Aruba 2530 User manual
Aruba 2530 Management and
Configuration Guide for ArubaOS-
Switch 16.05
Part Number: 5200-4207a
Published: April 2018
Edition: 2
© Copyright 2017 Hewlett Packard Enterprise
Notices
The information contained herein is subject to change without notice. The only warranties for Hewlett Packard
Enterprise products and services are set forth in the express warranty statements accompanying such products
and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard
Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or
copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software
Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's
standard commercial license.
Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard Enterprise
has no control over and is not responsible for information outside the Hewlett Packard Enterprise website.
Acknowledgments
Intel®, Itanium®, Pentium®, Intel Inside®, and the Intel Inside logo are trademarks of Intel Corporation in the United
States and other countries.
Microsoft® and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United
States and/or other countries.
Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated.
Java® and Oracle® are registered trademarks of Oracle and/or its affiliates.
UNIX® is a registered trademark of The Open Group.
Chapter 1 About this guide........................................................................... 19
Applicable products..................................................................................................................................19
Switch prompts used in this guide........................................................................................................... 19
Chapter 2 Time Protocols..............................................................................20
General steps for running a time protocol on the switch..........................................................................20
TimeP time synchronization.......................................................................................................... 20
SNTP time synchronization...........................................................................................................20
Selecting a time synchronization protocol................................................................................................21
Disabling time synchronization................................................................................................................ 21
SNTP: Selecting and configuring............................................................................................................. 21
Viewing and configuring SNTP (Menu)......................................................................................... 22
Viewing and configuring SNTP (CLI).............................................................................................24
Configuring (enabling or disabling) the SNTP mode.......................................................... 26
TimeP: Selecting and configuring............................................................................................................ 31
Viewing, enabling, and modifying the TimeP protocol (Menu)...................................................... 31
Viewing the current TimeP configuration (CLI)..............................................................................33
Configuring (enabling or disabling) the TimeP mode......................................................... 34
SNTP unicast time polling with multiple SNTP servers............................................................................37
Displaying all SNTP server addresses configured on the switch (CLI)......................................... 38
Adding and deleting SNTP server addresses............................................................................... 38
Adding addresses...............................................................................................................38
Deleting addresses.............................................................................................................38
Operating with multiple SNTP server addresses configured (Menu)....................................................... 39
SNTP messages in the Event Log........................................................................................................... 39
Network Time Protocol (NTP).................................................................................................................. 39
Commands....................................................................................................................................39
timesync Command.........................................................................................................39
timesync ntp....................................................................................................................... 40
ntp...................................................................................................................................... 40
[no] ntp............................................................................................................................... 40
ntp enable...........................................................................................................................41
ntp authentication............................................................................................................... 41
ntp authentication key-id ................................................................................................... 42
ntp max-association........................................................................................................... 43
ntp server........................................................................................................................... 44
ntp server key-id.................................................................................................................45
ntp ipv6-multicast............................................................................................................... 46
debug ntp........................................................................................................................... 46
ntp trap............................................................................................................................... 47
show ntp statistics.............................................................................................................. 48
show ntp status.................................................................................................................. 48
show ntp associations........................................................................................................ 49
show ntp authentication......................................................................................................50
Validation rules................................................................................................................... 51
Event log messages........................................................................................................... 53
Chapter 3 Port Status and Configuration.....................................................55
Contents
Contents 3
Viewing port status and configuring port parameters...............................................................................55
Connecting transceivers to fixed-configuration devices................................................................ 55
Viewing port configuration (Menu).................................................................................................55
Configuring ports (Menu)....................................................................................................58
Viewing port status and configuration (CLI).................................................................................. 59
Dynamically updating the show interfaces command (CLI/Menu)..................................... 59
Customizing the show interfaces command (CLI).........................................................................60
Error messages associated with the show interfaces command........................................61
Viewing port utilization statistics (CLI)...........................................................................................62
Operating notes for viewing port utilization statistics..........................................................63
Viewing transceiver status (CLI)....................................................................................................63
Operating Notes................................................................................................................. 63
Enabling or disabling ports and configuring port mode (CLI)........................................................ 64
Enabling or disabling flow control (CLI).........................................................................................65
Configuring a broadcast limit.........................................................................................................67
Broadcast-limit....................................................................................................................67
Port shutdown with broadcast storm............................................................................................. 67
Viewing broadcast storm.................................................................................................... 68
SNMP MIB..........................................................................................................................69
Configuring auto-MDIX..................................................................................................................71
Manual override..................................................................................................................72
Configuring auto-MDIX (CLI)..............................................................................................72
Using friendly (optional) port names........................................................................................................ 74
Configuring and operating rules for friendly port names............................................................... 74
Configuring friendly port names (CLI)........................................................................................... 74
Configuring a single port name (CLI)................................................................................. 75
Configuring the same name for multiple ports (CLI)...........................................................75
Displaying friendly port names with other port data (CLI)............................................................. 75
Listing all ports or selected ports with their friendly port names (CLI)................................76
Including friendly port names in per-port statistics listings (CLI)........................................ 77
Searching the configuration for ports with friendly port names (CLI)................................. 77
Uni-directional link detection (UDLD).......................................................................................................78
Configuring UDLD......................................................................................................................... 79
Configuring uni-directional link detection (UDLD) (CLI)..................................................... 79
Enabling UDLD (CLI)..........................................................................................................80
Changing the keepalive interval (CLI)................................................................................ 80
Changing the keepalive retries (CLI)..................................................................................80
Configuring UDLD for tagged ports.................................................................................... 80
Viewing UDLD information (CLI)................................................................................................... 81
Viewing summary information on all UDLD-enabled ports (CLI)........................................81
Viewing detailed UDLD information for specific ports (CLI)................................................82
Clearing UDLD statistics (CLI)........................................................................................... 82
Chapter 4 Power Over Ethernet (PoE/PoE+) Operation..............................84
Introduction to PoE.................................................................................................................................. 84
PoE terminology............................................................................................................................84
Planning and implementing a PoE configuration..................................................................................... 84
Power requirements...................................................................................................................... 84
Assigning PoE ports to VLANs......................................................................................................85
Applying security features to PoE configurations..........................................................................85
Assigning priority policies to PoE traffic........................................................................................ 85
PoE Event Log messages.............................................................................................................85
About PoE operation................................................................................................................................85
Configuration options.................................................................................................................... 86
PD support.................................................................................................................................... 86
4Aruba 2530 Management and Configuration Guide for
ArubaOS-Switch 16.05
Power priority operation................................................................................................................ 87
Configuring PoE operation.......................................................................................................................87
Disabling or re-enabling PoE port operation................................................................................. 87
Enabling support for pre-standard devices................................................................................... 87
Configuring the PoE port priority................................................................................................... 88
Controlling PoE allocation............................................................................................................. 89
Manually configuring PoE power levels........................................................................................ 90
Changing the threshold for generating a power notice................................................................. 92
Cycling power on a port................................................................................................................ 93
PoE/PoE+ allocation using LLDP information..........................................................................................93
LLDP with PoE.............................................................................................................................. 93
Enabling or disabling ports for allocating power using LLDP............................................. 93
Enabling PoE detection via LLDP TLV advertisement........................................................94
LLDP with PoE+............................................................................................................................94
Overview............................................................................................................................ 94
PoE allocation.................................................................................................................... 94
Initiating advertisement of PoE+ TLVs............................................................................... 95
Viewing PoE when using LLDP information....................................................................... 96
Operation note....................................................................................................................97
Viewing the global PoE power status of the switch..................................................................................98
Viewing PoE status on all ports.....................................................................................................99
Viewing the PoE status on specific ports.................................................................................... 101
Chapter 5 Port Trunking.............................................................................. 104
Overview of port trunking....................................................................................................................... 104
Port connections and configuration.............................................................................................104
Port trunk features and operation.......................................................................................................... 105
Fault tolerance ........................................................................................................................... 105
Trunk configuration methods..................................................................................................................105
Dynamic LACP trunk...................................................................................................................105
Static trunk.................................................................................................................................. 106
Viewing and configuring a static trunk group (Menu)............................................................................. 110
Viewing and configuring port trunk groups (CLI)....................................................................................112
Viewing static trunk type and group for all ports or for selected ports......................................... 112
Viewing static LACP and dynamic LACP trunk data................................................................... 113
Dynamic LACP Standby Links.....................................................................................................113
Configuring a static trunk or static LACP trunk group..................................................................114
Removing ports from a static trunk group....................................................................................114
Enabling a dynamic LACP trunk group........................................................................................115
Removing ports from a dynamic LACP trunk group.................................................................... 115
Viewing existing port trunk groups (WebAgent)..................................................................................... 116
Trunk group operation using LACP........................................................................................................ 116
Default port operation..................................................................................................................118
LACP notes and restrictions........................................................................................................119
802.1X (Port-based access control) configured on a port................................................ 120
Port security configured on a port.................................................................................... 120
Changing trunking methods............................................................................................. 120
Static LACP trunks........................................................................................................... 120
Dynamic LACP trunks...................................................................................................... 120
VLANs and dynamic LACP.............................................................................................. 120
Blocked ports with older devices...................................................................................... 121
Spanning Tree and IGMP.................................................................................................121
Half-duplex, different port speeds, or both not allowed in LACP trunks........................... 122
Dynamic/static LACP interoperation.................................................................................122
Trunk group operation using the "trunk" option......................................................................................122
Contents 5
How the switch lists trunk data...............................................................................................................122
Outbound traffic distribution across trunked links.................................................................................. 123
Chapter 6 Port Traffic Controls................................................................... 125
VLAN-based rate-limiting....................................................................................................................... 125
ICMP rate-limiting.................................................................................................................................. 125
Guidelines for configuring ICMP rate-limiting..............................................................................126
Configuring ICMP rate-limiting.................................................................................................... 126
Using both ICMP rate-limiting and all-traffic rate-limiting on the same interface.........................127
Viewing the current ICMP rate-limit configuration....................................................................... 128
Operating notes for ICMP rate-limiting........................................................................................128
Notes on testing ICMP rate-limiting..................................................................................129
ICMP rate-limiting trap and Event Log messages.......................................................................130
Determining the switch port number used in ICMP port reset commands....................... 130
Configuring inbound rate-limiting for broadcast and multicast traffic.......................................... 131
Operating Notes............................................................................................................... 132
Jumbo frames........................................................................................................................................ 133
Operating rules............................................................................................................................133
Jumbo traffic-handling...................................................................................................... 134
Configuring jumbo frame operation.............................................................................................135
Overview.......................................................................................................................... 135
Viewing the current jumbo configuration.......................................................................... 135
Enabling or disabling jumbo traffic on a VLAN................................................................. 137
Configuring a maximum frame size.............................................................................................137
Configuring IP MTU..........................................................................................................138
SNMP implementation......................................................................................................138
Displaying the maximum frame size.................................................................................138
Operating notes for maximum frame size........................................................................ 138
Troubleshooting...........................................................................................................................139
A VLAN is configured to allow jumbo frames, but one or more ports drops all inbound
jumbo frames....................................................................................................................139
A non-jumbo port is generating "Excessive undersize/giant frames" messages in the
Event Log......................................................................................................................... 139
Chapter 7 Fault-Finder port-level link-flap................................................. 140
Overview................................................................................................................................................ 140
Fault-finder link-flap .............................................................................................................................. 140
Show fault-finder link-flap.......................................................................................................................142
Event Log...............................................................................................................................................143
Restrictions............................................................................................................................................ 143
Chapter 8 Configuring for Network Management Applications...............144
Using SNMP tools to manage the switch...............................................................................................144
SNMP management features......................................................................................................144
SNMPv1 and v2c access to the switch....................................................................................... 145
SNMPv3 access to the switch.....................................................................................................145
Enabling and disabling switch for access from SNMPv3 agents......................................146
Enabling or disabling restrictions to access from only SNMPv3 agents...........................146
Enabling or disabling restrictions from all non-SNMPv3 agents to read-only access...... 146
Viewing the operating status of SNMPv3......................................................................... 146
Viewing status of message reception of non-SNMPv3 messages................................... 146
Viewing status of write messages of non-SNMPv3 messages.........................................146
Enabling SNMPv3............................................................................................................ 146
6Aruba 2530 Management and Configuration Guide for
ArubaOS-Switch 16.05
SNMPv3 users................................................................................................................. 147
Group access levels......................................................................................................... 150
SNMPv3 communities...................................................................................................... 151
Viewing and configuring non-version-3 SNMP communities (Menu)............................... 152
Listing community names and values (CLI)..................................................................... 153
SNMP notifications......................................................................................................................154
Supported Notifications.................................................................................................... 155
General steps for configuring SNMP notifications............................................................155
SNMPv1 and SNMPv2c Traps......................................................................................... 155
SNMP trap receivers........................................................................................................ 156
SNMPv2c informs.............................................................................................................157
Configuring SNMPv3 notifications (CLI)...........................................................................158
Network security notifications...........................................................................................161
Enabling Link-Change Traps (CLI)................................................................................... 163
Source IP address for SNMP notifications....................................................................... 164
Viewing SNMP notification configuration (CLI).................................................................166
Advanced management: RMON................................................................................................. 166
CLI-configured sFlow with multiple instances............................................................................. 167
Configuring sFlow (CLI)....................................................................................................167
Viewing sFlow Configuration and Status (CLI).................................................................168
Configuring UDLD Verify before forwarding...........................................................................................169
UDLD time delay......................................................................................................................... 169
Restrictions.......................................................................................................................170
UDLD configuration commands.................................................................................................. 170
Show commands.........................................................................................................................171
RMON generated when user changes UDLD mode................................................................... 171
LLDP...................................................................................................................................................... 171
General LLDP operation............................................................................................................. 172
LLDP-MED....................................................................................................................... 172
Packet boundaries in a network topology................................................................................... 172
LLDP operation configuration options......................................................................................... 173
Enable or disable LLDP on the switch..............................................................................173
Enable or disable LLDP-MED.......................................................................................... 173
Change the frequency of LLDP packet transmission to neighbor devices....................... 173
Change the Time-To-Live for LLDP packets sent to neighbors........................................ 173
Transmit and receive mode.............................................................................................. 173
SNMP notification.............................................................................................................173
Per-port (outbound) data options..................................................................................... 173
Remote management address......................................................................................... 175
Debug logging.................................................................................................................. 175
Options for reading LLDP information collected by the switch....................................................175
LLDP and LLDP-MED standards compatibility........................................................................... 175
LLDP operating rules.................................................................................................................. 176
Port trunking..................................................................................................................... 176
IP address advertisements...............................................................................................176
Spanning-tree blocking.....................................................................................................176
802.1X blocking................................................................................................................176
Configuring LLDP operation........................................................................................................176
Displaying the global LLDP, port admin, and SNMP notification status (CLI).................. 176
Configuring Global LLDP Packet Controls....................................................................... 178
Configuring SNMP notification support............................................................................ 181
Configuring per-port transmit and receive modes (CLI)................................................... 182
Basic LLDP per-port advertisement content.....................................................................182
Support for port speed and duplex advertisements..........................................................184
Port VLAN ID TLV support on LLDP........................................................................................... 185
Configuring the VLAN ID TLV...........................................................................................185
Viewing the TLVs advertised............................................................................................ 185
Contents 7
SNMP support.................................................................................................................. 186
LLDP-MED (media-endpoint-discovery)..................................................................................... 187
LLDP-MED endpoint support........................................................................................... 188
LLDP-MED endpoint device classes................................................................................ 188
LLDP-MED operational support....................................................................................... 188
LLDP-MED fast start control.............................................................................................189
Advertising device capability, network policy, PoE status and location data.................... 189
Location data for LLDP-MED devices.............................................................................. 192
Viewing switch information available for outbound advertisements............................................ 196
Displaying the current port speed and duplex configuration on a switch port.................. 197
Viewing advertisements currently in the neighbors MIB...................................................198
Displaying LLDP statistics................................................................................................ 199
LLDP Operating Notes................................................................................................................ 201
Neighbor maximum.......................................................................................................... 201
LLDP packet forwarding................................................................................................... 201
One IP address advertisement per port........................................................................... 201
802.1Q VLAN Information................................................................................................ 201
Effect of 802.1X Operation............................................................................................... 201
Neighbor data can remain in the neighbor database after the neighbor is
disconnected.................................................................................................................... 202
Mandatory TLVs............................................................................................................... 202
LLDP and CDP data management..............................................................................................202
LLDP and CDP neighbor data..........................................................................................202
CDP operation and commands........................................................................................ 203
Viewing the current CDP configuration of the switch........................................................203
Viewing the current CDP neighbors table of the switch....................................................204
Enabling and Disabling CDP Operation........................................................................... 205
Enabling or disabling CDP operation on individual ports................................................. 205
Filtering CDP information............................................................................................................ 205
Configuring the switch to filter untagged traffic.................................................................206
Displaying the configuration............................................................................................. 206
Filtering PVID mismatch log messages...................................................................................... 206
Generic header ID in configuration file...................................................................................................207
Introduction................................................................................................................................. 207
Add-Ignore-Tag option.................................................................................................................207
Configuration commands for the add-ignore-tag option..............................................................208
Show logging commands for the add-ignore-tag option..............................................................208
Exclusions................................................................................................................................... 209
Chapter 9 Captive Portal for ClearPass..................................................... 210
Requirements.........................................................................................................................................210
Best Practices........................................................................................................................................ 211
Limitations.............................................................................................................................................. 211
Features................................................................................................................................................. 211
High Availability........................................................................................................................... 211
Load balancing and redundancy................................................................................................. 211
Captive Portal when disabled................................................................................................................ 212
Disabling Captive Portal..............................................................................................................212
Configuring Captive Portal on CPPM.....................................................................................................212
Import the HP RADIUS dictionary............................................................................................... 212
Create enforcement profiles........................................................................................................213
Create a ClearPass guest self-registration................................................................................. 214
Configure the login delay ........................................................................................................... 215
Configuring the switch............................................................................................................................215
Configure the URL key................................................................................................................216
8Aruba 2530 Management and Configuration Guide for
ArubaOS-Switch 16.05
Configuring a certificate for Captive Portal usage..................................................................................216
Display Captive Portal configuration...................................................................................................... 216
Show certificate information...................................................................................................................217
Troubleshooting..................................................................................................................................... 217
Event Timestamp not working..................................................................................................... 217
Cannot enable Captive Portal..................................................................................................... 217
Unable to enable feature.............................................................................................................218
Authenticated user redirected to login page ...............................................................................218
Unable to configure a URL hash key.......................................................................................... 219
authentication command............................................................................................................. 219
show command........................................................................................................................... 219
Debug command.........................................................................................................................220
Chapter 10 Zero Touch Provisioning with AirWave and Central............. 221
Zero Touch Provisioning........................................................................................................................ 221
ZTP with AirWave.................................................................................................................................. 221
DHCP-based ZTP with AirWave................................................................................................. 221
Configuring DHCP-based ZTP with AirWave................................................................... 221
Limitations................................................................................................................................... 223
Best Practices............................................................................................................................. 223
Configure AirWave details in DHCP (preferred method).............................................................223
Configure AirWave details in DHCP (alternative method)...........................................................228
Configure AirWave details manually........................................................................................... 235
amp-server....................................................................................................................... 236
debug ztp..........................................................................................................................237
Stacking support......................................................................................................................... 237
Disabling ZTP..............................................................................................................................237
Image Upgrade........................................................................................................................... 238
Troubleshooting...........................................................................................................................238
AMP server messages..................................................................................................... 238
Activate based ZTP with AirWave............................................................................................... 238
Configuring Activate-based ZTP with AirWave.................................................................238
ZTP with Aruba Central..........................................................................................................................239
LED behavior during connectivity loss........................................................................................ 241
Aruba Central Configuration manually........................................................................................ 241
aruba-central.................................................................................................................... 241
Troubleshooting...........................................................................................................................242
show aruba-central...........................................................................................................242
debug ztp..........................................................................................................................242
Stacking support......................................................................................................................... 242
Chapter 11 Auto configuration upon Aruba AP detection........................243
Auto device detection and configuration................................................................................................ 243
Requirements..............................................................................................................................243
Limitations................................................................................................................................... 243
Feature Interactions.................................................................................................................... 243
Profile Manager and 802.1X.............................................................................................244
Profile Manager and LMA/WMA/MAC-AUTH...................................................................244
Profile manager and Private VLANs.................................................................................244
Procedure for creating a device identity and associating a device type......................................244
device-profile name.....................................................................................................................245
device-profile type....................................................................................................................... 246
Rogue AP Isolation................................................................................................................................ 247
Limitations................................................................................................................................... 247
Contents 9
Feature Interactions.................................................................................................................... 248
MAC lockout and lockdown ............................................................................................. 248
LMA/WMA/802.1X/Port-Security...................................................................................... 248
L3 MAC............................................................................................................................ 249
Using the Rogue AP Isolation feature......................................................................................... 249
rogue-ap-isolation....................................................................................................................... 250
rogue-ap-isolation action.............................................................................................................250
rogue-ap-isolation whitelist..........................................................................................................251
clear rogue-ap-isolation...............................................................................................................251
Troubleshooting..................................................................................................................................... 252
Dynamic configuration not displayed when using “show running-config”....................................252
Switch does not detect the rogue AP TLVs.................................................................................252
The show run command displays non-numerical value for untagged-vlan...............................252
Show commands.........................................................................................................................253
Validation Rules...........................................................................................................................253
Chapter 12 LACP-MAD.................................................................................256
LACP-MAD commands..........................................................................................................................256
Configuration command.............................................................................................................. 256
show commands......................................................................................................................... 256
clear command............................................................................................................................256
LACP-MAD overview............................................................................................................................. 256
Chapter 13 Scalability IP Address VLAN and Routing Maximum Values
....................................................................................................................... 258
Chapter 14 File Transfers............................................................................ 260
Overview................................................................................................................................................ 260
Downloading switch software.................................................................................................................260
General software download rules................................................................................................260
Using TFTP to download software from a server........................................................................260
Downloading from a server to primary flash using TFTP (Menu).....................................261
Troubleshooting TFTP download failures.........................................................................263
Downloading from a server to flash using TFTP (CLI)..................................................... 264
Using SCP and SFTP................................................................................................................. 265
Enabling SCP and SFTP.............................................................................................................266
Disabling TFTP and auto-TFTP for enhanced security.................................................... 266
Enabling SSH V2 (required for SFTP)..............................................................................268
Authentication...................................................................................................................268
SCP/SFTP operating notes.............................................................................................. 269
Troubleshooting SSH, SFTP, and SCP operations.......................................................... 270
Using Xmodem to download switch software from a PC or UNIX workstation........................... 271
Downloading to primary flash using Xmodem (Menu)......................................................271
Downloading to primary or secondary flash using Xmodem and a terminal emulator
(CLI)................................................................................................................................. 272
Switch-to-switch download..........................................................................................................273
Switch-to-switch download to primary flash (Menu)......................................................... 273
Downloading the OS from another switch (CLI)............................................................... 274
Using AirWave to update switch software................................................................................... 275
Using IMC to update switch software..........................................................................................275
Copying software images.......................................................................................................................275
TFTP: Copying a software image to a remote host (CLI)............................................................275
10 Aruba 2530 Management and Configuration Guide for
ArubaOS-Switch 16.05
Xmodem: Copying a software image from the switch to a serially connected PC or UNIX
workstation (CLI)......................................................................................................................... 276
Transferring switch configurations......................................................................................................... 276
TFTP: Copying a configuration file to a remote host (CLI)..........................................................276
TFTP: Copying a configuration file from a remote host (CLI)......................................................277
TFTP: Copying a customized command file to a switch (CLI).................................................... 277
Xmodem: Copying a configuration file to a serially connected PC or UNIX workstation (CLI)....278
Xmodem: Copying a configuration file from a serially connected PC or UNIX workstation
(CLI)............................................................................................................................................ 278
Copying diagnostic data to a remote host, PC or UNIX workstation .....................................................279
Copying command output to a destination device (CLI)............................................................. 280
Copying Event Log output to a destination device (CLI)............................................................. 280
Copying crash data content to a destination device (CLI)...........................................................280
Chapter 15 Monitoring and Analyzing Switch Operation......................... 282
Overview................................................................................................................................................ 282
Accessing port and trunk group statistics.............................................................................................. 282
show interfaces........................................................................................................................... 282
Reset port counters.....................................................................................................................282
clear statistics...................................................................................................................283
Accessing port and trunk statistics (Menu)................................................................................. 284
MAC address tables...............................................................................................................................284
MAC address views and searches..............................................................................................284
show mac-address........................................................................................................... 284
Using the menu to view and search MAC addresses.......................................................285
Finding the port connection for a specific device on a VLAN........................................... 286
Viewing and searching port-level MAC addresses...........................................................287
Determining whether a specific device is connected to the selected port........................ 287
MSTP data............................................................................................................................................. 287
show spanning-tree.....................................................................................................................288
IP IGMP status.......................................................................................................................................288
show ip igmp............................................................................................................................... 289
VLAN information...................................................................................................................................290
show vlan.................................................................................................................................... 290
Configuring a source switch in a local mirroring session....................................................................... 291
Selecting all traffic on a port interface for mirroring according to traffic direction...................................292
Viewing all mirroring sessions configured on the switch........................................................................293
Viewing the mirroring configuration for a specific session..................................................................... 294
Using the Menu to configure local mirroring.......................................................................................... 295
Menu and WebAgent limits......................................................................................................... 295
High-level overview of the mirror configuration process........................................................................ 295
Determine the mirroring session and destination........................................................................295
For a local mirroring session............................................................................................ 295
Configure the monitored traffic in a mirror session...........................................................295
Classifier-based mirroring configuration................................................................................................ 295
Classifier-based mirroring restrictions.........................................................................................297
Mirroring configuration examples................................................................................................ 298
Maximum supported frame size.............................................................................................................299
Enabling jumbo frames to increase the mirroring path MTU.......................................................299
Effect of downstream VLAN tagging on untagged, mirrored traffic........................................................ 300
Operating notes for traffic mirroring.............................................................................................301
Troubleshooting traffic mirroring............................................................................................................ 303
Interface monitoring features................................................................................................................. 303
Configuring port and static trunk monitoring (Menu)................................................................... 303
Configuring port and static trunk monitoring (CLI)...................................................................... 304
Contents 11
Displaying the monitoring configuration........................................................................... 304
Configuring the monitor port.............................................................................................304
Selecting or removing monitoring source interfaces........................................................ 305
Chapter 16 Troubleshooting........................................................................306
Overview................................................................................................................................................ 306
Troubleshooting approaches..................................................................................................................306
Browser or Telnet access problems....................................................................................................... 307
Cannot access the WebAgent.....................................................................................................307
Cannot Telnet into the switch console from a station on the network......................................... 307
Unusual network activity........................................................................................................................ 308
General problems........................................................................................................................308
The network runs slow; processes fail; users cannot access servers or other devices... 308
Duplicate IP addresses.................................................................................................... 308
Duplicate IP addresses in a DHCP network.....................................................................309
The switch has been configured for DHCP/Bootp operation, but has not received a
DHCP or Bootp reply........................................................................................................309
802.1Q Prioritization problems....................................................................................................309
Ports configured for non-default prioritization (level 1 to 7) are not performing the
specified action.................................................................................................................309
Addressing ACL problems.......................................................................................................... 309
ACLs are properly configured and assigned to VLANs, but the switch is not using the
ACLs to filter IP layer 3 packets....................................................................................... 309
The switch does not allow management access from a device on the same VLAN........ 310
Error (Invalid input) when entering an IP address............................................................ 310
Apparent failure to log all "deny" matches........................................................................311
The switch does not allow any routed access from a specific host, group of hosts, or
subnet...............................................................................................................................311
The switch is not performing routing functions on a VLAN...............................................311
Routing through a gateway on the switch fails................................................................. 311
IGMP-related problems............................................................................................................... 312
IP multicast (IGMP) traffic that is directed by IGMP does not reach IGMP hosts or a
multicast router connected to a port................................................................................. 313
IP multicast traffic floods out all ports; IGMP does not appear to filter traffic................... 313
LACP-related problems...............................................................................................................313
Unable to enable LACP on a port with the interface <port-number> lacp
command .........................................................................................................................313
Port-based access control (802.1X)-related problems................................................................313
The switch does not receive a response to RADIUS authentication requests................. 313
The switch does not authenticate a client even though the RADIUS server is properly
configured and providing a response to the authentication request.................................314
During RADIUS-authenticated client sessions, access to a VLAN on the port used for
the client sessions is lost..................................................................................................314
The switch appears to be properly configured as a supplicant, but cannot gain access
to the intended authenticator port on the switch to which it is connected........................ 314
The supplicant statistics listing shows multiple ports with the same authenticator MAC
address.............................................................................................................................314
The show port-access authenticator <port-list> command shows one
or more ports remain open after they have been configured with control
unauthorized ...............................................................................................................314
RADIUS server fails to respond to a request for service, even though the server's IP
address is correctly configured in the switch....................................................................315
The authorized MAC address on a port that is configured for both 802.1X and port
security either changes or is re-acquired after execution of aaa port-access
authenticator <port-list> initialize ..........................................................315
12 Aruba 2530 Management and Configuration Guide for
ArubaOS-Switch 16.05
A trunked port configured for 802.1X is blocked.............................................................. 315
QoS-related problems................................................................................................................. 315
Loss of communication when using VLAN-tagged traffic................................................. 316
Radius-related problems............................................................................................................. 316
The switch does not receive a response to RADIUS authentication requests................. 316
RADIUS server fails to respond to a request for service, even though the server's IP
address is correctly configured in the switch....................................................................316
MSTP and fast-uplink problems.................................................................................................. 317
Broadcast storms appearing in the network..................................................................... 317
STP blocks a link in a VLAN even though there are no redundant links in that VLAN.....317
Fast-uplink troubleshooting.............................................................................................. 317
SSH-related problems.................................................................................................................317
Switch access refused to a client..................................................................................... 317
Executing IP SSH does not enable SSH on the switch....................................................318
Switch does not detect a client's public key that does appear in the switch's public
key file (show ip client-public-key) ....................................................................318
An attempt to copy a client public-key file into the switch has failed and the switch
lists one of the following messages..................................................................................318
Client ceases to respond ("hangs") during connection phase..........................................318
TACACS-related problems..........................................................................................................318
Event Log......................................................................................................................... 318
All users are locked out of access to the switch...............................................................318
No communication between the switch and the TACACS+ server application................ 319
Access is denied even though the username/password pair is correct............................319
Unknown users allowed to login to the switch..................................................................319
System allows fewer login attempts than specified in the switch configuration................320
TimeP, SNTP, or Gateway problems........................................................................................... 320
The switch cannot find the time server or the configured gateway.................................. 320
VLAN-related problems...............................................................................................................320
Monitor port...................................................................................................................... 320
None of the devices assigned to one or more VLANs on an 802.1Q-compliant switch
are being recognized........................................................................................................320
Link configured for multiple VLANs does not support traffic for one or more VLANs.......320
Duplicate MAC addresses across VLANs........................................................................ 321
Fan failure................................................................................................................................... 321
Viewing transceiver information............................................................................................................. 321
Viewing information about transceivers (CLI)..............................................................................323
MIB support.................................................................................................................................323
Viewing transceiver information.................................................................................................. 323
Information displayed with the detail parameter...............................................................324
Viewing transceiver information for copper transceivers with VCT support................................ 328
Testing the Cable..............................................................................................................328
Using the Event Log for troubleshooting switch problems..................................................................... 330
Event Log entries........................................................................................................................ 330
Using the Menu........................................................................................................................... 338
Using the CLI.............................................................................................................................. 339
Clearing Event Log entries..........................................................................................................340
Turning event numbering on....................................................................................................... 341
Using log throttling to reduce duplicate Event Log and SNMP messages.................................. 341
Log throttle periods...........................................................................................................341
Example: of event counter operation................................................................................342
Reporting information about changes to the running configuration.............................................343
Debug/syslog operation......................................................................................................................... 343
Debug/syslog messaging............................................................................................................ 343
Hostname in syslog messages................................................................................................... 344
Logging origin-id...............................................................................................................344
Contents 13
Viewing the identification of the syslog message sender................................................. 346
SNMP MIB........................................................................................................................348
Debug/syslog destination devices...............................................................................................348
Debug/syslog configuration commands...................................................................................... 349
Configuring debug/syslog operation............................................................................................351
Viewing a debug/syslog configuration.............................................................................. 352
Debug command.........................................................................................................................354
Debug messages............................................................................................................. 354
Debug destinations...........................................................................................................356
Logging command.......................................................................................................................357
Configuring a syslog server..............................................................................................358
Adding a description for a Syslog server.....................................................................................365
Adding a priority description........................................................................................................366
Configuring the severity level for Event Log messages sent to a syslog server......................... 366
Configuring the system module used to select the Event Log messages sent to a
syslog server.................................................................................................................... 367
Operating notes for debug and Syslog........................................................................................367
Diagnostic tools......................................................................................................................................368
Port auto-negotiation...................................................................................................................368
Ping and link tests....................................................................................................................... 368
Ping test........................................................................................................................... 369
Link test............................................................................................................................ 369
Executing ping or link tests (WebAgent)...........................................................................369
Testing the path between the switch and another device on an IP network.....................370
Issuing single or multiple link tests................................................................................... 371
Tracing the route from the switch to a host address................................................................... 371
Halting an ongoing traceroute search.............................................................................. 372
A low maxttl causes traceroute to halt before reaching the destination address............. 373
If a network condition prevents traceroute from reaching the destination........................ 373
Viewing switch configuration and operation...........................................................................................374
Viewing the startup or running configuration file......................................................................... 374
Viewing the configuration file (WebAgent).................................................................................. 374
Viewing a summary of switch operational data........................................................................... 374
Saving show tech command output to a text file.............................................................. 375
Viewing more information on switch operation............................................................................376
Searching for text using pattern matching with show command...................................... 377
Displaying the information you need to diagnose problems........................................................379
Restoring the factory-default configuration............................................................................................ 380
Resetting to the factory-default configuration..............................................................................380
Using the CLI....................................................................................................................380
Using Clear/Reset............................................................................................................ 381
Restoring a flash image......................................................................................................................... 381
Recovering from an empty or corrupted flash state.................................................................... 381
DNS resolver..........................................................................................................................................383
Basic operation........................................................................................................................... 383
Configuring and using DNS resolution with DNS-compatible commands...................................384
Configuring a DNS entry............................................................................................................. 385
Using DNS names with ping and traceroute: Example:.............................................................. 386
Viewing the current DNS configuration....................................................................................... 387
Operating notes...........................................................................................................................388
Event Log messages...................................................................................................................388
Chapter 17 MAC Address Management..................................................... 389
Overview................................................................................................................................................ 389
Determining MAC addresses................................................................................................................. 389
14 Aruba 2530 Management and Configuration Guide for
ArubaOS-Switch 16.05
Viewing the MAC addresses of connected devices............................................................................... 389
Viewing the switch's MAC address assignments for VLANs configured on the switch..........................390
Viewing the port and VLAN MAC addresses...............................................................................391
Chapter 18 Power-Saving Features............................................................ 393
Configuring the savepower LED option................................................................................................. 393
Configuring the savepower port-low-pwr option.....................................................................................393
Chapter 19 Job Scheduler........................................................................... 395
Job Scheduler........................................................................................................................................ 395
Commands.............................................................................................................................................395
Job at | delay | enable | disable ...........................................................................395
Show job..................................................................................................................................... 396
Show job <Name>.......................................................................................................................396
Chapter 20 Configuration backup and restore without reboot................ 398
Overview................................................................................................................................................ 398
Benefits of configuration restore without reboot..........................................................................398
Recommended scenarios...................................................................................................................... 398
Use cases.............................................................................................................................................. 398
Switching to a new configuration.................................................................................................399
Rolling back to a stable configuration using job scheduler......................................................... 400
Commands used in switch configuration restore without reboot............................................................401
Configuration backup............................................................................................................................. 401
cfg-backup...............................................................................................................................402
show config files................................................................................................................402
Configuration restore without reboot .....................................................................................................404
cfg-restore.............................................................................................................................404
Force configuration restore.............................................................................................. 406
cfg-restore non-blocking......................................................................................407
cfg-restore recovery-mode................................................................................... 408
cfg-restore verbose................................................................................................ 410
cfg-restore config_bkp.......................................................................................... 411
Configuration restore with force option....................................................................................... 412
System reboot commands................................................................................................413
Configuration restore without force option.................................................................................. 414
show cfg-restore status...................................................................................................414
Viewing the differences between a running configuration and a backup configuration...............416
Show commands to show the SHA of a configuration........................................................................... 418
show hash.................................................................................................................................418
Scenarios that block the configuration restoration process................................................................... 419
Limitations..............................................................................................................................................419
Blocking of configuration from other sessions.............................................................................419
Troubleshooting and support................................................................................................................. 420
debug cfg-restore................................................................................................................420
Chapter 21 Virtual Technician..................................................................... 421
Cisco Discovery Protocol (CDP)............................................................................................................ 421
Show cdp traffic...........................................................................................................................421
Clear cdp counters...................................................................................................................... 421
Enable/Disable debug tracing for MOCANA code................................................................................. 422
Debug security ........................................................................................................................... 422
Contents 15
User diagnostic crash via Front Panel Security (FPS) button................................................................422
Front panel security password-clear........................................................................................... 422
Front-panel-security diagnostic-reset..........................................................................................423
[no] front-panel-security diagnostic-reset.................................................................................... 423
Front-panel-security diagnostic-reset clear-button......................................................................424
[No] front-panel-security diagnostic-reset clear-button............................................................... 424
Show front-panel-security........................................................................................................... 425
Diagnostic table...........................................................................................................................425
Validation rules............................................................................................................................425
FPS Error Log............................................................................................................................. 425
User initiated diagnostic crash via the serial console............................................................................ 426
Front-panel-security diagnostic-reset serial-console...................................................................426
[No] front-panel-security diagnostic-reset serial-console............................................................ 427
Serial console error messages....................................................................................................427
Chapter 22 Easing Wired/Wireless Deployment feature integration....... 429
Overview................................................................................................................................................ 429
Configuration commands....................................................................................................................... 429
allow-jumbo-frames.....................................................................................................................429
Validation rules................................................................................................................. 430
Default AP Profile........................................................................................................................430
device-profile...............................................................................................................................430
Associating a device with a profile.............................................................................................. 431
device-profile type....................................................................................................................... 431
Configuring the rogue-ap-isolation command............................................................................. 432
rogue-ap-isolation....................................................................................................................... 432
VXLAN show commands....................................................................................................................... 433
show device-profile..................................................................................................................... 433
show command device-profile status.......................................................................................... 434
Show rogue-ap-isolation............................................................................................................. 434
Chapter 23 Local user roles........................................................................ 436
Overview................................................................................................................................................ 436
Captive-portal commands...................................................................................................................... 438
Overview..................................................................................................................................... 438
[no] aaa authentication captive-portal profile.............................................................................. 438
Validation rules................................................................................................................. 439
Policy commands...................................................................................................................................440
Overview..................................................................................................................................... 440
policy user................................................................................................................................... 440
[no] policy user............................................................................................................................ 440
policy resequence....................................................................................................................... 441
Commands in the policy-user context......................................................................................... 441
(policy-user)# class.......................................................................................................... 441
User role configuration...........................................................................................................................442
aaa authorization user-role......................................................................................................... 442
Error log............................................................................................................................443
captive-portal-profile....................................................................................................................444
policy........................................................................................................................................... 444
reauth-period...............................................................................................................................444
Validation rules................................................................................................................. 445
VLAN commands........................................................................................................................ 445
vlan-id...............................................................................................................................445
vlan-name.........................................................................................................................445
16 Aruba 2530 Management and Configuration Guide for
ArubaOS-Switch 16.05
VLAN range commands.........................................................................................................................446
Applying a UDR..................................................................................................................................... 447
aaa port-access local-mac apply user-role................................................................................. 447
VXLAN show commands....................................................................................................................... 447
show captive-portal profile.......................................................................................................... 447
show user-role.............................................................................................................................448
show port-access clients............................................................................................................. 449
Chapter 24 Port QoS Trust Mode................................................................ 451
Overview................................................................................................................................................ 451
Configuration commands....................................................................................................................... 451
qos trust...................................................................................................................................... 451
qos dscp-map..............................................................................................................................452
Show commands................................................................................................................................... 452
show qos trust............................................................................................................................. 452
Validation rules ......................................................................................................................................454
Chapter 25 Net-destination and Net-service..............................................455
Net-service Overview.............................................................................................................................455
netservice [tcp | udp | port].....................................................................................................................455
Net-destination overview........................................................................................................................456
net-destination host |position | network..................................................................................................457
show net-destination.............................................................................................................................. 458
Chapter 26 Websites.................................................................................... 459
Chapter 27 Support and other resources.................................................. 460
Accessing Hewlett Packard Enterprise Support.................................................................................... 460
Accessing updates.................................................................................................................................460
Customer self repair...............................................................................................................................461
Remote support..................................................................................................................................... 461
Warranty information..............................................................................................................................461
Regulatory information...........................................................................................................................462
Documentation feedback....................................................................................................................... 462
Remote Device Deployment (TR-069).........................................................463
Introduction............................................................................................................................................ 463
Advantages of TR-069................................................................................................................ 464
Zero-touch configuration process................................................................................................465
Zero-touch configuration setup and execution............................................................................ 468
CLI commands.......................................................................................................................................468
Configuration setup..................................................................................................................... 468
ACS password configuration.......................................................................................................469
When encrypt-credentials is off........................................................................................ 469
When encrypt-credentials is on........................................................................................ 470
ACS URL configuration .............................................................................................................. 470
ACS username configuration...................................................................................................... 470
CPE configuration....................................................................................................................... 470
CPE password configuration.......................................................................................................471
When encrypt-credentials is on........................................................................................ 471
When encrypt-credentials is off........................................................................................ 471
Contents 17
CPE username configuration...................................................................................................... 471
Enable/disable CWMP................................................................................................................ 472
Show commands.........................................................................................................................472
CWMP configuration and status query.............................................................................472
Event logging......................................................................................................................................... 473
System logging............................................................................................................................473
Status/control commands............................................................................................................474
Configuration backup and restore without reboot....................................476
Glossary........................................................................................................ 478
18 Aruba 2530 Management and Configuration Guide for
ArubaOS-Switch 16.05
This guide provides information on how to configure, manage, and monitor basic switch operation.
Applicable products
This guide applies to these products:
Aruba 2530 Switch Series (J9772A, J9773A, J9774A, J9775A, J9776A, J9777A, J9778A, J9779A, J9780A,
J9781A, J9782A, J9783A, J9853A, J9854A, J9855A, J9856A, JL070A)
Switch prompts used in this guide
Examples in this guide are representative and may not match your particular switch/environment. Examples use
simplified prompts as follows:
Prompt Explanation
switch# # indicates manager context (authority).
switch> > indicates operator context (authority).
switch(config)# (config) indicates the config context.
switch(vlan-x)# (vlan-x) indicates the vlan context of config, where x
represents the VLAN ID. For example:
switch(vlan-128)#.
switch(eth-x)# (eth-x) indicates the interface context of config,
where x represents the interface. For example:
switch(eth-48)#.
switch-Stack# Stack indicates that stacking is enabled.
switch-Stack(config)# Stack(config) indicates the config context while
stacking is enabled.
switch-Stack(stacking)# Stack(stacking) indicates the stacking context of
config while stacking is enabled.
switch-Stack(vlan-x)# Stack(vlan-x) indicates the vlan context of config
while stacking is enabled, where x represents the
VLAN ID. For example: switch-
Stack(vlan-128)#.
switch-Stack(eth-x/y)# Stack(eth-x/y) indicates the interface context of
config, in the form (eth-<member-in-stack>/
<interface>). For example: switch(eth-1/48)#
Chapter 1
About this guide
Chapter 1 About this guide 19
NOTE:
For successful time protocol setup and specific configuration details, you may need to contact your
system administrator regarding your local configuration.
General steps for running a time protocol on the switch
Using time synchronization ensures a uniform time among interoperating devices. This helps you to manage and
troubleshoot switch operation by attaching meaningful time data to event and error messages.
The switch offers TimeP, SNTP (Simple Network Time Protocol), NTP, and a timesync command for changing
the time protocol selection (or turning off time protocol operation).
NOTE: Although you can create and save configurations for all time protocols without conflicts, the
switch allows only one active time protocol at any time.
In the factory-default configuration, time synchronization is disabled by default.
NOTE: Because the Aruba 2530 Switch Series does not contain an RTC (real time clock) chip,
Hewlett Packard Enterprise recommends configuring one of the time synchronization protocols
supported. Failure to do so could result in the switch time being reset to the factory default of
01/01/1990 00:00:00 in the case of a switch reload, software upgrade, or power cycle.
TimeP time synchronization
You can either manually assign the switch to use a TimeP server or use DHCP to assign the TimeP server. In
either case, the switch can get its time synchronization updates from only one designated TimeP server. This
option enhances security by specifying which time server to use.
SNTP time synchronization
SNTP provides three operating modes:
•Broadcast mode
The switch acquires time updates by accepting the time value from the first SNTP time broadcast detected. (In
this case, the SNTP server must be configured to broadcast time updates to the network broadcast address;
see the documentation provided with your SNTP server application.) Once the switch detects a particular
server, it ignores time broadcasts from other SNTP servers unless the configurable Poll Interval expires three
consecutive times without an update received from the first-detected server.
NOTE: To use Broadcast mode, the switch and the SNTP server must be in the same subnet.
•DHCP mode
DHCP mode is enabled by default. In DHCP mode, the SNTP server address and the timezone are provided in
the DHCP address reply.
•Unicast mode
Chapter 2
Time Protocols
20 Aruba 2530 Management and Configuration Guide for
ArubaOS-Switch 16.05
Table of contents
Other Aruba Switch manuals
Aruba
Aruba Instant On 1430 User manual
Aruba
Aruba 6400 Series Owner's manual
Aruba
Aruba 2930F Series Owner's manual
Aruba
Aruba 2930M User manual
Aruba
Aruba 2930M Owner's manual
Aruba
Aruba 6300F Series Owner's manual
Aruba
Aruba 2540 User manual
Aruba
Aruba Instant On 1930 Series User manual
Aruba
Aruba 6400 Series User manual
Aruba
Aruba 2930F 24G 4SFP Plus User manual
Aruba
Aruba JL253A User manual
Aruba
Aruba AT-8400 SERIES User manual
Aruba
Aruba CX 10000 Series User manual
Aruba
Aruba 6300F Series User manual
Aruba
Aruba 4100i Series User manual
Aruba
Aruba 8400 Series User manual
Aruba
Aruba Instant On 1930 Series Owner's manual
Aruba
Aruba 3810M User manual
Aruba
Aruba S3500-24P User manual
Aruba
Aruba 8320 User manual
