You must enable javascript in order to view this page or you can go
here
to view the webhelp.
Contents
Search
Loading, please wait ...
Aruba 2530 Management and Configuration Guide for ArubaOS-Switch 16.09
Home
About this guide
Applicable products
Switch prompts used in this guide
Time Protocols
General steps for running a time protocol on the switch
TimeP time synchronization
SNTP time synchronization
Selecting a time synchronization protocol
Disabling time synchronization
SNTP: Selecting and configuring
Viewing and configuring SNTP (CLI)
Configuring (enabling or disabling) the SNTP mode
TimeP: Selecting and configuring
Viewing the current TimeP configuration (CLI)
Configuring (enabling or disabling) the TimeP mode
SNTP unicast time polling with multiple SNTP servers
Displaying all SNTP server addresses configured on the switch (CLI)
Adding and deleting SNTP server addresses
Adding addresses
Deleting addresses
Operating with multiple SNTP server addresses configured (Menu)
SNTP messages in the Event Log
Network Time Protocol (NTP)
Commands
timesync Command
timesync ntp
ntp
ntp
ntp enable
ntp authentication
ntp authentication key-id
ntp max-association
ntp server
ntp server key-id
ntp ipv6-multicast
debug ntp
ntp trap
show ntp statistics
show ntp status
show ntp associations
show ntp authentication
Port Status and Configuration
Viewing port status and configuring port parameters
Connecting transceivers to fixed-configuration devices
Viewing port status and configuration (CLI)
Dynamically updating the show interfaces command (CLI/Menu)
Customizing the show interfaces command (CLI)
Error messages associated with the show interfaces command
Viewing port utilization statistics (CLI)
Operating notes for viewing port utilization statistics
Viewing transceiver status (CLI)
Operating Notes
Enabling or disabling ports and configuring port mode (CLI)
Enabling or disabling flow control (CLI)
Port shutdown with broadcast storm
Viewing broadcast storm
SNMP MIB
Multicast Storm Control
Overview
fault-finder multicast-storm
fault-finder multicast-storm action
show logging
Restrictions
Configuring auto-MDIX
Manual override
Configuring auto-MDIX (CLI)
Using friendly (optional) port names
Configuring and operating rules for friendly port names
Configuring friendly port names (CLI)
Configuring a single port name (CLI)
Configuring the same name for multiple ports (CLI)
Displaying friendly port names with other port data (CLI)
Listing all ports or selected ports with their friendly port names (CLI)
Including friendly port names in per-port statistics listings (CLI)
Searching the configuration for ports with friendly port names (CLI)
Uni-directional link detection (UDLD)
Configuring UDLD
Configuring uni-directional link detection (UDLD) (CLI)
Enabling UDLD (CLI)
Changing the keepalive interval (CLI)
Changing the keepalive retries (CLI)
Configuring UDLD for tagged ports
Viewing UDLD information (CLI)
Viewing summary information on all UDLD-enabled ports (CLI)
Viewing detailed UDLD information for specific ports (CLI)
Clearing UDLD statistics (CLI)
Power Over Ethernet (PoE/PoE+) Operation
Introduction to PoE
PoE terminology
Planning and implementing a PoE configuration
Power requirements
Assigning PoE ports to VLANs
Applying security features to PoE configurations
Assigning priority policies to PoE traffic
PoE Event Log messages
About PoE operation
Configuration options
PD support
Power priority operation
Configuring PoE operation
Disabling or re-enabling PoE port operation
Enabling support for pre-standard devices
Configuring the PoE port priority
Controlling PoE allocation
Manually configuring PoE power levels
Changing the threshold for generating a power notice
Cycling power on a port
PoE/PoE+ allocation using LLDP information
LLDP with PoE
Enabling or disabling ports for allocating power using LLDP
Enabling PoE detection via LLDP TLV advertisement
LLDP with PoE+
Overview
PoE allocation
Initiating advertisement of PoE+ TLVs
Viewing PoE when using LLDP information
Operation note
Viewing the global PoE power status of the switch
Viewing PoE status on all ports
Viewing the PoE status on specific ports
Port Trunking
Overview of port trunking
Port connections and configuration
Port trunk features and operation
Fault tolerance
Trunk configuration methods
Dynamic LACP trunk
Static trunk
Viewing and configuring port trunk groups (CLI)
Viewing static trunk type and group for all ports or for selected ports
Viewing static LACP and dynamic LACP trunk data
Dynamic LACP Standby Links
Configuring a static trunk or static LACP trunk group
Removing ports from a static trunk group
Enabling a dynamic LACP trunk group
Removing ports from a dynamic LACP trunk group
Specifying Minimum Active Links for LACP
lacp min-active-links
lacp enable-timer
show lacp min-active-links
Limitations
Viewing existing port trunk groups (WebAgent)
Trunk group operation using LACP
Default port operation
LACP notes and restrictions
802.1X (Port-based access control) configured on a port
Port security configured on a port
Changing trunking methods
Static LACP trunks
Dynamic LACP trunks
VLANs and dynamic LACP
Blocked ports with older devices
Spanning Tree and IGMP
Half-duplex, different port speeds, or both not allowed in LACP trunks
Dynamic/static LACP interoperation
Trunk group operation using the "trunk" option
How the switch lists trunk data
Outbound traffic distribution across trunked links
Port Traffic Controls
ICMP rate-limiting
Guidelines for configuring ICMP rate-limiting
Configuring ICMP rate-limiting
Using both ICMP rate-limiting and all-traffic rate-limiting on the same interface
Viewing the current ICMP rate-limit configuration
Operating notes for ICMP rate-limiting
ICMP rate-limiting trap and Event Log messages
Determining the switch port number used in ICMP port reset commands
Configuring inbound rate-limiting for broadcast and multicast traffic
Operating Notes
Guaranteed minimum bandwidth (GMB)
GMB operation
Impacts of QoS queue configuration on GMB operation
Configuring GMB for outbound traffic
Viewing the current GMB configuration
GMB operating notes
Impact of QoS queue configuration on GMB commands
Rate-limiting Unknown Unicast Traffic
rate-limit unknown-unicast in percent
rate-limit unknown-unicast in kbps
show rate-limit unknown-unicast
Jumbo frames
Operating rules
Jumbo traffic-handling
Configuring jumbo frame operation
Overview
Viewing the current jumbo configuration
Enabling or disabling jumbo traffic on a VLAN
Configuring a maximum frame size
Configuring IP MTU
SNMP implementation
Displaying the maximum frame size
Operating notes for maximum frame size
Troubleshooting
A VLAN is configured to allow jumbo frames, but one or more ports drops all inbound jumbo frames
A non-jumbo port is generating "Excessive undersize/giant frames" messages in the Event Log
Fault Finder
Fault Finder thresholds
Enabling Fault Finder
Configuring for Network Management Applications
Using SNMP tools to manage the switch
SNMP management features
SNMPv1 and v2c access to the switch
SNMPv3 access to the switch
Enabling and disabling switch for access from SNMPv3 agents
Enabling or disabling restrictions to access from only SNMPv3 agents
Enabling or disabling restrictions from all non-SNMPv3 agents to read-only access
Viewing the operating status of SNMPv3
Viewing status of message reception of non-SNMPv3 messages
Viewing status of write messages of non-SNMPv3 messages
Enabling SNMPv3
SNMPv3 users
Group access levels
SNMPv3 communities
Listing community names and values (CLI)
SNMP notifications
Supported Notifications
General steps for configuring SNMP notifications
SNMPv1 and SNMPv2c Traps
SNMP trap receivers
Overview
SNMPv2c informs
Configuring SNMPv3 notifications (CLI)
Network security notifications
Enabling Link-Change Traps (CLI)
Source IP address for SNMP notifications
Viewing SNMP notification configuration (CLI)
Advanced management: RMON
CLI-configured sFlow with multiple instances
Configuring sFlow (CLI)
Viewing sFlow Configuration and Status (CLI)
Configuring UDLD Verify before forwarding
UDLD time delay
Restrictions
UDLD configuration commands
Show commands
RMON generated when user changes UDLD mode
LLDP
General LLDP operation
LLDP-MED
Packet boundaries in a network topology
LLDP operation configuration options
Enable or disable LLDP on the switch
Enable or disable LLDP-MED
Change the frequency of LLDP packet transmission to neighbor devices
Change the Time-To-Live for LLDP packets sent to neighbors
Transmit and receive mode
SNMP notification
Per-port (outbound) data options
Remote management address
Debug logging
Options for reading LLDP information collected by the switch
LLDP and LLDP-MED standards compatibility
LLDP operating rules
Port trunking
IP address advertisements
Spanning-tree blocking
802.1X blocking
Configuring LLDP operation
Displaying the global LLDP, port admin, and SNMP notification status (CLI)
Configuring Global LLDP Packet Controls
Configuring SNMP notification support
Configuring per-port transmit and receive modes (CLI)
Basic LLDP per-port advertisement content
Support for port speed and duplex advertisements
Port VLAN ID TLV support on LLDP
Configuring the VLAN ID TLV
Viewing the TLVs advertised
SNMP support
LLDP-MED (media-endpoint-discovery)
LLDP-MED endpoint support
LLDP-MED endpoint device classes
LLDP-MED operational support
LLDP-MED fast start control
Advertising device capability, network policy, PoE status and location data
Location data for LLDP-MED devices
Viewing switch information available for outbound advertisements
Displaying the current port speed and duplex configuration on a switch port
Viewing advertisements currently in the neighbors MIB
Displaying LLDP statistics
LLDP Operating Notes
Neighbor maximum
LLDP packet forwarding
One IP address advertisement per port
802.1Q VLAN Information
Effect of 802.1X Operation
Neighbor data can remain in the neighbor database after the neighbor is disconnected
Mandatory TLVs
LLDP and CDP data management
LLDP and CDP neighbor data
CDP operation and commands
Viewing the current CDP configuration of the switch
Viewing the current CDP neighbors table of the switch
Enabling and Disabling CDP Operation
Enabling or disabling CDP operation on individual ports
Filtering CDP information
Configuring the switch to filter untagged traffic
Displaying the configuration
Filtering PVID mismatch log messages
Zero Touch Provisioning with AirWave and Central
Zero Touch Provisioning
ZTP with AirWave
DHCP-based ZTP with AirWave
Configuring DHCP-based ZTP with AirWave
DHCP server configuration for DHCP based ZTP
Limitations
Best Practices
Configure AirWave details manually
amp-server
debug ztp
Stacking support
Disabling ZTP
Image Upgrade
Using SNMPv3 in AirWave Template
Troubleshooting
AMP server messages
Activate based ZTP with AirWave
Configuring Activate-based ZTP with AirWave
ZTP with Aruba Central
LED behavior during connectivity loss
Aruba Central Configuration manually
aruba-central
Activating ArubaOS-Switch Firmware Integration
activate software-update enable
activate software-update check
activate software-update update
activate provision force
show activate software-update
Show activate provision
Troubleshooting
Show aruba-central
Error reason for Aruba Central
debug ztp
Error Reason log for Activate Provision
Stacking support
Fault finder switch events
interface device-type network-device
HTTP Proxy support with ZTP overview
e Proxy Configuration
proxy server
proxy exception ip | host
show proxy config
LACP-MAD
LACP-MAD Passthrough commands
Configuration command
show commands
clear command
LACP-MAD overview
File Transfers
Overview
Downloading switch software
General software download rules
Using TFTP to download software from a server
Troubleshooting TFTP download failures
Downloading from a server to flash using TFTP (CLI)
Using SCP and SFTP
Enabling SCP and SFTP
Disabling TFTP and auto-TFTP for enhanced security
Enabling SSH V2 (required for SFTP)
Authentication
SCP/SFTP operating notes
Troubleshooting SSH, SFTP, and SCP operations
Using Xmodem to download switch software from a PC or UNIX workstation
Downloading to primary or secondary flash using Xmodem and a terminal emulator (CLI)
Switch-to-switch download
Downloading the OS from another switch (CLI)
Using AirWave to update switch software
Copying software images
TFTP: Copying a software image to a remote host (CLI)
Xmodem: Copying a software image from the switch to a serially connected PC or UNIX workstation (CLI)
Transferring switch configurations
TFTP: Copying a configuration file to a remote host (CLI)
TFTP: Copying a configuration file from a remote host (CLI)
TFTP: Copying a customized command file to a switch (CLI)
Xmodem: Copying a configuration file to a serially connected PC or UNIX workstation (CLI)
Xmodem: Copying a configuration file from a serially connected PC or UNIX workstation (CLI)
Monitoring and Analyzing Switch Operation
Overview
Accessing port and trunk group statistics
show interfaces
Reset port counters
clear statistics
MAC address tables
MAC address views and searches
show mac-address
Using the menu to view and search MAC addresses
Finding the port connection for a specific device on a VLAN
Viewing and searching port-level MAC addresses
Determining whether a specific device is connected to the selected port
MSTP data
show spanning-tree
IP IGMP status
show ip igmp
VLAN information
show vlan
Configuring a source switch in a local mirroring session
Viewing all mirroring session configured on the switch
Using the Menu to configure local mirroring
Menu and WebAgent limits
High-level overview of the mirror configuration process
Determine the mirroring session and destination
For a local mirroring session
Configure the monitored traffic in a mirror session
Troubleshooting traffic mirroring
Troubleshooting
Overview
Troubleshooting approaches
Browser or Telnet access problems
Cannot access the WebAgent
Cannot Telnet into the switch console from a station on the network
Unusual network activity
General problems
The network runs slow; processes fail; users cannot access servers or other devices
Duplicate IP addresses
Duplicate IP addresses in a DHCP network
The switch has been configured for DHCP/Bootp operation, but has not received a DHCP or Bootp reply
802.1Q Prioritization problems
Ports configured for non-default prioritization (level 1 to 7) are not performing the specified action
Addressing ACL problems
ACLs are properly configured and assigned to VLANs, but the switch is not using the ACLs to filter IP layer 3 packets
The switch does not allow management access from a device on the same VLAN
Error (Invalid input) when entering an IP address
Apparent failure to log all "deny" matches
The switch does not allow any routed access from a specific host, group of hosts, or subnet
The switch is not performing routing functions on a VLAN
Routing through a gateway on the switch fails
IGMP-related problems
IP multicast (IGMP) traffic that is directed by IGMP does not reach IGMP hosts or a multicast router connected to a port
IP multicast traffic floods out all ports; IGMP does not appear to filter traffic
LACP-related problems
Unable to enable LACP on a port with the interface <port-number> lacp command
Port-based access control (802.1X)-related problems
The switch does not receive a response to RADIUS authentication requests
The switch does not authenticate a client even though the RADIUS server is properly configured and providing a response to the authentication request
During RADIUS-authenticated client sessions, access to a VLAN on the port used for the client sessions is lost
The switch appears to be properly configured as a supplicant, but cannot gain access to the intended authenticator port on the switch to which it is connected
The supplicant statistics listing shows multiple ports with the same authenticator MAC address
The show port-access authenticator <port-list> command shows one or more ports remain open after they have been configured with control unauthorized
RADIUS server fails to respond to a request for service, even though the server's IP address is correctly configured in the switch
The authorized MAC address on a port that is configured for both 802.1X and port security either changes or is re-acquired after execution of aaa port-access authenticator <port-list> initialize
A trunked port configured for 802.1X is blocked
QoS-related problems
Loss of communication when using VLAN-tagged traffic
Radius-related problems
The switch does not receive a response to RADIUS authentication requests
RADIUS server fails to respond to a request for service, even though the server's IP address is correctly configured in the switch
MSTP and fast-uplink problems
Broadcast storms appearing in the network
STP blocks a link in a VLAN even though there are no redundant links in that VLAN
Fast-uplink troubleshooting
SSH-related problems
Switch access refused to a client
Executing IP SSH does not enable SSH on the switch
Switch does not detect a client's public key that does appear in the switch's public key file (show ip client-public-key)
An attempt to copy a client public-key file into the switch has failed and the switch lists one of the following messages
Client ceases to respond ("hangs") during connection phase
TACACS-related problems
All users are locked out of access to the switch
No communication between the switch and the TACACS+ server application
Access is denied even though the username/password pair is correct
Unknown users allowed to login to the switch
System allows fewer login attempts than specified in the switch configuration
TimeP, SNTP, or Gateway problems
The switch cannot find the time server or the configured gateway
VLAN-related problems
Monitor port
None of the devices assigned to one or more VLANs on an 802.1Q-compliant switch are being recognized
Link configured for multiple VLANs does not support traffic for one or more VLANs
Duplicate MAC addresses across VLANs
Fan failure
Viewing transceiver information
Viewing information about transceivers (CLI)
MIB support
Viewing transceiver information
Information displayed with the detail parameter
Viewing transceiver information for copper transceivers with VCT support
Testing the Cable
Viewing transceiver information
Using the Event Log for troubleshooting switch problems
Event Log entries
Using the CLI
Clearing Event Log entries
Turning event numbering on
Using log throttling to reduce duplicate Event Log and SNMP messages
Log throttle periods
Example: of event counter operation
Reporting information about changes to the running configuration
Debug/syslog operation
Debug/syslog messaging
Hostname in syslog messages
Logging origin-id
Viewing the identification of the syslog message sender
SNMP MIB
Debug/syslog destination devices
Debug/syslog configuration commands
Configuring debug/syslog operation
Viewing a debug/syslog configuration
Debug command
Debug messages
Debug destinations
Logging command
Configuring a syslog server
Adding a description for a Syslog server
Adding a priority description
Configuring the severity level for Event Log messages sent to a syslog server
Configuring the system module used to select the Event Log messages sent to a syslog server
Enabling local command logging
Operating notes for debug and Syslog
Diagnostic tools
Port auto-negotiation
Ping and link tests
Ping test
Link test
Executing ping or link tests (WebAgent)
Testing the path between the switch and another device on an IP network
Issuing single or multiple link tests
Tracing the route from the switch to a host address
Halting an ongoing traceroute search
A low maxttl causes traceroute to halt before reaching the destination address
If a network condition prevents traceroute from reaching the destination
Viewing switch configuration and operation
Viewing the startup or running configuration file
Viewing the configuration file (WebAgent)
Viewing a summary of switch operational data
Saving show tech command output to a text file
Viewing more information on switch operation
Searching for text using pattern matching with show command
Displaying the information you need to diagnose problems
Restoring the factory-default configuration
Resetting to the factory-default configuration
Using the CLI
Using Clear/Reset
Restoring a flash image
Recovering from an empty or corrupted flash state
DNS resolver
Basic operation
Configuring and using DNS resolution with DNS-compatible commands
Configuring a DNS entry
Using DNS names with ping and traceroute: Example:
Viewing the current DNS configuration
Operating notes
Show Aruba Switch Memory
MAC Address Management
Overview of MAC Address Management
Determining MAC addresses
Viewing the MAC addresses of connected devices
Viewing the switch's MAC address assignments for VLANs configured on the switch
Viewing the port and VLAN MAC addresses
Power-Saving Features
Configuring the savepower LED option
Configuring the savepower port-low-pwr option
Job Scheduler
Overview
Commands
Job at | delay | enable | disable
Show job
Show job <Name>
Configuration backup and restore without reboot
Overview
Benefits of configuration restore without reboot
Recommended scenarios
Use cases
Switching to a new configuration
Rolling back to a stable configuration using job scheduler
Commands used in switch configuration restore without reboot
Configuration backup
cfg-backup
show config files
Configuration restore without reboot
cfg-restore
Force configuration restore
cfg-restore non-blocking
cfg-restore recovery-mode
cfg-restore verbose
cfg-restore config_bkp
Configuration restore with force option
System reboot commands
Configuration restore without force option
show cfg-restore status
Viewing the differences between a running configuration and a backup configuration
Show commands to show the SHA of a configuration
show hash
Scenarios that block the configuration restoration process
Limitations
Blocking of configuration from other sessions
Troubleshooting and support
debug cfg-restore
Virtual Technician
Cisco Discovery Protocol (CDP)
Show cdp traffic
Clear cdp counters
show cdp neighbors detail
Enable/Disable debug tracing for MOCANA code
Debug security
User diagnostic crash via Front Panel Security (FPS) button
Front panel security password-clear
Front-panel-security diagnostic-reset
no front-panel-security diagnostic-reset
Front-panel-security diagnostic-reset clear-button
no front-panel-security diagnostic-reset clear-button
Show front-panel-security
Diagnostic table
FPS Error Log
User initiated diagnostic crash via the serial console
Front-panel-security diagnostic-reset serial-console
no front-panel-security diagnostic-reset serial-console
Serial console error messages
Simplifying Wireless and IoT Deployments
Overview
Auto configuring Aruba APs
Associating a device with a profile
device-profile name
device-profile type
device-profile type device-name
show device-profile
show command device-profile status
show device-profile config
show device-profile status
Default AP Profile
allow-jumbo-frames
Auto configuring IoT Devices
Creating a device identity and associating a device type
show device-identity
device-profile type-device associate
show device-profile config
show device-profile status
Support for Aruba device types
Isolating Rogue APs
Using the Rogue AP Isolation feature
rogue-ap-isolation
rogue-ap-isolation action
rogue-ap-isolation whitelist
clear rogue-ap-isolation
Feature Interactions
L3 MAC
Limitations
Troubleshooting
Switch does not detect the rogue AP TLVs
Show commands
Requirements
Limitations
Feature Interactions
Profile Manager and 802.1X
Profile Manager and LMA/WMA/MAC-AUTH
Profile manager and Private VLANs
MAC lockout and lockdown
LMA/WMA/802.1X/Port-Security
Troubleshooting
Dynamic configuration not displayed when using “show running-config”
The show run command displays non-numerical value for untagged-vlan
Show commands
Websites
Support and other resources
Accessing Hewlett Packard Enterprise Support
Accessing updates
Customer self repair
Remote support
Warranty information
Regulatory information
Documentation feedback
Remote Device Deployment (TR-069)
Introduction
Advantages of TR-069
Zero-touch configuration process
Zero-touch configuration setup and execution
CLI commands
Configuration setup
ACS password configuration
When encrypt-credentials is off
When encrypt-credentials is on
ACS URL configuration
ACS username configuration
CPE configuration
CPE password configuration
When encrypt-credentials is on
When encrypt-credentials is off
CPE username configuration
Enable/disable CWMP
Show commands
CWMP configuration and status query
Event logging
System logging
Status/control commands
Configuration backup and restore without reboot
Glossary
Your browser does not support iframes.