HP PROCURVE 2520 Management And Configuration Manual

HP PROCURVE 2520 Management And Configuration Manual

Hewlett-packard switch user manual
Hide thumbs Also See for PROCURVE 2520:
Table of Contents

Advertisement

HP ProCurve Switch Software
Management and Configuration Guide
2520 Switches
Software version S.14.03
November 2009

Advertisement

Table of Contents
loading

Summary of Contents for HP PROCURVE 2520

  • Page 1 HP ProCurve Switch Software Management and Configuration Guide 2520 Switches Software version S.14.03 November 2009...
  • Page 3 HP ProCurve 2520 Switches Management and Configuration Guide November 2009 S.14.03...
  • Page 4 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
  • Page 5: Table Of Contents

    Product Documentation About Your Switch Manual Set ......xix Printed Publications......... . xix Electronic Publications .
  • Page 6: Selecting A Management Interface

    Rebooting the Switch ........
  • Page 7: Using The Procurve Web Browser Interface

    Starting a Web Browser Interface Session with the Switch ......5-4 Using a Standalone Web Browser in a PC or UNIX Workstation .
  • Page 8: Switch Memory And Configuration

    Displaying the Current Flash Image Data ..... . 6-13 Switch Software Downloads ....... . . 6-15 Entering a User Name and Password .
  • Page 9 Rebooting the Switch ........
  • Page 10: Interface Access And System Information

    Web: Configuring IP Addressing ......8-10 How IP Addressing Affects Switch Operation ....8-11 IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads .
  • Page 11: Time Protocols

    Protocol Operation ..........9-3 General Steps for Running a Time Protocol on the Switch: ..9-3 Disabling Time Synchronization .
  • Page 12 Enabling or Disabling Flow Control ......10-17 Configuring a Broadcast Limit on the Switch ....10-19 Configuring ProCurve Auto-MDIX .
  • Page 13 Viewing PoE Configuration and Status ..... . . 11-15 Displaying the Switch’s Global PoE Power Status ....11-15 Displaying an Overview of PoE Status on All Ports .
  • Page 14 Trunk Group Operation Using the “Trunk” Option ... . 12-26 How the Switch Lists Trunk Data ......12-27 Outbound Traffic Distribution Across Trunked Links .
  • Page 15 Overview ........... . A-3 Downloading Switch Software ....... . A-3 General Software Download Rules .
  • Page 16 PC or UNIX Workstation ........A-17 Switch-to-Switch Download ....... . A-19 Using PCM+ to Update Switch Software .
  • Page 17 Task Monitor—Collecting Processor Data ..... B-7 Switch Management Address Information ..... . B-8 Menu Access .
  • Page 18 Fan Failure ..........C-21 Using the Event Log for Troubleshooting Switch Problems ..C-22 Event Log Entries .
  • Page 19 Traceroute Command ........C-54 Viewing Switch Configuration and Operation ....C-58 CLI: Viewing the Startup or Running Configuration File .
  • Page 20 Determining MAC Addresses ........D-3 Menu: Viewing the Switch’s MAC Addresses ....D-4 CLI: Viewing the Port and VLAN MAC Addresses .
  • Page 21: Product Documentation

    Note at the top of this page. ■ Read Me First—Provides software update information, product notes, and other information. HP ProCurve Switch Quick Setup—Provides quick start installation ■ instructions. See the Installation and Getting Started Guide for more detailed information.
  • Page 22 Software Feature Index For the software manual set supporting your series 2520 switch models, this feature index indicates which manual to consult for information on a given software feature. Feature 802.1Q VLAN Tagging 802.1p Priority 802.1X Authentication AAA Authentication Authorized IP Managers...
  • Page 23 Feature File Transfers Friendly Port Names GVRP IGMP Interface Access (Telnet, Console/Serial, Web) IP Addressing LACP Link LLDP LLDP-MED Loop Protection MAC Address Management MAC Lockdown MAC Lockout MAC-based Authentication Monitoring and Analysis Multicast Filtering Network Management Applications (LLDP, SNMP) Passwords Ping Port Configuration...
  • Page 24 Feature Power over Ethernet (PoE) Quality of Service (QoS) RADIUS Authentication and Accounting Secure Copy SFTP SNMP Software Downloads (SCP/SFTP, TFTP, Xmodem) Spanning Tree (MSTP) SSH (Secure Shell) Encryption SSL (Secure Socket Layer) Stack Management (Stacking) Syslog System Information TACACS+ Authentication Telnet Access TFTP Time Protocols (TimeP, SNTP)
  • Page 25: Contents

    IP Addressing ..........1-8 To Set Up and Install the Switch in Your Network ....1-8 Physical Installation .
  • Page 26: Introduction

    ProCurve Networking web site, www.procurve.com. Conventions Configuration and Operation Examples Unless otherwise noted, examples using a particular switch model apply to all switch models covered by this guide. Protocol Acronyms IP Refers to the IPv4 protocol unless otherwise noted.
  • Page 27: Command Prompts

    Syntax: aaa port-access authenticator < port-list > Command Prompts In the default configuration, your switch displays a CLI prompt similar to the following example: ProCurve 2520-8-PoE# To simplify recognition, this guide uses ProCurve to represent command prompts for all switch models.
  • Page 28: Keys

    Simulations of actual keys use a bold, sans-serif typeface with square brackets. For example, the Tab key appears as Sources for More Information For information about switch operation and features not covered in this guide, consult the following sources: Feature Index—For information on which manual to consult for a given ■...
  • Page 29 • port configuration, trunking, traffic control, and PoE operation • SNMP, LLDP, and other network management topics • file transfers, switch monitoring, troubleshooting, and MAC address management Advanced Traffic Management Guide—Use this guide for information on ■ topics such as: •...
  • Page 30: Getting Documentation From The Web

    Click on Support. Click on Manuals. Click on the product for which you want to view or download a manual. If you need further information on ProCurve switch technology, visit the ProCurve Networking web site at: Online Help Menu Interface If you need information on specific parameters in the menu interface, refer to the online help provided in the interface.
  • Page 31: Command Line Interface

    Getting Started Sources for More Information Command Line Interface If you need information on a specific command in the CLI, type the command name followed by help. For example: Figure 1-3. Example of CLI Help Web Browser Interface If you need information on specific features in the ProCurve Web Browser Interface (hereafter referred to as the “web browser interface”), use the online Help.
  • Page 32: Ip Addressing

    Need Only a Quick Start? IP Addressing If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, ProCurve recommends that you use the Switch Setup screen to quickly configure IP addressing. To do so, do one of the following: Enter setup at the CLI Manager level prompt.
  • Page 33: Contents

    Selecting a Management Interface Contents Overview ........... . . 2-2 Understanding Management Interfaces .
  • Page 34: Overview

    VT-100/ANSI console built into the switch—2-4 ■ Web browser interface --a switch interface offering status information and a subset of switch commands through a standard web browser (such as Netscape Navigator or Microsoft Internet Explorer)—2-5 ■ ProCurve Manager (PCM)—a windows-based network management solution included in-box with all manageable ProCurve devices.
  • Page 35: Advantages Of Using The Menu Interface

    ■ Offers out-of-band access (through the RS-232 connection) to the switch, so network bottlenecks, crashes, lack of configured or correct IP address, and network downtime do not slow or prevent access Selecting a Management Interface Advantages of Using the Menu Interface •...
  • Page 36: Advantages Of Using The Cli

    ProCurve(<context>)# For example: Figure 2-2. Command Prompt Examples General Benefits ■ Provides access to the complete set of the switch configuration, perfor­ mance, and diagnostic features. Offers out-of-band access (through the RS-232 connection) or Telnet (in­ ■ band) access. ■...
  • Page 37: Advantages Of Using The Web Browser Interface

    VLANs), use the Contents listing at the front of the manual to locate the information you need. ■ For monitoring and analyzing switch operation, refer to Appendix B. For information on individual CLI commands, refer to the Index or to the ■...
  • Page 38: Or Procurve Manager Plus

    Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus More visual cues, using colors, status bars, device icons, and other ■ graphical objects instead of relying solely on alphanumeric values ■ Display of acceptable ranges of values available in configuration list boxes Advantages of Using ProCurve Manager or ProCurve Manager Plus...
  • Page 39 Advantages of Using ProCurve Manager or ProCurve Manager Plus • In-Depth Traffic Analysis: An integrated, low-overhead traffic mon­ itor interface shows detailed information on traffic throughout the network. Using enhanced traffic analysis protocols such as Extended RMON, users can monitor overall traffic levels, segments with the highest traffic, or even the top users within a network segment.
  • Page 40: And Web Browser Interfaces

    Custom Login Banners for the Console and Web Browser Interfaces You can now configure the switch to display a login banner of up to 3070 characters when an operator initiates a management session with the switch through any of the following methods: ■...
  • Page 41: Configuring And Displaying A Non-Default Banner

    Custom Login Banners for the Console and Web Browser Interfaces or if the switch is using the factory-default banner shown in figure 2-5, then the banner page does not appear in the Web browser when an operator initiates a login session with the switch.
  • Page 42 Selecting a Management Interface Custom Login Banners for the Console and Web Browser Interfaces This is a private system maintained by the Unauthorized use of this system can result in In this case, the operator will use the [Enter] key to create line breaks, blank spaces for line centering, and the % symbol to terminate the banner message.
  • Page 43 The next time someone logs onto the switch’s management CLI, the following appears: Figure 2-7. Example of CLI Result of the Login Banner Configuration If someone uses a Web browser to log in to the switch interface, the following message appears: Selecting a Management Interface...
  • Page 44: Operating Notes

    The default banner appears only when the switch is in the factory default configuration. Using no banner motd deletes the currently configured banner text and blocks display of the default banner. The default banner is restored only if the switch is reset to its factory- default configuration. ■...
  • Page 45: Contents

    Rebooting the Switch ........
  • Page 46: Overview

    Event Log, and the Operator level in the CLI. After you configure passwords on the switch and log off of the interface, access to the menu interface (and the CLI and web browser interface) will require entry of either the Manager or Operator password.
  • Page 47: Starting And Ending A Menu Session

    To enter the CLI from the Menu interface, select Starting and Ending a Menu Session You can access the menu interface using any of the following: A direct serial connection to the switch’s console port, as described in the ■ installation guide you received with the switch ■...
  • Page 48: How To Start A Menu Interface Session

    Starting and Ending a Menu Session How To Start a Menu Interface Session In its factory default configuration, the switch console starts with the CLI prompt. To use the menu interface with Manager privileges, go to the Manager level prompt and enter the menu command.
  • Page 49: How To End A Menu Session And Exit From The Console

    For a description of Main Menu features, see “Main Menu Features” on page 3­ N o t e To configure the switch to start with the menu interface instead of the CLI, go to the Manager level prompt in the CLI, enter the setup command, and in the resulting display, change the Logon Default parameter to Menu.
  • Page 50 Telnet session. 2. If you have made configuration changes that require a switch reboot— that is, if an asterisk (*) appears next to a configured item or next to Switch Configuration in the Main Menu: a. Return to the Main Menu.
  • Page 51: Main Menu Features

    The Main Menu gives you access to these Menu interface features: ■ Status and Counters: Provides access to display screens showing switch information, port status and counters, and port and VLAN address tables. (Refer to Appendix B, “Monitoring and Analyzing Switch Opera­ tion”.) Switch Configuration: Provides access to configuration screens for ■...
  • Page 52 (Refer to the Installation and Getting Started Guide for your switch.) Logout: Closes the Menu interface and console session, and disconnects ■ Telnet access to the switch. (See “How to End a Menu Session and Exit from the Console” on page 3-5.)
  • Page 53: Screen Structure And Navigation

    Screen Structure and Navigation Menu interface screens include these three elements: ■ Parameter fields and/or read-only information such as statistics Navigation and configuration actions, such as Save, Edit, and Cancel ■ ■ Help line to describe navigation options, individual parameters, and read- only data For example, in the following System Information screen: Screen title –...
  • Page 54 (or flash) memory, and it is therefore not necessary to reboot the switch after making these changes. But if an asterisk appears next to any menu item you reconfigure, the switch will not activate or save the change for that item until you reboot the switch.
  • Page 55 To get Help on individual parameter descriptions. In most screens there is a Help option in the Actions line. Whenever any of the items in the Actions line is highlighted, press For example: Highlight on any item in the Actions line indicates that the Actions line is active.
  • Page 56: Rebooting The Switch

    To Reboot the switch, use the Reboot Switch option in the Main Menu. (Note that Reboot Switch is not available if you log on in Operator mode; that is, if you enter an Operator password instead of a manager password at the password prompt.)
  • Page 57 If you make configuration changes in the menu interface that require a reboot, the switch displays an asterisk (*) next to the menu item in which the change has been made. For example, if you change and save the value for the Maximum...
  • Page 58: Menu Features List

    • • • • • • Console Passwords Event Log Command Line (CLI) Reboot Switch Download OS (Download Switch Software) Run Setup Stacking Logout 3-14 General System Information Switch Management Address Information Port Status Port Counters VLAN Address Table Port Address Table...
  • Page 59: Where To Go From Here

    Option: To use the Run Setup option To view and monitor switch status and Appendix B, “Monitoring and Analyzing Switch counters To learn how to configure and use passwords and other security features switch.
  • Page 60 Using the Menu Interface Where To Go From Here 3-16...
  • Page 61: Contents

    Using the Command Line Interface (CLI) Contents Overview ........... . . 4-2 Accessing the CLI .
  • Page 62: Accessing The Cli

    You can access the console out-of-band by directly connect­ ing a terminal device to the switch, or in-band by using Telnet either from a terminal device or through the web browser interface.
  • Page 63: Privilege Levels At Logon

    Access Security Guide for your switch.) When you use the CLI to log on to the switch, and passwords are set, you will be prompted to enter a password. For example: Password Prompt Figure 4-1.
  • Page 64: Privilege Level Operation

    A “>” character delimits the Operator-level prompt. For example: ProCurve> _ When using enable to move to the Manager level, the switch prompts you for the Manager password if one has already been configured. 1. Operator Level 2.
  • Page 65: Manager Privileges

    Global Configuration level: Provides all Operator and Manager level privileges, and enables you to make configuration changes to any of the switch’s software features. The prompt for the Global Configuration level includes the system name and “(config)”. To select this level, enter the config command at the Manager prompt.
  • Page 66 Operator and Manager commands. For a list of available commands, enter Execute context-specific configuration commands, such as a particular VLAN or switch port. This is useful for shortening the command strings you type, and for entering a series of commands for the same context. For a list of available commands, enter at the prompt.
  • Page 67: How To Move Between Levels

    ProCurve Moving Between the CLI and the Menu Interface. When moving between interfaces, the switch retains the current privilege level (Manager or Operator). That is, if you are at the Operator level in the menu and select the Command Line Interface (CLI) option from the Main Menu, the CLI prompt appears at the Operator level.
  • Page 68: Listing Commands And Command Options

    If you subsequently execute write memory in the CLI, then the switch also stores “Y” as the IP address for VLAN 1 in the startup-config file. (For more on the startup-config and running config files, see Chapter 6, “Switch Memory and Configuration”.)
  • Page 69 Typing ? at the Manager level produces this listing: When - - MORE - - appears, use the Space bar or [Return] to list additional commands. Figure 4-4.Example of the Manager-Level Command Listing When - - MORE - - appears, there are more commands in the listing. To list the next screenfull of commands, press the Space bar.
  • Page 70: Listing Command Options

    Figure 4-5. Example of How To List the Options for a Specific Command 4-10 [Tab] after a completed command word lists the further options for [Tab] [Tab] This example displays the command options for configuring the switch’s console settings. , the [Tab] . For example, suppose you want...
  • Page 71: Displaying Cli "Help

    Displaying CLI “Help” CLI Help provides two types of context-sensitive information: ■ Command list with a brief summary of each command’s purpose Detailed information on how to use individual commands ■ Displaying Command-List Help. Syntax: help For example, to list the Operator-Level commands with their purposes: Figure 4-6.
  • Page 72 Using the Command Line Interface (CLI) Using the CLI Figure 4-7.Example of How To Display Help for a Specific Command Note that trying to list the help for an individual command from a privilege level that does not include that command results in an error message. For example, trying to list the help for the interface command while at the global configuration level produces this result: ProCurve# speed-duplex help...
  • Page 73: Configuration Commands And The Context Configuration Modes

    However, using a context mode enables you to execute context-specific commands faster, with shorter command strings. The switch offers interface (port or trunk group) and VLAN context configu­ ration modes: Port or Trunk-Group Context. Includes port- or trunk-specific commands that apply only to the selected port(s) or trunk group, plus the global config­...
  • Page 74 Using the Command Line Interface (CLI) Using the CLI The remaining commands in the listing are Manager, Operator, and context commands. Figure 4-8. Context-Specific Commands Affecting Port Context 4-14 In the port context, the first block of commands in the “?” listing show the context-specific commands that will affect only ports C3-C6.
  • Page 75 VLAN, plus Manager and Operator commands. The prompt for this mode includes the VLAN ID of the selected VLAN. For example, if you had already configured a VLAN with an ID of 100 in the switch: ProCurve(config)# vlan 100 Command executed at configuration level to enter VLAN 100 context.
  • Page 76: Cli Control And Editing

    Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing Executing a Prior Command—Redo The redo command executes a prior command in the history list. Syntax: redo [number | command-str] ProCurve(config)# show history ProCurve(config)# redo 2 IP ARP table IP Address ---------------...
  • Page 77 Syntax: repeat [cmdlist] [count] [delay] For example: ProCurve(config)# repeat 1-4,7-8,10 count 2 delay 3 ProCurve(config)# show history show ver show ip show arp ProCurve(config)# repeat 1-2 IP ARP table IP Address MAC Address --------------- ----------------- ------- ---- 15.255.128.1 000000-000000 Internet (IP) Service Default Gateway : Default TTL : 64...
  • Page 78: Using A Command Alias

    Using the Command Line Interface (CLI) CLI Control and Editing Using a Command Alias You can create a simple command alias to use in place of a command name and its options. Choose an alias name that is not an existing CLI command already.
  • Page 79 ProCurve(config)# show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi Status and Counters - Custom Port Status Port Name Type ---- ---------- ---------- ----- --------- ------- ------- -------- Acco 10/100T Huma 10/100T Deve 10/100T Lab1 10/100T ProCurve(config)# alias sic “show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi”...
  • Page 80 Using the Command Line Interface (CLI) CLI Control and Editing ProCurve(config)# show alias Name -------------------- ------------------------------ show config show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi Figure 4-13. Example of Alias Commands and Their Configurations 4-20 Command...
  • Page 81: Cli Editing Shortcuts

    CLI Editing Shortcuts Keystrokes Function [Ctrl] [A] Jumps to the first character of the command line. or [<] Moves the cursor back one character. [Ctrl] [B] [Ctrl] [C] Terminates a task and displays the command prompt. [Ctrl] [D] Deletes the character at the cursor. [Ctrl] [E] Jumps to the end of the current command line.
  • Page 82 Using the Command Line Interface (CLI) CLI Editing Shortcuts 4-22...
  • Page 83: Contents

    Starting a Web Browser Interface Session with the Switch ......5-4 Using a Standalone Web Browser in a PC or UNIX Workstation .
  • Page 84: Overview

    Overview The ProCurve web browser interface built into the switch lets you easily access the switch from a browser-based PC on your network. This lets you do the following: Optimize your network uptime by using the Alert Log and other diagnostic ■...
  • Page 85: General Features

    General Features The web browser interface includes these features: Switch Identity and Status: • General system data • Software version • IP address • Status Overview • Port utilization • Port counters • Port status • Alert log Switch Configuration: •...
  • Page 86: Interface Session With The Switch

    1. Ensure that the Java information on this topic, refer to your browser’s online Help. 2. Use the web browser to access the switch. If your network includes a Domain Name Server (DNS), your switch’s IP address may have a name associated with it (for example, switch8212) that you can type in the Location or Address field instead of the IP address.
  • Page 87: Procurve Manager Plus (Pcm+)

    ProCurve Manager and ProCurve Manager Plus are designed for installation on a network management workstation. For this reason, the system require­ ments are different from the system requirements for accessing the switch’s web browser interface from a non-management PC or workstation. For PCM and PCM+ requirements, refer to the information provided with the software.
  • Page 88 Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Switch First time install alert Figure 5-1. Example of Status Overview Screen...
  • Page 89: Tasks For Your First Procurve Web Browser Interface Session

    Set access to the web browser interface online help Viewing the “First Time Install” Window When you access the switch’s web browser interface for the first time, the Alert log contains a “First Time Install” alert, as shown in figure 5-2. This gives...
  • Page 90: In The Browser Interface

    Guide for your switch. You may want to create both a username and a password to create access security for your switch. There are two levels of access to the interface that can be controlled by setting user names and passwords: ■...
  • Page 91 Passwords you assign in the web browser interface will overwrite previous passwords assigned in either the web browser interface, the CLI, or the menu interface. That is, the most recently assigned passwords are the switch’s passwords, regardless of which interface was used to assign the string.
  • Page 92: Entering A User Name And Password

    The manager and operator passwords are used to control access to all switch interfaces. Once set, you will be prompted to supply the password every time you try to access the switch through any of its interfaces. The password you enter determines the capability you have during that session: ■...
  • Page 93: Online Help For The Web Browser Interface

    Tasks for Your First ProCurve Web Browser Interface Session The Clear button is provided for your convenience, but its presence means that if you are concerned with the security of the switch configuration and operation, you should make sure the switch is installed in a secure location, such as a locked wiring closet.
  • Page 94: Support/Mgmt Urls Feature

    ■ 3. Enter one of the following (or use the default setting): – The URL for the support information source you want the switch to access when you click on the web browser interface Support tab. The default is the URL for the ProCurve Networking home page.
  • Page 95: Support Url

    Support URL This is the site the switch accesses when you click on the Support tab on the web browser interface. The default URL is: www.procurve.com which is the World Wide Web site for ProCurve networking products. Click on technical support on that page to get support information regarding your switch, including white papers, software updates, and more.
  • Page 96: Using The Pcm Server For Switch Web Help

    Using the PCM Server for Switch Web Help For ProCurve devices that support the “Web Help” feature, you can use the PCM server to host the switch help files for devices that do not have HTTP access to the ProCurve Support Web site.
  • Page 97 3. Add an entry, or edit the existing entry in the Discovery portion of the global properties (globalprops.prp) in PCM to redirect the switches to the help files on the PCM server. For example: Global { TempDir=data/temp Discovery{ ..DeviceHelpUrlRedirect=http://15.29.37.12.8040/rnd/device_help You will enter the IP address for your PCM server.
  • Page 98: Status Reporting Features

    Figure 5-8. The Status Overview Window Policy Management and Configuration. PCM can perform network-wide policy management and configuration of your switch. The Management Server URL field (page 5-13) shows the URL for the management station performing that function. For more information, refer to the documentation provided with the PCM software.
  • Page 99: The Port Utilization And Status Displays

    The Port Utilization and Status Displays The Port Utilization and Status displays show an overview of the status of the switch and the amount of network activity on each port. The following figure shows a sample reading of the Port Utilization and Port Status.
  • Page 100 Using the ProCurve Web Browser Interface Status Reporting Features Maximum Activity Indicator: As the bars in the graph area change ■ height to reflect the level of network activity on the corresponding port, they leave an outline to identify the maximum activity level that has been observed on the port.
  • Page 101: Port Status

    Note that the Port Fault-Disabled symbol will be displayed in the legend only if one or more of the ports is in that status. See Appendix B, “Monitoring and Analyzing Switch Opera­ tion” for more information.
  • Page 102: The Alert Log

    The web browser interface Alert Log, shown in the lower half of the screen, shows a list of network occurrences, or alerts, that were detected by the switch. Typical alerts are Broadcast Storm, indicating an excessive number of broadcasts received on a port, and Problem Cable, indicating a faulty cable. A full list of alerts is shown in the table on page 5-21.
  • Page 103: Alert Types And Detailed Views

    N o t e When troubleshooting the sources of alerts, it may be helpful to check the switch’s Port Status and Port Counter windows, or use the CLI or menu interface to view the switch’s Event Log. When you double click on an Alert Entry, the web browser interface displays a separate window showing information about the event.
  • Page 104 Using the ProCurve Web Browser Interface Status Reporting Features Figure 5-14. Example of Alert Log Detail View 5-22...
  • Page 105: Setting Fault Detection Policy

    Setting Fault Detection Policy One of the powerful features in the web browser interface is the Fault Detection facility. For your switch, this feature controls the types of alerts reported to the Alert Log based on their level of severity.
  • Page 106 Log Network Problems is High Sensitivity. The Fault Detection settings are: ■ High Sensitivity. This policy directs the switch to send all alerts to the Alert Log. This setting is most effective on networks that have none or few problems.
  • Page 107: Contents

    Displaying the Current Flash Image Data ..... . 6-13 Switch Software Downloads ....... . . 6-15 Local Switch Software Replacement and Removal .
  • Page 108 Using the Clear + Reset Button Combination To Reset the Switch to Its Default Configuration ......6-34 TFTP: Copying a Configuration File to a Remote Host .
  • Page 109: Configuration File Management

    How the menu interface and web browser interface implement configu­ ration changes ■ How the switch provides software options through primary/secondary flash images How to use the switch’s primary and secondary flash options, including ■ displaying flash information, booting or restarting the switch, and other topics Configuration File Management The switch maintains two configuration files, the running-config file and the startup-config file.
  • Page 110 Running Config File: Exists in volatile memory and controls switch ■ operation. If no configuration changes have been made in the CLI since the switch was last booted, the running-config file is identical to the startup-config file. ■ Startup-config File: Exists in flash (non-volatile) memory and is used to preserve the most recently-saved configuration as the “permanent”...
  • Page 111 CLI to the Menu interface without first using write memory to save the change to the startup-config file, then the switch prompts you to save the change. For example, if you use the CLI to create VLAN 20, and then select the menu interface, VLAN 20 is configured in the running-config file, but not in the startup-config file.
  • Page 112: Using The Cli To Implement Configuration Changes

    How To Use the CLI To Reconfigure Switch Features. Use this proce­ dure to permanently change the switch configuration (that is, to enter a change in the startup-config file). 1. Use the appropriate CLI commands to reconfigure the desired switch parameters.
  • Page 113 For example, the default port mode setting is uses Cat 3 wiring and you want to connect the switch to another autosensing device capable of 100 Mbps operation. Because 100 Mbps over Cat 3 wiring...
  • Page 114 (figure 6-6-2, above) to save the change to the startup-config file. That is, if you use the CLI to change a parameter setting, but then reboot the switch from either the CLI or the menu interface without first executing the...
  • Page 115: Configuration Changes

    Using the Menu and Web Browser Interfaces To Implement Configuration Changes The menu and web browser interfaces offer these advantages: Quick, easy menu or window access to a subset of switch configuration ■ features ■ Viewing several related configuration parameters in the same screen, with...
  • Page 116: Menu: Implementing Configuration Changes

    (even if you execute a Save operation in the menu interface). If you then execute a switch boot command in the menu interface, 6-10 in the Menu Interface...
  • Page 117: Rebooting From The Menu Interface

    To Reboot the switch, use the Reboot Switch option in the Main Menu. (Note that the Reboot Switch option is not available if you log on in Operator mode; that is, if you enter an Operator password instead of a manager password at the password prompt.)
  • Page 118: Web: Implementing Configuration Changes

    Web: Implementing Configuration Changes You can use the web browser interface to simultaneously save and implement a subset of switch configuration changes without having to reboot the switch. That is, when you save a configuration change (in most cases, by clicking on [Apply Changes] config file and the startup-config file.
  • Page 119: Using Primary And Secondary Flash Image Options

    For example, you can copy a problem image into Secondary flash for later analysis and place another, proven image in Primary flash to run your system. The switch can use only one image at a time.
  • Page 120 Switch Memory and Configuration Using Primary and Secondary Flash Image Options For example, if the switch is using a software version of S.14.XX stored in Primary flash, show version produces the following: ProCurve(config)# show version Image stamp: Boot Image: Figure 6-7.
  • Page 121: Switch Software Downloads

    In the unlikely event that the primary image is corrupted, as a result of an interruption, the switch will reboot from secondary Using Primary and Secondary Flash Image Options /sw/code/build/info(s02) Sept 01 2008 14.03.06...
  • Page 122: Local Switch Software Replacement And Removal

    In this case, the switch will not have a valid flash image in either flash location, but will continue running on a temporary flash image in RAM.
  • Page 123 No Undo! (secondary or primary). If the switch has only one flash image loaded (in either primary or secondary flash) and you erase that image, then the switch does not have a software image stored in flash.
  • Page 124: Operating Notes About Booting

    [primary | secondary] or boot set-default flash [primary | secondary] command. Both the boot command and the reload command will reboot based on how these options have been selected. Boot Attempts from an Empty Flash Location. In this case, the switch aborts the attempt and displays Image does not exist Operation aborted.
  • Page 125: Boot And Reload Command Comparison

    Simi­ larly, If you create a startup-config file while using a version “Y” of the switch software, and then reboot the switch with an earlier software version “X” that does not include all of the features found in “Y”, the software simply ignores the parameters for any features that it does not support.
  • Page 126: Setting The Default Flash

    Syntax: Booting from the Default Flash (Primary or Secondary) The boot command boots the switch from the flash image that you are currently booted on, or the flash image that was set either by the boot set- default command or by the last executed boot system flash <primary | secondary>...
  • Page 127: Using Reload

    <primary | secondary> command. Because reload bypasses some subsystem self-tests, the switch reboots faster than if you use either of the boot command options. Syntax: reload For example, if you change the number of VLANs the switch supports, you must reboot the switch in order to implement the change.
  • Page 128 Using Primary and Secondary Flash Image Options Scheduled Reload. Additional parameters have been added to the reload command to allow for a scheduled reboot of the switch via the CLI. Syntax: [no] reload [after <[dd:]hh:]mm> | at <hh:mm[:ss]> [<mm/dd[/[yy]yy]>]] The scheduled reload feature removes the requirement to physically reboot the switch at inconvenient times (for example, at 1:00 in the morning).
  • Page 129: Multiple Configuration Files

    Copying Startup-Config Files to or from a Remote Server This method of operation means that you cannot preserve different startup­ config files across a reboot without using remote storage. The switch allows up to three startup-config files with options for selecting which startup-config file to use for: ■...
  • Page 130: General Operation

    (if the software version supports the configured features). Boot Options. With multiple startup-config files in the switch you can spec­ ify a policy for the switch to use upon reboot. The options include: Use the designated startup-config file with either or both reboot paths ■...
  • Page 131 2. Use the CLI to make configuration changes in the running-config file, and then execute write mem. The result is that the startup-config file used to reboot the switch is modified by the actions in step 2. Active Startup-Config File:...
  • Page 132: Transitioning To Multiple Configuration Files

    Assigns the workingConfig file as the active configuration and the default ■ configuration for all subsequent reboots using either primary or second­ ary flash. Figure 6-16. Switch Memory Assignments After the First Reboot from Software In the above state, the switch always: Uses the workingConfig file to reboot ■...
  • Page 133: Listing And Displaying Startup-Config Files

    Syntax: show config files This command displays the available startup-config files on the switch and the current use of each file. id: Identifies the memory slot for each startup-config file available on the switch. act: An asterisk ( corresponding startup-config file is currently in use.
  • Page 134: Displaying The Content Of A Specific Startup-Config File

    (primary or secondary) being used for the current reboot. For exam­ ple, when you first download a software version that supports multiple configuration files and boot from the flash location of this version, the switch copies the existing startup-config file (named oldConfig) into memory slot 2, renames this file to workingConfig, and assigns workingConfig as: ■...
  • Page 135 The operator wants to ensure that in case of a need to reboot by pressing the Reset button, or if a power failure occurs, the switch will automatically reboot with the minimal startup-config file in memory slot 1. Since a reboot due to...
  • Page 136: Managing Startup-Config Files In The Switch

    This command boots the switch from the currently active flash image and startup-config file. Because reload bypasses some subsystem self-tests, the switch boots faster than if you use a boot command. Note: To identify the currently active startup-config file, use the show config files command.
  • Page 137: Renaming An Existing Startup-Config File

    (“ “ or ‘ ‘). (File names are not case-sensitive.) Creating a New Startup-Config File The switch allows up to three startup-config files. You can create a new startup-config file if there is an empty memory slot or if you want to replace one startup-config file with another.
  • Page 138: Erasing A Startup-Config File

    Figure 6-18. Example of Creating and Assigning a New Startup-Config File N o t e You can also generate a new startup-config file by booting the switch from a flash memory location from which you have erased the currently assigned startup-config file.
  • Page 139 Thus, if the switch boots using a flash location that does not have an assigned startup-config, then the switch creates a new, default startup-config file and uses this file in the reboot.
  • Page 140: Switch To Its Default Configuration

    Figure 6-19. Example of Erasing a Non-Active Startup-Config File With the same memory configuration as is shown in the bottom portion of figure 6-19, executing erase startup-config boots the switch from primary flash, resulting in a new file named minconfig in the same memory slot. The new file contains the default configuration for the software version currently in pri­...
  • Page 141: Transferring Startup-Config Files To Or From A Remote Server

    TFTP: Copying a Configuration File to a Remote Host Syntax: For example, the following command copies a startup-config file named test­ 01 from the switch to a (UNIX) TFTP server at IP address 10.10.28.14: ProCurve(config)# copy config test-01 tftp 10.10.28.14 test-01.txt unix Pressing Clear + Reset: –...
  • Page 142: Tftp: Copying A Configuration File From A Remote Host

    TFTP server to the switch. Note: This command requires an empty memory slot in the switch. If there are no empty memory slots, the CLI displays the following message: Unable to copy configuration to "< filename >".
  • Page 143: Connected Host

    C a u t i o n This feature must use configuration files generated on the switch to function correctly. If you use configuration files that were not generated on the switch, and then enable this feature, the switch may reboot continuously.
  • Page 144: Cli Command

    Switch Memory and Configuration Automatic Configuration Update with DHCP Option 66 CLI Command The command to enable the configuration update using Option 66 is: Syntax: [no] dhcp config-file-update ProCurve(config)# dhcp config-file-update Figure 6-21. Example of Enabling Configuration File Update Using Option 66...
  • Page 145: Log Messages

    Operating Notes Replacing the Existing Configuration File: After the DHCP client down­ loads the configuration file, the switch compares the contents of that file with the existing configuration file. If the content is different, the new configuration file replaces the existing file and the switch reboots.
  • Page 146 Switch Memory and Configuration Automatic Configuration Update with DHCP Option 66 6-40...
  • Page 147: Contents

    Interface Access and System Information Contents Overview ........... . . 7-2 Interface Access: Console/Serial Link, Web, and Inbound Telnet .
  • Page 148: Overview

    Use the CLI kill command to terminate a remote session ■ ■ View and modify switch system information For help on how to actually use the interfaces built into the switch, refer to: Chapter 3, “Using the Menu Interface” ■ Chapter 4, “Using the Command Line Interface (CLI)”...
  • Page 149: Interface Access: Console/Serial Link, Web, And Inbound Telnet

    Access Security Guide for your switch. You can also simply block unauthorized access via the web browser interface or Telnet (as described in this section) and installing the switch in a locked environment.
  • Page 150: Menu: Modifying The Interface Access

    Web Agent Enabled ■ To Access the Interface Access Parameters: From the Main Menu, Select... 2. Switch Configuration... Figure 7-1. The Default Interface Access Parameters Available in the Menu Interface Press 1. System Information (for Edit). The cursor moves to the System Name field.
  • Page 151: Cli: Modifying The Interface Access

    [no] web-management console Listing the Current Console/Serial Link Configuration. This command lists the current interface access parameter settings. Syntax: show console This example shows the switch’s default console/serial configuration. Interface Access Enable/Disable Console Control Options Figure 7-2. Listing of Show Console Command Reconfigure Inbound Telnet Access.
  • Page 152 Initiates an outbound telnet session to another network device. The destination can be specified as: • IPv4 address • IPv6 address • H ostname • Stack number of a member switch (1-16) if the switch is a commander in a stack and stacking is enabled...
  • Page 153 Interface Access: Console/Serial Link, Web, and Inbound Telnet ProCurve(config)# show telnet Telnet Activity -------------------------------------------------------- Session : ** Privilege: Manager From : Console ------------------------------------------------------- Session : ** Privilege: Manager From : 12.13.14.10 : 15.33.66.20 ------------------------------------------------------- Session : ** Privilege: Operator From : 2001:db7:5:0:203:4ff:fe0a:251 : 2001:db7:5:0:203:4ff1:fddd:12 Figure 7-3.
  • Page 154 Syntax: console N o t e If you change the Baud Rate or Flow Control settings for the switch, you should make the corresponding changes in your console access device. Other­ wise, you may lose connectivity between the switch and your terminal emulator due to differences between the terminal and switch settings for these two parameters.
  • Page 155: Sessions

    Syntax: kill [< session-number >] For example, if you are using the switch’s serial port for a console session and want to terminate a currently active Telnet session, you would do the following:...
  • Page 156 Interface Access and System Information Denying Interface Access by Terminating Remote Management Sessions Figure 7-6. Example of Using the “Kill” Command To Terminate a Remote Session 7-10 Session 2 is an active Session 2 is an active Telnet session. Telnet session. The kill 2 command terminates session 2.
  • Page 157: System Information

    MAC Age Time: The number of seconds a MAC address the switch has learned remains in the switch’s address table before being aged out (deleted).
  • Page 158: Menu: Viewing And Configuring System Information

    Menu: Viewing and Configuring System Information To access the system information parameters: From the Main Menu, Select... 2. Switch Configuration... Figure 7-7. The System Information Configuration Screen (Default Values) N o t e To help simplify administration, it is recommended that you configure System Name to a character string that is meaningful within your system.
  • Page 159: Cli: Viewing And Configuring System Information

    Listing the Current System Information. This command lists the current system information settings. Syntax: show system information This example shows the switch’s default console configuration. ProCurve# show system information Status and Counters - General System Information System Name : ProCurve...
  • Page 160 Syntax: hostname < name-string > Each field allows up to 255 characters. For example, to name the switch “Blue” with “Ext-4474” as the system contact, and “North-Data-Room” as the location: ProCurve(config)# hostname Blue Blue(config)# snmp-server contact Ext-4474 location North-Data-Room...
  • Page 161 MENU ProCurve-Switch-2520 ===========================- TELNET - MANAGER MODE =========================== Switch Configuration - System Information System Name : Green System Contact : Ext-4475 System Location : + characters of the location are missing. It’s too long. Inactivity Timeout (min) [0] : 0...
  • Page 162 Also, executing time without parameters lists the switch’s time of day and date. Note that the CLI uses a 24­ hour clock scheme; that is, hour (hh) values from 1 p.m. to midnight are input as 13 - 24, respectively.
  • Page 163: Web: Configuring System Parameters

    Click on the Configuration tab. Click on Enter the data you want in the displayed fields. Implement your new data by clicking on To access the web-based help provided for the switch, click on browser screen. Interface Access and System Information [System Info]...
  • Page 164 Interface Access and System Information System Information 7-18...
  • Page 165: Contents

    Web: Configuring IP Addressing ......8-10 How IP Addressing Affects Switch Operation ....8-11 IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads .
  • Page 166: Ip Configuration

    However, to enable specific management access and control through your network, you will need IP addressing. Table 8-1 on page 8-11 shows the switch features that depend on IP addressing to operate. IP Configuration...
  • Page 167: Just Want A Quick Start With Ip Addressing

    In most cases, the default setting (64) is adequate. Just Want a Quick Start with IP Addressing? If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, ProCurve recommends that you use the Switch Setup screen to quickly configure IP addressing.
  • Page 168: Ip Addressing With Multiple Vlans

    In the factory-default configuration, the switch has one, permanent default VLAN (named DEFAULT_VLAN) that includes all ports on the switch. Thus, when only the default VLAN exists in the switch, if you assign an IP address and subnet mask to the switch, you are actually assigning the IP addressing to the DEFAULT_VLAN.
  • Page 169: Menu: Configuring Ip Address, Gateway, And Time-To-Live (Ttl)

    To manually enter an IP address, subnet mask, set the IP Config parameter ■ to Manual and then manually enter the IP address and subnet mask values you want for the switch. To use DHCP or Bootp, use the menu interface to ensure that the IP Config ■...
  • Page 170: Cli: Configuring Ip Address, Gateway, And Time-To-Live (Ttl)

    Configuring IP Addressing IP Configuration 3. If the switch needs to access a router, for example, to reach off-subnet destinations, select the Default Gateway field and enter the IP address of the gateway router. 4. If you need to change the packet Time-To-Live (TTL) setting, select Default TTL and type in a value between 2 and 255.
  • Page 171 ID of the VLAN for which you are configuring IP addressing or go to the context configuration level for that VLAN. (If you are not using VLANs on the switch—that is, if the only VLAN is the default VLAN—then the VLAN ID is always “1”.)
  • Page 172 ProCurve (config) no vlan 1 ip address 10.28.227.103/24 Configure Multiple IP Addresses on a VLAN (Multinetting). The fol­ lowing is supported: Up to 2048 IP addresses for the switch ■ Up to 32 IP addresses for the same VLAN ■...
  • Page 173 1. Go to VLAN 20. 2. Configure two additional IP addresses on VLAN 3. Display IP addressing. Figure 8-4. Example of Configuring and Displaying a Multinetted VLAN If you then wanted to multinet the default VLAN, you would do the following: Figure 8-5.
  • Page 174: Web: Configuring Ip Addressing

    Configure the Optional Default Gateway. Using the Global configura­ tion level, you can manually assign one default gateway to the switch. (The switch does not allow IP addressing received from a DHCP or Bootp server to replace a manually configured default gateway.)
  • Page 175: How Ip Addressing Affects Switch Operation

    How IP Addressing Affects Switch Operation Without an IP address and subnet mask compatible with your network, the switch can be managed only through a direct terminal device connection to the Console RS-232 port. You can use direct-connect console access to take advantage of features that do not depend on IP addressing.
  • Page 176: Dhcp/Bootp Operation

    DHCP/Bootp Operation Overview. DHCP/Bootp is used to provide configuration data from a DHCP or Bootp server to the switch. This data can be the IP address, subnet mask, default gateway, Timep Server address, and TFTP server address. If a TFTP server address is provided, this allows the switch to TFTP a previously saved configuration file from the TFTP server to the switch.
  • Page 177 Depending on how the DHCP server is configured, the switch may receive an IP address that is temporarily leased. Periodically the switch may be required to renew its lease of the IP configuration. Thus, the IP addressing provided by the server may be different each time the switch reboots or renews its configuration from the server.
  • Page 178: Network Preparations For Configuring Dhcp/Bootp

    2520switch is a user-defined symbolic name to help you find the correct section of the T144 N o t e The above Bootp table entry is a sample that will work for the switch when the appropriate addresses and file names are used. Network Preparations for Configuring DHCP/Bootp In its default configuration, the switch is configured for DHCP/Bootp opera­...
  • Page 179 If the DHCP/Bootp reply provides information for downloading a config­ ■ uration file, the switch uses TFTP to download the file from the designated source, then reboots itself. (This assumes that the switch or VLAN has connectivity to the TFTP file server specified in the reply, that the config­...
  • Page 180: Ip Preserve: Retaining Vlan-1 Ip Addressing Across Configuration File Downloads

    For the switches covered in this guide, IP Preserve enables you to copy a configuration file to multiple switches while retaining the individual IP address and subnet mask on VLAN 1 in each switch, and the Gateway IP address assigned to the switch. This enables you to distribute the same configuration file to multiple switches without overwriting their individual IP addresses.
  • Page 181 Figure 8-7. Example of IP Preserve Operation with Multiple Series Switches If you apply the following configuration file to figure 8-7, switches 1 - 3 will retain their manually assigned IP addressing and switch 4 will be configured to acquire its IP addressing from a DHCP server.
  • Page 182 Figure 8-8. Configuration File in TFTP Server, with DHCP/Bootp Specified as the IP Addressing Source If you apply this configuration file to figure 8-7, switches 1 - 3 will still retain their manually assigned IP addressing. However, switch 4 will be configured with the IP addressing included in the file.
  • Page 183 IP addressing instructions are in the configuration file. ■ If the switch did not receive its most recent VLAN 1 IP addressing from a DHCP/Bootp server, it retains its current IP addressing when it downloads the configuration file.
  • Page 184 Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads 8-20...
  • Page 185: Contents

    Protocol Operation ..........9-3 General Steps for Running a Time Protocol on the Switch: ..9-3 Disabling Time Synchronization .
  • Page 186: Timep Time Synchronization

    TimeP, with the TimeP mode itself set to Disabled. TimeP Time Synchronization You can either manually assign the switch to use a TimeP server or use DHCP to assign the TimeP server. In either case, the switch can get its time synchro­...
  • Page 187: Protocol Operation

    N o t e To use Broadcast mode, the switch and the SNTP server must be in the same subnet. Unicast Mode: The switch requests a time update from the config­ ■ ured SNTP server. (You can configure one server using the menu interface, or up to three servers using the CLI sntp server command.)
  • Page 188: Sntp: Viewing, Selecting, And Configuring

    Time Protocols SNTP: Viewing, Selecting, and Configuring In the System Information screen of the Menu interface, set the Time ■ Synch Method parameter to None, then press [Enter], then [S] (for Save). In the Global config level of the CLI, execute no timesync. ■...
  • Page 189: Menu: Viewing And Configuring Sntp

    The Default. SNTP does not operate, even if specified by the Menu interface Time Sync Method parameter or the CLI timesync command. Unicast Directs the switch to poll a specific server for SNTP time synchronization. Requires at least one server address. Broadcast Directs the switch to acquire its time synchronization from data broadcast by any SNTP server to the network broadcast address.
  • Page 190 Use the Space bar to select the Unicast mode, then do the following: [>] to move the cursor to the Server Address field. i. Press ii. Enter the IP address of the SNTP server you want the switch to use for time synchronization. Time Protocol Selection Parameter – TIMEP – SNTP...
  • Page 191 Note: The Menu interface lists only the highest priority SNTP server, even if others are configured. To view all SNTP servers configured on the switch, use the CLI show management command. Refer to “SNTP Unicast Time Polling with Multiple SNTP Servers” on page 9-25.
  • Page 192: Cli: Viewing And Configuring Sntp

    Viewing the Current SNTP Configuration Syntax: show sntp For example, if you configured the switch with SNTP as the time synchronization method, then enabled SNTP in broadcast mode with the default poll interval, show sntp lists the following: Page 9-10 and ff.,...
  • Page 193 SNTP configuration. This command can help you to easily examine and compare the IP addressing on the switch. It lists the IP addresses for all time servers configured on the switch, plus the IP addresses and default gateway for all VLANs configured on the switch.
  • Page 194: Configuring (Enabling Or Disabling) The Sntp Mode

    Configuring (Enabling or Disabling) the SNTP Mode Enabling the SNTP mode means to configure it for either broadcast or unicast mode. Remember that to run SNTP as the switch’s time synchronization protocol, you must also select SNTP as the time synchronization method by using the CLI timesync command (or the Menu interface Time Sync Method parameter).
  • Page 195 Note: The Protocol Version parameter will also appear in show sntp listings if the IP address of an SNTP server (used in Unicast mode) is configured in the switch. However, the protocol version is used only when SNTP is configured for Unicast operation.
  • Page 196 IPv4 or IPv6 address and priority (1 - 3) of at least one SNTP server. The switch allows up to three unicast servers. You can use the Menu interface or the CLI to configure one IPv4 server address or to replace an existing IPv4 Unicast server address with another.
  • Page 197 ProCurve(config)# show sntp SNTP Configuration Time Sync Mode: Sntp SNTP Mode : Unicast Poll Interval (sec) [720] : 720 Priority SNTP Server Address -------- ---------------------------------------------- ---------------- 2001:db8::215:60ff:fe79:8980 10.28.227.141 fe80::123%vlan10 Figure 9-8. Example of Configuring SNTP for Unicast Operation If the SNTP server you specify uses SNTP version 4 or later, use the sntp server command to specify the correct version number.
  • Page 198 Syntax: no timesync For example, suppose SNTP is running as the switch’s time synchronization protocol, with Broadcast as the SNTP mode and the factory-default polling interval. You would halt time synchronization with this command:...
  • Page 199 SNTP mode as disabled. Syntax: no sntp For example, if the switch is running SNTP in Unicast mode with an SNTP servers as shown in figure 9-9, no sntp changes the SNTP configuration as shown below, and disables time synchronization on the switch.
  • Page 200: Timep: Viewing, Selecting, And Configuring

    IP address via DHCP. If the switch receives a server address, it polls the server for updates according to the Timep poll interval. If the switch does not receive a Timep server IP address, it cannot perform time synchronization updates.
  • Page 201: Menu: Viewing And Configuring Timep

    To View, Enable, and Modify the TimeP Protocol: 1. From the Main Menu, select: 2. Switch Configuration... ==========================- CONSOLE - MANAGER MODE -========================== Switch Configuration - System Information System Name : ProCurve System Contact : System Location : Inactivity Timeout (min) [0] : 0...
  • Page 202: Cli: Viewing And Configuring Timep

    This section describes how to use the CLI to view, enable, and configure TimeP parameters. 9-18 ii. Enter the IP address of the TimeP server you want the switch to use for time synchronization. Note: This step replaces any previously configured TimeP server IP address.
  • Page 203: Viewing The Current Timep Configuration

    TimeP, SNTP, and VLAN IP addresses configured on the switch. Syntax: show timep For example, if you configure the switch with TimeP as the time synchroniza­ tion method, then enable TimeP in DHCP mode with the default poll interval, show timep lists the following: Figure 9-13.
  • Page 204: Configuring (Enabling Or Disabling) The Timep Mode

    Configuring (Enabling or Disabling) the TimeP Mode Enabling the TimeP mode means to configure it for either broadcast or unicast mode. Remember that to run TimeP as the switch’s time synchronization protocol, you must also select TimeP as the time synchronization method by using the CLI timesync command (or the Menu interface Time Sync Method parameter).
  • Page 205 Enabling TimeP in DHCP Mode. Because the switch provides a TimeP polling interval (default: 720 minutes), you need only these two commands for a minimal TimeP DHCP configuration: Syntax: timesync timep Syntax: ip timep dhcp For example, suppose: Time synchronization is configured for SNTP.
  • Page 206 Enabling Timep in Manual Mode. Like DHCP mode, configuring TimeP for Manual mode enables TimeP. However, for manual operation, you must also specify the IP address of the TimeP server. (The switch allows only one TimeP server.) To enable the TimeP protocol: Syntax: timesync timep Syntax: ip timep manual <...
  • Page 207 Figure 9-18. Example of TimeP with Time Sychronization Disabled Disabling the TimeP Mode. Disabling the TimeP mode means to configure it as disabled. (Disabling TimeP prevents the switch from using it as the time synchronization protocol, even if it is the selected Time Sync Method option.)
  • Page 208 Time Protocols TimeP: Viewing, Selecting, and Configuring For example, if the switch is running TimeP in DHCP mode, no ip timep changes the TimeP configuration as shown below, and disables time synchronization. Figure 9-19. Example of Disabling Time Synchronization by Disabling the TimeP Mode...
  • Page 209: Sntp Unicast Time Polling With Multiple Sntp Servers

    Server Address parameter in the menu interface, or the primary server in a list of up to three SNTP servers configured using the CLI. If the switch does not receive a response from the primary server after three consecutive polling intervals, the switch tries the next server (if any) in the list.
  • Page 210: Adding And Deleting Sntp Server Addresses

    SNTP Messages in the Event Log If an SNTP time change of more than three seconds occurs, the switch’s event log records the change. SNTP time changes of less than three seconds do not appear in the Event Log.
  • Page 211: Contents

    Enabling or Disabling Flow Control ......10-17 Configuring a Broadcast Limit on the Switch ....10-19 Configuring ProCurve Auto-MDIX .
  • Page 212 Port Status and Configuration Contents Configuring Transceivers and Modules That Haven’t Been Inserted ..........10-28 10-2 Transceivers .
  • Page 213: Viewing Port Status And Configuring Port Parameters

    Devices (mode) mismatch. ■ To check the mode setting for a port on the switch, use either the Port Status screen in the menu interface (page 10-4) or show interfaces brief in the CLI (page 10-8). To display information about the transceivers installed on a switch, enter the show tech transceivers command in the CLI (page 10-15).
  • Page 214: Menu: Port Status And Configuration

    Use up/down arrow keys to scroll to other entries, left/right arrow keys to change action selection, and <Enter> to execute action. Figure 10-1. Example of a Switch Port Status Screen Port Type The port Type field represents the IEEE or other industry protocol in operation on that port.
  • Page 215: Status Of Ports

    With the port mode set to Auto (the default) and flow control on (enabled), the switch negotiates flow control on the indicated port. If the port mode is not set to Auto, or if flow control is off (disabled) on the port, then flow control is not used.
  • Page 216: Modes

    Senses speed and negotiates with the port at the other end of the link for port operation (MDI-X or MDI). To see what the switch negotiates for the Auto setting, use the CLI show interfaces brief command or the menu commands “1.
  • Page 217: Configuring Ports

    For information on port trunk groups, refer to Chapter 12, “Port Trunking” . From the Main Menu, Select: 2. Switch Configuration... An example of the Menu display is shown below. Viewing Port Status and Configuring Port Parameters...
  • Page 218: Cli: Viewing Port Status And Configuring Port Parameters

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters ==========================- CONSOLE - MANAGER MODE -============================ Switch Configuration - Port/Trunk Settings Port Type Enabled ---- --------- + ------- 10/100TX | Yes 10/100TX | Yes 10/100TX | Yes 10/100TX | Yes...
  • Page 219: Viewing Port Status And Configuration

    Lists the current operating status for all ports on the switch. config: Lists a subset of configuration data for all ports on the switch; that is, for each port, the display shows whether the port is enabled, the operating mode, and whether it is configured for flow control.
  • Page 220 Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)# show interfaces config Port Settings Port Type | Enabled Mode ----- --------- + ------- ------------ --------- ---- 10/100TX | Yes 10/100TX | Yes 10/100TX | Yes 10/100TX | Yes 10/100TX | Yes 10/100TX...
  • Page 221: Customizing The Show Interfaces Command

    Status and Counters - Port Counters Port Total Bytes Total Frames ----- -------------- -------------- 1,121,436,946 1,078,679,873 Actions-> Back Show details Return to previous screen. Use up/down arrow keys to scroll to other entries, left/right arrow keys to change action selection, and <Enter> to execute action. Figure 10-5.
  • Page 222 Port Status and Configuration Viewing Port Status and Configuring Port Parameters Parameter Column port type status speed mode flow name vlanid enabled intrusion bcast ProCurve(config)# show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi Status and Counters - Custom Port Status Port Name Type ---- ---------- ---------- ----- --------- ------- ------- --------...
  • Page 223: Error Messages

    N o t e Each field has an fixed minimum width to be displayed. If you specify a field width smaller than the minimum width, the information is displayed at the minimum width. For example, if the minimum width for the Name field is 4 characters and you specify Name:2, the Name field displays 4 characters.
  • Page 224: Viewing Port Utilization Statistics

    Viewing Port Status and Configuring Port Parameters Viewing Port Utilization Statistics Use the show interface port-utilization command to view a real-time rate display for all ports on the switch. The following shows a sample output from this command. ProCurve(config)# show interfaces port-utilization...
  • Page 225 ■ transceiver: • Unsupported Transceiver. (SelfTest Err#060) Check: www.hp.com/rnd/device_help/2_inform for more info. • This switch only supports revision B and above transceivers. Check: www.hp.com/rnd/device_help/ 2_inform for more info. • Self test failure. • Transceiver type not supported in this port.
  • Page 226: Enabling/Disabling Ports & Configuring Port Mode

    10-16 version. www.hp.com/rnd/device_help/2_inform for more info. [< disable | enable >] Disables or enables the port for network traffic. Does not use the no form of the command. (Default: enable.) [speed-duplex <...
  • Page 227: Enabling/Disabling Flow Control

    Off in the show interfaces brief port listing, even if flow control is configured as enabled on the port in the switch. (Refer to Figure 10-3 on page 10-9.) Also, the port (speed-duplex) mode must be set to Auto (the default).
  • Page 228 Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)# int 5-6 flow-control ProCurve(config)# show int brief Status and Counters - Port Status | Intrusion Port Type | Alert ----- --------- + --------- ------- ------ ---------- ----- ----- ------ 10/100TX | No 10/100TX...
  • Page 229: Configuring A Broadcast Limit On The Switch

    For a one Gbps port this results in a broadcast traffic rate of ten Mbps. Configuring ProCurve Auto-MDIX Copper ports on the switch can automatically detect the type of cable config­ uration (MDI or MDI-X) on a connected device and adjust to operate appro­...
  • Page 230 10/100/1000-T module ports Using the above ports: ■ If you connect a copper port using a straight-through cable on a switch to a port on another switch or hub that uses MDI-X ports, the switch port automatically operates as an MDI port.
  • Page 231 PC or other MDI device with a crossover cable, or to a switch, hub, or other MDI-X device with a straight- through cable. mdix is the manual mode setting that configures the port for...
  • Page 232: Web: Viewing Port Status And Configuring Port Parameters

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)# show interfaces config Port Settings Port ------- --------- + ------- ------------ --------- ---- Figure 10-12. Example of Displaying the Current MDI Configuration ProCurve(config)# show int brief Status and Counters - Port Status | Intrusion Port Type...
  • Page 233: Using Friendly (Optional) Port Names

    ■ ters. ■ Blank spaces within friendly port names are not allowed, and if used, cause an invalid input error. (The switch interprets a blank space as a name terminator.) Port Status and Configuration Using Friendly (Optional) Port Names Default...
  • Page 234: Configuring Friendly Port Names

    Syntax: no interface < port-list > name Configuring a Single Port Name. Suppose that you have connected port A3 on the switch to Bill Smith’s workstation, and want to assign Bill’s name and workstation IP address (10.25.101.73) as a port name for port A3: Figure 10-14.
  • Page 235: Displaying Friendly Port Names With Other Port Data

    Configuring the Same Name for Multiple Ports. Suppose that you want to use ports A5 through A8 as a trunked link to a server used by a drafting group. In this case you might configure ports A5 through A8 with the name “Draft-Server:Trunk”.
  • Page 236 Syntax: show name [ port-list ] For example: Figure 10-16. Example of Friendly Port Name Data for All Ports on the Switch Figure 10-17. Example of Friendly Port Name Data for Specific Ports on the Switch Including Friendly Port Names in Per-Port Statistics Listings. A friendly port name configured to a port is automatically included when you display the port’s statistics output.
  • Page 237 Syntax: show interface < port-number > For example, if you configure port 5 with the name “O’Connor_10.25.101.43”, the show interface output for this port appears similar to the following: ProCurve(config)# show int 5 Status and Counters - Port Counters for port 5 Name : O’Connor@10.25.101.43 Name...
  • Page 238: Been Inserted

    Been Inserted Transceivers Previously, a port had to be valid and verified for the switch to allow it to be configured. Transceivers are removable ports and considered invalid when not present in the switch, so they cannot be configured unless they are already in the switch.
  • Page 239: Power Over Ethernet (Poe) Operation

    Viewing PoE Configuration and Status ..... . . 11-15 Displaying the Switch’s Global PoE Power Status ....11-15 Displaying an Overview of PoE Status on All Ports .
  • Page 240: Contents

    Power Over Ethernet (PoE) Operation Contents Planning and Implementing a PoE Configuration ....11-20 Assigning PoE Ports to VLANs ......11-20 Applying Security Features to PoE Configurations .
  • Page 241: Configuration Options

    PoE-enabled port without reconfiguring the port. Configuration Options In the default configuration, all 10/100Base-TX ports on the HP ProCurve 2520 switches and 10/100/1000Base-TX ports on the 2520G switches support PoE operation. Using the commands described in this chapter, you can: ■...
  • Page 242: Related Publications

    This chapter introduces general PoE operation, PoE configuration and monitoring commands, and event log messages related to PoE operation on the HP ProCurve Series 2520 and 2520G switches. The following two manuals provide further information: For information on installation, refer to the HP ProCurve Series 2520 ■...
  • Page 243: Poe Operation

    PD connections. Thus, while 17 watts must be available for the switch to begin supplying power to a port with a PD connected, 17 watts per port is not continually required if the connected PD requires less power.
  • Page 244: Power Priority Operation

    Power Over Ethernet (PoE) Operation PoE Operation Note Depending on power demands, lower-priority ports on a switch with high PoE power demand may occasionally lose power due to the demands of higher- priority ports. (Refer to “Power Priority Operation” for further details.)
  • Page 245: Configuring Poe Operation

    (non-standard) IP phones. Note When the switch is in legacy detection mode, the detection signature range is expanded beyond the IEEE specification. This allows non-compliant devices to be powered.
  • Page 246 ProCurve(config)# power pre-std-detect PoE for pre-802.3af-standard powered devices can be enabled or disabled only from the switch's CLI. This feature cannot be enabled or disabled through either the switch's menu or web browser interfaces. Executing the show power-over-ethernet command lists the system power...
  • Page 247: Configuring The Poe Port Priority Level

    Syntax: interface < port-list > power-over-ethernet [ critical | high | low ] Table 11-1 provides examples of how PoE priority settings impact operation. Table 11-1. Example of PoE Priority Operation on the HP ProCurve 2520-24-PoE Priority Configuration Command and Resulting Operation...
  • Page 248: Controlling Poe Allocation

    Power Over Ethernet (PoE) Operation Configuring PoE Operation Priority Configuration Command and Resulting Operation Setting Low This priority class receives power only if all PDs on ports with High and Critical priority settings are receiving power. If there is enough power to provision PDs on only some Low priority ports, then power is allocated to the ports in ascending order, beginning with the lowest-numbered port in the class until all available power is in use.
  • Page 249: Manually Configuring Poe Power Levels

    Table 11-1. Power Classes and Their Values Power Class Value Depends on cable type and PoE architecture. Maximum power level output of 15.4 watts at the PSE. This is the default class; if there isn’t enough information about the load for a specific classification, the PSE classifies the load as class 0 (zero).
  • Page 250 Power Over Ethernet (PoE) Operation Configuring PoE Operation ProCurve(config)# show power-over-ethernet 6 Status and Counters - Port Power Status for port 6 Power Enable : Yes Priority : low AllocateBy : value Detection Status : Delivering Over Current Cnt Power Denied Cnt Voltage : 49.1 V Power...
  • Page 251: Changing The Threshold For Generating A Power Notice

    Changing the Threshold for Generating a Power Notice By default, PoE support is enabled on the switch’s 10/100Base-TX ports, with the power priority set to Low and the power threshold set to 80 (%). The following commands allow you to adjust these settings.
  • Page 252: Cycling Power On A Port

    Cycling Power on a Port Simply disabling a PoE port does not affect power delivery through that port. To cycle the power on a PD receiving power from a PoE port on the switch, disable, then re-enable the power to that port.
  • Page 253: Poe/Poe+ Allocation Using Lldp Information

    PoE. When LLDP is enabled, the information about the power usage of the PD is available and the switch can then comply with or ignore this information. You can configure PoE on each port according to the PD (IP phone, wireless device, etc.) specified in the LLDP field.
  • Page 254: Displaying The Switch's Global Poe Power Status

    Viewing PoE Configuration and Status Displaying the Switch’s Global PoE Power Status Syntax: show power-over-ethernet For example, in the default PoE configuration, when the switch is running with several ports supporting PD loads, show power-over-ethernet displays data similar to the following: 11-16 Displays the switch’s global PoE power status, including:...
  • Page 255: Displaying/Overview Poe Status On All Ports

    – Disabled: PoE support is disabled on the port. To re-enable, refer to “Configuring PoE Operation” on page 11-6. – Fault: The switch detects a problem with the connected PD. • Power Class: Shows the 802.3af power class of the PD detected on the indicated port (as configured by the user on the PD device).
  • Page 256 Power Over Ethernet (PoE) Operation Viewing PoE Configuration and Status For example, show power-over-ethernet brief displays this output: ProCurve(config)# show power-over-ethernet brief Status and Counters - Port Power Status | Power LLDP Port | Enable Detect ----- + ------- -------- --------- ----- ---- ----------- ----------- ------ | Yes disabled critical | Yes...
  • Page 257: Displaying The Poe Status On Specific Ports

    PoE support, refer to “Configuring PoE Operation” on page 11-6. – Fault: The switch detects a problem with the connected PD. • Over Current Cnt: Shows the number of times a connected PD has attempted to draw more than 15.4 watts. Each occurrence generates an Event Log message.
  • Page 258 Power Over Ethernet (PoE) Operation Viewing PoE Configuration and Status For example, if you wanted to view the PoE status of port 5, you would use show power-over-ethernet 5 to display the data: ProCurve(config)# show power-over-ethernet 5 Status and Counters - Port Power Status for port 5 Power Enable : Yes Priority...
  • Page 259: Planning And Implementing A Poe Configuration

    Planning and Implementing a PoE Configuration This section provides an overview of some considerations for planning a PoE application. For additional information, refer to the HP ProCurve PoE Planning and Implementation Guide. Assigning PoE Ports to VLANs If your network includes VLANs, you may want to assign various PoE­...
  • Page 260: Poe Event Log Messages

    PoE Event Log Messages PoE Event Log Messages PoE operation generates these Event Log messages. You can also configure the switch to send these messages to a configured debug destination (terminal device or Syslog server). I 1MM/DD/YY HH:MM:SS chassis: Ext Power Supply connected, supplying < actual-power > W of <...
  • Page 261 < 1 - 99 > command. (Note that the switch also generates an SNMP trap for this event.) Port <...
  • Page 262 Port < port-# > PD Other Fault indication. Port < port-# > PD Over Current indication. 11-24 The switch no longer detects a device on < port-# >. The device may have been disconnected, powered down, or stopped functioning. There is a problem with the PD connected to the port.
  • Page 263: Contents

    Trunk Group Operation Using the “Trunk” Option ... . 12-26 How the Switch Lists Trunk Data ......12-27 Outbound Traffic Distribution Across Trunked Links .
  • Page 264: Overview

    A trunk group is a set of up to eight ports configured as members of the same port trunk. Note that the ports in a trunk group do not have to be consecutive. For example: Switch 1: Ports c1 - c3, c5 - c7, and...
  • Page 265 Port Security Restriction. Port security does not operate on a trunk group. If you configure port security on one or more ports that are later added to a trunk group, the switch resets the port security parameters for those ports to the factory-default configuration.
  • Page 266: Port Trunk Features And Operation

    Up to 24 trunk groups are supported on the switches covered in this guide. The actual maximum depends on the number of ports available on the switch and the number of links in each trunk. (Using the Link Aggregation Control Protocol—LACP—option, you can include standby trunked ports in addition...
  • Page 267 Static Trunk: The switch uses the links you configure with the Port/Trunk Settings screen in the menu interface or the trunk command in the CLI to create a static port trunk. The switch offers two types of static trunks: LACP and Trunk.
  • Page 268 – You are unsure which type of trunk to use, or the device to which you want to create a trunk link is using an unknown trunking protocol. – You want to use a monitor port on the switch to monitor traffic on a trunk. Refer to “Trunk Group Operation Using the “Trunk” Option” on page 12-26.
  • Page 269 A trunk appears as a single port labeled (for a static trunk of type: LACP, Trunk) on various menu and CLI screens. For a listing of which screens show which trunk types, refer to “How the Switch Lists Trunk Data” on page 12-27.
  • Page 270 IP Multicast Protocol (IGMP): A static trunk of any type appears in the IGMP configuration display, and you can configure IGMP for a static trunk in the same way that you would configure IGMP on a non-trunked port. (Note that the switch lists the trunk by name—such as Trk1—and does not list the individual ports in the trunk.) Also, creating a new trunk...
  • Page 271: Menu: Viewing And Configuring A Static Trunk Group

    Important Configure port trunking before you connect the trunked links to another switch, routing switch, or server. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured. Refer to “Enabling or Disabling Ports and Configuring Port Mode”...
  • Page 272 6. Move the cursor to the Type column for the selected port and use the Space bar to select the trunk type: All ports in the same trunk group on the same switch must have the same Type (LACP or Trunk).
  • Page 273: Cli: Viewing And Configuring Port Trunk Groups

    < port-list > lacp page 12-15 Using the CLI To View Port Trunks You can list the trunk type and group for all ports on the switch or for selected ports. You can also list LACP-only status information for LACP-configured ports.
  • Page 274 Port Trunking CLI: Viewing and Configuring Port Trunk Groups Using a port list specifies, for switch ports in a static trunk group, only the ports you want to view. In this case, the command specifies ports A5 through A7. However, because port A6 is not in a static trunk group, it does not appear...
  • Page 275 Port Trunking CLI: Viewing and Configuring Port Trunk Groups Listing Static LACP and Dynamic LACP Trunk Data. Syntax: show lacp Lists data for only the LACP-configured ports.. In the following example, ports A1 and A2 have been previously configured for a static LACP trunk. (For more on the “Active” parameter, see table 12-5 on page 12-21.) Figure 12-8.
  • Page 276: Using The Cli To Configure A Static Or Dynamic Trunk Group

    Configuring Port Mode” on page 10-16.) The table on page 12-5 describes the maximum number of trunk groups you can configure on the switch. An individual trunk can have up to eight links, with additional standby links if you’re using LACP. You can configure trunk...
  • Page 277 Enabling a Dynamic LACP Trunk Group. In the default port configura­ tion, all ports on the switch are set to disabled. To enable the switch to automatically form a trunk group that is dynamic on both ends of the link, the ports on one end of a set of links must be LACP Active.
  • Page 278 Port Trunking CLI: Viewing and Configuring Port Trunk Groups Switch “A” with ports set to LACP passive. Switch “A” with ports set to LACP active. Figure 12-10. Example of Criteria for Automatically Forming a Dynamic LACP Trunk Syntax: interface < port-list > lacp active This example uses ports C4 and C5 to enable a dynamic LACP trunk group.
  • Page 279: Web: Viewing Existing Port Trunk Groups

    C a u t i o n Unless spanning tree is running on your network, removing a port from a trunk can result in a loop. To help prevent a broadcast storm when you remove a port from a trunk where spanning tree is not in use, ProCurve recommends that you first disable the port or disconnect the link on that port.
  • Page 280: Trunk Group Operation Using Lacp

    Port Trunking Trunk Group Operation Using LACP Trunk Group Operation Using LACP The switch can automatically configure a dynamic LACP trunk group or you can manually configure a static LACP trunk group. N o t e LACP requires full-duplex (FDx) links of the same media type (10/100Base-T, 100FX, etc.) and the same speed, and enforces speed and duplex conformance...
  • Page 281 Displaying Dynamic LACP Trunk Data: To list the configuration and status for a dynamic LACP trunk, show lacp use the CLI Note: The dynamic trunk is automatically created by the switch, and is not listed in the static trunk listings available in the menu interface or in the CLI show trunk listing. 802.3ad-compliant...
  • Page 282 (Refer to “VLANs and Dynamic LACP” on page 12-23.) • You want to use a monitor port on the switch to monitor an LACP trunk. The trunk operates if the trunk group on the opposite device is running one of the following trunking protocols: • Active LACP...
  • Page 283: Default Port Operation

    (brief) trunk negotiation or a configuration error such as differing port speeds on the same link or trying to connect the switch to more trunks than it can support. (See the table on page 12-5.) Note: Some older devices are limited to four ports in a trunk. When eight LACP-enabled ports are connected to one of these older devices, four ports connect, but the other four ports are blocked.
  • Page 284: Lacp Notes And Restrictions

    Meaning LACP Partner Yes: LACP is enabled on both ends of the link. No: LACP is enabled on the switch, but either LACP is not enabled or the link has not been detected on the opposite device. LACP Status Success: LACP is enabled on the port, detects and synchronizes with a device on the other end of the link, and can move traffic across the link.
  • Page 285 The switch will not allow you to configure LACP on a port on which port security is enabled. For example: ProCurve(config)# int a17 lacp passive Error configuring port A17: LACP and port security cannot be run together. ProCurve(config)# To restore LACP to the port, you must remove port security and re-enable LACP active or passive.
  • Page 286 Status becomes “Up”). When the other port becomes active again, the replace­ ment port goes back to blocked (Port Status is “Blocked”). It can take a few seconds for the switch to discover the current status of the ports. ProCurve(eth-1-8)# show lacp...
  • Page 287 If a port is already a member of a static or dynamic LACP trunk, you cannot configure it to HDx. If a port is already set to HDx, the switch does not allow you to configure ■ it for a static or dynamic LACP trunk.
  • Page 288: Trunk Group Operation Using The "Trunk" Option

    This method creates a trunk group that operates independently of specific trunking protocols and does not use a protocol exchange with the device on the other end of the trunk. With this choice, the switch simply uses the SA/DA method of distributing outbound traffic across the trunked ports without regard for how that traffic is handled by the device at the other end of the trunked links.
  • Page 289: How The Switch Lists Trunk Data

    SA/DA (source address/destination address) causes the switch to distribute outbound traffic to the links within the trunk group on the basis of source/ destination address pairs. That is, the switch sends traffic from the same source address to the same destination address through the same trunked link, and may also send traffic from the same source address to a different desti­...
  • Page 290 12-13. That is, if Client A attached to Switch 1 sends five packets of data to Server A attached to Switch 2, the same link is used to send all five packets. The SA/DA address pair for the traffic is the same.
  • Page 291 Table 12-6. Example of Link Assignments in a Trunk Group (SA/DA Distribution) Source: Destination: Node A Node W Node B Node X Node C Node Y Node D Node Z Node A Node Y Node B Node W Because the amount of traffic coming from or going to various nodes in a network can vary widely, it is possible for one link in a trunk group to be fully utilized while other links in the same trunk have unused bandwidth capacity even if the assignments were evenly distributed across the links in a trunk.
  • Page 292 Port Trunking Outbound Traffic Distribution Across Trunked Links 12-30...
  • Page 293: Contents

    Contents Using SNMP Tools To Manage the Switch ..... . 13-3 Overview ..........13-3 SNMP Management Features .
  • Page 294 Configuration Options ........13-38 Options for Reading LLDP Information Collected by the Switch . . 13-40 LLDP and LLDP-MED Standards Compatibility .
  • Page 295: Using Snmp Tools To Manage The Switch

    If you use the switch’s Authorized IP Managers and Management VLAN features, ensure that the SNMP management station and/or the choice of switch port used for SNMP access to the switch are compatible with the access controls enforced by these features. Otherwise, SNMP access to the switch will be blocked.
  • Page 296: Snmp Management Features

    The switch SNMP agent also uses certain variables that are included in a Hewlett-Packard proprietary MIB (Management Information Base) file. If you are using HP OpenView, you can ensure that it is using the latest version of the MIB file by downloading the file to the OpenView database. To do so, go...
  • Page 297: Configuring For Snmp Version 3 Access To The Switch

    User and community name may access the switch with the View and Access levels that have been set for that community. If you want to restrict access to one or more specific nodes, you can use the switch’s IP Authorized Manager feature.
  • Page 298: Snmp Version 3 Commands

    SNMP Version 3 Commands SNMP version 3 (SNMPv3) adds some new commands to the CLI for configuring SNMPv3 functions. To enable SMNPv3 operation on the switch, use the snmpv3 enable command. An initial user entry will be generated with MD5 authentication and DES privacy.
  • Page 299: Enabling Snmpv3

    Figure 13-1. Example of SNMP version 3 Enable Command SNMPv3 Users To use SNMPv3 on the switch, you must configure the users that will be assigned to different groups. To configure SNMP users on the switch: Configuring for Network Management Applications...
  • Page 300 If you add an SNMPv3 user without authentication and/or privacy to a group that requires either feature, the user will not be able to access the switch. Ensure that you add a user with the appropriate security level to an existing security group.
  • Page 301 AES-172, AES-256, and 3-DES are not supported. Listing Users. To display the management stations configured to access the switch with SNMPv3 and view the authentication and privacy protocols that each station uses, enter the show snmpv3 user command. Syntax: show snmpv3 user This example displays information about the management stations configured on VLAN 1 to access the switch.
  • Page 302 13-10 Add NetworkMgr to managerpriv group This command assigns or removes a user to a security group for access rights to the switch. To delete an entry, all of the following three parameters must be included in the command. group <group_name>...
  • Page 303: Group Access Levels

    N o t e All access groups and views are predefined on the switch. There is no method to modify or add groups or views to those that are pre-defined on the switch. SNMPv3 Communities SNMP commuities are supported by the switch to allow management applications that use version 2c or version 1 to access the switch.
  • Page 304 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: [no] snmpv3 community Figure 13-5 shows the assigning of the Operator community on MgrStation1 to the CommunityOperatorReadWrite group. Any other Operator only has an access level of CommunityOperatorReadOnly...
  • Page 305: Communities

    SNMP communities, each with either an operator-level or a manager- level view, and either restricted or unrestricted write access. Using SNMP requires that the switch have an IP address and subnet mask compatible with your network. C a u t i o n For ProCurve Manager (PCM) version 1.5 or earlier (or any TopTools version),...
  • Page 306 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Note: This screen gives an overview of the SNMP communities that are currently configured. All fields in this screen are read- only. Figure 13-6. The SNMP Communities Screen (Default Values)
  • Page 307: Cli: Viewing And Configuring Snmp Community Names

    — refer to “SNMP Notifications” on page 13-17). Syntax: show snmp-server [<community-string>] This example lists the data for all communities in a switch; that is, both the default “public” community name and another community named "blue-team" Default...
  • Page 308 MIB view. If you do not specify restricted or unrestricted, the switch automatically assigns the community to restricted (read­ only) access. The no form uses only the < community- name >...
  • Page 309: Snmp Notifications

    SNMPv2c informs ■ SNMPv3 notification process, including traps ■ This section describes how to configure a switch to send network security and link-change notifications to configured trap receivers. Supported Notifications By default, the following notifications are enabled on a switch: ■...
  • Page 310: General Steps For Configuring Snmp Notifications

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Advance Traffic Management Guide: ■ • • Access Security Guide: ■ • • General Steps for Configuring SNMP Notifications To configure SNMP notifications, follow these general steps: 1. Determine the versions of SNMP notifications that you want to use in your network.
  • Page 311: Snmpv1 And Snmpv2C Traps

    Trap receivers: A trap receiver is a management station to which the switch sends SNMP traps and (optionally) event log messages sent from the switch. From the CLI you can configure up to ten SNMP trap receivers to receive SNMP traps from the switch.
  • Page 312 If you do not specify an event level, the switch uses • the default value (none) and sends no event log messages as traps.
  • Page 313: Enabling Snmpv2C Informs

    When an SNMP Manager receives an inform request, it can send an SNMP response back to the sending agent on the switch to let the agent know that the inform request reached its destination.
  • Page 314 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch N o t e The retries and timeout values are not used to send trap requests. To verify the configuration of SNMPv2c informs, enter the show snmp-server command:...
  • Page 315: Configuring Snmpv3 Notifications

    To configure SNMPv3 notifications, follow these steps: 1. Enable SNMPv3 operation on the switch by entering the snmpv3 enable command (see “SNMP Version 3 Commands” on page 13-6). When SNMPv3 is enabled, the switch supports: •...
  • Page 316 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch 5. Configure the target address of the SNMPv3 management station to which SNMPv3 informs and traps are sent by entering the snmpv3 targetaddress command. Syntax: [no] snmpv3 targetaddress < ipv4-addr | ipv6-addr> < name >...
  • Page 317 If you configure the message processing value as ver3 and the security model as ver3, you must also configure a security services level (noauth, auth, or priv). Configuring for Network Management Applications Using SNMP Tools To Manage the Switch 13-25...
  • Page 318: Managing Network Security Notifications

    Figure 13-10. Example of an SNMPv3 Notification Configuration Managing Network Security Notifications By default, a switch is enabled to send the SNMP notifications listed in “Supported Notifications” on page 13-17 when a network security event (for example, authentication failure) occurs. However, before security...
  • Page 319 To determine the specific cause of a security event, check the event log in the console interface to see why a trap was sent. For more information, refer to “Using the Event Log for Troubleshooting Switch Problems” on page C-22. To display the current configuration for network security notifications, enter the show snmp-server traps command.
  • Page 320: Enabling Link-Change Traps

    Figure 13-11. Display of Configured Network Security Notifications Enabling Link-Change Traps By default a switch is enabled to send a trap when the link state on a port changes from up to down (linkDown) or down to up (linkUp). To reconfigure the switch to send link-change traps to configured trap receivers, enter the snmp-server enable traps link-change command.
  • Page 321: Configuring The Source Ip Address For Snmp Notifications

    Configuring the Source IP Address for SNMP Notifications The switch uses an interface IP address as the source IP address in IP headers when sending SNMP notifications (traps and informs) or responses to SNMP requests. For multi-netted interfaces, the source IP address is the IP address of the outbound interface of the SNMP reply, which may differ from the destination IP address in the IP header of the received request.
  • Page 322 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch To configure the switch to use a specified source IP address in generated trap PDUs, enter the snmp-server trap-source command. Syntax: [no] snmp-server trap-source [<ipv4-addr >] N o t e s...
  • Page 323: Displaying Snmp Notification Configuration

    Displays the currently configured notification settings for versions SNMPv1 and SNMPv2c traps, including SNMP communities, trap receivers, link-change traps, and network security notifications. Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Unrestricted dstIpOfRequest: The destination IP address of the interface on which...
  • Page 324 Using SNMP Tools To Manage the Switch In the following example, the show snmp-server command output shows that the switch has been configured to send SNMP traps and notifications to management stations that belong to the “public”, “red-team”, and “blue-team”...
  • Page 325: Advanced Management: Rmon

    History (of the supported Ethernet statistics) ■ Event The RMON agent automatically runs in the switch. Use the RMON management station on your network to enable or disable specific RMON traps and events. Note that you can access the Ethernet statistics, Alarm, and Event groups from the ProCurve Manager network management software.
  • Page 326: Lldp (Link-Layer Discovery Protocol)

    To standardize device discovery on all ProCurve switches, LLDP will be implemented while offering limited read-only support for CDP as documented in this manual. For the latest information on your switch model, consult the Release Notes (available on the ProCurve Networking web site). If LLDP has...
  • Page 327: Terminology

    LLDP and is designed to support VoIP deployments. N o t e LLDP-MED is an extension for LLDP, and the switch requires that LLDP be enabled as a prerequisite to LLDP-MED operation. An SNMP utility can progressively discover LLDP devices in a network by: 1. Reading a given device’s Neighbors table (in the Management Information...
  • Page 328 LLDP Neighbor: An LLDP device that is either directly connected to another LLDP device or connected to that device by another, non-LLDP Layer 2 device (such as a hub) Note that an 802.1D-compliant switch does not forward LLDP data packets even if it is not LLDP-aware.
  • Page 329: General Lldp Operation

    (That is, some TLVs include multiple data points or subelements.) General LLDP Operation An LLDP packet contains data about the transmitting switch and port. The switch advertises itself to adjacent (neighbor) devices by transmitting LLDP data packets out all ports on which outbound LLDP is enabled, and reading LLDP advertisements from neighbor devices on ports that are inbound LLDP- enabled.
  • Page 330: Configuration Options

    ■ Disable (disable): This setting disables LLDP packet transmissions and reception on a port. In this state, the switch does not use the port for either learning about LLDP neighbors or informing LLDP neighbors of its pres­ ence. 13-38...
  • Page 331 SNMP Notification. You can enable the switch to send a notification to any configured SNMP trap receiver(s) when the switch detects a remote LLDP data change on an LLDP-enabled port (page 13-48). Per-Port (Outbound) Data Options. The following table lists the information the switch can include in the per-port, outbound LLDP packets it generates.
  • Page 332: Options For Reading Lldp Information Collected By The Switch

    Subelement of the Remote-Management-Address TLV. Subelement of the System Capability TLV. Populated with data captured internally by the switch. For more on these data types, refer to the IEEE P802.1AB Standard. Remote Management Address. The switch always includes an IP address in its LLDP advertisements.
  • Page 333: Lldp And Lldp-Med Standards Compatibility

    You can override the default operation by configuring the port to advertise any IP address that is manually configured on the switch, even if the port does not belong to the VLAN configured with the selected IP address (page 13-50).
  • Page 334: Configuring Lldp Operation

    In the default configuration, LLDP is enabled and in both transmit and receive mode on all active ports. The LLDP configuration includes global settings that apply to all active ports on the switch, and per-port settings that affect only the operation of the specified ports.
  • Page 335: Viewing The Current Configuration

    Syntax show lldp config For example, show lldp config produces the following display when the switch is in the default LLDP configuration: ProCurve(config)# show lldp config LLDP Global Configuation...
  • Page 336: Configuring Global Lldp Packet Controls

    Figure 13-15. Example of Per-Port Configuration Display Configuring Global LLDP Packet Controls The commands in this section configure the aspects of LLDP operation that apply the same to all ports in the switch. 13-44 Displays the LLDP port-specific configuration for all ports in <...
  • Page 337 ■ advertisements. Syntax [ no ] lldp run Enables or disables LLDP operation on the switch. The no form of the command, regardless of individual LLDP port configurations, prevents the switch from transmitting outbound LLDP advertisements, and causes the switch to drop all LLDP advertisements received from other devices.
  • Page 338 For example, if the refresh-interval on the switch is 15 seconds and the holdtime-multiplier is at the default, the Time-to-Live for advertisements transmitted from the switch is 60 seconds (4 x 15). To reduce the Time-to-Live, you could lower the holdtime-interval to 2, which would result in a Time-to- Live of 30 seconds.
  • Page 339 (Default: 2; Range: 1 - 8192) Note: The LLDP refresh-interval (transmit interval) must be greater than or equal to (4 x delay-interval). The switch does not allow increasing the delay interval to a value that conflicts with this relationship. That is, the switch displays Inconsistent value if (4 x delay-interval) exceeds the current transmit interval, and the command fails.
  • Page 340: Configuring Snmp Notification Support

    SNMP trap receiver(s) if an LLDP data change is detected in an advertisement received on the port from an LLDP neighbor. (Default: Disabled) For information on configuring trap receivers in the switch, refer to “SNMP Notifications” on page 13-17.
  • Page 341: Configuring Per-Port Transmit And Receive Modes

    Syntax setmib lldpnotificationinterval.0 -i < 1 - 3600 > Globally changes the interval between successive traps generated by the switch. If multiple traps are generated in the specified interval, only the first trap will be sent. The remaining traps will be suppressed. (A network management application can periodically check the switch MIB to detect any missed change notification traps.
  • Page 342: Configuring Basic Lldp Per-Port Advertisement Content

    Replaces the default IP address for the port with an IP address you specify. This can be any IP address configured in a static VLAN on the switch, even if the port does not belong to the VLAN configured with the selected IP address.
  • Page 343 LLDP advertisements. Note that optional data types, when enabled, are populated with data internal to the switch; that is, you cannot use LLDP commands to configure their actual content. ■...
  • Page 344: Advertisements

    Port speed and duplex advertisements are supported on the switches covered in this guide to inform an LLDP endpoint and the switch port of each other’s port speed and duplex configuration and capabilities. Configuration mismatches between a switch port and an LLDP endpoint can result in excessive collisions and voice quality degradation.
  • Page 345: Lldp-Med (Media-Endpoint-Discovery)

    LLDP-MED operation, this TLV is mandatory. As mentioned above, an SNMP network management application can be used to compare the port speed and duplex data configured in the switch and advertised by the LLDP endpoint. You can also use the CLI to display this information.
  • Page 346 LLDP-MED Endpoint Support. LLDP-MED on the switches covered in this guide interoperates with directly connected IP telephony (endpoint) clients having these features and services: ■ able to autonegotiate speed and duplex configuration with the switch 13-54 LLDP-MED Class 1 Generic Endpoints Such As IP Call Control Devices...
  • Page 347 ■ client port • • • discover and advertise device location data learned from the switch ■ support emergency call service (ECS—such as E911, 999, and 112) ■ advertise device information for the device data inventory collected ■...
  • Page 348: Lldp-Med Topology Change Notification

    IP media and offer all Class 1 and Class 2 features, plus location identification and emergency 911 capability, Layer 2 switch support, and device infor­ mation management. LLDP-MED Operational Support. The switches covered in this guide offer two configurable TLVs supporting MED-specific capabilities: medTlvEnable (for per-port enabling or disabling of LLDP-MED opera­...
  • Page 349 Configuring for Network Management Applications Topology change notification, when enabled on an LLDP port, causes the switch to send an SNMP trap if it detects LLDP-MED endpoint connection or disconnection activity on the port, or an age-out of the LLDP-MED neighbor on the port.
  • Page 350: Lldp-Med Fast Start Control

    Syntax: lldp fast-start-count < 1 - 10 > Advertising Device Capability, Network Policy, PoE Status and Location Data The medTlvEnable option on the switch is enabled in the default configuration and supports the following LLDP-MED TLVs: LLDP-MED capabilities: This TLV enables the switch to determine: ■...
  • Page 351 VLAN membership.) ■ If a given port does not belong to a voice VLAN, then the switch does not advertise the VLAN ID TLV through this port. Policy Elements. These policy elements may be statically configured on the switch or dynamically imposed during an authenticated session on the switch using a RADIUS server and 802.1X or MAC authentication.
  • Page 352 • the device class (1, 2, or 3) for the connected endpoint This TLV also enables an LLDP-MED endpoint to discover what LLDP-MED TLVs the switch port cur­ rently supports. (Default: enabled) Note: This TLV cannot be disabled unless the network_policy, poe, and location_id TLVs are already disabled.
  • Page 353 (voice VLAN, Layer 2 QoS, Layer 3 QoS), and allows LLDP-MED endpoint devices to auto-configure the voice network policy advertised by the switch. This also enables the use of SNMP applications to troubleshoot statically configured endpoint network policy mismatches.
  • Page 354: Configuring Location Data For Lldp-Med Devices

    Over Ethernet (PoE) Operation”. Configuring Location Data for LLDP-MED Devices You can configure a switch port to advertise location data for the switch itself, the physical wall-jack location of the endpoint (recommended), or the location of a DHCP server supporting the switch and/or endpoint. You also have the option of configuring these different address types: ■...
  • Page 355 [< CA-TYPE > < CA-VALUE >] . . . [< CA-TYPE > < CA-VALUE >] This command enables configuration of a physical address on a switch port, and allows up to 75 characters of address information. : A two-character country code, as defined by COUNTRY-STR ISO 3166.
  • Page 356 3 endpoint device to an appropriate PSAP, the country code, device type, and type/value pairs configured on the switch port are included in the transmission. The “type” specifiers are used by the PSAP to identify and organize the location data components in an understandable format for response personnel to interpret.
  • Page 357 Dynamic Host Configuration Protocol Option for Coordinate-based Location Configuration Information. N o t e Endpoint use of data from a medPortLocation TLV sent by the switch is device- dependent. Refer to the documentation provided with the endpoint device. Configuring for Network Management Applications Note: A switch port allows one instance of any given CA­...
  • Page 358 Example of a Location Configuration. Suppose a system operator wanted to configure the following information as the civic address for a telephone connected to her company’s network through port A2 of a switch at the following location: Description...
  • Page 359: Displaying Advertisement Data

    Figure 13-18 shows the commands for configuring and displaying the above data. Figure 13-18. Example of a Civic Address Configuration Displaying Advertisement Data Command show lldp info local-device walkmib lldpXdot3LocPortOperMauType show lldp info remote-device walkmib lldpXdot3RemPortAutoNegAdvertisedCap show lldp info stats Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Page...
  • Page 360: Advertisements

    LLDP (Link-Layer Discovery Protocol) Displaying Switch Information Available for Outbound Advertisements These commands display the current switch information that will be used to populate outbound LLDP advertisements. Syntax show lldp info local-device [ port-list ] For example, in the default configuration, the switch information currently available for outbound LLDP advertisements appears similar to the display in Figure 13-19 on page 13-69.
  • Page 361 Figure 13-20. Example of the Default Per-Port Information Content for Ports 1 and 2 Displaying the Current Port Speed and Duplex Configuration on a Switch Port. Port speed and duplex information for a switch port and a connected LLDP-MED endpoint can be compared for configuration mismatches by using an SNMP application.
  • Page 362 Discovering the same device on multiple ports indicates that the remote device may be connected to the switch in one of the following ways: – Through different VLANS using separate links. (This applies to switches that use the same MAC address for all configured VLANs.)
  • Page 363 Figure 13-21. Example of a Global Listing of Discovered Devices Figure 13-22. Example of an LLLDP-MED Listing of an Advertisement Received From an LLDP-MED (VoIP Telephone) Source Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Indicates the policy configured on the telephone.
  • Page 364: Displaying Lldp Statistics

    Displaying LLDP Statistics LLDP statistics are available on both a global and a per-port levels. Rebooting the switch resets the LLDP statistics counters to zero. Disabling the transmit and/or receive capability on a port “freezes” the related port counters at their current values.
  • Page 365 This could be caused by a basic management TLV from a later LLDP version than the one currently running on the switch. TLVs Discarded: Shows the total number of LLDP TLVs discarded for any reason.
  • Page 366: Lldp Operating Notes

    Neighbor Maximum. The neighbors table in the switch supports as many neighbors as there are ports on the switch. The switch can support multiple neighbors connected through a hub on a given port, but if the switch neighbor maximum is reached, advertisements from additional neighbors on the same or other ports will not be stored in the neighbors table unless some existing neighbors time-out or are removed.
  • Page 367 Neighbor Data Can Remain in the Neighbor Database After the Neighbor Is Disconnected. After disconnecting a neighbor LLDP device from the switch, the neighbor can continue to appear in the switch’s neighbor database for an extended period if the neighbor’s holdtime-multiplier is high;...
  • Page 368: Lldp And Cdp Data Management

    (ProCurve switches do not generate CDP packets.) LLDP and CDP Neighbor Data With both LLDP and (read-only) CDP enabled on a switch port, the port can read both LLDP and CDP advertisements, and stores the data from both types of advertisements in its neighbor database.
  • Page 369 ID information. ■ If the chassis and port ID information are the same, the switch stores this information as a single entry. That is, LLDP data overwrites the corre­ sponding CDP data in the neighbor database if the chassis and port ID information in the LLDP and CDP advertisements received from the same device is the same.
  • Page 370: Cdp Operation And Commands

    However, if the chassis and port ID information in the two types of advertisements is the same, the LLDP information overwrites the CDP data for the same neighbor device on the same port.
  • Page 371 Information Base), refer to the documentation provided with the particular SNMP utility. Viewing the Switch’s Current CDP Configuration. CDP is shown as enabled/disabled both globally on the switch and on a per-port basis. Syntax: show cdp The following example shows the default CDP configuration.
  • Page 372 Figure 13-27. Example of CDP Neighbors Table Listing Enabling CDP Operation. Enabling CDP operation (the default) on the switch causes the switch to add entries to its CDP Neighbors table for any CDP packets it receives from other neighboring CDP devices.
  • Page 373 Disabling CDP Operation. Disabling CDP operation clears the switch’s CDP Neighbors table and causes the switch to drop inbound CDP packets from other devices without entering the data in the CDP Neighbors table. Syntax: [no] cdp run Enables or disables CDP read-only operation on the switch.
  • Page 374 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) 13-82...
  • Page 375: Contents

    Overview ........... . A-3 Downloading Switch Software ....... . A-3 General Software Download Rules .
  • Page 376 TFTP: Copying a Configuration File to a Remote Host ..A-24 TFTP: Copying a Configuration File from a Remote Host ..A-24 TFTP: Copying a Customized Command File to a Switch ..A-25 Xmodem: Copying a Configuration File to a Serially Connected PC or UNIX Workstation .
  • Page 377: General Software Download Rules

    Software Update Manager in PCM+ N o t e This manual uses the terms switch software and software image to refer to the downloadable software files the switch uses to operate its networking features. Other terms sometimes include Operating System, or OS.
  • Page 378: Using Tftp To Download Switch Software From A Server

    In the unlikely event that the primary image is corrupted (which may occur if a download is interrupted by a power failure), the switch goes into boot ROM mode. In this case, use the boot ROM console to download a new image to primary flash.
  • Page 379 Figure A-2. Example of the Download OS (Software) Screen During a Download A “progress” bar indicates the progress of the download. When the entire software file has been received, all activity on the switch halts and you will see Validating and writing system software to FLASH...
  • Page 380 N o t e When you use the menu interface to download a switch software, the new image is always stored in primary flash. Also, using the Reboot Switch command in the Main Menu always reboots the switch from primary flash.
  • Page 381: Cli: Tftp Download From A Server To Flash

    To find more information on the cause of a download failure, examine the messages in the switch’s Event Log by executing the show log tftp command from the CLI. Also: ■ For more on the Event Log, see “Using the Event Log for Troubleshooting Switch Problems”...
  • Page 382 File Transfers Downloading Switch Software For example, to download a switch software file named k0800.swi from a TFTP server with the IP address of 10.28.227.103 to primary flash: 1. Execute copy as shown below: Dynamic counter continually displays the number of bytes transferred.
  • Page 383: Using Secure Copy And Sftp

    For some situations you may want to use a secure method to issue commands or copy files to the switch. By opening a secure, encrypted SSH session you can then use a third-party software application to take advantage of Secure Copy (SCP) and Secure ftp (SFTP).
  • Page 384: How It Works

    SCP (secure copy) is an implementation of the BSD rcp (Berkeley UNIX remote copy) command tunneled through an SSH connection. SCP is used to copy files to and from the switch when security is required. SCP works with both SSH v1 and SSH v2. Be aware that the most third-party software application clients that support SCP use SSHv1.
  • Page 385: Disable Tftp And Auto-Tftp For Enhanced Security

    Figure A-5. Example of Switch Configuration with SFTP Enabled If you enable SFTP, then later disable it, TFTP and auto-TFTP remain disabled unless they are explicitly re-enabled. Operating rules are: The TFTP feature is enabled by default, and can be enabled or disabled ■...
  • Page 386 To enable SFTP by using an SNMP management application, you must ■ first disable TFTP and, if configured, auto-TFTP on the switch. You can use either an SNMP application or the CLI to disable TFTP, but must use the CLI to disable auto-TFTP. The following two CLI commands disable TFTP and auto-TFTP on the switch.
  • Page 387: Command Options

    If you need to disable secure file transfer: ProCurve(config)# no ip ssh filetransfer This command disables all TFTP operation on the switch except for the auto-TFTP feature. To re-enable TFTP opera­ tion, use the tftp-enable command. When TFTP is disabled, the instances of tftp in the CLI copy command and the Menu interface “Download OS”...
  • Page 388: Authentication

    Files may only be uploaded or downloaded, accord­ ing to the permissions mask. All of the necessary files the switch will need are already in place on the switch. You do not need to (nor can you create) new files.
  • Page 389 \---oper_keys authorized_keys Once you have configured your switch for secure file transfers with SCP and SFTP, files can be copied to or from the switch in a secure (encrypted) environment and TFTP is no longer necessary. File Transfers Downloading Switch Software “...
  • Page 390: Troubleshooting Ssh, Sftp, And Scp Operations

    Troubleshooting SSH, SFTP, and SCP Operations You can verify secure file transfer operations by checking the switch’s event log, or by viewing the error messages sent by the switch that most SCP and SFTP clients will print out on their console.
  • Page 391: A Pc Or Unix Workstation

    This procedure assumes that: ■ The switch is connected via the Console RS-232 port to a PC operating as a terminal. (Refer to the Installation and Getting Started Guide you received with the switch for information on connecting a PC as a terminal and running the switch console interface.)
  • Page 392: Primary Or Secondary Flash

    Click on the The download will then commence. It can take several minutes, depend­ ing on the baud rate set in the switch and in your terminal emulator. 6. After the primary flash memory has been updated with the new software, you must reboot the switch to implement the newly downloaded software.
  • Page 393: Switch-To-Switch Download

    Menu: Switch-to-Switch Download to Primary Flash Using the menu interface, you can download a switch software file from either the primary or secondary flash of one switch to the primary flash of another switch of the same series. 1. From the switch console Main Menu in the switch to receive the down­...
  • Page 394: Cli: Switch-To-Switch Downloads

    File Transfers Downloading Switch Software 3. In the TFTP Server field, enter the IP address of the remote switch contain­ ing the software file you want to download. 4. For the Remote File Name, enter one of the following: •...
  • Page 395 If you do not specify either a primary or secondary flash location for the destination, the download automatically goes to primary flash. For example, to download a software file from primary flash in a switch with an IP address of 10.29.227.103 to the primary flash in the destination switch, you would execute the following command in the destination switch’s CLI:...
  • Page 396: Using Pcm+ To Update Switch Software

    File Transfers Copying Software Images Figure A-8. Switch-to-Switch, from Either Flash in Source to Either Flash in Using PCM+ to Update Switch Software ProCurve Manager Plus includes a software update utility for updating on ProCurve switch products. For further information, refer to the Getting Started Guide and the Administrator’s Guide, provided electronically with...
  • Page 397: Xmodem: Copying A Software Image From The Switch To A Serially Connected Pc Or Unix Workstation

    Xmodem: Copying a Software Image from the Switch to a Serially Connected PC or UNIX Workstation To use this method, the switch must be connected via the serial port to a PC or UNIX workstation. Syntax: copy flash xmodem < pc | unix >...
  • Page 398: Tftp: Copying A Configuration File To A Remote Host

    < filename > < ip-address > < remote-file > [ pc | unix ] This command can copy a configuration from a remote host to a designated config file in the switch. For more on multiple configuration files, refer to “Multiple Configuration Files” on page 6-23.
  • Page 399: Tftp: Copying A Customized Command File To A Switch

    TFTP: Copying a Customized Command File to a Switch Using the copy tftp command with the show-tech option provides the ability to copy a customized command file to the switch. When the show tech custom command is executed, the commands in the custom file are executed instead of the hard-coded list of commands.
  • Page 400: Xmodem: Copying A Configuration File To A Serially Connected Pc Or Unix Workstation

    Transferring Switch Configurations Xmodem: Copying a Configuration File to a Serially Connected PC or UNIX Workstation To use this method, the switch must be connected via the serial port to a PC or UNIX workstation. You will need to: ■...
  • Page 401 2. After you see the above prompt, press 3. Execute the terminal emulator commands to begin the file transfer. 4. When the download finishes, you must reboot the switch to implement the newly downloaded software. To do so, use one of the following...
  • Page 402: Copying Diagnostic Data To A Remote Host, Pc Or Unix Workstation

    Copying Diagnostic Data to a Remote Host, PC or UNIX Workstation Copying Diagnostic Data to a Remote Host, PC or UNIX Workstation You can use the CLI to copy the following types of switch data to a text file in a destination device: ■...
  • Page 403: Copying Event Log Output To A Destination Device

    Copying Event Log Output to a Destination Device Syntax: copy event-log tftp < ip-address > < filepath_filename > For example, to copy the event log to a PC connected to the switch: At this point, press [Enter] and start the...
  • Page 404: Copying Crash Log Data Content To A Destination Device

    Copying Diagnostic Data to a Remote Host, PC or UNIX Workstation Syntax: copy crash-data [<slot-id> | master] tftp <ip-address> <filename> For example, to copy the switch’s crash data to a file in a PC: At this point, press [Enter] and start the...
  • Page 405: Contents

    Task Monitor—Collecting Processor Data ..... B-7 Switch Management Address Information ..... . B-8 Port Status .
  • Page 406 Monitoring and Analyzing Switch Operation Contents Interface Monitoring Features ......B-23 Menu: Configuring Port and Static Trunk Monitoring .
  • Page 407: Overview

    Status | Overview screen of the web browser interface (page 5-20). ■ Configurable trap receivers: Uses SNMP to enable management sta­ tions on your network to receive SNMP traps from the switch. (Refer to “SNMP Management Features” on page 13-4.) ■...
  • Page 408: Status And Counters Data

    N o t e You can access all console screens from the web browser interface via Telnet to the console. Telnet access to the switch is available in the Device View window under the Configuration tab. Status or Counters Type...
  • Page 409: Menu Access To Status And Counters

    Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access To Status and Counters Beginning at the Main Menu, display the Status and Counters menu by select­ ing: 1. Status and Counters Figure B-1. The Status and Counters Menu Each of the above menu items accesses the read-only screens described on the following pages.
  • Page 410: General System Information

    Use arrow keys to change action selection and <Enter> to execute action. Figure B-2. Example of General Switch Information This screen dynamically indicates how individual switch resources are being used. Refer to the online Help for details. 1. General System Information...
  • Page 411: Cli Access To System Information

    IP Mgmt - Pkts Rx : 6,000,531 Pkts Tx : 10,133 Figure B-3. Example of Switch System Information Task Monitor—Collecting Processor Data The task monitor feature allows you to enable or disable the collection of processor utilization data. The task-monitor cpu command is equivalent to the existing debug mode command “taskusage -d”.
  • Page 412: Switch Management Address Information

    Monitoring and Analyzing Switch Operation Status and Counters Data When the task-monitor command is enabled, the show cpu command summa­ rizes the processor usage by protocol and system functions. Syntax: [no] task-monitor cpu ProCurve(config)# task-monitor cpu ProCurve(config)# show cpu 2 percent busy, from 2865 sec ago...
  • Page 413: Cli Access

    GVRP operation.) Also, the switches covered in this guide use a multiple forwarding database. When using multiple VLANs and connecting a switch to a device that uses a single forwarding database, such as a Switch 4000M, there are cabling and tagged port VLAN requirements.
  • Page 414: Port Status

    Monitoring and Analyzing Switch Operation Status and Counters Data Port Status The web browser interface and the console interface show the same port status data. Menu: Displaying Port Status From the Main Menu, select: 1. Status and Counters … 4. Port Status Figure B-6.
  • Page 415: Viewing Port And Trunk Group Statistics And Flow Control Status

    These features enable you to determine the traffic patterns for each port since the last reboot or reset of the switch. You can display: A general report of traffic on all LAN ports and trunk groups in the switch, ■...
  • Page 416: Menu Access To Port And Trunk Statistics

    Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to Port and Trunk Statistics To access this screen from the Main Menu, select: 1. Status and Counters … Figure B-7. Example of Port Counters on the Menu Interface To view details about the traffic on a particular port, use the [v] key to highlight that port number, then select Show Details.
  • Page 417: Cli Access To Port And Trunk Group Statistics

    3. To refresh the counters for a specific port, click anywhere in the row for that port, then click on [Refresh]. N o t e To reset the port counters to zero, you must reboot the switch. Monitoring and Analyzing Switch Operation This command provides an overview of port activity for all ports on the switch.
  • Page 418: Viewing The Switch's Mac Address Tables

    Menu Access to the MAC Address Views and Searches Per-VLAN MAC-Address Viewing and Searching. This feature lets you determine which switch port on a selected VLAN is being used to communi­ cate with a specific device on the network. The per-VLAN listing includes: ■...
  • Page 419 Enter MAC address: _ 2. Type the MAC address you want to locate and press and port number are highlighted if found. If the switch does not find the MAC address on the currently selected VLAN, it leaves the MAC address listing empty.
  • Page 420 Port. Proceeding from step 2, above: Press Enter MAC address: _ 2. Type the MAC address you want to locate and press highlighted if found. If the switch does not find the address, it leaves the MAC address listing empty. 3. Press B-16 7.
  • Page 421: Cli Access For Mac Address Views And Searches

    The switches covered in this guide operate with a multiple forwarding database architecture. To Find the Port On Which the Switch Learned a Specific MAC Address. For example, to find the port on which the switch learns a MAC address of 080009-21ae84: Monitoring and Analyzing Switch Operation show mac-address [ vlan <...
  • Page 422: Spanning Tree Protocol (Mstp) Information

    Syntax: show spanning-tree Figure B-12. Output from show spanning-tree Command B-18 This command displays the switch’s global and regional spanning-tree status, plus the per-port spanning-tree operation at the regional level. Note that values for the following parameters appear only for ports connected to active...
  • Page 423: Internet Group Management Protocol (Igmp) Status

    Internet Group Management Protocol (IGMP) Status The switch uses the CLI to display the following IGMP status on a per-VLAN basis: Show Command Output show ip igmp Global command listing IGMP status for all VLANs configured in the switch: • VLAN ID (VID) and name •...
  • Page 424: Vlan Information

    Monitoring and Analyzing Switch Operation Status and Counters Data VLAN Information The switch uses the CLI to display the following VLAN status: Show Command show vlan show vlan <vlan-id> For example, suppose that your switch has the following VLANs: Ports...
  • Page 425 VLAN­ 44, it does not appear in this listing. Figure B-15. Example of VLAN Listing for Specific Ports Figure B-16. Example of Port Listing for an Individual VLAN Monitoring and Analyzing Switch Operation Status and Counters Data B-21...
  • Page 426: Web Browser Interface Status Information

    As the title implies, it provides an overview of the status of the switch, including summary graphs indicating the network utili­ zation on each of the switch ports, symbolic port status indicators, and the Alert Log, which informs you of any problems that may have occurred on the switch.
  • Page 427: Interface Monitoring Features

    N o t e VLANs and port trunks cannot be used as a monitoring port. The switch can monitor static LACP trunks, but not dynamic LACP trunks. It is possible, when monitoring multiple interfaces in networks with high traffic levels, to copy more traffic to a monitor port than the link can support.
  • Page 428: Menu: Configuring Port And Static Trunk Monitoring

    Monitoring and Analyzing Switch Operation Interface Monitoring Features Menu: Configuring Port and Static Trunk Monitoring This procedure describes configuring the switch for monitoring when moni­ toring is disabled. (If monitoring has already been enabled, the screens will appear differently than shown in this procedure.) 1. From the Console Main Menu, Select:...
  • Page 429: Cli: Configuring Port And Static Trunk Monitoring

    Port and Static Trunk Monitoring Commands Used in This Section show monitor mirror-port monitor Monitoring and Analyzing Switch Operation Move the cursor to the Monitoring Port parameter. Inbound Port and Trunk Monitoring (Only) on the Switch below page B-26 page B-27 Interface Monitoring Features , then press...
  • Page 430 Syntax: show monitor For example, if you assign port A6 as the monitoring port and configure the switch to monitor ports A1 - A3, show monitor displays the following: Figure B-20. Example of Monitored Port Listing Configuring the Monitor Port.
  • Page 431 < monitor-list > Includes port numbers and static trunk names such as a4,c7, b5-b8, trk1. Identifies the switch elements to monitor through the currently configured monitor port. You can monitor the port(s) and static trunk(s) available on the switch.
  • Page 432: Web: Configuring Port Monitoring

    Locating a Device If you are trying to locate a particular switch you can enter the chassislocate command. The blue Locator LED will light up on that switch. Syntax: chassislocate [ blink | on | off ] Locate a device by using the blue Locate LED on the front panel.
  • Page 433 Blink the chassis locate led (default 30 minutes). Turn the chassis locate led off. on <1-1440> Turn the chassis locate led on (default 30 minutes). ProCurve(config)# chassislocate Figure B-23. The chassislocate command Monitoring and Analyzing Switch Operation Locating a Device B-29...
  • Page 434 Monitoring and Analyzing Switch Operation Locating a Device B-30...
  • Page 435: Contents

    Fan Failure ..........C-21 Using the Event Log for Troubleshooting Switch Problems ..C-22 Event Log Entries .
  • Page 436 Traceroute Command ........C-54 Viewing Switch Configuration and Operation ....C-58 CLI: Viewing the Startup or Running Configuration File .
  • Page 437 Clear/Reset: Resetting to the Factory-Default Configuration ..C-67 Restoring a Flash Image ........C-68 DNS Resolver .
  • Page 438: Overview

    Overview This appendix addresses performance-related network problems that can be caused by topology, switch configuration, and the effects of other devices or their configurations on switch operation. (For switch-specific information on hardware problems indicated by LED behavior, cabling requirements, and other potential hardware-related problems, refer to the Installation Guide you received with the switch.)
  • Page 439: Troubleshooting Approaches

    ■ For help in isolating problems, use the easy-to-access switch console built into the switch or Telnet to the switch console. Refer to chapters 3 and 4 for operating information on the Menu and CLI interfaces included in the console. These tools are available through the switch console •...
  • Page 440: Browser Or Telnet Access Problems

    ■ If you are using DHCP to acquire the IP address for the switch, the IP address “lease time” may have expired so that the IP address has changed. For more information on how to “reserve” an IP address, refer to the documentation for the DHCP application that you are using.
  • Page 441 Note: If DHCP/Bootp is used to configure the switch, refer to the Note, above. If you are using DHCP to acquire the IP address for the switch, the IP ■ address “lease time” may have expired so that the IP address has changed.
  • Page 442: Unusual Network Activity

    Network activity that fails to meet accepted norms may indicate a hardware problem with one or more of the network components, possibly including the switch. Such problems can also be caused by a network loop or simply too much traffic for the network as it is currently designed and implemented.
  • Page 443: 802.1Q Prioritization Problems

    IP Multicast (IGMP) Traffic That Is Directed By IGMP Does Not Reach IGMP Hosts or a Multicast Router Connected to a Port. IGMP must be enabled on the switch and the affected port must be configured for “Auto” or “Forward” operation.
  • Page 444: Lacp-Related Problems

    Filter Traffic. The IGMP feature does not operate if the switch or VLAN does not have an IP address configured manually or obtained through DHCP/Bootp. To verify whether an IP address is configured for the switch or VLAN, do either of the following: ■...
  • Page 445 Telnet, or SSH). There can be several reasons for not receiving a response to an authentication request. Do the following: Use ping to ensure that the switch has access to the configured RADIUS ■ servers. Verify that the switch is using the correct encryption key (RADIUS secret ■...
  • Page 446 (RADIUS secret key) the switch is using is correct for the server being contacted. If the switch has only a global key configured, then it either must match the server key or you must configure a server-specific key.
  • Page 447: Qos-Related Problems

    Figure C-2. Displaying Encryption Keys Also, ensure that the switch port used to access the RADIUS server is not blocked by an 802.1X configuration on that port. For example, show port- access authenticator < port-list > gives you the status for the specified ports.
  • Page 448: Radius-Related Problems

    IP address is correctly configured in the switch. Use show radius to verify that the encryption key the switch is using is correct for the server being contacted. If the switch has only a global key configured, then it either must match the server key or you must configure a server-specific key.
  • Page 449: Spanning-Tree Protocol (Mstp) And Fast-Uplink Problems

    Return the values (2 seconds and 20 seconds, respectively, on a switch). A “downlink” port is connected to a switch that is further away (in hop ■ count) from the root device than the switch port on which fast-uplink MSTP is configured.
  • Page 450: Ssh-Related Problems

    (use 'crypto' command). then you need to generate an SSH key pair for the switch. To do so, execute crypto key generate.(Refer to “2. Generating the Switch’s Public and Private Key Pair”...
  • Page 451: Tacacs-Related Problems

    Event Log. When troubleshooting TACACS+ operation, check the switch’s Event Log for indications of problem areas. All Users Are Locked Out of Access to the Switch. If the switch is func­ tioning properly, but no username/password pairs result in console or Telnet access to the switch, the problem may be due to how the TACACS+ server and/or the switch are configured.
  • Page 452 Disconnect the switch from network access to any TACACS+ servers ■ and then log in to the switch using either Telnet or direct console port access. Because the switch cannot access a TACACS+ server, it will default to local authentication. You can then use the switch’s local Operator or Manager username/password pair to log on.
  • Page 453: Timep, Sntp, Or Gateway Problems

    System Allows Fewer Login Attempts than Specified in the Switch Configuration. Your TACACS+ server application may be configured to allow fewer login attempts than you have configured in the switch with the aaa authentication num-attempts command. TimeP, SNTP, or Gateway Problems The Switch Cannot Find the Time Server or the Configured Gateway .
  • Page 454 2. Similarly, if VLAN_2 (VID=2) is configured as “Tagged on the link port on switch “A”, then it must also be configured as “Tagged” on the link port on switch “B”. Make sure that the VLAN ID (VID) is the same on both switches.
  • Page 455: Fan Failure

    Fan Failure When two or more fans fail, a two-minute timer starts. After two minutes, the switch is powered down and must be rebooted to restart it. This protects the switch from possible overheating. ProCurve recommends that you replace a failed fan tray assembly within one minute of removing it.
  • Page 456: Using The Event Log For Troubleshooting Switch Problems

    You can scroll through it to view any part of the log. N o t e The Event Log is erased if power to the switch is interrupted or if you enter the boot system command. The contents of the Event Log are not erased if you: Reboot the switch by choosing the Reboot Switch option from the menu ■...
  • Page 457 802.1X-capable client (supplicant) has entered valid RADIUS user credentials addrmgr Address Table Manager: Manages MAC addresses that the switch has learned and are stored in the switch’s address table. auth Authorization: A connected client must receive authorization through web, AMC, RADIUS-based, TACACS+-based, or 802.1X authentication before it can send traffic to the switch.
  • Page 458 System Module Class of Service (CoS): Provides priority handling of packets traversing the switch, based on the IEEE 802.1p priority carried by each packet. CoS messages also include Quality of Service (QoS) events. The QoS feature classifies and prioritizes traffic throughout a...
  • Page 459 VLAN traffic that contain a known source IP address and MAC address binding for the port. Novell Netware protocol filtering: On the basis of protocol type, the switch can forward or drop traffic to a specific set of destination ports on the switch. lacp LACP trunks: The switch can either automatically establish an 802.3ad-compliant trunk group or provide a manually...
  • Page 460 SSH messages also include events from the Secure File Transfer Protocol (SFTP) feature. SFTP provides a secure alternative to TFTP for transferring sensitive information, such as switch configuration files, to and from the switch in an SSH session. Secure Socket Layer Version 3 (SSLv3), including Transport...
  • Page 461 TACACS+ authentication: A central server is used to control access to the switches (and other TACACS-aware devices) in the network through a switch’s console port (local access) or Telnet (remote access). Transmission Control Protocol: A transport protocol that runs on IP and is used to set up connections.
  • Page 462: Menu: Displaying And Navigating In The Event Log

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems Menu: Displaying and Navigating in the Event Log To display the Event Log from the Main Menu, select Event Log. Figure C-7 shows a sample event log display. ProCurve Switch ==========================-CONSOLE - MANAGER MODE -============================ M 10/25/07 16:30:02 sys: 'Operator cold reboot from CONSOLE session.'...
  • Page 463: Cli: Displaying The Event Log

    Using the Event Log for Troubleshooting Switch Problems CLI: Displaying the Event Log To display messages recorded in the event log from the CLI, enter the show logging command. Keyword searches are supported. Syntax: show logging [-a, -r] [<search-text>] By default, the show logging command displays the log messages recorded since the last reboot in chronological order.
  • Page 464: Cli: Turning Event Numbering On

    When the first instance of a particular event or condition generates a message, the switch initiates a log throttle period that applies to all recurrences of that event. If the logged event recurs during the log throttle period, the switch increments the counter initiated by the first instance of the event, but does not generate a new message.
  • Page 465: Log Throttle Periods

    Throttle Period Throttle Period *This value always comprises the first instance of the duplicate message in the current log throttle period plus all previous occurrences of the duplicate message occurring since the switch last rebooted. Instances Duplicate During 3rd Log...
  • Page 466: Debug/Syslog Operation

    Troubleshooting Debug/Syslog Operation Debug/Syslog Operation While the Event Log records switch-level progress, status, and warning messages on the switch, the Debug/System Logging (Syslog) feature provides a way to record Event Log and debug messages on a remote device. For example, you can send messages about misconfigurations and other network protocol details to an external device, and later use them to debug network- level problems.
  • Page 467: Debug/Syslog Configuration Commands

    Sends standard Event Log messages to configured debug destinations. (The same messages are also sent to the switch’s Event Log, regardless of whether you enable this option.) forwarding: Sends IPv4 forwarding messages to the debug destination(s).
  • Page 468 Using the Debug/Syslog feature, you can perform the following operations: ■ Configure the switch to send Event Log messages to one or more Syslog servers. In addition, you can configure the messages to be sent to the User log facility (default) or to another log facility on configured Syslog servers.
  • Page 469: Configuring Debug/Syslog Operation

    Step 3 to all IP addresses.) 2. To use a CLI session on a destination device for debug messaging: a. Set up a serial, Telnet, or SSH connection to access the switch’s CLI. b. Enter the debug destination session command at the manager level.
  • Page 470: Displaying A Debug/Syslog Configuration

    5. If you configure system-module and/or severity-level values to filter Event Log messages, when you finish troubleshooting, you may want to reset these values to their default settings so that the switch sends all Event Log messages to configured debug destinations (Syslog servers and/or CLI session).
  • Page 471 Figure C-9. Sample Output of show debug Command Example: In the following example, no Syslog servers are configured on the switch (default setting). When you configure a Syslog server, debug logging is enabled to send Event Log messages to the server. To limit the Event Log messages sent to the Syslog server, specify a set of messages by entering the logging severity and logging system-module commands.
  • Page 472: Debug Command

    Use the debug command to configure the types of debug messages that the switch can send to configured debug destinations. Syntax: [no] debug < debug-type > C-38 Configures the switch to send all debug message types (Event Log and LLDP) to configured debug destination(s). (Default: Disabled - No debug messages are sent.)
  • Page 473 Configures the switch to send Event Log messages to config­ ured debug destinations. Note: This value does not affect the reception of event notification messages in the Event Log on the switch. Syntax: [no] debug < debug-type > (Continued)
  • Page 474: Debug Destinations

    Enables Syslog logging to send the debug message types specified by the debug < debug-type > command to a buffer in switch memory. To view the debug messages stored in the switch buffer, enter the show debug buffer command.
  • Page 475: Logging Command

    ProCurve(config)# no logging system-module < system-module > Configuring a Syslog Server Syslog is a client-server logging tool that allows a client switch to send event notification messages to a networked device operating with Syslog server software. Messages sent to a Syslog server can be stored to a file for later debugging analysis.
  • Page 476 Troubleshooting Debug/Syslog Operation When you configure a Syslog server, Event Log messages are automatically enabled to be sent to the server. To reconfigure this setting, use the following commands: Use debug command to specify additional debug message types (see ■ “Debug Messages”...
  • Page 477 If you use the “no” form of the command to delete the only remaining Syslog server address, debug destination logging is disabled on the switch, but the default Event debug type is not changed. Also, removing all configured Syslog destinations with the no logging command (or a specified Syslog server destination with the no logging <...
  • Page 478: Adding A Description For A Syslog Server

    You can associate a user-friendly description with each of the IP addresses (IPv4 only) configured for syslog using the CLI or SNMP. N o t e The HP enterprise MIB hpicfSyslog.mib allows the configuration and moni­ toring of syslog for SNMP (RFC 3164 supported). C-44 The logging facility specifies the destination subsystem used in a configured Syslog server.
  • Page 479: Adding A Priority Description

    The CLI command is: Syntax: logging <ip-addr> control-descr <text_string>] ProCurve(config)# logging 10.10.10.2 control-descr syslog_one Figure C-11. Example of the Logging Command with a Control Description C a u t i o n Entering the no logging command removes ALL the syslog server addresses without a verification prompt.
  • Page 480: Configuring The Severity Level For Event Log Messages Sent To A Syslog Server

    Syntax: [no] logging severity < major | error l warning | info | debug > C-46 Configures the switch to send all Event Log messages with a severity level equal to or higher than the specified value to all configured Syslog servers.
  • Page 481: Configuring The System Module Used To Select The Event Log Messages Sent To A Syslog Server

    Syntax: [no] logging system-module < system-module > Configures the switch to send all Event Log messages being logged from the specified system module to configured Syslog servers.
  • Page 482 Ensure that your Syslog servers accept Debug messages. All Syslog messages resulting from a debug operation have a “debug” severity level. If you configure the switch to send debug messages to a Syslog server, ensure that the server’s Syslog application is configured to accept the “debug”...
  • Page 483: Diagnostic Tools

    Diagnostic Tools Diagnostic Features Feature Default Port Auto negotiation Ping test Link test Traceroute operation View switch configuration files View switch (show tech) operation View crash information and command history View system information and software version Useful commands in a...
  • Page 484: Port Auto-Negotiation

    When a link LED does not light (indicating loss of link between two devices), the most common reason is a failure of port auto-negotiation between the connecting ports. If a link LED fails to light when you connect the switch to a port on another device, do the following: 1. Ensure that the switch port and the port on the attached end-node are...
  • Page 485: Web: Executing Ping Or Link Tests

    Destination IP/MAC Address is the network address of the target, or destination, device to which you want to test a connection with the switch. An IP address is in the X.X.X.X format where X is a decimal number between 0 and 255. A MAC address is made up of 12 hexadecimal digits, for example, 0060b0-080400.
  • Page 486: Cli: Ping Test

    It also measures the amount of time it takes to receive a reply from the specified destination. The Ping command has several extended commands that allow advanced checking of destination availability. Syntax: ping <ip-address | hostname | switch-num> [repetitions <1-10000>] C-52 [timeout <1-60>] [source <ip-address> | <vlan-id>] [data-size <0 - 65471>] [data-fill <0-1024>]...
  • Page 487: Link Tests

    Basic Ping Operation Ping with Repetitions Ping with Repetitions and Timeout Ping Failure Figure C-14. Examples of Ping Tests To halt a ping test before it concludes, press N o t e To use the ping (or traceroute) command with host names or fully qualified domain names, refer to “DNS Resolver”...
  • Page 488: Traceroute Command

    Test Fail Figure C-15. Example of Link Tests Traceroute Command The traceroute command enables you to trace the route from the switch to a host address. This command outputs information for each (router) hop between the switch and the destination address. Note that every time you execute traceroute, it uses the same default settings unless you specify otherwise for that instance of the command.
  • Page 489 [timeout < 1-120 >] For the current instance of traceroute, changes the timeout period the switch waits for each probe of a hop in the route. For any instance of traceroute, if you want a timeout value other than the default, you must specify that value. (Default: 5 seconds) [probes <...
  • Page 490 Figure C-17. Example of Incomplete Traceroute Due to Low Maxttl Setting C-56 Intermediate router hops with the time taken for the switch to receive acknowledgement of each probe reaching each router. The asterisk indicates there was a timeout on the second probe to the third...
  • Page 491 If A Network Condition Prevents Traceroute from Reaching the Destination. Common reasons for Traceroute failing to reach a destination include: Timeouts (indicated by one asterisk per probe, per hop; refer to Figure ■ C-17, above.) Unreachable hosts ■ ■ Unreachable networks ■...
  • Page 492: Viewing Switch Configuration And Operation

    Viewing Switch Configuration and Operation In some troubleshooting scenarios, you may need to view the switch config­ uration to diagnose a problem. The complete switch configuration is con­ tained in a file that you can browse from either the web browser interface or the CLI using the commands described in this section.
  • Page 493: Cli: Viewing A Summary Of Switch Operational Data

    CLI: Viewing a Summary of Switch Operational Data Syntax: show tech By default, the show tech command displays a single output of switch operat­ ing and running-configuration data from several internal switch sources, including: ■ Image stamp (software version data) Running configuration ■...
  • Page 494: Saving Show Tech Command Output To A Text File

    Figure C-19. Example of Show Tech Command Saving show tech Command Output to a Text File When you enter the show tech command, a summary of switch operational data is sent to your terminal emulator. You can use your terminal emulator’s text capture features to save the show tech data to a text file for viewing, printing, or sending to an associate to diagnose a problem.
  • Page 495 When the command output stops and displays -- MORE --, press the Space bar to display and copy more information. The CLI prompt appears when the command output finishes. Troubleshooting Viewing Switch Configuration and Operation C-61...
  • Page 496: Cli: Viewing More Information On Switch Operation

    Information” in the “Interface Access and System Information” chapter). show version Displays the software version currently running on the switch, and the flash image from which the switch booted (primary or secondary). For more information, see “Displaying Management Information” in the “Redundancy (Switch 8212zl)” chapter.
  • Page 497: Pattern Matching When Using The Show Command

    Only the lines that contain the matching pattern are not displayed in the output. begin: The display of the output begins with the line that contains the matching pattern. Displays only lines that contain “ipv6”. Troubleshooting Viewing Switch Configuration and Operation C-63...
  • Page 498 Troubleshooting Viewing Switch Configuration and Operation ProCurve(config)# show run | exclude ipv6 Running configuration: ; J9146A Configuration Editor; Created on release #W.14.06 hostname "ProCurve Switch" module 1 type J8702A module 2 type J8705A snmp-server community "notpublic" Unrestricted vlan 1 name "DEFAULT_VLAN"...
  • Page 499 ProCurve(config)# show arp | include 15.255.128.1 15.255.128.1 00000c-07ac00 Figure C-25. Example of the Show ARP Command and Pattern Matching with the Include Option Troubleshooting Viewing Switch Configuration and Operation Displays the running config beginning at the first line that contains “ipv6”. Type Port dynamic B1...
  • Page 500: Cli: Useful Commands For Troubleshooting Sessions

    To halt the command execution, press any key on the keyboard. For more information, see “Repeating a Command” in the “Using the Command Line Interface (CLI)” chapter. setup Displays the Switch Setup screen from the menu interface.
  • Page 501: Restoring The Factory-Default Configuration

    Configuration As part of your troubleshooting process, it may become necessary to return the switch configuration to the factory default settings. This process momen­ tarily interrupts the switch operation, clears any passwords, clears the console Event Log, resets the network counters to zero, performs a complete self test, and reboots the switch into its factory default configuration including deleting an IP address.
  • Page 502: Restoring A Flash Image

    2. Continue to press the Clear button while releasing the Reset button. 3. When the Self Test LED begins to flash, release the Clear button. The switch will then complete its self test and begin operating with the configuration restored to the factory default settings.
  • Page 503 3. Use the Reset button to reset the switch. The following prompt should then appear in the terminal emulator: Enter h or ? for help. => 4. Since the OS file is large, you can increase the speed of the download by changing the switch console and terminal emulator baud rates to a high speed.
  • Page 504 Troubleshooting Restoring a Flash Image Figure C-26. Example of Xmodem Download in Progress 8. When the download completes, the switch reboots from primary flash using the OS image you downloaded in the preceding steps, plus the most recent startup-config file.
  • Page 505: Dns Resolver

    For example, in the evergreen.trees.org domain, if an IPv4 address of 10.10.100.27 is assigned a host name of accounts015 and another IP address of 10.10.100.33 is assigned a host name of sales021, then the switch configured with the domain suffix evergreen.trees.org and a DNS server that resolves addresses in that domain can use the host names to reach the devices with DNS-compatible commands.
  • Page 506 IP address for an accessible DNS server. If an operator wants to use the switch to ping a target host in this domain by using the DNS name “leader” (assigned by a DNS server to an IP address used in...
  • Page 507: Configuring And Using Dns Resolution With Dns-Compatible Commands

    Example. Suppose the switch is configured with the domain suffix mygroup.procurve.net and the IP address for an accessible DNS server in this same domain. This time, the operator wants to use the switch to trace the route to a host named “remote-01” in a different domain named common.group.net.
  • Page 508: Configuring A Dns Entry

    Configuring a DNS Entry The switch allows up to three DNS server entries (IP addresses for DNS servers). One domain suffix can also be configured to support resolution of DNS names in that domain by using a host name only. Including the domain suffix enables the use of DNS-compatible commands with a target’s host name...
  • Page 509: Example Using Dns Names With Ping And Traceroute

    DNS name with a DNS-compatible command: • If the DNS server IP address is configured on the switch, but the domain suffix is not configured (null) • The domain suffix configured on the switch is not the...
  • Page 510 Troubleshooting DNS Resolver Configuring switch “A” with the domain name and the IP address of a DNS server for the domain enables the switch to use host names assigned to IP addresses in the domain to perform ping and traceroute actions on the devices in the domain.
  • Page 511: Viewing The Current Dns Configuration

    As mentioned under “Basic Operation” on page C-71, if the DNS entry config­ ured in the switch does not include the domain suffix for the desired target, then you must use the target host’s fully qualified domain name with DNS- compatible commands.
  • Page 512: Operating Notes

    The DNS server(s) and domain configured on the switch must be ■ accessible to the switch, but it is not necessary for any intermediate devices between the switch and the DNS server to be configured to support DNS operation.
  • Page 513: Event Log Messages

    DNS server not responding Unknown host < host-name > Meaning The switch does not have an IP address configured for the DNS server. The DNS server failed to respond or is unreachable. An incorrect server IP address can produce this result.
  • Page 514 Troubleshooting DNS Resolver C-80...
  • Page 515: Contents

    Determining MAC Addresses ........D-3 Menu: Viewing the Switch’s MAC Addresses ....D-4 CLI: Viewing the Port and VLAN MAC Addresses .
  • Page 516: Overview

    MAC addresses are assigned at the factory. The switch automatically implements these addresses for VLANs and ports as they are added to the switch. N o t e The switch’s base MAC address is also printed on a label affixed to the switch.
  • Page 517: Determining Mac Addresses

    N o t e The switch’s base MAC address is used for the default VLAN (VID = 1) that is always available on the switch. This is true for dynamic VLANs as well; the base MAC address is the same across all VLANs.
  • Page 518: Menu: Viewing The Switch's Mac Addresses

    Any additional VLANs configured on the switch. ■ Also, the Base MAC address appears on a label on the back of the switch. N o t e The Base MAC address is used by the first (default) VLAN in the switch. This is usually the VLAN named “DEFAULT_VLAN”...
  • Page 519: Cli: Viewing The Port And Vlan Mac Addresses

    This procedure displays the MAC addresses for all ports and existing VLANs in the switch, regardless of which VLAN you select. 1. If the switch is at the CLI Operator level, use the enable command to enter the Manager level of the CLI.
  • Page 520: Viewing The Mac Addresses Of Connected Devices

    Viewing the MAC Addresses of Connected Devices Syntax: show mac-address [ | mac-addr | To list the MAC addresses of devices the switch has detected, use the show mac-address command. ProCurve(config)# show mac-address Status and Counters - Port Address Table...
  • Page 521 • Series 2500 • Series 4200vl • Series 2520 • Series 5300xl • Series 2600 • Series 5400zl • Series 2800 • Switch 6108 • Series 2900 • Switch 6200yl • Series 2910al • Series 6400cl • Series 3400cl • Series 6600 • Series 3500...
  • Page 522 Daylight Savings Time on ProCurve Switches Canada and Continental US: • • Middle Europe and Portugal: • • Southern Hemisphere: • • Western Europe: • • A sixth option named “User defined” allows you to customize the DST config­ uration by entering the beginning month and date plus the ending month and date for the time change.
  • Page 523 Before configuring a “User defined” Daylight Time Rule, it is important to understand how the switch treats the entries. The switch knows which dates are Sundays, and uses an algorithm to determine on which date to change the system clock, given the configured “Beginning day” and “Ending day”: ■...
  • Page 524 Daylight Savings Time on ProCurve Switches E-4...
  • Page 525: Contents

    Power-Saving Features Contents Configuring Power-Saving for LEDs ......F-2 Show Savepower Status ........F-2...
  • Page 526: Configuring Power-Saving For Leds

    Configuring Power-Saving for LEDs Configuring Power-Saving for LEDs The savepower led command provides the ability to turn off the switch link, mode, and activity LEDs and turn them on again. When power-saving is turned off, it will turn on again automatically after 10 minutes.
  • Page 527 Index Symbols => prompt … C-68 Numerics 802.1X effect, LLDP … 13-75 LLDP blocked … 13-42 802.1X access control authentication failure, SNMP notification … 13-26 SNMP notification of authentication failure … 13-26 access manager … 13-13 operator … 13-13 out-of-band … 2-3 debug messages …...
  • Page 528 broadcast limit … 10-19 broadcast storm … 12-3, C-15 broadcast traffic IPX … 10-19 RIP … 10-19 browser interface See web browser interface. CDP … 13-76, 13-77, 13-78, 13-79, 13-81 Clear + Reset button combination … 6-34 Clear button … 5-10 restoring factory default configuration …...
  • Page 529 LLDP … 13-40 default gateway … 8-3 See also gateway. default settings configuration file name, switch.cfg … 6-39 DHCP Option 66, enabled … 6-38 PoE … 11-6 PoE allocation, usage … 11-9 default trunk type … 12-10 DES encryption … 13-9...
  • Page 530 DHCPv6 debug messages … C-33 dhcpv6-client … C-33 diagnostics tools … C-49 browsing the configuration file … C-58 displaying switch operation … C-59 ping and link tests … C-50 traceroute … C-54 viewing switch operation … C-58 DNS configuration … C-73, C-76 configuration error …...
  • Page 531 … C-33 factory default configuration restoring … 6-9, C-67 failure, switch software download … A-7 fastboot command … 6-21 fault detection policy … 5-8, 5-23 fault-tolerance … 12-4 firmware version … B-6 flash memory … 3-10, 6-3 flow control constraints …...
  • Page 532 … C-50 link, serial … 7-3 link-change traps … 13-17, 13-28 Link-Layer Discovery Protocol See LLDP. LLDP 802.1D-compliant switch … 13-75 802.1X blocking … 13-42 802.1X effect … 13-75 active port … 13-35 adjacent device … 13-35 advertisement … 13-35 6 –...
  • Page 533 … 5-10 MAC address … 8-13, B-6, D-2 displaying detected devices … D-6 duplicate … C-15, C-20 learned … B-14 port … D-2, D-4 switch … D-2 VLAN … D-2, D-5 walkmib … D-5 MAC authentication SNMP notification … 13-26 management interfaces described …...
  • Page 534 … 3-10, 6-3 startup configuration … 3-10 menu interface configuration changes, saving … 3-10 moving to or from the CLI … 4-7 See also console. HP proprietary … 13-4 listing … 13-4 standard … 13-4 mirroring See port monitoring. MLTS … 13-36 monitoring See port monitoring.
  • Page 535 configuring port priority … 11-8 disabling a port … 11-13 enable or disable operation … 11-6 event log messages … 11-21 fault … 11-11 LLDP detection, enabling or disabling … 11-14 manually configuring power levels … 11-10 operation on ProCurve switches … 11-2 oversubscribed …...
  • Page 536 SNMP and network management … 13-3 starting web browser … 5-4 updating switch software … A-22 using Java-enabled browser … 5-5 ProCurve, HP, URL … 13-4 prompt, => … C-68 PSAP … 13-36 PSE … 13-36 PSE, defined … 11-4 Public Safety Answering Point …...
  • Page 537 secure FTP See SCP/SFTP. secure management VLAN, DNS … C-78 security Clear button … 5-11 enabling network security notifications … 13-26 privilege levels in CLI … 4-3 username and password … 5-8 web browser access, RADIUS … 5-8 Self Test LED behavior during factory default reset …...
  • Page 538 URL … 5-13 URL … 5-12 URL Window … 5-12 12 – Index switch console See console. switch setup menu … 3-8 switch software download using TFTP … A-4 download, failure indication … A-7 download, switch-to-switch … A-19 download, troubleshooting … A-6 download, using TFTP …...
  • Page 539 CLI … A-7 downloading software using console … A-4 switch-to-switch transfer … A-19 troubleshooting download failures … A-6 using to download switch software … A-4 threshold setting … 13-5, 13-13 thresholds, SNMP … 13-19 time format, events … C-23 time protocol selecting …...
  • Page 540 … C-15 SSH … C-16 SSH, SFTP, and SCP Operations … A-16 switch software download … A-6 switch won’t reboot, shows => prompt … C-68 unusual network activity … C-8 using CLI session … C-32 using debug and Syslog messaging using the event log …...
  • Page 541 … 5-4 troubleshooting access problems … C-6 URL default … 5-13 URL, management server … 5-14 URL, support … 5-14 web site, HP … 13-4 windshell, debug destination … C-33 world wide web site, HP See ProCurve. write access … 13-13 write memory effect on menu interface …...
  • Page 542 16 – Index...
  • Page 544 To learn more, visit www.hp.com/go/procurve/ © Copyright 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services.

Table of Contents