HP 5500 Ei 5500 Si Switch Series Configuration Guide
Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 2396
95
# Create a remote source group.
system-view
[DeviceA] mirroring-group 1 remote-source
# Create VLAN 2 as the remote probe VLAN.
[DeviceA] vlan 2
# Disable MAC address learning for the remote probe VLAN.
[DeviceA-vlan2] mac-address mac-learning disable
[DeviceA-vlan2] quit
# Configure VLAN 2 as the remote probe VLAN of the mirroring group; configure GigabitEthernet
1/0/1 as a source port and GigabitEthernet 1/0/ 2 as the egress port in the mirroring group.
[DeviceA] mirroring-group 1...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-2395.png "Page 2396
95
# Create a remote source group.
system-view
[DeviceA] mirroring-group 1 remote-source
# Create VLAN 2 as the remote probe VLAN.
[DeviceA] vlan 2
# Disable MAC address learning for the remote probe VLAN.
[DeviceA-vlan2] mac-address mac-learning disable
[DeviceA-vlan2] quit
# Configure VLAN 2 as the remote probe VLAN of the mirroring group; configure GigabitEthernet
1/0/1 as a source port and GigabitEthernet 1/0/ 2 as the egress port in the mirroring group.
[DeviceA] mirroring-group 1...")
![Page 2397
96
[DeviceC-GigabitEthernet1/0/1] port trunk permit vlan 2
[DeviceC-GigabitEthernet1/0/1] quit
# Create a remote destination group.
[DeviceC] mirroring-group 1 remote-destination
# Create VLAN 2 as the remote probe VLAN.
[DeviceC] vlan 2
# Disable MAC address learning for the remote probe VLAN.
[DeviceC-vlan2] mac-address mac-learning disable
[DeviceC-vlan2] quit
# Configure VLAN 2 as the remote probe VLAN of the mirroring group and GigabitEthernet
1/0/2 as the monitor port of the mirroring...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-2396.png "Page 2397
96
[DeviceC-GigabitEthernet1/0/1] port trunk permit vlan 2
[DeviceC-GigabitEthernet1/0/1] quit
# Create a remote destination group.
[DeviceC] mirroring-group 1 remote-destination
# Create VLAN 2 as the remote probe VLAN.
[DeviceC] vlan 2
# Disable MAC address learning for the remote probe VLAN.
[DeviceC-vlan2] mac-address mac-learning disable
[DeviceC-vlan2] quit
# Configure VLAN 2 as the remote probe VLAN of the mirroring group and GigabitEthernet
1/0/2 as the monitor port of the mirroring...")
![Page 2399
98
Step Command Remarks
2. Create a class and enter class
view. traffic classifier
tcl-name [ operator
{ and | or } ] By default, no traffic class exists.
3.
Configure match criteria.
if-match match-criteria By default, no match criterion is
configured in a traffic class.
For more information about the
traffic classifier and if-match commands, see ACL and QoS Command
Reference .
Configuring traffic mirroring of different types
In a traffic behavior, you can configure only...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-2398.png "Page 2399
98
Step Command Remarks
2. Create a class and enter class
view. traffic classifier
tcl-name [ operator
{ and | or } ] By default, no traffic class exists.
3.
Configure match criteria.
if-match match-criteria By default, no match criterion is
configured in a traffic class.
For more information about the
traffic classifier and if-match commands, see ACL and QoS Command
Reference .
Configuring traffic mirroring of different types
In a traffic behavior, you can configure only...")
![Page 2403
102
[DeviceA-behavior-tech_b] quit
# Create QoS policy tech_p, and associate traffic class tech_c with traffic behavior tech_b in the
QoS policy.
[DeviceA] qos policy tech_p
[DeviceA-qospolicy-tech_p] classifier tech_c behavior tech_b
[DeviceA-qospolicy-tech_p] quit
# Apply QoS policy tech_p to the outgoing packets of GigabitEthernet 1/0/1.
[DeviceA] interface GigabitEthernet 1/0/1
[DeviceA-GigabitEthernet1/0/1] qos apply policy tech_p outbound
[DeviceA-GigabitEthernet1/0/1] quit
2....](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-2402.png "Page 2403
102
[DeviceA-behavior-tech_b] quit
# Create QoS policy tech_p, and associate traffic class tech_c with traffic behavior tech_b in the
QoS policy.
[DeviceA] qos policy tech_p
[DeviceA-qospolicy-tech_p] classifier tech_c behavior tech_b
[DeviceA-qospolicy-tech_p] quit
# Apply QoS policy tech_p to the outgoing packets of GigabitEthernet 1/0/1.
[DeviceA] interface GigabitEthernet 1/0/1
[DeviceA-GigabitEthernet1/0/1] qos apply policy tech_p outbound
[DeviceA-GigabitEthernet1/0/1] quit
2....")
100
Apply a QoS policy globally
You can apply a QoS policy globally to mirror the traffic in a specified direction on all ports.
To apply a QoS policy globally:
Step Command
1. Enter system view.
system-view
2. Apply a QoS policy globally. qos apply policy
policy-name global { inbound |
outbound }
For more information about the qos apply policy command, see ACL and QoS Command Reference .
Apply a QoS policy to the control plane
You can apply a QoS policy to the control plane to mirror the traffic in the inbound direction of the control
plane.
To apply a QoS policy to the control plane:
Step Command
1. Enter system view.
system-view
2. Enter control plane view.
control-plane slot slot-number
3. Apply a QoS policy to the control plane.
qos apply policy policy-name inbound
For more information about the control-plane and qos apply policy commands, see ACL and QoS
Command Reference .
Displaying and maintaining traffic mirroring
Task Command Remarks
Display user-defined traffic
behavior configuration
information. display traffic behavior user-defined
[ behavior-name ] [ | { begin | exclude |
include } regular-expression ] Available in any view
Display user-defined QoS policy
configuration information.
display qos policy user-defined
[ policy-name
[ classifier tcl-name ] ] [ | { begin | exclude |
include } regular-expression ] Available in any view
For more information about the display traffic behavior and display qos policy commands, see ACL and
QoS Command Reference .
101 Traffic mirroring configuration example Traffic mirroring configuration example Network requirements As shown in Figure 37: • Diff erent departments of a company use IP addresses on different subnets. The marketing and technology departments use the IP addresses on subnets 192.168.1.0/24 and 192.168.2.0/24 respectively. The working hour of the company is from 8:00 to 18:00 on weekdays. • Configure traffic mirroring so that the server can monitor the traffic that the technology department sends to access the Internet, and IP traffic that the technology department sends to the marketing department. Figure 37 Network diagram Configuration procedure 1. Monitor the traffic sent by the technolo gy department to access the Internet: # Create ACL 3000 to allow packets from the technology department (on subnet 192.168.2.0/24) to access the Internet. system-view [DeviceA] acl number 3000 [DeviceA-acl-adv-3000] rule permit tcp source 192.168.2.0 0.0.0.255 destination-port eq www [DeviceA-acl-adv-3000] quit # Create traffic class tech_c, and configure the match criterion as ACL 3000. [DeviceA] traffic classifier tech_c [DeviceA-classifier-tech_c] if-match acl 3000 [DeviceA-classifier-tech_c] quit # Create traffic behavior tech_b, and configure the action of mirroring traffic to port GigabitEthernet 1/0/3. [DeviceA] traffic behavior tech_b [DeviceA-behavior-tech_b] mirror-to interface GigabitEthernet 1/0/3
102 [DeviceA-behavior-tech_b] quit # Create QoS policy tech_p, and associate traffic class tech_c with traffic behavior tech_b in the QoS policy. [DeviceA] qos policy tech_p [DeviceA-qospolicy-tech_p] classifier tech_c behavior tech_b [DeviceA-qospolicy-tech_p] quit # Apply QoS policy tech_p to the outgoing packets of GigabitEthernet 1/0/1. [DeviceA] interface GigabitEthernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] qos apply policy tech_p outbound [DeviceA-GigabitEthernet1/0/1] quit 2. Monitor the traffic that the technology de partment sends to the marketing department: # Configure a time range named work to cover the time from 8: 00 to 18: 00 in working days. [DeviceA] time-range work 8:0 to 18:0 working-day # Create ACL 3001 to allow packets sent from the technology department (on subnet 192.168.2.0/24) to the marketing depar tment (on subnet 192.168.1.0/24). [DeviceA] acl number 3001 [DeviceA-acl-adv-3001] rule permit ip source 192.168.2.0 0.0.0.255 desti\ nation 192.168.1.0 0.0.0.255 time-range work [DeviceA-acl-adv-3001] quit # Create traffic class mkt_c, and configure the match criterion as ACL 3001. [DeviceA] traffic classifier mkt_c [DeviceA-classifier-mkt_c] if-match acl 3001 [DeviceA-classifier-mkt_c] quit # Create traffic behavior mkt_b, and configure the action of mirroring traffic to port GigabitEthernet 1/0/3. [DeviceA] traffic behavior mkt_b [DeviceA-behavior-mkt_b] mirror-to interface GigabitEthernet 1/0/3 [DeviceA-behavior-mkt_b] quit # Create QoS policy mkt_p, and associate traffic class mkt_c with traffic behavior mkt_b in the QoS policy. [DeviceA] qos policy mkt_p [DeviceA-qospolicy-mkt_p] classifier mkt_c behavior mkt_b [DeviceA-qospolicy-mkt_p] quit # Apply QoS policy mkt_p to the outgoing packets of GigabitEthernet 1/0/2. [DeviceA] interface GigabitEthernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] qos apply policy mkt_p outbound 3. Verify the configurations. After completing the configurations, through the server , you can monitor all traffic sent by the technology department to access the Internet and the IP traffic that the technology department sends to the marketing department during working hours.
103 Configuring NQA Overview Network Quality Analyzer (NQA) can perform various types of tests and collect network performance and service quality parameters such as delay jitter, time for establishing a TCP connection, time for establishing an FTP connecti on, and file transfer rate. With the NQA test results, you can diagnose an d locate network faults, be aware of network performance in time and take proper actions to correct any problems. NQA features Supporting multiple test types Pi n g u s e s o n l y t h e I n t e r n e t C o n t r o l M e s s a g e P r o t o c o l ( I C M P ) t o t e s t t h e r e a c h a b i l i t y o f t h e d e s t i n a t i o n h o s t and the round-trip time. As an enhancement to pi ng, NQA supports more test types and functions. NQA supports 1 1 test types: ICMP echo, DHCP, DNS, FTP, HTTP, UDP jitter, SNMP, TCP, UDP echo, voice, and DLSw. NQA enables the client to send probe packets of differ ent test types to detect the protocol availability and response time of the peer. Test results help you understand network performance. Supporting the collaboration function Collaboration is implemented by establishing reacti on entries to monitor the detection results of NQA probes. If the number of consecutive probe failures reaches a limit, NQA informs the track module of the detection result, and the track module triggers other application modules to take predefined. Figure 38 Implement collaboration The collaboration comprises the following parts: the application modules, the track module, and the detection modules. • A d e t e c t i o n m o d u l e m o n i t o r s o b j e c t s , s u c h a s t h e link status, and network performance, and informs the track module of detection results. • Upon the detection results, the track module changes the status of the track entry and informs the associated application module. The track module works between the application modules and the detection modules. It hides the differences amon g detection modules from application modules. Track module Application modules Policy-based routing Static routing VRRP NQA reaction entries Detection module
104
• The application module takes actions when the tracked object changes its state.
The following describes how a static ro ute is monitored through collaboration.
1. NQA monitors the reachability to 192.168.0.88.
2. When 192.168.0.88 becomes unreachable, NQA notifies the track module of the change.
3. The track module notifies the state change to the static routing module
4. The static routing module sets the static route as invalid.
For more information about collaboration and the track module, see High Availability Configuration
Guide.
Supporting threshold monitoring
NQA supports threshold monitoring for performance parameters such as average delay jitter and packet
round-trip time. The performance parameters to be monitored are monitored elements. NQA monitors
threshold violations for a monitored element, and reac ts to certain measurement conditions (for example,
sending trap messages to the network management server). This helps network administrators
understand the network service quality and network performance.
• Monitored elements
Table 8 desc
ribes the monitored elements and the NQ A test types in which the elements can be
monitored.
Table 8 Monitored elements and NQA test types
Monitored elements Test t
ype supported
Probe duration Tests excluding UDP jitter test and voice
test
Count of probe failures Tests excluding UDP jitter test and voice
test
Packet round-trip time UDP jitter test and voice test
Count of discarded packets UDP jitter test and voice test
One-way delay jitter (source-to-destination and
destination-to-source) UDP jitter test and voice test
One-way delay (source-to-destination and destination-to-source) UDP jitter test and voice test
Calculated Planning Impairment Factor (ICPIF) (see Configuring
voice
tests ) Voice test
Mean Opinion Scores (MOS) (see Configuring voice tests) Voi ce test
• Threshold types
The following threshol d types are supported:
{ average —Monitors the average value of monitored data in a test. If the average value in a test
exceeds the upper threshold or goes below the lower threshold, a threshold violation occurs.
For example, you can monitor the average probe duration in a test.
{ accumulate—Monitors total number of times the monito red data violates the threshold in a test.
If the total number of times reaches or exceeds a specific value, a threshold violation occurs.
{ consecutive—Monitors the number of consecutive times the monitored data violates the
threshold since the test group starts. If the mo nitored data violates the threshold consecutively
for a specific number of times, a threshold violation occurs.
105
The counting for the average or accumulate thresh old type is performed per test, but the counting
for the consecutive type is perfor med after the test group starts.
• Triggered actions
The following actions may be triggered:
{ none —NQA only records events for terminal display; it does not send trap information to the
network management server. NQA DNS tests do not support the action of sending trap
messages. The action to be triggered in DNS tests can only be the default one, none.
{ trap-only —NQA records events and sends trap mess ages to the network management server.
• Reaction entry
In a reaction entry, a monitored element, a threshold type, and the action to be triggered are
configured to implement threshold monitoring.
The state of a reaction entry can be invalid, over -threshold, or below-threshold, using the following
workflow:
{ Before an NQA test group starts, the reaction entry is in the state of invalid.
{ After each test or probe, threshold violations are counted according to the threshold type and
range configured in the entry. If the threshold is violated consecutively or accumulatively for a
specific number of times, the state of the entry is set to over-threshold; otherwise, the state of the
entry is set to below-threshold.
If the action to be tr iggered is configured as trap-only for a reaction entry, when the state of the
entry changes, a trap message is generated and sent to the network management server.
NQA concepts
Test group
An NQA test group specifies test parameters including the test type, destination address, and destination
port. Each test group is uniquely identified by an administrator name and operation tag. You can
configure and schedule multiple NQA test groups to test different objects.
Test and probe
After the NQA test group starts, tests are performed at a specific interval. During each test, a specific
number of probe operations are performed. Both the test interval and the number of probe operations
per test are configurable. But only one probe operation is performed during one voice test.
In different test types, probe operatio n has the following different meanings:
• During a TCP or DLSw test, one probe operation means setting up one connection.
• During a UDP jitter or a voice test, one probe operation means continuously sending a specific
number of probe packets. The number of probe packets is configurable.
• During an FTP, HTTP, DHCP, or DNS test, one probe operation means uploading or downloading
a file, obtaining a web page, obtaining an IP address through DHCP, or translating a domain
name to an IP address.
• D u r i n g a n I C M P e c h o o r U D P e c h o t e s t, o n e p r o b e operation means sending an ICMP echo request
or a UDP packet.
• During an SNMP test, one probe operation means sending one SNMPv1 packet, one SNMPv2C
packet, and one SNMPv3 packet.
106 NQA client and server A device with NQA test groups configured is an NQA client, and the NQA client initiates NQA tests. An NQA server makes responses to probe packets destined to the specified destination address and port number. Figure 39 Relationship between the NQA client and NQA server Not all test types require the NQA server. Only the TCP, UDP echo, UDP jitter, or voice test requires both the NQA client and server, as shown in Figure 39. Y ou can create multiple TCP or UDP listening services on the NQA server. Each listens to a specific destination address and port number. Make sure the destination IP address and port number for a listening service on the server are the same as those configured for the test group on the NQA client. Each listening service must be unique on the NQA server. NQA probe operation procedure An NQA probe operation involves the following steps: 1. The NQA client constructs probe packets for the specified type of NQA test, and sends them to the peer device. 2. Upon receiving the probe packets, the peer sends back responses with timestamps. 3. The NQA client computes the network performance and service quality parameters, such as the packet loss rate and round-trip time based on the received responses. NQA configuration task list Task Remarks Configuring the NQA server Required for TCP, UDP echo, UDP jitter, and voice tests To perform NQA tests successfully, perform the following configurations on the NQA client: 1. Enable the NQA client. 2. Create a test group and configure test parameters . The test parameters may vary with test types. 3. Configure a schedule for the NQA test group. Complete these tasks to configure NQA client: Task Remarks Enabling the NQA client Required. Creating an NQA test group Required. Configuring an NQA test group Configuring ICMP echo tests Required. Use any of the approac hes. Configuring DHCP tests Configuring DNS tests
107
Task Remarks
Configuring FTP tests
Configuring HTTP tests
Configuring UDP jitter tests
Configuring SNMP tests
Configuring TCP tests
Configuring UDP echo tests
Configuring voice tests
Configuring DLSw tests
Configuring the collaboration function Optional.
Configuring threshold monitoring Optional.
Configuring the NQA statistics collection function Optional.
Configuring the history records saving function Optional.
Configuring optional parameters for an NQA test group Optional.
Configuring a schedule for an NQA test group Required.
Configuring the NQA server
To perform TCP, UDP echo, UDP jitter, or voice tests, configure the NQA server on the peer device. The
NQA server responds to the probe packets sent from the NQA client by listening to the specified
destination address and port number.
To configure the NQA server:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enable the NQA server.
nqa server enable Disabled by default.
3. Configure the listening
service. nqa server
{ tcp-connect |
udp-echo } ip-address
port-number The destination IP address and port
number must be the same as those
configured on the NQA client. A
listening service must be unique on the
NQA server.
4.
Configure the ToS value in
the packets sent by the TCP
or UDP listening service on
the NQA server. nqa server
{ tcp-connect |
udp-echo } tos tos Optional.
By default, the ToS value is 0.
Enabling the NQA client
Configurations on the NQA client take effe
ct only when the NQA client is enabled.
To e n ab l e t h e N Q A cl ie nt :
108 Step Command Remarks 1. Enter system view. system-view N/A 2. Enable the NQA client. nqa agent enable Optional. Enabled by default. Creating an NQA test group Create an NQA test group before you configure NQA tests. To create an NQA test group: Step Command Remarks 1. Enter system view. system-view N/A 2. Create an NQA test group, and enter the NQA test group view. nqa entry admin-name operation-tag In the NQA test group view, you can specify the test type You can use the nqa entry command to enter the test type view of an NQA test group with test type configured. Configuring an NQA test group Configuring ICMP echo tests ICMP echo tests of an NQA test group uses ICMP echo response information to test reachability of a destination host. An ICMP echo test has the same function as the ping command but provides more output information. In addition, you can specify the ne xt hop for ICMP echo tests. ICMP echo tests are used to locate connectivity problems in a network. NQA ICMP echo tests are not supported in IPv6 networks. To test the reachability of an IPv6 address, use the ping ipv6 command. For more information about the command, see Network Management and Monitoring Command Reference. To configure ICMP echo tests: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter NQA test group view. nqa entry admin-name operation-tag N/A 3. Configure the test type as ICMP echo, and enter test type view. type icmp-echo N/A 4. Configure the destination address of ICMP echo requests. destination ip ip-address By default, no destination IP address is configured. 5. Configure the size of the data field in each ICMP echo request. data-size size Optional. 100 bytes by default.
109 Step Command Remarks 6. Configure the string to be filled in the data field of each ICMP echo request. data-fill string Optional. By default, the string is the hexadecimal number 00010203040506070809. 7. Apply ICMP echo tests to the specified VPN. vpn-instance vpn-instance-name Optional. By default, ICMP echo tests apply to the public network. Only the HP 5500 EI Switch Series supports VPN instances. 8. Configure the source interface for ICMP echo requests. source interface interface-type interface-number Optional. By default, no source interface is configured for probe packets. The requests take the IP address of the source interface as their source IP address when no source IP address is specified. The specified source interface must be up; otherwise, no ICMP echo requests can be sent out. 9. Configure the source IP address of ICMP echo requests. source ip ip-address Optional. By default, no source IP address is configured. If you configure both the source ip command and the source interface command, the source ip command takes effect. The source IP address must be the IP address of a local interface. The local interface must be up; otherwise, no ICMP echo requests can be sent out. 10. Configure the next hop IP address of ICMP echo requests. next-hop ip-address Optional. By default, no next hop IP address is configured. 11. Configure optional parameters. See Configuring optional parameters for an NQA test group Optional. Configuring DHCP tests DHCP tests of an NQA test group are used to test if a DHCP server is on the network, and the time for the DHCP server to respond to a client request and assign an IP address to the client. Before you start DHCP tests, configure the DHCP server. If the NQA (DHCP client) and the DHCP server are not in the same network segment, configure a DHCP relay. For the configuration of DHCP server and DHCP relay, see Layer 3 —IP Services Configuration Guide . The interface that performs DHCP tests does not change its IP address. A DHCP test only simulates address allocation in DHCP.