Configuring Prerequisites for Switch Telemetry
This section lists the configuration for the best switch monitoring experience in New HPE Aruba Networking Central. Perform this configuration in HPE Aruba Networking Central. Some configurations require MultiEdit support.
This section is applicable only for AOS-CX switches.
The following table describes the impact of different switch configurations on New HPE Aruba Networking Central monitoring pages.
|
Switch Configuration |
How is it used ? |
|---|---|
|
CIPT (Client IP tracker) |
Shows the IP address in Unified Clients List (UCL). |
|
DFP (Device Finger Printing) |
Shows the host name of clients in UCL. This is used extensively for wired client profiling. |
|
Client Insights |
Alerts, health, and Insights use this telemetry to identify AAA/DHCP/DNS failures and latency-related information. |
|
DHCP Snooping |
Alerts, health, and Insights use this telemetry to identify DHCP failures and DHCP latency. |
|
ARC, IPFIX and Traffic insights - Enable DPI telemetry |
Required for application, TLS, website and application permission visibility. Client insights tags can be created based on the DPI telemetry. |
| ARC, IPFIX and Traffic insights - Enable DNS telemetry | Required to identify DNS failure and latency. Insights use this telemetry. |
To configure switch telemetry:
-
Configure authentication and DHCP related client events on AOS-CX switches in one of following ways, depending on the type of group:
Note:To view the DHCP server IP address in the Client Connectivity card, in the Connection Steps section which appears in the expanded view of the card, use the following command:
switch(config)# dhcpv4-snooping static-attributesDHCP events are generated only if DHCP snooping is enabled. To enable DHCH snooping, use the following commands:
VLAN Level Enablement
switch(config)# vlan 805
switch(config-vlan-805)# dhcpv4-snooping
switch(config-vlan-805)# dhcpv6-snooping
Global Level Enablement
switch(config-vlan-805)# dhcpv4-snooping
switch(config-vlan-805)# dhcpv6-snooping
-
UI Group—Enable Client Events on the switch by toggling the Authentication and DHCP Events toggle to the on position. For more information, see Aruba Central Online Help.
-
Template Group—Configure the following commands for DHCP, client insight, and port access related events.
switch(config)# dhcpv4-snooping event-log client
switch(config)# dhcpv6-snooping event-log client
switch(config)# port-access event-log client
switch(config)# client-insight enable
switch(config)# client-insight event-log
client-onboarding
-
-
Enable client IP address tracking at the system level and global level to view the IP address of the client in the Unified Client List (UCL) page of New HPE Aruba Networking Central.
switch(config)# client track ip
switch(config)# client track ip all-vlans
-
Create a device fingerprinting profile, configure protocols such as DHCP and HTTP, and associate the profile with the interfaces to obtain the host name and enhance the client insight profiling in New HPE Aruba Networking Central.
switch(config)# client device-fingerprint profile <name>
switch(config-device-fingerprint)# dhcp option-num 12,55,60
switch(config-device-fingerprint)# http user-agent
switch(config-device-fingerprint)# dhcp options-list
-
Configure the interface.
switch(config)# interface <PORT-NUMBER>
switch(config-if)# no shutdown
switch(config-if)# no routing
switch(config-if)# vlan access <VLAN-ID>
switch(config)# client device-fingerprint
apply-profile <name>
When configuring a DHCP server in New HPE Aruba Networking Central WebUI, it is mandatory to specify the Prefix Length parameter under the Edit Profile side panel. However, when configuring AOS-CX switches using APIs, the Prefix Length parameter is optional.
Configuring DNS Latency Telemetry
This section lists the prerequisite configurations to enable the DNS latency telemetry.
To configure the DNS Latency Telemetry, complete the following steps:
-
To enable the V2 default profile mode for AOS-CX 6400 Switch Series, run the profile v2-default command followed by configuration save and reboot commands.
switch(config)# profile v2-defaultNote:In AOS-CX 6400 Switch Series, Application Visibility is supported only on 6400V2 (R0X38C, R0X40C, R0X41C, R0X42C, R0X43C, R0X44C and R0X45C) line cards.
-
To disable IP source-lockdown resource-extended, run the following command:
switch(config)# no ip source-lockdown resource-extended -
To enable Application Visibility globally, run the following commands:
switch(config)# app-recognition
Switch(config-app-recognition)# enable
-
Enable flow-tracking if the AOS-CX switch runs 10.13 or later versions.
Flow-tracking obtains DNS latency telemetry. To enable flow-tracking, run the following commands:
switch(config)# flow-tracking
Switch(config-flow-tracking)# enable
-
Enable Application Visibility per client port or per user-role.
-
To enable Application Visibility for port, run the following commands:
switch(config)# interface <PORT-NUMBER>
Switch(config-if)# app-recognition enable
-
To enable Application Visibility for user-role, run the following commands:
switch(config)# port-access role guest
switch(config-pa-role)# app-recognition enable
-
-
To configure IPFIX, enable IPFIX on both client-facing and uplink ports to export application details to Traffic Insight.
-
To specify the IPv4 flow configuration, run the following commands:
switch(config)# flow exporter <NAME>
description Export flows to traffic insight profile
destination type traffic-insight
destination traffic-insight TI-01
switch(config)# flow record <NAME>
description Record used for ipv4 traffic analysis
match ipv4 destination address
match ipv4 protocol
match ipv4 source address
match ipv4 version
match transport destination port
match transport source port
collect counter bytes
collect counter packets
collect timestamp absolute first
collect timestamp absolute last
collect application name
collect application https url
collect application dns response-code
collect application tls-attributes
switch(config)# flow monitor flow-mon-prof
description Monitor for analyzing ipv4 traffic
cache timeout active <TIMEOUT_VALUE> --> 30-604800 seconds; default is 30 seconds.
exporter flow-exp-prof
record flow-rec-v4-prof
switch(config)# interface <Inbound_Interface>
switch(config-if)#ip flow monitor flow-mon-prof in -->Enable IPv4 flow monitor on both inbound and outbound interfaces
switch(config)# interface <Outbound_Interface>
switch(config-if)# ip flow monitor flow-mon-prof in
-
To specify the IPv6 flow configuration, run the following commands:
switch(config)# flow exporter <NAME>
description Export flows to traffic insight profile
destination type traffic-insight
destination traffic-insight TI-01
switch(config)# flow record <NAME>
description Record used for ipv6 traffic analysis
match ipv6 destination address
match ipv6 protocol
match ipv6 source address
match ipv6 version
match transport destination port
match transport source port
collect counter bytes
collect counter packets
collect timestamp absolute first
collect timestamp absolute last
collect application name
collect application https url
collect application dns response-code
collect application tls-attributes
switch(config)# flow monitor <NAME>
description Monitor for analyzing ipv6 traffic cache timeout active <TIMEOUT_VALUE> -->30-604800 seconds; default is 30 seconds.
exporter <NAME>
record <NAME>
switch(config)# interface <Inbound_Interface>
switch(config-if)#ipv6 flow monitor <NAME>in -->Enable IPv6 flow monitor on both inbound and outbound interfaces
switch(config)# interface <Outbound_Interface>
switch(config-if)# ipv6 flow monitor <NAME> in
-
-
To configure Traffic Insight, create and enable Traffic Insight instance and specify the flow source:
switch(config)# traffic-insight TI-01 -->Creates a Traffic Insight instance
switch(config-ti)# source ipfix -->Sets the source protocol to collect flow information
switch(config-ti)# enable -->Enables Traffic Insight
-
Create a monitor for DNS Latency Telemetry in the Traffic Insight profile.
switch(config)# traffic-insight TI-01
switch(config-ti)# monitor mnti3 type dns-average-latency