2. Computers & electronics
  3. Software
  4. Aruba
  5. ArubaOS-Switch
ArubaOS-Switch

Aruba ArubaOS-Switch, 2620 Installation guide

  • Hello! I am an AI chatbot trained to assist you with the Aruba ArubaOS-Switch Installation guide. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
HPE ArubaOS-Switch Management
and Configuration Guide for
RA.16.02
Part Number: 5200-1667a
Published: September 2016
Edition: 2
Copyright
©Copyright 2016 Hewlett Packard Enterprise Development LP
The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise
products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein
should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or
editorial errors or omissions contained herein.
Condential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or copying.
Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical
Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.
Acknowledgments
Microsoft®and Windows®are trademarks of the Microsoft group of companies.
Adobe®and Acrobat®are trademarks of Adobe Systems Incorporated.
Java and Oracle are registered trademarks of Oracle and/or its afliates.
Contents
Chapter 1 About this document........................................................................................23
Chapter 2 Time Protocols.................................................................................................24
General steps for running a time protocol on the switch.............................................................................24
TimeP time synchronization...............................................................................................................24
SNTP time synchronization................................................................................................................24
Selecting a time synchronization protocol.................................................................................................25
Disabling time synchronization................................................................................................................25
SNTP: Selecting and conguring.............................................................................................................25
Viewing and conguring SNTP (Menu)..............................................................................................26
Viewing and conguring SNTP (CLI).................................................................................................27
Conguring (enabling or disabling) the SNTP mode.......................................................................29
Enabling SNTP in Broadcast Mode..........................................................................................29
Enabling SNTP in unicast mode (CLI)......................................................................................30
Changing the SNTP poll interval (CLI).....................................................................................32
Changing the SNTP server priority (CLI)..................................................................................33
Disabling time synchronization without changing the SNTP conguration (CLI)........................33
Disabling the SNTP Mode.......................................................................................................33
SNTP client authentication.................................................................................................................34
Requirements...............................................................................................................................34
Conguring the key-identier, authentication mode, and key-value (CLI)........................................35
Conguring a trusted key..............................................................................................................35
Conguring a key-id as trusted (CLI).......................................................................................36
Associating a key with an SNTP server (CLI).................................................................................36
Enabling SNTP client authentication..............................................................................................37
Conguring unicast and broadcast mode for authentication.............................................................37
Viewing SNTP authentication conguration information (CLI).......................................................37
Viewing all SNTP authentication keys that have been congured on the switch (CLI)..................38
Viewing statistical information for each SNTP server (CLI).......................................................38
Saving conguration les and the include-credentials command......................................................38
TimeP: Selecting and conguring.............................................................................................................40
Viewing, enabling, and modifying the TimeP protocol (Menu)..............................................................41
Viewing the current TimeP conguration (CLI)...................................................................................42
Conguring (enabling or disabling) the TimeP mode......................................................................43
Enabling TimeP in manual mode (CLI).....................................................................................43
SNTP unicast time polling with multiple SNTP servers.............................................................................46
Displaying all SNTP server addresses congured on the switch (CLI)...................................................46
Adding and deleting SNTP server addresses........................................................................................47
Adding addresses..........................................................................................................................47
Deleting addresses........................................................................................................................47
Operating with multiple SNTP server addresses congured (Menu)............................................................48
SNTP messages in the Event Log.............................................................................................................48
Network Time Protocol (NTP).................................................................................................................48
Commands........................................................................................................................................48
timesync......................................................................................................................................48
Contents 3
timesync ntp.................................................................................................................................49
ntp...............................................................................................................................................49
[no] ntp........................................................................................................................................50
ntp enable....................................................................................................................................50
ntp authentication.........................................................................................................................51
ntp authentication key-id ..............................................................................................................52
ntp max-association......................................................................................................................52
ntp server.....................................................................................................................................53
ntp server key-id...........................................................................................................................54
ntp ipv6-multicast.........................................................................................................................55
debug ntp.....................................................................................................................................55
ntp trap........................................................................................................................................55
show ntp statistics.........................................................................................................................57
show ntp status.............................................................................................................................57
show ntp associations....................................................................................................................58
show ntp authentication.................................................................................................................58
Validation rules............................................................................................................................59
Event log messages.......................................................................................................................60
Monitoring resources...............................................................................................................................62
Displaying current resource usage.......................................................................................................62
Viewing information on resource usage...............................................................................................63
Policy enforcement engine............................................................................................................64
Usage notes for show resources output...........................................................................................65
When insufcient resources are available............................................................................................65
Chapter 3 Port Status and Conguration..........................................................................66
Viewing port status and conguring port parameters..................................................................................66
Connecting transceivers to xed-conguration devices.........................................................................66
Viewing port conguration (Menu).....................................................................................................68
Conguring ports (Menu).............................................................................................................68
Viewing port status and conguration (CLI)........................................................................................69
Dynamically updating the show interfaces command (CLI/Menu)...................................................70
Customizing the show interfaces command (CLI)................................................................................71
Error messages associated with the show interfaces command.........................................................72
Note on using pattern matching with the show interfaces custom command.................................72
Viewing port utilization statistics (CLI)...............................................................................................72
Operating notes for viewing port utilization statistics......................................................................73
Viewing transceiver status (CLI).........................................................................................................73
Operating notes............................................................................................................................74
Enabling or disabling ports and conguring port mode (CLI)................................................................74
Enabling or disabling ow control (CLI).............................................................................................75
Port shutdown with broadcast storm....................................................................................................77
Viewing broadcast storm...............................................................................................................78
SNMP MIB..................................................................................................................................79
Conguring auto-MDIX.....................................................................................................................81
Manual override...........................................................................................................................82
Conguring auto-MDIX (CLI)......................................................................................................82
Using friendly (optional) port names........................................................................................................84
4HPE ArubaOS-Switch Management and Configuration Guide for RA.16.02
Conguring and operating rules for friendly port names.......................................................................84
Conguring friendly port names (CLI)................................................................................................85
Conguring a single port name (CLI)............................................................................................85
Conguring the same name for multiple ports (CLI).......................................................................85
Displaying friendly port names with other port data (CLI)....................................................................86
Listing all ports or selected ports with their friendly port names (CLI).............................................86
Including friendly port names in per-port statistics listings (CLI).....................................................87
Searching the conguration for ports with friendly port names (CLI)...............................................88
Uni-directional link detection (UDLD).....................................................................................................89
Conguring UDLD............................................................................................................................90
Conguring uni-directional link detection (UDLD) (CLI)...............................................................90
Enabling UDLD (CLI)..................................................................................................................91
Changing the keepalive interval (CLI)............................................................................................91
Changing the keepalive retries (CLI)..............................................................................................91
Conguring UDLD for tagged ports..............................................................................................92
Viewing UDLD information (CLI)......................................................................................................92
Viewing summary information on all UDLD-enabled ports (CLI)....................................................92
Viewing detailed UDLD information for specic ports (CLI)..........................................................93
Clearing UDLD statistics (CLI).....................................................................................................93
Chapter 4 Power Over Ethernet (PoE/PoE+) Operation...................................................95
Introduction to PoE.................................................................................................................................95
PoE terminology................................................................................................................................95
About PoE operation...............................................................................................................................95
Conguration options.........................................................................................................................95
PD support........................................................................................................................................96
Power priority operation.....................................................................................................................96
Conguring PoE operation......................................................................................................................97
Disabling or re-enabling PoE port operation........................................................................................97
Enabling support for pre-standard devices...........................................................................................97
Conguring the PoE port priority........................................................................................................97
Controlling PoE allocation..................................................................................................................99
Manually conguring PoE power levels..............................................................................................99
Changing the threshold for generating a power notice.........................................................................101
PoE/PoE+ allocation using LLDP information........................................................................................101
LLDP with PoE...............................................................................................................................101
Enabling or disabling ports for allocating power using LLDP........................................................102
Enabling PoE detection via LLDP TLV advertisement..................................................................102
LLDP with PoE+.............................................................................................................................102
Overview...................................................................................................................................102
PoE allocation............................................................................................................................102
Initiating advertisement of PoE+ TLVs........................................................................................104
Viewing PoE when using LLDP information................................................................................104
Operation Note...........................................................................................................................106
Viewing the global PoE power status of the switch..................................................................................106
Viewing PoE status on all ports.........................................................................................................107
Viewing the PoE status on specic ports............................................................................................109
Planning and implementing a PoE conguration.....................................................................................111
Contents 5
Power requirements.........................................................................................................................111
Assigning PoE ports to VLANs........................................................................................................112
Applying security features to PoE congurations...............................................................................112
Assigning priority policies to PoE trafc...........................................................................................112
PoE Event Log messages..................................................................................................................112
Chapter 5 Port Trunking..................................................................................................113
Overview of port trunking......................................................................................................................113
Port connections and conguration...................................................................................................113
Port trunk features and operation............................................................................................................114
Fault tolerance ................................................................................................................................114
Trunk conguration methods.................................................................................................................114
Dynamic LACP trunk.......................................................................................................................114
Static trunk......................................................................................................................................115
Viewing and conguring a static trunk group (Menu)..............................................................................118
Viewing and conguring port trunk groups (CLI)....................................................................................119
Viewing static trunk type and group for all ports or for selected ports..................................................119
Viewing static LACP and dynamic LACP trunk data..........................................................................120
Dynamic LACP Standby Links.........................................................................................................121
Conguring a static trunk or static LACP trunk group........................................................................121
Removing ports from a static trunk group..........................................................................................122
Enabling a dynamic LACP trunk group.............................................................................................122
Removing ports from a dynamic LACP trunk group...........................................................................123
Viewing existing port trunk groups (WebAgent)......................................................................................124
Trunk group operation using LACP........................................................................................................124
Default port operation......................................................................................................................126
LACP notes and restrictions..............................................................................................................127
802.1X (Port-based access control) congured on a port...............................................................127
Port securitycongured on a port.................................................................................................127
Changing trunking methods.........................................................................................................127
Static LACP trunks.....................................................................................................................128
Dynamic LACP trunks................................................................................................................128
VLANs and dynamic LACP........................................................................................................128
Blocked ports with older devices.................................................................................................128
Spanning Tree and IGMP............................................................................................................129
Half-duplex, different port speeds, or both not allowed in LACP trunks..........................................129
Dynamic/static LACP interoperation............................................................................................129
Trunk group operation using the "trunk" option.......................................................................................129
How the switch lists trunk data...............................................................................................................130
Outbound trafc distribution across trunked links....................................................................................130
Trunk load balancing using port layers....................................................................................................131
Enabling trunk load balancing...........................................................................................................131
Chapter 6 Port Trafc Controls.......................................................................................133
Rate-limiting.........................................................................................................................................133
All trafc rate-limiting.....................................................................................................................133
Conguring rate-limiting............................................................................................................133
Displaying the current rate-limit conguration.............................................................................134
6HPE ArubaOS-Switch Management and Configuration Guide for RA.16.02
Operating notes for rate-limiting..................................................................................................135
VLAN-based rate-limiting.....................................................................................................................136
ICMP rate-limiting................................................................................................................................137
Guidelines for conguring ICMP rate-limiting...................................................................................138
Conguring ICMP rate-limiting........................................................................................................138
Using both ICMP rate-limiting and all-trafc rate-limiting on the same interface.................................139
Viewing the current ICMP rate-limit conguration.............................................................................140
Operating notes for ICMP rate-limiting.............................................................................................140
Notes on testing ICMP rate-limiting.............................................................................................141
ICMP rate-limiting trap and Event Log messages...............................................................................142
Determining the switch port number used in ICMP port reset commands.......................................142
Conguring inbound rate-limiting for broadcast and multicast trafc..................................................143
Operating Notes.........................................................................................................................145
Jumbo frames.......................................................................................................................................145
Operating rules................................................................................................................................145
Conguring jumbo frame operation..................................................................................................145
Overview...................................................................................................................................146
Viewing the current jumbo conguration......................................................................................146
Enabling or disabling jumbo trafc on a VLAN............................................................................147
Conguring a maximum frame size..................................................................................................147
Conguring IP MTU..................................................................................................................148
SNMP implementation................................................................................................................148
Jumbo maximum frame size...................................................................................................148
Jumbo IP MTU.....................................................................................................................148
Displaying the maximum frame size............................................................................................148
Operating notes for maximum frame size.....................................................................................149
Operating notes for jumbo trafc-handling........................................................................................149
Troubleshooting...............................................................................................................................150
A VLAN is congured to allow jumbo frames, but one or more ports drops all inbound jumbo
frames........................................................................................................................................150
A non-jumbo port is generating "Excessive undersize/giant frames" messages in the Event Log......151
Chapter 7 Fault-Finder port-level link-ap.....................................................................152
Overview..............................................................................................................................................152
Fault-nder link-ap ............................................................................................................................152
Show fault-nder link-ap.....................................................................................................................154
Event Log.............................................................................................................................................155
Restrictions...........................................................................................................................................155
Chapter 8 Conguring for Network Management Applications.....................................157
Using SNMP tools to manage the switch................................................................................................157
SNMP management features.............................................................................................................157
SNMPv1 and v2c access to the switch...............................................................................................158
SNMPv3 access to the switch...........................................................................................................158
Enabling and disabling switch for access from SNMPv3 agents.....................................................159
Enabling or disabling restrictions to access from only SNMPv3 agents..........................................159
Enabling or disabling restrictions from all non-SNMPv3 agents to read-only access.......................159
Viewing the operating status of SNMPv3.....................................................................................159
Contents 7
Viewing status of message reception of non-SNMPv3 messages....................................................159
Viewing status of write messages of non-SNMPv3 messages.........................................................159
Enabling SNMPv3......................................................................................................................160
SNMPv3 users...........................................................................................................................160
Adding users.........................................................................................................................161
SNMPv3 user commands.......................................................................................................161
Listing Users.........................................................................................................................161
Assigning users to groups (CLI).............................................................................................162
Group access levels.....................................................................................................................162
SNMPv3 communities................................................................................................................163
Mapping SNMPv3 communities (CLI)...................................................................................164
SNMP community features....................................................................................................164
Viewing and conguring non-version-3 SNMP communities (Menu).............................................165
Listing community names and values (CLI)..................................................................................165
Conguring community names and values (CLI).....................................................................166
SNMP notications..........................................................................................................................167
Supported Notications..............................................................................................................167
General steps for conguring SNMP notications........................................................................167
SNMPv1 and SNMPv2c Traps....................................................................................................168
SNMP trap receivers...................................................................................................................168
Conguring an SNMP trap receiver (CLI)...............................................................................168
SNMPv2c informs......................................................................................................................169
Enabling SNMPv2c informs (CLI).........................................................................................169
Conguring SNMPv3 notications (CLI)....................................................................................170
Network security notications.....................................................................................................173
Enabling or disabling notication/traps for network security failures and other security events
(CLI)....................................................................................................................................173
Viewing the current conguration for network security notications (CLI)...............................174
Enabling Link-Change Traps (CLI)..............................................................................................175
Readable interface names in traps...........................................................................................175
Source IP address for SNMP notications....................................................................................175
Conguring the source IP address for SNMP notications (CLI)..............................................176
Viewing SNMP notication conguration (CLI)...........................................................................177
Conguring the MAC address count option.......................................................................................178
Displaying information about the mac-count-notify option............................................................179
Advanced management: RMON.......................................................................................................180
CLI-congured sFlow with multiple instances...................................................................................181
Conguring sFlow (CLI).............................................................................................................181
Viewing sFlow Conguration and Status (CLI).............................................................................181
Conguring UDLD Verify before forwarding..........................................................................................183
UDLD time delay............................................................................................................................183
Restrictions................................................................................................................................184
UDLD conguration commands.......................................................................................................184
Show commands..............................................................................................................................185
RMON generated when user changes UDLD mode............................................................................185
LLDP...................................................................................................................................................185
General LLDP operation..................................................................................................................186
8HPE ArubaOS-Switch Management and Configuration Guide for RA.16.02
LLDP-MED...............................................................................................................................186
Packet boundaries in a network topology...........................................................................................186
LLDP operation conguration options...............................................................................................186
Enable or disable LLDP on the switch.........................................................................................186
Enable or disable LLDP-MED.....................................................................................................186
Change the frequency of LLDP packet transmission to neighbor devices........................................186
Change the Time-To-Live for LLDP packets sent to neighbors......................................................187
Transmit and receive mode..........................................................................................................187
SNMP notication......................................................................................................................187
Per-port (outbound) data options..................................................................................................187
Remote management address.......................................................................................................188
Debug logging............................................................................................................................188
Options for reading LLDP information collected by the switch...........................................................189
LLDP and LLDP-MED standards compatibility.................................................................................189
LLDP operating rules.......................................................................................................................189
Port trunking..............................................................................................................................189
IP address advertisements...........................................................................................................189
Spanning-tree blocking...............................................................................................................190
802.1X blocking.........................................................................................................................190
Conguring LLDP operation............................................................................................................190
Displaying the global LLDP, port admin, and SNMP notication status (CLI)................................190
Viewing port conguration details (CLI).................................................................................191
Conguring Global LLDP Packet Controls..................................................................................191
LLDP operation on the switch................................................................................................191
Enabling or disabling LLDP operation on the switch (CLI)......................................................191
Changing the packet transmission interval (CLI).....................................................................192
Time-to-Live for transmitted advertisements...........................................................................192
Delay interval between advertisements generated by value or status changes to the LLDP MIB...193
Reinitialization delay interval.................................................................................................193
Conguring SNMP notication support.......................................................................................194
Enabling LLDP data change notication for SNMP trap receivers (CLI)...................................194
Changing the minimum interval for successive data change notications for the same neighbor..194
Conguring per-port transmit and receive modes (CLI).................................................................195
Basic LLDP per-port advertisement content.................................................................................195
Mandatory Data....................................................................................................................195
Conguring a remote management address for outbound LLDP advertisements (CLI)...............195
Optional Data.......................................................................................................................197
Support for port speed and duplex advertisements.........................................................................197
Conguring support for port speed and duplex advertisements (CLI)........................................197
Port VLAN ID TLV support on LLDP...............................................................................................198
Conguring the VLAN ID TLV...................................................................................................198
Viewing the TLVs advertised.......................................................................................................198
SNMP support............................................................................................................................200
LLDP-MED (media-endpoint-discovery)...........................................................................................200
LLDP-MED endpoint support.....................................................................................................201
LLDP-MED endpoint device classes............................................................................................202
LLDP-MED operational support..................................................................................................202
Contents 9
Tracking LLDP-MED connects and disconnectstopology change notication.............................202
LLDP-MED fast start control......................................................................................................203
Advertising device capability, network policy, PoE status and location data....................................204
Network policy advertisements..............................................................................................204
VLAN operating rules...........................................................................................................204
Policy elements.....................................................................................................................204
Enabling or Disabling medTlvEnable.....................................................................................205
PoE advertisements...............................................................................................................206
Location data for LLDP-MED devices.........................................................................................207
Conguring location data for LLDP-MED devices..................................................................207
Conguring coordinate-based locations..................................................................................208
Viewing switch information available for outbound advertisements.....................................................210
Displaying the current port speed and duplex conguration on a switch port..................................212
Viewing the current port speed and duplex conguration on a switch port.................................213
Viewing advertisements currently in the neighbors MIB................................................................213
Displaying LLDP statistics..........................................................................................................214
Viewing LLDP statistics........................................................................................................214
LLDP Operating Notes.....................................................................................................................216
Neighbor maximum....................................................................................................................216
LLDP packet forwarding.............................................................................................................217
One IP address advertisement per port.........................................................................................217
802.1Q VLAN Information.........................................................................................................217
Effect of 802.1X Operation.........................................................................................................217
Neighbor data can remain in the neighbor database after the neighbor is disconnected....................217
Mandatory TLVs........................................................................................................................217
Determining the switch port number included in topology change notication traps........................217
LLDP and CDP data management.....................................................................................................218
LLDP and CDP neighbor data.....................................................................................................218
CDP operation and commands.....................................................................................................219
Viewing the current CDP conguration of the switch....................................................................219
Viewing the current CDP neighbors table of the switch.................................................................220
Enabling and Disabling CDP Operation.......................................................................................221
Enabling or disabling CDP operation on individual ports...............................................................221
Conguring CDPv2 for voice transmission........................................................................................222
Filtering CDP information................................................................................................................224
Conguring the switch to lter untagged trafc............................................................................224
Displaying the conguration.......................................................................................................225
Filtering PVID mismatch log messages.............................................................................................225
DHCPv4 server.....................................................................................................................................226
Introduction to DHCPv4...................................................................................................................226
IP pools...........................................................................................................................................226
DHCP options.................................................................................................................................226
BootP support..................................................................................................................................226
Authoritative server and support for DHCP inform packets.................................................................226
Authoritative pools...........................................................................................................................227
Authoritative dummy pools..............................................................................................................227
Change in server behavior................................................................................................................227
10 HPE ArubaOS-Switch Management and Configuration Guide for RA.16.02
DHCPv4 conguration commands....................................................................................................228
Enable/disable the DHCPv4 server..............................................................................................228
Conguring the DHCP address pool name...................................................................................228
Authoritative..............................................................................................................................229
Specify a boot le for the DHCP client .......................................................................................229
Congure a default router for a DHCP client................................................................................229
Congure the DNS IP servers .....................................................................................................230
Congure a domain name...........................................................................................................230
Congure lease time...................................................................................................................230
Congure the NetBIOS WINS servers.........................................................................................230
Congure the NetBIOS node type...............................................................................................230
Congure subnet and mask ........................................................................................................231
Congure DHCP server options..................................................................................................231
Congure the range of IP address................................................................................................231
Congure the static binding information......................................................................................231
Congure the TFTP server domain name.....................................................................................232
Congure the TFTP server address..............................................................................................232
Change the number of ping packets.............................................................................................232
Change the amount of time..........................................................................................................232
Congure DHCP Server to save automatic bindings......................................................................232
Congure a DHCP server to send SNMP notications..................................................................233
Enable conict logging on a DHCP server...................................................................................233
Enable the DHCP server on a VLAN...........................................................................................233
Clear commands.........................................................................................................................233
Reset all DHCP server and BOOTP counters................................................................................233
Delete an automatic address binding............................................................................................234
Show commands..............................................................................................................................234
Display the DHCPv4 server address bindings...............................................................................234
Display address conicts.............................................................................................................234
Display DHCPv4 server database agent........................................................................................234
Display DHCPv4 server statistics................................................................................................234
Display the DHCPv4 server IP pool information...........................................................................234
Display DHCPv4 server global conguration information.............................................................235
Event log.........................................................................................................................................235
Event Log Messages...................................................................................................................235
Chapter 9 Captive Portal for ClearPass...........................................................................237
Requirements........................................................................................................................................237
Best Practices.......................................................................................................................................238
Limitations...........................................................................................................................................238
Features................................................................................................................................................238
High Availability.............................................................................................................................238
Load balancing and redundancy........................................................................................................239
Captive Portal when disabled.................................................................................................................239
Disabling Captive Portal...................................................................................................................239
Conguring Captive Portal on CPPM.....................................................................................................239
Import the HP RADIUS dictionary....................................................................................................239
Create enforcement proles..............................................................................................................239
Contents 11
Create a ClearPass guest self-registration...........................................................................................241
Congure the login delay ................................................................................................................242
Conguring the switch..........................................................................................................................242
Congure the URL key....................................................................................................................243
Conguring a certicate for Captive Portal usage....................................................................................243
Display Captive Portal conguration......................................................................................................244
Show certicate information..................................................................................................................244
Troubleshooting....................................................................................................................................244
Event Timestamp not working..........................................................................................................244
Cannot enable Captive Portal............................................................................................................244
Unable to enable feature...................................................................................................................245
Authenticated user redirected to login page .......................................................................................245
Unable to congure a URL hash key.................................................................................................246
authentication command...................................................................................................................246
show command................................................................................................................................246
Debug command..............................................................................................................................247
Chapter 10 ZTP with AirWave Network Management...................................................248
Requirements........................................................................................................................................248
Best Practices.......................................................................................................................................249
Limitations...........................................................................................................................................249
Switch conguration.............................................................................................................................249
Congure AirWave details in DHCP (preferred method)..........................................................................250
Congure AirWave details in DHCP (alternate method)...........................................................................254
Zero Touch Provisioning........................................................................................................................261
Auto-conguration using ZTP..........................................................................................................262
Disabling ZTP.................................................................................................................................262
Image Upgrade................................................................................................................................262
Congure a switch using the CLI...........................................................................................................263
Stacking and chassis switches................................................................................................................263
Troubleshooting....................................................................................................................................263
View AMP server messages..............................................................................................................263
Validation Rules..............................................................................................................................264
View conguration details.....................................................................................................................264
amp-server............................................................................................................................................264
debug ztp..............................................................................................................................................265
Chapter 11 Auto conguration upon Aruba AP detection..............................................266
Auto device detection and conguration.................................................................................................266
Requirements..................................................................................................................................266
Limitations......................................................................................................................................266
Feature Interactions..........................................................................................................................267
Prole Manager and 802.1X........................................................................................................267
Prole Manager and LMA/WMA/MAC-AUTH...........................................................................267
Prole manager and Private VLANs............................................................................................267
Creating a prole and associate a device type....................................................................................267
device-prole name..........................................................................................................................268
device-prole type...........................................................................................................................269
12 HPE ArubaOS-Switch Management and Configuration Guide for RA.16.02
Rogue AP Isolation...............................................................................................................................270
Limitations......................................................................................................................................271
Feature Interactions..........................................................................................................................271
MAC lockout and lockdown .......................................................................................................271
LMA/WMA/802.1X/Port-Security..............................................................................................272
L3 MAC....................................................................................................................................272
Using the Rogue AP Isolation feature................................................................................................272
rogue-ap-isolation............................................................................................................................273
rogue-ap-isolation action..................................................................................................................274
rogue-ap-isolation whitelist..............................................................................................................274
clear rogue-ap-isolation....................................................................................................................275
Troubleshooting....................................................................................................................................275
Dynamic conguration not displayed when using show running-cong............................................275
Switch does not detect the rogue AP TLVs........................................................................................276
The show run command displays non-numerical value for untagged-vlan............................................276
Show commands..............................................................................................................................276
Validation Rules..............................................................................................................................277
Chapter 12 Link Aggregation Control ProtocolMulti-Active Detection
(LACP-MAD)...................................................................................................................279
LACP-MAD commands........................................................................................................................279
Conguration command...................................................................................................................279
show commands..............................................................................................................................279
clear command................................................................................................................................279
LACP-MAD overview...........................................................................................................................279
Chapter 13 Scalability IP Address VLAN and Routing Maximum Values....................281
Chapter 14 File Transfers................................................................................................283
Overview..............................................................................................................................................283
Downloading switch software................................................................................................................283
General software download rules......................................................................................................283
Using TFTP to download software from a server................................................................................283
Downloading from a server to primary ash using TFTP (Menu)...................................................284
Troubleshooting TFTP download failures.....................................................................................285
Downloading from a server to ash using TFTP (CLI)..................................................................286
Enabling TFTP (CLI)..................................................................................................................287
Conguring the switch to download software automatically from a TFTP server using auto-TFTP
(CLI).........................................................................................................................................288
Using SCP and SFTP.......................................................................................................................289
Enabling SCP and SFTP...................................................................................................................290
Disabling TFTP and auto-TFTP for enhanced security..................................................................290
Enabling SSH V2 (required for SFTP).........................................................................................292
Conrming that SSH is enabled.............................................................................................292
Disabling secure le transfer..................................................................................................292
Authentication............................................................................................................................292
SCP/SFTP operating notes..........................................................................................................293
Troubleshooting SSH, SFTP, and SCP operations.........................................................................294
Contents 13
Broken SSH connection.........................................................................................................294
Attempt to start a session during a ash write..........................................................................294
Failure to exit from a previous session....................................................................................294
Attempt to start a second session............................................................................................295
Using Xmodem to download switch software from a PC or UNIX workstation....................................295
Downloading to primary ash using Xmodem (Menu)..................................................................295
Downloading to primary or secondary ash using Xmodem and a terminal emulator (CLI).............296
Switch-to-switch download..............................................................................................................297
Switch-to-switch download to primary ash (Menu).....................................................................297
Downloading the OS from another switch (CLI)...........................................................................298
Downloading from primary only (CLI)...................................................................................298
Downloading from either ash in the source switch to either ash in the destination switch
(CLI)....................................................................................................................................298
Using AirWave to update switch software..........................................................................................298
Copying software images.......................................................................................................................299
TFTP: Copying a software image to a remote host (CLI)....................................................................299
Xmodem: Copying a software image from the switch to a serially connected PC or UNIX workstation
(CLI)..............................................................................................................................................299
Transferring switch congurations.........................................................................................................299
TFTP: Copying a conguration le to a remote host (CLI).................................................................300
TFTP: Copying a conguration le from a remote host (CLI).............................................................300
TFTP: Copying a customized command le to a switch (CLI)............................................................300
Xmodem: Copying a conguration le to a serially connected PC or UNIX workstation (CLI).............301
Xmodem: Copying a conguration le from a serially connected PC or UNIX workstation (CLI).........302
Transferring ACL command les...........................................................................................................302
TFTP: Uploading an ACL command le from a TFTP server (CLI)....................................................303
Xmodem: Uploading an ACL command le from a serially connected PC or UNIX workstation (CLI)..304
Copying diagnostic data to a remote host, PC or UNIX workstation..........................................................305
Copying command output to a destination device (CLI)......................................................................305
Copying Event Log output to a destination device (CLI).....................................................................306
Copying crash data content to a destination device (CLI)....................................................................306
Chapter 15 Monitoring and Analyzing Switch Operation..............................................307
Overview..............................................................................................................................................307
Accessing port and trunk group statistics................................................................................................307
show interfaces................................................................................................................................307
Reset port counters...........................................................................................................................307
clear statistics.............................................................................................................................308
Accessing port and trunk statistics (Menu).........................................................................................308
MAC address tables...............................................................................................................................309
MAC address views and searches......................................................................................................309
show mac-address.......................................................................................................................309
Using the menu to view and search MAC addresses......................................................................310
Finding the port connection for a specic device on a VLAN........................................................311
Viewing and searching port-level MAC addresses.........................................................................311
Determining whether a specic device is connected to the selected port.........................................312
MSTP data............................................................................................................................................312
show spanning-tree..........................................................................................................................312
14 HPE ArubaOS-Switch Management and Configuration Guide for RA.16.02
IP IGMP status......................................................................................................................................313
show ip igmp...................................................................................................................................313
VLAN information................................................................................................................................315
show vlan........................................................................................................................................315
Conguring a destination switch in a remote mirroring session................................................................316
Conguring a source switch in a local mirroring session..........................................................................317
Conguring a source switch in a remote mirroring session.......................................................................318
Selecting all trafc on a port interface for mirroring according to trafc direction.....................................319
Selecting all trafc on a VLAN interface for mirroring according to trafc direction.................................320
Conguring a MAC address to lter mirrored trafc on an interface.........................................................321
Conguring classier-based mirroring....................................................................................................322
Applying a mirroring policy on a port or VLAN interface...................................................................323
Viewing a classier-based mirroring conguration..................................................................................324
Viewing all mirroring sessions congured on the switch..........................................................................324
Viewing the remote endpoints congured on the switch...........................................................................325
Viewing the mirroring conguration for a specic session.......................................................................326
Viewing a remote mirroring session........................................................................................................327
Viewing a MAC-based mirroring session................................................................................................327
Viewing a local mirroring session...........................................................................................................328
Viewing information on a classier-based mirroring session....................................................................328
Viewing information about a classier-based mirroring conguration.......................................................329
Viewing information about a classier-based mirroring conguration.......................................................330
Viewing resource usage for mirroring policies.........................................................................................330
Viewing the mirroring congurations in the running conguration le.....................................................331
Compatibility mode...............................................................................................................................332
Trafc mirroring overview.....................................................................................................................333
Mirroring overview..........................................................................................................................333
Mirroring destinations......................................................................................................................334
Mirroring sources and sessions.........................................................................................................334
Mirroring sessions...........................................................................................................................334
Mirroring session limits..............................................................................................................335
Selecting mirrored trafc............................................................................................................335
Mirrored trafc destinations.............................................................................................................336
Local destinations.......................................................................................................................336
Remote destinations....................................................................................................................336
Monitored trafc sources..................................................................................................................336
Criteria for selecting mirrored trafc.................................................................................................337
Mirroring conguration....................................................................................................................337
Remote mirroring endpoint and intermediate devices.........................................................................338
Migration to release K.12.xx.............................................................................................................338
Booting from software versions earlier than K.12.xx.....................................................................338
Maximum supported frame size...................................................................................................339
Frame truncation........................................................................................................................339
Migration to release K.14.01 or greater..............................................................................................339
Trafc mirroring overview.....................................................................................................................340
Mirroring overview..........................................................................................................................340
Mirroring destinations......................................................................................................................341
Contents 15
Mirroring sources and sessions.........................................................................................................341
Mirroring sessions...........................................................................................................................341
Mirroring session limits..............................................................................................................342
Selecting mirrored trafc............................................................................................................342
Mirrored trafc destinations.............................................................................................................343
Local destinations.......................................................................................................................343
Remote destinations....................................................................................................................343
Monitored trafc sources..................................................................................................................343
Criteria for selecting mirrored trafc.................................................................................................344
Mirroring conguration....................................................................................................................344
Remote mirroring endpoint and intermediate devices.........................................................................345
Migration to release K.12.xx.............................................................................................................345
Booting from software versions earlier than K.12.xx.....................................................................345
Maximum supported frame size...................................................................................................346
Frame truncation........................................................................................................................346
Migration to release K.14.01 or greater..............................................................................................346
Using the Menu to congure local mirroring...........................................................................................347
Menu and WebAgent limits..............................................................................................................347
Remote mirroring overview...................................................................................................................347
Quick reference to remote mirroring setup.........................................................................................348
High-level overview of the mirror conguration process..........................................................................349
Determine the mirroring session and destination................................................................................349
For a local mirroring session.......................................................................................................349
For a remote mirroring session....................................................................................................349
Congure a mirroring destination on a remote switch.........................................................................349
Congure a destination switch in a remote mirroring session.........................................................349
Congure a mirroring session on the source switch............................................................................349
Congure a source switch in a remote mirroring session...............................................................350
Congure the monitored trafc in a mirror session.............................................................................350
Trafc selection options..............................................................................................................350
Mirroring-source restrictions.......................................................................................................351
About selecting all inbound/outbound trafc to mirror.............................................................................351
Untagged mirrored packets...............................................................................................................351
About using SNMP to congure no-tag-added..............................................................................352
Operating notes..........................................................................................................................352
About selecting inbound trafc using an ACL (deprecated)................................................................352
About selecting inbound/outbound trafc using a MAC address..........................................................353
About selecting inbound trafc using advanced classier-based mirroring...........................................354
Classier-based mirroring conguration.................................................................................................355
Classier-based mirroring restrictions...............................................................................................357
About applying multiple mirroring sessions to an interface.................................................................358
Mirroring conguration examples.....................................................................................................359
Maximum supported frame size.............................................................................................................363
Enabling jumbo frames to increase the mirroring path MTU...............................................................363
Effect of downstream VLAN tagging on untagged, mirrored trafc..........................................................364
Operating notes for trafc mirroring.................................................................................................364
Troubleshooting trafc mirroring...........................................................................................................366
16 HPE ArubaOS-Switch Management and Configuration Guide for RA.16.02
Chapter 16 Troubleshooting............................................................................................367
Overview..............................................................................................................................................367
Troubleshooting approaches...................................................................................................................367
Browser or Telnet access problems.........................................................................................................368
Cannot access the WebAgent............................................................................................................368
Cannot Telnet into the switch console from a station on the network...................................................368
Unusual network activity.......................................................................................................................369
General problems.............................................................................................................................369
The network runs slow; processes fail; users cannot access servers or other devices........................369
Duplicate IP addresses................................................................................................................369
Duplicate IP addresses in a DHCP network..................................................................................370
The switch has been congured for DHCP/Bootp operation, but has not received a DHCP or Bootp
reply..........................................................................................................................................370
802.1Q Prioritization problems.........................................................................................................370
Ports congured for non-default prioritization (level 1 to 7) are not performing the specied action..370
Addressing ACL problems...............................................................................................................371
ACLs are properly congured and assigned to VLANs, but the switch is not using the ACLs to lter
IP layer 3 packets.......................................................................................................................371
The switch does not allow management access from a device on the same VLAN...........................371
Error (Invalid input) when entering an IP address..........................................................................372
Apparent failure to log all "deny" matches....................................................................................372
The switch does not allow any routed access from a specic host, group of hosts, or subnet............372
The switch is not performing routing functions on a VLAN...........................................................372
Routing through a gateway on the switch fails..............................................................................372
Remote gateway case.............................................................................................................373
Local gateway case................................................................................................................373
IGMP-related problems....................................................................................................................374
IP multicast (IGMP) trafc that is directed by IGMP does not reach IGMP hosts or a multicast router
connected to a port.....................................................................................................................374
IP multicast trafcoods out all ports; IGMP does not appear to lter trafc.................................374
LACP-related problems....................................................................................................................374
Unable to enable LACP on a port with the interface <port-number> lacp command..................374
Mesh-related problems.....................................................................................................................374
Trafc on a dynamic VLAN does not get through the switch mesh................................................374
Port-based access control (802.1X)-related problems..........................................................................374
The switch does not receive a response to RADIUS authentication requests...................................375
The switch does not authenticate a client even though the RADIUS server is properly congured and
providing a response to the authentication request.........................................................................375
During RADIUS-authenticated client sessions, access to a VLAN on the port used for the client
sessions is lost............................................................................................................................375
The switch appears to be properly congured as a supplicant, but cannot gain access to the intended
authenticator port on the switch to which it is connected...............................................................375
The supplicant statistics listing shows multiple ports with the same authenticator MAC address......375
The show port-access authenticator <port-list> command shows one or more ports remain open
after they have been congured with control unauthorized............................................................375
RADIUS server fails to respond to a request for service, even though the server's IP address is correctly
congured in the switch..............................................................................................................376
Contents 17
The authorized MAC address on a port that is congured for both 802.1X and port security either
changes or is re-acquired after execution of aaa port-access authenticator <port-list>
initialize.....................................................................................................................................377
A trunked port congured for 802.1X is blocked..........................................................................377
QoS-related problems.......................................................................................................................377
Loss of communication when using VLAN-tagged trafc.............................................................377
Radius-related problems...................................................................................................................377
The switch does not receive a response to RADIUS authentication requests...................................377
RADIUS server fails to respond to a request for service, even though the server's IP address is correctly
congured in the switch..............................................................................................................377
MSTP and fast-uplink problems........................................................................................................378
Broadcast storms appearing in the network...................................................................................378
STP blocks a link in a VLAN even though there are no redundant links in that VLAN....................378
Fast-uplink troubleshooting.........................................................................................................378
SSH-related problems......................................................................................................................379
Switch access refused to a client..................................................................................................379
Executing IP SSH does not enable SSH on the switch...................................................................379
Switch does not detect a client's public key that does appear in the switch's public key le (show ip
client-public-key).......................................................................................................................379
An attempt to copy a client public-key le into the switch has failed and the switch lists one of the
following messages.....................................................................................................................379
Client ceases to respond ("hangs") during connection phase..........................................................379
TACACS-related problems...............................................................................................................380
Event Log..................................................................................................................................380
All users are locked out of access to the switch.............................................................................380
No communication between the switch and the TACACS+ server application.................................380
Access is denied even though the username/password pair is correct..............................................380
Unknown users allowed to login to the switch..............................................................................381
System allows fewer login attempts than specied in the switch conguration................................381
TimeP, SNTP, or Gateway problems..................................................................................................381
The switch cannot nd the time server or the congured gateway..................................................381
VLAN-related problems...................................................................................................................381
Monitor port...............................................................................................................................381
None of the devices assigned to one or more VLANs on an 802.1Q-compliant switch are being
recognized.................................................................................................................................381
Link congured for multiple VLANs does not support trafc for one or more VLANs....................381
Duplicate MAC addresses across VLANs.....................................................................................382
Disabled overlapping subnet conguration...................................................................................382
Fan failure.......................................................................................................................................383
Mitigating apping transceivers........................................................................................................384
Fault nder thresholds................................................................................................................385
Enabling fault nder using the CLI.........................................................................................385
Viewing transceiver information.............................................................................................................388
Viewing information about transceivers (CLI)....................................................................................389
MIB support....................................................................................................................................389
Viewing transceiver information.......................................................................................................389
Information displayed with the detail parameter............................................................................391
Viewing transceiver information for copper transceivers with VCT support.........................................394
18 HPE ArubaOS-Switch Management and Configuration Guide for RA.16.02
Testing the Cable........................................................................................................................394
Using the Event Log for troubleshooting switch problems........................................................................396
Event Log entries.............................................................................................................................396
Using the Menu...............................................................................................................................405
Using the CLI..................................................................................................................................406
Clearing Event Log entries...............................................................................................................406
Turning event numbering on.............................................................................................................407
Using log throttling to reduce duplicate Event Log and SNMP messages.............................................407
Log throttle periods....................................................................................................................407
Example: of event counter operation............................................................................................408
Reporting information about changes to the running conguration......................................................409
Debug/syslog operation.........................................................................................................................410
Debug/syslog messaging..................................................................................................................410
Hostname in syslog messages...........................................................................................................410
Logging origin-id.......................................................................................................................411
Viewing the identication of the syslog message sender................................................................413
SNMP MIB................................................................................................................................414
Debug/syslog destination devices......................................................................................................414
Debug/syslog conguration commands.............................................................................................414
Conguring debug/syslog operation..................................................................................................417
Viewing a debug/syslog conguration..........................................................................................418
Debug command..............................................................................................................................420
Debug messages.........................................................................................................................421
Filtering debug messages by debug type.......................................................................................423
Debug destinations.....................................................................................................................424
Logging command...........................................................................................................................425
Conguring a syslog server.........................................................................................................426
Deleting syslog addresses in the startup conguration..............................................................426
Verifying the deletion of a syslog server address......................................................................426
Blocking the messages sent to congured syslog servers from the currently congured debug
message type.........................................................................................................................427
Disabling syslog logging on the switch without deleting congured server addresses.................427
Sending logging messages using TCP.....................................................................................427
Disable LinkUp/Down Syslog messages based on port............................................................429
Adding a description for a Syslog server............................................................................................434
Adding a priority description............................................................................................................435
Conguring the severity level for Event Log messages sent to a syslog server......................................435
Conguring the system module used to select the Event Log messages sent to a syslog server.........436
Operating notes for debug and Syslog...............................................................................................436
Diagnostic tools....................................................................................................................................437
Port auto-negotiation........................................................................................................................437
Ping and link tests............................................................................................................................437
Ping test.....................................................................................................................................437
Link test.....................................................................................................................................437
Executing ping or link tests (WebAgent)......................................................................................437
Testing the path between the switch and another device on an IP network.......................................438
Halting a ping test.................................................................................................................439
Contents 19
Issuing single or multiple link tests..............................................................................................439
Tracing the route from the switch to a host address.............................................................................440
Halting an ongoing traceroute search...........................................................................................441
A low maxttl causes traceroute to halt before reaching the destination address................................441
If a network condition prevents traceroute from reaching the destination........................................442
Viewing switch conguration and operation............................................................................................442
Viewing the startup or running conguration le...............................................................................442
Viewing the conguration le (WebAgent)........................................................................................443
Viewing a summary of switch operational data...................................................................................443
Saving show tech command output to a text le............................................................................444
Customizing show tech command output.....................................................................................445
Viewing more information on switch operation..................................................................................446
Searching for text using pattern matching with show command.....................................................447
Displaying the information you need to diagnose problems.................................................................449
Restoring the factory-default conguration.............................................................................................450
Resetting to the factory-default conguration.....................................................................................450
Using the CLI.............................................................................................................................450
Using Clear/Reset.......................................................................................................................451
Restoring a ash image.........................................................................................................................451
Recovering from an empty or corrupted ash state.............................................................................451
DNS resolver........................................................................................................................................453
Basic operation................................................................................................................................453
Conguring and using DNS resolution with DNS-compatible commands............................................455
Conguring a DNS entry..................................................................................................................455
Using DNS names with ping and traceroute: Example:.......................................................................456
Viewing the current DNS conguration.............................................................................................457
Operating notes................................................................................................................................458
Event Log messages.........................................................................................................................458
Locating a switch (Locator LED)...........................................................................................................458
Chapter 17 MAC Address Management.........................................................................460
Overview..............................................................................................................................................460
Determining MAC addresses..................................................................................................................460
Viewing the MAC addresses of connected devices...................................................................................460
Viewing the switch's MAC address assignments for VLANs congured on the switch...............................461
Viewing the port and VLAN MAC addresses.....................................................................................461
Chapter 18 Power-Saving Features.................................................................................463
Conguring the savepower LED option..................................................................................................463
Chapter 19 Job Scheduler................................................................................................464
Job Scheduler.......................................................................................................................................464
Commands...........................................................................................................................................464
Job at | delay | enable | disable.................................................................................464
Show job.........................................................................................................................................465
Show job <Name>...........................................................................................................................465
Chapter 20 Easing Wired/Wireless Deployment feature integration..............................467
Overview..............................................................................................................................................467
20 HPE ArubaOS-Switch Management and Configuration Guide for RA.16.02
/