1. Manuals
  2. Brands
  3. HP Manuals
  4. Switch
  5. 445946-001
  6. Application manual

HP 445946-001 Application Manual

10gb ethernet bl-c switch
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
HP 10Gb Ethernet BL-c Switch
Application Guide
Part number: 445946-001
First edition: June 2007

Advertisement

Table of Contents
loading

Related Manuals for HP 445946-001

Summary of Contents for HP 445946-001

  • Page 1 HP 10Gb Ethernet BL-c Switch Application Guide Part number: 445946-001 First edition: June 2007...
  • Page 2 © 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    TACACS+ authentication features ... 26 Authorization... 26 Accounting... 27 Configuring TACACS+ authentication on the switch (CLI example) ... 28 Configuring TACACS+ authentication on the switch (BBI example) ... 29 Secure Shell and Secure Copy... 30 Configuring SSH and SCP features (CLI example)... 31 Using SSH and SCP client commands ...
  • Page 4 Multiple VLANS with tagging... 60 Configuring the example network... 61 Configuring ports and VLANs on Switch 1 (CLI example) ... 61 Configuring ports and VLANs on Switch 2 (CLI example) ... 63 Configuring ports and VLANs on Switch 1 (BBI example) ... 64 FDB static entries...
  • Page 5 Why do we need Multiple Spanning Trees? ... 71 VLAN participation in Spanning Tree Groups ... 72 Configuring Multiple Spanning Tree Groups ... 73 Configuring Switch 1 (CLI example) ... 73 Configuring Switch 2 (CLI example) ... 73 Configuring Switch 1 (BBI example) ... 74 Port Fast Forwarding ...
  • Page 6 Using ACL Groups ... 90 ACL Metering and Re-marking ... 91 Metering ... 91 Re-marking ... 91 Viewing ACL statistics... 91 ACL configuration examples ... 92 Configure Access Control Lists (CLI example) ... 92 Configure Access Control Lists and Groups (BBI example 1) ... 93 Using DSCP values to provide QoS ...
  • Page 7 Neighbors and adjacencies ... 133 Link-State Database ... 133 Shortest Path First Tree ... 133 Internal versus external routing... 134 OSPF implementation in HP 10GbE switch software ... 134 Configurable parameters ... 134 Defining areas ... 135 Assigning the area index ... 135 Using the area ID to assign the OSPF area number ...
  • Page 8 Selecting the master VRRP router ... 174 Failover methods... 175 Active-Active redundancy ... 175 HP 10GbE switch extensions to VRRP ... 176 Tracking VRRP router priority ... 176 Virtual router deployment considerations ... 177 Assigning VRRP virtual router ID ... 177 Configuring the switch for tracking ...

  • Page 9: Accessing The Switch

    Accessing the switch Introduction This guide will help you plan, implement, and administer the switch software for the HP 10Gb Ethernet BL-c Switch. Where possible, each section provides feature overviews, usage examples, and configuration instructions. “Accessing the switch” describes how to configure and view information and statistics on the switch over an IP network.

  • Page 10: Additional References

    The 10GbE switch communicates with the Onboard Administrator through its internal management port (port 17). The factory default settings permit management and control access to the switch through the 10/100 Mbps Ethernet port on the Onboard Administrator, or the built-in console port. You also can use the external Ethernet ports to manage and control the 10GbE switch.

  • Page 11: Connecting Through The Console Port

    Gateway 254—This gateway is the default gateway for the management interface. STG 128—If the HP 10GbE switch is configured to use multiple spanning trees, spanning tree group 128 (STG 128) contains management VLAN 4095, and no other VLANS are allowed in STG 128.

  • Page 12: Using The Command Line Interfaces

    Telnet or SSH. The CLI is the most direct method for collecting switch information and performing switch configuration. The HP 10GbE switch provides two CLI modes: The menu-based AOS CLI, and the tree-based ISCLI. You can set the HP 10GbE switch to use either CLI mode.

  • Page 13: Using The Browser-Based Interface

    By default, the Browser-based Interface (BBI) protocol is enabled on the switch. The Browser-based Interface (BBI) provides access to the common configuration, management and operation features of the switch through your Web browser. For more information, see the HP 10Gb Ethernet BL-c Switch Browser- based Interface Reference Guide.

  • Page 14: Using Simple Network Management Protocol

    The SNMP manager should be able to reach the management interface or any one of the IP interfaces on the switch. For the SNMP manager to receive the traps sent out by the SNMP agent on the switch, the trap host on the switch should be configured with the following command: /cfg/sys/ssnmp/snmpv3/taddr For more details, see “Configuring SNMP trap hosts”.

  • Page 15: User Configuration

    User configuration Users can be configured to use the authentication/privacy options. The HP 10GbE switch supports two authentication algorithms: MD5 and SHA, as specified in the following command: /cfg/sys/ssnmp/snmpv3/usm <x>/auth md5|sha To configure a user with name admin, authentication type MD5, authentication password of admin, and privacy option DES with privacy password of admin, use the following CLI commands: >>...

  • Page 16: View Based Configurations

    View based configurations CLI user equivalent To configure an SNMP user equivalent to the CLI user, use the following configuration: /c/sys/ssnmp/snmpv3/usm 4 name "usr" /c/sys/ssnmp/snmpv3/access 3 name "usrgrp" rview "usr" wview "usr" nview "usr" /c/sys/ssnmp/snmpv3/group 4 uname usr gname usrgrp /c/sys/ssnmp/snmpv3/view 6 name "usr"...

  • Page 17: Cli Oper Equivalent

    "iso" /c/sys/ssnmp/snmpv3/group 10 model snmpv1 uname v1trap gname v1trap In this example the user will receive the traps sent by the switch. (Configure the oper) (Configure access group 4) (Assign oper to access group 4) (Create views for oper) (Configure user named “v1trap”)
  • Page 18 Configure an entry in the notify table. /c/sys/ssnmp/snmpv3/notify 10 name v1trap tag v1trap Specify the IP address and other trap parameters in the Target Address( targetAddr) and Target Parameters (targetParam) tables. Use the following command to specify the user name used with this targetParam table: c/sys/ssnmp/snmpv3/tparam <x>/uname /c/sys/ssnmp/snmpv3/taddr 10...

  • Page 19: Snmpv2 Trap Host Configuration

    SNMPv2 trap host configuration The SNMPv2 trap host configuration is similar to the SNMPv1 trap host configuration. Wherever you specify the model, specify snmpv2 instead of snmpv1. c/sys/ssnmp/snmpv3/usm 10 name "v2trap" /c/sys/ssnmp/snmpv3/access 10 name "v2trap" model snmpv2 nview "iso" /c/sys/ssnmp/snmpv3/group 10 model snmpv2 uname v2trap gname v2trap...

  • Page 20: Secure Access To The Switch

    If the source IP address of the host or hosts is within this range, it is allowed to attempt to log in. Any packet addressed to a switch IP interface with a source IP address outside this range is discarded.

  • Page 21: Configuring An Ip Address Range For The Management Network

    This method is based on a client/server model. The Remote Access Server (RAS)—the switch—is a client to the back-end database server. A remote user (the remote administrator) interacts only with the RAS, not the back-end server and database.

  • Page 22: Configuring Radius On The Switch (Cli Example)

    Configuring RADIUS on the switch (CLI example) To configure RADIUS on the switch, do the following: Turn RADIUS authentication on, and then configure the Primary and Secondary RADIUS servers. For example: >> Main# /cfg/sys/radius >> RADIUS Server# on Current status: OFF New status: >>...

  • Page 23: Configuring Radius On The Switch (Bbi Example)

    Configuring RADIUS on the switch (BBI example) Configure RADIUS parameters. Click the Configure context button. Open the System folder, and select Radius. Enter the IP address of the primary and secondary RADIUS servers, and enter the RADIUS secret for each server. Enable the RADIUS server.

  • Page 24: Radius Authentication Features

    ○ Retries = 1-3 The switch will time out if it does not receive a response from the RADIUS server in one to three retries. The switch will also automatically retry connecting to the RADIUS server before it declares the server down.

  • Page 25: Radius Attributes For User Privileges

    RADIUS attributes for user privileges When the user logs in, the switch authenticates the level of access by sending the RADIUS access request, that is, the client authentication request, to the RADIUS authentication server.

  • Page 26: How Tacacs+ Authentication Works

    Authentication is the action of determining the identity of a user, and is generally done when the user first attempts to log in to a device or gain access to its services. Switch software supports ASCII inbound login to the device. PAP, CHAP and ARAP login methods, TACACS+ change password requests, and one-time password authentication are not supported.

  • Page 27: Accounting

    (0-15) to a corresponding HP 10GbE switch management access level (user, oper, admin, none). If the remote user is authenticated by the authentication server, the HP 10GbE switch verifies the privileges of the remote user and authorizes the appropriate access. When both the primary and secondary authentication servers are not reachable, the administrator has an option to allow backdoor access via the console only or console and Telnet access.

  • Page 28: Configuring Tacacs+ Authentication On The Switch (Cli Example)

    Configuring TACACS+ authentication on the switch (CLI example) Turn TACACS+ authentication on, and then configure the Primary and Secondary TACACS+ servers. >> Main# /cfg/sys/tacacs >> TACACS+ Server# on Current status: OFF New status: ON >> TACACS+ Server# prisrv 10.10.1.1 Current primary TACACS+ server: 0.0.0.0 New pending primary TACACS+ server: 10.10.1.1...

  • Page 29: Configuring Tacacs+ Authentication On The Switch (Bbi Example)

    Configuring TACACS+ authentication on the switch (BBI example) Configure TACACS+ authentication for the switch. Click the Configure context button. Open the System folder, and select Tacacs+. Enter the IP address of the primary and secondary TACACS+ servers, and enter the TACACS+ secret.

  • Page 30: Secure Shell And Secure Copy

    Telnet does not provide this level of security. The Telnet method of managing a switch does not provide a secure connection. SSH is a protocol that enables remote administrators to log securely into the switch over a network to execute management commands. By default, SSH is disabled (off) on the switch.

  • Page 31: Configuring Ssh And Scp Features (Cli Example)

    The switch implementation of SSH is based on version 1.5 and version 2.0, and supports SSH clients from version 1.0 through version 2.0. Client software can use SSH version 1 or version 2. The following SSH clients are supported: SSH 3.0.1 for Linux (freeware) SecureCRT®...

  • Page 32: Using Ssh And Scp Client Commands

    <user>@<switch IP address> For example: >> # ssh admin@205.178.15.157 Downloading configuration from the switch using SCP Enter the following command to download the switch configuration using SCP. You will be prompted for a password: scp <user>@<switch IP address>:getcfg <local filename> For example: >>...

  • Page 33: Ssh And Scp Encryption Of Management Messages

    To support the SSH server feature, two sets of RSA keys (host and server keys) are required. The host key is 1024 bits and is used to identify the switch. The server key is 768 bits and is used to make it impossible to decipher a captured session by breaking into the switch at a later time.

  • Page 34: Ssh/Scp Integration With Radius And Tacacs+ Authentication

    The switch will perform only one session of key/cipher generation at a time. Thus, an SSH/SCP client will not be able to log in if the switch is performing key generation at that time, or if another client has logged in immediately prior.

  • Page 35: Setting Up User Ids

    Enable the user ID. >> # /cfg/sys/access/user/uid <#>/ena Once an end user account is configured and enabled, the user can login to the switch using the username/password combination. The level of switch access is determined by the user CoS for the account.

  • Page 36: Ports And Trunking

    Ports and trunking Introduction The first part of this chapter describes the different types of ports used on the switch. This information is useful in understanding other applications described in this guide, from the context of the embedded switch/server environment.

  • Page 37: Port Trunk Groups

    (XOR of last 3 bits of Source and last 3 bits of Destination IP address). For non-IP traffic, the switch will calculate the trunk port to use for forwarding traffic by implementing the load distribution algorithm on value equals to modulus of (XOR of last 3 bits of Source and last 3 bits of Destination MAC address).

  • Page 38: Trunk Group Configuration Rules

    Read the configuration rules provided in the “Trunk group configuration rules” section. Determine which switch ports (up to six) are to become trunk members (the specific ports making up the trunk). Ensure that the chosen switch ports are set to enabled, using the following command: /cfg/port x/cur Trunk member ports must have the same VLAN configuration.

  • Page 39: Port Trunking Example

    NOTE: The actual mapping of switch ports to NIC interfaces is dependant on the operating system software, the type of server blade, and the enclosure type. For more information, see the HP 10Gb Ethernet BL-c Switch User Guide. Port trunk group configuration example...

  • Page 40: Configuring Trunk Groups (Cli Example)

    Connection problems might arise when using automatic trunk group negotiation on the third-party device. Examine the trunking information on each switch, using the following command: >> /info/l2/trunk Information about each port in each configured trunk group is displayed. Make sure that trunk groups consist of the expected ports and that each port is in the expected state.

  • Page 41: Configuring Trunk Groups (Bbi Example)

    Configuring trunk groups (BBI example) Configure trunk groups. Click the Configure context button on the Toolbar. Open the Layer 2 folder, and select Trunk Groups. Click a Trunk Group number to select it.
  • Page 42 Enable the Trunk Group. To add ports, select each port in the Ports Available list, and click Add. Click Submit. Apply, verify, and save the configuration. Examine the trunking information on each switch. Click the Dashboard context button on the Toolbar.
  • Page 43 Select Trunk Groups. Information about each configured trunk group is displayed. Make sure that trunk groups consist of the expected ports and that each port is in the expected state.

  • Page 44: Configurable Trunk Hash Algorithm

    Admin key—A port’s admin key is an integer value (1-65535) that you can configure in the CLI. Each HP 10GbE switch port that participates in the same LACP trunk group must have the same admin key value. The admin key is local significant, which means the partner switch does not need to use the same admin key value.
  • Page 45 In the configuration shown in the table above, Actor switch ports 18 and 19 aggregate to form an LACP trunk group with Partner switch ports 1 and 2. At the same time, Actor switch ports 20 and 21 form a different LACP trunk group with a different partner.

  • Page 46: Configuring Lacp

    Configuring LACP Use the following procedure to configure LACP for port 20 and port 21 to participate in link aggregation. Set the LACP mode on port 20. >> # /cfg/l2/lacp/port 20 >> LACP port 20# mode active Define the admin key on port 20. Only ports with the same admin key can form a LACP trunk group. >>...

  • Page 47: Port-Based Network Access And Traffic Control

    Configuration Guidelines Extensible authentication protocol over LAN HP 10GbE switch software can provide user-level security for its ports using the IEEE 802.1x protocol, which is a more secure alternative to other methods of port-based network access control. Any device attached to an 802.1x-enabled port that fails authentication is prevented access to the network and denied services offered through that port.

  • Page 48: 802.1X Authentication Process

    Authentication is initiated by one of the following methods: Switch authenticator sends an EAP-Request/Identity packet to the client. Client sends an EAPOL-Start frame to the switch authenticator, which responds with an EAP- Request/Identity frame. The client confirms its identity by sending an EAP-Response/Identity frame to the switch authenticator,...

  • Page 49: 802.1X Port States

    The Radius server chooses an EAP-supported authentication algorithm to verify the client’s identity, and sends an EAP-Request packet to the client via the switch authenticator. The client then replies to the Radius server with an EAP-Response containing its credentials. Upon a successful authentication of the client by the server, the 802.1x-controlled port transitions from unauthorized to authorized state, and the client is allowed full access to services through the controlled port.

  • Page 50: Supported Radius Attributes

    Supported RADIUS attributes The HP 10GbE switch 802.1x Authenticator relies on external RADIUS servers for authentication with EAP. The following table lists the RADIUS attributes that are supported as part of RADIUS-EAP authentication based on the guidelines specified in Annex D of the 802.1x standard and RFC 3580.

  • Page 51: Eapol Configuration Guidelines

    For example, if a HP 10GbE switch is connected to another HP 10GbE switch, and if 802.1x is enabled on both switches, the two connected ports must be configured in force- authorized mode.

  • Page 52: Configuring Port-Based Traffic Control

    Configuring port-based traffic control To configure a port for traffic control, perform the following steps: Configure the traffic-control threshold and enable traffic control. Main# /cfg/port 2 >> Port 2# brate 150000 >> Port 2# mrate 150000 >> Port 2# drate 150000 To disable a traffic-control threshold, use the following command: >>...

  • Page 53: Vlans

    VLANs and port VLAN ID numbers VLAN numbers The HP 10GbE switch supports up to 1,000 VLANs per switch. Even though the maximum number of VLANs supported at any given time is 1,000, each can be identified with any number between 1 and 4095.

  • Page 54: Viewing Vlans

    New pending port VLAN ID: 21 >> Port 21# Each port on the switch can belong to one or more VLANs, and each VLAN can have any number of switch ports in its membership. Any port that belongs to multiple VLANs, however, must have VLAN tagging enabled.

  • Page 55: Vlan Tagging

    Tagged member—a port that has been configured as a tagged member of a specific VLAN. When an untagged frame exits the switch through a tagged member port, the frame header is modified to include the 32-bit tag associated with the PVID. When a tagged frame exits the switch through a tagged member port, the frame header remains unchanged (original VID remains).
  • Page 56 Figure 4 Port-based VLAN assignment As shown in the following figure, the untagged packet is marked (tagged) as it leaves the switch through port 5, which is configured as a tagged member of VLAN 2. The untagged packet remains unchanged as...
  • Page 57 802.1Q tag assignment Figure 6 As shown in the following figure, the tagged packet remains unchanged as it leaves the switch through port 5, which is configured as a tagged member of VLAN 2. However, the tagged packet is stripped (untagged) as it leaves the switch through port 7, which is configured as an untagged member of VLAN 2.

  • Page 58: Vlans And Ip Interfaces

    For example, if all IP interfaces are left on VLAN 1 (the default), and all ports are configured for VLAN 2, and then switch management features are effectively cut off. To remedy this, keep all ports used for remote switch management on the default VLAN and assign an IP interface to the default VLAN.

  • Page 59: Vlan Configuration Rules

    VLANs operate according to specific configuration rules which must be considered when creating VLANs. For example: HP recommends that all ports involved in trunking and Port Mirroring have the same VLAN configuration. If a port is on a trunk with a mirroring port, the VLAN configuration cannot be changed.

  • Page 60: Multiple Vlans With Tagging

    Switch 2 Switch 2 is configured for VLANS 1, 3, and 4. Port 2 is tagged to accept traffic from VLANS 3 and 4. Port 4 is configured only for VLAN 3, so VLAN tagging is off. Port 18 is tagged to accept traffic from VLANs 1 and 3.

  • Page 61: Configuring The Example Network

    Server 1 and PC 3. Using VLAN 2, it can communicate with Server 1, PC 1, and PC 3. The Layer 2 switch port to which it is connected is configured for both VLAN 1 and VLAN 2 and has tagging enabled.
  • Page 62 Configure the VLANs and their member ports. Since all ports are by default configured for VLAN 1, configure only those ports that belong to VLAN 2. >> /cfg/l2/vlan 2 >> VLAN 2# add 1 Current ports for VLAN 2: empty Pending new ports for VLAN 2: 1 >>...

  • Page 63: Configuring Ports And Vlans On Switch 2 (Cli Example)

    Configuring ports and VLANs on Switch 2 (CLI example) To configure ports and VLANs on Switch 2, do the following: On Switch 2, enable VLAN tagging on the necessary ports. Port 4 (connection to server 2) remains untagged, so it is not configured below.

  • Page 64: Configuring Ports And Vlans On Switch 1 (Bbi Example)

    On the switch 1, enable VLAN tagging on the necessary ports. Click the Configure context button on the Toolbar. Open the Switch folder, and select Switch Ports (click the underlined text, not the folder). Click a port number to select it.
  • Page 65 Enable the port and enable VLAN tagging. Click Submit. Configure the VLANs and their member ports. Open the Virtual LANs folder, and select Add VLAN.

  • Page 66: Fdb Static Entries

    Apply, verify, and save the configuration. FDB static entries Static entries in the Forwarding Database (FDB) allow the switch to forward packets without flooding ports to perform a lookup. A FDB static entry is a MAC address associated with a specific port and VLAN. The switch supports 128 static entries.

  • Page 67: Trunking Support For Fdb Static Entries

    FDB static entries are permanent, so the FDB Aging value does not apply to them. Static entries are manually added to the FDB, and manually deleted from the FDB. Incoming frames that contain the static entry as the source MAC can use only ports configured for the static entry.

  • Page 68: Spanning Tree Protocol

    The generic action of a switch on receiving a BPDU is to compare the received BPDU to its own BPDU that it will transmit. If the received BPDU has a priority value closer to zero than its own BPDU, it will replace its BPDU with the received BPDU.

  • Page 69: Determining The Path For Forwarding Bpdus

    By default, all switch ports have the path cost set to 2. To use dynamic path cost, based on link speed, set the path cost to 0 (zero). For example, if the path cost is set to zero:...

  • Page 70: Adding A Vlan To A Spanning Tree Group

    Adding a VLAN to a Spanning Tree Group If no VLANs exist beyond the default VLAN 1, see the “Creating a VLAN” section in this chapter for information on adding ports to VLANs. Add the VLAN to the STG using the command /cfg/l2/stp <stg number>/add <vlan number>. Creating a VLAN When you create a VLAN, then that VLAN automatically belongs to STG 1, the default STG.

  • Page 71: Assigning Cost To Ports And Trunk Groups

    20 and 21 are not part of a Trunk Group. Two VLANs (VLAN 1 and VLAN 2) exist between Switch 1 and Switch 2. If the same Spanning Tree Group is enabled on both switches, the switches see an apparent loop and block port 21 on Switch 2, which cuts off communication between the switches for VLAN 2.

  • Page 72: Vlan Participation In Spanning Tree Groups

    Figure 10 VLAN participation in Spanning Tree Groups The following table shows which switch ports participate in each Spanning Tree Group. By default, server ports (ports 1-16) do not participate in Spanning Tree, even though they are members of their respective VLANs.

  • Page 73: Configuring Multiple Spanning Tree Groups

    Each instance of Spanning Tree Group is enabled by default. Configuring Switch 1 (CLI example) Configure port and VLAN membership on Switch 1 as described in the “Configuring ports and VLANs on Switch 1 (CLI example)” section, in the “VLANs” chapter of this guide.

  • Page 74: Configuring Switch 1 (Bbi Example)

    Configuring Switch 1 (BBI example) Configure port and VLAN membership on Switch 1 as described in the “Configuring ports and VLANs on Switch 1 (BBI example)” section, in the “VLANs” chapter of this guide. Add VLAN 2 to Spanning Tree Group 2.
  • Page 75 Enter the Spanning Tree Group number and set the Switch Spanning Tree State to on. To add a VLAN to the Spanning Tree Group, select the VLAN in the VLANs Available list, and click Add. VLAN 2 is automatically removed from Spanning Tree Group 1.

  • Page 76: Port Fast Forwarding

    >> Spanning Tree Port 20# save Fast Uplink Convergence Fast Uplink Convergence enables the switch to quickly recover from the failure of the primary link or trunk group in a Layer 2 network using Spanning Tree Protocol. Normal recovery can take as long as 60 seconds, while the backup link transitions from Blocking to Listening to Learning and then Forwarding states.

  • Page 77: Rstp And Mstp

    There are new STP parameters to support RSTP, and some values to existing parameters are different. RSTP is compatible with devices that run 802.1d Spanning Tree Protocol. If the switch detects 802.1d BPDUs, it responds with 802.1d-compatible data units. RSTP is not compatible with Per VLAN Spanning Tree (PVST) protocol.

  • Page 78: Port Type And Link Type

    Group 1. The other STP Groups (2-128) are turned off. RSTP configuration example This section provides steps to configure Rapid Spanning Tree on the switch, using the Command Line Interface (CLI) or the Browser-based Interface (BBI). Configuring Rapid Spanning Tree (CLI example) Configure port and VLAN membership on the switch, as described in the “Configuring ports and...

  • Page 79: Configuring Rapid Spanning Tree Protocol (Bbi Example)

    Configuring Rapid Spanning Tree Protocol (BBI example) Configure port and VLAN membership on the switch, as described in the “Configuring ports and VLANs (BBI example)” section in the “VLANs” chapter of this guide. Configure RSTP general parameters. Click the Configure context button on the Toolbar.

  • Page 80: Multiple Spanning Tree Protocol

    The Common Internal Spanning Tree (CIST) provides a common form of Spanning Tree Protocol, with one Spanning Tree instance that can be used throughout the MSTP region. CIST allows the switch to interoperate with legacy equipment, including devices that run IEEE 802.1d (STP).

  • Page 81: Mstp Configuration Guidelines

    MSTP configuration guidelines This section provides important information about configuring Multiple Spanning Tree Groups: When you turn on MSTP, the switch automatically moves VLAN 1 to the Common Internal Spanning Tree (CIST). Region Name and revision level must be configured. Each bridge in the region must have the same name and revision level.

  • Page 82: Configuring Multiple Spanning Tree Protocol (Bbi Example)

    Configuring Multiple Spanning Tree Protocol (BBI example) Configure port and VLAN membership on the switch, as described in the “Configuring ports and VLANs (BBI example)” section in the “VLANs” chapter of this guide. Configure MSTP general parameters. Click the Configure context button on the Toolbar.
  • Page 83 Configure Common Internal Spanning Trees (CIST) bridge parameters. Open the MSTP/RSTP folder, and select CIST-Bridge. Enter the Bridge Priority, Maximum Age, and Forward Delay values. Click Submit.
  • Page 84 Configure Common Internal Spanning Tree (CIST) port parameters. Open the MSTP/RSTP folder, and select CIST-Ports. Click a port number to select it.
  • Page 85 Enter the Port Priority, Path Cost, and select the Link Type. Set the CIST Port State to ON. Click Submit. Apply, verify, and save the configuration.

  • Page 86: Quality Of Service

    By assigning QoS levels to traffic flows on your network, you can ensure that network resources are allocated where they are needed most. QoS features allow you to prioritize network traffic, thereby providing better service for selected applications. The following figure shows the basic QoS model used by the HP 10GbE switch. QoS model Figure 11...

  • Page 87: Using Acl Filters

    Each filter defines the conditions that must match for inclusion in the filter, and also the actions that are performed when a match is made. Summary of packet classifiers The HP 10GbE switch allows you to classify packets based on various parameters, such as: Ethernet ○...
  • Page 88 Table 14 Well-known protocol types Number TCP/UDP ○ TCP/UDP application source port, as shown in the table titled “Well-Known Application Ports” ○ TCP/UDP application destination port, as shown in the table titled “Well-Known Application Ports” ○ TCP/UDP flag value, as shown in the table titled “Well-Known TCP Flag Values” Well-known application ports Table 15 Number...

  • Page 89: Summary Of Acl Actions

    The egress port ACL will not match packets if the destination port is a trunk member. Summary of ACL actions Actions determine how the traffic is treated. The HP 10GbE switch QoS actions include the following: Pass or Drop Re-mark a new DiffServ Code Point (DSCP) Re-mark the 802.1p field...

  • Page 90: Using Acl Groups

    Packet classifiers identify flows for more processing. The HP 10GbE switch supports up to 384 ACLs. Each ACL defines one filter rule. Each filter rule is a collection of matching criteria, and can include an action (permit or deny the packet). For example:...

  • Page 91: Acl Metering And Re-Marking

    ACL Metering and Re-marking You can define a profile for the aggregate traffic flowing through the HP 10GbE switch, by configuring a QoS meter (if desired), and assigning ACL Groups to ports. When you add ACL Groups to a port, make sure they are ordered correctly in terms of precedence.

  • Page 92: Acl Configuration Examples

    ACL configuration examples Configure Access Control Lists (CLI example) The following configuration examples illustrate how to use Access Control Lists (ACLs) to block traffic. These basic configurations illustrate common principles of ACL filtering. NOTE: Each ACL filters traffic that ingresses on the port to which the ACL is added. The egrport classifier filters traffic that ingresses the port to which the ACL is added, and then egresses the port specified by egrport.

  • Page 93: Configure Access Control Lists And Groups (Bbi Example 1)

    Example 3 Use this configuration to block traffic from a source that is destined for a specific egress port. >> Main# /cfg/acl/acl 1 >> ACL 1# ethernet/smac 00:21:00:00:00:00 ff:ff:ff:ff:ff:ff >> Filtering Ethernet# .. >> ACL 1# action deny >> ACL 1# stats e >>...
  • Page 94 Configure the ACL parameters. Set the Filter Action to Deny, the Ethernet Type to IPv4, and the Destination IP Address to 100.10.1.116. Click Submit. Apply, verify, and save the configuration.
  • Page 95 Add ACL 1 to port 1. Click the Configure context button on the Toolbar. Select Switch Ports (click the underlined text, not the folder). Select a port.
  • Page 96 Add the ACL to the port. Click Submit. Apply, verify, and save the configuration.

  • Page 97: Using Dscp Values To Provide Qos

    QoS policies are built by applying a set of rules to packets, based on the DSCP value, as they hop through the network. The HP 10GbE switch default settings are based on the following standard PHBs, as defined in the IEEE standards: Expedited Forwarding (EF)—This PHB has the highest egress priority and lowest drop precedence...

  • Page 98: Qos Levels

    Bronze Using 802.1p priorities to provide QoS The HP 10GbE switch software provides Quality of Service functions based on the priority bits in a packet’s VLAN header. (The priority bits are defined by the 802.1p standard within the IEEE 802.1q VLAN header.) The 802.1p bits, if present in the packet, specify the priority given to packets during...
  • Page 99 0 (zero) indicates a best effort traffic prioritization, and this is the default when traffic priority has not been configured on your network. The switch can filter packets based on the 802.1p values, and it can assign or overwrite the 802.1p value in the packet.

  • Page 100: P Configuration (Cli Example)

    >> 802.1p# apply 802.1p configuration (BBI example) Configure a port’s default 802.1p priority. Click the Configure context button on the Toolbar. Select Switch Ports (click the underlined text, not the folder). (Select port) (Set port’s default 802.1p priority) (Select 802.1p menu)
  • Page 101 Quality of Service Select a port.
  • Page 102 Set the 802.1p priority value. Click Submit.
  • Page 103 Map the 802.1p priority value to a COS queue. Click the Configure context button on the Toolbar. Open the 802.1p folder, and select Priority - CoS. Select an 802.1p priority value. Select a Class of Service queue (CoSQ) to correlate with the 802.1p priority value. Click Submit.
  • Page 104 Set the COS queue scheduling weight. Click the Configure context button on the Toolbar. Open the 802.1p folder, and select CoS - Weight. Select a Class of Service queue (CoS).

  • Page 105: Queuing And Scheduling

    Apply, verify, and save the configuration. Queuing and scheduling The switch can be configured with either two or eight output Class of Service queues (COSq), into which each packet is placed. Each packet’s 802.1p priority determines its COSq, except when an ACL action sets the COSq of the packet.

  • Page 106: Basic Ip Routing

    The physical layout of most corporate networks has evolved over time. Classic hub/router topologies have given way to faster switched topologies, particularly now that switches are increasingly intelligent. HP 10GbE switches are intelligent and fast enough to perform routing functions on a par with wire speed Layer 2 switching.
  • Page 107 This problem is solved by using HP 10GbE switch with built-in IP routing capabilities. Cross-subnet LAN traffic can now be routed within the switches with wire speed Layer 2 switching performance. This not only eases the load on the router but saves the network administrators from reconfiguring each and every end-station with new IP addresses.
  • Page 108 Basic IP routing Take a closer look at the HP 10GbE switch in the following configuration example: Figure 15 Switch-based routing topology The switch connects the Gigabit Ethernet and Fast Ethernet trunks from various switched subnets throughout one building. Common servers are placed on another subnet attached to the switch. Primary and backup routers are attached to the switch on yet another subnet.

  • Page 109: Example Of Subnet Routing

    Example of subnet routing Prior to configuring, you must be connected to the switch Command Line Interface (CLI) as the administrator. NOTE: For details about accessing and using any of the menu commands described in this example, see the HP 10Gb Ethernet BL-c Switch Command Reference.

  • Page 110: Using Vlans To Segregate Broadcast Domains

    Configuring the default gateways allows the switch to send outbound traffic to the routers: >> IP Interface 5# ../gw 1 >> Default gateway 1# addr 205.21.17.1(Assign IP address) >> Default gateway 1# ena >> Default gateway 1# ../gw 2 >> Default gateway 2# addr 205.21.17.2 (Assign address) >>...
  • Page 111 The VLANs shown in the table above are configured as follows: >> # /cfg/l2/vlan 1(Select VLAN 1) >> VLAN 1# add port 20 >> VLAN 1# add port 21 >> VLAN 1# ena >> VLAN 1# ../VLAN 2 >> VLAN 2# add port 18 >>...

  • Page 112: Dynamic Host Configuration Protocol

    DHCP request. DHCP relay agent DHCP is described in RFC 2131, and the DHCP relay agent supported on HP 10GbE switches is described in RFC 1542. DHCP uses UDP as its transport protocol. The client sends messages to the server on port 67 and the server sends messages to the client on port 68.

  • Page 113: Dhcp Relay Agent Configuration

    Figure 16 DHCP relay agent configuration In HP 10GbE switch implementation, there is no need for primary or secondary servers. The client request is forwarded to the BOOTP servers configured on the switch. The use of two servers provides failover redundancy.

  • Page 114: Routing Information Protocol

    RIP identifies network reachability based on cost, and cost is defined as hop count. One hop is considered to be the distance from one switch to the next which is typically 1. This cost or hop count is known as the metric.

  • Page 115: Ripv1

    RIPv2. RIPv2 in RIPv1 compatibility mode HP 10GbE switch software allows you to configure RIPv2 in RIPv1compatibility mode, for using both RIPv2 and RIPv1 routers within a network. In this mode, the regular routing updates use broadcast UDP data packet to allow RIPv1 routers to receive those packets.

  • Page 116: Multicast

    Multicast RIPv2 messages use IP multicast address (224.0.0.9) for periodic broadcasts. Multicast RIPv2 announcements are not processed by RIPv1 routers. IGMP is not needed since these are inter-router messages which are not forwarded. To configure RIPv2 in RIPv1-compatibility mode, set multicast to disable. Default The RIP router can listen and supply a default route, usually represented as 0.0.0.0 in the routing table.

  • Page 117: Rip Configuration Example

    >> RIP Interface 3# save Use the /maint/route/dump command to check the current valid routes in the routing table of the switch. For those RIP learned routes, within the garbage collection period, that are routes phasing out of the routing table with metric 16, use the /info/l3/rip/routes command. Locally configured static routes do not appear in the RIP Routes table.

  • Page 118: Igmp Snooping

    The switch currently supports snooping for IGMP version 1, version 2, and version 3. The switch can sense IGMP Membership Reports from attached host servers and act as a proxy to set up a dedicated path between the requesting host and a local IP Multicast router. After the pathway is established, the switch blocks the IP Multicast stream from flowing through any port that does not connect to a host member, thus conserving bandwidth.

  • Page 119: Igmpv3

    The host can send an IGMPv2 Leave report to the switch, which sends a proxy Leave report to the Mrouter. The multicast path is terminated immediately. A maximum of 8 VLANs can be configured for IGMP Snooping. The switch can learn up to 16 multicast routers, and supports up to 1,000 multicast groups.

  • Page 120: Igmp Filtering

    IGMP Filtering With IGMP Filtering, you can allow or deny a port to send and receive multicast traffic to certain multicast groups. Unauthorized users are restricted from streaming multicast traffic across the network. If access to a multicast group is denied, IGMP Membership Reports from the port for that group are dropped, and the port is not allowed to receive IP multicast traffic from that group.

  • Page 121: Static Multicast Router

    A static multicast router (Mrouter) can be configured for a particular port on a particular VLAN. A static Mrouter does not have to be learned through IGMP Snooping. You can configure static Mrouters on any switch port except the management port 17. The switch supports up to total of sixteen static Mrouters.

  • Page 122: Configuring Igmp Filtering (Cli Example)

    Configuring IGMP Filtering (CLI example) Enable IGMP Filtering on the switch. >> /cfg/l3/igmp/igmpflt >> IGMP Filter# ena Current status: disabled New status: enabled Define an IGMP Filter. >> //cfg/l3/igmp/igmpflt >>IGMP Filter# filter 1 >>IGMP Filter 1 Definition# range 224.0.1.0 Current multicast address2: Enter new multicast address2: 226.0.0.0...

  • Page 123: Configuring Igmp Snooping (Bbi Example)

    Configuring IGMP Snooping (BBI example) Configure port and VLAN membership on the switch, as described in the “Configuring ports and VLANs (BBI example)” section in the “VLANs” chapter. Configure IGMP Snooping. Click the Configure context button. Open the IGMP folder, and select IGMP Snooping (click the underlined text, not the folder).
  • Page 124 Enable IGMP Snooping. Click Submit. Apply, verify, and save the configuration.

  • Page 125: Configuring Igmp Filtering (Bbi Example)

    Configuring IGMP Filtering (BBI example) Configure IGMP Snooping. Enable IGMP Filtering. Click the Configure context button. Open the IGMP folder, and select IGMP Filters (click the underlined text, not the folder). Enable IGMP Filtering globally. Click Submit.
  • Page 126 Define the IGMP Filter. Select Layer 3 > IGMP > IGMP Filters > Add Filter. Enable the IGMP Filter. Assign the range of IP multicast addresses and the filter action (allow or deny). Click Submit.
  • Page 127 Assign the filter to a port and enable IGMP Filtering on the port. Select Layer 3 > IGMP > IGMP Filters > Switch Ports. Select a port from the list.
  • Page 128 Enable IGMP Filtering on the port. Select a filter in the IGMP Filters Available list, and click Add. Click Submit. Apply, verify, and save the configuration.

  • Page 129: Configuring A Static Multicast Router (Bbi Example)

    Configuring a Static Multicast Router (BBI example) Configure Static Mrouter. Click the Configure context button. Open the Switch folder and select Layer 3 > IGMP > IGMP Static Mrouter > Add Mrouter. Enter a port number, VLAN ID number, and IGMP version number.
  • Page 130 IGMP Snooping Apply, verify, and save the configuration.

  • Page 131: Ospf

    OSPF The HP 10GbE switch software supports the Open Shortest Path First (OSPF) routing protocol. The switch implementation conforms to the OSPF version 2 specifications detailed in Internet RFC 1583. The following sections discuss OSPF support for the HP 10GbE switch:...

  • Page 132: Types Of Ospf Routing Devices

    Figure 17 OSPF area types Types of OSPF routing devices As shown in the figure, OSPF uses the following types of routing devices: Internal Router (IR)—a router that has all of its interfaces within the same area. IRs maintain LSDBs identical to those of other routing devices within the local area.

  • Page 133: Neighbors And Adjacencies

    Neighbors and adjacencies In areas with two or more routing devices, neighbors and adjacencies are formed. Neighbors are routing devices that maintain information about each others’ health. To establish neighbor relationships, routing devices periodically send hello packets on each of their interfaces. All routing devices that share a common network segment, appear in the same area, and have the same health parameters (hello and dead intervals) and authentication parameters respond to each other’s hello packets and become neighbors.

  • Page 134: Internal Versus External Routing

    192.204.4.0/24 range, it will carry that data to its destination. OSPF implementation in HP 10GbE switch software The HP 10GbE switch supports a single instance of OSPF and up to 4 K routes on the network. The following sections describe OSPF implementation in switch software:...

  • Page 135: Defining Areas

    (see “Virtual Links”). Up to three OSPF areas can be connected to the HP 10GbE switch. To configure an area, the OSPF number must be defined and then attached to a network interface on the switch. The full process is explained in the following sections.

  • Page 136: Using The Area Id To Assign The Ospf Area Number

    Most common OSPF vendors express the area ID number as a single number. For example, the Cisco IOS-based router command network 1.1.1.0 0.0.0.255 area 1 defines the area number simply as area 1. On the switch, using the last octet in the area ID, area 1 is equivalent to areaid 0.0.0.1.

  • Page 137: Electing The Designated Router And Backup

    OSPF stub areas or NSSAs with only one ABR leading upstream (see Area 1 in the figure below), any traffic for IP address destinations outside the area is forwarded to the switch’s IP interface, and then into the connected transit area (usually the backbone). Since this is automatic, no further configuration is required for such areas.

  • Page 138: Virtual Links

    >> # /cfg/l3/ospf/aindex <area index>/type transit The virtual link must be configured on the routing devices at each endpoint of the virtual link, though they may traverse multiple routing devices. To configure a switch as one endpoint of a virtual link, use the following command: >>...

  • Page 139: Authentication

    OSPF allows packet authentication and uses IP multicast when sending and receiving packets. Routers participate in routing domains based on predefined passwords. The switch software supports simple password (type 1 plain text passwords) and MD5 cryptographic authentication. This type of authentication allows a password to be configured per area.

  • Page 140: Host Routes For Load Balancing

    >> # /cfg/l3/ospf/virt 1/mdkey 2 Host routes for load balancing The HP 10GbE switch implementation of OSPF includes host routes. Host routes are used for advertising network device IP addresses to external networks, accomplishing the following goals: ABR Load Sharing As a form of load balancing, host routes can be used for dividing OSPF traffic among multiple ABRs.

  • Page 141: Ospf Features Not Supported In This Release

    Configuring OSPF on non-broadcast multi-access networks (such as frame relay, X.25, and ATM) OSPF configuration examples A summary of the basic steps for configuring OSPF on the switch is listed here. Detailed instructions for each of the steps are covered in the following sections: Configure IP interfaces.

  • Page 142: Example 1: Simple Ospf Domain (Bbi Example)

    >> IP Interface 2 # mask 255.255.255.0(Set IP mask on stub area network) >> IP Interface 2 # enable(Enable IP interface 2) Enable OSPF. >> IP Interface 2 # /cfg/l3/ospf/on(Enable OSPF on the switch) Define the backbone. The backbone is always configured as a transit area using areaid 0.0.0.0.
  • Page 143 Open the IP Interfaces folder, and select Add IP Interface. Configure an IP interface. Enter the IP address, subnet mask, and enable the interface. Click Submit. Apply, verify, and save the configuration.
  • Page 144 Enable OSPF. Open the OSPF Routing Protocol folder, and select General. Enable OSPF.
  • Page 145 Click Submit. Configure OSPF Areas. Open the OSPF Areas folder, and select Add OSPF Area. Configure the OSPF backbone area 0.
  • Page 146 Click Submit. Select Add OSPF Area. Configure the OSPF area 1. Click Submit.
  • Page 147 OSPF Configure OSPF Interfaces. Open the OSPF Interfaces folder, and select Add OSPF Interface.
  • Page 148 Configure the OSPF Interface 1, and attach it to the backbone area 0. Click Submit. Select Add OSPF Interface.
  • Page 149 Configure the OSPF Interface 2, and attach it to the stub area 1. Click Submit. Apply, verify, and save the configuration.

  • Page 150: Example 2: Virtual Links

    Configure the router ID. A router ID is required when configuring virtual links. Later, when configuring the other end of the virtual link on Switch B, the router ID specified here will be used as the target virtual neighbor (nbr) address >>...

  • Page 151: Configuring Ospf For A Virtual Link On Switch B

    Configuring OSPF for a virtual link on Switch B Configure IP interfaces on each network that will be attached to OSPF areas. Two IP interfaces are needed on Switch B: one for the transit area network on 10.10.12.0/24 and one for the stub area network on 10.10.24.0/24.

  • Page 152: Other Virtual Link Options

    Configure the virtual link. The nbr router ID configured in this step must be the same as the router ID that was configured for Switch A in step 2. >> OSPF Interface 2 # ../virt 1 >> OSPF Virtual Link 1 # aindex 1 >>...
  • Page 153 36.128.200.0 through 36.128.200.255 are kept private. Follow this procedure to configure OSPF support on Switch A and Switch B, as shown in the figure. Configure IP interfaces for each network which will be attached to OSPF areas.

  • Page 154: Verifying Ospf Configuration

    Use the following commands to verify the OSPF configuration on your switch: /info/l3/ospf/general /info/l3/ospf/nbr /info/l3/ospf/dbase/dbsum /info/l3/ospf/routes /stats/l3/route See the HP 10Gb Ethernet BL-c Switch Command Reference for information on the above commands. of summary range) for summary range) (Enable summary range) (Select menu for summary range) (Set base IP address)

  • Page 155: Remote Monitoring

    Group 9: Events RMON group 1—statistics The switch supports collection of Ethernet statistics as outlined in the RMON statistics MIB, in reference to etherStatsTable. You can enable RMON statistics on a per-port basis, and you can view them using the following command: /stat/port x/rmon.

  • Page 156: Configuring Rmon Statistics (Cli Example)

    Configuring RMON Statistics (BBI example) Configure ports. Click the Configure context button. Select Switch Ports (click the underlined text, not the folder). (Select Port 20 RMON) (Enable RMON) (Make your changes active) (Save for restore after reboot) (Select Port 20 Stats)
  • Page 157 Remote monitoring Select a port.

  • Page 158: Rmon Group 2-History

    Data is stored in buckets, which store data gathered during discreet sampling intervals. At each configured interval, the history instance takes a sample of the current Ethernet statistics, and places them into a bucket. History data buckets reside in dynamic memory. When the switch is re-booted, the buckets are emptied.

  • Page 159: History Mib Objects

    Requested buckets (/cfg/rmon/hist x/rbnum) are the number of buckets, or data slots, requested by the user for each History Group. Granted buckets (/info/rmon/hist x/gbnum) are the number of buckets granted by the system, based on the amount of system memory available. The system grants a maximum of 50 buckets.
  • Page 160 Configure RMON History (BBI example) Configure an RMON History group. Click the Configure context button. Open the Switch folder, and select RMON > History > Add History Group. Configure RMON History Group parameters. Click Submit. Apply, verify, and save the configuration.

  • Page 161: Rmon Group 3-Alarms

    When a configured threshold is crossed, an alarm is generated. For example, you can configure the switch to issue an alarm if more than 1,000 CRC errors occur during a 10-minute time interval. Each Alarm index consists of a variable to monitor, a sampling time interval, and parameters for rising and falling thresholds.
  • Page 162 >> RMON Alarm 5# apply >> RMON Alarm 5# save This configuration creates an RMON alarm that checks icmpInEchos on the switch once every minute. If the statistic exceeds 200 within a 60 second interval, an alarm is generated that triggers event index 5.
  • Page 163 Configure RMON Alarm Group parameters to check ifInOctets on port 20 once every hour. Enter a rising limit of two billion, and a rising event index of 6. This configuration creates an RMON alarm that checks ifInOctets on port 20 once every hour. If the statistic exceeds two billion, an alarm is generated that triggers event index 6.
  • Page 164 60, a rising limit of 200, and a rising event index of 5. This configuration creates an RMON alarm that checks icmpInEchos on the switch once every minute. If the statistic exceeds 200 within a 60 second interval, an alarm is generated that triggers event index 5.

  • Page 165: Rmon Group 9-Events

    Apply, verify, and save the configuration. RMON group 9—events The RMON Event group allows you to define events that are triggered by alarms. An event can be a log message, an SNMP trap message, or both. When an alarm is generated, it triggers a corresponding event notification. Use the /cfg/rmon/alarm x/revtidx and /fevtidx commands to correlate an event index to an alarm.

  • Page 166: Configuring Rmon Events (Bbi Example)

    Configure an RMON Event group. Click the Configure context button. Open the Switch folder, and select RMON > Event > Add Event Group. Configure RMON Event Group parameters. This configuration creates an RMON event that sends a SYSLOG message each time it is triggered by an alarm.

  • Page 167: High Availability

    The following figure shows a basic UFD configuration, with a Failure Detection Pair (FDP) that consists of one LtM (Link to Monitor) and one LtD (Link to Disable). When the switch detects a link failure in the LtM, it disables the ports in the LtD. The server blade detects the disabled downlink port, which triggers a NIC...

  • Page 168: Failure Detection Pair

    If Spanning Tree Protocol (STP) is enabled on ports in the LtM, then the switch monitors the STP state and the link status on ports in the LtM. The switch automatically disables the ports in the LtD when it detects a link failure or STP Blocking state.

  • Page 169: Configuration Guidelines

    In this example, NIC 1 is the primary network adapter; NIC 2, NIC 3, and NIC 4 are non-primary adapters. NIC 1 and NIC 2 are connected to port 1 and port 2 on Blade Switch 1. NIC 3 and NIC 4 are connected to port 1 and port 2 on Blade Switch 2.

  • Page 170: Configuring Ufd On Switch 1 (Cli Example)

    >> /cfg/ufd/on >> Uplink Failure Detection# apply >> Uplink Failure Detection# save When a link failure or Spanning Tree blocking occurs on port 19, Blade Switch 1 disables port 1 and port 2. Configuring UFD on Switch 2 (CLI example) Create a trunk group of uplink ports (18-21) to monitor.

  • Page 171: Configuring Uplink Failure Detection (Bbi Example)

    Configuring Uplink Failure Detection (BBI example) Configure Uplink Failure Detection. Click the Configure context button. Open the Switch folder, and select Uplink Failure Detection (click the underlined text, not the folder). Turn Uplink Failure Detection on, and then select FDP.
  • Page 172 Enable the FDP. Select ports in the LtM Ports Available list, and click Add to place the ports into the Link to Monitor (LtM). Select ports in the LtD Ports Available list, and click Add to place the ports into the Link to Disable (LtD). Click Submit.

  • Page 173: Vrrp Overview

    VRRP overview In a high-availability network topology, no device can create a single point-of-failure for the network or force a single point-of-failure to any other part of the network. This means that your network will remain in service despite the failure of any single device. To achieve this usually requires redundancy for all vital network components.

  • Page 174: Master And Backup Virtual Router

    Master and backup virtual router Within each virtual router, one VRRP router is selected to be the virtual router master. See “Selecting the Master VRRP Router” for an explanation of the selection process. NOTE: If the IP address owner is available, it will always become the virtual router master. The virtual router master forwards packets sent to the virtual router.

  • Page 175: Failover Methods

    The HP 10GbE switch high availability configurations are based on VRRP. The switch software implementation of VRRP includes proprietary extensions.

  • Page 176: Hp 10Gbe Switch Extensions To Vrrp

    This section describes VRRP enhancements that are implemented in switch software: Tracking VRRP router priority The HP 10GbE switch software supports a tracking function that dynamically modifies the priority of a VRRP router, based on its current state. The objective of tracking is to have, whenever possible, the master bidding processes for various virtual routers in a LAN converge on the same switch.

  • Page 177: Virtual Router Deployment Considerations

    This behavior is preferred because running one server down is less disruptive than bringing a new master online and severing all active connections in the process. If Switch A is the master and it has two or more active servers fewer than Switch B, then Switch B becomes the master.

  • Page 178: High Availability Configurations

    In the scenario illustrated in the figure, traffic destined for IP address 10.0.1.1 is forwarded through the Layer 2 switch at the top of the drawing, and ingresses Switch A on port 20. Return traffic uses default gateway 1 (192.168.1.1). If the link between Switch A and the Layer 2 switch fails, Switch B becomes the Master because it has a higher priority.
  • Page 179 Configure client and server interfaces. /cfg/l3/if 1 >> IP Interface 1# addr 192.168.1.100 >> IP Interface 1# vlan 10 >> IP Interface 1# ena >> IP Interface 1# .. >> Layer 3# if 2 >> IP Interface 2# addr 192.168.2.101 >>...

  • Page 180: Task 2: Configure Switch B

    Task 2: Configure Switch B Configure ports. /cfg/l2/vlan 10 >> VLAN 10# ena >> VLAN 10# add 20 >> VLAN 10# .. >> Layer 2# vlan 20 >> VLAN 20# ena >> VLAN 20# add 21 Configure client and server interfaces.

  • Page 181: Task 1: Configure Switch A (Bbi Example)

    Turn off Spanning Tree Protocol globally. Apply and save changes. /cfg/l2/stg 1/off >> Spanning Tree Group 1# apply >> Spanning Tree Group 1# save Task 1: Configure Switch A (BBI example) Configure ports and VLANs. Click the Configure context button. Open the Virtual LANs folder, and select Add VLAN.
  • Page 182 Configure port 20 as a member of VLAN 10 and port 21 as a member of VLAN 20. Enable each VLAN. Click Submit. Configure the following client and server interfaces: IF 1 IP address = 192.168.1.100 Subnet mask = 255.255.255.0 VLAN 10 IF 2 IP address = 10.10.12.1...
  • Page 183 Open the IP Interfaces folder, and select Add IP Interface. Configure an IP interface. Enter the IP address, subnet mask, and VLAN membership. Enable the interface. Click Submit.
  • Page 184 Configure the default gateways. Each default gateway points to one of the Layer 2 routers. Open the Default Gateways folder, and select Add Default Gateway. Configure the IP address for each default gateway. Enable the default gateways. Click Submit.
  • Page 185 High availability Turn on VRRP and configure two Virtual Interface routers. Open the Virtual Router Redundancy Protocol folder, and select General.
  • Page 186 Enable VRRP processing. Click Submit. Open the Virtual Routers folder, and select Add Virtual Router.
  • Page 187 Configure the IP address for Virtual Router 1 (VR1). Enable tracking on ports, and set the priority to 101. Enable The Virtual Router. Click Submit. Select Add Virtual Router.
  • Page 188 Configure the IP address for Virtual Router 2 (VR2). Enable tracking on ports, but set the priority to 100 (default value). Enable The Virtual Router. Click Submit. Turn off Spanning Tree globally. Open the Spanning Tree Groups folder, and select Add Spanning Tree Group. Select a Spanning Tree Group.
  • Page 189 High availability...
  • Page 190 Enter Spanning Tree Group ID 1 and set the Switch Spanning Tree State to off. Click Submit. Apply, verify, and save the configuration.

  • Page 191: Troubleshooting Tools

    As shown in the following figure, port 18 is monitoring ingress traffic (traffic entering the switch) on port 21 and egress traffic (traffic leaving the switch) on port 1. You can attach a device to port 18 to monitor the traffic on ports 21 and 1.

  • Page 192: Configuring Port Mirroring (Cli Example)

    Ingress traffic is duplicated and sent to the mirrored port before processing, and egress traffic is duplicated and sent to the mirrored port after processing. Configuring Port Mirroring (CLI example) To configure Port Mirroring for the example shown in the preceding figure: Specify the monitoring port.

  • Page 193: Configuring Port Mirroring (Bbi Example)

    Configuring Port Mirroring (BBI example) Configure Port Mirroring. Click the Configure context button. Open the Switch folder, and select Port-Based Port Mirroring (click the underlined text, not the folder). Click a port number to select a monitoring port.
  • Page 194 Click Add Mirrored Port. Enter a port number for the mirrored port, and select the Port Mirror Direction. Click Submit. Apply, verify, and save the configuration. Verify the Port Mirroring configuration on the switch.

  • Page 195: Other Network Troubleshooting Techniques

    Statistics and state information The switch keeps track of a large number of statistics and many of these are error condition counters. The statistics and state information can be very useful when troubleshooting a LAN or Real Server problem.
  • Page 196 Troubleshooting tools Stack Trace—If a fatal software condition occurs, the switch dumps stack trace data to the console. If you have a console attached to the switch, capture the console dump, and forward it to HP technical support.
  • Page 197 Index 802.1x port states, 49 accessing the switch: defining source IP addresses, 20; RADIUS authentication, 21; security, 20; using the command line interface (CLI), 12 ACL Blocks and Groups, 90 ACL configuration examples, 92 ACL filters, 87 active-active redundancy, 175...
  • Page 198 134 RSA keys, 33 RSTP, 77 security, 20; RADIUS authentication, 21; switch management, 20; VLANs, 53 segmentation, 53 HP-OpenView: HP-OpenView, 14 SNMP, 14 SNMP, 134 SNMP v1.0, 14 SNMP v3.0, 14 Spanning Tree Protocol (STP), multiple instances, 72...

This manual is also suitable for:

445860-b21 - 10gb ethernet bl-c switch

Table of Contents