Page 1 Management and 6200yl Configuration Guide 5400zl 3500yl ProCurve Switches K.12.XX www.procurve.com...
Page 3 ProCurve Series 3500yl Switches Series 5400zl Switches 6200yl Switch February 2007 K.12.XX Management and Configuration Guide...
Page 4 ProCurve Switch 5412zl (J8698A) Hewlett-Packard assumes no responsibility for the use or ProCurve Switch 3500yl-24G-PWR Intelligent Edge (J8692A) ProCurve Switch 3500yl-48G-PWR Intelligent Edge (J8693A) reliability of its software on equipment that is not furnished ProCurve Switch 6200yl-24G (J8992A) by Hewlett-Packard.
Page 5: Table Of Contents
Contents Product Documentation About Your Switch Manual Set ....... . . xxi Printed Publications.
Page 6 ProCurve Manager Plus ........
Page 7 Using ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+) ....... 5-5 Tasks for Your First ProCurve Web Browser Interface Session .
Page 8 Support/Mgmt URLs Feature ........5-12 Support URL ..........5-13 Help and the Management Server URL .
Page 9 Transitioning to Multiple Configuration Files ....6-26 Listing and Displaying Startup-Config Files ..... 6-27 Viewing the Startup-Config File Status with Multiple Configuration Enabled .
Page 10 8 Configuring IP Addressing Contents ............8-1 Overview .
Page 11 Configuring a Broadcast Limit on the Switch ....10-15 Configuring ProCurve Auto-MDIX ......10-15 Web: Viewing Port Status and Configuring Port Parameters .
Page 12 PoE Power on the Series 3500yl Switches ....11-10 Using a ProCurve 620 Redundant Power Supply ... . 11-11 Power Priority Operation .
Page 13 Displaying an Overview of PoE Status on All Ports ... . . 11-22 Displaying the PoE Status on Specific Ports ....11-23 Planning and Implementing a PoE Configuration .
Page 14 Overview ........... . 13-3 Rate-Limiting .
Page 15 14 Configuring for Network Management Applications Contents ........... . . 14-1 Using SNMP Tools To Manage the Switch .
Page 16 LLDP Operating Rules ........14-39 Configuring LLDP Operation .
Page 17 Disable TFTP and Auto-TFTP for Enhanced Security ..A-10 Command Options ........A-13 Authentication .
Page 18 Copying Command Output to a Destination Device ..A-32 Copying Event Log Output to a Destination Device ..A-33 Copying Crash Data Content to a Destination Device ..A-33 Copying Crash Log Data Content to a Destination Device .
Page 19 Traffic Mirroring ..........B-23 Terminology .
Page 20 Local Mirroring Destination ......B-63 Remote Mirroring Destination Using a VLAN Interface and an ACL for Mirroring Criteria .
Page 21 CLI: Listing Events ........C-29 CLI: Clearing Event Log Entries .
Page 22 Displaying Current Resource Usage ......E-3 When Insufficient Resources Are Available ....E-5 F Daylight Savings Time on ProCurve Switches Index...
Page 23: Product Documentation
Electronic Publications The latest version of each of the publications listed below is available in PDF format on the ProCurve Web site, as described in the Note at the top of this page. Management and Configuration Guide—Describes how to configure, ■...
Page 24 (These features are automatically included on the ProCurve 6200yl switches.) Intelligent Edge Software Features. These features are automatically included on the ProCurve 3500yl and 5400zl Intelligent Edge switches and on the 6200yl Premium Edge switch. Premium Edge Software Features...
Page 25 Intelligent Edge Software Manual Features Management Advanced Multicast and Access Traffic Routing Security Configuration Management Guide AAA Authentication Authorized IP Managers Authorized Manager List (Web, Telnet, TFTP) Auto MDIX Configuration BOOTP Config File Console Access Copy Command CoS (Class of Service) Debug DHCP Configuration DHCP Option 82...
Page 26 Link LLDP LLDP-MED MAC Address Management MAC Lockdown MAC Lockout MAC-based Authentication Management VLAN Meshing Monitoring and Analysis Multicast Filtering Multiple Configuration Files Network Management Applications (SNMP) OpenView Device Management Passwords and Password Clear Protection ProCurve Manager (PCM) Ping xxiv...
Page 27 Intelligent Edge Software Manual Features Management Advanced Multicast and Access Traffic Routing Security Configuration Management Guide Port Configuration Port Monitoring Port Security Port Status Port Trunking (LACP) Port-Based Access Control (802.1X) Power over Ethernet (PoE) Protocol Filters Protocol VLANS Quality of Service (QoS) RADIUS Authentication and Accounting RADIUS-Based Configuration Rate-Limiting...
Page 28 Advanced Multicast and Access Traffic Routing Security Configuration Management Guide SSL (Secure Socket Layer) Stack Management (3500yl/6200yl switches only) Syslog System Information TACACS+ Authentication Telnet Access TFTP Time Protocols (TimeP, SNTP) Traffic Mirroring Traffic/Security Filters Troubleshooting Uni-Directional Link Detection (UDLD)
Page 29: Contents
Getting Started Contents Introduction ..........1-2 Conventions .
Page 30: Introduction
For an overview of other product documentation for the above switches, refer to “Product Documentation” on page xiii. You can download documentation from the ProCurve Networking web site, www.procurve.com. Conventions This guide uses the following conventions for command syntax and displayed information.
Page 31: Command Syntax Statements
ProCurve 5406zl# ProCurve 5412zl# ProCurve 3500yl# ProCurve 6200yl# To simplify recognition, this guide uses ProCurve to represent command prompts for all models. For example: ProCurve# (You can use the hostname command to change the text in the CLI prompt.)
Page 32: Screen Simulations
Port Identity Examples This guide describes software applicable to both chassis-based and stackable ProCurve switches. Where port identities are needed in an example, this guide uses the chassis-based port identity system, such as “A1, “B3-B5”, “C7”, etc. However, unless otherwise noted, such examples apply equally to the stack- able switches, which typically use only numbers, such as “1”, “3-5”, “15”, etc.
Page 33: Sources For More Information
ProCurve Premium Edge License (This option is used on the 3500yl and 5400zl switches to enable certain software features described in the manual set for these switches. The 6200yl switch is available only as a Premium Edge switch.) •...
Page 34 Getting Started Sources for More Information Management and Configuration Guide—Use this guide for information ■ on topics such as: • various interfaces available on the switch • memory and configuration operation • interface access • IP addressing • time protocols •...
Page 35: Getting Documentation From The Web
Click on Technical support. Click on Product manuals. Click on the product for which you want to view or download a manual. If you need further information on ProCurve switch technology, visit the ProCurve Networking web site at: www.procurve.com Online Help...
Page 36: Command Line Interface
Figure 1-4. Button for Web Browser Interface Online Help N o t e To access the online Help for the ProCurve web browser interface, you need either ProCurve Manager (version 1.5 or greater) installed on your network or an active connection to the World Wide Web. Otherwise, Online help for the...
Page 37: Need Only A Quick Start?
If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, ProCurve recommends that you use the Switch Setup screen to quickly configure IP addressing. To do so, do one of the following: Enter setup at the CLI Manager level prompt.
Page 38: Premium Edge Switch Features
3500yl switches: J8993A 5400zl switches: J8994A ■ (Note that the ProCurve 6200yl switch is available only as a Premium Edge switch.) For the most current information about the features included in the Premium Edge package, refer to the release notes for your product on the ProCurve Networking web site.
Page 39: Contents
ProCurve Manager Plus ........
Page 40: Overview
VLAN management. (ProCurve includes a copy of PCM+ in-box for a 30-day trial.) This manual describes how to use the menu interface (Chapter 3), the CLI (Chapter 4), the web browser interface (Chapter 5), and how to use these interfaces to configure and monitor the switch.
Page 41: Advantages Of Using The Menu Interface
Selecting a Management Interface Advantages of Using the Menu Interface To use ProCurve Manager or ProCurve Manager Plus, refer to the Getting Started Guide and the Administrator’s Guide, which are available electron- ically with the software for these applications. For more information, visit the ProCurve Networking web site at www.procurve.com.
Page 42: Advantages Of Using The Cli
Provides more security; configuration information and passwords are ■ not seen on the network. Advantages of Using the CLI Prompt for Operator Level ProCurve> Prompt for Manager Level ProCurve# Prompt for Global Configuration ProCurve(config)# Level Prompt for Context ProCurve(<context>)#...
Page 43: Advantages Of Using The Web Browser Interface
Selecting a Management Interface Advantages of Using the Web Browser Interface To perform specific procedures (such as configuring IP addressing or ■ VLANs), use the Contents listing at the front of the manual to locate the information you need. ■ For monitoring and analyzing switch operation, refer to Appendix B.
Page 44 Selecting a Management Interface Advantages of Using the Web Browser Interface Many features have all their fields in one screen so you can view all ■ values at once ■ More visual cues, using colors, status bars, device icons, and other graphical objects instead of relying solely on alphanumeric values Display of acceptable ranges of values available in configuration list ■...
Page 45: Or Procurve Manager Plus
Advantages of Using ProCurve Manager or ProCurve Manager Plus You can operate ProCurve Manager and ProCurve Manager Plus (PCM and PCM+) from a PC on the network to monitor traffic, manage your hubs and switches, and proactively recommend network changes to increase network uptime and optimize performance.
Page 46 Features and benefits of ProCurve Manager Plus: ■ • All of the Features of ProCurve Manager: Refer to the above listing. • In-Depth Traffic Analysis: An integrated, low-overhead traffic mon- itor interface shows detailed information on traffic throughout the network.
Page 47 Updates can be scheduled easily across large groups of devices, all at user-specified times. • Investment Protection: The modular software architecture of ProCurve Manager Plus will allow ProCurve to offer network admin- istrators add-on software solutions that complement their needs.
Page 48: Web Browser Interfaces
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus Custom Login Banners for the Console and Web Browser Interfaces You can now configure the switch to display a login banner of up to 320 characters when an operator initiates a management session with the switch through any of the following methods: ■...
Page 49: Banner Operation With Telnet, Serial, Or Sshv2 Access
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus Banner Operation with Telnet, Serial, or SSHv2 Access When a system operator begins a login session, the switch displays the banner above the local password prompt or, if no password is configured, above the Press any key to continue prompt.
Page 50: Example Of Configuring And Displaying A Banner
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus < banner-text-string > The switch allows up to 320 banner characters, including blank spaces and CR-LF ([Enter]). (The tilde “ “ and the delimiter defined by banner motd <delimiter> are not allowed as part of the banner text.) While entering banner...
Page 51 Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus ProCurve(config)# show banner motd Banner Information Banner status: Enabled Configured Banner: This is a private system maintained by the Allied Widget Corporation. Unauthorized use of this system can result in civil and criminal penalties! Figure 2.
Page 52 Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus The next time someone logs onto the switch’s management CLI, the following appears: The login screen displays the configured banner. Entering a correct password clears the banner and displays the CLI prompt.
Page 53: Operating Notes
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus If someone uses a Web browser to log in to the switch interface, the following message appears: Figure 5. Example of Web Browser Interface Result of the Login Banner...
Page 54 Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus — This page is intentionally unused. — 2-16...
Page 55: Contents
Using the Menu Interface Contents Overview ........... . . 3-2 Starting and Ending a Menu Session .
Page 56: Overview
Reboot the switch For a detailed list of menu features, see the “Menu Features List” on page 3-14. Privilege Levels and Password Security. ProCurve strongly recom- mends that you configure a Manager password to help prevent unauthorized access to your network. A Manager password grants full read-write access to the switch.
Page 57: Starting And Ending A Menu Session
Using the Menu Interface Starting and Ending a Menu Session N o t e If the switch has neither a Manager nor an Operator password, anyone having access to the console interface can operate the console with full manager privileges. Also, if you configure only an Operator password, entering the Operator password enables full manager privileges.
Page 58: How To Start A Menu Interface Session
• If no password has been configured, the CLI prompt appears. Go to the next step. When the CLI prompt appears, display the Menu interface by entering the menu command. For example: ProCurve# menu [Enter] results in the following display:...
Page 59: How To End A Menu Session And Exit From The Console:
Using the Menu Interface Starting and Ending a Menu Session Stacking is supported on the 3500yl and 6200yl switches. Figure 3-1. Example of the Main Menu with Manager Privileges For a description of Main Menu features, see “Main Menu Features” on page 3-7.
Page 60 Stacking is supported on the 3500yl and 6200yl switches. Figure 3-2. Example Indication of a Configuration Change Requiring a Reboot In the current session, if you have not made configuration changes that require a switch reboot to activate, return to the Main Menu and press (zero) to log out.
Page 61: Main Menu Features
Using the Menu Interface Main Menu Features Main Menu Features Stacking is supported on the 3500yl and 6200yl switches. Figure 3-3. The Main Menu View with Manager Privileges The Main Menu gives you access to these Menu interface features: ■...
Page 62 Using the Menu Interface Main Menu Features Command Line (CLI): Selects the Command Line Interface at the same ■ level (Manager or Operator) that you are accessing in the Menu interface. (Refer to Chapter 4, “Using the Command Line Interface (CLI)”.) ■...
Page 63: Screen Structure And Navigation
Using the Menu Interface Screen Structure and Navigation Screen Structure and Navigation Menu interface screens include these three elements: ■ Parameter fields and/or read-only information such as statistics Navigation and configuration actions, such as Save, Edit, and Cancel ■ ■ Help line to describe navigation options, individual parameters, and read- only data For example, in the following System Information screen:...
Page 64 Using the Menu Interface Screen Structure and Navigation Table 3-1. How To Navigate in the Menu Interface Task: Actions: Execute an action Use either of the following methods: from the “Actions –>” • Use the arrow keys ([<], or [>]) to highlight the action you want list at the bottom of to execute, then press [Enter].
Page 65 Using the Menu Interface Screen Structure and Navigation To get Help on individual parameter descriptions. In most screens there is a Help option in the Actions line. Whenever any of the items in the Actions line is highlighted, press , and a separate help screen is displayed. For example: Pressing [H] or highlighting Help and pressing [Enter] displays Help for the...
Page 66: Rebooting The Switch
Using the Menu Interface Rebooting the Switch Rebooting the Switch Rebooting the switch from the menu interface ■ Terminates all current sessions and performs a reset of the operating system Activates any menu interface configuration changes that require a reboot ■...
Page 67 Using the Menu Interface Rebooting the Switch Rebooting To Activate Configuration Changes. Configuration changes for most parameters in the menu interface become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the .
Page 68: Menu Features List
Using the Menu Interface Menu Features List Menu Features List Status and Counters • General System Information • Switch Management Address Information • Port Status • Port Counters • Address Table • Port Address Table Switch Configuration • System Information •...
Page 69 Using the Menu Interface Where To Go From Here Option: Turn to: To use the Run Setup option Refer to the Installation and Getting Started Guide shipped with the switch. To view and monitor switch status and Appendix B, “Monitoring and Analyzing Switch counters Operation”...
Page 70 Using the Menu Interface Where To Go From Here — This page is intentionally unused. — 3-16...
Page 71: Contents
Using the Command Line Interface (CLI) Contents Overview ........... . . 4-2 Accessing the CLI .
Page 72: Overview
Using the Command Line Interface (CLI) Overview Overview The CLI is a text-based command interface for configuring and monitoring the switch. The CLI gives you access to the switch’s full set of commands while providing the same password protection that is used in the web browser interface and the menu interface.
Page 73: Privilege Levels At Logon
In the above case, you will enter the CLI at the level corresponding to the password you provide (operator or manager). If no passwords are set when you log onto the CLI, you will enter at the Manager level. For example: ProCurve# _...
Page 74: Privilege Level Operation
Using the CLI C a u t i o n ProCurve strongly recommends that you configure a Manager password. If a Manager password is not configured, then the Manager level is not password- protected, and anyone having in-band or out-of-band access to the switch may be able to reach the Manager level and compromise switch and network security.
Page 75: Manager Privileges
Manager prompt. For example: ProCurve# config Enter config at the Manager prompt. ProCurve(config)#_ The Global Config prompt. Context Configuration level: Provides all Operator and Manager priv- ■ ileges, and enables you to make configuration changes in a specific context, such as one or more ports or a VLAN.
Page 76 Using the CLI Table 4-1. Privilege Level Hierarchy Privilege Example of Prompt and Permitted Operations Level Operator Privilege Operator Level ProCurve> show < command > View status and configuration information. setup ping < argument > Perform connectivity tests. link-test < argument >...
Page 77: How To Move Between Levels
Using the Command Line Interface (CLI) Using the CLI How To Move Between Levels Change in Levels Example of Prompt, Command, and Result > enable Operator level ProCurve Password:_ Manager level enable After you enter , the Password prompt appears. After you enter the...
Page 78: Listing Commands And Command Options
Using the Command Line Interface (CLI) Using the CLI For example, if you use the menu interface to configure an IP address of “X” for VLAN 1 and later use the CLI to configure a different IP address of “Y” for VLAN 1, then “Y”...
Page 79 [Tab] (with no spaces allowed). For example, at the Global Configuration level, if you press [Tab] immediately after typing “t”, the CLI displays the available command options that begin with “t”. For example: ProCurve(config)# t [Tab] tacacs-server telnet-server time timesync...
Page 80: Listing Command Options
CLI completes the current word (if you have typed enough of the word for the CLI to distinguish it from other possibilities), including hyphenated exten- sions. For example: ProCurve(config)# port- [Tab] ProCurve(config)# port-security _ Pressing after a completed command word lists the further options for [Tab] that command.
Page 81: Displaying Cli "Help"
Using the Command Line Interface (CLI) Using the CLI Displaying CLI “Help” CLI Help provides two types of context-sensitive information: ■ Command list with a brief summary of each command’s purpose Detailed information on how to use individual commands ■ Displaying Command-List Help.
Page 82 Note that trying to list the help for an individual command from a privilege level that does not include that command results in an error message. For example, trying to list the help for the interface command while at the global configuration level produces this result: ProCurve# speed-duplex help Invalid input: speed-duplex 4-12...
Page 83: Configuration Commands And The Context Configuration Modes
Port or Trunk-Group Context . Includes port- or trunk-specific com- mands that apply only to the selected port(s) or trunk group, plus the global configuration, Manager, and Operator commands. The prompt for this mode includes the identity of the selected port(s): ProCurve(config)# interface c3-c6 ProCurve(eth-C5-C8)# ProCurve(config)# interface trk1 ProCurve(eth-Trk1)#...
Page 84 Using the Command Line Interface (CLI) Using the CLI In the port context, the first block of commands in the “?” listing show the context-specific commands that will affect only ports C3-C6. The remaining commands in the listing are Manager, Operator, and context commands.
Page 85 VLAN ID of the selected VLAN. For example, if you had already configured a VLAN with an ID of 100 in the switch: ProCurve(config)# vlan 100 Command executed at configuration level to enter VLAN 100 context. ProCurve(vlan-100)# Resulting prompt showing VLAN 100 context.
Page 86: Cli Control And Editing
Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing Keystrokes Function [Ctrl] [A] Jumps to the first character of the command line. or [<] Moves the cursor back one character. [Ctrl] [B] [Ctrl] [C] Terminates a task and displays the command prompt. [Ctrl] [D] Deletes the character at the cursor.
Page 87: Contents
Using ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+) ....... 5-5 Tasks for Your First ProCurve Web Browser Interface Session .
Page 88: Overview
Command Prompt or changing the Web Agent Enabled parameter setting to No (page 7-4). For information on operating system, browser, and Java versions for the switches covered in this guide, go to the ProCurve Networking web site at www.procurve.com and: Click on: Technical support...
Page 89: General Features
Using the ProCurve Web Browser Interface General Features General Features The web browser interface includes these features: Switch Identity and Status: • General system data • Software version • IP address • Status Overview • Port utilization • Port counters •...
Page 90: Interface Session With The Switch
Location or Address field instead of the IP address. Using DNS names typically improves browser performance. Contact your network adminis- trator to enquire about DNS names associated with your ProCurve switch. Type the IP address (or DNS name) of the switch in the browser Location or Address (URL) field and press .
Page 91: Procurve Manager Plus (Pcm+)
Using ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+) ProCurve Manager and ProCurve Manager Plus are designed for installation on a network management workstation. For this reason, the system require- ments are different from the system requirements for accessing the switch’s web browser interface from a non-management PC or workstation.
Page 92 Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Switch First time install alert Figure 5-1. Example of Status Overview Screen...
Page 93: Tasks For Your First Procurve Web Browser Interface Session
Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Tasks for Your First ProCurve Web Browser Interface Session The first time you access the web browser interface, there are three tasks you should perform: ■...
Page 94: In The Browser Interface
Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session This window is the launching point for the basic configuration you need to perform to set web browser interface passwords for maintaining security and a fault detection policy, which determines the types of messages that the Alert Log displays.
Page 95 Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Figure 5-3. The Device Passwords Window To set the passwords: Access the Device Passwords screen by one of the following methods: • If the Alert Log includes a “First Time Install” event entry, double click on this event, then, in the resulting display, click on the secure access to the device link.
Page 96: Entering A User Name And Password
Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Entering a User Name and Password Figure 5-4. Example of the Password Prompt in the Web Browser Interface The manager and operator passwords are used to control access to all switch interfaces.
Page 97: Online Help For The Web Browser Interface
Context-sensitive help is provided for the screen you are on. N o t e To access the online Help for the ProCurve web browser interface, you need either ProCurve Manager (version 1.5 or greater) installed on your network or an active connection to the World Wide Web. Otherwise, Online help for the web browser interface will not be available.
Page 98: Support/Mgmt Urls Feature
Support tab. The default is the URL for the ProCurve Networking home page. – The URL of a PCM (ProCurve Network Manager) workstation or other server for the online Help files for this web browser interface. (The default setting accesses the switch’s browser-based Help on the ProCurve World Wide...
Page 99: Support Url
As an alternative, you can replace the ProCurve URL with the URL for a local site used for logging reports on network performance or other support activ- ities.
Page 100: Using The Pcm Server For Switch Web Help
Figure 5-7. How To Access Web Browser Interface Online Help Using the PCM Server for Switch Web Help For ProCurve devices that support the “Web Help” feature, you can use the PCM server to host the switch help files for devices that do not have HTTP access to the ProCurve Support Web site.
Page 101 Using the ProCurve Web Browser Interface Support/Mgmt URLs Feature Add an entry, or edit the existing entry in the Discovery portion of the global properties (globalprops.prp) in PCM to redirect the switches to the help files on the PCM server. For example:...
Page 102: Status Reporting Features
Using the ProCurve Web Browser Interface Status Reporting Features Status Reporting Features Browser elements covered in this section include: The Overview window (below) ■ ■ Port utilization and status (page 5-17) ■ The Alert log (page 5-20) The Status bar (page 5-22) ■...
Page 103: The Port Utilization And Status Displays
Using the ProCurve Web Browser Interface Status Reporting Features The Port Utilization and Status Displays The Port Utilization and Status displays show an overview of the status of the switch and the amount of network activity on each port. The following figure shows a sample reading of the Port Utilization and Port Status.
Page 104 Using the ProCurve Web Browser Interface Status Reporting Features Maximum Activity Indicator: As the bars in the graph area change ■ height to reflect the level of network activity on the corresponding port, they leave an outline to identify the maximum activity level that has been observed on the port.
Page 105: Port Status
Using the ProCurve Web Browser Interface Status Reporting Features Port Status Port Status Indicators Legend Figure 5-12. The Port Status Indicators and Legend The Port Status indicators show a symbol for each port that indicates the general status of the port. There are four possible statuses: Port Connected –...
Page 106: The Alert Log
Using the ProCurve Web Browser Interface Status Reporting Features The Alert Log The web browser interface Alert Log, shown in the lower half of the screen, shows a list of network occurrences, or alerts, that were detected by the switch. Typical alerts are Broadcast Storm, indicating an excessive number of broadcasts received on a port, and Problem Cable, indicating a faulty cable.
Page 107: Alert Types And Detailed Views
Using the ProCurve Web Browser Interface Status Reporting Features Alert Types and Detailed Views As of April, 2004, the web browser interface generates the following alert types: • Auto Partition • High collision or drop rate • Backup Transition • Loss of Link •...
Page 108: The Status Bar
Using the ProCurve Web Browser Interface Status Reporting Features Figure 5-14. Example of Alert Log Detail View The Status Bar The Status Bar appears in the upper left corner of the web browser interface window. Figure 5-15 shows an expanded view of the status bar.
Page 109 Using the ProCurve Web Browser Interface Status Reporting Features The Status bar includes four objects: ■ Status Indicator. Indicates, by icon, the severity of the most critical alert in the current display of the Alert Log. This indicator can be one of four shapes and colors, as shown below.
Page 110: Setting Fault Detection Policy
Using the ProCurve Web Browser Interface Status Reporting Features Setting Fault Detection Policy One of the powerful features in the web browser interface is the Fault Detection facility. For your switch, this feature controls the types of alerts reported to the Alert Log based on their level of severity.
Page 111 Never. Disables the Alert Log and transmission of alerts (traps) to the ■ management server (in cases where a network management tool such as ProCurve Manager is in use). Use this option when you don’t want to use the Alert Log. The Fault Detection Window also contains three Change Control Buttons: Apply Changes.
Page 112 Using the ProCurve Web Browser Interface Status Reporting Features — This page is intentionally unused. — 5-26...
Page 113: Contents
Switch Memory and Configuration Contents Overview ........... . . 6-3 Configuration File Management .
Page 114 Switch Memory and Configuration Contents Using the Clear + Reset Button Combination To Reset the Switch to Its Default Configuration ......6-34 Transferring Startup-Config Files To or From a Remote Server .
Page 115: Overview
Switch Memory and Configuration Overview Overview This chapter describes: ■ How switch memory manages configuration changes How the CLI implements configuration changes ■ ■ How the menu interface and web browser interface implement configu- ration changes ■ How the switch provides software options through primary/secondary flash images How to use the switch’s primary and secondary flash options, including ■...
Page 116 This allows you to test the change without making it “permanent”. When you are satisfied that the change is satisfactory, you can make it permanent by executing the command. For example, write memory suppose you use the following command to disable port 5: ProCurve(config)# interface ethernet 5 disable...
Page 117 ProCurve(config)# write memory If you use the CLI to make a configuration change and then change from the CLI to the Menu interface without first using write memory to save the change to the startup-config file, then the switch prompts you to save the change.
Page 118: Using The Cli To Implement Configuration Changes
Switch Memory and Configuration Using the CLI To Implement Configuration Changes Using the CLI To Implement Configuration Changes The CLI offers these capabilities: Access to the full set of switch configuration features ■ ■ The option of testing configuration changes before making them perma- nent How To Use the CLI To View the Current Configuration Files.
Page 119 ProCurve(config)# interface e a5 speed-duplex auto-10 After you are satisfied that the link is operating properly, you can save the change to the switch’s permanent configuration (the startup-config file) by...
Page 120 Using the CLI To Implement Configuration Changes Disables port 1 in the running configuration, which causes port 1 to block all traffic. ProCurve(config)# interface e 1 disable ProCurve(config)# boot Device will be rebooted, do you want to continue [y/n]? y Press [Y] to continue the rebooting process.
Page 121: Configuration Changes
Syntax: erase startup-config For example: ProCurve(config)# erase startup-config Configuration will be deleted and device rebooted, continue [y/n]? Press to replace the current configuration with the factory default config- uration and reboot the switch. Press to retain the current configuration and prevent a reboot.
Page 122 Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes N o t e The only exception to this operation are two VLAN-related parameter changes that require a reboot—described under “Rebooting To Activate Configuration Changes” on page 6-11. Using in the Menu Interface Save...
Page 123: Rebooting From The Menu Interface
Optional Reboot Switch Command Stacking is supported on the 3500yl and 6200yl switches. Figure 6-4. The Reboot Switch Option in the Main Menu Rebooting To Activate Configuration Changes. Configuration changes for most parameters become effective as soon as you save them. However,...
Page 124: Web: Implementing Configuration Changes
Stacking is supported on the 3500yl and 6200yl switches. Reminder to reboot the switch to activate configuration changes. Figure 6-5. Indication of a Configuration Change Requiring a Reboot...
Page 125: Using Primary And Secondary Flash Image Options
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Using Primary and Secondary Flash Image Options The switches covered in this guide feature two flash memory locations for storing switch software image files: ■ Primary Flash: The default storage for a switch software image. ■...
Page 126 Switch Memory and Configuration Using Primary and Secondary Flash Image Options For example, if the switch is using a software version of K.11.XX stored in Primary flash, show version produces the following: Figure 6-6. Example Showing the Identity of the Current Flash Image (5400zl) Determining Whether the Flash Images Are Different Versions.
Page 127: Switch Software Downloads
Switch Memory and Configuration Using Primary and Secondary Flash Image Options 1. In this example show version indicates the switch has version K.11.02 in primary flash. 2. After the boot system command, show version indicates that version K.11.01 is in secondary flash.
Page 128: Local Switch Software Replacement And Removal
If you want to remove an unwanted software version from flash, ProCurve recommends that you do so by overwriting it with the same software version that you are using to operate the switch, or with another acceptable software version.
Page 129 Figure 6-9. Example Indicating Two Different Software Versions in Primary and Secondary Flash Execute the copy command as follows: ProCurve(config)# copy flash flash primary Erasing the Contents of Primary or Secondary Flash. This command deletes the software image file from the specified flash location.
Page 130: Rebooting The Switch
Switch Memory and Configuration Using Primary and Secondary Flash Image Options The prompt shows which flash location will be erased. Figure 6-10. Example of Erase Flash Prompt Type y at the prompt to complete the flash erase. Use show flash to verify erasure of the selected software flash image The “...
Page 131 Switch Memory and Configuration Using Primary and Secondary Flash Image Options Booting from Primary Flash. This command always boots the switch from primary flash, executes the complete set of subsystem self-tests, and gives you the option of saving or discarding any configuration changes in the running- config file.
Page 132 Shows the status of the fastboot feature, either enabled or disabled. The fastboot command is shown below. ProCurve(config)# fastboot Rebooting from the Current Software Version. Reload reboots the switch from the flash image and startup-config file on which the switch is currently running, and provides the option for saving to the startup-config file any configuration changes currently in the running-config file.
Page 133 To schedule a reload for the same time the following day: ProCurve# reload after 01:00:00 To schedule a reload for the same day at 12:05: ■ ProCurve# reload at 12:05 To schedule a reload on some future date: ■ ProCurve# reload at 12:05 01/01/2007 6-21...
Page 134: Operating Notes
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Operating Notes Default Boot Source. The switch reboots from primary flash by default unless you specify the secondary flash. Boot Attempts from an Empty Flash Location. In this case, the switch aborts the attempt and displays Image does not exist Operation aborted.
Page 135: Multiple Configuration Files
Switch Memory and Configuration Multiple Configuration Files Multiple Configuration Files Action Page Listing and Displaying Startup-Config Files 6-27 Changing or Overriding the Reboot Configuration Policy 6-28 Managing Startup-Config Files Renaming Startup-Config Files 6-30 Copying Startup-Config Files 6-31 Erasing Startup-Config Files 6-32 Effect of Using the Clear + Reset Buttons 6-34...
Page 136: General Operation
Switch Memory and Configuration Multiple Configuration Files Transitions from one software release to another can be performed while ■ maintaining a separate configuration for the different software release versions. ■ By setting a reboot policy using a known good configuration and then overriding the policy on a per-instance basis, you can test a new configu- ration with the provision that if an unattended reboot occurs, the switch will come up with the known, good configuration instead of repeating a...
Page 137 Switch Memory and Configuration Multiple Configuration Files Use the CLI to make configuration changes in the running-config file, and then execute write mem. The result is that the startup-config file used to reboot the switch is modified by the actions in step 2. Boot Command Primary Boot Path Active Startup-Config File:...
Page 138: Transitioning To Multiple Configuration Files
Switch Memory and Configuration Multiple Configuration Files Transitioning to Multiple Configuration Files At the first reboot with a software release supporting multiple configuration, the switch: Assigns the filename oldConfig to the existing startup-config file (which is ■ stored in memory slot 1). Saves a copy of the existing startup-config file in memory slot 2 with the ■...
Page 139: Listing And Displaying Startup-Config Files
Switch Memory and Configuration Multiple Configuration Files Listing and Displaying Startup-Config Files Command Page show config files Below show config < filename > 6-28 Viewing the Startup-Config File Status with Multiple Configuration Enabled Rebooting the switch automatically enables the multiple configuration fea- ture.
Page 140: Displaying The Content Of A Specific Startup-Config File
Switch Memory and Configuration Multiple Configuration Files Displaying the Content of A Specific Startup-Config File With Multiple Configuration enabled, the switch can have up to three startup- config files. Because the show config command always displays the content of the currently active startup-config file, the command extension shown below is needed to allow viewing the contents of any other startup-config files stored in the switch.
Page 141 1). Also, whenever the switch boots from secondary flash, the operator also wants the startup-config named newconfig to be used. The following two commands configure the desired behavior. ProCurve(config)# startup-default pri config minconfig ProCurve(config) # startup-default sec config newconfig. 6-29...
Page 142: Managing Startup-Config Files In The Switch
Switch Memory and Configuration Multiple Configuration Files Overriding the Default Reboot Configuration Policy. This command provides a method for manually rebooting with a specific startup-config file other than the file specified in the default reboot configuration policy. Syntax: boot system flash < primary | secondary > config < filename > Specifies the name of the startup-config file to apply for the immediate boot instance only.
Page 143: Creating A New Startup-Config File
Switch Memory and Configuration Multiple Configuration Files Creating a New Startup-Config File The switch allows up to three startup-config files. You can create a new startup-config file if there is an empty memory slot or if you want to replace one startup-config file with another.
Page 144: Erasing A Startup-Config File
Switch Memory and Configuration Multiple Configuration Files If you wanted to experiment with configuration changes to the software version in secondary flash, you could create and assign a separate startup- config file for this purpose. The first two commands copy the config1 startup-config file to config2, and then make config2 the default startup-config file for booting from secondary flash.
Page 145 Switch Memory and Configuration Multiple Configuration Files Note: Where a file is assigned to either the primary or the secondary flash, but is not the currently active startup- config file, erasing the file does not remove the flash assignment from the memory slot for that file. Thus, if the switch boots using a flash location that does not have an assigned startup-config, then the switch creates a new, default startup-config file and uses this file in the reboot.
Page 146: Switch To Its Default Configuration
Switch Memory and Configuration Multiple Configuration Files With the same memory configuration as is shown in the bottom portion of figure 6-20, executing erase startup-config boots the switch from primary flash, resulting in a new file named minconfig in the same memory slot. The new file contains the default configuration for the software version currently in pri- mary flash.
Page 147: Tftp: Copying A Configuration File To A Remote Host
For example, the following command copies a startup-config file named test- 01 from the switch to a (UNIX) TFTP server at IP address 10.10.28.14: ProCurve(config)# copy config test-01 tftp 10.10.28.14 test-01.txt unix TFTP: Copying a Configuration File from a Remote Host Syntax: copy tftp config <...
Page 148: Connected Host
Switch Memory and Configuration Multiple Configuration Files Xmodem: Copying a Configuration File to a Serially Connected Host Syntax: copy config < filename > xmodem < pc | unix > This is an addition to the copy < config > xmodem command options.
Page 149: Contents
Interface Access and System Information Contents Overview ........... . . 7-2 Interface Access: Console/Serial Link, Web, and Inbound Telnet .
Page 150: Overview
Chapter 3, “Using the Menu Interface” ■ Chapter 4, “Using the Command Line Interface (CLI)” Chapter 5, “Using the ProCurve Web Browser Interface” ■ Why Configure Interface Access and System Information? The inter- face access features in the switch operate properly by default. However, you can modify or disable access features to suit your particular needs.
Page 151: Interface Access: Console/Serial Link, Web, And Inbound Telnet
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access Features Feature Default Menu Inactivity Time 0 Minutes page 7-4 page 7-6 — (disabled) Inbound Telnet Access Enabled page 7-4 page 7-5...
Page 152: Menu: Modifying The Interface Access
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Menu: Modifying the Interface Access The menu interface enables you to modify these parameters: ■ Inactivity Timeout Inbound Telnet Enabled ■ Web Agent Enabled ■ To Access the Interface Access Parameters: From the Main Menu, Select...
Page 153: Cli: Modifying The Interface Access
Console Control Options Figure 7-2. Listing of Show Console Command Reconfigure Inbound Telnet Access. In the default configuration, inbound Telnet access is enabled. Syntax: [no] telnet-server To disable inbound Telnet access: ProCurve(config)# no telnet-server To re-enable inbound Telnet access: ProCurve(config)# telnet-server...
Page 154 Telnet to another device that has an IP address. Syntax: telnet < ip-address > For example: ProCurve # telnet 10.28.27.204 Reconfigure Web Browser Access. In the default configuration, web browser access is enabled. Syntax: [no] web-management...
Page 155 Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet N o t e If you change the Baud Rate or Flow Control settings for the switch, you should make the corresponding changes in your console access device. Oth- erwise, you may lose connectivity between the switch and your terminal emulator due to differences between the terminal and switch settings for these two parameters.
Page 156 Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet You can also execute a series of console commands and then save the configuration and boot the switch. For example: Configure individual parameters. Save the changes. Boot the switch.
Page 157: Sessions
Interface Access and System Information Denying Interface Access by Terminating Remote Management Sessions Denying Interface Access by Terminating Remote Management Sessions The switch supports up to five management sessions. You can use show ip ssh to list the current management sessions, and kill to terminate a currently running remote session.
Page 158: System Information
Configuring system information is optional, but recommended. System Name: Using a unique name helps you to identify individual devices where you are using an SNMP network management tool such as ProCurve Manager. System Contact and Location: This information is helpful for identifying the person administratively responsible for the switch and for identifying the locations of individual switches.
Page 159: Menu: Viewing And Configuring System Information
Daylight Time Rule: Specifies the daylight savings time rule to apply for your location. The default is None. (For more on this topic, refer to Appendix D, “Daylight Savings Time on ProCurve Switches.) Time: Used in the CLI to specify the time of day, the date, and other system parameters.
Page 160: Cli: Viewing And Configuring System Information
Interface Access and System Information System Information Press (for Edit). The cursor moves to the System Name field. Refer to the online help provided with this screen for further information on configuration options for these features. When you have finished making changes to the above parameters, press (for Save) and return to the Main Menu.
Page 161 Interface Access and System Information System Information Configure a System Name, Contact, and Location for the Switch. To help distinguish one switch from another, configure a plain-language identity for the switch. Syntax: hostname < name-string > snmp-server [contact <system-contact>] [location <system-location>] Both fields allow up to 48 characters.
Page 162 Syntax: time [ hh:mm [ :ss ]] [ mm/dd/ [ yy ] yy ] For example, to set the switch to 9:45 a.m. on November 17, 2002: ProCurve(config)# time 9:45 11/17/02 N o t e Executing reload or boot resets the time and date to their default startup values.
Page 163: Web: Configuring System Parameters
Interface Access and System Information System Information Web: Configuring System Parameters In the web browser interface, you can enter the following system information: ■ System Name System Location ■ System Contact ■ For access to the MAC Age Interval and the Time parameters, use the menu interface or the CLI.
Page 164 Interface Access and System Information System Information — This page is intentionally unused. — 7-16...
Page 165: Contents
Configuring IP Addressing Contents Overview ........... . . 8-2 IP Configuration .
Page 166: Overview
Configuring IP Addressing Overview Overview You can configure IP addressing through all of the switch’s interfaces. You can also: ■ Easily edit a switch configuration file to allow downloading the file to multiple switches without overwriting each switch’s unique gateway and VLAN 1 IP addressing.
Page 167: Just Want A Quick Start With Ip Addressing?
If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, ProCurve recommends that you use the Switch Setup screen to quickly configure IP addressing. To do so, do one of the following: Enter setup at the CLI Manager level prompt.
Page 168: Ip Addressing With Multiple Vlans
Configuring IP Addressing IP Configuration For more on using the Switch Setup screen, refer to the Installation and Getting Started Guide you received with the switch. IP Addressing with Multiple VLANs In the factory-default configuration, the switch has one, permanent default VLAN (named DEFAULT_VLAN) that includes all ports on the switch.
Page 169: Menu: Configuring Ip Address, Gateway, And Time-To-Live (Ttl)
Configuring IP Addressing IP Configuration Menu: Configuring IP Address, Gateway, and Time-To- Live (TTL) Do one of the following: To manually enter an IP address, subnet mask, set the IP Config parameter ■ to Manual and then manually enter the IP address and subnet mask values you want for the switch.
Page 170: Cli: Configuring Ip Address, Gateway, And Time-To-Live (Ttl)
Configuring IP Addressing IP Configuration If the switch needs to access a router, for example, to reach off-subnet destinations, select the Default Gateway field and enter the IP address of the gateway router. If you need to change the packet Time-To-Live (TTL) setting, select Default TTL and type in a value between 2 and 255.
Page 171 Configuring IP Addressing IP Configuration (You can also use the show management command to display the IP addressing and time server IP addressing configured on the switch. Refer to figure 9-6 on page 9-10.) For example, in the factory-default configuration (no IP addressing assigned), the switch’s IP addressing appears as: The Default IP Configuration...
Page 172 ProCurve(config)# vlan 1 ip address 10.28.227.103/24 This example deletes an IP address configured in VLAN 1. ProCurve (config) no vlan 1 ip address 10.28.227.103/24 Configure Multiple IP Addresses on a VLAN (Multinetting). The fol- lowing is supported: Up to 2000 IP addresses for the switch ■...
Page 173 Configuring IP Addressing IP Configuration 1. Go to VLAN 20. 2. Configure two additional IP addresses on VLAN 3. Display IP addressing. Figure 8-4. Example of Configuring and Displaying a Multinetted VLAN If you then wanted to multinet the default VLAN, you would do the following: Figure 8-5.
Page 174: Web: Configuring Ip Addressing
Syntax: ip default-gateway < ip-address > For example: ProCurve(config)# ip default-gateway 10.28.227.115 Note The switch uses the IP default gateway only while operating as a Layer 2 device. While routing is enabled on the switch, the IP default gateway is not used.
Page 175: How Ip Addressing Affects Switch Operation
Console RS-232 port. You can use direct-connect console access to take advantage of features that do not depend on IP addressing. However, to realize the full capabilities ProCurve proactive networking offers through the switch, configure the switch with an IP address and subnet mask compatible with your network.
Page 176: Dhcp/Bootp Operation
Configuring IP Addressing IP Configuration DHCP/Bootp Operation Overview. DHCP/Bootp is used to provide configuration data from a DHCP or Bootp server to the switch. This data can be the IP address, subnet mask, default gateway, Timep Server address, and TFTP server address. If a TFTP server address is provided, this allows the switch to TFTP a previously saved configuration file from the TFTP server to the switch.
Page 177 Configuring IP Addressing IP Configuration DHCP Operation. A significant difference between a DHCP configuration and a Bootp configuration is that an IP address assignment from a DHCP server is automatic. Depending on how the DHCP server is configured, the switch may receive an IP address that is temporarily leased. Periodically the switch may be required to renew its lease of the IP configuration.
Page 178: Network Preparations For Configuring Dhcp/Bootp
Configuring IP Addressing IP Configuration gw=10.66.77.1:\ lg=10.22.33.44:\ T144=”switch.cfg”:\ vm=rfc1048 where: 5400switch is a user-defined symbolic name to help you find the correct section of the bootptab file. If you have multiple switches that will be using Bootp to get their IP configuration, you should use a unique symbolic name for each switch.
Page 179: Loopback Interfaces
Configuring IP Addressing Loopback Interfaces N o t e Designating a primary VLAN other than the default VLAN affects the switch’s use of information received via DHCP/Bootp. For more on this topic, refer to the chapter describing VLANs in the Advanced Traffic Management Guide for your switch.
Page 180: Configuring A Loopback Interface
Configuring IP Addressing Loopback Interfaces You can use a loopback interface to establish a Telnet session, ping the ■ switch, and access the switch through SNMP, SSH, and HTTP (web interface). ■ A loopback IP address can be used by routing protocols. For example, you can configure the loopback IP address as the router ID used to identify the switch in an OSPF area.
Page 181 Configuring IP Addressing Loopback Interfaces ProCurve(config)# interface loopback 1 ProCurve (lo1)# ip address 10.1.1.1 Figure 8-6. Example of a Loopback Interface Configuration N o t e s ■ You can configure a loopback interface only from the CLI; you cannot configure a loopback interface from the web management or Menu inter- face.
Page 182: Displaying Loopback Interface Configurations
(TTL) and ARP age-out values, and VLAN IP configura- tions. The following example displays the IP addresses configured for two user-defined loopback interfaces (lo1 and lo2). ProCurve> show ip Internet (IP) Service IP Routing : Enabled Default TTL : 64...
Page 183 IP address, enter the show ip route command. The following example displays the configuration of the default loopback interface (lo0) and one user-defined loopback interface (lo2). ProCurve> show ip route IP Route Entries IP Routing : Enabled Default TTL : 64...
Page 184: Ip Preserve: Retaining Vlan-1 Ip Addressing Across Configuration File Downloads
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads For the switches covered in this guide, IP Preserve enables you to copy a configuration file to multiple switches while retaining the individual IP address and subnet mask on VLAN 1 in each switch, and the Gateway IP address assigned to the switch.
Page 185: Enabling Ip Preserve
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads Enabling IP Preserve To set up IP Preserve, enter the ip preserve statement at the end of a configu- ration file. (Note that you do not execute IP Preserve by entering a command from the CLI).
Page 186 Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads ProCurve(config)# show run Running configuration: ; J8697A Configuration Editor; Created on release #K.11.01 hostname "ProCurve" module 1 type J8702A module 2 type J8705A trunk A11-A12 Trk1 Trunk ip default-gateway 10.10.10.115...
Page 187 Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads ProCurve# show run Running configuration: ; J8697A Configuration Editor; Created on release #K.11.01 hostname "ProCurve" module 1 type J8702A module 2 type J8705A trunk A11-A12 Trk1 Trunk Because switch 4 (figure 8-10) ip default-gateway 10.10.10.115...
Page 188 Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads — This page is intentionally unused. — 8-24...
Page 189: Contents
Time Protocols Contents Overview ........... . . 9-2 TimeP Time Synchronization .
Page 190: Overview
Time Protocols Overview Overview This chapter describes: ■ SNTP Time Protocol Operation Timep Time Protocol Operation ■ Using time synchronization ensures a uniform time among interoperating devices. This helps you to manage and troubleshoot switch operation by attaching meaningful time data to event and error messages. The switch offers TimeP and SNTP (Simple Network Time Protocol) and a timesync command for changing the time protocol selection (or turning off time protocol operation).
Page 191: Protocol Operation
Time Protocols Selecting a Time Synchronization Protocol or Turning Off Time Protocol Operation ular server, it ignores time broadcasts from other SNTP servers unless the configurable expires three consecutive times without Poll Interval an update received from the first-detected server. Note To use Broadcast mode, the switch and the SNTP server must be in the same subnet.
Page 192: Disabling Time Synchronization
Time Protocols SNTP: Viewing, Selecting, and Configuring Note that simply selecting a time synchronization protocol does not enable that protocol on the switch unless you also enable the protocol itself (step 2, above). For example, in the factory-default configuration, TimeP is the selected time synchronization method.
Page 193: Menu: Viewing And Configuring Sntp
Time Protocols SNTP: Viewing, Selecting, and Configuring Table 9-1. SNTP Parameters SNTP Parameter Operation Time Sync Used to select either SNTP, TIMEP, or None as the time synchronization method. Method SNTP Mode Disabled The Default. SNTP does not operate, even if specified by the Menu interface Time Sync Method parameter or the CLI timesync command.
Page 194 Time Protocols SNTP: Viewing, Selecting, and Configuring Time Protocol Selection Parameter – TIMEP – SNTP – None Figure 9-1. The System Information Screen (Default Values) Press (for ). The cursor moves to the field. Edit System Name Use [v] to move the cursor to the Time Sync Method field.
Page 195 SNTP server version running on the device you specified in the preceding step (step ii). If you are unsure which version to use, ProCurve recommends leaving this value at the default setting of and testing SNTP operation to determine whether any change is necessary.
Page 196: Cli: Viewing And Configuring Sntp
Time Protocols SNTP: Viewing, Selecting, and Configuring CLI: Viewing and Configuring SNTP CLI Commands Described in this Section SNTP Command Page show sntp [no] timesync 9-10 and ff., 9-13 sntp broadcast 9-10 sntp unicast 9-11 sntp server 9-11 and ff. Protocol Version 9-13 poll-interval...
Page 197 Time Protocols SNTP: Viewing, Selecting, and Configuring Figure 9-4. Example of SNTP Configuration When SNTP Is the Selected Time Synchronization Method In the factory-default configuration (where TimeP is the selected time synchronization method), still lists the SNTP configuration even show sntp though it is not currently in use.
Page 198: Configuring (Enabling Or Disabling) The Sntp Mode
Time Protocols SNTP: Viewing, Selecting, and Configuring Figure 9-6. Example of Display Showing IP Addressing for All Configured Time Servers and VLANs Configuring (Enabling or Disabling) the SNTP Mode Enabling the SNTP mode means to configure it for either broadcast or unicast mode.
Page 199 Time Protocols SNTP: Viewing, Selecting, and Configuring Syntax: sntp broadcast Configures as the SNTP mode. broadcast For example, suppose: ■ Time synchronization is in the factory-default configuration (TimeP is the currently selected time synchronization method). You want to: ■ 1. View the current time synchronization. 2.
Page 200 ProCurve(config)# timesync sntp Selects SNTP. ProCurve(config)# sntp unicast Activates SNTP in Unicast mode. ProCurve(config)# sntp server 10.28.227.141 Specifies the SNTP server and accepts the current SNTP server version (default: 3). In this example, the Poll Interval and the Protocol Version appear at their default settings.
Page 201 720 seconds. (This parameter is separate from the poll inter- val parameter used for Timep operation.) For example, to change the poll interval to 300 seconds: ProCurve(config)# sntp poll-interval 300 Disabling Time Synchronization Without Changing the SNTP Configuration. The recommended method for disabling time synchroniza-...
Page 202 Time Protocols SNTP: Viewing, Selecting, and Configuring Figure 9-10. Example of SNTP with Time Sychronization Disabled Disabling the SNTP Mode. If you want to prevent SNTP from being used even if selected by (or the Menu interface’s param- timesync Time Sync Method eter), configure the SNTP mode as disabled.
Page 203: Timep: Viewing, Selecting, And Configuring
Time Protocols TimeP: Viewing, Selecting, and Configuring TimeP: Viewing, Selecting, and Configuring TimeP Feature Default Menu view the Timep time synchronization configuration page 9-16 page 9-18 — select Timep as the time synchronization method TIMEP page 9-14 pages 9-20 ff. —...
Page 204: Menu: Viewing And Configuring Timep
Time Protocols TimeP: Viewing, Selecting, and Configuring Menu: Viewing and Configuring TimeP To View, Enable, and Modify the TimeP Protocol: From the Main Menu, select: 2. Switch Configuration... 1. System Information Time Protocol Selection Parameter – TIMEP (the default) – SNTP –...
Page 205 Time Protocols TimeP: Viewing, Selecting, and Configuring • Use the Space bar to select the mode. Manual [>] Press to move the cursor to the field. Server Address ii. Enter the IP address of the TimeP server you want the switch to use for time synchronization.
Page 206: Cli: Viewing And Configuring Timep
Time Protocols TimeP: Viewing, Selecting, and Configuring CLI: Viewing and Configuring TimeP CLI Commands Described in this Section Command Page show timep 9-18 [no] timesync 9-20 ff., 9-23 ip timep dhcp 9-20 manual 9-21 server <ip-addr> 9-21 interval 9-22 no ip timep 9-23 This section describes how to use the CLI to view, enable, and configure TimeP parameters.
Page 207 Time Protocols TimeP: Viewing, Selecting, and Configuring If SNTP is the selected time synchronization method, still lists the show timep TimeP configuration even though it is not currently in use: Even though, in this example, SNTP is the current time synchronization method, the switch maintains the TimeP configuration.
Page 208: Configuring (Enabling Or Disabling) The Timep Mode
Time Protocols TimeP: Viewing, Selecting, and Configuring Configuring (Enabling or Disabling) the TimeP Mode Enabling the TimeP mode means to configure it for either broadcast or unicast mode. Remember that to run TimeP as the switch’s time synchronization protocol, you must also select TimeP as the time synchronization method by using the CLI timesync command (or the Menu interface Time Sync Method parameter).
Page 209 For example, to select TimeP and configure it for manual operation using a TimeP server address of 10.28.227.141 and the default poll interval (720 minutes, assuming the TimeP poll interval is already set to the default): ProCurve(config)# timesync timep Selects TimeP. ProCurve(config)# ip timep manual 10.28.227.141 Activates TimeP in Manual mode. 9-21...
Page 210 1 to 9999 minutes. (This parameter is separate from the poll interval parameter used for SNTP operation.) Syntax: ip timep < dhcp | manual > interval < 1 - 9999 > For example, to change the poll interval to 60 minutes: ProCurve(config)# ip timep interval 60 9-22...
Page 211 TimeP mode, and the factory-default polling DHCP interval. You would halt time synchronization with this command: ProCurve(config)# no timesync If you then viewed the TimeP configuration, you would see the following: Figure 9-18. Example of TimeP with Time Sychronization Disabled Disabling the TimeP Mode.
Page 212: Sntp Unicast Time Polling With Multiple Sntp Servers
Time Protocols SNTP Unicast Time Polling with Multiple SNTP Servers SNTP Unicast Time Polling with Multiple SNTP Servers When running SNTP unicast time polling as the time synchronization method, the switch requests a time update from the server you configured with either the Server Address parameter in the menu interface, or the primary server in a list of up to three SNTP servers configured using the CLI.
Page 213: Displaying All Sntp Server Addresses Configured On The Switch
Time Protocols SNTP Unicast Time Polling with Multiple SNTP Servers Displaying All SNTP Server Addresses Configured on the Switch The System Information screen in the menu interface displays only one SNTP server address, even if the switch is configured for two or three servers. The CLI show management command displays all configured SNTP servers on the switch.
Page 214 (Refer to “Address Prioritization” on page 9-24.) Syntax: no sntp server < ip-addr > For example, to delete the primary address in the above example (and automatically convert the secondary address to primary): ProCurve(config)# no sntp server 10.28.227.141 9-26...
Page 215: Menu: Operation With Multiple Sntp Server Addresses Configured
Time Protocols SNTP Messages in the Event Log Menu: Operation with Multiple SNTP Server Addresses Configured When you use the Menu interface to configure an SNTP server IP address, the new address writes over the current primary address, if one is configured. If there are multiple addresses configured, the switch re-orders the addresses according to the criteria described under “Address Prioritization”...
Page 216 Time Protocols SNTP Messages in the Event Log — This page is intentionally unused. — 9-28...
Page 217: Contents
Configuring a Broadcast Limit on the Switch ....10-15 Configuring ProCurve Auto-MDIX ......10-15 Web: Viewing Port Status and Configuring Port Parameters .
Page 218: Overview
10-6 page 10-12 page 10-18 10-1 on pages 10-3 thru 10-4 configuring ProCurve auto-mdix page 9-11 Note On Connecting If the switch either fails to show a link between an installed transceiver and Transceivers to another device, or demonstrates errors or other unexpected behavior on the...
Page 219 • Auto-10: Allows the port to negotiate between half-duplex (HDx) and full-duplex (FDx) while keeping speed at 10 Mbps. Also negotiates flow control (enabled or disabled). ProCurve recommends Auto- 10 for links between 10/100 auto-sensing ports connected with Cat 3 cabling. (Cat 5 cabling is required for 100 Mbps links.).
Page 220 Port Status and Configuration Viewing Port Status and Configuring Port Parameters Status or Description Parameter — Continued From Previous Page — Gigabit Fiber-Optic Ports (Gigabit-SX, Gigabit-LX, and Gigabit-LH): • 1000FDx: 1000 Mbps (1 Gbps), Full Duplex only • Auto (default): The port operates at 1000FDx and auto-negotiates flow control with the device connected to the port.
Page 221: Menu: Port Configuration
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Menu: Port Configuration From the menu interface, you can view and change the port configuration. Using the Menu To View Port Configuration. The menu interface dis- plays the configuration for ports and (if configured) any trunk groups. From the Main Menu, select: 1.
Page 222 Port Status and Configuration Viewing Port Status and Configuring Port Parameters Using the Menu To Configure Ports. N o t e The menu interface uses the same screen for configuring both individual ports and port trunk groups. For information on port trunk groups, refer to Chapter 12, “Port Trunking”...
Page 223: Cli: Viewing Port Status And Configuring Port Parameters
Port Status and Configuration Viewing Port Status and Configuring Port Parameters CLI: Viewing Port Status and Configuring Port Parameters From the CLI, you can configure and view all port parameter settings and view all port status indicators. Port Status and Configuration Commands show interfaces brief page 10-8 show interfaces config...
Page 224 Port Status and Configuration Viewing Port Status and Configuring Port Parameters This screen shows current port operating status. Note: The (per-port) Bcast Limit column appears only on the 3400cl and 6400cl switches. (The 5400zl switches apply a global broadcast limit. 3400cl/ 6400cl Switches...
Page 225: Viewing Port Utilization Statistics
Viewing Port Status and Configuring Port Parameters Viewing Port Utilization Statistics Use the show interface port-utilization command to view a real-time rate display for all ports on the switch. The following shows a sample output from this command. ProCurve# show interface port-utilization Port Mode ------- -------...
Page 226: Viewing Transceiver Status
■ Display real-time status information about all installed transceivers, including non-operational transceivers. Figure 10-6 shows sample output from the show tech transceivers command. ProCurve# show tech transceivers Transceiver Technical Information: Port # | Type | Prod # | Serial #...
Page 227 • Part number—Allows you to determine the manufacturer for a spec- ified transceiver and revision number. For a non-ProCurve installed transceiver (see line 23 Figure 10-6), no ■ transceiver type, product number, or part information is displayed. In the Serial Number field, non-operational is displayed instead of a serial num- ber.
Page 228: Enabling Or Disabling Ports And Configuring Port Mode
For example, to configure ports C1 through C3 and port C6 for 100Mbps full- duplex, you would enter these commands: ProCurve(config)# int c1-c3,c6 speed-duplex 100-full Similarly, to configure a single port with the above command settings, you could either enter the same command with only the one port identified, or go to the context level for that port and then enter the command.
Page 229: Enabling Or Disabling Flow Control
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Enabling or Disabling Flow Control N o t e You must enable flow control on both ports in a given link. Otherwise, flow control does not operate on the link, and appears as Off in the show interfaces brief port listing, even if flow control is configured as enabled on the port in the switch.
Page 230 Port Status and Configuration Viewing Port Status and Configuring Port Parameters Disables per-port flow control on ports A5 and A6. Figure 10-9. Example Continued from Figure 10-8 Disables per-port flow control on ports A1 through A4 . Flow control is now disabled on the switch.
Page 231: Configuring A Broadcast Limit On The Switch
Broadcast-Limit on switches covered in this guide is configured on a per-port basis. You must be at the port context level for this command to work, for example: ProCurve(config)#int B1 ProCurve(int B1)# broadcast-limit 1 Broadcast-Limit. Syntax: broadcast-limit <0-99> Enables or disables broadcast limiting for outbound broadcasts on a selected port on the switch.
Page 232 ProCurve Auto-MDIX was developed for auto-negotiating devices, and was shared with the IEEE for the development of the IEEE 802.3ab standard. ProCurve Auto-MDIX and the IEEE 802.3ab Auto MDI/MID-X feature are completely compatible. Additionally, ProCurve Auto-MDIX supports opera- tion in forced speed and duplex modes.
Page 233 Port Status and Configuration Viewing Port Status and Configuring Port Parameters MDI/MDI-X Device Type Setting PC or Other MDI Device Type Switch, Hub, or Other MDI-X Device Auto-MDI-X Either Crossover or Straight-Through Cable (The Default) The Auto-MDIX features apply only to copper port switches using twisted-pair copper Ethernet cables.
Page 234: Web: Viewing Port Status And Configuring Port Parameters
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Per-Port MDI Configuration Figure 10-11. Example of Displaying the Current MDI Configuration Per-Port MDI Operating Mode Figure 10-12. Example of Displaying the Current MDI Operating Mode Web: Viewing Port Status and Configuring Port Parameters In the web browser interface: Click on the Configuration tab.
Page 235: Using Friendly (Optional) Port Names
Port Status and Configuration Using Friendly (Optional) Port Names Using Friendly (Optional) Port Names Feature Default Menu Configure Friendly Port Names Standard Port page 20 Numbering Display Friendly Port Names page 22 This feature enables you to assign alphanumeric port names of your choosing to augment automatically assigned numeric port names.
Page 236: Configuring Friendly Port Names
Port Status and Configuration Using Friendly (Optional) Port Names To retain friendly port names across reboots, you must save the current ■ running-configuration to the startup-config file after entering the friendly port names. (In the CLI, use the write memory command.) Configuring Friendly Port Names Syntax: interface <...
Page 237 Port Status and Configuration Using Friendly (Optional) Port Names Configuring the Same Name for Multiple Ports. Suppose that you want to use ports A5 through A8 as a trunked link to a server used by a drafting group. In this case you might configure ports A5 through A8 with the name “Draft-Server:Trunk”.
Page 238: Displaying Friendly Port Names With Other Port Data
Port Status and Configuration Using Friendly (Optional) Port Names Displaying Friendly Port Names with Other Port Data You can display friendly port name data in the following combinations: show name: Displays a listing of port numbers with their corresponding ■ friendly port names and also quickly shows you which ports do not have friendly name assignments.
Page 239 Port Status and Configuration Using Friendly (Optional) Port Names Port Without a “Friendly” Name Friendly port names assigned in previous examples. Figure 10-16. Example of Friendly Port Name Data for Specific Ports on the Switch Including Friendly Port Names in Per-Port Statistics Listings. A friendly port name configured to a port is automatically included when you display the port’s statistics output.
Page 240 Port Status and Configuration Using Friendly (Optional) Port Names For a given port, if a friendly port name does not exist in the running-config file, the Name line in the above command output appears as: Name not assigned To Search the Configuration for Ports with Friendly Port Names. This option tells you which friendly port names have been saved to the startup- config file.
Page 241: Uni-Directional Link Detection (Udld)
When UDLD is enabled on the trunk ports on each ProCurve switch, the switches detect the failed link, block the ports connected to the failed link, and use the remaining ports in the trunk group to forward the traffic.
Page 242: Configuring Udld
When configuring UDLD, keep the following considerations in mind: ■ UDLD is configured on a per-port basis and must be enabled at both ends of the link. See the note below for a list of ProCurve switches that support UDLD. ■...
Page 243: Enabling Udld
Enabling UDLD UDLD is enabled on a per port basis. For example, to enable UDLD on port a1, enter: ProCurve(config)#interface al link-keepalive To enable the feature on a trunk group, enter the appropriate port range. For example: ProCurve(config)#interface al-a4 link-keepalive...
Page 244: Changing The Keepalive Interval
The default implementation of UDLD sends the UDLD control packets untagged, even across tagged ports. If an untagged UDLD packet is received by a non-ProCurve switch, that switch may reject the packet. To avoid such an occurrence, you can configure ports to send out UDLD control packets that are tagged with a specified VLAN.
Page 245: Viewing Udld Information
To display summary information on all UDLD-enabled ports, enter the show link-keepalive command. For example: ProCurve(config)# show link-keepalive Total link-keepalive enabled ports: 4 Keepalive Retries: Keepalive Interval: 1 sec...
Page 246 To display detailed UDLD information for specific ports, enter the show link- keepalive statistics command. For example: Ports 1 and 2 are UDLD-enabled and show the number of health check packets sent and received on each port. ProCurve(config)# show link-keepalive statistics Port: Current State: Neighbor MAC Addr: 0000a1-b1c1d1...
Page 247: Configuration Warnings And Event Log Messages
Port Status and Configuration Uni-Directional Link Detection (UDLD) Configuration Warnings and Event Log Messages Warning Messages. The following table shows the warning messages that may be issued and their possible causes, when UDLD is configured for tagged ports. Table 10-1. Warning Messages caused by configuring UDLD for Tagged Ports CLI Command Example Warning Message Possible Problem...
Page 248 Port Status and Configuration Uni-Directional Link Detection (UDLD) — This page is intentionally unused. — 10-32...
Page 249: Contents
PoE Power on the Series 3500yl Switches ....11-10 Using a ProCurve 620 Redundant Power Supply ... . 11-11 Power Priority Operation .
Page 250 Power Over Ethernet (PoE) Operation Contents Displaying the PoE Status on Specific Ports ....11-23 Planning and Implementing a PoE Configuration ....11-25 Assigning PoE Ports to VLANs .
Page 251: Poe Devices
PoE Devices PoE Devices The Power Over Ethernet (PoE) features described operate on the Series 5400zl and Series 3500yl switches. (The Series 6200yl switches do not offer PoE.) PoE on Series 5400zl Switches The Series 5400zl switches are used as a Power Sourcing Equipment (PSE)
Page 252: Introduction To Poe
LAN cabling. For more information about PoE technology, refer to the PoE Plan- ning and Implementation Guide, which is available on the ProCurve Net- working web site at www.procurve.com. (Click on technical support, then Product manuals (all)).
Page 253: Overview Of Operation For Series 3500Yl Switches
Overview of Operation for Series 5400zl Switches A Series 5400zl 24-port Gig-T PoE module (J8702A) is a PSE device that receives PoE power from either a ProCurve J8712A Power Supply or a ProCurve J8713A Power Supply and distributes this power to the PDs con- nected to the PoE module’s Gig-T ports.
Page 254: Related Publications
ProCurve Networking web site at www.procurve.com. (Click on technical support, then Product manuals (all).) The latest version of any ProCurve product guide is always on the ProCurve Networking web site. Refer to “Getting Documentation From the Web” on page 1-7.
Page 255: General Poe Operation
Series 3500yl switches. For additional PoE configuration information for the Series 5400zl and Series 3500yl switches, refer to the PoE Planning and Implementation Guide, which is available from the ProCurve Networking web site at www.procurve.com. (Click on technical support, then Product manu- als (all)). Configuration Options In the default configuration, all Gig-T ports on the PoE module in a Series 5400zl switch are configured to support PoE operation.
Page 256: Pd Support
Power Over Ethernet (PoE) Operation General PoE Operation Note The ports on a PoE module support standard networking links and PoE links. Thus, you can connect either a non-PoE device or a PD to a PoE-enabled port without reconfiguring the port. PD Support When you connect the first PD to a PoE port, the PoE module must have a minimum of 17 watts of PoE power available in order to detect and supply...
Page 257 Power Over Ethernet (PoE) Operation General PoE Operation Disconnecting a PD from a PoE port causes the module to stop providing PoE power to that port and makes the power available to any other PoE ports that have PDs connected and waiting for power. If the PD demand for power becomes greater than the PoE power available, then power is transferred from the lower-priority ports to the higher-priority ports.
Page 258: Determining The Amount Of Poe Power Available
PoE Power on the Series 3500yl Switches The internal PoE power supply of the ProCurve 3500yl-24G-PWR provides 398 watts across 24 ports. The internal power supply of the ProCurve 3500yl-48G- PWR supplies 398 watts across 48 ports. The switch reserves 22 watts for each bank of 24 ports (ports 1-24 and 25-48) so that neither set of ports receives the entire 398 watts.
Page 259: Using A Procurve 620 Redundant Power Supply
398 watts of PoE power to each of the two EPS ports. For further information regarding the 620 RPS/EPS PoE capabilities, see the ProCurve Power over Ethernet (PoE) for zl and yl Products Planning and Implementation Guide and the ProCurve 620 Redundant and External Power Supply Installation and Getting Started Guide, which are on the ProCurve Web site at www.procurve.com.
Page 260: Power Priority Operation
Power Over Ethernet (PoE) Operation General PoE Operation Power Priority Operation When Is Power Allocation Prioritized? If a PSE can provide power for all connected PD demand, it does not use its power priority settings to allocate power. However, if the PD power demand oversubscribes the available power, then the power allocation is prioritized to the ports that present a PD power demand.
Page 261: Poe Priority With Two Or More Modules
Critical In this example, the following CLI command sets ports C3-C17 to Critical: ProCurve(config)# interface c3-c17 power critical The Critical priority class always receives power. If there is not enough power to provision PDs on all of the ports configured for this class, then no power goes to ports configured for High and Low priority.
Page 262 For example: All ports on module C are prioritized as Critical. ProCurve(config)# interface c1-c24 power critical All ports on module A are prioritized as Low. ProCurve(config)# interface a1-a24 power low There are 48 PDs attached to all ports of modules A and C (24 ports each module).
Page 263: Configuring Poe Operation
You can use one command to set the same priority level on PoE ports in multiple modules. For example, to configure the priority to High for ports c5-c10, C23-C24, D1-D10, and D12, you could use this command: ProCurve(config)# interface c5-c10,c23-c24,d1- d10,d12 power high 11-15...
Page 264: Disabling Or Re-Enabling Poe Port Operation
Power Over Ethernet (PoE) Operation Configuring PoE Operation Disabling or Re-Enabling PoE Port Operation Syntax: [no] interface < port-list > power Re-enables PoE operation on < port-list > and restores the priority setting in effect when PoE was disabled on < port-list >. The [no] form of the command disables PoE operation on <...
Page 265: Changing The Threshold For Generating A Power Notice
In this case, executing the following command sets the global notification threshold to 70% of available PoE power. ProCurve(config)# power threshold 70 With this setting, if module B is allocated 100 watts of PoE power and is using 68 watts, and then another PD is connected to the module in slot B that uses 8 watts, the 70% threshold of 70 watts is exceeded.
Page 266: Configuring Optional Poe Port Identifiers
PoE module in slot “A” to 75% and the threshold for the module in slot “B” to 68% by executing the following two commands: ProCurve(config)# power slot a threshold 75 ProCurve(config)# power slot b threshold 68 Note that the last threshold command affecting a given slot supersedes the previous threshold command affecting the same slot.
Page 267 Power Over Ethernet (PoE) Operation Configuring PoE Operation Use the walkmib pethPsePortType.< slot-# > command to determine the MIB- based port number for the port to which you want to assign a Configured Type identifier. On the 5406zl switch the slot numbering is as follows: Slot Slot Number Used in the MIB...
Page 268 For example, to return port B2 in the above figure to a null setting, use this command: ProCurve(config)# setmib pethPsePortType.2.27 -D " " For more on displaying PoE configuration and status, refer to “Viewing PoE Configuration and Status” on page 11-21.
Page 269: Viewing Poe Configuration And Status
Power Over Ethernet (PoE) Operation Viewing PoE Configuration and Status Viewing PoE Configuration and Status Displaying the Switch’s Global PoE Power Status Syntax: show power-management Displays the switch’s global PoE power status, including: • Maximum Power: Lists the maximum PoE wattage available to provision active PoE ports on the switch.
Page 270: Displaying An Overview Of Poe Status On All Ports
Power Over Ethernet (PoE) Operation Viewing PoE Configuration and Status Displaying an Overview of PoE Status on All Ports Syntax: show power-management brief Displays the following port power status: • Port: Lists all PoE-capable ports on the switch. • Power Enable: Shows Yes for ports enabled to support PoE (the default) and No for ports on which PoE is disabled.
Page 271: Displaying The Poe Status On Specific Ports
Power Over Ethernet (PoE) Operation Viewing PoE Configuration and Status Ports C1 through C4 are delivering power. The remaining ports are available to supply power, but currently do not detect a connected PD. Figure 11-3. Example of Show Power-Management Brief Output Displaying the PoE Status on Specific Ports Syntax: show power-management <...
Page 272 Power Over Ethernet (PoE) Operation Viewing PoE Configuration and Status Syntax: show power-management < port-list > (Continued) Power Denied Cnt: Shows the number of times PDs requesting • power on the port have been denied due to insufficient power available. Each occurrence generates an Event Log message. Voltage: The total voltage, in dV, being delivered to PDs.
Page 273: Planning And Implementing A Poe Configuration
Configuration This section provides an overview of some considerations for planning a PoE application. For additional information on this topic, refer to the ProCurve PoE Planning and Implementation Guide which is available on the ProCurve Networking web site at www.procurve.com. (Click on technical support, then Product manuals (all)).
Page 274: Assigning Priority Policies To Poe Traffic
For more information on security options, refer to the latest edition of the Access Security Guide for your switch. (The ProCurve Networking web site offers the latest version of all ProCurve product publications. Refer to “Getting Documentation From the Web” on page 1-7.)
Page 275: Calculating The Maximum Load For A Poe Module
Calculating the Maximum Load for a PoE Module The maximum power available for a PoE module depends on the type of power supplies used. ProCurve recommends that if you use more than one power supply, use the same type of power supplies in your PoE implementation, that...
Page 276: When A Power Supply Fails
For additional information about planning your PoE configuration, refer to the PoE Planning and Implementation Guide, which is available from the ProCurve Networking web site at www.procurve.com. (Click on technical support, then Product manuals (all).) 11-28...
Page 277: Poe Operating Notes
PoE device connected to port 1 on a PoE module installed in slot D: ProCurve(config)# no interface d1 power ProCurve(config)# interface d1 power Disabling all PoE ports in a module allows you to recover the 22 watts ■...
Page 278: Poe Event Log Messages
Power Over Ethernet (PoE) Operation PoE Operating Notes PoE Event Log Messages PoE operation generates these Event Log messages. You can also configure the switch to send these messages to a configured debug destination (terminal device or SyslogD server). “Informational” PoE Event-Log Messages Message Meaning I <...
Page 279: Warning" Poe Event-Log Messages
Power Over Ethernet (PoE) Operation PoE Operating Notes “Warning” PoE Event-Log Messages Message Meaning W < > chassis > < Message header, with severity, date, system time, and system module type. For more information on Event Log operation, including severity indicators, refer to “Using the Event Log To Identify Problem Sources”...
Page 280 Power Over Ethernet (PoE) Operation PoE Operating Notes — This page is intentionally unused. — 11-32...
Page 281: Contents
Port Trunking Contents Overview ........... . 12-2 Port Trunk Features and Operation .
Page 282: Overview
Port Trunking Overview Overview This chapter describes creating and modifying port trunk groups. This includes non-protocol trunks and LACP (802.3ad) trunks. Port Status and Configuration Features Feature Default Menu viewing port trunks page 12-9 page 12-11 page 12-17 configuring a static trunk none page 12-9 page 12-15...
Page 283 Port Trunking Overview Port Connections and Configuration: All port trunk links must be point- to-point connections between a switch and another switch, router, server, or workstation configured for port trunking. No intervening, non-trunking devices are allowed. It is important to note that ports on both ends of a port trunk group must have the same mode (speed and duplex) and flow control settings.
Page 284: Port Trunk Features And Operation
LACP requires full-duplex (FDx) links of the same media type (10/100Base-T, 100FX, etc.) and the same speed, and enforces speed and duplex conformance across a trunk group. For most installations, ProCurve recommends that you leave the port Mode settings at Auto (the default). LACP also operates with Auto-10, Auto-100, and Auto-1000 (if negotiation selects FDx), and 10FDx, 100FDx, and 1000FDx settings.
Page 285 Port Trunking Trunk Configuration Methods ProCurve(config) int c1-c4 lacp active Note that the preceding example works if the ports are not already operating in a trunk. To change the LACP option on ports already operating as a trunk, you must first remove them from the trunk. For example, if ports C1 - C4 were...
Page 286 For more information, refer to “Trunk Group Operation Using LACP” on page 12-18. Trunk Provides manually configured, static-only trunking to: (non- • Most ProCurve switches and routing switches not running the 802.3ad LACP protocol. protocol) • Windows NT and HP-UX workstations and servers Use the Trunk option when: –...
Page 287 Port Configuration: The default port configuration is Auto, which enables a port to sense speed and negotiate duplex with an Auto-Enabled port on another device. ProCurve recommends that you use the Auto setting for all ports you plan to use for trunking.
Page 288 Port Trunking Trunk Configuration Methods Spanning Tree: 802.1D (STP) and 802.1w (RSTP) Spanning Tree operate as a global setting on the switch (with one instance of Spanning Tree per switch). 802.1s (MSTP) Spanning Tree operates on a per-instance basis (with multiple instances allowed per switch).
Page 289: Menu: Viewing And Configuring A Static Trunk Group
Port Trunking Menu: Viewing and Configuring a Static Trunk Group Menu: Viewing and Configuring a Static Trunk Group Important Configure port trunking before you connect the trunked links to another switch, routing switch, or server. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured.
Page 290 Port Trunking Menu: Viewing and Configuring a Static Trunk Group • For proper trunk operation, all ports in a trunk must have the same media type and mode (such as 10/100TX set to 100FDx, or 100FX set to 100FDx). The flow control settings must also be the same for all ports in a given trunk.
Page 291: Cli: Viewing And Configuring Port Trunk Groups
Port Trunking CLI: Viewing and Configuring Port Trunk Groups Connect the trunked ports on the switch to the corresponding ports on the opposite device. If you previously disabled any of the trunked ports on the switch, enable them now. (Refer to “Viewing Port Status and Configuring Port Parameters”...
Page 292 Port Trunking CLI: Viewing and Configuring Port Trunk Groups Using a port list specifies, for switch ports in a static trunk group, only the ports you want to view. In this case, the command specifies ports A5 through A7. However, because port A6 is not in a static trunk group, it does not appear in the resulting listing: Port A5 appears with an example of a name that you can optionally assign using the Friendly Port Names feature.
Page 293 Port Trunking CLI: Viewing and Configuring Port Trunk Groups Listing Static LACP and Dynamic LACP Trunk Data. Syntax: show lacp Lists data for only the LACP-configured ports.. In the following example, ports A1 and A2 have been previously configured for a static LACP trunk. (For more on the “Active” parameter, see table 12-5 on page 12-21.) Figure 12-8.
Page 294: Using The Cli To Configure A Static Or Dynamic Trunk Group
Port Trunking CLI: Viewing and Configuring Port Trunk Groups “Up” Links Standby Link Figure 12-9. Example of a Dynamic LACP Trunk with One Standby Link Using the CLI To Configure a Static or Dynamic Trunk Group I m p o r t a n t Configure port trunking before you connect the trunked links between switches.
Page 295 Removing a port from a trunk can create a loop and cause a broadcast storm. When you remove a port from a trunk where spanning tree is not in use, ProCurve recommends that you first disable the port or disconnect the link on that port.
Page 296 < port-list >. This example uses ports C4 and C5 to enable a dynamic LACP trunk group. ProCurve(config)# interface c4-c5 lacp active Removing Ports from an Dynamic LACP Trunk Group. To remove a port from dynamic LACP trunk operation, you must turn off LACP on the port.
Page 297: Web: Viewing Existing Port Trunk Groups
To help prevent a broadcast storm when you remove a port from a trunk where spanning tree is not in use, ProCurve recommends that you first disable the port or disconnect the link on that port.
Page 298: Trunk Group Operation Using Lacp
LACP requires full-duplex (FDx) links of the same media type (10/100Base-T, 100FX, etc.) and the same speed, and enforces speed and duplex conformance across a trunk group. For most installations, ProCurve recommends that you leave the port Mode settings at Auto (the default). LACP also operates with Auto-10, Auto-100, and Auto-1000 (if negotiation selects FDx), and 10FDx, 100FDx, and 1000FDx settings.
Page 299 Port Trunking Trunk Group Operation Using LACP Table 12-4. LACP Trunk Types LACP Port Trunk Operation Configuration 802.3ad-compliant Dynamic LACP This option automatically establishes an trunk group, with LACP for the port Type parameter and DynX for the port Group name, where X is an automatically assigned value from 1 to 36, depending on how many dynamic and static trunks are currently on the switch.
Page 300 Port Trunking Trunk Group Operation Using LACP LACP Port Trunk Operation Configuration Static LACP Provides a manually configured, static LACP trunk to accommodate these conditions: • The port on the other end of the trunk link is configured for a static LACP trunk. •...
Page 301: Default Port Operation
Table 12-5 lists the elements of per-port LACP operation. To display this data for a switch, execute the following command in the CLI: ProCurve> show lacp Table 12-5. LACP Port Status Data Status Name...
Page 302: Lacp Notes And Restrictions
If you configure port security on a port on which LACP (active or passive) is configured, the switch removes the LACP configuration, displays a notice that LACP is disabled on the port(s), and enables 802.1X on that port. ProCurve(config)# aaa port-access authenticator b1 LACP has been disabled on 802.1x port(s). ProCurve(config)# The switch will not allow you to configure LACP on a port on which port access (802.1X) is enabled.
Page 303 Port Trunking Trunk Group Operation Using LACP ProCurve(config)# int a17 lacp passive Error configuring port A17: LACP and port security cannot be run together. ProCurve(config)# To restore LACP to the port, you must remove port security and re-enable LACP active or passive.
Page 304 Status becomes “Up”). When the other port becomes active again, the replace- ment port goes back to blocked (Port Status is “Blocked”). It can take a few seconds for the switch to discover the current status of the ports. ProCurve(eth-B1-B8)# show lacp LACP PORT...
Page 305 Port Trunking Trunk Group Operation Using LACP If there are ports that you do not want on the default VLAN, ensure that ■ they cannot become dynamic LACP trunk members. Otherwise a traffic loop can unexpectedly occur. For example: VLAN-1 VLAN-1 VLAN-1 VLAN-1...
Page 306: Trunk Group Operation Using The "Trunk" Option
Port Trunking Trunk Group Operation Using the “Trunk” Option Dynamic/Static LACP Interoperation: A port configured for dynamic LACP can properly interoperate with a port configured for static (TrkX) LACP, but any ports configured as standby LACP links will be ignored. Trunk Group Operation Using the “Trunk”...
Page 307: How The Switch Lists Trunk Data
Port Trunking How the Switch Lists Trunk Data How the Switch Lists Trunk Data Static Trunk Group: Appears in the menu interface and the output from the CLI show trunk and show interfaces commands. Dynamic LACP Trunk Group: Appears in the output from the CLI show lacp command.
Page 308 Port Trunking Outbound Traffic Distribution Across Trunked Links The load-balancing is done on a per communication basis. Otherwise, traffic is transmitted across the same path as shown in figure 12-13. That is, if Client A attached to Switch 1 sends five packets of data to Server A attached to Switch 2, the same link is used to send all five packets.
Page 309 Port Trunking Outbound Traffic Distribution Across Trunked Links Table 12-6. Example of Link Assignments in a Trunk Group (SA/DA Distribution) Source: Destination: Link: Node A Node W Node B Node X Node C Node Y Node D Node Z Node A Node Y Node B Node W...
Page 310 Port Trunking Outbound Traffic Distribution Across Trunked Links — This page is intentionally unused. — 12-30...
Page 311: Contents
Port Traffic Controls Contents Overview ........... . 13-3 Rate-Limiting .
Page 312 Port Traffic Controls Contents Configuring Jumbo Frame Operation ......13-28 Overview ..........13-28 Viewing the Current Jumbo Configuration .
Page 313: Overview
Port Traffic Controls Overview Overview Feature Default Menu Rate-Limiting None 13-4 Guaranteed Minimum Per Queue (1-8 order): 13-18 Bandwidth 2%-3%-30%-10%-10%- 10%-15%-20% Jumbo Packets Disabled 13-26 This chapter includes: ■ Rate-Limiting: Enables a port to limit the amount of bandwidth a user or device may utilize for traffic on the switch.
Page 314: Rate-Limiting
Port Traffic Controls Rate-Limiting Rate-Limiting Feature Default Menu rate-limit all none page 13-5 show rate-limit all page 13-6 rate-limit icmp none page 13-12 show rate-limit icmp page 13-13 All Traffic Rate-Limiting Rate-limiting for all traffic operates on a per-port basis to allow only the specified bandwidth to be used for inbound or outbound traffic.
Page 315: Configuring Rate-Limiting
• Configuring a rate limit of 0 (zero) on a port blocks all traffic on that port. However, if this is the desired behavior on the port, ProCurve recommends using the < port-list > disable command instead of configuring a rate limit of 0.
Page 316: Displaying The Current Rate-Limit Configuration
For example, either of the following commands configures an inbound rate limit of 60% on ports A3 - A5: ProCurve (config)# int a3-a5 rate-limit all in percent 60 ProCurve (eth-A3-A5)# rate-limit all in percent 60...
Page 317 (Note that configuration changes performed with the CLI, but not followed by a write mem command do not appear in the startup-config file.) ProCurve Switch 5406zl# show config Startup configuration: ; J8697A Configuration Editor; Created on release #K.12.XX hostname "ProCurve Switch 5406zl"...
Page 318: Operating Notes For Rate-Limiting
Port Traffic Controls Rate-Limiting Operating Notes for Rate-Limiting Rate-limiting operates on a per-port basis, regardless of traffic ■ priority. Rate-limiting is available on all types of ports (other than trunked ports) on the switches covered in this guide, and at all port speeds configurable for these devices.
Page 319 Port Traffic Controls Rate-Limiting Traffic filters on rate-limited ports: Configuring a traffic filter on a ■ port does not prevent the switch from including filtered traffic in the bandwidth-use measurement for rate-limiting when it is configured on the same port. For example, ACLs, source-port filters, protocol filters, and multicast filters are all included in bandwidth usage calculations.
Page 320: Icmp Rate-Limiting
Port Traffic Controls Rate-Limiting ICMP Rate-Limiting In IP networks, ICMP (Internet Control Message Protocol) messages are generated in response to either inquiries or requests from routing and diag- nostic functions. These messages are directed to the applications originating the inquiries. In unusual situations, if the messages are generated rapidly with the intent of overloading network circuits, they can threaten network avail- ability.
Page 321: Terminology
Port Traffic Controls Rate-Limiting Terminology All-Traffic Rate-Limiting: Applies a rate-limit to all traffic (including ICMP traffic) on an interface. For details, see “Rate-Limiting” on page 13-4. ICMP Rate-Limiting: Applies a rate-limit to all inbound ICMP traffic received on an interface, but does not limit other types of inbound traffic. Spoofed Ping: An ICMP echo request packet intentionally generated with a valid source IP address and an invalid destination IP address.
Page 322: Configuring Icmp Rate-Limiting
For example, either of the following commands configures an inbound rate limit of 1% on ports A3 - A5, which are used as network edge ports: ProCurve(config)# int a3-a5 rate-limit icmp 1 ProCurve (eth-A3-A5)# rate-limit icmp 1 Using Both ICMP Rate-Limiting and All-Traffic Rate-Limiting on the Same Interface ICMP and all-traffic rate-limiting can be configured on the same interface.
Page 323: Displaying The Current Icmp Rate-Limit Configuration
Port Traffic Controls Rate-Limiting If at a given moment: ■ Inbound ICMP traffic on port “X” is using 1% of the port’s bandwidth, and ■ Inbound traffic of all types on port “X” demands 61% of the ports’s bandwidth, then all inbound traffic above 55% of the port’s bandwidth, including any additional ICMP traffic, will be dropped as long as all inbound traffic combined on the port demands 55% or more of the port’s bandwidth.
Page 324: Operating Notes For Icmp Rate-Limiting
Port Traffic Controls Rate-Limiting Operating Notes for ICMP Rate-Limiting ICMP rate-limiting operates on an interface (per-port) basis to allow, on average, the highest expected amount of legitimate, inbound ICMP traffic. ■ Interface support: ICMP rate-limiting is available on all types of ports (other than trunk ports or mesh ports), and at all port speeds configurable for the switch.
Page 325: Icmp Rate-Limiting Trap And Event Log Messages
Port Traffic Controls Rate-Limiting because the total traffic load requested to the outbound interface exceeds the interface’s bandwidth, and thus some requested traffic may be held off on inbound. ■ Monitoring (Mirroring) ICMP rate-limited interfaces: If monitoring is configured, packets dropped by ICMP rate-limiting on a monitored interface will still be forwarded to the designated monitor port.
Page 326 A1 on a switch would use the following setmib command to reset the port to send a new message if the condition occurs again. ProCurve(config)# setmib hpicmpratelimitportalarm- flag.1 -i 1 Determining the Switch Port Number Used in ICMP Port Reset Commands: To enable excess ICMP traffic notification traps and Event Log messages, use the setmib command described on page 13-15.
Page 327 Port Traffic Controls Rate-Limiting ProCurve# walkmib ifDescr ifDescr.1 = A1 ifDescr.2 = A2 ifDescr.3 = A3 Beginning and Ending of Port Number Listing for Slot A ifDescr.23 = A23 ifDescr.24 = A24 ifDescr.27 = B1 ifDescr.28 = B2 ifDescr.29 = B3...
Page 328: Guaranteed Minimum Bandwidth (Gmb)
Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Guaranteed Minimum Bandwidth (GMB) Feature Default Menu bandwidth-min output Per-Queue: page 13-21 2%-3%-30%-10% 10%-10%-15%-20% show bandwidth output [ port-list ] page 13-24 Introduction Guaranteed Minimum Bandwidth (GMB) provides a method for ensuring that each of a given port’s outbound traffic priority queues has a specified mini- mum consideration for sending traffic out on the link to another device.
Page 329 Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Table 13-1. Per-Port Outbound Priority Queues 802.1p Priority Settings in Tagged VLAN Outbound Priority Queue for a Given Port Packets* 1 (low) 2 (low) 0 (normal) 3 (normal) 4 (medium) 5 (medium) 6 (high) 7 (high) *The switch processes outbound traffic from an untagged port at the "0"...
Page 330: Impacts Of Qos Queue Configuration On Gmb Operation
Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) N o t e For a given port, when the demand on one or more outbound queues exceeds the minimum bandwidth configured for those queues, the switch apportions unallocated bandwidth to these queues on a priority basis. As a result, speci- fying a minimum bandwidth for a high-priority queue but not specifying a minimum for lower-priority queues can starve the lower-priority queues dur- ing periods of high demand on the high priority queue.
Page 331: Outbound Traffic
For any port or group of ports you can configure either the default minimum bandwidth settings for each outbound priority queue or a customized band- width allocation. For most applications, ProCurve recommends configuring GMB with the same values on all ports on the switch so that the outbound traffic profile is consistent for all outbound traffic.
Page 332 Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Syntax: [ no ] int < port-list > bandwidth-min output [ < queue1% > < queue2% > < queue3% > < queue4% > <queue5%> <queue6%> <queue7%> <queue8%>] For ports in < port-list >, specifies the minimum outbound bandwidth as a percent of the total bandwidth for each outbound queue.
Page 333 Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Notes: Configuring 0% for a queue can result in that queue being starved if any higher queue becomes over- subscribed and is then given all unused bandwidth. The switch applies the bandwidth calculation to the link speed the port is currently using.
Page 334: Configuration
Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Either of the following commands configures ports A1 through A5 with bandwidth settings: ProCurve(config)#int a1-a5 bandwidth-min output 2 3 30 10 10 10 15 20 ProCurve(eth-A1-A5)#bandwidth-min output 2 3 30 10 10 10 15 20...
Page 335: Gmb Operating Notes
Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) This is how the preceding listing of the GMB configuration would appear in the startup-config file. The outbound port priority queues 1 - 8 for ports A1-A5 are configured with the indicated Guaranteed Minimum Bandwidth percentages.
Page 336: Jumbo Frames
Port Traffic Controls Jumbo Frames Jumbo Frames Feature Default Menu display VLAN jumbo status — 13-29 — configure jumbo VLANs Disabled — 13-31 — The Maximum Transmission Unit (MTU) is the maximum size IP frame the switch can receive for Layer 2 frames inbound on a port. The switch drops any inbound frames larger than the MTU allowed on the port.
Page 337: Operating Rules
Port Traffic Controls Jumbo Frames Operating Rules Required Port Speed: This feature allows inbound and outbound jumbo ■ frames on ports operating at speeds of 1 gigabit or higher. At lower port speeds, only standard (1522-byte or smaller) frames are allowed, regard- less of the jumbo configuration.
Page 338: Configuring Jumbo Frame Operation
Port Traffic Controls Jumbo Frames Configuring Jumbo Frame Operation Command Page show vlans 13-29 show vlans ports < port-list > 13-30 show vlans < vid > 13-31 jumbo 13-31 Overview Determine the VLAN membership of the ports or trunks through which you want the switch to accept inbound jumbo traffic.
Page 339: Viewing The Current Jumbo Configuration
Port Traffic Controls Jumbo Frames Viewing the Current Jumbo Configuration Syntax: show vlans Lists the static VLANs configured on the switch and includes a Jumbo column to indicate which VLANs are configured to support inbound jumbo traffic. All ports belonging to a jumbo-enabled VLAN can receive jumbo traffic.
Page 340 Port Traffic Controls Jumbo Frames Indicates which static VLANs are configured to enable jumbo frames. Figure 13-9. Example of Listing the VLAN Memberships for a Range of Ports Syntax: show vlans < vid > This command shows port membership and jumbo configuration for the specified <...
Page 341: Enabling Or Disabling Jumbo Traffic On A Vlan
Operating Notes for Jumbo Traffic-Handling ■ ProCurve does not recommend configuring a voice VLAN to accept jumbo frames. Voice VLAN frames are typically small, and allowing a voice VLAN to accept jumbo frame traffic can degrade the voice transmission perfor- mance.
Page 342 Port Traffic Controls Jumbo Frames This same condition generates a Fault-Finder message in the Alert log of the switch’s web browser interface, and also increments the switch’s “Giant Rx” counter. ■ If you do not want all ports in a given VLAN to accept jumbo frames, you can consider creating one or more jumbo VLANs with a membership comprised of only the ports you want to receive jumbo traffic.
Page 343 In this regard, if a mesh domain includes any ProCurve 1600M/2400M/2424M/4000M/8000M switches along with the switches covered in this guide configured to support jumbo traffic, only the switches covered in this guide will receive jumbo frames.
Page 344: Troubleshooting
Port Traffic Controls Jumbo Frames Troubleshooting A VLAN is configured to allow jumbo frames, but one or more ports drops all inbound jumbo frames. The port may not be operating at 1 giga- bit or higher. Regardless of a port’s configuration, if it is actually operating at a speed lower than 1 gigabit, it drops inbound jumbo frames.
Page 345: Contents
Configuring for Network Management Applications Contents Using SNMP Tools To Manage the Switch ..... . 14-3 Overview ..........14-3 SNMP Management Features .
Page 346 Configuring for Network Management Applications Contents Terminology ..........14-33 General LLDP Operation .
Page 347: Using Snmp Tools To Manage The Switch
Overview You can manage the switch via SNMP from a network management station running an application such as ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+). For more on PCM and PCM+, visit the ProCurve Networking web site at: www.procurve.com Click on products index in the sidebar, then click on the appropriate link appearing under the Network Management heading.
Page 348: Snmp Management Features
HP OpenView, you can ensure that it is using the latest version of the MIB file by downloading the file to the OpenView database. To do so, go to the ProCurve Networking web site at: www.procurve.com Click on software updates, then MIBs.
Page 349: Configuring For Snmp Version 3 Access To The Switch
C a u t i o n For ProCurve Manager (PCM) version 1.5 or earlier (or any TopTools version), deleting the “public” community disables some network management functions (such as traffic monitoring, SNMP trap generation, and threshold setting).
Page 350: Snmp Version 3 Commands
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Version 3 Commands SNMP version 3 (SNMPv3) adds some new commands to the CLI for configuring SNMPv3 functions. To enable SMNPv3 operation on the switch, use the snmpv3 enable command. An initial user entry will be generated with MD5 authentication and DES privacy.
Page 351: Enabling Snmpv3
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Enabling SNMPv3 The snmpv3 enable command allows the switch to: ■ Receive SNMPv3 messages. ■ Configure initial users. Restrict non-version 3 messages to “read only” (optional). ■ Figure 14-1 shows an example of how to use the snmpv3 enable command. N o t e : To create new users, most SNMPv3 management software requires an initial S N M P...
Page 352 Add user Network Admin with ProCurve(config)# snmpv3 user NetworkAdmin no authentication or privacy. ProCurve(config)# snmpv3 user NetworkMgr auth md5 authpass priv privpass Privacy is enabled and the Add user Network Mgr with MD5 authentication is enabled and password is set to “privpass”.
Page 353 This example displays information about the management stations configured on VLAN 1 to access the switch. ProCurve# configure terminal ProCurve(config)# vlan 1 ProCurve(vlan-1)# show snmpv3 user Status and Counters - SNMPv3 Global Configuration Information Auth. Protocol Privacy Protocol User Name...
Page 354 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Assigning Users to Groups. Then you must set the group access level for the user by assigning the user to a group. This is done with the snmpv3 group command.
Page 355: Group Access Levels
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Group Access Levels The switch supports eight predefined group access levels. There are four levels for use with version 3 users and four are used for access by version 2c or version 1 management applications.
Page 356 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: [no] snmpv3 community This command maps or removes a mapping of a community name to a group access level. To remove a mapping you, only need to specify the index_name parameter.
Page 357: Communities
C a u t i o n For ProCurve Manager (PCM) version 1.5 or earlier (or any TopTools version), deleting the “public” community disables some network management functions (such as traffic monitoring, SNMP trap generation, and threshold setting).
Page 358 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Note: This screen gives an overview of the SNMP communities that are currently Add and Edit options are configured. All fields in used to modify the SNMP this screen are read- options.
Page 359: Cli: Viewing And Configuring Snmp Community Names
Figure 14-7. Example of the SNMP Community Listing with Two Communities To list the data for only one community, such as the “public” community, use the above command with the community name included. For example: ProCurve# show snmp-server public 14-15...
Page 360 (Access to all MIB objects (read-only) except the CONFIG MIB.) ProCurve(config)# snmp-server community red-team manager unrestricted ProCurve(config)# snmp-server community blue-team operator restricted To eliminate a previously configured community named "gold-team": ProCurve(config) # no snmp-server community gold-team 14-16...
Page 361: Snmpv3 Notification And Traps
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMPv3 Notification and Traps The switches covered in this guide support the SNMPv3 notification process. They also support version 1 or version 2c traps. For more information on version 1 or version 2c traps, refer to “SNMPv1 and SNMPv2c Trap Features”...
Page 362 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch timeout < value > Specifies how long the switch waits for a response from the target before it retransmits the packet. (Default: 1500) Range: 0-2147483647 max-msg-size<size> Default:1472 Specifies the maximum number of bytes a message to this target can contain.
Page 363: Snmpv1 And Snmpv2C Trap Features
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch params value matches params name. Tag value matches taglist value. ver3 means you must select a security service level. Figure 14-8. Example of SNMP Notification and Trap Configuration SNMPv1 and SNMPv2c Trap Features Feature Default...
Page 364: Cli: Configuring And Displaying Trap Receivers
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch In the default configuration, there are no trap receivers configured, and the authentication trap feature is disabled. From the CLI you can configure up to ten SNMP trap receivers to receive SNMP traps from the switch. As an option, you can also configure the switch to send Event Log messages as traps.
Page 365 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Example of ProCurve(config)# show snmp-server Community SNMP Communities Name Data (See Community Name MIB View Write Access page 14-11.) ---------------- -------- ------------ public Operator Restricted blue-team Manager Unrestricted...
Page 366 Send critical-level log messages. Debug Reserved for HP-internal use. For example, to configure a trap receiver in a community named "red-team" with an IP address of 10.28.227.130 to receive only "critical" log messages: ProCurve(config)# snmp-server trap-receiver red-team 10.28.227.130 critical 14-22...
Page 367: Using The Cli To Enable Authentication Traps
For example: ProCurve(config)# snmp-server enable traps authentication Check the Event Log in the console interface to help determine why the authentication trap was sent. (Refer to “Using the Event Log To Identify Problem Sources”...
Page 368: And Traps
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch ProCurve(config)# show snmp-server SNMP Communities Community Name MIB View Write Access ---------------- -------- ------------ public Manager Unrestricted Trap Receivers Link-Change Traps Enabled on Ports [All] : All Send Authentication Traps [No] : No...
Page 369 For example, to use the destination IP address as the source IP address, enter this command: ProCurve(config)# snmp-server response-source dst-ip-of-request To configure the source IP address for a generated trap pdu, enter this command.
Page 370 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch IP-ADDR: The user-specified IP address that will be used as the source IP address in the generated trap. loopback <0-7>: The IP address configured for the specified loopback interface will be used as the source IP address in the generated trap pdu.
Page 371: Operating Notes
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Operating Notes You must explicitly set snmp-server response-source if you wish to change ■ the default behavior. (rfc-1517) ■ This option is global and is applied to all interfaces that are sending SNMP responses or SNMP trap pdus.
Page 372: Advanced Management: Rmon
Event groups from the ProCurve Manager network management software. For more on ProCurve Manager, visit the ProCurve Networking web site at www.procurve.com Click on products index, then look for the ProCurve Manager topic under the Network Manager bar. CLI-Configured sFlow with Multiple Instances In earlier software releases, sFlow was configured on the switch via SNMP using a single sFlow instance.
Page 373: Configuring Sflow
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring sFlow The following sFlow commands allow you to configure sFlow instances via the CLI. Syntax: [no] sflow <receiver-instance> destination <ip-address> [udp-port-num] Enables an sFlow receiver/destination. The receiver-instance number must be a 1, 2, or 3.
Page 374 Agent Address 10.0.10.228 Figure 1. Example of Viewing sFlow Agent Information The show sflow <instance> destination command includes information about the management-station’s destination address, receiver port, and owner. ProCurve# show sflow 2 destination Destination Instance sflow Enabled Datagrams Sent Destination Address 10.0.10.41...
Page 375 You can specify a list or range of ports for which to view sampling information. ProCurve# show sflow 2 sampling-polling A1-A4 Number denotes the sampling/polling instance to which the receiver is coupled.
Page 376: Lldp (Link-Layer Discovery Protocol)
CDP as documented in this manual. For the latest information on your switch model, consult the Release Notes (available on the ProCurve Networking web site). If LLDP has not yet been implemented (or if you are running an older version of software), consult a previous version of the Management and Configuration Guide for device discovery details.
Page 377: Terminology
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP-MED (LLDP Media Endpoint Discovery): Provides an extension to LLDP and is designed to support VoIP deployments. N o t e LLDP-MED is an extension for LLDP, and the switch requires that LLDP be enabled as a prerequisite to LLDP-MED operation.
Page 378 PD (Powered Device): This is an IEEE 802.3af-compliant device that receives its power through a direct connection to a 10/100Base-TX PoE RJ-45 port in a ProCurve fixed-port or chassis-based switch. Examples of PDs include Voice-over-IP (VoIP) telephones, wireless access points, and remote video cameras.
Page 379: General Lldp Operation
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) TLV (Type-Length-Value): A data unit that includes a data type field, a data unit length field (in bytes), and a field containing the actual data the unit is designed to carry (as an alphanumeric string, a bitmap, or a subgroup of information).
Page 380: Configuration Options
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Configuration Options Enable or Disable LLDP on the Switch. In the default configuration, LLDP is globally enabled on the switch. To prevent transmission or receipt of LLDP traffic, you can disable LLDP operation (page 14-36) Enable or Disable LLDP-MED.
Page 381 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) SNMP Notification. You can enable the switch to send a notification to any configured SNMP trap receiver(s) when the switch detects a remote LLDP data change on an LLDP-enabled port (page 14-46). Per-Port (Outbound) Data Options.
Page 382: Options For Reading Lldp Information Collected By The Switch
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Data Type Configuration Default Description Options The Packet Time-to-Live value is included in LLDP data packets. (Refer to “Changing the Time-to-Live for Transmitted Advertisements” on page 14-44.) Subelement of the Chassis ID TLV. Subelement of the Port ID TLV.
Page 383: Lldp Operating Rules
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) RFC 2737 (Entity MIB) ■ ■ RFC 2863 (Interfaces MIB) ■ ANSI/TIA-1057/D6 (LLDP-MED; refer to “LLDP-MED (Media-Endpoint- Discovery)” on page 14-51.) LLDP Operating Rules (For additional information specific to LLDP-MED operation, refer to “LLDP- MED (Media-Endpoint-Discovery)”...
Page 384: Configuring Lldp Operation
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Spanning-Tree Blocking. Spanning tree does not prevent LLDP packet transmission or receipt on STP-blocked links. 802.1X Blocking. Ports blocked by 802.1X operation do not allow transmission or receipt of LLDP packets. Configuring LLDP Operation In the default configuration, LLDP is enabled and in both transmit and receive mode on all active ports.
Page 385 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displays the LLDP global configuration, LLDP port status, and SNMP notification status. For information on port admin status, refer to “Configuring Per-Port Transmit and Receive Modes” on page 14-47. For example, show lldp config produces the following display when the switch is in the default LLDP configuration: Note: This value corresponds to the lldp refresh-interval...
Page 386: Configuring Global Lldp Packet Controls
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying Port Configuration Details. This command displays the port- specific configuration, including. Syntax show lldp config < port-list > Displays the LLDP port-specific configuration for all ports in < port-list >, including which optional TLVs and any non-default IP address that are included in the port’s outbound advertisements.
Page 387 (Default: Enabled) For example, to disable LLDP on the switch: ProCurve(config)# no lldp run Changing the Packet Transmission Interval. This interval controls how often active ports retransmit advertisements to their neighbors. Syntax lldp refresh-interval < 5 - 32768 >...
Page 388 2, which would result in a Time-to- Live of 30 seconds. ProCurve(config)# lldp holdtime-multiplier 2 Changing the Delay Interval Between Advertisements Generated by Value or Status Changes to the LLDP MIB. The switch uses a delay- interval setting to delay transmitting successive advertisements resulting from these LLDP MIB changes.
Page 389 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax setmib lldpTxDelay.0 -i < 1 - 8192 > Uses setmib to change the minimum time (delay-interval) any LLDP port will delay advertising successive LLDP advertisements due to a change in LLDP MIB content. (Default: 2;...
Page 390: Configuring Snmp Notification Support
(Default: 2 seconds; Range: 1 - 10 seconds) For example, the following command changes the reinitialization delay interval to five seconds: ProCurve(config)# setmib lldpreinitdelay.0 -i 5 Configuring SNMP Notification Support You can enable SNMP trap notification of LLDP data changes detected on advertisements received from neighbor devices, and control the interval between successive notifications of data changes on the same neighbor.
Page 391: Configuring Per-Port Transmit And Receive Modes
(Default: 5 seconds) For example, the following command limits change notification traps from a particular switch to one per minute. ProCurve(config)# setmib lldpnotificationinterval.0 -i 60 lldpNotificationInterval.0 = 60 Configuring Per-Port Transmit and Receive Modes These commands control advertisement traffic inbound and outbound on active ports.
Page 392: Configuring Basic Lldp Per-Port Advertisement Content
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Configuring Basic LLDP Per-Port Advertisement Content In the default LLDP configuration, outbound advertisements from each port on the switch include both mandatory and optional data. Mandatory Data. An active LLDP port on the switch always includes the mandatory data in its outbound advertisements.
Page 393 10.10.10.100 and you wanted port 3 to use this secondary address in LLDP advertisements, you would need to execute the following command: ProCurve(config)# lldp config 3 ipAddrEnable 10.10.10.100 Optional Data. You can configure an individual port or group of ports to exclude one or more of these data types from outbound LLDP advertisements.
Page 394: Advertisements
For example, if you wanted to exclude the system name TLV from the outbound LLDP advertisements for all ports on a switch, you would use this command: ProCurve(config)# no lldp config 1-24 basicTlvEnable system_name If you later decided to reinstate the system name TLV on ports 1-5, you would...
Page 395: Lldp-Med (Media-Endpoint-Discovery)
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax: [ no ] lldp config < port-list > dot3TlvEnable macphy_config For outbound advertisements, this TLV includes the (local) switch port’s current speed and duplex settings, the range of speed and duplex settings the port supports, and the method required for reconfiguring the speed and duplex settings on the device (auto-negotiation during link initialization, or manual configuration).
Page 396 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Power over Ethernet (PoE) status and troubleshooting support via ■ SNMP support for IP telephony network troubleshooting of call quality ■ issues via SNMP This section describes how to configure and use LLDP-MED features in the switches to support VoIP network edge devices (Media Endpoint Devices) such as: ■...
Page 397 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) able to use the following network policy elements configured on the ■ client port • voice VLAN ID • 802.1p (Layer 2) QoS • Diffserv codepoint (DSCP) (Layer 3) QoS discover and advertise device location data learned from the switch ■...
Page 398: Lldp-Med Topology Change Notification
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Class 3 (Communication Devices): These devices are typically IP ■ phones or end-user devices that otherwise support IP media and offer all Class 1 and Class 2 features, plus location identification and emergency 911 capability, Layer 2 switch support, and device infor- mation management.
Page 399 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax: lldp top-change-notify < port-list > Topology change notification, when enabled on an LLDP port, causes the switch to send an SNMP trap if it detects LLDP- MED endpoint connection or disconnection activity on the port, or an age-out of the LLDP-MED neighbor on the port.
Page 400: Lldp-Med Fast Start Control
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP-MED Fast Start Control Syntax: lldp fast-start-count < 1 - 10 > An LLDP-MED device connecting to a switch port may use the data contained in the MED TLVs from the switch to configure itself.
Page 401 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) N o t e LLDP-MED operation requires the macphy_config TLV subelement—enabled by default—that is optional for IEEE 802.1AB LLDP operation. Refer to the dot3TlvEnable macphy_config command on page 14-51. Network Policy Advertisements. Network policy advertisements are intended for real-time voice and video applications, and include these TLV subelements: ■...
Page 402 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) N o t e s A codepoint must have an 802.1p priority before you can configure it for use in prioritizing packets by VLAN-ID. If a codepoint you want to use shows No Override in the Priority column of the DSCP policy table (display with show qos- dscp map, then use qos-dscp map <...
Page 403 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) network-policy This TLV enables the switch port to advertise its configured network policies (voice VLAN, Layer 2 QoS, Layer 3 QoS), and allows LLDP-MED endpoint devices to auto-configure the voice network policy advertised by the switch.
Page 404: Configuring Location Data For Lldp-Med Devices
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) PoE Advertisements. These advertisements inform an LLDP-MED endpoint of the power (PoE) configuration on switch ports. Similar advertisements from an LLDP-MED endpoint inform the switch of the endpoint’s power needs and provide information that can be used to identify power priority mismatches.
Page 405 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ELIN (Emergency Location Identification Number): an emergency ■ number typically assigned to MLTS (Multiline Telephone System Opera- tors) in North America ■ coordinate-based location: attitude, longitude, and altitude informa- tion (Requires configuration via an SNMP application.) Syntax: [ no ] lldp config <...
Page 406 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) — Continued— Type/Value Pairs ( CA-TYPE CA-VALUE ): This is a series of data pairs, each composed of a location data “type” specifier and the corresponding location data for that type. That is, the first value in a pair is expected to be the civic address “type”...
Page 407 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note: A switch port allows one instance of any given CA- TYPE. For example, if a type/value pair of 6 Atlantic (to specify “Atlantic” as a street name) is configured on port A5 and later another type/value pair of 6 Pacific is configured on the same port, then Pacific replaces Atlantic in the civic address location configured for port A5.
Page 408 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Table 14-3. Some Location Codes Used in CA-TYPE Fields* Location Element Code Location Element Code national subdivision street number regional subdivision additional location data city or township unit or apartment city subdivision floor street room number...
Page 409: Displaying Advertisement Data
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Figure 14-16 shows the commands for configuring and displaying the above data. Figure 14-16. Example of a Civic Address Configuration Displaying Advertisement Data Command Page show lldp info local-device below walkmib lldpXdot3LocPortOperMauType show lldp info remote-device 14-68 walkmib lldpXdot3RemPortAutoNegAdvertisedCap...
Page 410: Advertisements
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying Switch Information Available for Outbound Advertisements These commands display the current switch information that will be used to populate outbound LLDP advertisements. Syntax show lldp info local-device [ port-list ] Without the [ port-list ] option, this command displays the global switch information and the per-port information currently available for populating outbound LLDP advertisements.
Page 411 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) The Management Address field displays only the LLDP-configurable IP addresses on the switch. (Only manually-configured IP addresses are LLDP-configurable.) If the switch has only an IP address from a DHCP or Bootp server, then the Management Address field is empty (because there are no LLDP- configurable IP addresses available).
Page 412 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) information on displaying the currently configured port speed and duplex on an LLDP-MED endpoint, refer to “Displaying the Current Port Speed and Duplex Configuration on a Switch Port” on page 14-67. Syntax: show interfaces brief <...
Page 413 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Figure 14-19. Example of a Global Listing of Discovered Devices Indicates the policy configured on the telephone. A configuration mismatch occurs if the supporting port is configured differently. Figure 14-20. Example of an LLLDP-MED Listing of an Advertisement Received From an LLDP-MED (VoIP Telephone) Source 14-69...
Page 414: Displaying Lldp Statistics
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying LLDP Statistics LLDP statistics are available on both a global and a per-port levels. Rebooting the switch resets the LLDP statistics counters to zero. Disabling the transmit and/or receive capability on a port “freezes” the related port counters at their current values.
Page 415 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) — Continued — Per-Port LLDP Counters: NumFramesRecvd: Shows the total number of valid, inbound LLDP advertisements received from any neighbor(s) on < port- list >. Where multiple neighbors are connected to a port through a hub, this value is the total number of LLDP advertisements received from all sources.
Page 416: Lldp Operating Notes
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Counters showing frames sent on a port but no frames received on that port indicates an active link with a device that either has LLDP disabled on the link or is not LLDP- aware.
Page 417 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP Packet Forwarding: An 802.1D-compliant switch does not forward LLDP packets, regardless of whether LLDP is globally enabled or disabled on the switch. One IP Address Advertisement Per-Port: LLDP advertises only one IP address per-port, even if multiple IP addresses are configured by lldp config <...
Page 418: Lldp And Cdp Data Management
LLDP packets received from neighbor devices. CDP operation is limited to reading incoming CDP packets from neighbor devices. (ProCurve switches do not generate CDP packets.) LLDP and CDP Neighbor Data With both LLDP and (read-only) CDP enabled on a switch port, the port can read both LLDP and CDP advertisements, and stores the data from both types of advertisements in its neighbor database.
Page 419 Neighbors database. N o t e Because ProCurve switches do not generate CDP packets, they are not represented in the CDP data collected by any neighbor devices running CDP. A switch with CDP disabled forwards the CDP packets it receives from other devices, but does not store the CDP information from these packets in its own MIB.
Page 420: Cdp Operation And Commands
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Protocol State Packet Inbound Data Management Inbound Packet Forwarding Generation CDP Enabled Store inbound CDP data. No forwarding of inbound CDP packets. CDP Disabled No storage of CDP data from Floods inbound CDP packets neighbor devices.
Page 421 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Command Page show cdp 14-77 show cdp neighbors [< port-list > detail] 14-78 [detail < port-list >] [no] cdp run 14-79 [no] cdp enable < port-list > 14-79 N o t e For details on how to use an SNMP utility to retrieve information from the switch’s CDP Neighbors table maintained in the switch’s MIB (Management Information Base), refer to the documentation provided with the particular...
Page 422 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Viewing the Switch’s Current CDP Neighbors Table. Devices are listed by the port on which they were detected. Syntax: show cdp neighbors Lists the neighboring CDP devices the switch detects, with a subset of the information collected from the device’s CDP packet.
Page 423 Disabling CDP on a port causes it to drop inbound CDP packets without recording their data in the CDP Neighbors table. Syntax: [no] cdp enable < [e] port-list > For example, to disable CDP on port A1: ProCurve(config)# no cdp enable a1 14-79...
Page 424 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) — This page is intentionally unused. — 14-80...
Page 425: Contents
File Transfers Contents Overview ........... . A-3 Downloading Switch Software .
Page 426 File Transfers Contents Transferring Switch Configurations ......A-24 TFTP: Copying a Configuration File to a Remote Host ..A-25 TFTP: Copying a Configuration File from a Remote Host .
Page 427: Overview
Downloading Switch Software ProCurve periodically provides switch software updates through the ProCurve Networking web site. For more information, refer to the support and warranty booklet shipped with the switch, or visit www.procurve.com and click on software updates. After you acquire a new software version, you can...
Page 428: General Software Download Rules
A software version for the switch has been stored on a TFTP server accessible to the switch. (The software file is typically available from the ProCurve Networking web site at www.procurve.com.) The switch is properly connected to your network and has already been ■...
Page 429: Menu: Tftp Download From A Server To Primary Flash
File Transfers Downloading Switch Software Menu: TFTP Download from a Server to Primary Flash Note that the menu interface accesses only the primary flash. In the console Main Menu, select Download OS to display the screen in figure A-1. (The term “OS”, or “operating system” refers to the switch software): Figure A-1.
Page 430 File Transfers Downloading Switch Software A “progress” bar indicates the progress of the download. When the entire software file has been received, all activity on the switch halts and you will see Validating and writing system software to FLASH... After the primary flash memory has been updated with the new software, you must reboot the switch to implement the newly downloaded software.
Page 431: Cli: Tftp Download From A Server To Flash
File Transfers Downloading Switch Software To find more information on the cause of a download failure, examine the messages in the switch’s Event Log by executing the show log tftp command from the CLI. (For more on the Event Log, see “Using the Event Log To Identify Problem Sources”...
Page 432: Using Secure Copy And Sftp
File Transfers Downloading Switch Software This message means that the image you Dynamic counter continually displays the want to upload will replace the image number of bytes transferred. currently in primary flash. Figure A-4. Example of the Command to Download an OS (Switch Software) When the switch finishes downloading the software file from the server, it displays this progress message: Validating and Writing System Software to FLASH …...
Page 433 As described earlier in this chapter you can use a TFTP client on the admin- istrator workstation to update software images. This is a plain text mechanism and it connects to a standalone TFTP server or another ProCurve switch acting as a TFTP server to obtain the software image file(s). Using SCP and SFTP allows you to maintain your switches with greater security.
Page 434: How It Works
ProCurve(config)# ip ssh filetransfer Disable TFTP and Auto-TFTP for Enhanced Security Using the ip ssh filetransfer command to enable Secure FTP (SFTP) automati- cally disables TFTP and auto-TFTP (if either or both are enabled).
Page 435 File Transfers Downloading Switch Software ProCurve(config)# ip ssh filetransfer Enabling SFTP automatically disables TFTP Tftp and auto-tftp have been disabled. and auto-tftp and displays this message. ProCurve(config)# sho run Running configuration: ; J8697 Configuration Editor; Created on release #K.11.XX hostname "ProCurve"...
Page 436 File Transfers Downloading Switch Software Enables/Disables TFTP. Note: If SFTP is enabled, this field will be set to No. You cannot use this field to enable TFTP if SFTP is enabled. Attempting to do so produces an Inconsistent value message in the banner below the Actions line. Figure A-6.
Page 437: Command Options
As a matter of policy, administrators should not enable the SSHv1-only or the SSHv1-or-v2 advertisement modes. SSHv1 is supported on only some legacy switches (such as the ProCurve Series 2500 switches). To confirm that SSH is enabled type in the command...
Page 438: Authentication
File Transfers Downloading Switch Software Authentication Switch memory allows up to ten public keys. This means the authentication and encryption keys you use for your third-party client SCP/SFTP software can differ from the keys you use for the SSH session, even though both SCP and SFTP use a secure SSH tunnel.
Page 439 File Transfers Downloading Switch Software All files have read-write permission. Several SFTP commands, such as ■ create or remove , are not allowed and return an error message. The switch displays the following files: +---cfg running-config startup-config +---log crash-data crash-data-a crash-data-b crash-data-c crash-data-d...
Page 440: Workstation
File Transfers Downloading Switch Software Using Xmodem to Download Switch Software From a PC or UNIX Workstation This procedure assumes that: The switch is connected via the Console RS-232 port to a PC operating as ■ a terminal. (Refer to the Installation and Getting Started Guide you received with the switch for information on connecting a PC as a terminal and running the switch console interface.) ■...
Page 441: Primary Or Secondary Flash
File Transfers Downloading Switch Software Continue reboot of system? : No Press the space bar once to change No to Yes, then press [Enter] to begin the reboot. To confirm that the software downloaded correctly: From the Main Menu, select 1.
Page 442: Using Usb To Transfer Files To And From The Switch
(For more on these commands, see “Rebooting the Switch” on page 6-18.) To confirm that the software downloaded correctly: ProCurve> show system Check the Firmware revision line. It should show the software version that you downloaded in the preceding steps.
Page 443: Using Usb To Download Switch Software
This procedure assumes that: ■ A software version for the switch has been stored on a USB flash drive. (The latest software file is typically available from the ProCurve Network- ing web site at www.procurve.com.) ■ The USB device has been plugged into the switch’s USB port.
Page 444: Switch-To-Switch Download
File Transfers Downloading Switch Software When the copy finishes, you must reboot the switch to implement the newly loaded software. To do so, use one of the following commands: Syntax: boot system flash < primary | secondary > Boots from the selected flash. Syntax: reload Boots from the flash image and startup-config file.
Page 445: Cli: Switch-To-Switch Downloads
File Transfers Downloading Switch Software Press , then (for eXecute) to begin the software download. [Enter] A “progress” bar indicates the progress of the download. When the entire switch software download has been received, all activity on the switch halts and the following messages appear: Validating and writing system software to FLASH...
Page 446: Using Pcm+ To Update Switch Software
Figure A-9. Switch-to-Switch, from Either Flash in Source to Either Flash in Destination Using PCM+ to Update Switch Software ProCurve Manager Plus includes a software update utility for updating on ProCurve switch products. For further information, refer to the Getting Started Guide and the Administrator’s Guide, provided electronically with the application.
Page 447: Copying Software Images
For example, to copy the primary flash to a TFTP server having an IP address of 10.28.227.105: ProCurve# copy flash tftp 10.28.227.105 k0800.swi where k0800.swi is the filename given to the flash image being copied. Xmodem: Copying a Software Image from the Switch to a...
Page 448: Transferring Switch Configurations
For example, to copy the primary image to a USB flash drive: Insert a USB device into the switch’s USB port. Execute the following command: Procurve# copy flash usb k0800.swi where k0800.swi is the name given to the primary flash image that is copied from the switch to the USB device.
Page 449: Tftp: Copying A Configuration File To A Remote Host
For example, to upload the current startup configuration to a file named sw5400 in the configs directory on drive “d” in a TFTP server having an IP address of 10.28.227.105: ProCurve# copy startup-config tftp 10.28.227.105 d:\configs\sw5400 TFTP: Copying a Configuration File from a Remote Host Syntax: copy tftp <...
Page 450: Xmodem: Copying A Configuration File From A Serially Connected Pc Or Unix Workstation
File Transfers Transferring Switch Configurations Syntax: copy < startup-config | running-config > xmodem < pc | unix > copy config < filename > xmodem < pc | unix > Uses Xmodem to copy a designated configuration file from the switch to a PC or Unix workstation. For more on multiple configuration files, refer to “Multiple Configuration Files”...
Page 451: Usb: Copying A Configuration File To A Usb Device
File Transfers Transferring Switch Configurations Execute the following command: After you see the above prompt, press [Enter] Execute the terminal emulator commands to begin the file transfer. When the download finishes, you must reboot the switch to implement the newly downloaded software. To do so, use one of the following commands: Syntax: boot system flash [ primary | secondary ] boot system flash [ config <...
Page 452: Usb: Copying A Configuration File From A Usb Device
Transferring ACL Command Files Execute the following command: Procurve# copy startup-config usb procurve-config where procurve-config is the name given to the configuration file that is copied from the switch to the USB device. USB: Copying a Configuration File from a USB Device To use this method, the switch must be connected via the USB port to a USB flash drive on which is stored the configuration file you want to copy.
Page 453: Tftp: Uploading An Acl Command File From A Tftp Server
Copied the file to a TFTP server at 18.38.124.16. Using a PC workstation, you then execute the following from the CLI to upload the file to the switch and implement the ACL commands it contains: ProCurve(config)# copy tftp command-file 18.38.124.16 vlan10_in.txt pc The switch displays this message:...
Page 454: Xmodem: Uploading An Acl Command File From A Serially Connected Pc Or Unix Workstation
File Transfers Transferring ACL Command Files To continue with the upload, press the key. To abort the upload, press the key. Note that if the switch detects an illegal (non-ACL) command in the file, it bypasses the illegal command, displays a notice as shown in figure A- 10, and continues to implement the remaining ACL commands in the file.
Page 455: Usb: Uploading An Acl Command File From A Usb Device
Using a PC workstation, you then execute the following from the CLI to upload the file to the switch and implement the ACL commands it contains: ProCurve(config)# copy usb command-file vlan10_in.txt pc The switch displays this message: Running configuration may change, do you want to continue...
Page 456: Workstation
File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation You can use the CLI to copy the following types of switch data to a text file in a destination device: Command Output: Sends the output of a switch CLI command as a file on ■...
Page 457: Copying Event Log Output To A Destination Device
File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation At this point, press [Enter] and start the Xmodem command sequence in your terminal emulator. Indicates the operation is finished. Figure A-11. Example of Sending Command Output to a File on an Attached PC N o t e The command you specify must be enclosed in double-quote marks.
Page 458: Copying Crash Log Data Content To A Destination Device
File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation Syntax: copy crash-data [<slot-id | master>] tftp <ip-address> <filename> copy crash-data [<slot-id | master>] usb <filename> copy crash-data [<slot-id | master>] xmodem where: slot-id = a - h, and retrieves the crash log or crash data from the processor on the module in the specified slot.
Page 459 File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation These commands copy the Crash Log content to a remote host, attached USB device, or to a serially connected PC or UNIX workstation. You can copy individual slot information or the master switch information.
Page 460 File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation — This page is intentionally unused. — A-36...
Page 461 Monitoring and Analyzing Switch Operation Contents Overview ........... . B-3 Status and Counters Data .
Page 462 Monitoring and Analyzing Switch Operation Contents Configuration Steps ........B-32 CLI: Configuring Local and Remote Mirroring .
Page 463: Overview
Monitoring and Analyzing Switch Operation Overview Overview The switches covered in this guide have several built-in tools for monitoring, analyzing, and troubleshooting switch and network operation: ■ Status: Includes options for displaying general switch information, man- agement address data, port status, port and trunk group statistics, MAC addresses detected on each port or VLAN, and STP, IGMP, and VLAN data (page B-4).
Page 464: Status And Counters Data
Monitoring and Analyzing Switch Operation Status and Counters Data Status and Counters Data This section describes the status and counters screens available through the switch console interface and/or the web browser interface. N o t e You can access all console screens from the web browser interface via Telnet to the console.
Page 465: Menu Access To Status And Counters
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access To Status and Counters Beginning at the Main Menu, display the Status and Counters menu by select- ing: 1. Status and Counters Figure B-1. The Status and Counters Menu Each of the above menu items accesses the read-only screens described on the following pages.
Page 466: General System Information
Monitoring and Analyzing Switch Operation Status and Counters Data General System Information Menu Access From the console Main Menu, select: 1. Status and Counters 1. General System Information Figure B-2. Example of General Switch Information This screen dynamically indicates how individual switch resources are being used.
Page 467: Switch Management Address Information
Monitoring and Analyzing Switch Operation Status and Counters Data Switch Management Address Information Menu Access From the Main Menu, select: 1 Status and Counters … 2. Switch Management Address Information Figure B-3. Example of Management Address Information with VLANs Configured This screen displays addresses that are important for management of the switch.
Page 468: Module Information
Monitoring and Analyzing Switch Operation Status and Counters Data Module Information Use this feature to determine which slots have modules installed and which type(s) of modules are installed. Menu: Displaying Port Status From the Main Menu, select: 1. Status and Counters … 3.
Page 469: Cli Access
Serial Number ----- ---------------------------------------- ------------ ProCurve J8702A XL 24 port Gig-T POE SG111SZ345 ProCurve J8705A XL 20 port + 4 mGBIC SG111SX466 ProCurve J8702A XL 24 port Gig-T POE SG123DX543 Figure B-5. Example of Module Information including the Management Module...
Page 470: Port Status
Monitoring and Analyzing Switch Operation Status and Counters Data Port Status The web browser interface and the console interface show the same port status data. Menu: Displaying Port Status From the Main Menu, select: 1. Status and Counters … 4. Port Status Figure B-6.
Page 471: Viewing Port And Trunk Group Statistics And Flow Control Status
Monitoring and Analyzing Switch Operation Status and Counters Data Viewing Port and Trunk Group Statistics and Flow Control Status Feature Default Menu viewing port and trunk statistics for all page B-12 page B-13 page B-13 ports, and flow control status viewing a detailed summary for a page B-12 page B-13...
Page 472: Menu Access To Port And Trunk Statistics
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to Port and Trunk Statistics To access this screen from the Main Menu, select: 1. Status and Counters … 4. Port Counters Figure B-7. Example of Port Counters on the Menu Interface To view details about the traffic on a particular port, use the [v] key to highlight that port number, then select Show Details.
Page 473: Cli Access To Port And Trunk Group Statistics
Monitoring and Analyzing Switch Operation Status and Counters Data CLI Access To Port and Trunk Group Statistics To Display the Port Counter Summary Report. Syntax: show interfaces This command provides an overview of port activity for all ports on the switch. To Display a Detailed Traffic Summary for Specific Ports.
Page 474: Viewing The Switch's Mac Address Tables
Monitoring and Analyzing Switch Operation Status and Counters Data Viewing the Switch’s MAC Address Tables Feature Default Menu viewing MAC addresses on all page B-14 page B-17 — ports on a specific VLAN viewing MAC addresses on a page B-16 page B-17 —...
Page 475 Monitoring and Analyzing Switch Operation Status and Counters Data Figure B-9. Example of the Address Table To page through the listing, use Next page and Prev page. Finding the Port Connection for a Specific Device on a VLAN. This feature uses a device’s MAC address that you enter to identify the port used by that device.
Page 476 Stacking is supported the Port To Search on the 3500yl and 6200yl switches. Figure B-11. Listing MAC Addresses for a Specific Port Use the Space bar to select the port you want to list or search for MAC addresses, then press...
Page 477: Cli Access For Mac Address Views And Searches
To List All Learned MAC Addresses on a VLAN, with Their Port Numbers. This command lists the MAC addresses associated with the ports for a given VLAN. For example: ProCurve> show mac-address vlan 100 N o t e The switches covered in this guide operate with a multiple forwarding database architecture.
Page 478: Spanning Tree Protocol (Mstp) Information
Monitoring and Analyzing Switch Operation Status and Counters Data Spanning Tree Protocol (MSTP) Information CLI Access to MSTP Data This option lists the MSTP configuration, root data, and per-port data (cost, priority, state, and designated bridge). Syntax: show spanning-tree This command displays the switch’s global and regional spanning-tree status, plus the per-port spanning-tree operation at the regional level.
Page 479: Internet Group Management Protocol (Igmp) Status
Monitoring and Analyzing Switch Operation Status and Counters Data Internet Group Management Protocol (IGMP) Status The switch uses the CLI to display the following IGMP status on a per-VLAN basis: Show Command Output show ip igmp Global command listing IGMP status for all VLANs configured in the switch: •...
Page 480: Vlan Information
Monitoring and Analyzing Switch Operation Status and Counters Data VLAN Information The switch uses the CLI to display the following VLAN status: Show Command Output show vlan Lists: • Maximum number of VLANs to support • Existing VLANs • Status (static or dynamic) •...
Page 481 Monitoring and Analyzing Switch Operation Status and Counters Data Listing the VLAN ID (VID) and Status for Specific Ports. Because ports A1 and A2 are not members of VLAN- 44, it does not appear in this listing. Figure B-15. Example of VLAN Listing for Specific Ports Listing Individual VLAN Status.
Page 482: Web Browser Interface Status Information
Alert Log, which informs you of any problems that may have occurred on the switch. For more information on this screen, refer to the chapter titled “Using the ProCurve Web Browser Interface”. Port Utilization Graphs...
Page 483: Traffic Mirroring
A switch can be configured as the destination for: ■ • 32 remote mirroring sessions originating on other ProCurve switches running software release K.12.xx. This allows simultaneous mirroring sessions configured on multiple source switches to be directed to one or more exit ports on a given exit switch previously configured to support those sessions.
Page 484: Terminology
Monitoring and Analyzing Switch Operation Traffic Mirroring • 4 local mirroring sessions originating on the same switch as the mirrored traffic ■ A switch can be the originator (source) of four mirroring sessions, with each session mirroring traffic associated with a list composed of ports and/or static trunks, a mesh, or a VLAN interface.
Page 485 Allowing a mirroring exit port connection to a network can result in serious network performance problems, and is strongly discour- aged by ProCurve Networking. Remote Exit Switch: The destination switch for mirrored traffic when the source and destination of mirrored traffic are on different switches. Also termed the Remote Destination Switch.
Page 486: Mirrored Traffic Destinations
IPv4 encapsulation, if the intended exit switch is not already configured as the destination for that session, its performance may be adversely affected by the stream of mirrored traffic. For this reason, ProCurve strongly recommends that you configure the exit switch for a remote mirror- ing session before configuring the source switch for that same session.
Page 487: Criteria For Selecting Traffic To Mirror
Each of the four mirroring sessions supported at a mirroring source can have either the same or a different destination. Destination options include an exit port on the source (local) switch and/or on one remote ProCurve switch configured to support remote mirroring. This offers the following benefits:...
Page 488 Monitoring and Analyzing Switch Operation Traffic Mirroring Mirrored traffic belonging to each session can be directed to the same ■ destination or to different destinations. ■ You can reduce the risk of oversubscribing a single exit port by directing traffic from different session sources to different exit ports You can segregate traffic by type, direction, or source.
Page 489: Configuration
Monitoring and Analyzing Switch Operation Traffic Mirroring Configuration Table B-1 lists the traffic mirroring configuration support available through the CLI, Menu Interface, and SNMP methods. Table B-1. Traffic Mirroring Configuration Options Interface Monitor Traffic Direction CLI Config Menu and Web SNMP Config I/F Config VLAN...
Page 490: Endpoint Switches And Intermediate Devices
Endpoint Switches and Intermediate Devices The endpoint switches used for remote mirroring source and remote mirroring exit functions must be ProCurve switches that support the mirroring functions described in this chapter. However, because remote mirroring on your ProCurve switch uses IPv4 encapsulation of mirrored traffic to remote desti- nation switches, the intermediate switches and routers in a layer 2/3 domain can be from any vendor supporting IPv4.
Page 491: Using The Menu Or Web Interface To Configure Local Mirroring
Monitoring and Analyzing Switch Operation Traffic Mirroring Using the Menu or Web Interface To Configure Local Mirroring Menu and Web Interface Limits The Menu and Web interfaces can be used to quickly configure or reconfigure local mirroring on session 1, and allow one of the following two mirroring source options: ■...
Page 492: Configuration Steps
Monitoring and Analyzing Switch Operation Traffic Mirroring Configuration Steps N o t e s If mirroring has already been enabled on the switch, the Menu screens will appear differently than shown in this section. From the Main Menu, Select: 2. Switch Configuration... 3.
Page 493 Monitoring and Analyzing Switch Operation Traffic Mirroring Move the cursor to the Monitoring Port parameter, then use the Space bar to select the local exit port. Figure B-19. How To Select a Local Exit Port Use the Space bar to select the port to use for sending mirrored traffic to a locally connected traffic analyzer or IDS.
Page 494 Monitoring and Analyzing Switch Operation Traffic Mirroring Use the down arrow key to move the cursor to the Action column for the individual port interfaces and position the cursor at a port, trunk, or mesh you want to mirror. Use the down arrow key to select the interface(s) whose traffic you want to mirror to the local exit port.
Page 495: Cli: Configuring Local And Remote Mirroring
Using the CLI you can configure a mirroring session to an exit port on either the same switch as the source interface (local mirroring) or on another switch (remote mirroring). (The remote switch must be a ProCurve switch offering the full mirroring capabilities described in this chapter.)
Page 496: General Steps For Using The Cli To Configure Mirroring
For this reason, ProCurve strongly recommends that you configure the exit switch for a remote mirroring session before configuring the source switch for that same session.
Page 497 Monitoring and Analyzing Switch Operation Traffic Mirroring After completing step 5b, the switch begins mirroring traffic to the remote destination for the configured session. Local Mirroring (Mirroring Source and Destination on the Same Switch). Determine the session identity and local destination port: •...
Page 498: Quick Reference To Local Mirroring Set-Up
Monitoring and Analyzing Switch Operation Traffic Mirroring Quick Reference to Local Mirroring Set-Up These commands configure or remove mirroring where the mirroring source and destination are on the same switch. For command syntax details, refer to the pages listed after each heading. For each mirroring Source Switch option: The mirror command identifies the destination for the mirroring session.
Page 499: Quick Reference To Remote Mirroring Set-Up
Monitoring and Analyzing Switch Operation Traffic Mirroring The no form of the command removes vlan < vid-# > mirroring source from the specified session, but leaves the session available for other assignments. N o t e If session 1 is already configured with a destination, you can execute [no] vlan <...
Page 500 Monitoring and Analyzing Switch Operation Traffic Mirroring To Configure or Remove a Mirroring Session on a Source Switch Defines a Remote Mirroring Session on a Source Switch (Page B-44): mirror < 1 - 4 > [name < name-str >] remote ip < src-ip > < src-udp-port > < dst-ip > no mirror <...
Page 501: Determine The Mirroring Session Identity And Destination
Monitoring and Analyzing Switch Operation Traffic Mirroring 1. Determine the Mirroring Session Identity and Destination For a Local Mirroring Session. Determine the port number for the exit port (such as A5, B10, etc.), then go to “4. Configure Mirroring Sources” on page B-47.
Page 502 Monitoring and Analyzing Switch Operation Traffic Mirroring Syntax: mirror endpoint ip < src-ip > < src-udp-port > < dst-ip > < port-# > no mirror endpoint ip < src-ip > < src-udp-port > < dst-ip > This command is used on a destination switch to establish the endpoint for a specific mirroring session you will configure on a remote mirroring source switch.
Page 503 Monitoring and Analyzing Switch Operation Traffic Mirroring Syntax: mirror endpoint ip < src-ip > < src-udp-port > < dst-ip > < port-# > no mirror endpoint ip < src-ip > < src-udp-port > < dst-ip > < port-# > : Exit port for mirrored traffic from the specified session.
Page 504: Configure The Mirroring Session On The Source Switch
Monitoring and Analyzing Switch Operation Traffic Mirroring 3. Configure the Mirroring Session on the Source Switch For local mirroring, only a session number and a destination port number are needed. (You also have the option of associating a name with the session number.) Refer to “Configuring Mirroring with a Destination on the Local (Source) Switch”...
Page 505 For this reason, ProCurve strongly recommends that you configure the exit switch for a remote mirroring session, as described under “2. Configure the Remote Mirroring Session on Destination Switch”...
Page 506 Monitoring and Analyzing Switch Operation Traffic Mirroring Syntax: [no] mirror < 1 - 4 > [name < name-str >] remote ip < src-ip > < src-udp-port > < dst-ip > — Continued from Preceding Page— < 1 - 4 > : Identifies the mirroring session created by this command.
Page 507: Configure Mirroring Sources
Monitoring and Analyzing Switch Operation Traffic Mirroring 4. Configure Mirroring Sources This action configures a source switch with the criteria for selecting the traffic to mirror, and assigns the configured source criteria to a previously configured mirroring session. Traffic Selection Options The traffic criteria includes one option from each of the following two selec- tion criteria: interface type...
Page 508: Using Interface Identity And Direction Of Movement To Select The Traffic To Mirror From A Source Switch
Monitoring and Analyzing Switch Operation Traffic Mirroring Using Interface Identity and Direction of Movement To Select the Traffic To Mirror from a Source Switch Use the commands in this section to configure mirrored traffic selection for either local or remote mirroring. Options for the selection criteria includes: ■...
Page 509 Monitoring and Analyzing Switch Operation Traffic Mirroring — Continued from Preceding Page— mirror < 1 - 4 | < name-str >: Assigns the traffic defined by the interface and direction to a session by number or (if configured) by name. (The session must have been previously configured.
Page 510 Monitoring and Analyzing Switch Operation Traffic Mirroring VLAN Interface with Traffic Direction as the Selection Criteria. Use this command when the direction of traffic movement on a specific VLAN interface defines the criteria for mirroring traffic.: Syntax: vlan < vid-# > monitor all < in | out | both > mirror < 1 - 4 | name-str > [<...
Page 511: Using Acl Assignment And Traffic Direction To Select The Traffic To Mirror From A Source Switch
Monitoring and Analyzing Switch Operation Traffic Mirroring — Continued from Preceding Page— [ name < name-str >] : Optional; uses a previously configured alphanumeric identifier to associate the traffic source with the mirroring session. The string can be used interchangeably with the mirroring session number when using this command to assign a mirroring source to a session.
Page 512 Monitoring and Analyzing Switch Operation Traffic Mirroring N o t e s If a mirroring session is configured with a mirroring source that uses an ACL for traffic selection, then no other mirroring sources can be configured to use that session. Conversely, if a mirroring session is already configured with a mirroring source that does not use an ACL, then the session cannot accept an additional mirroring source that does use an ACL.
Page 513 Monitoring and Analyzing Switch Operation Traffic Mirroring — Continued from Preceding Page— monitor ip access-group < acl-name > in: For the interface specified by < port/trunk/mesh >, selects the IP traffic to mirror based on the selection criteria specified in the named ACL.
Page 514 Monitoring and Analyzing Switch Operation Traffic Mirroring ACL (Access Control List) Selection Criteria for Mirroring from a VLAN Interface. Syntax: vlan < vid-# > monitor ip access-group < acl-name > in mirror < 1 - 4 | name-str > [< 1 - 4 | name-str >] [< 1 - 4 | name-str >] [<...
Page 515 Monitoring and Analyzing Switch Operation Traffic Mirroring — Continued from Previous Page— [ name < name-str >] : Optional; uses a previously configured alphanumeric identifier to associate the traffic source with the mirroring session. The string can be used interchangeably with the mirroring session number when using this command to assign a mirroring source to a session.
Page 516: Displaying The Mirroring Configuration
Monitoring and Analyzing Switch Operation Traffic Mirroring Displaying the Mirroring Configuration Displaying the Mirroring Configuration Summary This command displays a summary of the current source and destination mirroring configured on the switch. Syntax: show monitor If a remote mirroring source is configured on the switch, then the following fields appear.
Page 517: Network Monitoring
For example, the following summary shows three mirroring sources (one local and two remote) and one remote mirroring destination configured on the switch. Local and Remote Mirroring Sources: ProCurve# show monitor • Session 1 is performing local mirroring from an ACL source. • Session 2 is performing remote Network Monitoring mirroring using non-ACL sources.
Page 518: Displaying The Remote Endpoint Configuration
For example, the following output indicates that a switch is configured as the endpoint (destination) for two remote mirroring sessions from the same source. ProCurve(config)# show monitor endpoint Remote Mirroring - Remote Endpoints Type UDP Source Addr...
Page 519: Displaying A Mirroring Session Configuration On A Source Switch
Monitoring and Analyzing Switch Operation Traffic Mirroring Displaying a Mirroring Session Configuration on a Source Switch Syntax: show monitor < 1 - 4 | name < name-str > This command displays the current configuration of a selected, local or remote mirroring session on a source switch. Session: Displays the numeric ID of the selected session.
Page 520 For example, if you configure remote mirroring session 2 as shown in figure B-22, show monitor 2 displays the session 2 configuration in figure B-23, below. ProCurve(config)# mirror 2 name test-10 remote ip 10.10.10.1 8010 10.10.30.2 Caution: Please configure destination switch first.
Page 521: Viewing Mirroring In The Current Configuration File
Using the show run command, you can view the current mirroring configura- tion on the switch. Source mirroring session entries begin with the mirror keyword and the mirroring sources are listed per-interface. For example: ProCurve(config)# show run Running configuration: ; J8697A Configuration Editor; Created on release #K.12.XX max-vlans 300 ip access-list extended "100"...
Page 522 Traffic Mirroring Destination mirroring session entries begin with mirror endpoint. In the follow- ing example, two sessions are using the same exit port: ProCurve(config)# show run Running configuration: ; J8693A Configuration Editor; Created on release #K.12.XX module 3 type J8694A Configured Destination Mirroring Sessions .
Page 523: Mirroring Configuration Examples
C24. ProCurve(config)# mirror 1 port c24 Caution: Please configure destination switch first. Do you want to continue [y/n]? y ProCurve(config)# interface a5,b17 monitor all in mirror 1 Reminder to configure mirroring Assigns mirrored inbound destination before configuring traffic from ports A5 and source.
Page 524: Remote Mirroring Destination Using A Vlan Interface And An Acl For Mirroring Criteria
Monitoring and Analyzing Switch Operation Traffic Mirroring Remote Mirroring Destination Using a VLAN Interface and an ACL for Mirroring Criteria In the network shown in figure B-29, the system operator has connected a traffic analyzer to port A15 (in VLAN 30) on switch D, and wants to monitor the Telnet traffic to the server at 10.10.30.153 from the workstations on switches A and B.
Page 525 Monitoring and Analyzing Switch Operation Traffic Mirroring Using the ACLs to select the traffic to mirror, configure mirroring sessions for Telnet traffic entering switches A and B on VLANs 10 and 20. (Because the sessions are on different switches, you can use the same session number for both sessions if you want to.) The following three figures illustrate the configuration steps on the mirroring destination switch (switch D) and on the mirroring sources (switches A and...
Page 526 Monitoring and Analyzing Switch Operation Traffic Mirroring Mirror Session Destination Mirror Session 1 Identity Switch-A(config)# mirror 1 remote ip 10.10.10.119 9300 10.10.30.2 Caution: Please configure destination switch first. Do you want to continue [y/n]? y Criteria for Traffic Selection Name of ACL Switch-A(config)# access-list 100 permit tcp any host 10.10.30.153 eq telnet Mirror Session...
Page 527: Remote Mirroring Destination Using A Port Interface And Directional Mirroring Criteria
Monitoring and Analyzing Switch Operation Traffic Mirroring Remote Mirroring Destination Using a Port Interface and Directional Mirroring Criteria In the network shown in figure B-33, the system operator has connected another traffic analyzer to port B10 (in VLAN 40) on switch D, and wants to monitor all traffic entering Switch A from client “X”...
Page 528 Monitoring and Analyzing Switch Operation Traffic Mirroring Configure switch A to mirror session 2 to the destination interface for port B10 on switch D. Use a randomly selected UDP port number of 9400. (Refer to the Note on page B-67.) If you need information on selecting UDP port numbers to use for remote mirroring, refer to the syntax description on page B-42.
Page 529: Maximum Supported Frame Size
Monitoring and Analyzing Switch Operation Traffic Mirroring Maximum Supported Frame Size The IPv4 encapsulation of mirrored traffic adds a 54-byte header to each mirrored frame. If a resulting frame exceeds the MTU (Maximum Transmis- sion Unit) allowed in the network, the frame is dropped. N o t e Mirroring does not truncate frames, and oversized mirroring frames will be dropped.
Page 530: Effect Of Downstream Vlan Tagging On Untagged, Mirrored Traffic
1518 bytes. If the MTU on the path to the destination is 9220 bytes, then untagged, mirrored frames leaving the source switch cannot exceed 9216 bytes. Tagged 10 Gbps VLAN link. Adds 4 bytes to each frame. 6200yl Router in the 5400zl Aggregator Mirror Path...
Page 531 Monitoring and Analyzing Switch Operation Traffic Mirroring Mirroring and Spanning Tree: Mirroring is done regardless of the ■ spanning-tree (STP) state of a port or trunk. This means, for example, that inbound traffic on a port blocked by STP can still be monitored for STP protocol packets during the STP setup phase.
Page 532: Troubleshooting Mirroring
Monitoring and Analyzing Switch Operation Traffic Mirroring Switch Operation as Both Destination and Source: A switch config- ■ ured as remote destination switch can also be configured to mirror traffic to one of its own ports (local mirroring) or to a destination on another switch (remote mirroring).
Page 533 A mirroring exit port should be connected only to a network analyzer, IDS, or other network edge device that has no connection to other network resources. Allowing a mirroring exit port connection to a network can result in serious network performance problems, and is strongly discouraged by ProCurve Networking. B-73...
Page 534 Monitoring and Analyzing Switch Operation Traffic Mirroring — This page is intentionally unused. — B-74...
Page 535: Contents
Troubleshooting Contents Overview ........... . C-3 Troubleshooting Approaches .
Page 536 Troubleshooting Contents CLI: Turning Event Numbering On ......C-30 Reducing Duplicate Event Log and SNMP Trap Messages ..C-30 Debug and Syslog Messaging Operation .
Page 537: Overview
N o t e ProCurve periodically places switch software updates on the ProCurve Net- working web site. ProCurve recommends that you check this web site for software updates that may have fixed a problem you are experiencing. For information on support and warranty provisions, refer to the Support and...
Page 538: Troubleshooting Approaches
Troubleshooting Approaches Troubleshooting Approaches Use these approaches to diagnose switch problems: ■ Check the ProCurve Networking web site for software updates that may have solved your problem: www.procurve.com ■ Check the switch LEDs for indications of proper switch operation: •...
Page 539: Browser Or Telnet Access Problems
Troubleshooting Browser or Telnet Access Problems Browser or Telnet Access Problems Cannot access the web browser interface: Access may be disabled by the Web Agent Enabled parameter in the switch ■ console. Check the setting on this parameter by selecting: 2.
Page 540 Troubleshooting Browser or Telnet Access Problems Cannot Telnet into the switch console from a station on the network: ■ Off subnet management stations can lose Telnet access if you enable routing without first configuring a static (default) route. That is, the switch uses the IP default gateway only while operating as a Layer 2 device.
Page 541: Unusual Network Activity
Unusual network activity is usually indicated by the LEDs on the front of the switch or measured with the switch console interface or with a network management tool such as ProCurve Manager. Refer to the Installation Guide you received with the switch for information on using LEDs to identify unusual network activity.
Page 542: 802.1Q Prioritization Problems
Troubleshooting Unusual Network Activity This can also happen, for example, if the server is first configured to issue IP addresses with an unlimited duration, then is subsequently configured to issue IP addresses that will expire after a limited duration. One solution is to configure “reservations”...
Page 543 Troubleshooting Unusual Network Activity Indicates that routing is enabled; a require- ment for ACL operation. (There is an exception. Refer to the Note, below.) Figure C-1. Indication that Routing Is Enabled Note If an ACL assigned to a VLAN includes an ACE referencing an IP address on the switch itself as a packet source or destination, the ACE screens traffic to or from this switch address regardless of whether IP routing is enabled.
Page 544 Troubleshooting Unusual Network Activity Error (Invalid input) when entering an IP address. When using the “host” option in the command syntax, ensure that you are not including a mask in either dotted decimal or CIDR format. Using the “host” option implies a specific host device and therefore does not permit any mask entry.
Page 545 Troubleshooting Unusual Network Activity common mistake is to either not explicitly permit the switch’s IP address as a DA or to use a wildcard ACL mask in a deny statement that happens to include the switch’s IP address. For an example of this problem, refer to the section titled “General ACL Operating Notes”...
Page 546 Troubleshooting Unusual Network Activity 5400zl 10 Net -- VLAN 1 Switch 2 IP: 10.08.15 10 Net -- VLAN 1 IP: 10.0.8.16 (Deflt. G’Way = 10.0.8.1) (Deflt. G’way = 10.0.8.1) Switch 1 20 Net VLAN 2 20 Net -- VLAN 2 IP: 20.0.8.1 IP: 20.0.8.21 Switch 1 cannot...
Page 547: Igmp-Related Problems
Removing a port from a trunk without first disabling the port can create a traffic loop that can slow down or halt your network. Before removing a port from a trunk, ProCurve recommends that you either disable the port or disconnect it from the LAN.
Page 548: Mesh-Related Problems
Troubleshooting Unusual Network Activity Mesh-Related Problems Traffic on a dynamic VLAN does not get through the switch mesh . GVRP enables dynamic VLANs. Ensure that all switches in the mesh have GVRP enabled. Port-Based Access Control (802.1X)-Related Problems Note To list the 802.1X port-access Event Log messages stored on the switch, use show log 802.
Page 549 Troubleshooting Unusual Network Activity VLAN as untagged on the port to support the client access, as specified in the response from the RADIUS server. Refer to “How 802.1X Authentication Affects VLAN Operation” in the Access Security Guide for your switch. The switch appears to be properly configured as a supplicant, but cannot gain access to the intended authenticator port on the switch to which it is connected.
Page 550 Troubleshooting Unusual Network Activity RADIUS server fails to respond to a request for service, even though the server’s IP address is correctly configured in the switch. Use show radius to verify that the encryption key (RADIUS secret key) the switch is using is correct for the server being contacted.
Page 551: Qos-Related Problems
Troubleshooting Unusual Network Activity QoS-Related Problems Loss of communication when using VLAN-tagged traffic. If you cannot communicate with a device in a tagged VLAN environment, ensure that the device either supports VLAN tagged traffic or is connected to a VLAN port that is configured as Untagged Radius-Related Problems...
Page 552: Spanning-Tree Protocol (Mstp) And Fast-Uplink Problems
Troubleshooting Unusual Network Activity Global RADIUS Encryption Key Unique RADIUS Encryption Key for the RADIUS server at 10.33.18.119 Figure C-7. Examples of Global and Unique Encryption Keys Spanning-Tree Protocol (MSTP) and Fast-Uplink Problems C a u t i o n If you enable MSTP, it is recommended that you leave the remainder of the MSTP parameter settings at their default values until you have had an oppor- tunity to evaluate MSTP performance in your network.
Page 553: Ssh-Related Problems
Troubleshooting Unusual Network Activity Fast-Uplink Troubleshooting. Some of the problems that can result from incorrect usage of Fast-Uplink MSTP include temporary loops and generation of duplicate packets. Problem sources can include: ■ Fast-Uplink is configured on a switch that is the MSTP root device. ■...
Page 554 Troubleshooting Unusual Network Activity Switch does not detect a client’s public key that does appear in the switch’s public key file (show ip client-public-key). The client’s public key entry in the public key file may be preceded by another entry that does not terminate with a new line (CR).
Page 555: Tacacs-Related Problems
Troubleshooting Unusual Network Activity TACACS-Related Problems Event Log. When troubleshooting TACACS+ operation, check the switch’s Event Log for indications of problem areas. All Users Are Locked Out of Access to the Switch. If the switch is func- tioning properly, but no username/password pairs result in console or Telnet access to the switch, the problem may be due to how the TACACS+ server and/or the switch are configured.
Page 556 Troubleshooting Unusual Network Activity The encryption key configured in the server does not match the ■ encryption key configured in the switch (by using the tacacs-server key command). Verify the key in the server and compare it to the key configured in the switch.
Page 557: Timep, Sntp, Or Gateway Problems
Troubleshooting Unusual Network Activity TimeP, SNTP, or Gateway Problems The Switch Cannot Find the Time Server or the Configured Gateway . TimeP, SNTP, and Gateway access are through the primary VLAN, which in the default configuration is the DEFAULT_VLAN. If the primary VLAN has been moved to another VLAN, it may be disabled or does not have ports assigned to it.
Page 558 Troubleshooting Unusual Network Activity Link supporting VLAN_1 and VLAN_2 Switch “Y” Switch “X” Port Y- 7 Port X-3 VLAN Port Assignment VLAN Port Assignment Port VLAN_1 VLAN_2 Port VLAN_1 VLAN_2 Untagged Tagged Untagged Tagged Figure C-8. Example of Correct VLAN Port Assignments on a Link If VLAN_1 (VID=1) is configured as “Untagged”...
Page 559: Fan Failure
When two or more fans fail, a tow-minute timer starts. After two minutes, the switch is powered down and must be rebooted to restart it. This protects the switch from possible overheating. ProCurve recommends that you replace a failed fan tray assembly within one minute of removing it. C-25...
Page 560: Using The Event Log To Identify Problem Sources
W (warning) indicates that a service has behaved unexpectedly. M (major) indicates that a severe switch error has occurred. (debug) reserved for ProCurve internal diagnostic information. Date is the date in mm/dd/yy format that the entry was placed in the log.
Page 561 Troubleshooting Using the Event Log To Identify Problem Sources The Event Log will be erased if power to the switch is interrupted. (The Event Log is not erased by using the Reboot Switch command in the Main Menu.) Table C-1. Event Log System Modules Module Event Description...
Page 562: Menu: Entering And Navigating In The Event Log
Troubleshooting Using the Event Log To Identify Problem Sources Module Event Description Module Event Description Transmission control tftp File transfer for new OS or config. Menu: Entering and Navigating in the Event Log From the Main Menu, select Event Log. Keys: W=Warning I=Information...
Page 563: Cli: Listing Events
Troubleshooting Using the Event Log To Identify Problem Sources CLI: Listing Events The show logging command causes event log provides various options to display log messages including support of keyword searches. Syntax: show logging [-a, -r] [<search-text>] Uses the CLI to list: •...
Page 564: Cli: Turning Event Numbering On
Troubleshooting Using the Event Log To Identify Problem Sources CLI: Turning Event Numbering On Syntax: [no] log-number Turns event numbering on or off Reducing Duplicate Event Log and SNMP Trap Messages A recurring event can generate a series of duplicate Event Log messages and SNMP traps in a relatively short time.
Page 565 Troubleshooting Using the Event Log To Identify Problem Sources Example of Log Message Throttling. For example, suppose that you con- figure VLAN 100 on the switch to support PIM operation, but do not configure an IP address. If PIM attempted to use VLAN 100, the switch would generate the first instance of the following Event Log message and counter.
Page 566 Troubleshooting Using the Event Log To Identify Problem Sources These two messages report separate events involving separate log throttle periods and separate counters. W 10/01/06 09:00:33 PIM : No IP address configured on VID 100 (1) W 10/01/06 09:00:33 PIM : No IP address configured on VID 205 (1) Figure C-12.
Page 567: Debug And Syslog Messaging Operation
Troubleshooting Debug and Syslog Messaging Operation Debug and Syslog Messaging Operation The switch’s Event Log records switch-level progress, status, and warning messages. The Debug/System-Logging (Syslog) feature provides a method for recording messages you can use to help in debugging network-level problems, such as routing misconfigurations and other network protocol details.
Page 568: Debug Command Operation
■ Series 2600 switches and the Switch 6108 (software release H.07.30 or greater) For the latest feature information on ProCurve switches, visit the ProCurve Networking web site and check the latest release notes for the switch products you use. Configure the switch to send Event Log messages to the current manage- ■...
Page 569: Debug Types
Troubleshooting Debug and Syslog Messaging Operation Except as noted below, rebooting the switch returns the debug destination and debug message types to their default settings (disabled). N o t e Using the logging < dest-ip-addr > command to configure a Syslog server address creates an exception to the above general operation.
Page 570 Troubleshooting Debug and Syslog Messaging Operation — Continued from Preceeding Page — event Configures the switch to send Event Log messages to the configured debug destination(s). Note: This has no effect on event notification messages the switch routinely sends to the Event Log itself. Also, this debug type is automatically enabled in these cases: •...
Page 571: Debug Destinations
The session can be on any one terminal emula- tion device with serial, Telnet, or SSH access to the CLI at the Manager level prompt (ProCurve#_ ). If more than one terminal device has a console session with the CLI, you can redirect the destination from the current device to another device.
Page 572: Syslog Operation
Troubleshooting Debug and Syslog Messaging Operation Syslog Operation Syslog is a client-server logging tool that allows a client switch to send event notification messages to a networked device operating with Syslog server software. Messages sent to a Syslog server can be stored to a file for later debugging analysis.
Page 573: Viewing The Debug Configuration
— cron/at subsystem sys10 - sys14 — Reserved for system use local10 - local17 — Reserved for system use For a listing of applicable ProCurve switches, refer to the Note on page C-34. Viewing the Debug Configuration Syntax: show debug This command displays the currently configured debug log- ging destination(s) and type(s).
Page 574 Enable the debug types for which you want messages sent to the Syslog server(s) and/or the current session device: ProCurve# debug < acl | all | event | ip [ospf-opt]> Repeat this step if necessary to enable multiple debug types.
Page 575 Troubleshooting Debug and Syslog Messaging Operation Example: Suppose that there are no Syslog servers configured on the switch (the default). Configuring one Syslog server enables debug logging to that server and also enables Event Log messages to be sent to the server. Displays the default debug configuration.
Page 576 Troubleshooting Debug and Syslog Messaging Operation Example. Suppose that you want to: ■ Configure Syslog logging of ACL and IP-OSPF packet messages on a Syslog server at 18.38.64.164 (with user as the default logging facility). Also display these messages in the CLI session of your terminal device’s ■...
Page 577: Operating Notes For Debug And Syslog
Troubleshooting Debug and Syslog Messaging Operation Operating Notes for Debug and Syslog Rebooting the Switch or pressing the Reset button resets the ■ Debug Configuration. Debug Option Effect of a Reboot or Reset logging (destination) If any Syslog server IP addresses are in the startup-config file, they are saved across a reboot and the logging destination option remains enabled.
Page 578: Diagnostic Tools
Troubleshooting Diagnostic Tools Diagnostic Tools Diagnostic Features Feature Default Menu Port Auto negotiation Ping Test — page C-47 page C-46 Link Test — page C-47 page C-46 Display Config File — page C-57 page C-57 Admin. and Troubleshooting — page C-59 —...
Page 579: Ping And Link Tests
Troubleshooting Diagnostic Tools Ping and Link Tests The Ping test and the Link test are point-to-point tests between your switch and another IEEE 802.3-compliant device on your network. These tests can tell you whether the switch is communicating properly with another device. N o t e To respond to a Ping test or a Link test, the device you are trying to reach must be IEEE 802.3-compliant.
Page 580: Web: Executing Ping Or Link Tests
Troubleshooting Diagnostic Tools Web: Executing Ping or Link Tests 1. Click here. 2. Click here. 3. Select Ping Test (the default) or Link Test 4. For a Ping test, enter the IP address of the target device. For a Link test, enter the MAC address of the target device.
Page 581: Cli: Ping Or Link Tests
Troubleshooting Diagnostic Tools Number of Packets to Send is the number of times you want the switch to attempt to test a connection. Timeout in Seconds is the number of seconds to allow per attempt to test a connection before determining that the current attempt has failed. To halt a Link or Ping test before it concludes, click on the Stop button.
Page 582 Troubleshooting Diagnostic Tools Link Tests. You can issue single or multiple link tests with varying repeti- tions and timeout periods. The defaults are: ■ Repetitions: 1 (1 - 999) Timeout: 5 seconds (1 - 256 seconds) ■ Syntax: link < mac-address > [repetitions < 1 - 999 >] [timeout < 1 - 256 >] [vlan <...
Page 583: Dns Resolver
Troubleshooting Diagnostic Tools DNS Resolver The Domain Name System (DNS) resolver is designed for use in local network domains where it enables use of a host name or fully qualified domain name to perform ping and traceroute operations from the switch. Terminology Domain Suffix —...
Page 584 DNS server. Example. Suppose the switch is configured with the domain suffix mygroup.procurve.net and the IP address for an accessible DNS server. If an operator wants to use the switch to ping a host using the DNS name “leader”...
Page 585: Configuring And Using Dns Resolution With Ping And Traceroute
Troubleshooting Diagnostic Tools Fully Qualified Host Name for ProCurve# traceroute remote-01.common.group.net the Target Host traceroute to 10.22.240.73 1 hop min, 30 hops max, 5 sec. timeout, 3 probes 1 10.28.229.3 0 ms 0 ms 0 ms 2 10.71.217.1 0 ms...
Page 586: Configuring A Dns Entry
Troubleshooting Diagnostic Tools Configuring a DNS Entry The switch allows one DNS server entry, which includes the DNS server IP address and the chosen domain suffix. Configuring the entry enables the use of ping and traceroute with a target’s host name instead of the target’s IP address.
Page 587: Example Using Dns Names With Ping And Traceroute
Troubleshooting Diagnostic Tools Example Using DNS Names with Ping and Traceroute In the network illustrated in figure 20, the switch at 10.28.192.1 is configured to use DNS names for ping and traceroute in the pubs.outdoors.com domain. The DNS server has been configured to assign the host name docservr to the IP address used by the document server (10.28.229.219).
Page 588 With the above already configured, the following commands enable ping and traceroute with the host name docserver to reach the document server at 10.28.229.219. ProCurve(config)# ip dns server-address 10.28.229.10 ProCurve(config)# ip dns domain-name pubs.outdoors.com Figure C-21. Configuring Switch “A” in Figure20 To Support DNS Resolution ProCurve# ping docservr 10.28.229.219 is alive, time = 1 ms...
Page 589: Viewing The Current Dns Configuration
The show ip command displays the current DNS configuration along with other IP configuration information. If the switch configuration currently includes a non-default (non-null) DNS entry, it will also appear in the show run command output. ProCurve# show ip Internet (IP) Service IP Routing : Disabled Default Gateway : 10.28.192.2...
Page 590: Event Log Messages
Troubleshooting Diagnostic Tools Switch-Initiated DNS packets go out through the VLAN having the ■ best route to the DNS server, even if a Management VLAN has been configured. The traceroute command output shows only IP addresses. ■ ■ The DNS server address must be manually input. It is not be automat- ically determined via DHCP.
Page 591: Displaying The Configuration File
Troubleshooting Diagnostic Tools Displaying the Configuration File The complete switch configuration is contained in a file that you can browse from either the web browser interface or the CLI. It may be useful in some troubleshooting scenarios to view the switch configuration. CLI: Viewing the Configuration File Using the CLI, you can display either the running configuration or the startup configuration.
Page 592 Troubleshooting Diagnostic Tools IP routes ■ ■ Status and counters — VLAN information ■ GVRP support Load balancing (trunk and LACP) ■ Syntax: show tech Executing show tech outputs a data listing to your terminal emulator. However, using your terminal emulator’s text capture features, you can also save show data to a text file for viewing, printing, or sending to an associate.
Page 593: Cli Administrative And Troubleshooting Commands
Diagnostic Tools Execute show tech ProCurve# show tech Each time the resulting listing halts and displays -- MORE --, press the Space bar to resume the listing. b. When the CLI prompt appears, the show tech listing is complete. At...
Page 594: Traceroute Command
Troubleshooting Diagnostic Tools setup Displays the Switch Setup screen from the menu interface. repeat Repeatedly executes the previous command until a key is pressed. kill Terminates all other active sessions. Traceroute Command The traceroute command enables you to trace the route from the switch to a host address.
Page 595 Troubleshooting Diagnostic Tools [maxttl < 1-255 >] For the current instance of traceroute, changes the maximum number of hops allowed for each probe packet sent along the route. If the destination address is further from the switch than maxttl allows, then traceroute lists the IP addresses for all hops it detects up to the maxttl limit.
Page 596 Troubleshooting Diagnostic Tools Traceroute does not reach destination IP address because of low maxttl setting. The asterisk indicates there was a timeout on the second probe to the third hop. Figure C-28. Example of Incomplete Traceroute Due to Low Maxttl Setting If A Network Condition Prevents Traceroute from Reaching the Destination.
Page 597: Restoring The Factory-Default Configuration
■ Clear/Reset button combination N o t e ProCurve recommends that you save your configuration to a TFTP server before resetting the switch to its factory-default configuration. You can also save your configuration via Xmodem, to a directly connected PC.
Page 598: Restoring A Flash Image
Troubleshooting Restoring a Flash Image When the Self Test LED begins to flash, release the Clear button. The switch will then complete its self test and begin operating with the configuration restored to the factory default settings. Restoring a Flash Image The switch can lose its operating system if either the primary or secondary flash image location is empty or contains a corrupted OS file and an operator uses the erase flash command to erase a good OS image file from the opposite...
Page 599 Troubleshooting Restoring a Flash Image Since the OS file is large, you can increase the speed of the download by changing the switch console and terminal emulator baud rates to a high speed. For example: Change the switch baud rate to 115,200 Bps. =>...
Page 600 Troubleshooting Restoring a Flash Image Figure C-30. Example of Xmodem Download in Progress When the download completes, the switch reboots from primary flash using the OS image you downloaded in the preceding steps, plus the most recent startup-config file. C-66...
Page 601: Contents
MAC Address Management Contents Overview ........... . D-2 Determining MAC Addresses .
Page 602: Overview
MAC Address Management Overview Overview The switch assigns MAC addresses in these areas: ■ For management functions, one Base MAC address is assigned to the default VLAN (VID = 1). (All VLANs on the switches covered in this guide use the same MAC address.) For internal switch operations: One MAC address per port (Refer to “CLI: ■...
Page 603: Determining Mac Addresses
MAC Address Management Determining MAC Addresses Determining MAC Addresses MAC Address Viewing Methods Feature Default Menu view switch’s base (default vlan) MAC address — and the addressing for any added VLANs view port MAC addresses (hexadecimal format) n/a — — ■...
Page 604: Menu: Viewing The Switch's Mac Addresses
MAC Address Management Determining MAC Addresses Menu: Viewing the Switch’s MAC Addresses The Management Address Information screen lists the MAC addresses for: ■ Base switch (default VLAN; VID = 1) Any additional VLANs configured on the switch. ■ Also, the Base MAC address appears on a label on the back of the switch. N o t e The Base MAC address is used by the first (default) VLAN in the switch.
Page 605: Cli: Viewing The Port And Vlan Mac Addresses
Manager level of the CLI. Type the following command to display the MAC address for each port on the switch: ProCurve# walkmib ifPhysAddress (The above command is not case-sensitive.) For example, on a 5406zl switch with the following module configuration shows MAC address assignments similar to those shown in figure D-2: ■...
Page 606 MAC Address Management Determining MAC Addresses ProCurve# walkmib ifphysaddress ifPhysAddress.1 - 4: Ports A1 - A4 in Slot A ifPhysAddress.1 = 00 12 79 88 b1 ff ifPhysAddress.2 = 00 12 79 88 b1 fe (Addresses 5 - 24 in slot A are unused.) ifPhysAddress.3 = 00 12 79 88 b1 fd...
Page 607: Viewing The Mac Addresses Of Connected Devices
MAC Address Management Viewing the MAC Addresses of Connected Devices Viewing the MAC Addresses of Connected Devices Syntax: show mac-address [ | mac-addr | Lists the MAC addresses of the devices the switch has detected, along with the number of the specific port on which each MAC address was detected.
Page 608 MAC Address Management Viewing the MAC Addresses of Connected Devices — This page is intentionally unused. —...
Page 609: Contents
Monitoring Resources Contents Viewing Information on Resource Usage ..... . . E-2 Policy Enforcement Engine ........E-2 Displaying Current Resource Usage .
Page 610: Viewing Information On Resource Usage
IDM application) for an authenticated client determine the cur- rent resource consumption for this feature on a specified slot (5400zl switches) or port group (3500yl or 6200yl switches). When a client session ends, the resources in use for that client become available for other uses.
Page 611: Displaying Current Resource Usage
Monitoring Resources Viewing Information on Resource Usage Resource usage by the following features, which are configured globally or per-VLAN, applies across all slots with installed modules (5400zl switches) or across all port groups (3500yl or 6200yl switches): ■ ACLs QoS configurations ■...
Page 612 IDM resources on ports 25-48, and ICMP rate-limiting usage of different resource levels on ports 1-24 and 25-48, and on slot A. The “IDM” column shows the rules used for RADIUS-based authentication with or without the IDM option. ProCurve# show access-list resources Resource usage in Policy Enforcement Engine Rules...
Page 613: When Insufficient Resources Are Available
Monitoring Resources When Insufficient Resources Are Available When Insufficient Resources Are Available The switch has ample resources for configuring features and supporting: RADIUS-authenticated clients (with or without the optional IDM applica- ■ tion) ■ Virus throttling and blocking on individual clients. If the resources supporting these features become fully subscribed: ■...
Page 614 Monitoring Resources When Insufficient Resources Are Available — This page is intentionally unused. —...
Page 615: F Daylight Savings Time On Procurve Switches
• ProCurve AdvanceStack Routers ProCurve switches provide a way to automatically adjust the system clock for Daylight Savings Time (DST) changes. To use this feature you define the month and date to begin and to end the change from standard time. In addition to the value “none”...
Page 616 Daylight Savings Time on ProCurve Switches Middle Europe and Portugal: • Begin DST at 2am the first Sunday on or after March 25th. • End DST at 2am the first Sunday on or after September 24th. Southern Hemisphere: • Begin DST at 2am the first Sunday on or after October 25th.
Page 617 Daylight Savings Time on ProCurve Switches Before configuring a “User defined” Daylight Time Rule, it is important to understand how the switch treats the entries. The switch knows which dates are Sundays, and uses an algorithm to determine on which date to change the system clock, given the configured “Beginning day”...
Page 618 Daylight Savings Time on ProCurve Switches — This page is intentionally unused. —...
Page 619 Index Symbols auto MDI/MDI-X port mode, display … 10-17 Auto-10 … 12-4, 12-7, 12-18 => prompt … C-64 autonegotiate … 14-52 Numerics 802.1X bandwidth effect, LLDP … 14-73 displaying port utilization … 10-9 LLDP blocked … 14-40 displaying utilization … 5-17 guaranteed minimum See guaranteed minimum bandwidth.
Page 620 See CLI. default reboot from primary … 6-29 communities, SNMP … 14-14 erasing … 6-32 viewing and configuring with the CLI … 14-15 memory assignments … 6-26 viewing and configuring with the menu … 14-13 memory slot … 6-24, 6-27, 6-29 config files, SFTP/SCP transfer …...
Page 621 copy configuration … C-51, C-54 command output … A-32 configuration error … C-56 crash data … A-33 configuration, viewing … C-55 crash log … A-34 domain name, fully qualified … C-49, C-50, C-54 event log output … A-33 domain suffix … C-49 multiple config file, tftp …...
Page 622 navigation … C-28 guaranteed minimum bandwidth severity level … C-26 apportioning unallocated bandwidth … 13-20 UDLD warning messages … 10-31 configuration … 13-21 use during troubleshooting … C-26 described … 13-18 with debug … C-33, C-43 displaying current configuration … 13-24 excessive frames …...
Page 623 resource usage … E-2 IPX broadcast traffic … 10-4, 10-15 IDM, resources … E-4, E-5 IDS … B-25 IEEE 802.1d … C-18 Java … 5-4, 5-5 IEEE P802.1AB/D9 … 14-38 jumbo frame IGMP VLAN tag … B-69 host not receiving … C-13 jumbo frames not working …...
Page 624 operation not allowed … C-13 DHCP/Bootp operation … 14-39 overview of port mode settings … 12-4 disable, per-port … 14-47 passive … 12-15 display neighbor data … 14-68 removing port from active trunk … 12-16 ELIN … 14-33 restrictions … 12-22 enable/disable, global …...
Page 625 remote manager address … 14-48 loop, network … 12-3 reset counters … 14-70 loopback interface rxonly … 14-47 benefits … 8-15 setmib, delay interval … 14-44 configuration … 8-16 setmib, reinit delay … 14-46 default … 8-15, 8-18 show advertisement data … 14-65 displaying configuration …...
Page 626 MIB … 14-4 exit port, VLAN rule … B-24, B-25, B-27, B-36, MIB listing … 14-4 B-41, B-43, B-72 MIB, HP proprietary … 14-4 exit switch … B-25 MIB, standard … 14-4 frame fragment … B-30 mirroring frame truncation, not allowed … B-30, B-69 802.1Q tag …...
Page 627 remote, defined … B-26 multi-port bridge … 8-2 remote, first release … B-23 remote, supported switches … B-26 session 1, legacy configuration … B-30 NANP … 14-34 session identity … B-41 navigation, console interface … 3-9, 3-10 session limits … B-27, B-41 navigation, event log …...
Page 628 See also troubleshooting. threshold, global power … 11-7 test … C-45 threshold, per-slot … 11-7 ping test threshold, power … 11-17 for troubleshooting … C-45 unneeded power … 11-8 viewing status … 11-21 active ports, defined … 11-4 VLAN assignments … 11-25 advertisements …...
Page 629 … 12-19 Procurve link requirements … 12-3 support URL … 5-13 logical port … 12-8 Procurve, HP, URL … 14-4 media requirements … 12-7 prompt, => … C-64 media type … 12-3 PSAP … 14-34 menu access to static trunk … 12-9 PSE …...
Page 630 intended use … 13-4 RMON groups supported … 14-28 note on testing … 13-9, 13-15 router operating notes … 13-8 gateway … 8-6 optimum packet size … 13-9, 13-15 router, hop … 8-10 per-port only … 13-4 routing purpose … 13-4 gateway fails …...
Page 631 show management … 8-7, 9-9, 9-19 disabling … 9-12 show power-management brief … 11-18 enabling and disabling … 9-10 show tech … C-57 event log messages … 9-27 slow network … C-7 menu interface operation … 9-27 SNMP … 14-3 operating modes …...
Page 632 URL … 5-12 troubleshooting download failures … A-6 URL Window … 5-12 uploading an ACL command file … A-29 switch console using to download switch software … A-4 See console. tftp switch setup menu … 3-8 copying a configuration file … A-25 switch software threshold setting …...
Page 633 … 5-13 restoring factory default configuration … C-63 management server … 5-12, 5-13 spanning tree … C-18 Procurve … 5-13, 14-4 switch software download … A-6 support … 5-12, 5-13 switch won’t reboot, shows => prompt … C-64 traceroute … C-49 copy command output …...
Page 634 duplex … 10-7 advantages … 2-5 port speed … 10-7 web browser access configuration … 7-3 transceiver status … 10-10 web browser enable/disable … 7-4 virtual interface web browser interface See loopback interface access parameters … 5-8 virus throttling … E-2 alert log …...
Page 635 Xmodem copy command output … A-32 copy crash data … A-33 copy crash log … A-34 copy event log output … A-33 copying a configuration file … A-25 copying a software image … A-23 download to primary or secondary flash … A-17 uploading an ACL command file …...
Page 636 — This page is intentionally unused. — 18 – Index...
Page 638 Technical information in this document is subject to change without notice. © Copyright 2005-2007 Hewlett-Packard Development Company, L.P. Reproduction, adaptation, or translation without prior written permission is prohibited except as allowed under the copyright laws. February 2007 Manual Part Number 5991-3826...

This manual is also suitable for:

5400zl 3500yl

ProCurve 6200yl Management And Configuration Manual

Table of Contents

Table of Contents

Product Documentation

Sources for more Information

Need Only a Quick Start?

Overview

Advantages of Using the Menu Interface

Advantages of Using the CLI

Advantages of Using the Web Browser Interface

Or Procurve Manager Plus

Starting and Ending a Menu Session

Main Menu Features

Screen Structure and Navigation

Menu Features List

CLI Control and Editing

General Features

Interface Session with the Switch

Tasks for Your First Procurve Web Browser Interface Session

Support/Mgmt Urls Feature

Status Reporting Features

Using the CLI to Implement Configuration Changes

Using Primary and Secondary Flash Image Options

Multiple Configuration Files

Interface Access: Console/Serial Link, Web, and Inbound Telnet

Sessions

System Information

Loopback Interfaces

Protocol Operation

Timep: Viewing, Selecting, and Configuring

SNTP Unicast Time Polling with Multiple SNTP Servers

Using Friendly (Optional) Port Names

Uni-Directional Link Detection (UDLD)

Poe Devices

General Poe Operation

Configuring Poe Operation

Viewing Poe Configuration and Status

Planning and Implementing a Poe Configuration

Poe Operating Notes

Port Trunk Features and Operation

Menu: Viewing and Configuring a Static Trunk Group

CLI: Viewing and Configuring Port Trunk Groups

Web: Viewing Existing Port Trunk Groups

Trunk Group Operation Using LACP

How the Switch Lists Trunk Data

Rate-Limiting

Guaranteed Minimum Bandwidth (GMB)

Jumbo Frames

Using SNMP Tools to Manage the Switch

LLDP (Link-Layer Discovery Protocol)

Contents

Table of Contents

Workstation

Copying Software Images

Transferring Switch Configurations

Transferring ACL Command Files

Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX

Workstation

Monitoring and Analyzing Switch Operation

Overview

Status and Counters Data

Traffic Mirroring

Quick Links

Chapters

Troubleshooting

Related Manuals for ProCurve 6200yl

Summary of Contents for ProCurve 6200yl