HP 5500 Ei 5500 Si Switch Series Configuration Guide
Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 2344
43
Step Command Remarks
8. Specify a log host and
configure the related
output parameters. info-center loghost
[ vpn-instance
vpn-instance-name ]
{ host-ipv4-address | ipv6
host-ipv6-address } [ port
port-number ] [ dscp dscp-value ]
[ channel { channel-number |
channel-name } | facility
local-number ] * By default, the system does not output
information to a log host. If you
specify to output system information
to a log host, the system uses channel
2 (loghost) by...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-2343.png "Page 2344
43
Step Command Remarks
8. Specify a log host and
configure the related
output parameters. info-center loghost
[ vpn-instance
vpn-instance-name ]
{ host-ipv4-address | ipv6
host-ipv6-address } [ port
port-number ] [ dscp dscp-value ]
[ channel { channel-number |
channel-name } | facility
local-number ] * By default, the system does not output
information to a log host. If you
specify to output system information
to a log host, the system uses channel
2 (loghost) by...")
![Page 2346
45
Step Command Remarks
5. Configure a system
formation output rule for
the SNMP module. info-center source
{ module -name |
default } channel { channel- number |
channel- name } [ debug { level severity
| state state } * | log { level severity |
state state } * | trap { level severity |
state state } * ] * Optional.
See
Default output rules of system
informati
on.
6. Configure the timestamp
format. info-center timestamp
{ debugging |
log | trap } { boot |...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-2345.png "Page 2346
45
Step Command Remarks
5. Configure a system
formation output rule for
the SNMP module. info-center source
{ module -name |
default } channel { channel- number |
channel- name } [ debug { level severity
| state state } * | log { level severity |
state state } * | trap { level severity |
state state } * ] * Optional.
See
Default output rules of system
informati
on.
6. Configure the timestamp
format. info-center timestamp
{ debugging |
log | trap } { boot |...")
40
Task Remarks
Outputting system information to the trap buffer Optional
Outputting system information to the log buffer Optional
Outputting system information to the SNMP module Optional
Outputting system information to the Web interface Optional
Saving security logs into the security log file Optional
Configuring synchronous information output Optional
Disabling an interface from generating link up/down logging information Optional
Outputting system information to the console
This section describes how to output system information to the console.
Configuring a system information output rule for the console
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enable information
center. info-center enable Optional.
Enabled by default.
3.
Name the channel with a
specified channel
number. info-center channel
channel-number
name channel-name Optional.
See
Table 2 for
default channel names.
4. Configure the channel
through which system
information can be
output to the console. info-center console channel
{
channel -number | channel- name }
Optional.
By default, system information is output
to the console through channel 0
(known as console).
5. Configure an output rule
for the console. info-center source
{ module -name |
default } channel { channel- number
| channel -name } [ debug { level
severity | state state } * | log { level
severity | state state } * | trap { level
severity | state state } * ] * Optional.
See
Default output rules of system
informa tion .
6. Configure the timestamp
format. info-center timestamp
{ debugging
| log | trap } { boot | date | none }
Optional.
By default, the timestamp format for
log, trap and debugging information is
date.
Enabling system information output to the console
To enable the display of system information on the console in user view:
41
Step Command Remarks
1. Enable system information
output to the console. terminal monitor Optional.
The default setting is enabled.
2.
Enable the display of system
information on the console.
• Enable the display of
debugging information on the
console:
terminal debugging
• Enable the display of log
information on the console:
terminal logging
• Enable the display of trap
information on the console:
terminal trapping Optional.
By default, the console only
displays log and trap information.
Outputting system information to the monitor
terminal
Monitor terminals refer to terminals that log in to the switch through the VTY user interface.
Configuring a system informatio
n output rule for the monitor
terminal
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enable information
center. info-center enable Optional.
Enabled by default.
3.
Name the channel
with a specified
channel number. info-center channel
channel-number
name channel-name Optional.
See
Table 2 for
default channel names.
4. Configure the channel
through which system
information can be
output to a monitor
terminal. info-center monitor channel
{ channel -number | channel-name }
Optional.
By default, system information is output to
the monitor terminal through channel 1
(known as monitor).
5. Configure a system
information output
rule for the monitor
terminal. info-center source
{ module -name |
default } channel { channel- number
| channel -name } [ debug { level
severity | state state } * | log { level
severity | state state } * | trap { level
severity | state state } * ] * Optional.
See
Default output rules of system
informa
tion .
6. Configure the
timestamp format. info-center timestamp
{ debugging
| log | trap } { boot | date | none }
Optional.
By default, the time stamp format for log,
trap and debugging information is date.
42
Enabling system information output to the monitor terminal
Step Command Remarks
1. Enable the monitoring of
system information on a
monitor terminal. terminal monitor Enabled on the console and
disabled on the monitor terminal by
default.
2.
Enable the display of
system information on the
monitor terminal.
• Enable the display of debugging
information on a monitor terminal:
terminal debugging
• Enable the display of log
information on a monitor terminal:
terminal logging
• Enable the display of trap
information on a monitor terminal:
terminal trapping Optional.
By default, the monitor terminal
displays only the log and trap
information.
Outputting system information to a log host
Step Command Remarks
1.
Enter system view.
system-view N/A
2. Enable information
center. info-center enable Optional.
Enabled by default.
3.
Name the channel with a
specified channel
number. info-center channel
channel-number
name channel-name Optional.
See
Table 2 for
default channel
names.
4. Configure a system
information output rule
for the log host. info-center source
{ module -name |
default } channel { channel- number |
channel- name } [ debug { level
severity | state state } * | log { level
severity | state state } * | trap { level
severity | state state } * ] * Optional.
See
Default output rules of system
informa
tion .
5. Specify the source IP
address for the log
information. info-center loghost source
interface-type interface-number Optional.
By default, the source interface is
determined by the matched route,
and the primary IP address of this
interface is the source IP address of
the log information.
6.
Configure the format of
the time stamp for system
information output to the
log host. info-center timestamp
loghost { date |
iso | no-year-date | none } Optional.
date
by default.
7. Set the format of the
system information sent
to a log host to
UNICOM. info-center format unicom
Optional.
HP
by default.
43
Step Command Remarks
8. Specify a log host and
configure the related
output parameters. info-center loghost
[ vpn-instance
vpn-instance-name ]
{ host-ipv4-address | ipv6
host-ipv6-address } [ port
port-number ] [ dscp dscp-value ]
[ channel { channel-number |
channel-name } | facility
local-number ] * By default, the system does not output
information to a log host. If you
specify to output system information
to a log host, the system uses channel
2 (loghost) by default.
The value of the
port-number
argument should be the same as the
value configured on the log host,
otherwise, the log host cannot
receive system information.
The vpn-instance keyword is
available only on the HP 5500 EI
switch series.
Outputting system information to the trap buffer
The trap buffer only receives trap information, and discards log and debug information.
To output system information to the trap buffer:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enable information center.
info-center enable Optional.
Enabled by default.
3.
Name the channel with a
specified channel number. info-center channel
channel-number
name channel-name Optional.
See
Table 2 for default channel
names.
4. Configure the channel
through which system
information can be output
to the trap buffer and
specify the buffer size. info-center trapbuffer
[ channel
{ channel- number | channel -name } |
size buffersize ] * Optional.
By default, system information is
output to the trap buffer through
channel 3 (known as trapbuffer)
and the default buffer size is 256.
5.
Configure a system
information output rule for
the trap buffer. info-center source
{ module -name |
default } channel { channel- number |
channel- name } [ debug { level
severity | state state } * | log { level
severity | state state } * | trap { level
severity | state state } * ] * Optional.
See
Default output rules of system
informati
on.
6. Configure the timestamp
format. info-center timestamp
{ debugging |
log | trap } { boot | date | none } Optional.
The time stamp format for log, trap
and debugging information is
date
by default.
Outputting system information to the log buffer
The log buffer only receives log information, and discards trap and debug information.
44
To output system information to the log buffer:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enable information
center. info-center enable Optional.
Enabled by default.
3.
Name the channel
with a specified
channel number. info-center channel
channel-number
name channel-name Optional.
See
Table 2 for
default channel names.
4. Configure the channel
through which system
information can be
output to the log buffer
and specify the buffer
size. info-center logbuffer
[ channel
{ channel- number | channel-name } |
size buffersize ] * Optional.
By default, system information is output
to the log buffer through channel 4
(known as logbuffer) and the default
buffer size is 512.
5.
Configure a system
formation output rule
for the log buffer. info-center source
{ module -name |
default } channel { channel- number |
channel- name } [ debug { level
severity | state state } * | log { level
severity | state state } * | trap { level
severity | state state } * ] * Optional.
See
Default output rules of system
informa
tion .
6. Configure the
timestamp format. info-center timestamp
{ debugging |
log | trap } { boot | date | none } Optional.
The time stamp format
for log, trap and
debugging information is date by
default.
Outputting system information to the SNMP module
The SNMP module only receives trap information, and discards log and debug information.
To monitor the device running status, trap information is usually sent to the SNMP network management
system (NMS). For this purpose, you must configure output of traps to the SNMP module, and set the trap
sending parameters for the SNMP module. For more information about SNMP, see Configuring SNMP.
To output system information to the SNMP module:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enable information
center. info-center enable Optional.
Enabled by default.
3.
Name the channel with
a specified channel
number. info-center channel
channel-number
name channel-name Optional.
See
Table 2 for
default channel
names.
4. Configure the channel
through which system
information can be
output to the SNMP
module. info-center snmp channel
{ channel -number | channel-name } Optional.
By default, system information is
output to the SNMP module through
channel 5 (known as snmpagent).
45
Step Command Remarks
5. Configure a system
formation output rule for
the SNMP module. info-center source
{ module -name |
default } channel { channel- number |
channel- name } [ debug { level severity
| state state } * | log { level severity |
state state } * | trap { level severity |
state state } * ] * Optional.
See
Default output rules of system
informati
on.
6. Configure the timestamp
format. info-center timestamp
{ debugging |
log | trap } { boot | date | none } Optional.
The time stamp format for log, trap
and debugging information is
date
by default.
Outputting system information to the Web interface
The Web interface only receives log information, and discards trap and debug information.
This feature allows you to control whether to output system information to the Web interface and, if so,
which system information can be output to the Web interface. The Web interface provides search and
sorting functions. You can view system information by clicking corresponding tabs after logging in to the
device through the Web interface.
To output system information to the Web interface:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enable information
center. info-center enable Optional.
Enabled by default.
3.
Name the channel
with a specified
channel number. info-center channel
channel-number
name channel-name Optional.
See
Table 2 for
default channel names.
4. Configure the
channel through
which system
information can be
output to the Web
interface. info-center syslog channel
{ channel -number | channel-name } Optional.
By default, system information is output
to the Web interface through channel
6.
5.
Configure a system
formation output
rule for the Web
interface. info-center source
{ module-name |
default } channel { channel- number |
channel- name } [ debug { level severity |
state state }* | log { level severity | state
state }* | trap { level severity | state
state }* ]* Optional.
See
Default output rules of system
informa
tion .
6. Configure the
format of the time
stamp. info-center timestamp
{ debugging | log |
trap } { boot | date | none } Optional.
The time stamp format
for log, trap and
debugging information is date by
default.
Saving security logs into the security log file
46 Security logs are very important for locating and troubleshooting network problems. Generally, security logs are output together with other logs. It is difficult to identify security logs among all logs. To solve this problem, you can save security logs into a security log file without affecting the current log output rules. The configuration of this feature and the management of the security log file are separate, and the security log file is managed by a privileged user. After logging in to the device, the administrator can e n a b l e t h e s avi n g s e cu ri t y l o g s i n to t h e s e cu ri t y l o g file and configure related parameters. However, only the privileged user, known as the security log administrator, can perform operations on the security log file. The privileged user must pass AAA local authentication and log in to the device. No other users (including the system administrator) can perf orm operations on the security log file. A security log administrator is a local user who is authorized by AAA to play the security log administrator role. You can authorize a secu rity log administrator by executing the authorization-attribute user-role security-audit command in local user view. The system administrator cannot view, copy, and rename the security log file. If they try, the system displays an % Execution error message. The syst em administrator can view, copy and rename other types of files. For more information about local user and AAA local authentication, see Security Configuration Guide. Saving security logs into the security log file If this feature is enabled, the system first outputs securi t y l o g s t o t h e s e cu ri t y l o g fi l e b u f f e r, a n d t h e n s ave s the logs in the security log file buffer into the security log file at a specified interval (the security log administrator can also manually save security logs into the log file). After the logs are saved, the buffer is cleared immediately. The size of the security log file is limited. When the maximum size is reached, the system deletes the oldest log and writes the new log into the security log file. To avoid security log loss, you can set an alarm threshold for the security log file usage. When the alarm threshold is reached, the system outputs a message to inform the administrator. The administrator can log in to the device as the security log administrator and back up the security log file to prevent the loss of important data. By default, security logs are not saved into the se curity log file. The parameters, such as the saving interval, the maximum size, and the alarm threshold, have default settings. To modify these parameters, log in to the device as the system administrator, and then follow the steps in the following table to configure the related parameters: To save security logs into the security log file: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable the information center. info-center enable Optional. Enabled by default. 3. Enable the saving of the security logs into the security log file. info-center security-logfile enable Disabled by default. 4. Set the frequency with which the system saves the security log file. info-center security-logfile frequency freq-sec Optional. The default value is 600 seconds.
47
Step Command Remarks
5. Set the maximum storage
space reserved for the
security log file. info-center security-logfile
size-quota
size Optional.
The default value is 1 MB.
6.
Set the alarm threshold
of the security log file
usage. info-center security-logfile
alarm-threshold
usage Optional.
80 by default. (That is, when the usage of the
security log file reaches 80%, the system will
inform the user.)
Managing the security log file
After passing the AAA local authentication, the secu
rity log administrator can perform the following
operations:
Task Command Remarks
Display a summary of the
security log file. display security-logfile summary
[ | { begin |
exclude | include } regular-expression ] Optional.
Change the directory where
the security log file is saved. info-center security-logfile switch-directory
dir-name Optional.
By default, the directory to
save the security log file is the
seclog
directory in the root
directory of the storage
medium.
Available in user view.
Display contents of the
security log file buffer. display security-logfile buffer [
| { begin |
exclude | include } regular-expression ] Optional.
Save all the contents in the
security log file buffer into
the security log file. security-logfile save Optional.
By default, the system
automatically saves the
security log file at a frequency
configured by the
info-center
security-logfile frequency
command into a directory
configured by the info-center
security-logfile
switch-directory command.
Available in user view.
48
Task Command Remarks
Perform these operations on
the security log file.
• Display the contents of the specified file:
more file -url
• Display information about all files and
folders:
dir [ / all ] [ file -url ]
• Create a folder under a specified directory
on the storage medium:
mkdir directory
• Change the current working directory:
cd { directory | .. | / }
• Display the current path:
pwd
• Move a specified file from a storage
medium to the recycle bin:
delete [ /unreserved ] file-url
• Remove a folder:
rmdir director y
• Format a storage medium:
format device
• Restore a file from the Recycle Bin:
undelete file-url Optional.
Available in user view
For more information about
these commands, see
Fundamentals Command
Reference
.
Uploading the security log
file to the SFTP server.
• Establish an SFTP connection in an IPv4
network:
sftp server [ port-number ] [ vpn-instance
vpn-instance-name ] [ identity-key { dsa |
rsa } | prefer-ctos-cipher { 3des | aes128 |
des } | prefer-ctos-hmac { md5 | md5-96 |
sha1 | sha1-96 } | prefer-kex
{ dh-group-exchange | dh-group1 |
dh-group14 } | prefer-stoc-cipher { 3des |
aes128 | des } | prefer-stoc-hmac { md5 |
md5-96 | sha1 | sha1-96 } ] *
• Establish an SFTP connection in an IPv6
network:
sftp server [ port-number ] [ vpn-instance
vpn-instance-name ] [ identity-key { dsa |
rsa } | prefer-ctos-cipher { 3des | aes128 |
des } | prefer-ctos-hmac { md5 | md5-96 |
sha1 | sha1-96 } | prefer-kex
{ dh-group-exchange | dh-group1 |
dh-group14 } | prefer-stoc-cipher { 3des |
aes128 | des } | prefer-stoc-hmac { md5 |
md5-96 | sha1 | sha1-96 } ] *
• Upload a file on the client to the remote
SFTP server:
put localfile [ remotefile ]
• Download a file from a remote SFTP server
and save it:
get remotefile [ localfile ]
• For all other operations supported by the
d evi c e a c t i n g a s a n S F T P cl i e n t, s e e Security
Configuration Guide. Optional.
The
sftp commands are
available in user view; the
other commands are
available in SFTP client view.
For more information about
these commands, see Security
Command Reference .
The vpn-instance keyword is
available only on the HP
5500 EI switch.
49 Configuring synchronous information output The output of system logs interrupts ongoing configuration operations, and you have to find the previously input commands before the logs. Synchronous information output can show the previous input after log output and a command prompt in command editing mode, or a [Y/N] string in interaction mode so you can continue your operation from where you were stopped. To enable synchronous information output: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable synchronous information output. info-center synchronous Disabled by default If system information, such as log information, is output before you input any information under the current command line prompt, the system does not display the command line prompt. If system information is output when you are inputting some interactive information (non Y/N confirmation information), the system displays your pr evious input in a new line but does not display the command line prompt. Disabling an interface from generating link up/down logging information By default, all interfaces generate link up or link down log information when the state changes. In some cases, you might want to disable specific interfaces from generating this information. For example: • You are concerned only about the states of some interfaces. In this case, you can use this function to disable other interfaces from generating link up and link down log information. • An interface is unstable and continuously outputs log information. In this case, you can disable the interface from generating link up and link down log information. To disable an interface from generati ng link up/down logging information: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter Layer 3 Ethernet interface view or Layer 2 Ethernet interface view or VLAN interface view. interface interface-type interface-number You can configure an Ethernet interface as a Layer 3 Ethernet interface only on the HP 5500 EI switch. 3. Disable the interface from generating link up or link down logging information. undo enable log updown By default, all interfaces generate link up and link down logging information when the state changes. Use the default setting in normal cases to av oid affecting interface status monitoring.