Contents
About this document Time Protocols General steps for running a time protocol on the switch Selecting a time synchronization protocol Disabling time synchronization SNTP: Selecting and configuring TimeP: Selecting and configuring SNTP unicast time polling with multiple SNTP servers Operating with multiple SNTP server addresses configured (Menu) SNTP messages in the Event Log Network Time Protocol (NTP)
Port Status and Configuration Viewing port status and configuring port parameters Connecting transceivers to fixed-configuration devices Viewing port configuration (Menu) Viewing port status and configuration (CLI) Customizing the show interfaces command (CLI) Viewing port utilization statistics (CLI) Viewing transceiver status (CLI) Enabling or disabling ports and configuring port mode (CLI) Enabling or disabling flow control (CLI) Configuring a broadcast limit Port shutdown with broadcast storm Configuring auto-MDIX
Using friendly (optional) port names Uni-directional link detection (UDLD)
Power Over Ethernet (PoE/PoE+) Operation Port Trunking Overview of port trunking Port trunk features and operation Trunk configuration methods Viewing and configuring a static trunk group (Menu) Viewing and configuring port trunk groups (CLI) Viewing static trunk type and group for all ports or for selected ports Viewing static LACP and dynamic LACP trunk data Dynamic LACP Standby Links Configuring a static trunk or static LACP trunk group Removing ports from a static trunk group Enabling a dynamic LACP trunk group Removing ports from a dynamic LACP trunk group
Viewing existing port trunk groups (WebAgent) Trunk group operation using LACP Default port operation LACP notes and restrictions 802.1X (Port-based access control) configured on a port Port securityconfigured on a port Changing trunking methods Static LACP trunks Dynamic LACP trunks VLANs and dynamic LACP Blocked ports with older devices Spanning Tree and IGMP Half-duplex, different port speeds, or both not allowed in LACP trunks Dynamic/static LACP interoperation
Trunk group operation using the "trunk" option How the switch lists trunk data Outbound traffic distribution across trunked links
Port Traffic Controls VLAN-based rate-limiting ICMP rate-limiting Guidelines for configuring ICMP rate-limiting Configuring ICMP rate-limiting Using both ICMP rate-limiting and all-traffic rate-limiting on the same interface Viewing the current ICMP rate-limit configuration Operating notes for ICMP rate-limiting ICMP rate-limiting trap and Event Log messages Configuring inbound rate-limiting for broadcast and multicast traffic
Jumbo frames
Fault-Finder port-level link-flap Configuring for Network Management Applications Using SNMP tools to manage the switch SNMP management features SNMPv1 and v2c access to the switch SNMPv3 access to the switch Enabling and disabling switch for access from SNMPv3 agents Enabling or disabling restrictions to access from only SNMPv3 agents Enabling or disabling restrictions from all non-SNMPv3 agents to read-only access Viewing the operating status of SNMPv3 Viewing status of message reception of non-SNMPv3 messages Viewing status of write messages of non-SNMPv3 messages Enabling SNMPv3 SNMPv3 users Group access levels SNMPv3 communities Viewing and configuring non-version-3 SNMP communities (Menu) Listing community names and values (CLI)
SNMP notifications Supported Notifications General steps for configuring SNMP notifications SNMPv1 and SNMPv2c Traps SNMP trap receivers SNMPv2c informs Configuring SNMPv3 notifications (CLI) Network security notifications Enabling Link-Change Traps (CLI) Source IP address for SNMP notifications Viewing SNMP notification configuration (CLI)
Advanced management: RMON CLI-configured sFlow with multiple instances
Configuring UDLD Verify before forwarding LLDP General LLDP operation Packet boundaries in a network topology LLDP operation configuration options Enable or disable LLDP on the switch Enable or disable LLDP-MED Change the frequency of LLDP packet transmission to neighbor devices Change the Time-To-Live for LLDP packets sent to neighbors Transmit and receive mode SNMP notification Per-port (outbound) data options Remote management address Debug logging
Options for reading LLDP information collected by the switch LLDP and LLDP-MED standards compatibility LLDP operating rules Configuring LLDP operation Port VLAN ID TLV support on LLDP LLDP-MED (media-endpoint-discovery) Viewing switch information available for outbound advertisements LLDP Operating Notes LLDP and CDP data management Filtering CDP information Filtering PVID mismatch log messages
Generic header ID in configuration file
Captive Portal for ClearPass ZTP with AirWave Network Management Requirements Best Practices Limitations Switch configuration Configure AirWave details in DHCP (preferred method) Configure AirWave details in DHCP (alternate method) Zero Touch Provisioning Configure a switch using the CLI Stacking and chassis switches Troubleshooting View configuration details amp-server debug ztp
Auto configuration upon Aruba AP detection Link Aggregation Control Protocol—Multi-Active Detection (LACP-MAD) Scalability IP Address VLAN and Routing Maximum Values File Transfers Overview Downloading switch software Copying software images Transferring switch configurations TFTP: Copying a configuration file to a remote host (CLI) TFTP: Copying a configuration file from a remote host (CLI) TFTP: Copying a customized command file to a switch (CLI) Xmodem: Copying a configuration file to a serially connected PC or UNIX workstation (CLI) Xmodem: Copying a configuration file from a serially connected PC or UNIX workstation (CLI)
Copying diagnostic data to a remote host, PC or UNIX workstation
Monitoring and Analyzing Switch Operation Overview Accessing port and trunk group statistics MAC address tables MSTP data IP IGMP status VLAN information Configuring a destination switch in a remote mirroring session Configuring a source switch in a local mirroring session Configuring a source switch in a remote mirroring session Selecting all traffic on a port interface for mirroring according to traffic direction Selecting all traffic on a VLAN interface for mirroring according to traffic direction Configuring a MAC address to filter mirrored traffic on an interface Configuring classifier-based mirroring Viewing a classifier-based mirroring configuration Viewing all mirroring sessions configured on the switch Viewing the remote endpoints configured on the switch Viewing the mirroring configuration for a specific session Viewing a remote mirroring session Viewing a MAC-based mirroring session Viewing a local mirroring session Viewing information on a classifier-based mirroring session Viewing information about a classifier-based mirroring configuration Viewing information about a classifier-based mirroring configuration Viewing resource usage for mirroring policies Viewing the mirroring configurations in the running configuration file Compatibility mode Traffic mirroring overview Mirroring overview Mirroring destinations Mirroring sources and sessions Mirroring sessions Mirrored traffic destinations Monitored traffic sources Criteria for selecting mirrored traffic Mirroring configuration Remote mirroring endpoint and intermediate devices Migration to release K.12.xx Migration to release K.14.01 or greater
Traffic mirroring overview Mirroring overview Mirroring destinations Mirroring sources and sessions Mirroring sessions Mirrored traffic destinations Monitored traffic sources Criteria for selecting mirrored traffic Mirroring configuration Remote mirroring endpoint and intermediate devices Migration to release K.12.xx Migration to release K.14.01 or greater
Using the Menu to configure local mirroring Remote mirroring overview High-level overview of the mirror configuration process About selecting all inbound/outbound traffic to mirror Classifier-based mirroring configuration Maximum supported frame size Effect of downstream VLAN tagging on untagged, mirrored traffic Troubleshooting traffic mirroring Interface monitoring features
Troubleshooting Overview Troubleshooting approaches Browser or Telnet access problems Unusual network activity General problems 802.1Q Prioritization problems Addressing ACL problems ACLs are properly configured and assigned to VLANs, but the switch is not using the ACLs to filter IP layer 3 packets The switch does not allow management access from a device on the same VLAN Error (Invalid input) when entering an IP address Apparent failure to log all "deny" matches The switch does not allow any routed access from a specific host, group of hosts, or subnet The switch is not performing routing functions on a VLAN Routing through a gateway on the switch fails
IGMP-related problems LACP-related problems Port-based access control (802.1X)-related problems The switch does not receive a response to RADIUS authentication requests The switch does not authenticate a client even though the RADIUS server is properly configured and providing a response to the authentication request During RADIUS-authenticated client sessions, access to a VLAN on the port used for the client sessions is lost The switch appears to be properly configured as a supplicant, but cannot gain access to the intended authenticator port on the switch to which it is connected The supplicant statistics listing shows multiple ports with the same authenticator MAC address The show port-access authenticator <port-list> command shows one or more ports remain open after they have been configured with control unauthorized RADIUS server fails to respond to a request for service, even though the server's IP address is correctly configured in the switch The authorized MAC address on a port that is configured for both 802.1X and port security either changes or is re-acquired after execution of aaa port-access authenticator <port-list> initialize A trunked port configured for 802.1X is blocked
QoS-related problems Radius-related problems MSTP and fast-uplink problems SSH-related problems Switch access refused to a client Executing IP SSH does not enable SSH on the switch Switch does not detect a client's public key that does appear in the switch's public key file (show ip client-public-key) An attempt to copy a client public-key file into the switch has failed and the switch lists one of the following messages Client ceases to respond ("hangs") during connection phase
TACACS-related problems Event Log All users are locked out of access to the switch No communication between the switch and the TACACS+ server application Access is denied even though the username/password pair is correct Unknown users allowed to login to the switch System allows fewer login attempts than specified in the switch configuration
TimeP, SNTP, or Gateway problems VLAN-related problems Fan failure
Viewing transceiver information Using the Event Log for troubleshooting switch problems Debug/syslog operation Debug/syslog messaging Hostname in syslog messages Debug/syslog destination devices Debug/syslog configuration commands Configuring debug/syslog operation Debug command Logging command Adding a description for a Syslog server Adding a priority description Configuring the severity level for Event Log messages sent to a syslog server Operating notes for debug and Syslog
Diagnostic tools Viewing switch configuration and operation Restoring the factory-default configuration Restoring a flash image DNS resolver
MAC Address Management Power-Saving Features Job Scheduler Virtual Technician Easing Wired/Wireless Deployment feature integration Local user roles Port QoS Trust Mode Remote Device Deployment (TR-069) Glossary Support and other resources Documentation feedback