commands.........................................................................................................................709

Chapter 21 IP Service Level Agreement.....................................................710

Overview................................................................................................................................................ 710

How IP SLA works................................................................................................................................. 712

Configuration commands....................................................................................................................... 712

[no] ip-sla <ID>............................................................................................................................712

ip-sla <ID> clear.......................................................................................................................... 713

[no] ip-sla <ID> history-size ........................................................................................................713

[no] ip-sla <ID> icmp-echo.......................................................................................................... 714

[no] ip-sla <ID> udp-echo............................................................................................................714

[no] ip-sla <ID> tcp-connect........................................................................................................ 714

[no] ip-sla <ID> monitor threshold-config.................................................................................... 714

[no] ip-sla <ID> monitor packet-loss............................................................................................715

[no] ip-sla <ID> monitor test-completion..................................................................................... 715

[no] ip-sla <ID> schedule............................................................................................................ 716

[no] ip-sla <ID> tos...................................................................................................................... 716

[no] ip-sla responder................................................................................................................... 716

[no] ip-sla <ID> udp-jitter ............................................................................................................716

[no] ip-sla <ID> udp-jitter-voip .................................................................................................... 717

Show commands................................................................................................................................... 717

show ip-sla <ID>......................................................................................................................... 717

show ip-sla <ID> history..............................................................................................................718

show ip-sla <ID> message-statistics...........................................................................................718

show ip-sla <ID> results .............................................................................................................719

show ip-sla <ID> aggregated-results.......................................................................................... 720

show ip-sla responder................................................................................................................. 721

show ip-sla responder statistics.................................................................................................. 721

show tech ip-sla.......................................................................................................................... 722

clear ip-sla responder statistics........................................................................................724

Validation rules.......................................................................................................................................724

Event log messages...............................................................................................................................727

Interoperability....................................................................................................................................... 728

IP SLA UDP Jitter and Jitter for VoIP ....................................................................................................728

Overview..................................................................................................................................... 728

Significance of jitter..................................................................................................................... 729

Solution components...................................................................................................................729

SLA Measurements.....................................................................................................................729

Chapter 22 Dynamic Segmentation............................................................ 732

Definition of Terms................................................................................................................................. 732

Overview................................................................................................................................................ 732

Contents 27

Page 28

Benefits of Dynamic Segmentation........................................................................................................733

Use Cases............................................................................................................................................. 733

Users/Devices and Policy Enforcement Recommendations..................................................................735

Colorless Ports.......................................................................................................................................736

Port-Based Tunneling............................................................................................................................ 736

Configuring Port-Based Tunneling.............................................................................................. 737

Operating notes...........................................................................................................................738

Interaction table...........................................................................................................................738

Restrictions................................................................................................................................. 739

Preventing double tunneling of Aruba Access Points................................................................. 740

Preventing double tunneling using device profile............................................................. 741

User-Based Tunneling........................................................................................................................... 744

User Authentication Workflow..................................................................................................... 744

How it works................................................................................................................................745

Licensing Requirements..............................................................................................................746

Dependencies............................................................................................................................. 747

Simplifying User-Based Tunneling with Reserved VLAN............................................................748

Configuration and show commands............................................................................................749

Commands to configure a tunneled node server on the switch....................................... 749

Show commands..............................................................................................................753

Commands to configure VLAN ID in user role................................................................. 759

Tunneled Node profile on a Mobility Controller and Cluster ............................................760

Using User Roles with User-Based Tunneling................................................................. 760

User-Based Tunneling in v6 networks.........................................................................................762

PAPI security..........................................................................................................................................762

Protocol Application Programming Interface (PAPI)....................................................................762

PAPI configurable secret key...................................................................................................... 762

papi-security........................................................................................................................ 763

Frequently Asked Questions..................................................................................................................764

Chapter 23 Cable Diagnostics.....................................................................767

Virtual cable testing................................................................................................................................767

Cable Diagnostics.................................................................................................................................. 767

show cable-diagnostics..........................................................................................................................770

clear cable-diagnostics.......................................................................................................................... 770

Limitations..............................................................................................................................................770

Chapter 24 Monitoring Static IP Devices................................................... 772

ip client-tracker.......................................................................................................................... 772

ip client-tracker probe-delay................................................................................................ 774

Chapter 25 Network Out-of-Band Management (OOBM) ......................... 775

OOBM concepts.....................................................................................................................................775

OOBM and switch applications................................................................................................... 776

Example...................................................................................................................................... 776

OOBM Configuration..............................................................................................................................777

Entering the OOBM configuration context from the general configuration context..................... 777

Enabling and disabling OOBM.................................................................................................... 777

Enabling and disabling the OOBM port.......................................................................................778

Setting the OOBM port speed..................................................................................................... 778

Configuring an OOBM IPv4 address...........................................................................................779

Configuring an OOBM IPv4 default gateway.............................................................................. 779

Configuring an IPv6 default gateway for OOBM devices............................................................ 780

28 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 29

oobm ipv6 default-gateway................................................................................... 780

oobm member ipv6 default-gateway.................................................................... 780

IPv6 default router preferences...................................................................................................781

ipv6 nd ra router-preference............................................................................. 781

OOBM show commands .......................................................................................................................782

Showing the global OOBM and OOBM port configuration.......................................................... 782

Showing OOBM IP configuration................................................................................................ 782

Showing OOBM ARP information............................................................................................... 783

show oobm ipv6...................................................................................................................... 783

show oobm ipv6 (for stacked switches)...................................................................................... 783

show oobm ipv6 member (for stacked switches)........................................................................ 784

show oobm ip detail (for stacked switches).................................................................................785

Application server commands................................................................................................................786

Application client commands................................................................................................................. 786

Chapter 26 Websites.................................................................................... 789

Chapter 27 Support and other resources.................................................. 790

Accessing Hewlett Packard Enterprise Support.................................................................................... 790

Accessing updates.................................................................................................................................790

Customer self repair...............................................................................................................................791

Remote support..................................................................................................................................... 791

Warranty information..............................................................................................................................791

Regulatory information...........................................................................................................................792

Documentation feedback....................................................................................................................... 792

Chassis Redundancy (5400R Switches).................................................... 793

Overview of chassis management redundancy..................................................................................... 793

Nonstop switching with redundant management modules..........................................................793

How the management modules interact......................................................................................793

About using redundant management.....................................................................................................793

Transition from no redundancy to nonstop switching..................................................................794

About setting the rapid switchover stale timer.............................................................................794

About directing the standby module to become active................................................................794

Preferred management module............................................................................................................. 794

redundancy active-management........................................................................................795

redundancy preferred-active-management.................................................................. 796

show redunancy...................................................................................................................... 797

Determining active module.................................................................................................................... 798

Diagram of the decision process.................................................................................................799

Hotswapping management modules......................................................................................................799

Hotswapping out the active management module...................................................................... 800

Management module switchover................................................................................................ 800

Events that cause a switchover........................................................................................800

What happens when switchover occurs........................................................................... 801

When switchover will not occur........................................................................................ 801

When a management module crashes while the other management module is

rebooting.......................................................................................................................... 801

Hotswapping out the active management module........................................................... 801

When the standby module is not available.......................................................................801

Hotswapping in a management module........................................................................... 802

Software version mismatch between active and hotswapped module........................................802

Other software version mismatch conditions.............................................................................. 802

Contents 29

Page 30

About turning off redundant management............................................................................................. 803

Disable management module redundancy with two modules present........................................ 803

Disable management module redundancy with only one module present..................................804

Active management module commands................................................................................................804

Viewing modules......................................................................................................................... 804

Syncing commands.....................................................................................................................804

Using the WebAgent for redundant management..................................................................................805

Enabling or disabling redundant management...................................................................................... 806

Transitioning from no redundancy to nonstop switching ...................................................................809

Setting the Rapid Switchover Stale Timer...................................................................................809

Directing the standby module to become active.................................................................................... 810

Directing the standby module to become active..........................................................................811

Setting the active management module for next boot............................................................................812

Resetting the management module....................................................................................................... 814

Viewing management information..........................................................................................................815

Viewing information about the management and fabric modules............................................... 816

Viewing information about the redundancy role of each management module.......................... 816

Viewing which software version is in each flash image...............................................................817

Viewing system software image information for both management modules............................. 817

Viewing the status of the switch and its management modules..................................................818

Standby management module commands............................................................................................ 818

Viewing redundancy status on the standby module....................................................................818

Viewing the flash information on the standby module.................................................................819

Viewing the version information on the standby module.............................................................819

Setting the default flash for boot............................................................................................................ 820

Booting the active management module from the current default flash...................................... 820

boot command ..........................................................................................................................821

Boot and reload commands with OSPFv2 or OSPFv3 enabled ............................................ 823

Modules operating in nonstop mode................................................................................ 823

Additional commands affected by redundant management............................................. 823

Displaying module events...................................................................................................................... 825

Viewing log events...................................................................................................................... 825

Copying crash file information to another file.............................................................................. 826

Viewing saved crash information.................................................................................................827

Enabling and disabling fabric modules.................................................................................................. 827

Nonstop switching features....................................................................................................................828

Nonstop switching with VRRP.....................................................................................................828

Example nonstop routing configuration.......................................................................................829

Nonstop forwarding with RIP.......................................................................................................830

Nonstop forwarding with OSPFv2 and OSPFv3......................................................................... 830

Enabling nonstop forwarding for OSPFv2........................................................................ 831

Configuring restart parameters for OSPFv2.....................................................................831

Viewing OSPFv2 nonstop forwarding information............................................................832

Enabling nonstop forwarding for OSPFv3........................................................................ 832

About downloading a new software version...........................................................................................833

File synchronization after downloading....................................................................................... 833

Potential software version mismatches after downloading......................................................... 834

Downloading a software version serially if the management module is corrupted......................835

Unsupported zl modules........................................................................................................................ 835

Hot swapping of management modules......................................................................................836

Rapid routing switchover and stale timer.................................................................................... 836

Task Usage Reporting............................................................................................................................836

Help text...................................................................................................................................... 836

process-tracking help....................................................................................................... 836

show cpu help.................................................................................................................. 836

show cpu process help.....................................................................................................837

30 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 31

Command tab..............................................................................................................................837

process-tracking............................................................................................................... 837

show cpu process.............................................................................................................837

Command ouput..........................................................................................................................838

show cpu process.............................................................................................................838

show cpu process slot <SLOT-LIST>...............................................................................838

LACP-MAD Passthrough............................................................................. 840

Overview................................................................................................................................................ 840

LACP-MAD Passthrough Configuration.................................................................................................840

interface lacp...............................................................................................................................840

show lacp.................................................................................................................................... 841

clear lacp statistics...................................................................................................................... 841

Smart Rate Technology................................................................................842

Show Smart Rate port............................................................................................................................842

Rate-Limiting — GMB features when Fast-Connect SmartRate ports are configured................843

Error messages...........................................................................................................................844

Speed-duplex.........................................................................................................................................844

Limitations on 5Gbps ports......................................................................................................... 844

Error messages...........................................................................................................................845

100 Mbps Support on Smart Rate ports................................................................................................ 845

Overview..................................................................................................................................... 845

interface speed-duplex auto-100................................................................................. 845

show interfaces smartrate.............................................................................................. 846

show interface config.......................................................................................................847

show running-config........................................................................................................... 847

Downgrade with CLI reboot command..................................................................................... 847

Downgrade without CLI reboot command (power cycle)..........................................................848

Networking 6th Generation Switch ASIC................................................... 849

Introduction............................................................................................................................................ 849

Commands.............................................................................................................................................849

Configuration setup..................................................................................................................... 849

V3 to V2 compatibility..................................................................................................................850

allow-v2-modules............................................................................................................. 850

show running-config v3-specific ......................................................................850

Show commands.........................................................................................................................851

Show system.................................................................................................................... 851

Show system information................................................................................................. 851

Show running configuration..............................................................................................852

Event logging....................................................................................................................853

Version 2 — version 3 blade compatibility on the 5400R switch............................................................853

Allow V2 command..................................................................................................................... 853

Validation rules................................................................................................................. 853

Show commands..............................................................................................................853

MAC Address Management.........................................................................855

Overview................................................................................................................................................ 855

Determining MAC addresses................................................................................................................. 855

Viewing the MAC addresses of connected devices............................................................................... 855

Viewing the switch's MAC address assignments for VLANs configured on the switch..........................856

Contents 31

Page 32

Viewing the port and VLAN MAC addresses...............................................................................857

Configuration backup and restore without reboot....................................860

32 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 33

Chapter 1

About this guide

This guide provides information on how to configure, manage, and monitor basic switch operation.

Applicable products

This guide applies to these products:

Aruba 3810 Switch Series (JL071A, JL072A, JL073A, JL074A, JL075A, JL076A)

Aruba 5400R zl2 Switch Series (J9821A, J9822A, J9850A, J9851A, JL001A, JL002A, JL003A, JL095A)

Switch prompts used in this guide

Examples in this guide are representative and may not match your particular switch/environment. Examples use simplified prompts as follows:

Prompt Explanation

switch#

switch>

switch(config)#

switch(vlan-x)#

switch(eth-x)#

switch-Stack#

switch-Stack(config)#

switch-Stack(stacking)#

switch-Stack(vlan-x)#

switch-Stack(eth-x/y)#

# indicates manager context (authority).

> indicates operator context (authority).

(config) indicates the config context.

(vlan-x) indicates the vlan context of config, where x

represents the VLAN ID. For example:

switch(vlan-128)#.

(eth-x) indicates the interface context of config, where x represents the interface. For example: switch(eth-48)#.

Stack indicates that stacking is enabled.

Stack(config) indicates the config context while

stacking is enabled.

Stack(stacking) indicates the stacking context of config while stacking is enabled.

Stack(vlan-x) indicates the vlan context of config while stacking is enabled, where x represents the VLAN ID. For example: switch-

Stack(vlan-128)#.

Stack(eth-x/y) indicates the interface context of

config, in the form (eth-<member-in-stack>/ <interface>). For example: switch(eth-1/48)#

Chapter 1 About this guide 33

Page 34

Chapter 2

Time synchronization

Using time synchronization ensures a uniform time among interoperating devices. This helps you to manage and troubleshoot switch operation by attaching meaningful time data to event and error messages.

For successful time protocol setup and specific configuration details, contact your system administrator regarding your local configuration. The ArubaOS-Switch utilizes the Network Time Protocol (NTP)

NTP

NTP synchronizes the time of day among a set of distributed time servers and clients in order to correlate events when receiving system logs and other time-specific events from multiple network devices. NTP uses the User Datagram Protocol (UDP) as its transport protocol.

All NTP communications use Coordinated Universal Time (UTC). An NTP server usually receives its time from an authoritative time source, such as a radio clock or an atomic clock attached to a time server, and then distributes this time across the network. NTP is extremely efficient; no more than one packet per minute is necessary to synchronize two machines to within a millisecond of each other.

NTP uses a stratum to describe the distance between a network device and an authoritative time source:

• A stratum 1 time server is directly attached to an authoritative time source (such as a radio or atomic clock or a GPS time source).

• A stratum 2 NTP server receives its time through NTP from a stratum 1 time server.

Before synchronizing, NTP compares the time reported by several network devices and does not synchronize with one that is significantly different, even if it is a stratum 1.

You an use the security features of NTP to avoid the accidental or malicious setting of incorrect time. One such mechanism is available: an encrypted authentication mechanism.

Though similar, the NTP algorithm is more complex and accurate than the Simple Network Time Protocol (SNTP).

IMPORTANT:

Enabling this feature results in synchronizing the system clock; therefore, it may affect all subsystems that rely on system time.

NTP related commands

The following commands allow the user to configure NTP or show NTP configurations.

timesync

Syntax

[no]timesync [timep |sntp | timep-or-sntp | ntp]

Description

Use this command to configure the protocol for network time synchronization.

Parameters and options

Deletes all timesync configurations on the device.

34 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 35

timep

Updates the system clock using TIMEP.

sntp

Updates the system clock using SNTP.

timep-or-sntp

Updates the system clock using TIMEP or SNTP (default).

ntp

Updates the system clock using NTP

timesync

Switch(config)# timesync sntp Update the system clock using SNTP. timep Update the system clock using TIMEP. timep-or-sntp Update the system clock using TIMEP or SNTP. ntp Update the system clock using NTP.

timesync ntp

Syntax

timesync ntp

Description

Use this command to update the system clock using NTP.

ntp

Syntax

[no] ntp [broadcast|unicast]

Description

This command selects the operating mode of the NTP client. Defaults to broadcast.

Parameters and options

Using no ntp disables NTP and removes all NTP configurations on the device.

no ntpExample

switch(config)# no ntp This will delete all NTP configurations on this device. Continue [y/n]?

broadcast

Sets ntp client to operate in broadcast mode.

unicast

Sets ntp client to operate in unicast mode.

[no] ntp

This command disables NTP and removes all NTP configurations on the device.

Chapter 2 Time synchronization 35

Page 36

Syntax

[no] ntp [authentication <key-id> | broadcast | enable | max-association

<integer> | server <IP-ADDR> | trap <trap-name> | unicast]

Description

Disable NTP and removes the entire NTP configuration.

Options

authentication

Configure NTP authentication.

broadcast

Operate in broadcast mode.

enable

Enable/disable NTP.

max-association

Maximum number of Network Time Protocol (NTP) associations.

server

Configure a NTP server to poll for time synchronization.

trap

Enable/disable NTP traps.

unicast

Operate in unicast mode.

Example

switch(config)# no ntp This will delete all NTP configurations on this device. Continue [y/n]?

ntp enable

Syntax

ntp enable

Description

Use this command to enable or disable NTP on the switch.

Restrictions

Validation Error/Warning/Prompt

If timeSync is in SNTP or Timep when NTP is enabled.

When timesync is NTP and ntp is enabled and we try to change timesync to SNTP.

36 Aruba 3810 / 5400R Management and Configuration Guide for

Timesync is not configured to NTP.

Disable NTP before changing timesync to SNTP or TIMEP

ArubaOS-Switch 16.08

Page 37

Enable ntp

switch(config)# ntp enable Enable/disable NTP.

ntp authentication

Syntax

ntp authentication key-id <KEY-ID> [authentication-mode <MODE> key-value <KEY-STRING>] [trusted]

Description

This command is used for authentication of NTP server by the NTP client.

Parameters and options

key-id <KEY-ID>

Sets the key-id for the authentication key.

authentication-mode

Sets the NTP authentication mode

key-value <KEY-STRING>

Sets the key-value for the authentication key.

[trusted]

Sets the authentication key as trusted.

ntp authentication

Switch(config)# ntp Authentication Configure NTP authentication.

Switch(config)# ntp authentication key-id Set the key-id for this authentication key.

Switch(config)# ntp authentication key-id <1-4294967295> Set the authentication key-id.

Switch(config)# ntp authentication key-id 1 authentication-mode Set the NTP authentication mode. trusted Set this authentication key as trusted.

Switch(config)# ntp authentication key-id 1 authentication-mode|trusted md5 Authenticate using MD5.

Switch(config)# ntp authentication key-id 1 authentication-mode|trusted md5key-value Set the NTP authentication key.

Switch(config)# ntp authentication key-id 1

Chapter 2 Time synchronization 37

Page 38

authentication-mode|trusted md5 key-value KEY Enter a string to be set as the NTP authentication key.

ntp max-associations

Syntax

ntp max-associations <number>

Description

Use this command to configure the maximum number of servers associated with this NTP client.

Parameters and options

Sets the maximum number of NTP associations, in the range of 1–8.

ntp max-associations

Switch(config)# ntp max-associations Maximum number of NTP associations.

Switch(config)# ntp max-associations <1-8> Enter the number.

Restrictions

Validation Error/Warning/Prompt

When the number of configured NTP servers is more than the max-associations value.

When the max-associations value is less than the (n) number of configured NTP servers.

The maximum number of NTP servers allowed is <number>.

Max-associations value cannot be less than the number of NTP servers configured.

ntp server

Syntax

ntp server [IP-ADDR|<IPv6-ADDR>] [<SERVER-NAME>] [key <KEY-ID>] [OOBM] [max-poll <MAX-POLL-VAL>][min-poll <MIN-POLL-VAL>][burst | iburst] [version <1-4>]

no ntp server [<IP-ADDR|IPv6-ADDR>] [server-name] [key <KEY-ID>] [oobm] [max-poll <MAX-POLL-VAL>][min-poll <MIN-POLL-VAL>][burst | iburst] [version <1-4>]

Description

This command is used to configure the NTP servers using a variety of parameters. A maximum of 8 NTP servers may be configured.

The no version of this command removes parameters from the NTP servers.

38 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 39

Parameters

IP-ADDR

Sets the IPv4 address of the NTP server.

IPv6-ADDR

Sets the IPv6 address of the NTP server.

SERVER-NAME

User configured host name will be saved in config. Hostname is resolved and IP address is updated to the existing NTP protocol data structure.

KEY-ID

Specifies the authentication key.

OOBM

Specifies that the NTP Unicast server is accessible over an OOBM interface.

MIN-POLL-VAL

Configures the minimum time intervals in seconds. Range is 4–17.

MAX-POLL-VAL

Configures the maximum time intervals in power of 2 seconds. Range is 4–17 (e.g., 5 would translate to 2 raised to 5 or 32).

BURST

Enables burst mode.

iBURST

Enables initial burst mode.

VERSION NUMBER

Sets version 1–4.

ntp server configuration

Switch(config)# ntp server Allow the software clock to be synchronized by an NTP time server. broadcast Operate in broadcast mode. unicast Operate in unicast mode.

Switch(config)# ntp server IP-ADDR IPv4 address of the NTP server. IPV6-ADDR IPv6 address of the NTP server. NAME Server name of NTP servers.

Switch(config)# ntp server <IP-ADDR> Key Specify the authentication key.

Switch(config)# ntp server <IP-ADDR> key key-id Max-poll Configure the maximum time intervals in seconds.

Switch(config)# ntp server <IP-ADDR> key key-id max-poll <4-17> Enter an integer number.

Chapter 2 Time synchronization 39

Page 40

Switch(config)# ntp server <IP-ADDR> key key-id Min-poll Configure the minimum time intervals in seconds.

Switch(config)# ntp server <IP-ADDR> key key-id min-poll <4-17> Enter an integer number.

Switch(config)# ntp server <IP-ADDR> key key-id prefer max-poll <max-poll-val> min-poll <min-poll-val> iburst Enable initial burst (iburst) mode. burst Enable burst mode.

Switch(config)# ntp server IP-ADDR key key-id prefer maxpoll <number> minpoll <number> iburst

ntp server key-id

Syntax

ntp server <IP-ADDR |IPV6-ADDR> key—id <key-id> [max-poll

<max-poll-val>] [min-poll <min-poll-val>] [burst | iburst]

Description

Configure the NTP server. <IP-ADDR> indicates the IPv4 address of the NTP server. <IPV6-ADDR> indicates the IPv6 address of the NTP server.

Options

burst

Enables burst mode.

iburst

Enables initial burst (iburst) mode.

key-id

Set the authentication key to use for this server.

max-poll <max-poll-val>

Configure the maximum time intervals in seconds.

min-poll <min-poll-val>

Configure the minimum time intervals in seconds.

ntp ipv6-multicast

Syntax

ntp ipv6-multicast

Description

Use this command to configure NTP multicast on a VLAN interface.

Restrictions

40 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 41

Validation Error/Warning/Prompt

If ipv6 is not enabled on vlan interface

ntp ipv6–multicast

Switch(vlan-2)# ntp ipv6-multicast Configure the interface to listen to the NTP multicast packets.

IPv6 address not configured on the VLAN.

debug ntp

Syntax

debug ntp [event|packet]

Description

Use this command to display debug messages for NTP.

Parameters and options

event

Displays event log messages related to NTP.

packets

Displays NTP packet messages.

debug ntp

Switch(config)# debug ntp event Display event log messages related to NTP. packet Display NTP packet messages.

ntp trap

Syntax

[no] ntp trap <TRAP-NAME>

Description

Use this command to configure NTP traps.

Parameters and options

Disables NTP traps.

TRAP-NAME

Specifies the NTP trap name.

Specifiers

Specify trap names as follows:

ntp-mode-change ntp-stratum-change ntp-peer-change ntp-new-association

Chapter 2 Time synchronization 41

Page 42

ntp-remove-association ntp-config-change ntp-leapsec-announced ntp-alive-heartbeat

Usage

The traps defined below are generated as the result of finding an unusual condition while parsing an NTP packet or a processing a timer event. Note that if more than one type of unusual condition is encountered while parsing the packet or processing an event, only the first one will generate a trap. Possible trap names are:

- 'ntpEntNotifModeChange' The notification to be sent when the NTP entity changes

mode, including starting and stopping (if possible).

- 'ntpEntNotifStratumChange' The notification to be sent when stratum level of NTP

changes.

- 'ntpEntNotifSyspeerChanged' The notification to be sent when a (new) syspeer has

been selected.

- 'ntpEntNotifAddAssociation' The notification to be sent when a new association is

mobilized.

- 'ntpEntNotifRemoveAssociation' The notification to be sent when an association is

demobilized.

- 'ntpEntNotifConfigChanged' The notification to be sent when the NTP configuration

has changed.

- 'ntpEntNotifLeapSecondAnnounced' The notification to be sent when a leap second

has been announced.

- 'ntpEntNotifHeartbeat' The notification to be sent periodically (as defined by

ntpEntHeartbeatInterval) to indicate that the NTP entity is still alive.

show ntp servers

Syntax

show ntp servers

Description

to display configured NTP server detail.

Command context

config

Examples

Shows NTP servers in detail.

switch# show ntp servers

show ntp statistics

Syntax

show ntp statistics

Description

Use this command to show NTP statistics.

42 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 43

show ntp statistics

Switch(config)# show ntp statistics

NTP Global statistics information

NTP In Packets : 100 NTP Out Packets : 110 NTP Bad Version Packets : 4 NTP Protocol Error Packets : 0

show ntp status

Syntax

show ntp status

Description

Use this command to show the status of the NTP.

show ntp status

Switch(config)# show ntp status

NTP Status information NTP Status : Disabled NTP Mode : Broadcast Synchronization Status : Synchronized Peer Dispersion : 8.01 sec Stratum Number : 2 Leap Direction : 1 Reference Assoc Id : 1 Clock Offset : 0.0000 sec Reference : 192.0.2.1 Root Delay : 0.00 sec Precision : 2**7 Root Dispersion : 15.91 sec NTP Uptime : 01d 09h 15m Time Resolution : 1 Drift : 0.000000000 sec/sec

System Time : Tue Aug 25 04:59:11 2015 Reference Time : Mon Jan 1 00:00:00 1990

show ntp authentication

Syntax

show ntp authentication

Description

Use this command to show the authentication status of the NTP.

show ntp authentication

Switch(config)# show ntp authentication

NTP Authentication Information

Key-ID Auth Mode Trusted

-------- ---------- -------

67 md5 yes 7 md5 no

Chapter 2 Time synchronization 43

Page 44

show ntp associations

Syntax

show ntp associations

Description

Use this command to show the NTP associations configured for your system.

show ntp associations

Switch(config)# show ntp associations

NTP Associations Entries

Address St T When Poll Reach Delay Offset Dispersion

-------------- --- -- ---- ----- ------ ------- ------- ----------

121.0.23.1 16 u - 1024 0 0.000 0.000 0.000

231.45.21.4 16 u - 1024 0 0.000 0.000 0.000

55.21.56.2 16 u - 1024 0 0.000 0.000 0.000

23.56.13.1 3 u 209 1024 377 54.936 -6.159 12.688

91.34.255.216 4 u 132 1024 377 1.391 0.978 3.860

show ntp associations detail

Syntax

show ntp associations detail <IP ADDR>

Description

Use this command to show the detailed status of NTP associations configured for your system.

Parameters and options

IP-ADDR

Specify the IPv4 address of the NTP server.

show ntp association detail

Switch(config)# show ntp association detail <IP ADDR>

NTP association information

IP address : 172.31.32.2 Peer Mode : Server Status : Configured, Insane, Invalid Peer Poll Intvl : 64 Stratum : 5 Root Delay : 137.77 sec Ref Assoc ID : 0 Root Dispersion : 142.75 Association Name : NTP Association 0 Reach : 376 Reference ID : 16.93.49.4 Delay : 4.23 sec Our Mode : Client Offset : -8.587 sec Our Poll Intvl : 1024 Precision : 2**19 Dispersion : 1.62 sec Association In Packets : 60 Association Out Packets : 60 Association Error Packets : 0 Origin Time : Fri Jul 3 11:39:40 2015 Receive Time : Fri Jul 3 11:39:44 2015 Transmit Time : Fri Jul 3 11:39:44 2015

-----------------------------------------------------------------------------

44 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 45

Filter Delay = 4.23 4.14 2.41 5.95 2.37 2.33 4.26 4.33 Filter Offset = -8.59 -8.82 -9.91 -8.42 -10.51 -10.77 -10.13 -10.11

FQDN support for NTP servers

Fully Qualified Domain Name (FQDN) for a NTP server allows for the configuration of server names. Support for handling multiple IP addresses is resolved as part of a DNS resolution. NTP unicast server configuration with the FQDN option can support up to 8 NTP servers including a NTP server configured using an IPv4 address. The user configured host name will be saved in configuration and during NTP protocol updates, the hostname will resolve and the IP address updated to the existing NTP protocol data structure. Actual NTP server request will happen through IP address only.

NTP server configuration should allow sever name (FQDNs) to be configured without breaking backward compatibility.

For more information on configuring NTP servers, refer to the Management and Configuration Guide for your switch.

Usage

• When NTP server details are configured using 'server-name' option, it will postpone the NTP protocol update until DNS resolution is completed or DNS resolution completes.

• If there is any failure or delay in DNS resolution, it can delay the usage of configured server for further NTP process.

• If the user provided NTP server names fail to resolve, the show ntp servers output will show each server name and the corresponding resolution status. The NTP server will not retry resolving any failed entries. Retrying the same server name will attempt resolution without incrementing the total NTP server count.

Restrictions

• NTP server will not support resolving server hostname on every NTP poll sequence.

• NTP does not check for the directed broadcast IP.

ntp server

Syntax

ntp server [IP-ADDR|<IPv6-ADDR>] [<SERVER-NAME>] [key <KEY-ID>] [OOBM] [max-poll <MAX-POLL-VAL>][min-poll <MIN-POLL-VAL>][burst | iburst] [version <1-4>]

no ntp server [<IP-ADDR|IPv6-ADDR>] [server-name] [key <KEY-ID>] [oobm] [max-poll <MAX-POLL-VAL>][min-poll <MIN-POLL-VAL>][burst | iburst] [version <1-4>]

Description

This command is used to configure the NTP servers using a variety of parameters. A maximum of 8 NTP servers may be configured.

The no version of this command removes parameters from the NTP servers.

Chapter 2 Time synchronization 45

Page 46

Parameters

IP-ADDR

Sets the IPv4 address of the NTP server.

IPv6-ADDR

Sets the IPv6 address of the NTP server.

SERVER-NAME

User configured host name will be saved in config. Hostname is resolved and IP address is updated to the existing NTP protocol data structure.

KEY-ID

Specifies the authentication key.

OOBM

Specifies that the NTP Unicast server is accessible over an OOBM interface.

MIN-POLL-VAL

Configures the minimum time intervals in seconds. Range is 4–17.

MAX-POLL-VAL

Configures the maximum time intervals in power of 2 seconds. Range is 4–17 (e.g., 5 would translate to 2 raised to 5 or 32).

BURST

Enables burst mode.

iBURST

Enables initial burst mode.

VERSION NUMBER

Sets version 1–4.

ntp server configuration

Switch(config)# ntp server Allow the software clock to be synchronized by an NTP time server. broadcast Operate in broadcast mode. unicast Operate in unicast mode.

Switch(config)# ntp server IP-ADDR IPv4 address of the NTP server. IPV6-ADDR IPv6 address of the NTP server. NAME Server name of NTP servers.

Switch(config)# ntp server <IP-ADDR> Key Specify the authentication key.

Switch(config)# ntp server <IP-ADDR> key key-id Max-poll Configure the maximum time intervals in seconds.

Switch(config)# ntp server <IP-ADDR> key key-id max-poll <4-17> Enter an integer number.

46 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 47

Switch(config)# ntp server <IP-ADDR> key key-id Min-poll Configure the minimum time intervals in seconds.

Switch(config)# ntp server <IP-ADDR> key key-id min-poll <4-17> Enter an integer number.

Switch(config)# ntp server <IP-ADDR> key key-id prefer max-poll <max-poll-val> min-poll <min-poll-val> iburst Enable initial burst (iburst) mode. burst Enable burst mode.

Switch(config)# ntp server IP-ADDR key key-id prefer maxpoll <number> minpoll <number> iburst

show ntp servers

Syntax

show ntp servers

Description

to display configured NTP server detail.

Command context

config

Examples

Shows NTP servers in detail.

switch# show ntp servers

Elements of time synchronization

Time synchronization contains several elements. These include:

• Protocol — SNTP or TimeP. The switch offers TimeP and SNTP (Simple Network Time Protocol) and a timesync command for changing the time protocol selection (or turning off time protocol operation.)

• Authentication modes — Broadcast or Unicast for SNTP, and DHCP or Manual for TimeP

• Status — Enabled or Disabled. Simply selecting a time synchronization protocol does not enable that protocol on the switch. You must also enable the protocol itself by setting the appropriate parameter (enabled or disabled).

Although you can create and save configurations for both time protocols without conflicts, the switch allows only one active time protocol at any time. In addition, the switch retains the parameter settings for both time protocols, even if you change from one protocol to the other. Thus, if you select a time protocol, the switch uses the parameters you last configured for the selected protocol.

Time synchronization protocols

Use the timesync command to set the time synchronization protocol, either SNTP or TimeP.

Chapter 2 Time synchronization 47

Page 48

• SNTP—To run SNTP as the switch's time synchronization protocol, you must also select SNTP as the time synchronization method using the CLI timesync command, or the menu interface Time Sync Method parameter.

• TimeP—You can manually assign the switch to use a TimeP server or use DHCP to assign the TimeP server. In either case, the switch can get its time synchronization updates from only one, designated TimeP server. This option enhances security by specifying which time server to use.

timesync

Syntax

timesync [timep|sntp]

Description

The timesync command configures the network time protocol for sntp or timep.

Parameters and options

sntp

Sets the time protocol to SNTP.

TimeP

Sets the time protocol to TIMEP.

timesync [timep | sntp]

switch# timesync timep

switch# timesync sntp

Setting a time protocol on the switch

Procedure

1. Select a time synchronization protocol: SNTP or TimeP (the default). See timesync on page 48.

2. Enable the protocol. Choose one:

• SNTP: Broadcast or Unicast

• TimeP: DHCP or Manual

3. Configure the remaining parameters for the time protocol you selected.

4. View the configuration.

The SNTP protocol

SNTP provides the following operating modes:

• Broadcast mode

The switch acquires time updates by accepting the time value from the first SNTP time broadcast detected. (In this case, the SNTP server must be configured to broadcast time updates to the network broadcast address; see the documentation provided with your SNTP server application.) Once the switch detects a particular server, it ignores time broadcasts from other SNTP servers unless the configurable Poll Interval expires three

48 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 49

consecutive times without an update received from the first-detected server. If the Poll Interval (configurable up to 720 seconds) expires three times without the switch detecting a time update from the original server, the switch accepts a broadcast time update from the next server it detects.Directs the switch to acquire its time synchronization from data broadcast by any SNTP server to the network broadcast address. The switch uses the first server detected and ignores any others. However, if the Poll Interval (configurable up to 720 seconds) expires three times without the switch detecting a time update from the original server, the switch accepts a broadcast time update from the next server it detects.

NOTE: To use Broadcast mode, the switch and the SNTP server must be in the same subnet.

• Unicast mode

Directs the switch to poll a specific server periodically for SNTP time synchronization.The default value between each polling request is 720 seconds, but can be configured.At least one manually configured server IP address is required.

NOTE: At least one key-id must be configured as trusted, and it must be associated with one of the SNTP servers. To edit or remove the associated key-id information or SNTP server information, SNTP authentication must be disabled.

The switch periodically requests a time update, for the purposes of time synchronization, from the configured SNTP server. (You can configure one server using the menu interface, or up to three servers using the CLI sntp server command.) This option provides increased security over the Broadcast mode by specifying which time server to use instead of using the first one detected through a broadcast. The default value between each polling request is 720 seconds, but can be configured. At least one manually configured server IP address is required.

When running SNTP unicast time polling as the time synchronization method, the switch requests a time update from the server you configured, with either the server address parameter in the menu interface, or the primary server in a list of up to three SNTP servers configured using the CLI. If the switch does not receive a response from the primary server after three consecutive polling intervals, the switch tries the next server (if any) in the list. If the switch tries all servers in the list without success, it sends an error message to the Event Log and reschedules to try the address list again after the configured Poll Interval time has expired.

If there are already three SNTP server addresses configured on the switch, and you want to use the CLI to replace one of the existing addresses with a new one, you must delete the unwanted address before you configure the new one.

Selecting and configuring SNTP

Procedure

Use the SNTP command to specify whether the switch operates in broadcast or unicast mode. With no mode specified, the setting defaults to broadcast.

Prerequisites

• Configure at least one key-id as trusted, and then associate it with one of the SNTP servers (see SNTP authentication trusted keys on page 58

• Configure the appropriate parameters, such as poll interval, server address and version

• To edit or remove the associated key-id information or SNTP server information, disable SNTP authentication

Chapter 2 Time synchronization 49

Page 50

sntp

IMPORTANT:

To enable authentication, you must configure either unicast or broadcast mode. After authentication is enabled, changing the mode from unicast to broadcast or vice versa is not allowed; you must disable authentication and then change the mode.

To set the SNTP mode or change from one mode to the other, enter the appropriate command.

Syntax

sntp

Description

This command configures SNTP, including specifying whether the switch operates in broadcast or unicast mode.

Parameters and options

Disabled

The Default. SNTP does not operate, even if specified by the Menu interface Time Sync Method parameter or the CLI timesync command.

Unicast

Directs the switch to poll a specific server for SNTP time synchronization. Requires at least one server address.

Broadcast

Directs the switch to acquire its time synchronization from data broadcast by any SNTP server to the network broadcast address. The switch uses the first server detected and ignores any others. However, if the Poll Interval expires three times without the switch detecting a time update from the original server, the switch accepts a broadcast time update from the next server it detects.

Poll interval (seconds)

In Unicast Mode: Specifies how often the switch polls the designated SNTP server for a time update.

In Broadcast Mode: Specifies how often the switch polls the network broadcast address for a time update.

Value is between 30 to 720 seconds.

Server Address

Used only when the SNTP Mode is set to Unicast. Specifies the IP address of the SNTP server that the switch accesses for time synchronization updates. You can configure up to three servers; one using the menu or CLI, and two more using the CLI.

Server Version

Specifies the SNTP software version to use and is assigned on a per-server basis. The version setting is backwards-compatible. For example, using version 3 means that the switch accepts versions 1 through 3. Default: 3; range: 1 to 7.

Priority

Specifies the order in which the configured servers are polled for getting the time.

Value is between 1 and 3.

oobm

For switches that have a separate out-of-band management port, specifies that SNTP traffic goes through that port. (By default, SNTP traffic goes through the data ports.)

50 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 51

sntp broadcast|unicast output

switch# sntp broadcast

switch# sntp unicast

Enabling SNTP in Broadcast mode

Because the switch provides an SNTP polling interval (default: 720 seconds), you need only 48 and sntp on page 50 commands for minimal SNTP broadcast configuration.

Figure 1: SNTP in Broadcast Mode on page 51 shows time synchronization in the factory default configuration, TimeP.

Procedure

1. To view the current time synchronization, enter show sntp.

2. Use the timesync command to set SNTP as the time synchronization mode:

timesync sntp

3. Use the SNTP command to enable SNTP for Broadcast mode:

sntp broadcast

4. View the SNTP configuration again to verify the configuration.

Figure 1: SNTP in Broadcast Mode

timesync on page

Configuring SNTP in unicast mode

As with broadcast mode, configuring SNTP for unicast mode enables SNTP. For unicast operation, however, you must also specify the IP address of at least one SNTP server. The switch allows up to three unicast servers. You can use the Menu interface or the CLI to configure one server or to replace an existing unicast server with another. To add a second or third server, you must use the CLI.

The following is an example of a full SNTP unicast operation.

Procedure

1. Select the SNTP protocol:

Chapter 2 Time synchronization 51

Page 52

switch(config)# timesync sntp

2. Set the mode to unicast:

switch(config)# sntp unicast

3. Specify the SNTP server and set the server priority:

switch(config)# sntp server priority 1 10.28.227.141

This specifies the SNTP server and accepts the current SNTP server version (default: 3).

switch(config)# show sntp SNTP Configuration SNTP Authentication : Disabled Time Sync Mode: Timep SNTP Mode : disabled Poll Interval (sec) [720] : 720 Source IP Selection: Outgoing Interface switch(config)# timesync sntp switch(config)# sntp broadcast switch(config)# show sntp SNTP Configuration SNTP Authentication : Disabled Time Sync Mode: Sntp SNTP Mode : Broadcast Poll Interval (sec) [720] : 720 Source IP Selection: Outgoing Interface

If the SNTP server you specify uses SNTP v4 or later, use the sntp server command to specify the correct version number. For example, suppose you learned that SNTP v4 was in use on the server you specified above (IP address 10.28.227.141.) You would use the following commands to delete the server IP address , re-enter it with the correct version number for that server.

switch(config)# sntp server priority 1 10.28.227.141 4 switch(config)# show sntp SNTP Configuration SNTP Authentication : Disabled Time Sync Mode: Sntp SNTP Mode : Unicast Poll Interval (sec) [720] : 720 Source IP Selection: Outgoing Interface Priority SNTP Server Address Version Key-id

52 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 53

-------- ------------------- ------- ----------

1 10.28.227.141 4 0

Figure 2: SNTP in unicast mode

If the SNTP server you specify uses SNTP v4 or later, use the sntp server command to specify the correct version number. For example, suppose SNTP v4 is in use on the server you specified above (IP address

10.28.227.141.) Use the SNTP commands shown in the following figure to delete the server IP address, and then

re-enter it with the correct version number for that server.

Figure 3: Specifying the SNTP protocol version number

Viewing SNTP parameters

Viewing SNTP server addresses using the CLI

The System Information screen in the menu interface displays only one SNTP server address, even if the switch is configured for two or three servers.

show management

Syntax

show management

Description

Displays all configured SNTP servers on the switch.

Chapter 2 Time synchronization 53

Page 54

Viewing SNTP server addresses using the GUI

switch# show management

Status and Counters - Management Address Information Time Server Address : fe80::215:60ff:fe7a:adc0%vlan10

Priority SNTP Server Address Protocol Version

-------- ---------------------------------------------- ----------------

1 2001:db8::215:60ff:fe79:8980 7 2 10.255.5.24 3 3 fe80::123%vlan10 3

Default Gateway : 10.0.9.80

VLAN Name MAC Address | IP Address

------------ ------------------- + -------------------

DEFAULT_VLAN 001279-88a100 | Disabled VLAN10 001279-88a100 | 10.0.10.17

Enabling SNTP client authentication

The command sntp authentication enables SNTP client authentication on the switch. If SNTP authentication is not enabled, SNTP packets are not authenticated.

Enabling SNTP authentication allows network devices such as switches to validate the SNTP messages received from an NTP or SNTP server before updating the network time. NTP or SNTP servers and clients must be configured with the same set of authentication keys so that the servers can authenticate the messages they send and clients (switches) can validate the received messages before updating the time.

This feature provides support for SNTP client authentication on switches, which addresses security considerations when deploying SNTP in a network.

Requirements to enable SNTP client authentication

You must configure all of the the following items to enable SNTP client authentication on the switch.

SNTP client Authentication Support Requirements

• Timesync mode must be SNTP. Use the timesync sntp command. SNTP is disabled by default.

• SNTP must be in unicast or broadcast mode.

• The MD5 authentication mode must be selected.

• An SNTP authentication key-identifier (key-id) must be configured on the switch and a value (key-value) must be provided for the authentication key. A maximum of 8 sets of key-id and key-value can be configured on the switch.

• Among the keys that have been configured, one key or a set of keys must be configured as trusted. Only trusted keys will be used for SNTP authentication.

• If the SNTP server requires authentication, one of the trusted keys has to be associated with the SNTP server.

• SNTP client authentication must be enabled on the switch. If client authentication is disabled, packets are processed without authentication. All of the above steps are necessary to enable authentication on the client.

SNTP server authentication support

The following must be performed on the SNTP server:

54 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 55

• The same authentication key-identifier, trusted key, authentication mode and key-value that were configured on the SNTP client must also be configured on the SNTP server.

• SNTP server authentication must be enabled on the server. If any of the parameters on the server are changed, the parameters have to be changed on all the SNTP clients in the network as well. The authentication check will fail on the clients otherwise, and the SNTP packets will be dropped.

NOTE:

SNTP server is not supported on HPE products.

IMPORTANT:

If any of the parameters on the server are changed, the parameters have to be changed on all the SNTP clients in the network as well. The authentication check fails on the clients otherwise, and the SNTP packets are dropped.

Viewing all SNTP authentication keys that have been configured on the switch

Enter the show sntp authentication command.

Show SNTP authentication command output

switch(config)# show sntp authentication

SNTP Authentication Information

SNTP Authentication : Enabled

Key-ID Auth Mode Trusted

------- ---------- --------

55 MD5 Yes 10 MD5 No

SNTP poll interval

IMPORTANT:

This parameter is different from the poll interval parameter used for the TimeP operation. Enabling SNTP mode also enables the SNTP poll interval.

sntp poll-interval

Syntax

sntp poll-interval <30-720>

Description

Configures the poll interval to specify the amount of time between updates of the system clock using SNTP. Defaults to 720 seconds, and the range is 30 to 720 seconds.

Changing an SNTP poll interval to 300 seconds

switch# sntp 300

Chapter 2 Time synchronization 55

Page 56

SNTP unicast time polling with multiple SNTP servers

When you use the Menu interface to configure an SNTP server IP address, the new address writes over the current primary address, if one is configured.

When running SNTP unicast time polling as the time synchronization method, the switch requests a time update from the server you configured with either the Server Address parameter in the menu interface, or the primary server in a list of up to three SNTP servers configured using the CLI. If the switch does not receive a response from the primary server after three consecutive polling intervals, the switch tries the next server (if any) in the list. If the switch tries all servers in the list without success, it sends an error message to the Event Log and reschedules to try the address list again after the configured Poll Interval time has expired.

SNTP server priority

Set the server priority to choose the order in which to poll configured servers.

sntp server priority

Syntax

[no] sntp server priority <ip-address>

Description

Polls for the current time among configured SNTP servers.

Parameters and options

Deletes a server address. If there are multiple addresses and you delete one of them, the switch re-orders the address priority.

server priority <1-3>

Specifies the polling order of the configured SNTP servers. Value is between 1 and 3.

<IP-ADDRESS>

Supports bot IPv4 and IPv6 addresses.

Set the server priority

To set one server to priority 1 and another to priority 2:

switch# sntp server priority 1 10.28.22.141 switch# sntp server priority 2 2001:db8::215:60ff:fe79:8980

Delete a server address

To delete the primary address and automatically convert the secondary address to primary:

switch(config)# no sntp server 10.28.227.141

56 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 57

SNTP software version

sntp server <version>

Syntax

sntp server [<IP-ADDRESS>] [<VERSION>]

Description

Specifies the SNTP software version to use. Assigned on a per-server basis.

Parameters and options

<IP-ADDRESS>

SNTP server ip-address

The version setting is backwards-compatible. For example, using version 3 means that the switch accepts versions 1 through 3. Default: 3; range: 1 to 7.

SNTP server address

Required only for unicast mode. Specifies the IP address of the SNTP server that the switch accesses for time synchronization updates. You can configure up to three servers; one using the menu or CLI, and two more using the CLI.

sntp server <ip-address>

Syntax

sntp server <ip-address>

Description

Specifies the IP address of the SNTP server for use in unicast mode.

Parameters and options

<ip-address>

An IPv4 or IPv6 address of an SNTP server.

Adding SNTP server addresses

You can configure one SNTP server address using either the Menu interface or the CLI. To configure a second and third address, you must use the CLI. To configure these remaining two addresses, you would do the following:

Creating additional SNTP server addresses with the CLI

Switch(config)# no sntp server priority 1 2001:db8::215:60ff:fe79:8980 Switch(config)# no sntp server priority 2 10.255.5.24

NOTE: If there are already three SNTP server addresses configured on the switch, and you want to use the CLI to replace one of the existing addresses with a new one, you must delete the unwanted address before you configure the new one.

Chapter 2 Time synchronization 57

Page 58

SNTP authentication trusted keys

Trusted keys are used in SNTP authentication. In unicast mode, you must associate a key with a specific NTP/ SNTP server. That key is used for authenticating the SNTP packet.

In unicast mode, a specific server is configured on the switch so that the SNTP client communicates with the specified server to get the date and time.

In broadcast mode, the SNTP client switch checks the size of the received packet to determine if it is authenticated. If the broadcast packet is authenticated, the key-id value is checked to see if the same key-id value is configured on the SNTP client switch. If the switch is configured with the same key-id value, and the key-id value is configured as "trusted," the authentication succeeds. Only trusted key-id value information is used for SNTP authentication.

If the packet contains key-id value information that is not configured on the SNTP client switch, or if the received packet contains no authentication information, it is discarded. The SNTP client switch expects packets to be authenticated if SNTP authentication is enabled.

When authentication succeeds, the time in the packet is used to update the time on the switch.

trusted

Syntax

trusted

Description

Parameters and options

Configuration files and the include-credentials command

You can use the include-credentials command to store security information in the running-config file. This allows you to upload the file to a TFTP server and then later download the file to the switches on which you want to use the same settings.

The authentication key values are shown in the output of the show running-config and show config commands only if the include-credentials command was executed.

When SNTP authentication is configured and include-credentials has not been executed, the SNTP authentication configuration is not saved.

The following example shows an enabled SNTP authentication with a key-id of 55.

Configuration file with SNTP authentication information

switch(config) # show config Startup configuration: timesync sntp sntp broadcast sntp 50 sntp authentication sntp server priority 1 10.10.10.2.3 key-id 55 sntp server priority 2 fe80::200:24ff:fec8:4ca8 4 key-id 55

In this example, the include-credentials command has not been executed and is not present in the configuration file. The configuration file is subsequently saved to a TFTP server for later use. The SNTP authentication information is not saved and is not present in the retrieved configuration files, as shown in the following example.

58 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 59

Retrieved configuration file when include credentials is not configured

switch(config) # copy tftp startup-config 10.2.3.44 config1 Switch reboots ... Startup configuration timesync sntp sntp broadcast sntp 50 sntp server priority 1 10.10.10.2.3 sntp server priority 2 fe80::200:24ff:fec8:4ca8 4

IMPORTANT: The SNTP authentication line and the Key-ids are not displayed. Reconfigure SNTP authentication.

If include-credentials is configured, the SNTP authentication configuration is saved in the configuration file. When the show config command is entered, all of the information that has been configured for SNTP authentication displays, including the key-values.

Figure 4: Saved SNTP Authentication information when include-credentials is configured

Configuring the key-identifier, authentication mode, and key-value

Configures the key-id, authentication-mode, and key-value, which are required for authentication. It is executed in the global configuration context.

At least one key-id must be configured as trusted, and it must be associated with one of the SNTP servers. To edit or remove the associated key-id information or SNTP server information, SNTP authentication must be disabled.

A numeric key identifier in the range of 1-4,294,967,295 (232) that identifies the unique key value. It is sent in the SNTP packet.

The secret key that is used to generate the message digest. Up to 32 characters are allowed for key-string .

sntp authentication

Syntax

sntp authentication key-id <KEY-ID> authentication-mode md5 key-value <key-string> trusted [encrypted-key <key-string>]

Description

Chapter 2 Time synchronization 59

Page 60

Configures a key-id, authentication-mode (MD5 only), and key-value, which are required for authentication.

Parameters and options

KEY-ID

A numeric key identifier in the range of 1-4,294,967,295 (232) that identifies the unique key value. It is sent in the SNTP packet.

key-value <KEY-STRING>

The secret key that is used to generate the message digest. Up to 32 characters are allowed for keystring .

Disabling key-id sntp authentication key-id

Syntax

no sntp authentication key-id <KEY-ID>

Description

The no version of the command deletes the authentication key.

Default: No default keys are configured on the switch.

Setting parameters for SNTP authentication

switch# sntp authentication key-id 55 authentication-mode md5 key-value secretkey1

Configuring a key-id as trusted

Trusted keys are used during the authentication process. You can configure the switch with up to eight sets of key-id/key-value pairs. Select one, specific set for authentication; this is done by configuring the set as trusted. The key-id itself must already be configured on the switch. To enable authentication, at least one key-id must be configured as trusted.

• Trusted keys are used in SNTP authentication.

• If the packet contains key-id value information that is not configured on the SNTP client switch, or if the received packet contains no authentication information, it is discarded. The SNTP client switch expects packets to be authenticated if SNTP authentication is enabled.

• When authentication succeeds, the time in the packet is used to update the time on the switch.

• In unicast mode: The trusted key is associated with a specific NTP/SNTP server, and configured on the switch so that the SNTP client communicates with the server to get the date and time. The key is used for authenticating the SNTP packet.

• In : The SNTP client switch checks the size of the received packet to determine if it is authenticated. If the broadcast packet is authenticated, the key-id value is checked to see if the same key-id value is configured on the SNTP client switch. If the switch is configured with the same key-id value, and the key-id value is configured as "trusted," the authentication succeeds. Only trusted key-id value information is used for SNTP authentication.

60 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 61

sntp authentication key-id trusted

Syntax

[no] sntp authentication key-id <KEY-ID> trusted

Description

Parameters and options

The no version of the command indicates the key is unreliable (not trusted).

Default: No key is trusted by default.

key-id <KEY-ID>

trusted

To enable authentication, configure at least one key-id as trusted.

Associating a key with an SNTP server

sntp server

Syntax

[no] sntp server priority <1-3> <IP-ADDRESS> <VERSION-NUM> <KEY-ID> <1-4,294,967,295>

Description

Configures a key-id to be associated with a specific server. The key itself must be configured on the switch.

The no version of the command disassociates the key from the server. This does not remove the authentication key.

Default: No key is associated with any server by default.

Parameters and options

priority <1-3>

Specifies the order in which the configured servers are polled for getting the time.

<IP-ADDRESS>

The IP address of the server. Supports IPv4 or IPv6.

version-num

<KEY-ID>

Optional command. The key identifier sent in the SNTP packet. This key-id is associated with the SNTP server specified in the command.

Chapter 2 Time synchronization 61

Page 62

Associating a key-id with a specific server

switch(config)# sntp server priority 1 10.10.19.5 2 key-id 55

sntp server priority

Syntax

[no] sntp server priority 1–3 [<IP-ADDRESS>]<VERSION-NUM>[<KEY-ID> <1–4,294,967,295>]

Description

Configures a key to be associated with a specific server. The key itself must already be configured on the switch. Default: No key is associated with any server by default.

Parameters and options

Disassociates the key from the server. This does not remove the authentication key.

priority

Specifies the order in which the configured servers are polled for getting the time.

version-num

key-id

Optional command. The key identifier sent in the SNTP packet. This key-id is associated with the SNTP server specified in the command.

Associating a key-id with a specific server

switch# sntp server priority 1 10.10.19.5 2 key-id 55

Enabling and disabling SNTP client authentication

The sntp authentication command enables SNTP client authentication on the switch. If SNTP authentication is not enabled, SNTP packets are not authenticated.

sntp authentication

Syntax

[no] sntp authentication

Description

Enables the SNTP client authentication. SNTP client authentication defaults to disabled.:

Parameters and options

Disables authentication.

Viewing SNTP authentication configuration information

62 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 63

show sntp

Syntax

show sntp authentication

Description

The show sntp command displays SNTP configuration information, including any SNTP authentication keys that have been configured on the switch.

show sntp authentication

To display all the SNTP authentication keys that have been configured on the switch, enter the show sntp authentication command.

switch(config) # show sntp authentication SNTP Authentication Information SNTP Authentication: Enabled Key-ID Auth Mode Trusted

------- ----------- -------

55 MD5 YES 10 MD5 NO

Show SNTP authentication command output

switch(config)# show sntp authentication

SNTP Authentication Information

SNTP Authentication : Enabled

Key-ID Auth Mode Trusted

------- ---------- --------

55 MD5 Yes 10 MD5 No

Viewing all SNTP authentication keys that have been configured on the switch

SNTP configuration information

switch(config)# show sntp

SNTP Configuration

SNTP Authentication : Enabled Time Sync Mode: Sntp SNTP Mode : Unicast Poll Interval (sec) [720] : 720

Priority SNTP Server Address Protocol Version KeyId

-------- --------------------------------------- ---------------- -----

1 10.10.10.2 3 55 2 fe80::200:24ff:fec8:4ca8 3 55

SNTP Statistics command output

To display the statistical information for each SNTP server, enter the sntp statistics command. The number of SNTP packets that have failed autherntication is displayed for each SNTP server address.

Chapter 2 Time synchronization 63

Page 64

switch(config) # show sntp statistics SNTP statistics Received Packets: 0 Sent Packets: 3 Dropped Packets: 0

SNTP Server Address Auth Failed Pkts

------------------- ----------------

10.10.10.1 0

fe80::200:24ff:fec8:4ca8 0

The show sntp command displays SNTP configuration information, including any SNTP authentication keys that have been configured on the switch.

SNTP configuration information

switch# show sntp

SNTP Configuration

SNTP Authentication : Enabled Time Sync Mode: Sntp SNTP Mode : Unicast Poll Interval (sec) [720] : 720

Priority SNTP Server Address Protocol Version KeyId

-------- --------------------------------------- ---------------- -----

1 10.10.10.2 3 55 2 fe80::200:24ff:fec8:4ca8 3 55

show sntp authentication command output

To display all the SNTP authentication keys that have been configured on the switch, enter the show sntp authentication command.

switch(config) # show sntp authentication SNTP Authentication Information SNTP Authentication: Enabled Key-ID Auth Mode Trusted

------- ----------- -------

55 MD5 YES 10 MD5 NO

Displays all SNTP authentication keys configured on the switch.

switch(config) # show sntp authentication SNTP Authentication Information SNTP Authentication: Enabled

Key-ID Auth Mode Trusted

------- ----------- -------

55 MD5 YES 10 MD5 NO

Viewing statistical information for each SNTP server

To display the statistical information for each SNTP server, enter the show sntp statistics command.

The number of SNTP packets that have failed authentication is displayed for each SNTP server address.

64 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 65

show sntp statistics

switch(config)# show sntp statistics SNTP Statistics

Received Packets : 0 Sent Packets : 3 Dropped Packets : 0

SNTP Server Address Auth Failed Pkts

--------------------------------------- ----------------

10.10.10.1 0

fe80::200:24ff:fec8:4ca8 0

To display the statistical information for each SNTP server, enter the show sntp statistics command.

show sntp statistics

Syntax

show sntp statistics

Description

Shows the number of SNTP packets that have failed authentication for each SNTP server address.

SNTP authentication statistical information

Shows the statistical information for each SNTP server. The number of SNTP packets that have failed authentication is displayed for each SNTP server address.

switch(config) # show sntp statistics SNTP statistics Received Packets: 0 Sent Packets: 3 Dropped Packets: 0 SNTP Server Address Auth Failed Pkts

------------------- ----------------

10.10.10.1 0

fe80::200:24ff:fec8:4ca8 0

switch# show sntp statistics SNTP Statistics

Received Packets : 0 Sent Packets : 3 Dropped Packets : 0

SNTP Server Address Auth Failed Pkts

--------------------------------------- ----------------

10.10.10.1 0

fe80::200:24ff:fec8:4ca8 0

SNTP messages in the event log

If an SNTP time change of more than three seconds occurs, the switch's Event Log records the change. SNTP time changes of less than three seconds do not appear in the Event Log.

Chapter 2 Time synchronization 65

Page 66

Storing security information in the running-config file

Enter the include-credentials command.

The TimeP Protocol

Enabling TimeP as the time protocol means configuring it for either DHCP or manual mode.

To run TimeP as the time synchronization protocol, you must also select TimeP as the time synchronization method by using the CLI timesync command or the menu interface Time Sync Method parameter.

Procedure

1. To view the current time synchronization, enter show timep.

2. Use the timesync command to set TimeP as the time synchronization mode:

timesync timep

3. Use the ip timep command to enable timep for dhcp or manual mode:

ip timep dhcp|manual

4. View the SNTP configuration again to verify the configuration.

Enabling TimeP mode

Enabling the TimeP mode configures it for either broadcast or unicast. Run TimeP as the switch's time synchronization protocol and select TimeP as the time synchronization method by using the CLI timesync command (or the menu interface Time Sync Method parameter).

Procedure

1. View the current time synchronization using show sntp.

2. Set TimeP as the synchronization mode using timesync sntp.

3. Enable TimeP for DHCP mode using sntp broadcast.

4. View the TimeP configuration using show sntp.

Figure 5: Enabling TimeP operation in DHCP mode

66 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 67

timesync timep

Syntax

timesync timep

Description

Selects TimeP as the time synchronization method.

TimeP in DHCP mode

Because the switch provides a TimeP polling interval (default: 720 minutes), you need the page 67 and ip timep commands only, for a minimal TimeP DHCP configuration.

ip timep dhcp

Syntax

ip timep dhcp

Description

Configuring TimeP for DHCP operation

switch# show timep

Timep Configuration

Time Sync Mode: Sntp TimeP Mode : Disabled Poll Interval (min) [720] : 720

switch# timesync timep

switch# ip timep dhcp

switch# show timep

timesync timep on

Timep Configuration Time Sync Mode: Timep TimeP Mode : DHCP Poll Interval (min): 720

Enabling TimeP for DHCP

Suppose time synchronization is configured for SNTP. Following this example to enable TimeP for DHCP.

Procedure

1. View the current time synchronization.

2. show timep displays the TimeP configuration and also shows that SNTP is the currently active time

synchronization mode.

3. Select TimeP as the time synchronization mode.

4. Enable TimeP for DHCP mode.

5. View the TimeP configuration.

Chapter 2 Time synchronization 67

Page 68

6. show timep again displays the TimeP configuration and shows that TimeP is now the currently active time synchronization mode.

switch(config)# show timep

Timep Configuration

Time Sync Mode: Sntp TimeP Mode : Disabled Poll Interval (min) [720] : 720

switch(config)# timesync timep

switch(config)# ip timep dhcp

switch(config)# show timep

Timep Configuration Time Sync Mode: Timep TimeP Mode : DHCP Poll Interval (min): 720

TimeP operation in manual mode

As with DHCP mode, configuring timep for Manual Mode enables timep; but for manual operation, you must also specify the IP address of the timep server. (The switch allows only one timep server.)

timesync timep

Syntax

timesync timep

Description

Activates TimeP in manual mode with a specified TimeP server. By default, SNTP traffic goes through the data ports.

ip timep

Syntax

ip timep manual<IP-ADDR>

Description

Activate TimeP in manual mode with a specified TimeP server. (By default, SNTP traffic goes through the data ports.)

Parameters and options

manual

<IP-ADDR>

Enabling TimeP in manual mode

Select TimeP and configure it for manual operation using a TimeP server address of 10.28.227.141, and the default poll interval (720 minutes, assuming the TimeP poll interval is already set to the default).

68 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 69

Procedure

1. Select TimeP:

switch(config)# timesync timep

2. Activate TimeP in manual mode:

switch(config)# ip timep manual 10.28.227.141

3. Review the TimeP status:

switch(config)# show timep

show timep output

switch(config)# show timep Timep Configuration

Time Sync Mode: Timep TimeP Mode : Manual Server Address : 10.28.227.141 Poll Interval (min) : 720

Current TimeP configuration

Using different show commands, you can display either the full TimeP configuration or a combined listing of all TimeP, SNTP, and VLAN IP addresses configured on the switch.

show timep

Syntax

show timep

Description

Lists both the time synchronization method (TimeP, SNTP, or None) and the TimeP configuration, even if SNTP is not the selected time protocol. (If the TimeP Mode is set to Disabled or DHCP, the Server field does not appear.)

TimeP configuration when TimeP is the selected Time synchronization method

If you configure the switch with TimeP as the time synchronization method, then enable TimeP in DHCP mode with the default poll interval, show timep lists the following:

switch(config)# show timep

Timep Configuration

Time Sync Mode: Timep TimeP Mode [Disabled] : DHCP Server Address : 10.10.28.103 Poll Interval (min) [720] : 720

TimeP configuration when TimeP is not the selected time synchronization method

If SNTP is the selected time synchronization method, show timep still lists the TimeP configuration even though it is not currently in use. Even though, in this example, SNTP is the current time synchronization method, the switch maintains the TimeP configuration.

switch(config)# show timep

Timep Configuration

Chapter 2 Time synchronization 69

Page 70

Time Sync Mode: Sntp TimeP Mode [Disabled] : Manual Server Address : 10.10.28.100 Poll Interval (min) [720] : 720

show management

Syntax

show management

Description

Examine and compare the IP addressing on the switch. It lists the IP addresses for all time servers configured on the switch plus the IP addresses and default gateway for all VLANs configured on the switch.

Show IP addressing for all configured time servers and VLAN

switch(config)# show management

Status and Counters - Management Address Information

Time Server Address : 10.10.28.100

Priority SNTP Server Address Protocol Version

-------- ---------------------------------------------- ----------------

1 10.10..28.101 3 2 10.255.5.24 3 3 fe80::123%vlan10 3

Default Gateway : 10.0.9.80

VLAN Name MAC Address | IP Address

------------ ------------------- + -------------------

DEFAULT_VLAN 001279-88a100 | 10.30.248.184 VLAN10 001279-88a100 | 10.0.10.17

Change from one TimeP server to another

To change from one TimeP server to a different server, use the no ip timep command to disable TimeP mode then reconfigure TimeP in manual mode with the new server IP address.

TimeP poll interval

ip timep

Syntax

ip timep [dhcp|manual] interval [1–9999]

Description

Specifies how long the switch waits between time polling intervals. The default is 720 minutes and the range is 1 to 9999 minutes. (This parameter is separate from the poll interval parameter used for SNTP operation.)

Disable time synchronization protocols

Disabling TimeP in manual mode

70 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 71

no ip timep

Syntax

[no] ip timep

Description

Disables TimeP.

Parameters and options

To change from one TimeP server to another, you must use the no ip timep command to disable TimeP mode, the reconfigure TimeP in manual mode with the new server IP address.

Disabling time synchronization

Either of these methods can be used to disable time synchronization without changing the Timep or SNTP configuration.

no timesync

Syntax

[no] timesync

Description

Disables time synchronization by changing the Time Sync Mode configuration to Disabled. This halts time synchronization without changing your TimeP configuration.The recommended method for disabling time synchronization is to use the timesync command.

TimeP with time synchronization disabled

Suppose TimeP is running as the switch's time synchronization protocol, with DHCP as the TimeP mode, and the factory-default polling interval. You would halt time synchronization with this command:

switch(config)# no timesync

If you then viewed the TimeP configuration, you would see the following:

switch(config)# show timep

Timep Configuration Time Sync Mode: Disabled TimeP Mode : DHCP Poll Interval (min): 720

Disabling timsync using the GUI

Procedure

1. Set the Time Synch Method parameter to None.

2. Press [Enter], then [S] (for Save.)

Disabling the TimeP mode

Chapter 2 Time synchronization 71

Page 72

no ip timep

Syntax

no ip timep

Description

Disables TimeP by changing the TimeP mode configuration to Disabled and prevents the switch from using it as the time synchronization protocol, even if it is the selected Time Sync Method option.

Disabling time synchronization by disabling the TimeP mode parameter

If the switch is running TimeP in DHCP mode, no ip timep changes the TimeP configuration as shown below and disables time synchronization. Even though the TimeSync mode is set to TimeP, time synchronization is disabled because no ip timep has disabled the TimeP mode parameter.

switch(config)# no ip timep

switch(config)# show timep

Timep Configuration Time Sync Mode: Timep TimeP Mode : Disabled

Disabling time synchronization without changing the SNTP configuration

timesync

Syntax

[no] timesync

Description

Recommended method for disabling time synchronization. Halts time synchronization without changing your SNTP configuration.

Halt time synchronization

Suppose SNTP is running as the switch's time synchronization protocol, with broadcast as the SNTP mode and the factory-default polling interval. You would halt time synchronization with this command:

switch(config)# no timesync

If you then viewed the SNTP configuration, you would see the following:

SNTP with time synchronization disabled

switch(config)# show sntp SNTP Configuration SNTP Authentication : Disabled Time Sync Mode: Sntp SNTP Mode : Unicast Poll Interval (sec) [720] : 720

72 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 73

Disabling SNTP mode

Procedure

1. To view the current time synchronization, enter show sntp.

2. Use the sntp command to disable sntp mode:

no sntp

3. View the SNTP configuration again to verify the configuration.

Disabling SNTP Mode

If you want to prevent the SNTP from being used even if it is selected by timesync (or the Menu interface's Time Sync Method parameter), configure the SNTP mode as disabled.

no sntp

Syntax

[no] sntp

Description

Disables SNTP by changing the SNTP mode configuration to Disabled.

Disabling time synchronization by disabling the SNTP mode

If the switch is running SNTP in unicast mode with an SNTP server at 10.28.227.141 and a server version of 3 (the default), no sntp changes the SNTP configuration as shown below and disables time synchronization on the switch.

switch(config)# no sntp switch(config)# show sntp

SNTP Configuration SNTP Authentication : Disabled Time Sync Mode: SNTP SNTP Mode : disabled Poll Interval (sec) [720] : 719 Source IP Selection: Outgoing Interface

Priority SNTP Server Address Version Key-id

-------- --------------------------------------- ------- ----------

1 2001:db8::215:60ff:fe79:8980 7 0 2 10.255.5.24 3 0

Deleting an SNTP server

Syntax

[no] sntp server priority <PRIORITY> <IP-ADDRESS>

Description

Deletes the specified SNTP server.

Chapter 2 Time synchronization 73

Page 74

IMPORTANT: Deleting an SNTP server when only one server is configured disables SNTP unicast operation.

Disabling SNTP by deleting a server sntp server priority

Syntax

[no] sntp server priority <PRIORITY> <IP-ADDRESS> version key-id <KEY_ID>

Description

Disabling SNTP by deleting the specified SNTP server. Uses the no version of the command to disable SNTP.

Disabling time synchronization in DHCP mode by disabling the TimeP mode parameter

The [no] ip timep command changes the TimeP configuration for both DHCP and manual modes, as shown below, and disables time synchronization. Even though the TimeSync mode is set to TimeP, time synchronization is disabled because the no ip timep command has disabled the TimeP mode parameter.

ip timep

Syntax

[no] ip timep

Description

To change from one TimeP server to another, you must use the no ip timep command to disable TimeP mode, then reconfigure TimeP in manual mode with the new server IP address.

Disabling TimeP in manual mode

Timep Configuration

Time Sync Mode: Sntp TimeP Mode : Disabled Poll Interval (min) [720] : 720

switch# timesync timep

switch# ip timep manual

switch# show timep

Timep Configuration Time Sync Mode: Timep TimeP Mode : DHCP Poll Interval (min): 720

Disabling TimeP in DHCP mode

switch# no ip timep

switch# show timep

74 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 75

Timep Configuration Time Sync Mode: Timep TimeP Mode : Disabled

Other time protocol commands

Features that apply to both SNTP and TimeP protocols.

Show management command

show management

Syntax

show management

Description

This command shows the switch addresses available for management, and the time server if the switch uses one. It can help you to easily examine and compare the IP addressing on the switch. It lists the IP addresses for all time servers configured on the switch, plus the IP addresses and default gateway for all VLANs configured on the switch.

Display showing IP addressing for all configured time servers and VLANs

switch(config)# show management Status and Counters - Management Address Information

Time Server Address : 10.10.28.100

Priority SNTP Server Address Protocol Version

-------- ------------------- ----------------

1 10.10.28.101 3 2 10.255.5.24 3

Default Gateway : 10.0.9.80

VLAN Name MAC Address | IP Address

------------ -------------- + --------------

DEFAULT_VLAN 001871-c42f00 | 10.30.248.184 VLAN10 001871-c42f00 | 10.0.10.17

Internet (IPv6) Service

Interface Name : DEFAULT_VLAN IPv6 Status : Disabled

Interface Name : VLAN10 IPv6 Status : Disabled

Show SNTP command

In the factory-default configuration (where TimeP is the selected time synchronization method), show sntp still lists the SNTP configuration, even though it is not currently in use.

show sntp

Syntax

Chapter 2 Time synchronization 75

Page 76

show sntp [authentication|statistics]

Description

Shows configured time protocol and servers. Lists both the time synchronization method (TimeP, SNTP, or None) and the SNTP configuration, even if SNTP is not the selected time protocol. Configure the switch with SNTP as the time synchronization method, and then enable SNTP in broadcast mode with the default poll interval, show sntp.

Parameters and options

Authentication

Displays all the configured SNTP authentication information.

Statistics

Displays SNTP protocol statistics.

Figure 6: SNTP configuration when SNTP is not the selected time synchronization method

show sntp authentication command with authentication disabled

To display all the SNTP authentication keys that have been configured on the switch, enter the show sntp authentication command.

switch(config) # show sntp authentication SNTP Authentication Information SNTP Authentication: Enabled

Key-ID Auth Mode Trusted

------- ----------- -------

55 MD5 YES 10 MD5 NO

To display the statistical information for each SNTP server, enter the sntp statistics command. The number of SNTP packets that have failed authentication is displayed for each SNTP server address.

switch(config) # show sntp statistics SNTP statistics Received Packets: 0 Sent Packets: 3 Dropped Packets: 0 SNTP Server Address Auth Failed Pkts

76 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 77

------------------- ----------------

10.10.10.1 0

fe80::200:24ff:fec8:4ca8 0

Show TimeP command

Using different show commands, you can display either the full TimeP configuration or a combined listing of all TimeP, SNTP, and VLAN IP addresses configured on the switch.

show

Syntax

show timep | management

Description

Displays the timep and management information for the switch.

Parameters and options

timep

management

Helps you to easily examine and compare the IP addressing on the switch. It lists the IP addresses for all time servers configured on the switch plus the IP addresses and default gateway for all VLANs configured on the switch.

TimeP configuration when TimeP is the selected Time synchronization method

If you configure the switch with TimeP as the time synchronization method, then enable TimeP in DHCP mode with the default poll interval, show timep lists the following:

switch# show timep

Timep Configuration

Time Sync Mode: Timep TimeP Mode [Disabled] : DHCP Server Address : 10.10.28.103 Poll Interval (min) [720] : 720

TimeP configuration when TimeP is not the selected time synchronization method

switch# show timep

Timep Configuration

Time Sync Mode: Sntp TimeP Mode [Disabled] : Manual Server Address : 10.10.28.100 Poll Interval (min) [720] : 720

Chapter 2 Time synchronization 77

Page 78

Display showing IP addressing for all configured time servers and VLANs

switch# show management

Status and Counters - Management Address Information

Time Server Address : 10.10.28.100

Priority SNTP Server Address Protocol Version

-------- ---------------------------------------------- ----------------

1 10.10..28.101 3 2 10.255.5.24 3 3 fe80::123%vlan10 3

Default Gateway : 10.0.9.80

VLAN Name MAC Address | IP Address

------------ ------------------- + -------------------

DEFAULT_VLAN 001279-88a100 | 10.30.248.184 VLAN10 001279-88a100 | 10.0.10.17

78 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 79

Chapter 3

Resource usage

Viewing current resource usage

showquos

Syntax

showqos|access-list|policyresources

Description

Displays the resource usage of the policy enforcement engine on the switch by software feature. For each type of resource, the amount still available and the amount used by each software feature is shown.

Parameters and options

show resources

This output allows you to view current resource usage and, if necessary, prioritize and reconfigure software features to free resources reserved for less important features.

qos|access-list|openflow|policy

Display the same command output and provide different ways to access task-specific information. See the

OpenFlow administrators guide.

Unavailable resources

The resource usage on a switch configured for ACLs, QoS, RADIUS-based authentication, and other features:

• The "Rules Used" columns show that ACLs, VT, mirroring, and other features (for example, Management VLAN) have been configured globally or per-VLAN, because identical resource consumption is displayed for each port range in the switch. If ACLs were configured per-port, the number of rules used in each port range would be different.

• The switch is also configured for VT and is either blocking or throttling routed traffic with a high rate-ofconnection requests.

Chapter 3 Resource usage 79

Page 80

• Varying ICMP rate-limiting configurations on ports 1 to 24, on ports 25 to 48, and on slot A, have resulted in different meter usage and different rule usage listed under QoS. Global QoS settings would otherwise result in identical resource consumption on each port range in the switch.

• There is authenticated client usage of IDM resources on ports 25 to 48.

Figure 7: Viewing current QoS resource usage on a series 3500yl switch

Viewing information on resource usage

Cause

The switch allows you to view information about the current usage and availability of resources in the Policy Enforcement engine, including the following software features:

• Access control lists (ACL)

• Quality-of-service (QoS), including device and application port priority, ICMP rate-limiting, and QoS policies

• Dynamic assignment of per-port or per-user ACLs and QoS through RADIUS authentication designated as “IDM”

• Virus throttling (VT) using connection-rate filtering

• Mirroring policies, including switch configuration as an endpoint for remote intelligent mirroring

• Other features, including:

80 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 81

◦ Management VLAN

◦ DHCP snooping

◦ Dynamic ARP protection

◦ Jumbo IP-MTU

When insufficient resources are available

Cause

The switch has ample resources for configuring features and supporting:

• RADIUS-authenticated clients (with or without the optional IDMapplication)

• VT and blocking on individual clients.

NOTE: Virus throttling does not operate on IPv6 traffic.

If the resources supporting these features become fully subscribed:

• The current feature configuration, RADIUS-authenticated client sessions, and VT instances continue to operate normally.

• The switch generates an event log notice to say that current resources are fully subscribed.

• Currently engaged resources must be released before any of the following actions are supported:

◦ Modifying currently configured ACLs, IDM, VT, and other software features, such as Management VLAN,

DHCP snooping, and dynamic ARP protection.

You can modify currently configured classifier-base QoS and mirroring policies if a policy has not been applied to an interface. However, sufficient resources must be available when you apply a configured policy to an interface.

◦ Acceptance of new RADIUS-based client authentication requests (displayed as a new resource entry for

IDM.)

Failure to authenticate a client that presents valid credentials may indicate that insufficient resources are available for the features configured for the client in the RADIUS server. To troubleshoot, check the event log.

◦ Throttling or blocking of newly detected clients with high rate-of-connection requests (as defined by the

current VT configuration.)

The switch continues to generate Event Log notifications (and SNMP trap notification, if configured) for new instances of high-connection-rate behavior detected by the VT feature.

Policy enforcement engine

Cause

The policy enforcement engine is the hardware element in the switch that manages QoS, mirroring, and ACL policies, as well as other software features, using the rules that you configure. Resource usage in the policy enforcement engine is based on how these features are configured on the switch:

• Resource usage by dynamic port ACLs and VT is determined as follows:

Chapter 3 Resource usage 81

Page 82

◦ Dynamic port ACLs configured by a RADIUS server for an authenticated client determine the current

resource consumption for this feature on a specified slot. When a client session ends, the resources in use for that client become available for other uses.

◦ A VT configuration (connection-rate filtering) on the switch does not affect switch resources unless traffic

behavior has triggered either a throttling or blocking action on the traffic from one or more clients. When the throttling action ceases or a blocked client is unblocked, the resources used for that action are released.

• When the following features are configured globally or per-VLAN, resource usage is applied across all port groups or all slots with installed modules:

◦ ACLs

◦ QoS configurations that use the following commands:

– QoS device priority (IP address) through the CLI using the qos device-priority command

– QoS application port through the CLI using qos tcp-port or qos udp-port

– VLAN QoS policies through the CLI using service-policy

◦ Management VLAN configuration

◦ DHCP snooping

◦ Dynamic ARP protection

◦ Remote mirroring endpoint configuration

◦ Mirror policies per VLAN through the CLI using monitor service

◦ Jumbo IP-MTU

• When the following features are configured per-port, resource usage is applied only to the slot or port group on which the feature is configured:

◦ ACLs or QoS applied per-port or per-user through RADIUS authentication

◦ ACLs applied per-port through the CLI using the ip access-group or ipv6 traffic-filter

commands

◦ QoS policies applied per port through the CLI using the service-policycommand

◦ Mirror policies applied per-port through the CLI using the monitor all service and service-

policycommands

◦ ICMP rate-limiting through the CLI using the rate-limit icmpcommand

◦ VT applied to any port (when a high-connection-rate client is being throttled or blocked)

Usage notes for show resources output

Cause

• A 1:1 mapping of internal rules to configured policies in the switch does not necessarily exist. As a result, displaying current resource usage is the most reliable method for keeping track of available resources. Also, because some internal resources are used by multiple features, deleting a feature configuration may not increase the amount of available resources.

• Resource usage includes resources actually in use or reserved for future use by the listed features.

• "Internal dedicated-purpose resources" include the following features:

82 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 83

◦ Per-port ingress and egress rate limiting through the CLI using rate-limit in/out

◦ Per-port ingress and egress broadcast rate limiting through the CLI using rate-limit bcast/mcast

◦ Per-port or per-VLAN priority or DSCP through the CLI using qos priority or qos dscp

◦ Per protocol priority through the CLI using qos protocol

• For chassis products (for example, the 5400zl or 8212zl switches), 'slots' are listed instead of 'ports,' with resources shown for all installed modules on the chassis.

• The "Available" columns display the resources available for additional feature use.

• The "IDM" column shows the resources used for RADIUS-based authentication.

• "Meters" are used when applying either ICMP rate-limiting or a QoS policy with a rate-limit class action.

Chapter 3 Resource usage 83

Page 84

Chapter 4

Hardware components

Services

The services command requires a slot-name parameter followed by an option. Options permitted in this command depend on the context (operator, manager, or configure).

Show services

Syntax

show services <SLOT-ID>[details | device]

Description

Show services modules information.

Parameters

Slot-id

Show services modules information

Options

<SLOT-ID> details

Display application information for the specified slot.

<SLOT-ID> device

Display the current configuration of the devices.

Show services

switch# show services

Installed Services Slot Index Description Name

------ -------------------------------- ------------------

H,L 1. Services zl Module services-module L 2. HP ProCurve MSM765 zl Int-Ctlr msm765-applicati H 3. Threat Management Services zl Module tms-module

No parameters

This no parameters command lists only installed modules which have applications running that provide a passthrough CLI feature.

show services

Syntax

show services

Description

84 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 85

Show services of only installed modules.

Show services

switch# show services

Installed Services

Slot Index Description Name H,L 1. Services zl Module services-module L 2. HP ProCurve MSM765 zl Int-Ctlr msm765-applicati H 3.Threat Management Services zl Module tms-module

Show services locator

Syntax

show services <SLOT-ID>[details | device]

Description

Show services information.

Parameters

details

Display application information for the specified slot.

device

Display the current configuration of the devices.

Options

Slot-id

Display summary table for the specified slot.

Show services f

switch# show services f Status and Counters - Services Module F Status HPE Services zl Module J9840A Versions : Current status : running For more information, use the show commands in services context

Show servers f details

switch# show services f details Status and Counters - Services Module F Status HPE Services zl Module J9840A Versions : Current status : running

Description Version Status

------------------------------------------ ------------------- ---------

Chapter 4 Hardware components 85

Page 86

Services zl Module hardware HPE MSM775 zl Premium Controller J9840A installed

For more information, use the show commands in services context

Show services f status

Status and Counters - Services Module F Status HPE Services zl Module J9840A Versions : Current status : running Description Version Status

------------------------------------------ ------------------- ---------

Services zl Module hardware HPE Adv Services v2 zl Module w/ HDD J9857A installed

For more information, use the show commands in services context

Show services device

Adding the keyword “device” displays information about whether certain external devices are enabled or disabled. This command is equivalent to the “services <slot> device” command with no additional parameters.

show services device

Syntax

show services slot-id device

Description

• USB port (x86–side) May be one of:

◦ “disabled” (normal state)

◦ “enabled” – enabled once the x86 boots into the OS, but disabled before OS boot to prevent inadvertently

booting to an inserted USB key.

◦ “boot” – enabled all the time, both for and after x86 OS boot.

• ShutdownFront-panel shutdown/reset button:

◦ “enabled” – default state

◦ “disabled” – for increased physical security

• PXE (PXE-boot)Not displayed for all modules.

Show services device

switch# show services d device Services Module Device Configuration Device | State

----------------|--------------------

USB | disabled Shutdown | enabled PXE | enabled

86 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 87

Requesting a reboot

Syntax

services <SLOT>boot[product|PXE|service|USB]

Description

This command requests a reboot (graceful shutdown and restart) of the x86.

Parameters

product

Boot to the Product OS.

PXE

Boot to the PXE or Product OS (if supported).

service

Boot to the Service OS.

USB

Boot to the USB or Product OS (if supported).

If no parameters are given, the switch attempts to boot to the same OS (product, service, or USB) that was enabled before the command was given. If the services <slot> boot product|usb command is given on a non-permitted module, one of the following error messages is returned:

Services b boot

switch# services b boot product Command not supported for the Services module in slot B.

switch# services b boot pxe Command not supported for the Services module in slot B.

switch# services b boot usb Command not supported for the Services module in slot B.

Services in Operator/Manager/Configure context

This top-level command requires a slot-name parameter followed by a subcommand. Permitted subcommands depend on one of the three contexts: operator, manager, or configure.

Services (operator)

Syntax

services <SLOT-ID>[<INDEX>| locator | name <NAME>]

Description

Displays applications installed and running for the services module in the Operator context.

Parameters

Chapter 4 Hardware components 87

Page 88

Integer

Index of the services CLI to access.

Locator

Control services module locator LED.

Name

Name of the services CLI to access.

Options

<SLOT-ID>

Device slot identifier for the services module.

<SLOT-ID> <INDEX>

Configure parameters for the installed application.

<SLOT-ID> locator

Controls services module locator LED.

<SLOT-ID> name <NAME>

Configure parameters for the installed application.

Services (manager)

Syntax

Description

Display applications installed and running for the services module or change the module's state (reload or shutdown).

Parameters

Boot

Reboot the services module.

Integer

Index of the services CLI to access.

Locator

Control services module locator LED.

Name

Name of the services CLI to access.

Reload

Reset the services module.

Serial

Connect to application via serial port.

Shutdown

Shutdown (halt) the services module.

Options

88 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 89

slot-id

Device slot identifier for the services module.

<slot-id> <index>

Configure parameters for the installed application.

<slot-id> boot

Reboot the services module.

<slot-id> locator

Controls services module locator LED.

<slot-id> name <name>

Configure parameters for the installed application.

<slot-id> reload

Reset the services module.

<slot-id> serial

Connect to services module via serial port.

<slot-id> shutdown

Shutdown (halt) the services module.

Services (configure)

Syntax

Description

Configure parameters for the services module or change the module's state (reload or shutdown).

Parameters and options

slot-id

Device slot identifier for the services module.

<SLOT-ID> <INDEX>

Configure parameters for the installed application.

<SLOT-ID> boot

Reboot the services module.

<SLOT-ID> locator

Controls services module locator LED.

<SLOT-ID> name<NAME>

Configure parameters for the installed application.

<SLOT-ID> reload

Reset the services module.

<SLOT-ID> serial

Connect to services module via serial port.

Chapter 4 Hardware components 89

Page 90

<SLOT-ID> shutdown

Shutdown (halt) the services module.

Enable or disable devices.

Enable or disable devices. This command must be run from the configure context.

no services

Syntax

no services <SLOT> device [PXE|shutdown|USB|CF]

Parameters

PXE

Enable or disable booting from PXE (if supported).

shutdown

Enable or disable the shutdown or reset button.

USB

Enable or Disable the USB after boot.

Enable or disable the Compact Flash or SD1 card.

Accessing CLI-passthrough

Accessing the CLI-passthrough feature on modules that support the feature. Feature can be reported by the show services command given with no additional parameters.

services

Syntax

services <SLOT>[<INDEX>|<NAME>]

Description

Parameters

ASCII-STR

Enter an ASCII string.

Show services

switch# show services

Installed Services

Slot Index Description Name H,L 1. Services zl Module services-module L 2. HPE ProCurve MSM765 zl Int-Ctlr msm765-applicati H 3. Threat Management Services zl Module tms-module

90 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 91

Show services set locator module

This command sets the Module Locator LED to either solid-on, off or slow-blink for a specified duration of time or to turn it off before the previously-specified time has passed. Options are permitted in this command for the Operator.

command name

Syntax

show services <SLOT>[blink <1–1440>|off|on]

Parameters

blink

Blink the locator LED. Default 30 mins. Range <1-1440>.

off

Turn the locate led off.

Turn the locate led on.

show services d

switch# show services d locator blink

Reloading services module

command name

Syntax

services <SLOT> reload

Description

Reloads the services module and is similar to the command services<slot> boot with no additional parameters given.

Connection to the application via a serial port

WARNING:

You are entering a mode on this product that is Hewlett Packard Enterprise Confidential and Proprietary. This mode, the commands and functionality specific to this mode, and all output from this mode are Hewlett Packard Enterprise Confidential and Proprietary. You may use this mode only by specific permission of, and under the direction of, an Hewlett Packard Enterprise support engineer or Hewlett Packard Enterprise technical engineer. Unauthorized or improper use of this mode will be considered by Hewlett Packard Enterprise to be unauthorized modification of the product, and any resulting defects or issues are not eligible for coverage under the Hewlett Packard Enterprise product warranty or any Hewlett Packard Enterprise support or service. UNAUTHORIZED OR IMPROPER USE OF THIS MODE CAN MAKE THE PRODUCT COMPLETELY INOPERABLE.

SvcOS login: <CTRL-Z>

Chapter 4 Hardware components 91

Page 92

command name

Syntax

services <SLOT>serial

Description

Starts a serial-passthrough session to the x86.

Shutdown the services module.

command name

Syntax

services <SLOT>shutdown

Description

Similar to services <slot>boot with no additional parameters given. This command is similar in that it attempts a graceful shutdown of the x86 except that this command does not restart the x86. If the gracefulshutdown attempt fails, no follow-up attempt is made to do a hard shutdown.

Transceiver status

The following information is displayed for each installed transceiver:

• Port number on which transceiver is installed.

• Type of transceiver.

• Product number — Includes revision letter, such as A, B, or C. If no revision letter follows a product number, this means that no revision is available for the transceiver.

• Part number — Allows you to determine the manufacturer for a specified transceiver and revision number.

Operating notes

• For a non- switches installed transceiver (see line 23 Figure 8: Example of show tech transceivers command on page 93), no transceiver type, product number, or part information is displayed. In the Serial

Number field, non-operational is displayed instead of a serial number.

• The following error messages may be displayed for a non-operational transceiver:

Unsupported Transceiver. (SelfTest Err#060)

◦

Check:

This switch only supports revision B and above transceivers.

◦

Check: http://www.hpe.com/rnd/device_help/2_inform for more info.

http://www.hpe.com/rnd/device_help/2_inform for more info.

Self test failure.

◦

◦ Transceiver type not supported in this port.

92 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 93

◦ Transceiver type not supported in this software version.

◦ Not a Switch Transceiver.

Go to:

http://www.hpe.com/rnd/device_help/2_inform for more info.

show interfaces transceivers

Syntax

show interfaces transceivers

Description

Figure 8: Example of show tech transceivers command on page 93 shows sample output from the show

tech transceivers command. The Part # column enables you to determine the manufacturer for a specified transceiver and revision number.

• Remotely identify transceiver type and revision number without having to physically remove an installed transceiver from its slot.

• Display real-timestatus information about all installed transceivers, including non-operational transceivers.

Figure 8: Example of show tech transceivers command

Configuring the type of a module

module type

Syntax

module <module-num> type <module-type>

Description

Allows you to configure the type of the module.

Chapter 4 Hardware components 93

Page 94

Clearing the module configuration

Syntax

no module <SLOT>

Description

Allows removal of the module configuration in the configuration file after the module has been removed. Enter an integer between 1 and 12 for slot.

• This command can be used to swap a module for a different type.

• This command will save the changes to both the running and startup configuration without a user issuing a ‘write memory’

Example

switch# no module 3

Configuring transceivers and modules that have not been inserted

Transceivers

Previously, a port had to be valid and verified for the switch to allow it to be configured. Transceivers are removable ports and considered invalid when not present in the switch, so they cannot be configured unless they are already in the switch. For switches, the verification for allowable port configurations performed by the CLI is removed and configuration of transceivers is allowed even if they are not yet inserted in the switch.

Modules

You can create or edit configuration files (as text files) that can be uploaded to the switch without the modules having been installed yet. Additionally, you can pre-configure the modules with the CLI module command.

The same module command used in an uploaded configuration file is used to define a module that is being preconfigured. The validation performed when issued through the CLI is still performed just as if the command was executed on the switch, in other words, as if the module were actually present in the switch.

NOTE:

You cannot use this method to change the configuration of a module that has already been configured. The slot must be empty and the configuration file must not have a configuration associated with it.

Clearing the module configuration

Because of the hot-swap capabilities of the modules, when a module is removed from the chassis, the module configuration remains in the configuration file. [no] module slot allows you to remove the module configuration information from the configuration file.

This does not change how hot-swap works.

94 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 95

Power consumption

NOTE: The show system power-supply detailed command is only supported on the 5400R

and 3810M switches.

show system power-supply

Syntax

show system power-supply [detailed | fahrenheit]

Description

Shows power supply information in either full detail or full detail in Fahrenheit only. Default temperature is displayed in degrees Celsius.

Command context

manager and operator

Parameters

detailed

Shows detailed switch power supply sensor information.

fahrenheit

Shows detailed switch power supply sensor information with temperatures in degrees Fahrenheit.

Usage

• The show system power-supply detailed command shows detailed information for the local power supplies only.

• The show system power-supply detailed command shows detailed information for power supplies in the powered state only.

Examples

Use of the command show system power-supply shows the power supply status for all active switches.

Switch# show system power-supply

Power Supply Status:

PS# Model Serial State AC/DC + V Wattage

---- --------- ------------ ----------------- -------------- ---------

1 J9828A IN30G4D009 Powered AC 120V/240V 700 2 J9828A IN30G4D00C Powered AC 120V/240V 700 3 Not Present -- --------- 0 4 J9830A IN43G4G05H Powered AC 120V/240V 2750

3 / 4 supply bays delivering power. Total power: 4150 W

Use of the command show system power-supply detailed shows the power supply status in detail for all active switches.

Chapter 4 Hardware components 95

Page 96

Switch# show system power-supply detailed

Status and Counters - Power Supply Detailed Information

PS# Model Serial State Status

--- ------- ----------- ------------ -------------------------------------

1 J9828A IN30G4D009 Powered AC Power Consumption : 44 Watts AC MAIN Voltage : 209 Volts Power Supplied : 31 Watts Power Capacity : 700 Watts Inlet Temp (C/F) : 27.0C/80.6F Internal Temp (C/F) : 30.5C/86.0F Fan 1 Speed : 1600 RPM (47%) Fan 2 Speed : 1600 RPM (47%)

2 J9828A IN30G4D00C Powered AC Power Consumption : 46 Watts AC MAIN Voltage : 209 Volts Power Supplied : 21 Watts Power Capacity : 700 Watts Inlet Temp (C/F) : 27.7C/80.6F Internal Temp (C/F) : 32.5C/89.6F Fan 1 Speed : 1600 RPM (47%) Fan 2 Speed : 1600 RPM (47%)

3 Not Present

4 J9830A IN43G4G05H Powered AC Power Consumption : 90 Watts AC MAIN/AUX Voltage : 210/118 Volts Power Supplied : 16 Watts Power Capacity : 2750 Watts Inlet Temp (C/F) : 30.9C/86.0F Internal Temp (C/F) : 65.6C/149.0F Fan 1 Speed : 2000 RPM (37%) Fan 2 Speed : 1950 RPM (36%)

3 / 4 supply bays delivering power. Currently supplying 68 W / 4150 W total power.

Use of the command show system power-supply fahrenheit shows the power supply status in Fahrenheit for all active switches.

Switch# show system power-supply detailed fahrenheit Power Supply Status: Mem PS# Model Serial State Status

--- --- ------- ----------- ------------ -----------------------------------

1 1 J9830A IN5BGZ81KZ Powered Power Consumption : 95 Watts AC MAIN/AUX Voltage : 118/208 Volts Inlet/Internal Temp : 85.6F/87.7F Fan 1 Speed (util) : 1650RPM (20%) Fan 2 Speed (util) : 1600RPM (19%)

1 2 J9829A IN5BGZ81KX Powered Power Consumption : 51 Watts AC Input Voltage : 208 Volts Inlet/Internal Temp : 85.6F/87.7F Fan 1 Speed (util) : 1650RPM (20%) Fan 2 Speed (util) : 1600RPM (19%)

1 3 J9828A IN5BGZ81KY Powered Power Consumption : 43 Watts AC Input Voltage : 119 Volts Inlet/Internal Temp : 85.6F/87.7F Fan 1 Speed (util) : 1650RPM (20%) Fan 2 Speed (util) : 1600RPM (19%)

96 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 97

1 4 Not Present

2 1 J9830A IN5BGZ81KZ Powered Power Consumption : 95 Watts AC MAIN/AUX Voltage : 118/208 Volts Inlet/Internal Temp : 85.6F/87.7F Fan 1 Speed (util) : 1650RPM (20%) Fan 2 Speed (util) : 1600RPM (19%)

2 2 J9829A IN5BGZ81KX Powered Power Consumption : 51 Watts AC Input Voltage : 208 Volts Inlet/Internal Temp : 85.6F/87.7F Fan 1 Speed (util) : 1650RPM (20%) Fan 2 Speed (util) : 1600RPM (19%)

2 3 J9828A IN5BGZ81KY Powered Power Consumption : 43 Watts AC Input Voltage : 119 Volts Inlet/Internal Temp : 85.6F/87.7F Fan 1 Speed (util) : 1650RPM (20%) Fan 2 Speed (util) : 1600RPM (19%) 2 4 Not Present

------------------------------------------------------------------------------

6 / 8 supply bays delivering power. Total Input Power: 378 Watts

Use of the command show system power-supply detailed shows the power supply status all active switches including a nonpowered J9830A PSU.

switch# show system power-supply detailed

Status and Counters - Power Supply Detailed Information

PS# Model Serial State Status

--- ------- ----------- ------------ -------------------------------------

3 Not Present

4 J9830A IN43G4G05H Aux Not Powered

2 / 4 supply bays delivering power. Currently supplying 68 W / 4150 W total power.

Use of the command show system power-supply shows the power supply status all active switches with power supply #2 showing permanent failure.

Chapter 4 Hardware components 97

Page 98

switch# show system power-supply

Power Supply Status:

PS# Model Serial State AC/DC + V Wattage

---- --------- ------------ ----------------- -------------- ---------

1 Not Present -- --------- 0 2 J9829A IN30G4D00C Permanent Failure AC 120V/240V 1100 3 J9829A IN30G4D00D Powered -- --------- 1100 4 J9829A IN43G4G05H Powered AC 120V/240V 1100

3 / 4 supply bays delivering power. Total power: 3300 W

Table 1: Field key for output of show system power-supply detailed

Field Description

AC Power Consumption

AC MAIN/AUX Voltage

Power Supplied Actual voltage being supplied from the power-supply to the switch for

Power Capacity The maximum power that the power-supply can provide to the switch.

Inlet Temp (C/F) The thermal sensor at the inlet of the power-supply - shown in both

Internal Temp (C/F)

Fan Speed Shows the current fan speed in RPM and the percent of total fan speed

Actual power consumed from AC input

Actual voltage measured on AC Input:

• Two voltages are displayed for PS#4, as the J9830A includes two AC input IEC connectors.

• Most power-supplies contain a single AC Input IEC connector and are labeled MAIN.

general power and PoE.

Celsius and Fahrenheit

The thermal sensor internal to the power-supply (will vary depending upon the model) - shown in both Celsius and Fahrenheit.

NOTE: There is no "Output Temperature Sensor" on either the 5400R or 3810M switches.

utilization. For PSUs that contain more than one fan, a separate line will be included for each.

Currently Supplying

A summary of the total power being supplied and the total capacity (same summary as seen on the command show system power- supply).

Fans

There are three fan types:

• Power supply fans

• Fan-tray fans

• Stacking switch fans

98 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08

Page 99

show system

Syntax

show system [chassislocate | information | temperature]

Description

Shows global system information and operational parameters for the switch.

Command context

manager and operator

Parameters

chassislocate

Shows the chassis locator LED status. Possible values are ON, Off, and Blink. When the status is On or Blink, the number of minutes that the Locator LED will continue to be on or to blink is displayed.

information

Displays global system information and operational parameters for the switch.

temperature

Shows system temperature and settings.

Usage

• To show system fans, see show system fans

• To show chassis power supply and settings, see show system power-supply

• To show system fans for VSF members, see show system fans vsf

Examples

Locating the system chassis by LED blink using the show system chassislocate command.

Showing the general switch system information by using the show system command.

Chapter 4 Hardware components 99

Page 100

show system fans

Syntax

show system fans

Description

Shows the state, status, and location of system fans.

Command context

manager and operator

Usage

Command can be executed using various command contexts. See examples for use of command context PoEP and VSF.

Examples

The state of all system fans is shown by using the command show system fans.

Switch# show system fans

Fan Information Num | State | Failures | Location

100 Aruba 3810 / 5400R Management and Configuration Guide for

ArubaOS-Switch 16.08