You must enable javascript in order to view this page or you can go
here
to view the webhelp.
Search
Case sensitive
Contents
Search
Loading, please wait ...
Aruba 3810 / 5400R Management and Configuration Guide for ArubaOS-Switch 16.09
Home
About this guide
Applicable products
Switch prompts used in this guide
Time synchronization
NTP
NTP related commands
timesync
ntp
ntp enable
ntp authentication
ntp max-associations
ntp server
ntp server key-id
ntp ipv6-multicast
debug ntp
ntp trap
show ntp servers
show ntp statistics
show ntp status
show ntp authentication
show ntp associations
FQDN support for NTP servers
FQDN support for NTP servers
Elements of time synchronization
Time synchronization protocols
timesync
Setting a time protocol on the switch
The SNTP protocol
Selecting and configuring SNTP
Prerequisites
sntp
Enabling SNTP in Broadcast mode
Configuring SNTP in unicast mode
Viewing SNTP parameters
Viewing SNTP server addresses using the CLI
Enabling SNTP client authentication
Requirements to enable SNTP client authentication
Viewing all SNTP authentication keys that have been configured on the switch
SNTP poll interval
sntp poll-interval
SNTP unicast time polling with multiple SNTP servers
SNTP server priority
sntp server priority
SNTP software version
sntp server <version>
SNTP server address
sntp server <ip-address>
Adding SNTP server addresses
SNTP authentication trusted keys
trusted
Configuration files and the include-credentials command
Configuring the key-identifier, authentication mode, and key-value
sntp authentication
Configuring a key-id as trusted
Associating a key with an SNTP server
sntp server priority
Enabling and disabling SNTP client authentication
Viewing SNTP authentication configuration information
Viewing statistical information for each SNTP server
SNTP messages in the event log
Storing security information in the running-config file
The TimeP Protocol
Enabling TimeP mode
timesync timep
TimeP in DHCP mode
Enabling TimeP for DHCP
TimeP operation in manual mode
timesync timep
ip timep
Current TimeP configuration
show timep
show management
Change from one TimeP server to another
TimeP poll interval
ip timep
Disable time synchronization protocols
Disabling TimeP in manual mode
no ip timep
Disabling time synchronization
no timesync
Disabling timsync using the GUI
Disabling the TimeP mode
no ip timep
Disabling time synchronization without changing the SNTP configuration
timesync
Disabling SNTP mode
Disabling SNTP Mode
no sntp
Deleting an SNTP server
Disabling SNTP by deleting a server
Disabling time synchronization in DHCP mode by disabling the TimeP mode parameter
ip timep
Other time protocol commands
Show management command
show management
Show SNTP command
show sntp
Show TimeP command
show
Resource usage
Viewing current resource usage
showqos
Viewing information on resource usage
When insufficient resources are available
Policy enforcement engine
Usage notes for show resources output
Hardware components
Services
Show services
No parameters
show services
Show services locator
Show services device
show services device
Show Aruba Switch Memory
Requesting a reboot
Services in Operator/Manager/Configure context
Services (operator)
Services (manager)
Services (configure)
Enable or disable devices.
no services
Accessing CLI-passthrough
Show services set locator module
Reloading services module
command name
Connection to the application via a serial port
command name
Shutdown the services module
command name
Transceiver status
Operating notes
show interfaces transceivers
Configuring the type of a module
module type
Clearing the module configuration
Configuring transceivers and modules that have not been inserted
Transceivers
Modules
Clearing the module configuration
show system power-supply
Fans
show system
show system fans
show system power-supply
Fan failures and SNMP traps
System boot diagnostics
show system post
show system post member
show system post vsf member
Port status and configuration
Viewing port status and configuration
show interfaces
Viewing transceiver information
The port VLAN tagged status
Dynamically updating the show interfaces command
command name
Customizing the show interfaces command
show interfaces custom
show interface smartrate
show interface port utilization
Enabling or disabling ports and configuring port mode
interface
Basic USB port commands
usb-port
show usb-port
Enabling or disabling flow control
interface flow-control
Configuring auto-MDIX
interface mdix-mode
show interfaces config
show interfaces brief
Configuring friendly port names
interface name
Configuring a single port name
Configuring the same name for multiple ports
Viewing friendly port names with other port data
show name
show interface
show config
Listing all ports or selected ports with their friendly port names
show name
Including friendly port names in per-port statistics listings
show interface
Searching the configuration for ports with friendly port names
show config
Configuring uni-directional link detection
interface link-keepalive
Enabling UDLD
Changing the keepalive interval
Changing the keepalive retries
Configuring UDLD for tagged ports
Viewing UDLD information
show link-keepalive
clear link-keepalive
Viewing summary information on all UDLD-enabled ports
Viewing detailed UDLD information for specific ports
Port status and Port parameters
Connecting transceivers to fixed-configuration devices
Error messages associated with the show interfaces command
Using pattern matching with the show interfaces custom command
Auto-MDIX configurations
Manual override
About using friendly port names
Configuring and operating rules for friendly port names
Uni-directional link detection (UDLD)
Configuring UDLD
Prerequisites
Uplink Failure Detection
Configuration Guidelines for UFD
UFD enable/disable
uplink-failure-detection
UFD configuration
uplink-failure-detection track
show uplink-failure-detection
Port Shutdown with Broadcast Storm
Configuration Commands
fault-finder broadcast-storm
Viewing broadcast-storm configuration
show fault-finder broadcast-storm
Broadcast-storm event logs
Multicast Storm Control
Overview
fault-finder multicast-storm
fault-finder multicast-storm action
show running-config
show logging
Restrictions
Power over ethernet (PoE/PoE+) operation
PoE
PoE terminology
Planning and implementing a PoE configuration
Power requirements
Assigning PoE ports to VLANs
Applying security features to PoE configurations
Assigning priority policies to PoE traffic
PoE operation
PoE configuration options
PD support
PoE power priority
Assigning PoE priority with two or more modules
About configuring PoE
Disabling or re-enabling PoE port operation
interface
Enabling support for pre-standard devices
power-over-ethernet
Configuring the PoE port priority
interface
Controlling PoE allocation
int
Manually configuring PoE power levels
Detection status: fault
Configuring PoE redundancy (chassis switches only)
power-over-ethernet redundancy
Changing the threshold for generating a power notice
power-over-ethernet slot
Enabling or disabling ports for allocating power using LLDP
int poe-lldp-detect
Enabling PoE detection via LLDP TLV advertisement
lldp config
Negotiating power using the DLL
int poe-lldp-detect
Initiating advertisement of PoE+ TLVs
lldp config
Temporary PoE+ power drop
Viewing PoE when using LLDP information
show lldp config
Viewing the global PoE power status of the switch
show power-over-ethernet
Viewing PoE status on all ports
show power-over-ethernet
Viewing the PoE status on specific ports
show power-over-ethernet
Configuring thresholds for generating a power notice
PoE/PoE+ allocation using LLDP
LLDP with PoE
LLDP with PoE+
PoE+ with LLDP Overview
PoE allocation
Operation note
Port trunking
Port trunking overview
Port trunk connections and configuration
Viewing and configuring port trunk groups
Viewing static trunk type and group for all ports or for selected ports
show trunks
Viewing static LACP and dynamic LACP trunk data
show lacp
Configuring a static trunk or static LACP trunk group
trunk
Removing ports from a static trunk group
no trunk
Enabling dynamic LACP trunk groups
interface lacp active
Remove ports from a dynamic LACP trunk group
no interface lacp
Set the LACP key
lacp
Specifying Minimum Active Links for LACP
lacp min-active-links
lacp enable-timer
show lacp min-active-links
Limitations
Viewing and configuring a static trunk group (Menu)
Enable L4-based trunk load balancing
trunk-load-balance
Viewing trunk load balancing
show trunks
Operating notes
Distributed trunking
Configure ISC ports
switch-interconnect
Configuring distributed trunking ports
trunk
Configuring peer-keepalive links
distributed-trunking
Viewing distributed trunking information
show lacp distributed
show distributed-trunk
Viewing peer-keepalive configuration
Viewing switch interconnect
Port trunk operations
Fault tolerance
Trunk configuration methods
Dynamic LACP trunk
Dynamic LACP Standby Links
Viewing LACP Local Information
Viewing LACP Peer Information
Viewing LACP Counters
Using keys to control dynamic LACP trunk configuration
Static trunk
Operating port trunks
Show port-security log
Static or dynamic trunk group overview
Enabling a dynamic LACP trunk group
Dynamic LACP standby links
Viewing LACP local information
Viewing LACP peer information
Viewing LACP counters
Trunk group operation using LACP
Default port operation
LACP operating notes and restrictions
802.1X (Port-based access control) configured on a port
Port security
Changing trunking methods
Static LACP trunks
Dynamic LACP trunks
VLANs and dynamic LACP
Blocked ports with older devices.
Spanning Tree and IGMP
Half-duplex, different port speeds, or both not allowed in LACP trunks
Dynamic/static LACP interoperation
Trunk group operation using the "trunk" option
Viewing trunk data on the switch
Outbound traffic distribution across trunked links
Trunk load balancing using Layer 4 ports
Distributed trunking overview
Distributed trunking interconnect protocol
Configuring distributed trunking
Configuring peer-keepalive links
Maximum DT trunks and links supported
Forwarding traffic with distributed trunking and spanning tree
Forwarding unicast traffic
Forwarding broadcast, multicast, and unknown traffic
IP routing and distributed trunking
Distributed trunking restrictions
Updating software versions with DT
Port Traffic Controls
ICMP rate-limiting
Guidelines for configuring ICMP rate-limiting
Configuring ICMP rate-limiting
Using both ICMP rate-limiting and all-traffic rate-limiting on the same interface
Viewing the current ICMP rate-limit configuration
Operating notes for ICMP rate-limiting
ICMP rate-limiting trap and Event Log messages
Determining the switch port number used in ICMP port reset commands
Configuring inbound rate-limiting for broadcast and multicast traffic
Operating Notes
Guaranteed minimum bandwidth (GMB)
GMB operation
Impacts of QoS queue configuration on GMB operation
Configuring GMB for outbound traffic
Viewing the current GMB configuration
GMB operating notes
Impact of QoS queue configuration on GMB commands
Rate-limiting Unknown Unicast Traffic
rate-limit unknown-unicast in percent
rate-limit unknown-unicast in kbps
show rate-limit unknown-unicast
Jumbo frames
Operating rules
Jumbo traffic-handling
Configuring jumbo frame operation
Overview
Viewing the current jumbo configuration
Enabling or disabling jumbo traffic on a VLAN
Configuring a maximum frame size
Configuring IP MTU
SNMP implementation
Displaying the maximum frame size
Operating notes for maximum frame size
Troubleshooting
A VLAN is configured to allow jumbo frames, but one or more ports drops all inbound jumbo frames
A non-jumbo port is generating "Excessive undersize/giant frames" messages in the Event Log
Fault Finder
Fault Finder thresholds
Enabling Fault Finder
Configuring for Network Management Applications
Configuring the switch to filter untagged traffic
ignore-untagged-mac
Viewing configuration file change information
show running-config
Minimal interval for successive data change notifications
setmib
Viewing the current port speed and duplex configuration on a switch port
show interfaces
Viewing the configuration
show running-config
RMON advanced management
rmon alarm
Configuring UDLD verify before forwarding
UDLD time delay
Restrictions
UDLD configuration commands
link-keepalive mode
show link-keepalive
RMON generated when user changes UDLD mode
MAC configurations
Configuring the MAC address count option
snmp-server mac-count-notify
Configuring the MAC address table change option
snmp-server mac-notify
Per-port MAC change options for mac-notify
mac-notify traps
Viewing the mac-count-notify option
show mac-count-notify
Viewing mac-notify traps configuration
show mac-notify traps
Configuring sFlow
sflow
sFlow Configuring multiple instances
Viewing sFlow Configuration and Status
show sflow agent
show snmpv3 user
Configuring SNMP
Network security notifications
SNMP traps on running configuration changes
Source IP address for SNMP notifications
Listening mode
Group access levels
SNMPv3 communities
SNMPv2c informs
SNMP notifications
Supported Notifications
Configuring SNMP notifications
SNMPv1 and SNMPv2c Traps
SNMPv3 users
Adding users
SNMP tools for switch management
SNMP management features
SNMPv1 and v2c access to the switch
SNMPv3 access to the switch
Enabling SNMPv3
Configuring users in SNMPv3
snmpv3 user
Switch access from SNMPv3 agents
snmpv3 enable
Restrict access from SNMPv3 agents
snmpv3 only
Restrict non-SNMPv3 agents to read-only access
snmpv3 restricted-access
Operating status of SNMPv3
show snmpv3
Non-SNMPv3 message reception status
show snmpv3 only
Non-SNMPv3 write message status
show snmpv3 restricted-access
Viewing and configuring non-version-3 SNMP communities (Menu)
SNMP trap receiver configuration
snmp-server host
SNMPv2c inform option
snmp-server host
Configuring SNMPv3 notifications (CLI)
SNMPv3 community mapping
snmpv3 community
Running configuration changes and SNMP traps
Startup configuration changes and SNMP traps
snmp-server enable traps startup-config-change
Source IP address for SNMP notifications
snmp-server response-source
snmp-server trap-source
SNMP replies and traps configuration
SNMP notification configuration
show snmp-server
Assign users to groups
snmpv3 group
snmp-server community
Community names and values
Enabling or disabling notification/traps for network security failures and other security events (CLI)
Viewing the current configuration for network security notifications (CLI)
Link-Change Traps
snmp-server enable traps link-change
Viewing SNMP notification configuration (CLI)
Listening mode
snmp-server listen
CDP configuration
CDP mode
cdp moden
CDPv2 for voice transmission
cdp mode pre-standard-voice
CDP operation on individual ports
cdp enable
CDP Operation
cdp run
CDP information filter
CDP switch configuration view
show cdp
CDP neighbors switch table view
show cdp neighbors
LLDP configuration
LLDP and CDP data management
LLDP and CDP neighbor data
CDP operations
LLDP
LLDP operations
Packet boundaries in a network topology
LLDP operation configuration options
Transmit and receive mode
Options for reading LLDP information collected by the switch
LLDP and LLDP-MED standards compatibility
Port trunking
IP address advertisements
Spanning-tree blocking
802.1X blocking
LLDP operation on the switch
Time-to-Live for transmitted advertisements
Delay interval between advertisements
Re-initialize delay interval
SNMP notification support
Changing the minimum interval
Basic LLDP per-port advertisement content
Port VLAN ID TLV support on LLDP
LLDP-MED
LLDP-MED classes
LLDP-MED operational support
Configuring per-port transmit and receive modes
lldp admin-status
Remote management address for outbound LLDP advertisements
lldp config ipAddrEnable
lldp config basicTlvEnable
Port speed and duplex advertisement support
lldp config dot3TlvEnable
Location data for LLDP-MED devices
lldp config medPortLocation
LLDP data change notification for SNMP trap receivers
lldp enable-notification
LLDP operation on the switch
lldp run
LLDP-MED fast start control
lldp fast-start-count
Changing the packet transmission interval
lldp refresh-interval
Changing the time-to-live for transmitted advertisements
lldp holdtime-multiplier
Delay interval
set mib lldpTxDelay.0
Changing the reinitialization delay interval
setmib lldpReinitDelay.0
PVID mismatch log messages
logging filter
Viewing port configuration details
show lldp config
Switch information available for outbound advertisements
show lldp info local-device
LLDP statistics
show lldp stats
Global LLDP, port admin, and SNMP notification status
show lldp config
LLDP-MED connects and disconnects—topology change notification
lldp top-change-notify
Device capability, network policy, PoE status and location data
Network policy advertisements
Policy elements
PoE advertisements
Location data for LLDP-MED devices
Viewing the current port speed and duplex configuration
Viewing LLDP statistics
LLDP over OOBM
LLDP operating notes
Advertisements currently in the neighbors MIB
show lldp info remote-device
PoE advertisements
show lldp info remote-device
show power
Overview
Commands
no lldp config basicTlvEnable management_addr
lldp config
Show commands
TVL configuration
VLAN ID TLV
lldp config dot1T1vEnable
Advertised TLVs
show lldp config
TLVs controlled by medTLvEnable
lldp config medTlvEnable
Generic header ID in configuration file
DHCP auto deployment
Add-Ignore-Tag option
Configuration commands for the add-ignore-tag option
Show logging commands for the add-ignore-tag option
Exclusions
DHCPv4 server
Overview
IP pools
DHCP options
BootP support
Authoritative server and support for DHCP inform packets
Authoritative pools
Authoritative dummy pools
Change in server behavior
DHCPv4 configuration commands
DHCPv4 server
dhcp-server
DHCP address pool name
dhcp-server pool
Authoritative
DHCP client boot file
bootfile-name
DHCP client default router
default-router
DNS IP servers
dns-server
Configure a domain name
domain-name
Configure lease time
lease
NetBIOS WINS servers
NetBIOS node type
net bios-ode-type
Subnet and mask
network
DHCP server options
Configure DHCP server options
IP address range
range
Static bindings
static-bind
TFTP server domain name
tftp-server
Configure the TFTP server address
tftp-server
Number of ping packets
dhcp-server ping
Save DHCP server automatic bindings
dhcp-server database
DHCP server and SNMP notifications
snmp-server enable traps
Conflict logging on a DHCP server
dhcp-server conflict-logging
Enable the DHCP server on a VLAN
dhcp-server
Clear commands
clear dhcp-server conflicts
Reset all DHCP server and BOOTP counters
clear dhcp-server statistics
Delete an automatic address binding
clear dhcp-server statistics
Show commands
show dhcp-server
DHCPv6 snooping and relay
dhcpv6–snooping
dhcpv6 snooping trust
dhcpv6–snooping authorized-server
ddhcpv6–snooping database file
dhcpv6–snooping max-bindings
dhcpv6–relay option 79
snmp-server enable traps dhcpv6-snooping
clear dhcpv6–snooping stats
debug security dhcpv6–snooping
ipv6 source-lockdown ethernet
ipv6 source-binding
snmp-server enable traps dyn-ipv6-lockdown
debug security dynamic-ipv6-lockdown
Show commands for DHCPv6–snooping
show dhcpv6-snooping
show dhcpv6 snooping bindings
show dhcpv6 snooping statistics
show ipv6 source-lockdown
show ipv6 source-lockdown status
show snmp-server traps
show distributed-trunking consistency-parameters global
show distributed-trunking consistency-parameters
show dhcpv6 relay
Zero Touch Provisioning with AirWave and Central
ZTP with AirWave
DHCP-based ZTP with AirWave
Configuring DHCP-based ZTP with AirWave
DHCP server configuration for DHCP based ZTP
Limitations
Best Practices
Configure AirWave details manually
amp-server
debug ztp
Stacking support
Disabling ZTP
Image Upgrade
Using SNMPv3 in AirWave Template
Troubleshooting
AMP server messages
Activate based ZTP with AirWave
Configuring Activate-based ZTP with AirWave
IPsec for AirWave Connectivity
Overview
IPsec for Management Traffic
IPsec Tunnel Establishment
IPsec Tunnel Failures
IPsec tunnel to secondary controller
AirWave IP after discovery
Configuring the Aruba controller
AirWave Controller IP configuration commands
aruba-vpn type
Show commands
show aruba-vpn
show ip route
show interfaces tunnel aruba-vpn
show crypto-ipsec sa
show running-configuration
ZTP with Aruba Central
LED Blink feature
Aruba Central Configuration manually
Activating ArubaOS-Switch Firmware Integration
activate software-update enable
activate software-update check
activate software-update update
activate provision force
show activate software-update
Show activate provision
aruba-central
Troubleshooting
Show aruba-central
Error reason for Aruba Central
debug ztp
Error Reason log for Activate Provision
Stacking support
Fault finder switch events
interface device-type network-device
HTTP Proxy support with ZTP overview
e Proxy Configuration
proxy server
proxy exception ip | host
show proxy config
File transfers
File transfer methods
TFTP
Prerequisites
Downloading switch software
copy tftp flash
boot system flash
reload
Enabling tftp
tftp
Automatic software download from a TFTP server
auto-tftp
Downloading to primary flash using TFTP
Disabling TFTP and auto-TFTP for enhanced security
Enabling SSH V2 (required for SFTP)
Authentication
Troubleshooting SSH, SFTP, and SCP operations
Use USB to transfer files to and from the switch
SCP and SFTP
Enabling SCP and SFTP
Using SCP and SFTP
Xmodem
Downloading software using Xmodem
Prerequisites
Downloading to Flash
Downloading to primary flash using Xmodem (Menu)
USB
Downloading switch software using USB
Enable or disable the USB port
Prerequisites
USB port status
show usb-port
Switch to Switch
Switch-to-switch download
OS download from another switch
copy tftp flash
copy tftp flash os
Copying
Software images
copy flash tftp
copy flash xmodem
Copying using USB
Copying diagnostic data to a remote host, USB device, PC, or UNIX workstation
copy command-output
copy command-log
copy event-log
copy crash-data
copy crash-data (redundant management)
copy crash-log
copy crash-log (redundant management)
copy core-dump (standby module)
copy fdr-log
Copy diagnostic data to a remote host, USB device, PC or UNIX workstation
Transferring
Switch configuration transfer
TFTP
Xmodem
USB
ACL command file transfer
tftp
Xmodem
USB
Switch software download
Switch software download rules
TFTP download failures
Single copy command
copy source
copy crash-files
copy crash-files member
copy crash-files crash-file-options
Monitoring and Analyzing Switch Operation
Switch and network operations
Status and counters data
show system
chassislocate
Chassislocate at startup
Collecting processor data with the task monitor
task-monitor cpu
Switch management address information access
show management
Component information views
show modules
Compatibility mode for v2 zl and zl modules
allow-v2-modules
Port status
show interfaces brief
Accessing port and trunk group statistics
Trunk bandwidth utilization
show interfaces
show interfaces trunk-utilization
Statistic interactions of interface counters
Reset port counters
clear statics
MAC address tables
MAC address views and searches
show mac-address
show mac-add detail
show mac-address <MAC-ADDRESS> detail
Using the menu to view and search MAC addresses
Finding the port connection for a specific device on a VLAN
Viewing and searching port-level MAC addresses
Determining whether a specific device is connected to the selected port
MSTP data
show spanning-tree
IP IGMP status
show ip igmp
VLAN information
show vlan
WebAgent status information
Configuring local mirroring
Local mirroring sessions
Traffic-direction criteria
interface monitor all
interface monitor ip
Mirror policy for inbound traffic
class [ipv4|ipv6]
policy mirror
MAC-based criteria to select traffic
monitor mac
Remote mirroring destination on a remote switch
Remote mirroring destination on a local switch
mirror remote ip
Local mirroring destination on the local switch
mirror port
Monitored traffic
interface
monitor all
service-policy
Configuring local mirroring (Menu)
Destination mirror on a remote switch
mirror endpoint
Source mirror on the local switch
mirror remote ip
Traffic-direction criteria
Configure ACL criteria to select inbound
interface monitor ip access-group
Mirror policy for inbound traffic
class [ipv4|ipv6]
policy mirror
Configuring a destination switch in a remote mirroring session
Configuring a source switch in a local mirroring session
Configuring a source switch in a remote mirroring session
Selecting all traffic on a port interface for mirroring according to traffic direction
Selecting all traffic on a VLAN interface for mirroring according to traffic direction
Configuring a MAC address to filter mirrored traffic on an interface
Configuring classifier-based mirroring
Applying a mirroring policy on a port or VLAN interface
Viewing a classifier-based mirroring configuration
Viewing all mirroring sessions configured on the switch
Viewing the remote endpoints configured on the switch
Viewing the mirroring configuration for a specific session
Viewing a remote mirroring session
Viewing a MAC-based mirroring session
Viewing a local mirroring session
Viewing information on a classifier-based mirroring session
Viewing information about a classifier-based mirroring configuration
Viewing information about a classifier-based mirroring configuration
Viewing information about statistics on one or more mirroring policies
Viewing resource usage for mirroring policies
Viewing the mirroring configurations in the running configuration file
Compatibility mode
Port and trunk group statistics and flow control status
Traffic mirroring overview
Mirroring overview
Mirroring destinations
Mirroring sources and sessions
Mirroring sessions
Mirroring session limits
Selecting mirrored traffic
Mirrored traffic destinations
Local destinations
Remote destinations
Monitored traffic sources
Criteria for selecting mirrored traffic
Mirroring configuration
Remote mirroring endpoint and intermediate devices
Migration to release K.14.01 or greater
Using the Menu to configure local mirroring
Menu and WebAgent limits
Remote mirroring overview
Quick reference to remote mirroring setup
High-level overview of the mirror configuration process
Determine the mirroring session and destination
For a local mirroring session
For a remote mirroring session
Configure a mirroring destination on a remote switch
Configure a destination switch in a remote mirroring session
Configure a mirroring session on the source switch
Configure a source switch in a remote mirroring session
Configure the monitored traffic in a mirror session
Traffic selection options
Mirroring-source restrictions
About selecting all inbound/outbound traffic to mirror
Untagged mirrored packets
About using SNMP to configure no-tag-added
Operating notes
About selecting inbound traffic using an ACL (deprecated)
About selecting inbound/outbound traffic using a MAC address
About selecting inbound traffic using advanced classifier-based mirroring
Classifier-based mirroring configuration
Classifier-based mirroring restrictions
About applying multiple mirroring sessions to an interface
Mirroring configuration examples
Maximum supported frame size
Enabling jumbo frames to increase the mirroring path MTU
Effect of downstream VLAN tagging on untagged, mirrored traffic
Operating notes for traffic mirroring
Troubleshooting traffic mirroring
Virtual Technician
Cisco Discovery Protocol (CDP)
show cdp traffic
clear cdp counters
show cdp neighbors detail
Enable/Disable debug tracing for MOCANA code
debug security
User diagnostic crash via Front Panel Security (FPS) button
front-panel-security password-clear
front-panel-security diagnostic-reset
show front-panel-security
Diagnostic table
FPS Error Log
User initiated diagnostic crash via the serial console
front-panel-security diagnostic-reset serial-console
Serial console error messages
Troubleshooting
Overview
Troubleshooting approaches
Browser or Telnet access problems
Cannot access the WebAgent
Cannot Telnet into the switch console from a station on the network
Unusual network activity
General problems
The network runs slow; processes fail; users cannot access servers or other devices
Duplicate IP addresses
Duplicate IP addresses in a DHCP network
The switch has been configured for DHCP/Bootp operation, but has not received a DHCP or Bootp reply
802.1Q Prioritization problems
Ports configured for non-default prioritization (level 1 to 7) are not performing the specified action
Addressing ACL problems
ACLs are properly configured and assigned to VLANs, but the switch is not using the ACLs to filter IP layer 3 packets
The switch does not allow management access from a device on the same VLAN
Error (Invalid input) when entering an IP address
Apparent failure to log all "deny" matches
The switch does not allow any routed access from a specific host, group of hosts, or subnet
The switch is not performing routing functions on a VLAN
Routing through a gateway on the switch fails
IGMP-related problems
IP multicast (IGMP) traffic that is directed by IGMP does not reach IGMP hosts or a multicast router connected to a port
IP multicast traffic floods out all ports; IGMP does not appear to filter traffic
LACP-related problems
Unable to enable LACP on a port with the interface <port-number> lacp command
Port-based access control (802.1X)-related problems
The switch does not receive a response to RADIUS authentication requests
The switch does not authenticate a client even though the RADIUS server is properly configured and providing a response to the authentication request
During RADIUS-authenticated client sessions, access to a VLAN on the port used for the client sessions is lost
The switch appears to be properly configured as a supplicant, but cannot gain access to the intended authenticator port on the switch to which it is connected
The supplicant statistics listing shows multiple ports with the same authenticator MAC address
The show port-access authenticator <port-list> command shows one or more ports remain open after they have been configured with control unauthorized
RADIUS server fails to respond to a request for service, even though the server's IP address is correctly configured in the switch
The authorized MAC address on a port that is configured for both 802.1X and port security either changes or is re-acquired after execution of aaa port-access authenticator <port-list> initialize
A trunked port configured for 802.1X is blocked
QoS-related problems
Loss of communication when using VLAN-tagged traffic
Radius-related problems
The switch does not receive a response to RADIUS authentication requests
RADIUS server fails to respond to a request for service, even though the server's IP address is correctly configured in the switch
MSTP and fast-uplink problems
Broadcast storms appearing in the network
STP blocks a link in a VLAN even though there are no redundant links in that VLAN
Fast-uplink troubleshooting
SSH-related problems
Switch access refused to a client
Executing IP SSH does not enable SSH on the switch
Switch does not detect a client's public key that does appear in the switch's public key file (show ip client-public-key)
An attempt to copy a client public-key file into the switch has failed and the switch lists one of the following messages
Client ceases to respond ("hangs") during connection phase
TACACS-related problems
All users are locked out of access to the switch
No communication between the switch and the TACACS+ server application
Access is denied even though the username/password pair is correct
Unknown users allowed to login to the switch
System allows fewer login attempts than specified in the switch configuration
TimeP, SNTP, or Gateway problems
The switch cannot find the time server or the configured gateway
VLAN-related problems
Monitor port
None of the devices assigned to one or more VLANs on an 802.1Q-compliant switch are being recognized
Link configured for multiple VLANs does not support traffic for one or more VLANs
Duplicate MAC addresses across VLANs
Mitigating flapping transceivers
Fault Finder thresholds
Viewing transceiver information
Viewing information about transceivers (CLI)
MIB support
Viewing transceiver information
Information displayed with the detail parameter
Viewing transceiver information for copper transceivers with VCT support
Testing the Cable
Using the Event Log for troubleshooting switch problems
Using the Menu
Using the CLI
Clearing Event Log entries
Turning event numbering on
Using log throttling to reduce duplicate Event Log and SNMP messages
Log throttle periods
Example: of event counter operation
Reporting information about changes to the running configuration
Debug/syslog operation
Debug/syslog messaging
Hostname in syslog messages
Logging origin-id
Viewing the identification of the syslog message sender
SNMP MIB
Debug/syslog destination devices
Debug/syslog configuration commands
Configuring debug/syslog operation
Viewing a debug/syslog configuration
Debug command
Debug messages
Debug destinations
Logging command
Configuring a syslog server
Adding a description for a Syslog server
Adding a priority description
Configuring the severity level for Event Log messages sent to a syslog server
Configuring the system module used to select the Event Log messages sent to a syslog server
Enabling local command logging
Operating notes for debug and Syslog
Diagnostic tools
Port auto-negotiation
Ping and link tests
Ping test
Link test
Executing ping or link tests (WebAgent)
Testing the path between the switch and another device on an IP network
Issuing single or multiple link tests
Tracing the route from the switch to a host address
Halting an ongoing traceroute search
A low maxttl causes traceroute to halt before reaching the destination address
If a network condition prevents traceroute from reaching the destination
Viewing switch configuration and operation
Viewing the startup or running configuration file
Viewing the configuration file (WebAgent)
Viewing a summary of switch operational data
Saving show tech command output to a text file
Viewing more information on switch operation
Searching for text using pattern matching with show command
Displaying the information you need to diagnose problems
Restoring the factory-default configuration
Resetting to the factory-default configuration
Using the CLI
Using Clear/Reset
Restoring a flash image
Recovering from an empty or corrupted flash state
DNS resolver
Basic operation
Configuring and using DNS resolution with DNS-compatible commands
Configuring a DNS entry
Using DNS names with ping and traceroute: Example:
Viewing the current DNS configuration
Operating notes
Job Scheduler
Job Scheduler
Commands
Job at | delay | enable | disable
Show job
Show job <Name>
Configuration backup and restore without reboot
Overview
Benefits of configuration restore without reboot
Recommended scenarios
Use cases
Switching to a new configuration
Rolling back to a stable configuration using job scheduler
Commands used in switch configuration restore without reboot
Configuration backup
cfg-backup
show config files
Configuration restore without reboot
cfg-restore
Force configuration restore
cfg-restore non-blocking
cfg-restore recovery-mode
cfg-restore verbose
cfg-restore config_bkp
Configuration restore with force option
System reboot commands
Configuration restore without force option
show cfg-restore status
Viewing the differences between a running configuration and a backup configuration
Show commands to show the SHA of a configuration
show hash
Scenarios that block the configuration restoration process
Limitations
Blocking of configuration from other sessions
Troubleshooting and support
debug cfg-restore
Virtual Switching Framework (VSF)
Overview of VSF
Benefits of VSF
Member roles
Commander
Standby
VSF member ID
VSF link
vsf member link
Physical VSF ports
VSF domain ID
VSF split
VSF merge
Member priority
Interface naming conventions
Running-configuration synchronization
VSF deployment methods
Discovered configuration mode procedure
Provisioned configuration mode procedure
Configuration commands
copy core-dump
copy crash-data
copy crash-files
copy crash-log vsf-member
copy fdr-log
erase fdr-log vsf
power-over-ethernet vsf-member
redundancy switchover
snmp-server enable traps vsf
vsf domain
vsf enable
vsf disable
vsf member reboot
vsf member remove
vsf member shutdown
vsf member priority
vsf member type
Show commands
show vsf
show vsf link
show vsf member
show system information vsf member
show system chassislocate
show boot-history
show system temperature
show system fans
show CPU process slot
show modules
show power-over-ethernet
show system power-supply
OOBM-MAD commands
vsf oobm-mad
oobm vsf member
oobm vsf member interface speed-duplex
show oobm vsf member
show oobm ip
show oobm discovery
show running-config oobm
show vsf trunk-designated-forwarder
LLDP-MAD
VSF split and MAD operation
MAD readiness check
vsf lldp-mad ipv4
show vsf lldp-mad
VSF re-join after a split
MAD assist device requirements
Limitations of MAD
VSF restrictions
Dual management modules in a VSF stack
Updates for a VSF virtual chassis
VSF Fast Software Upgrade
Upgrading the VSF stack software
vsf sequenced-reboot
Simplifying Wireless and IoT Deployments
Overview
Auto configuring Aruba APs
Associating a device with a profile
device-profile name
device-profile type
device-profile type device-name
show device-profile
show command device-profile status
show device-profile config
show device-profile status
Default AP Profile
allow-jumbo-frames
Auto configuring IoT Devices
Creating a device identity and associating a device type
show device-identity
device-profile type-device associate
show device-profile config
show device-profile status
Support for Aruba device types
Isolating Rogue APs
Using the Rogue AP Isolation feature
rogue-ap-isolation
rogue-ap-isolation action
rogue-ap-isolation whitelist
clear rogue-ap-isolation
Feature Interactions
L3 MAC
Limitations
Troubleshooting
Switch does not detect the rogue AP TLVs
Show commands
Requirements
Limitations
Feature Interactions
Profile Manager and 802.1X
Profile Manager and LMA/WMA/MAC-AUTH
Profile manager and Private VLANs
MAC lockout and lockdown
LMA/WMA/802.1X/Port-Security
Troubleshooting
Dynamic configuration not displayed when using “show running-config”
The show run command displays non-numerical value for untagged-vlan
Show commands
IP Service Level Agreement
Overview
How IP SLA works
Configuration commands
no ip-sla <ID>
ip-sla <ID> clear
no ip-sla <ID> history-size
no ip-sla <ID> icmp-echo
no ip-sla <ID> udp-echo
no ip-sla <ID> tcp-connect
ip-sla <ID> monitor threshold-config
no ip-sla <ID> monitor packet-loss
no ip-sla <ID> monitor test-completion
no ip-sla <ID> schedule
no ip-sla <ID> tos
no ip-sla responder
no ip-sla <ID> udp-jitter
no ip-sla <ID> udp-jitter-voip
Show commands
show ip-sla <ID>
show ip-sla <ID> history
show ip-sla <ID> message-statistics
show ip-sla <ID> results
show ip-sla <ID> aggregated-results
show ip-sla responder
show ip-sla responder statistics
show tech ip-sla
clear ip-sla responder statistics
Interoperability
IP SLA UDP Jitter and Jitter for VoIP
Overview
Significance of jitter
Solution components
SLA Measurements
Dynamic Segmentation
Definition of Terms
Overview
Benefits of Dynamic Segmentation
Use Cases
Users/Devices and Policy Enforcement Recommendations
Colorless Ports
Port-Based Tunneling
Configuring Port-Based Tunneling
Operating notes
Interaction table
Restrictions
Preventing double tunneling of Aruba Access Points
Preventing double tunneling using device profile
User-Based Tunneling
User Authentication Workflow
How it works
Licensing Requirements
Dependencies
Simplifying User-Based Tunneling with Reserved VLAN
Configuration and show commands
Commands to configure a tunneled node server on the switch
Show commands
Commands to configure VLAN ID in user role
Tunneled Node profile on a Mobility Controller and Cluster
Using User Roles with User-Based Tunneling
User-Based Tunneling in v6 networks
PAPI security
Protocol Application Programming Interface (PAPI)
PAPI configurable secret key
papi-security
Frequently Asked Questions
Cable Diagnostics
Virtual cable testing
Cable diagnostics tests
show cable-diagnostics
clear cable-diagnostics
Limitations
Monitoring Static IP Devices
ip client-tracker
ip client-tracker probe-delay
Network Out-of-Band Management (OOBM)
OOBM concepts
OOBM and switch applications
Example
OOBM Configuration
Entering the OOBM configuration context from the general configuration context
Enabling and disabling OOBM
Enabling and disabling the OOBM port
Setting the OOBM port speed
Configuring an OOBM IPv4 address
Configuring an OOBM IPv4 default gateway
Configuring an IPv6 default gateway for OOBM devices
oobm ipv6 default-gateway
oobm member ipv6 default-gateway
IPv6 default router preferences
ipv6 nd ra router-preference
OOBM show commands
Showing the global OOBM and OOBM port configuration
Showing OOBM IP configuration
Showing OOBM ARP information
show oobm ipv6
show oobm ipv6 (for stacked switches)
show oobm ipv6 member (for stacked switches)
show oobm ip detail (for stacked switches)
Application server commands
Application client commands
Websites
Support and other resources
Accessing Hewlett Packard Enterprise Support
Accessing updates
Customer self repair
Remote support
Warranty information
Regulatory information
Documentation feedback
Chassis Redundancy (5400R Switches)
Overview of chassis management redundancy
Nonstop switching with redundant management modules
How the management modules interact
About using redundant management
Transition from no redundancy to nonstop switching
About setting the rapid switchover stale timer
About directing the standby module to become active
Preferred management module
redundancy active-management
redundancy preferred-active-management
show redunancy
Determining active module
Diagram of the decision process
Hotswapping management modules
Hotswapping out the active management module
Management module switchover
Events that cause a switchover
What happens when switchover occurs
When switchover will not occur
When a management module crashes while the other management module is rebooting
Hotswapping out the active management module
When the standby module is not available
Hotswapping in a management module
Software version mismatch between active and hotswapped module
Other software version mismatch conditions
About turning off redundant management
Disable management module redundancy with two modules present
Disable management module redundancy with only one module present
Active management module commands
Viewing modules
Syncing commands
Using the WebAgent for redundant management
Enabling or disabling redundant management
Transitioning from no redundancy to nonstop switching
Setting the Rapid Switchover Stale Timer
Directing the standby module to become active
Directing the standby module to become active
Setting the active management module for next boot
Resetting the management module
Viewing management information
Viewing information about the management and fabric modules
Viewing information about the redundancy role of each management module
Viewing which software version is in each flash image
Viewing system software image information for both management modules
Viewing the status of the switch and its management modules
Standby management module commands
Viewing redundancy status on the standby module
Viewing the flash information on the standby module
Viewing the version information on the standby module
Setting the default flash for boot
Booting the active management module from the current default flash
boot command
Boot and reload commands with OSPFv2 or OSPFv3 enabled
Modules operating in nonstop mode
Additional commands affected by redundant management
Displaying module events
Viewing log events
Copying crash file information to another file
Viewing saved crash information
Enabling and disabling fabric modules
Nonstop switching features
Nonstop switching with VRRP
Example nonstop routing configuration
Nonstop forwarding with RIP
Nonstop forwarding with OSPFv2 and OSPFv3
Enabling nonstop forwarding for OSPFv2
Configuring restart parameters for OSPFv2
Viewing OSPFv2 nonstop forwarding information
Enabling nonstop forwarding for OSPFv3
About downloading a new software version
File synchronization after downloading
Potential software version mismatches after downloading
Downloading a software version serially if the management module is corrupted
Unsupported zl modules
Hot swapping of management modules
Rapid routing switchover and stale timer
Task Usage Reporting
Help text
process-tracking help
show cpu help
show cpu process help
Command tab
process-tracking
show cpu process
Command ouput
show cpu process
show cpu process slot <SLOT-LIST>
LACP-MAD Passthrough
Overview
LACP-MAD Passthrough Configuration
interface lacp
show lacp
clear lacp statistics
Smart Rate Technology
Show Smart Rate port
Rate-Limiting — GMB features when Fast-Connect SmartRate ports are configured
Error messages
Speed-duplex
Limitations on 5Gbps ports
Error messages
100 Mbps Support on Smart Rate ports
Overview
interface speed-duplex auto-100
show interfaces smartrate
show interface config
show running-config
Downgrade with CLI reboot command
Downgrade without CLI reboot command (power cycle)
Networking 6th Generation Switch ASIC
Introduction
Commands
Configuration setup
V3 to V2 compatibility
allow-v2-modules
show running-config v3-specific
Show commands
Show system
Show system information
Show running configuration
Version 2 — version 3 blade compatibility on the 5400R switch
Allow V2 command
Show commands
MAC Address Management
Overview
Determining MAC addresses
Viewing the MAC addresses of connected devices
Viewing the switch's MAC address assignments for VLANs configured on the switch
Viewing the port and VLAN MAC addresses
Configuration backup and restore without reboot
Smart Rate Technology
Next