Page of 292
Download Table of ContentsContents Print This PagePrint Bookmark
ProCurve Series 8100fl Switches
www.procurve.com
Management and
Configuration Guide

Advertising

   Also See for HP procurve 8100fl series

   Summary of Contents for HP procurve 8100fl series

  • Page 1

    Management and Configuration Guide ProCurve Series 8100fl Switches www.procurve.com...

  • Page 3: Management And Configuration Guide

    ProCurve Series 8100fl Switches March 2007 Software Release CY.02.05.xxxx or Greater Management and Configuration Guide...

  • Page 4

    Publication Number performance, or use of this material. 5990-8867 The only warranties for HP products and services are set March 2007 forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 5: Table Of Contents

    Contents 1 Getting Started Contents ............1-1 Overview.

  • Page 6: Table Of Contents

    3 File and System Management Contents ............3-1 Maintaining Configuration Files .

  • Page 7: Table Of Contents

    Setting System Parameters ........4-4 Setting the Host Name ........4-4 Setting System ID, Location, and Contact .

  • Page 8: Table Of Contents

    Configuring Accounting ........5-13 Configuring RADIUS .

  • Page 9: Table Of Contents

    Specifying the System ........7-5 Configuring the Port .

  • Page 10: Table Of Contents

    Operating Rules ..........9-11 Transitioning from STP or RSTP to MSTP .

  • Page 11: Table Of Contents

    Automatic Fast-Leave IGMP ....... . 10-11 Configuring Fast-Leave IGMP ......10-13 Forced Fast-Leave IGMP .

  • Page 12: Table Of Contents

    RIP Configuration Contents ............12-1 Overview.

  • Page 13: Table Of Contents

    Configuring OSPF Areas ........13-6 Configuring Summary Ranges .

  • Page 14: Table Of Contents

    Import-Source ......... . 14-3 Route-Filter .

  • Page 15: Table Of Contents

    Protocols and Keywords........15-15 16 VRRP Configuration Contents .

  • Page 16: Table Of Contents

    Configuring SNMP Access ........18-3 Configuring Community Strings ......18-3 Configuring the SNMP Agent .

  • Page 17

    Operating Notes for Rate-Limiting ......19-13 Command Line Index Index...

  • Page 18

    xvi...

  • Page 19: Contents

    Getting Started Contents Overview............1-2 Conventions .

  • Page 20: Overview

    Getting Started Overview Overview This Management and Configuration Guide is intended for use with the following switches: ■ ProCurve Switch 8108fl ProCurve Switch 8116fl ■ N o t e Each device uses the same command line functions. Together, these two devices are referred to in this guide as the 8100fl switch.

  • Page 21: Command Prompts

    Getting Started Conventions Command Prompts The default configuration for your switch displays one of the following CLI prompts: ProCurve 8108fl# ProCurve 8116fl# ProCurve To simplify recognition, this guide uses the hostname to represent command prompts for both models. For example: ProCurve# N o t e You can use the hostname command to change the text in the CLI prompt.

  • Page 22: Related Publications

    Getting Started Related Publications Related Publications Read Me First. The Read Me First shipped with your switch provides software update information, product notes, and other information. A printed copy is shipped with your switch. Installation and Getting Started Guide. Use the Installation and Getting Started Guide shipped with your switch to prepare for and perform the physical installation.

  • Page 23: Need Only A Quick Start?

    Getting Started Need Only a Quick Start? Need Only a Quick Start? IP Addressing. If you just want to give the switch an IP address so that it can communicate on your network, ProCurve recommends that you use the CLI to quickly configure IP addressing and enable Telnet access to the switch: “Setting the Management Module IP Address”...

  • Page 24

    — This page is intentionally unused. —...

  • Page 25

    Using the Command Line Interface (CLI) Contents Using the Command Line Interface (CLI) Accessing the CLI ..........2-2 CLI Access Modes .

  • Page 26: Accessing The Cli

    Using the Command Line Interface (CLI) Accessing the CLI Accessing the CLI The CLI can be accessed through both serial and Telnet connections (including Secure Shell). For initial log on, you must use a serial connection. Once an IP address is assigned to the management interface (see “Setting the Management Module IP Address”...

  • Page 27

    Using the Command Line Interface (CLI) Accessing the CLI N o t e For more information on the CLI Access modes and permissions, see Table 2-1 on page 2-4. To access the Privileged Exec mode from the Exec mode, enter: ProCurve>enable You will be prompted for a password if one has been assigned.

  • Page 28: Cli Access Modes

    Using the Command Line Interface (CLI) Accessing the CLI CLI Access Modes The CLI has four different access modes, each of which provides the ability to perform the specific operations shown in Table 2-1. Table 2-1. CLI Access Modes Access Mode Command Prompt Description Exec ProCurve>...

  • Page 29: Using The Cli

    Using the Command Line Interface (CLI) Using the CLI Using the CLI The CLI supports partial matching (also known as command completion), so you do not need to enter the entire name of a command or option. As long as you enter enough characters of the command or option name to be unique, the CLI understands what you are typing.

  • Page 30

    Using the Command Line Interface (CLI) Using the CLI To enter a line-editing command, use the [ ] combination for the Ctrl command by pressing and holding the [ ] key, then pressing the letter Ctrl associated with the command as detailed in the following table. Table 2-2.

  • Page 31: Scrolling Down A Line Or A Screen

    Using the Command Line Interface (CLI) Using the CLI Table 2-2. CLI Line Editing Commands (Continued) Command Resulting Action [Ctrl][Y] Paste back what was deleted by the previous Ctrl-k or Ctrl-w command. Text is pasted back at the cursor location [Ctrl][Z] If inside a subsystem, it exits back to the top level.

  • Page 32: Cli Parameter Types

    Using the Command Line Interface (CLI) Using the CLI CLI Parameter Types The following table describes all the parameter types you can use with the CLI. Table 2-3. CLI Parameter Types Data Type Description Example conditional A numerical conditional expression. Special <1024 or >2048 or symbols are used to describe a numerical !=4096...

  • Page 33: Setting Cli Parameters

    Using the Command Line Interface (CLI) Using the CLI Setting CLI Parameters The terminal history command specifies the number of commands that will be stored in the command history buffer. Commands stored in the buffer can be recalled without having to type the complete command again. When you hit the ↑...

  • Page 34: Getting Help With Cli Commands

    Using the Command Line Interface (CLI) Using the CLI Getting Help with CLI Commands Interactive help is available from CLI by entering the question mark (?) character at any time. The help is context-sensitive; the help provided is based on where you are in the command. For example, if you are at the Exec mode prompt, enter a question mark (?) as shown in the following example to list the commands available in Exec mode: ProCurve>?

  • Page 35: Utilities And Conventions

    Using the Command Line Interface (CLI) Using the CLI Utilities and Conventions Take note of the following commands or conventions when using the CLI. Search Command The search <WORD> command can locate strings that appear in your ■ running configuration file. Strings can be words like vlan, or numbers such as 10.20.30.40, or even a Perl-style regular expression.

  • Page 36

    Using the Command Line Interface (CLI) Using the CLI • T he end command when used at any level of the Configuration mode, returns the CLI to the Privileged Exec mode. Terminate Session Exec > quit exit logout Privileged Exec # quit exit logout...

  • Page 37

    File and System Management Contents Maintaining Configuration Files ........3-2 Saving Configuration Changes .

  • Page 38: Maintaining Configuration Files

    File and System Management Maintaining Configuration Files Maintaining Configuration Files The 8100fl switch maintains in memory and on disk the following configuration files and commands: ■ running-config—The running-config file includes both the startup-con­ fig file plus any configuration changes or additions that you have made entered during a CLI session.

  • Page 39: Changing Configuration Information

    File and System Management Maintaining Configuration Files Changing Configuration Information The commands to change configuration information are shown in Table 3-1. Table 3-1. Commands to change configuration information Mode Command Action copy <source> Privileged Copy between running configuration, <destination> Exec startup configuration, TFTP server, or URL.

  • Page 40: Managing Files

    File and System Management Managing Files Managing Files The 8100fl switch supports a 512 MB internal compact flash device located on the management module. This device contains the local flash storage area used to store configuration and system files. Copy Command Table 3-3 shows the local file systems supported by the copy command.

  • Page 41: File Management Commands

    File and System Management Managing Files Table 3-4 shows syntaxes and examples for the various URL options used to perform remote file transfer. Table 3-4. URL Syntaxes for Remote File Systems Syntaxes Example tftp: tftp://location/directory/filename tftp://10.10.10.10/filename.txt scp: scp://[username@]location]/directory/filename scp://remoteuser@10.10.10.10/filename.txt When using scp you will be prompted for a password remoteuser@10.10.10.10’s password: ******* File Management Commands Because the 8100fl switch allows a wide variety of file storage activities to a...

  • Page 42

    File and System Management Managing Files Table 3-5. File Management Commands (Continued) Command Description Syntax copy <url> <source- copy The copy command uses a url to copy a file> <target-file> source-file to a target-file, with the following conditions: or the inverse: •...

  • Page 43: Backing Up And Restoring Files

    File and System Management Managing Files Table 3-5. File Management Commands (Continued) Command Description Syntax rename <source-file> rename The rename command renames source-file to <target-file> target-file. Both source-file and target-file must reside on logical or physical file systems; they cannot be on remote file systems. Both source-file and target-file must be writable.

  • Page 44: Backing Up Startup Configuration

    File and System Management Managing Files Backing Up Startup Configuration When you save the startup configuration file, the switch stores it in three places: in the boot flash and the PC card of the primary management module, and if there is a redundant management module, in its PC flash card as well. It is recommended that you store a backup of the startup configuration file on a central server.

  • Page 45: Managing System Devices And Software

    File and System Management Managing System Devices and Software Managing System Devices and Software This section highlights some key commands used to manage hardware and software on the switch. For complete information and procedures on updating system software and Boot ROM images to the most current versions, refer to the latest Release Notes, available on the ProCurve Networking Web site.

  • Page 46: Updating Software

    File and System Management Managing System Devices and Software Updating Software For easy software image management, the 8100fl switch supports the download and upload of software images between the compact flash on the management module and a server on the network (see “Backing Up and Restoring Files”...

  • Page 47: Managing Modules

    File and System Management Managing System Devices and Software Managing Modules To control the power and administrative states of modules on the switch, enter the set module command from Configuration mode in the CLI: ProCurve(config)#set module {enable | disable} {management- module slot | fabric-module slot | interface-module slot } ProCurve(config)#set module {poweron | poweroff} {fabric- module slot | interface-module slot}...

  • Page 48: Showing Redundancy Status

    File and System Management Managing System Devices and Software You can gracefully stop a management module or fabric module and cause the redundant module to take over by using the following command in Privileged Exec mode: ProCurve#halt <module> Alternatively, you can power down the fabric module slot by issuing the following command: ProCurve#power down <fabric-module slot>...

  • Page 49: Monitoring System Hardware

    File and System Management Managing System Devices and Software Monitoring System Hardware This section provides details on monitoring the system hardware, including finding the chassis serial number and displaying information on the modules that are installed in the switch. Showing Hardware Information Use the show hardware command to display switch hardware inventory details, including the chassis serial number and summary details of all installed modules on the switch.

  • Page 50: Showing Module Information

    File and System Management Managing System Devices and Software Showing Module Information Use the show modules command to display summary status information on all installed modules on the switch. ProCurve#show module Chassis Serial Number Chassis Serial Number :SG444SS014 Part Number Slot Module-Type Model...

  • Page 51

    Configuring Basic System Information and Port Parameters Contents Overview............4-2 Configuring Basic System Information.

  • Page 52

    Configuring Basic System Information and Port Parameters Overview Overview This chapter describes how to configure basic, non-protocol features on the 8100fl switch using the CLI. The switch is configured at the factory with default parameters that allow you to use basic features of the system immediately. However, many of the advanced features such as VLANs or routing protocols must be enabled at the system (global) level before they can be configured.

  • Page 53

    Configuring Basic System Information and Port Parameters Configuring Basic System Information 3. From the Privileged Exec mode, enter the configure command to get to Configuration mode in the CLI. 4. From Configuration mode, enter the following command to access the management interface: ProCurve(config)#interface management 0 5. From Interface Management mode, enter the following command:...

  • Page 54: Setting The System Date And Time

    Configuring Basic System Information and Port Parameters Configuring Basic System Information 9. Enter write memory to save the running configuration to the startup configuration. Setting the System Date and Time To set the system date and time: 1. From the Privileged Exec mode (#) prompt, enter the clock set command: ProCurve#clock set <HH:MM:SS>...

  • Page 55: Setting System Id, Location, And Contact

    Configuring Basic System Information and Port Parameters Configuring Basic System Information Setting System ID, Location, and Contact To assign a chassis ID, a physical location, and a contact person to the system using snmp (Simple Network Management Protocol), enter the following commands: ProCurve(config)#snmp-server location <string>...

  • Page 56: Configuring Terminal Services

    Configuring Basic System Information and Port Parameters Configuring Basic System Information Configuring Terminal Services The Series 8100fl Switch supports up to 10 concurrent Telnet sessions (numbered from 0 through 9) for a maximum of ten incoming remote connections. Use the shutdown command to terminate the Telnet service. The following example shows how to terminate a Telnet connection: ProCurve(config)#ip telnet ProCurve(config-telnet)#...

  • Page 57

    Configuring Basic System Information and Port Parameters Configuring Basic System Information To limit the amount of time (in minutes) that a session on this line can ■ remain connected without activity, enter: ProCurve(config-line)#exec-timeout <value> where value is an integer designating the timer inactivity in minutes (enter a value of 0 to set an unlimited time for each session).

  • Page 58: Saving And Using The New Configuration

    Configuring Basic System Information and Port Parameters Configuring Basic System Information Saving and Using the New Configuration 1. To activate the system commands entered in the previous steps, use the following command: ProCurve#save running-config The CLI displays the following message: ProCurve(config)#save running-config Please wait, acquiring configuration lock...done in 0.00 seconds...

  • Page 59: Configuring Port Parameters

    Configuring Basic System Information and Port Parameters Configuring Port Parameters Configuring Port Parameters Changes to port parameters are made using the interface <port> command to adjust to attached devices or other network requirements. Follow the procedures in this section to set the following port parameters: ■...

  • Page 60: Slot Numbering

    Configuring Basic System Information and Port Parameters Configuring Port Parameters For example, the port name gi 3/2 refers to a port on the Gigabit Ethernet interface module located in slot 3, port 2. N o t e You can build a configuration for a module that is not yet installed. For example, although slot 2 is empty, you can configure an interface gi 2/1 and add an IP address to it, and then save the configuration for later use.

  • Page 61: Activating Or Disabling Ports

    Configuring Basic System Information and Port Parameters Configuring Port Parameters Switch 8116fl Slot Numbering. The Switch 8116fl chassis contains 16 numbered slots for interface modules, 2 slots for management modules, 2 slots for fabric modules, and 2 expansion slots. The following illustration shows the numbering and naming scheme used to identify each slot in the CLI.

  • Page 62: Modifying Port Speed

    Configuring Basic System Information and Port Parameters Configuring Port Parameters Modifying Port Speed The 8100fl switch ports are designed to auto-negotiate the speed and mode of the connected device. If the attached device does not support auto- negotiation, you can manually enter the port speed to operate at either 100 Mbps or 1000 Mbps.

  • Page 63: Assigning A Description

    Configuring Basic System Information and Port Parameters Configuring Port Parameters To re-enable flow control: ProCurve(config)#interface et 1/8 ProCurve(config-if)#flowcontrol N o t e Flow control is enabled by default and is not reported in show interface configuration displays. The flow control state is only reported when it is disabled (no flowcontrol).

  • Page 64

    — This page is intentionally unused. —...

  • Page 65

    Security Configuration Contents Overview............5-2 Configuring Passwords.

  • Page 66

    Security Configuration Overview Overview The 8100fl switch provides security features that help control access and filter traffic. Access to the switch can be controlled by: ■ Terminal line password authentication Secure shell protocol (version 1 and 2, server and client) ■...

  • Page 67: Specifying The Cli-level Password

    Security Configuration Configuring Passwords To test your configuration safely, leave your startup configuration ■ unchanged. Add your planned changes to the running config, and then verify that you can log on safely before saving any changes to the startup config. ■...

  • Page 68: Specifying Privilege Levels

    Security Configuration Configuring Passwords For example: To create an encrypted password called “mysecretpassword” enter; ProCurve(config)#enable secret mysecretpassword When you enter show running-config, this will appear as a line in the running configuration as follows: enable secret 5 $1$ZyK.$8NHx2DJBsiGQyhTBmUakz1 where 5 indicates that the password has been encrypted. To allow passwords to be displayed in an unencrypted format, enter 0 before you enter the password.

  • Page 69: Specifying Line-level Passwords

    Security Configuration Configuring Passwords To configure a switch password and set the privilege level, enter the following command in Configuration mode: ProCurve(config)#enable secret level <lvl> [encrypt|0|5] <string> where <lvl> is either 0 (Exec mode) or 15 (Privileged Exec mode); and [ 0 | 5 ] can be either 0 (an unecrypted password) or 5 (hidden or encrypted) For example, to set and encrypt a Privileged Exec mode password as abcd1234, you would enter the following command:...

  • Page 70: Recovering From Forgotten Passwords

    Security Configuration Configuring Passwords 2. Enter the following command to configure a password to the line that you have specified: ProCurve(config-line)#password <password> By default the password you enter will be encrypted to prevent it from being displayed in the configuration file output. For example: To create an encrypted password called “mysecretpassword”...

  • Page 71

    Security Configuration Configuring Passwords N o t e The following procedure may only be performed via the serial console. Because this procedure allows passwords to be changed without actually logging onto the switch, physical security should be maintained at all times. 1. If you have two Management Modules installed, pull the backup module out of its slot so that only one Management Module is active.

  • Page 72: Using Ssh

    Security Configuration Using SSH Using SSH SSH provides more secure communications than using Telnet because connections are authenticated and communications over the network are encrypted. Secure shell (SSH) is a protocol based on OpenSSH that allows you to log in to a remote switch and execute commands on that system. The switch provides both an SSH server and client.

  • Page 73: Monitoring Ssh Sessions

    Security Configuration Using SSH The SSH client parameters are: ProCurve(config)#ssh ? - Force protocol version 1 - Force protocol version 2 - Specify encryption algorithm - Specify escape character - Specify a user name to log in as - Specify MAC algorithm for protocol version 2 - Specify the port to connect to on the remote host WORD(1..1024) - Target address or hostname N o t e...

  • Page 74: Using Ssh And Telnet Sessions

    Security Configuration Using SSH Using SSH and Telnet Sessions You can combine SSH connections with Telnet connections to reach your destination. Figure 5-1 shows different ways to mix secure and unsecure connections and the consequences experienced. Preferred Acceptable Telnet Telnet (Password exposed here) Figure 5-1.

  • Page 75: Configuring Authentication

    Security Configuration Configuring Authentication Configuring Authentication You can configure authentication at the following levels: ■ Line Enable mode ■ ■ Local user ■ RADIUS/TACACS+ server groups To configure the authentication lists for logging in, enter the following command in Configuration mode: ProCurve(config)#aaa authentication login <method list>...

  • Page 76: Configuring Authorization

    Security Configuration Configuring Authentication The parameters can be used as follows: ■ The group option allows you to use the default RADIUS or TACACS+ server group. The group name option allows you to specify a defined server group. ■ Specify enable to set up an authentication method list for Privileged Exec ■...

  • Page 77: Configuring Accounting

    Security Configuration Configuring Authentication To configure a banner to display prior to login, enter the following command in Configuration mode: ProCurve(config)#aaa authentication banner <C_TEXT_C(0..1023) - Banner text> where C_TEXT_C means delimited text. Whatever character you first enter, will be interpreted as the delimiting text, that is, the character you must enter to terminate banner text entry.

  • Page 78

    Security Configuration Configuring Authentication where: commands account for shell commands, default or listname specifies the accounting list to be used, system accounts for system event messages, cfg-change accounts for changes to the system configuration, broadcast sends records to multiple servers, and group specifies the server group to be used.

  • Page 79: Configuring Radius

    Security Configuration Configuring RADIUS Configuring RADIUS You can secure Exec or Privileged Exec mode access to the switch by enabling a Remote Authentication Dial-In User Service (RADIUS) client. (See RFCs 2865 and 2866 for more information on RADIUS.) A RADIUS server responds to the switch RADIUS client to provide authentication.

  • Page 80: Monitoring Radius

    Security Configuration Configuring RADIUS Table 5-2. Configuring RADIUS Security (Continued) Command Action radius-server host <server-options> Uniquely define the host. Minimally, you can define an IP address or hostname, authentication port (default is 1812), and accounting port (default is 1813). If you specify authentication port or accounting port is 0, they will not be used.

  • Page 81: Configuring Tacacs+

    Security Configuration Configuring TACACS+ Configuring TACACS+ You can secure Exec or Privileged Exec mode access to the switch by enabling a TACACS+ client. A TACACS+ server responds to the switch TACACS+ client to provide authentication. You can configure multiple TACACS+ server targets on the switch. You can configure a timeout value to tell the switch how long to wait for a response from TACACS+ servers.

  • Page 82: Monitoring Tacacs+

    Security Configuration Configuring TACACS+ Monitoring TACACS+ To monitor TACACS+ by showing server statistics, enter the show tacacs servers command in Privileged Exec mode. The following example shows a configuration for two TACACS+ servers: ProCurve(config)#tacacs-server host 172.2.100.2 port 49 key testing123 ProCurve(config)#tacacs-server host 172.2.100.1 port 49 key testing123 ProCurve(config)#aaa group server tacacs+ MYTGROUP...

  • Page 83

    VLAN Configuration Contents Overview............6-2 Layer 2 vs.

  • Page 84

    VLAN Configuration Overview Overview Virtual LANs (VLANs) are a means of dividing a physical network into several logical (virtual) LANs. The division can be done on the basis of various criteria, giving rise to different types of VLANs. For example, the simplest type of VLAN is the port-based VLAN.

  • Page 85: Ports, Vlans, And L3 Interfaces

    VLAN Configuration Overview The 8100fl switch uses VLANs to achieve this behavior. This means that a Layer 3 subnet (that is, an IP subnet) is mapped to a VLAN. A given subnet maps to exactly one and only one VLAN. With this definition, the terms VLAN and subnet are almost interchangeable.

  • Page 86: Access Ports And Trunk Ports (802.1p And 802.1q Support)

    VLAN Configuration Access Ports and Trunk Ports (802.1P and 802.1Q support) Access Ports and Trunk Ports (802.1P and 802.1Q support) The ports of the 8100fl switch can be classified into two types, based on VLAN functionality: access ports and trunk ports. By default, a port is an access port.

  • Page 87: Configuring A Vlan

    VLAN Configuration Configuring a VLAN Configuring a VLAN This section shows you how to create a VLAN and assign ports. Creating a VLAN The 8100fl switch supports standards-based VLAN trunking between multiple 8100fl switches as defined by IEEE 802.1Q. 802.1Q adds a header to a standard Ethernet frame.

  • Page 88: Adding Ports To A Vlan

    VLAN Configuration Configuring a VLAN Adding Ports to a VLAN To configure a port that belongs only to one VLAN (that is, a port that sends out untagged packets), use the switchport command in Interface Configuration mode: ProCurve(config-if)#switchport mode access To configure VLAN trunk ports, (that is, ports that send out tagged packets to multiple VLANs), enter: ProCurve(config-if)#switchport mode trunk...

  • Page 89: Access Port Behavior

    VLAN Configuration Configuring a VLAN The default status for a Layer 3 VLAN is shutdown. you must use the no ■ shutdown command to enable these ports. You can verify a port’s status by examining the running configuration to see if no shutdown appears for each port’s configuration.

  • Page 90: Monitoring Vlans

    VLAN Configuration Configuring a VLAN Monitoring VLANs To display all VLANs that have been configured on the switch, enter the show vlan command.

  • Page 91

    Link Aggregation Configuration Contents Overview............7-2 Configuring Static Link Aggregations (LAG) .

  • Page 92

    Link Aggregation Configuration Overview Overview This chapter explains how to configure: ■ A manual (or static) Link Aggregate Group (LAG) on the switch A dynamic link using Link Aggregation Control Protocol (LACP). ■ Link aggregation on the 8100fl switch has the following features and charac­ teristics: Link aggregation performs load balancing (based on the aggregation hash ■...

  • Page 93: Configuring Static Link Aggregations (lag)

    Link Aggregation Configuration Configuring Static Link Aggregations (LAG) Configuring Static Link Aggregations (LAG) The steps for creating and configuring a manual or static link aggregation are: Create a LAG. Add physical ports to the LAG. Creating a LAG When creating a LAG, assign an ID to the LAG. Here is an example of creating a LAG with the ID of 11: ProCurve(config)#aggregator 11 Adding Physical Ports to the LAG...

  • Page 94: Configuring Dynamic Link Aggregations (lacp)

    Link Aggregation Configuration Configuring Dynamic Link Aggregations (LACP) Configuring Dynamic Link Aggregations (LACP) To configure and maintain a link aggregation group automatically, you must use 802.3ad LACP, which is supported on the switch. This protocol can detect the presence and capabilities of other aggregation capable devices automati­ cally.

  • Page 95: Creating The Aggregation

    Link Aggregation Configuration Configuring Dynamic Link Aggregations (LACP) Creating the Aggregation The first thing you must do in creating a dynamic aggregation is to define the aggregation. Do this by entering from Configuration mode: ProCurve(config)#aggregator <aggregator ID number> Specifying the System 1. To specify the system priority value for each host, from Configuration mode enter: ProCurve(config)#lacp sys-priority 5...

  • Page 96: Configuring The Partner System

    Link Aggregation Configuration Configuring Dynamic Link Aggregations (LACP) Configuring the Partner System You have the option to configure the end-to-end specifications for the link aggregation. To do so, you must configure both ends of the links. For example, to configure a LAG with an ID of 13: 1. From Configuration mode on the 8100fl switch enter: ProCurve(config)#aggregator 13 ProCurve(config-lag-13)#partner-sys-id <mac address>...

  • Page 97: Lag And Lacp Configuration Example

    Link Aggregation Configuration LAG and LACP Configuration Example LAG and LACP Configuration Example Figure 7-1 shows manual LAG11 connecting five ports on System Blue to five ports on System Red. It also shows LACP 22 connecting three ports on System Blue to three ports on System Red.

  • Page 98

    Link Aggregation Configuration LAG and LACP Configuration Example Figure 7-2 shows the configuration for these two aggregations on System Blue. vlan 2-101 bridge stp bridge-priority 1000 aggregator 11 aggregator 22 port-type gigethernet actorkey 12 partnerkey 50 interface GigabitEthernet2/5 no shutdown lag 11 interface GigabitEthernet2/6 no shutdown...

  • Page 99

    Link Aggregation Configuration LAG and LACP Configuration Example Figure 7-3 shows the corresponding configuration on System Red. vlan 2-101 bridge stp bridge-priority 2000 aggregator 11 aggregator 22 port-type gigethernet actorkey 50 partnerkey 12 interface GigabitEthernet3/5 no shutdown lag 11 interface GigabitEthernet3/6 no shutdown lag 11 interface GigabitEthernet3/8...

  • Page 100: Monitoring Lag And Lacp

    Link Aggregation Configuration Monitoring LAG and LACP Monitoring LAG and LACP The following section shows commands and examples to use to view LAG and LACP configuration information and statistics. Monitoring LAG Configurations The show port summary command displays information on LAG configurations (see the examples for details).

  • Page 101

    Link Aggregation Configuration Monitoring LAG and LACP The following example displays the LAG attributes for LAGs. ProCurve#show lag all-lags lag-tuples LAG Tuple Ports -------------- [(1, 000a.af00.0dfe, 12, 0, 0), (255, --, 65535, 0, 0)] Gig11/8 [(1, 000a.af00.0dfe, 12, 0, 0), (1, 000a.af00.50fe, 50, 0, 0)] Gig2/8 Gig2/9...

  • Page 102

    Link Aggregation Configuration Monitoring LAG and LACP The following example displays the categories of information available for LAG member ports. ProCurve#show lag all-lags member-ports Lag Id Designated Port Member Ports Status lag.11 Gig11/5 Gig2/5 enabled/up Gig2/6 enabled/up Gig2/7 enabled/up Gig11/5 enabled/up Gig11/6 enabled/up...

  • Page 103

    Link Aggregation Configuration Monitoring LAG and LACP The following example displays the categories of information returned by the show lag all-lag attributes command for System Red. system_red#show lag all-lag attributes ************************************************ LAG 11 attributes ************************************************ LAG Name : LAG11 Admin status : Up Trunk status : Trunk Native VLAN : 1 VLAN membership in : 101 VLANs (VLAN 1-101)

  • Page 104: Monitoring Lacp

    Link Aggregation Configuration Monitoring LAG and LACP The following example displays the categories of information returned by the show lag all-lag parameters command for System Red. system_red#show lag lag22 parameters ************************************************ LAG 22 parameters ************************************************ LAG Name : LAG22 Port Type : Gigabit Ethernet Actor Key : 50 Partner Key : 12 Partner System Pri : 1...

  • Page 105

    Link Aggregation Configuration Monitoring LAG and LACP Table 7-1. show lacp <port> statistics Fields Description LACP pdus received The number of protocol data units received on this interface since it was last activated Marker pdus received The number of response protocol data units received on this interface since it was last activated.

  • Page 106

    Link Aggregation Configuration Monitoring LAG and LACP The following example displays the categories of information returned by the show lacp <port> parameters command. ProCurve#show lacp gi 2/9 parameters LACP parameters (Gig2/9) : Actor system priority: system mac addr: 000a.af00.0dfe port admin key: port oper key: port number: 1609...

  • Page 107

    QoS Configuration Contents Overview............8-2 Basic QoS Operation .

  • Page 108

    QoS Configuration Overview Overview The 8100fl switch was designed with Quality of Service (QoS) in mind. QoS is performed globally and centrally by a scheduler that sees all the queues and all the priorities for every port. Therefore, the switch only has to queue traffic once on ingress to schedule traffic through the system, with the result that wire speed performance is not compromised.

  • Page 109: Connecting Ingress And Egress Traffic

    QoS Configuration Overview Class Map l2- MAC, 802.1p l3 - Source IP, Destination IP, subnet range, port range, protocol type (UDP, TCP, IP), TOS bit Outgoing classified Incoming Traffic Policy Map traffic ingress ports egress ports Figure 8-1. The QoS Classifier Connecting Ingress and Egress Traffic All incoming traffic is sorted into five queues or forwarding paths that can be controlled separately.

  • Page 110: Using Qos Commands

    QoS Configuration Using QoS Commands Using QoS Commands This section explains the QoS commands available in this release. Spolicy Input Commands To access the special policy input mode, enter from Configuration mode: ProCurve(config)#spolicy-input-map <traffic policy name> To access the spolicy input mode map command, enter from Policy Map Configuration mode: ProCurve(config-spimap)#map <cos|ip-dscp|ip-precedence>...

  • Page 111: Differentiated Class

    QoS Configuration Using QoS Commands Differentiated Class To configure a differentiated class, enter from Special Output Map mode diff-class <diff-serv class> where diff-serv-class is one of the following values: af11—Assured Forwarding Class 1—drop probability 1 af12—Assured Forwarding Class 1—drop probability 2 af13—Assured Forwarding Class 1—drop probability 3 af21—Assured Forwarding Class 1—drop probability 1 af22—Assured Forwarding Class 1—drop probability 2...

  • Page 112

    QoS Configuration Using QoS Commands N o t e Queue depths (variables A and B) are expressed in terms of a percentage of 256. Therefore 25% of 256 is 64 and 75% is 192. Queue probability (variable C) is simply a percentage. 100% Queue Depth Figure 8-2.

  • Page 113: Differential Class Group

    QoS Configuration Using QoS Commands For example, if you want to invoke WRED when the queue is approximately 25% full, assign the drop probability to 1 when the queue is approximately 75% full, and drop all packets when the queue is completely full (drop probability is 100%), you would enter: ProCurve(config-spomap-dc)#random-detect 64 192 100 Differential Class Group...

  • Page 114: Interface Commands

    QoS Configuration Using QoS Commands Interface Commands The QoS traffic policy maps you create must be attached to an interface before they can process incoming traffic. For example, to define a service policy from an interface (Ethernet, GigabitEthernet, TenGigabitEthernet, etc.), enter: ProCurve(config-if)#service-policy <input|input- spmap|output-spmap>...

  • Page 115

    QoS Configuration Using QoS Commands Diff-Serv Domain queue 2 ToS bit 7 Packet 1 queue 4 ToS bit 8 8100fl Switch Packet 2 8100fl Switch Classifier Figure 8-3. QoS Example...

  • Page 116

    — This page is intentionally unused. —...

  • Page 117

    Spanning-Tree Operation Contents Overview............9-2 802.1s Multiple Spanning Tree Protocol (MSTP) .

  • Page 118

    Spanning-Tree Operation Overview Overview Spanning tree is used to prevent network loops. Without spanning tree it is possible to have more than one active path to a destination, which can result in duplication of messages, leading to a “broadcast storm” that can bring down the network.

  • Page 119

    Spanning-Tree Operation Overview For example, suppose you have three switches in a region configured with VLANs grouped into two instances, as follows: VLANs Instance 1 Instance 2 10, 11, 12 20, 21, 22 The logical and physical topologies resulting from these VLAN/Instance groupings result in blocking on different links for different VLANs: Region “A”: Logical Topology Path blocked for VLANs in instance 2.

  • Page 120: S Multiple Spanning Tree Protocol (mstp)

    Spanning-Tree Operation 802.1s Multiple Spanning Tree Protocol (MSTP) 802.1s Multiple Spanning Tree Protocol (MSTP) The 802.1D and 802.1w spanning tree protocols operate without regard to a network’s VLAN configuration, and maintain one common spanning tree throughout a bridged network. Thus, these protocols map one loop-free, logical topology on a given physical topology.

  • Page 121: Mstp Structure

    Spanning-Tree Operation 802.1s Multiple Spanning Tree Protocol (MSTP) MSTP Structure MSTP maps active, separate paths through separate spanning tree instances and between MST regions. Each MST region comprises one or more MSTP switches. Note that MSTP recognizes an STP or RSTP LAN as a distinct spanning-tree region.

  • Page 122: Terminology

    Spanning-Tree Operation 802.1s Multiple Spanning Tree Protocol (MSTP) Terminology Bridge: See “MSTP Bridge”. Common and Internal Spanning Tree (CIST): Comprises all LANs, STP, and RSTP bridges and MSTP regions in a network. The CIST automatically determines the MST regions in a network and defines the root bridge (switch) and designated port for each region.

  • Page 123

    Spanning-Tree Operation 802.1s Multiple Spanning Tree Protocol (MSTP) MSTI (Multiple Spanning Tree Instance): This type of configurable ■ spanning tree instance comprises all static VLANs you specifically assign to it, and must include at least one VLAN. The VLAN(s) you assign to an MSTI must initially exist in the IST instance of the same MST region.

  • Page 124: How Mstp Operates

    Spanning-Tree Operation 802.1s Multiple Spanning Tree Protocol (MSTP) How MSTP Operates In the factory default configuration, spanning tree operation is off. Also, the switch retains its currently configured spanning tree parameter settings when disabled. Thus, if you disable spanning tree, then later re-enable it, the parameter settings will be the same as before spanning tree was disabled.

  • Page 125

    Spanning-Tree Operation 802.1s Multiple Spanning Tree Protocol (MSTP) Path through IST Instance to Other Regions Region “X” Switch 1 IST Root VLAN Memberships: •IST Instance: VLANs 1, 2 •MSTI “A”: 4, 5 •MSTI “B”: 7, 9 Blocks redundant Blocks redundant link for MSTI “A”.

  • Page 126: Tree (cst)

    Spanning-Tree Operation 802.1s Multiple Spanning Tree Protocol (MSTP) All MSTP switches (as well as STP and RSTP switches) in a network use BPDUs (Bridge Protocol Data Units) to exchange information from which to build multiple, active topologies in the individual instances within a region and between regions.

  • Page 127: Operating Rules

    Spanning-Tree Operation 802.1s Multiple Spanning Tree Protocol (MSTP) Problem: Solution: An MST instance with two Configure one trunked separate (non-trunked) link for the two VLAN links blocks a VLAN link. memberships. Nodes 1 and 2 can communicate because the Nodes 1 and 2 cannot MST instance sees the trunk as a single link and communicate because 802.1Q (tagged) VLANs enable the use of one...

  • Page 128

    Spanning-Tree Operation 802.1s Multiple Spanning Tree Protocol (MSTP) Within any region, the root switch for the IST instance is also the root ■ switch for the region. Because boundary ports provide the VLAN connec­ tivity between regions, all boundary ports on a region's root switch should be configured as members of all static VLANs defined in the region.

  • Page 129: Transitioning From Stp Or Rstp To Mstp

    Spanning-Tree Operation 802.1s Multiple Spanning Tree Protocol (MSTP) Transitioning from STP or RSTP to MSTP IEEE 802.1s MSTP includes RSTP functionality and is designed to be compatible with both IEEE 802.1D and 802.1w spanning-tree protocols. Even if all the other devices in your network are using STP, you can enable MSTP on the 8100fl switch.

  • Page 130

    Spanning-Tree Operation 802.1s Multiple Spanning Tree Protocol (MSTP) Plan individual regions based on VLAN groupings. That is, plan on all ■ MSTP switches in a given region supporting the same set of VLANs. Within each region, determine the VLAN membership for each spanning-tree instance.

  • Page 131: Configuring Mstp

    Spanning-Tree Operation Configuring MSTP Configuring MSTP This section outlines the general steps for configuring MSTP operation in your network, and assumes you have already planned and configured the VLANs you want MSTP to use. The actual MSTP parameter descriptions are in the following sections.

  • Page 132

    Spanning-Tree Operation Configuring MSTP Configure MST instances. • Configure one instance for each VLAN group that you want to operate as an active topology within the region to which the switch belongs. When you create the instance, you should include a minimum of one VID.

  • Page 133: Configuring Mstp Operation Mode And Global Parameters

    Spanning-Tree Operation Configuring MSTP c. Set the path-cost value for the port(s) used by a specific MST instance. Leaving this setting at the default auto allows the switch to calculate the path-cost from the link speed. spanning-tree instance <instance-id> path-cost <cost> Configuring MSTP Operation Mode and Global Parameters The commands in this section apply on the switch level, and do not affect...

  • Page 134

    Spanning-Tree Operation Configuring MSTP Syntax: spanning-tree max-hops < hop-count > This command resets the number of hops allowed for BPDUs in an MST region. When an MSTP switch receives a BPDU, it decrements the hop-count setting the BPDU carries. If the hop-count reaches zero, the receiving switch drops the BPDU.

  • Page 135: Configuring Basic Port Connectivity Parameters

    Spanning-Tree Operation Configuring MSTP Configuring Basic Port Connectivity Parameters The following commands must be entered on a port-by-port basis within the interface configuration context. For example, to set the message transmission interval on port 1 of slot 5, you would first enter the interface context and then enter the configuration command.

  • Page 136

    Spanning-Tree Operation Configuring MSTP Syntax: [no] spanning-tree < edge-port | mcheck > [ edge-port ] Enable edge-port on ports connected to end nodes. During spanning tree establishment, ports with edge-port enabled transition immediately to the forwarding state. Disable this feature on any switch port that is connected to another switch, bridge, or hub.

  • Page 137

    Spanning-Tree Operation Configuring MSTP [point-to-point-mac < force-true | force-false | auto >] This parameter informs the switch of the type of device to which a specific port connects. Force-True (default): Indicates a point-to-point link to a device such as a switch, bridge, or end-node. Force-False: Indicates a connection to a hub (which is a shared LAN segment).

  • Page 138: Configuring Mst Instance Parameters

    Spanning-Tree Operation Configuring MSTP Configuring MST Instance Parameters The commands in this section apply on the switch level, and do not affect individual port configurations. Those commands listed as belonging to the spanning tree instance context must be entered within the instance configuration context.

  • Page 139

    Spanning-Tree Operation Configuring MSTP Syntax: spanning-tree priority < priority-multiplier > Every switch running an instance of MSTP has a Bridge Identifier, which is a unique identifier that helps distinguish this switch from all others. The switch with the lowest Bridge Identifier is elected as the root for the tree.

  • Page 140

    Spanning-Tree Operation Configuring MSTP Syntax: spanning-tree priority <priority-multiplier > This command is used within the spanning-tree instance configuration context and sets the switch (bridge) priority for the designated instance. This priority is compared with the priorities of other switches in the same instance to determine the root switch for the instance.

  • Page 141: Configuring Mst Instance Per-port Parameters

    Spanning-Tree Operation Configuring MSTP Configuring MST Instance Per-Port Parameters The commands in this section must be entered on a port-by-port basis within the interface configuration context. You may also need to specify the MST instance to which the command applies. For example, to set the port’s path- cost on port 2 of slot 5, you would first enter the following.

  • Page 142

    Spanning-Tree Operation Configuring MSTP Syntax: spanning-tree instance < 1..16 > priority <priority-multiplier> This command sets the priority for the specified port in the specified MST instance. (For a given port, the priority setting can be different for different MST instances to which the port may belong.) The priority range for a port in a given MST instance is 0-255.

  • Page 143: Enabling Or Disabling Spanning Tree Operation

    Spanning-Tree Operation Configuring MSTP Syntax: spanning-tree priority < priority-multiplier > This command sets the priority for the specified port(s) for the IST (that is, Instance 0) of the region in which the switch resides. The “priority” component of the port’s “Port Identifier” is set. The Port Identifier is a unique identifier that helps distinguish this switch’s ports from all others.

  • Page 144: Mstp Show Commands And Troubleshooting

    Spanning-Tree Operation MSTP Show Commands and Troubleshooting MSTP Show Commands and Troubleshooting The following commands are used to display MSTP statistics and configuration information. Command Page MSTP Statistics: show spanning-tree below show spanning-tree <interface-id> below show spanning-tree instance < ist | 1..16 > bridge 9-30 show spanning-tree instance <...

  • Page 145

    Spanning-Tree Operation MSTP Show Commands and Troubleshooting ProCurve(config)#show spanning-tree Switch’s spanning-tree configuration, Force Version : 802.1s (MSTP) global settings Bridge ID : 32768:000d00000001 Ports In Bridge Identifies the overall spanning-tree root Max Age : 20 secs for the network. Hello Time : 2 secs Lists the switch’s MSTP root data for Forward Delay...

  • Page 146: Displaying Statistics For A Specific Mst Instance

    Spanning-Tree Operation MSTP Show Commands and Troubleshooting Displaying Statistics for a Specific MST Instance Syntax: show spanning-tree instance < ist | 1..16 > This command displays the MSTP statistics for either the IST instance or a numbered MST instance running on the switch. ProCurve(config)#show spanning-tree instance 1 Force Version : 802.1s (MSTP)

  • Page 147: Displaying The Mstp Configuration

    Spanning-Tree Operation MSTP Show Commands and Troubleshooting Displaying the MSTP Configuration This command output is useful for quickly verifying the allocation of VLANs in the switch’s MSTP configuration and for viewing the configured region identifiers. Syntax: show spanning-tree mst-config This command displays the switch’s regional configuration. Note: The switch computes the MSTP Configuration Digest from the VID to MSTI configuration mappings on the switch itself.

  • Page 148: Displaying Mac Table Information

    Spanning-Tree Operation MSTP Show Commands and Troubleshooting debug spanning-tree clear Logs information about clear parameters. debug spanning-tree flush Logs for displaying flush-related information. debug spanning-tree set Logs information about set parameters. debug spanning-tree show Logs information about show parameters. debug spanning-tree tc Logs information about state changes on individual ports.

  • Page 149: Operating Notes

    Spanning-Tree Operation MSTP Show Commands and Troubleshooting Operating Notes SNMP MIB Support for MSTP. MSTP is a superset of the STP/802.1D and RSTP/802.1w versions of STP, and will use the MIB objects defined for these earlier versions of STP as well as its own defined MIB objects. Troubleshooting Duplicate packets on a VLAN, or packets not arriving on a LAN at all.

  • Page 150

    Spanning-Tree Operation MSTP Show Commands and Troubleshooting 9-34...

  • Page 151

    Multimedia Traffic Control with IP Multicast (IGMP) Contents Overview............10-2 IGMP General Operation and Features .

  • Page 152

    Multimedia Traffic Control with IP Multicast (IGMP) Overview Overview This chapter describes multimedia traffic control with IP multicast (IGMP) to reduce unnecessary bandwidth usage on a per-port basis, and how to configure it with the switch’s built-in interfaces. IGMP General Operation and Features In a network where IP multicast traffic is transmitted for various multimedia applications, you can use the switch to reduce unnecessary bandwidth usage on a per-port basis by configuring IGMP (Internet Group Management...

  • Page 153: Cli: Configuring And Displaying Igmp

    Multimedia Traffic Control with IP Multicast (IGMP) CLI: Configuring and Displaying IGMP CLI: Configuring and Displaying IGMP The following commands can be used to configure and display IGMP settings on the 8100fl switch. Enabling or Disabling IGMP In the factory default configuration, IGMP is disabled. To enable IGMP: If multiple VLANs are not configured, you configure IGMP on the default ■...

  • Page 154

    Multimedia Traffic Control with IP Multicast (IGMP) CLI: Configuring and Displaying IGMP Blocked: Drop all IGMP Control traffic (reports, joins, leaves) received ■ from devices on the specified ports, and prevent any outgoing multicast traffic from moving through these ports. Multicast traffic (non-control) will be received and forwarded to the VLAN ports according to the currently established IGMP forwarding rules.

  • Page 155

    Multimedia Traffic Control with IP Multicast (IGMP) CLI: Configuring and Displaying IGMP You could use the following commands to configure IGMP on VLAN 2 with the preceding settings: ProCurve(config)# int gig 5/3 Enters interface context for port 3 in slot 5. ProCurve(config-interface-gig5/3)#ip igmp snooping forward vlan 2 Forwards all multicast traffic for this port on vlan 2.

  • Page 156: Igmp Show Commands

    Multimedia Traffic Control with IP Multicast (IGMP) CLI: Configuring and Displaying IGMP IGMP Show Commands The following commands are used to display IGMP configuration information and statistics. Viewing the Current IGMP Configuration The following IGMP show commands list the IGMP configuration for all VLANs configured on the switch or for a specific VLAN.

  • Page 157: Viewing Igmp Status

    Multimedia Traffic Control with IP Multicast (IGMP) CLI: Configuring and Displaying IGMP The show ip igmp snooping vlan config command includes the VLAN ID (vid) designation, and combines the above data with the IGMP per-port configuration: IGMP Configuration ProCurve#show ip igmp snooping vlan 11 config for the Selected VLAN VLAN ID...

  • Page 158: How Igmp Operates

    Multimedia Traffic Control with IP Multicast (IGMP) How IGMP Operates For example, suppose that show ip igmp snooping listed an IGMP group address of 224.0.1.22. You could get additional data on that group by executing the following command. ProCurve#show ip igmp snooping group 224.0.1.22 IGMP ports for group 224.0.1.22 Port Access...

  • Page 159: Igmp Messages

    Multimedia Traffic Control with IP Multicast (IGMP) How IGMP Operates IGMP Messages The multicast group running version 2 of IGMP uses three fundamental types of messages to communicate: ■ Query: A message sent from the querier (multicast router or switch) asking for a response from each host belonging to the multicast group.

  • Page 160: Operating Features

    Multimedia Traffic Control with IP Multicast (IGMP) How IGMP Operates When a networking device with IGMP enabled receives the join request ■ for a specific group, it forwards any IP multicast traffic it receives for that group through the port on which the join request was received. ■...

  • Page 161: Automatic Fast-leave Igmp

    IGMP client on a port in the VLAN leaves the cast router or another switch configured for IGMP oper­ group. ation. (HP recommends that the VLAN also include a device operating as a backup Querier in case the device Support Fast-Leave IGMP and Forced Fast- operating as the primary Querier fails for any reason.

  • Page 162

    Multimedia Traffic Control with IP Multicast (IGMP) How IGMP Operates In the next figure, automatic Fast-Leave operates on the switch ports for IGMP clients “3A” and “5A”, but not on the switch port for IGMP clients “7A” and 7B, Server “7C”, and printer “7D”. Fast-Leave IGMP Server automatically operates on...

  • Page 163: Configuring Fast-leave Igmp

    Multimedia Traffic Control with IP Multicast (IGMP) How IGMP Operates Configuring Fast-Leave IGMP The following interface-based command can be used to disable/re-enable Fast-Leave IGMP operation on a per-port basis. Syntax: [no] ip igmp snooping fastleave Enables IGMP Fast-Leaves on the specified port. (Default: Enabled.) The no form of the command disables IGMP Fast-Leave on the speci­...

  • Page 164: Using The Switch As Querier

    Multimedia Traffic Control with IP Multicast (IGMP) How IGMP Operates For example, to configure Forced Fast-Leave IGMP on port 5/3, you would enter the following command: ProCurve(config)# int gig 5/3 Enters interface-based configuration context for port 3 in slot 5. ProCurve(config-interface-gig5/3)#ip igmp snooping forcedfastleave Enables Forced Fast-Leave operation on port 5/3.

  • Page 165: Disabling Or Re-enabling The Querier Function

    Multimedia Traffic Control with IP Multicast (IGMP) How IGMP Operates I 01/15/01 09:01:13 igmp: DEFAULT_VLAN: Other Querier detected I 01/15/01 09:01:13 igmp: DEFAULT_VLAN: This switch is no longer Querier In the above scenario, if the other device ceases to operate as a Querier on the default VLAN, then the switch detects this change and can become the Querier as long as it is not pre-empted by some other IGMP Querier on the VLAN.

  • Page 166: Disabling Or Re-enabling Data-driven Igmp

    Multimedia Traffic Control with IP Multicast (IGMP) How IGMP Operates Disabling or Re-enabling Data-Driven IGMP Whenever IGMP snooping is enabled on a VLAN, data-driven IGMP is automatically enabled for the switch. When unregistered multicasts are received, the data-driven IP Multicast feature (“Smart IGMP”) enables the switch to filter them automatically.

  • Page 167

    Multimedia Traffic Control with IP Multicast (IGMP) How IGMP Operates N o t e s : IP Multicast Filters. IP multicast addresses occur in the range from 224.0.0.0 through 239.255.255.255 (which corresponds to the Ethernet multicast address range of 01005e-000000 through 01005e-7fffff). Where a switch has a static Traffic/Security filter configured with a “Multicast”...

  • Page 168

    — This page is intentionally unused. —...

  • Page 169

    IP Routing Configuration Contents Contents ............11-1 Overview.

  • Page 170

    IP Routing Configuration Overview Overview The 8100fl switch supports standards-based unicast routing for protocols such as TCP, UDP, and IP. Unicast routing protocol support covers both Interior Gateway Protocols and Exterior Gateway Protocols . This chapter describes how to configure IP interfaces and general non-protocol-specific routing parameters.

  • Page 171: Configuring Ip Interfaces

    IP Routing Configuration Configuring IP Interfaces Configuring IP Interfaces You can configure an IP interface to a single port or to a VLAN. This section provides an overview of configuring IP interfaces. Interfaces on the 8100fl switch are logical interfaces. Therefore, you can associate an interface with a single port or with multiple ports: ■...

  • Page 172: Extending The Ip Configuration

    IP Routing Configuration Configuring IP Interfaces Extending the IP Configuration You can configure an ProCurve 8100fl interface to support the following configurations: ip access-group specifies the name of an access control list to control ■ packets ip address sets the IP address of an interface ■...

  • Page 173: Configuring Jumbo Frames

    IP Routing Configuration Configuring Jumbo Frames Configuring Jumbo Frames Certain ProCurve 8100fl interface modules support jumbo frames (frames larger than the standard Ethernet frame size of 1518 bytes). To transmit frames of up to 9216 bytes, you increase the maximum transmission unit (MTU) size from the default of 1522.

  • Page 174: Layer 2 Filters

    IP Routing Configuration Layer 2 Filters Layer 2 Filters Layer 2 filters on the 8100fl switch allow you to configure ports to filter specific MAC addresses. When defining a Layer 2 filter, you specify the ports to which you want the filter to apply. You can specify the following filters: Address filters.

  • Page 175: Layer 2 Filter Examples

    IP Routing Configuration Layer 2 Filters Layer 2 Filter Examples Figure 11-1 shows an example of the router connections for which Layer 2 filters will be configured. Router gi 1/1 gi 1/2 gi 1/3 Engineering Finance File Servers File Servers Engineers, Consultant Figure 11-1.

  • Page 176: Configuring Address Resolution Protocol (arp)

    IP Routing Configuration Configuring Address Resolution Protocol (ARP) Configuring Address Resolution Protocol (ARP) The Address Resolution Protocol (ARP) is used to associate IP addresses with media or MAC addresses. Taking an IP address as input, ARP determines the associated MAC address. Once a media or MAC address is determined, the IP address/media address association is stored in an ARP cache for rapid retrieval.

  • Page 177: Unresolved Mac Addresses For Arp Entries

    IP Routing Configuration Configuring Address Resolution Protocol (ARP) To configure the ARP refresh interval: From Configuration mode, enter the VLAN interface. Enter the ARP refresh interval using the arp refresh command. For example, to configure VLAN 701 with an ip address of 171.1.1 255.255.255.0, an arp refresh interval of 120 seconds, and an arp timeout of 300 seconds, you would enter the following commands: ProCurve(config)#interface vlan701...

  • Page 178: Configuring Basic Ip Parameters

    IP Routing Configuration Configuring Basic IP Parameters Configuring Basic IP Parameters This section explains how to configure the following basic IP parameters. Configuring DNS Parameters The 8100fl switch can be configured to specify DNS servers, which supply name services for DNS requests. You can specify up to three DNS servers. For example, to configure the default DNS server with the domain name “ProCurve_8100.com”, enter: ProCurve(config)#ip domain-name ProCurve_8100.com...

  • Page 179: Monitoring Ip Parameters

    IP Routing Configuration Configuring Basic IP Parameters • VLAN interface: ProCurve(config-vlan-3)# interface vlan 3 ProCurve(config-interface-vlan3)# ip helper-address 10.1.1.2 • Port interface: ProCurve(config)# int gig 5/2 ProCurve(config-interface-gig 5/2)# ip helper-address 10.1.1.2 2. Globally enable forwarding of IP BOOTP broadcasts on the switch, using the ip forward-protocol udp bootps command .

  • Page 180

    IP Routing Configuration Configuring Basic IP Parameters The following example displays the contents of the routing table. It shows that some of the route entries are for locally connected interfaces (“directly connected”), while some of the other routes are learned from OSPF. ProCurve#show ip route Codes: R - RIP derived, O - OSPF derived, C - connected, S - static,...

  • Page 181: Setting Memory Thresholds

    IP Routing Configuration Configuring Basic IP Parameters Setting Memory Thresholds The routing information base (RIB) is stored in the switch’s memory. You can use the ip table-partition command to configure the percentage of the available memory that is used for storing IP route entries. (For the command to take effect, the interface modules in the system need to be rebooted.) When the threshold level you configure is reached, no new routes are added.

  • Page 182

    — This page is intentionally unused. —...

  • Page 183

    RIP Configuration Contents Overview............12-2 Configuring RIP on the Switch .

  • Page 184

    RIP Configuration Overview Overview This chapter describes how to configure the Routing Information Protocol (RIP) on the 8100fl switch. RIP is a distance-vector routing protocol for use in small networks. A router running RIP broadcasts updates at set intervals. Each update contains paired values where each pair consists of an IP network address and an integer distance to that network.

  • Page 185: Enabling And Disabling Rip

    RIP Configuration Configuring RIP on the Switch Enabling and Disabling RIP To enable or disable RIP on the switch, enter one of the following commands in Configuration mode: To enable RIP, enter router rip. ■ To disable RIP, enter no router rip. ■...

  • Page 186: Setting Default Metrics

    RIP Configuration Configuring RIP on the Switch Setting Default Metrics To set the default metric of distributed routes, enter: ProCurve(config-router)#default-metric <number> Defining Administrative Distance The administrative distance is a metric used to determine the best path to use when more than one route to the same destination exists but in different routing protocols.

  • Page 187: Limiting Paths

    RIP Configuration Configuring RIP on the Switch Limiting Paths Your RIP routing table can track up to four paths to another router. You can set that number to as low as one path. To limit the number of connections your routing tables will maintain to any one IP address, enter: ProCurve(config-router)#maximum-paths <number>...

  • Page 188: Configuring An Interface For Rip

    RIP Configuration Configuring an Interface for RIP Configuring an Interface for RIP To configure RIP in the switch, you must first add interfaces in the Interface Configuration mode to inform RIP about attached interfaces. Table 12-1. Configuring an Interface for RIP Command Action ip rip authentication mode {md5 | <text>}...

  • Page 189: Configuration Example

    RIP Configuration Configuring an Interface for RIP Configuration Example The following configuration example configures Gigabit Ethernet ports 3 and 4 in slot 1 to support RIP version 2 and to apply MD5 authentication control to incoming RIP traffic. The 8100fl switch is also configured to support RIP version 2, to redistribute traffic from OSPF.

  • Page 190: Related Topics

    RIP Configuration Configuring an Interface for RIP Related Topics For more about the protocol-independent features that apply to RIP, such as configuring authentication and routing policies, refer to Chapter 14, “Configuring Routing Policies”. For information on how to configure IP interfaces and general non-protocol­ specific routing parameters, refer to Chapter 11, “IP Routing Configuration”.

  • Page 191

    OSPF Configuration Contents Overview............13-2 Supported Features .

  • Page 192

    OSPF Configuration Overview Overview Open Shortest Path First (OSPF) is a modern, scalable, and fast link-state routing protocol. It is an interior routing protocol (IGP), used to distribute routing information within the boundaries of an Autonomous System (AS). Each OSPF route chooses the shortest path to any known destination based on complete knowledge of the routing topology within the AS, and using Djikstra's SPF algorithm.

  • Page 193: Multipath Support

    OSPF Configuration Overview Multipath Support The 8100fl switch supports OSPF and static Multi-path. If multiple equal-cost OSPF or static routes have been defined for any destination, then the switch “discovers” and uses all of them. The switch will automatically learn up to sixteen equal-cost OSPF or static routes and retain them in its forwarding information base (FIB).

  • Page 194: Ospf Routes

    OSPF Configuration Overview Area Routers. In connection to areas, the following terms are used in OSPF: ■ ABR (Area Border Router) — A router that connects the Backbone (area 0) with some other area(s). ASBR (Autonomous System Border Router) —A router that redistributes ■...

  • Page 195: Configuring Ospf Router Parameters

    OSPF Configuration Configuring OSPF Router Parameters Configuring OSPF Router Parameters To configure OSPF on the switch in the Router Configuration mode, perform the following tasks: 1. Enable OSPF 2. Set the router ID 3. Create and configure OSPF area 4. Add interfaces to the area 5. If necessary, configure virtual links 6. Optionally, configure redistribution 7. Optionally, configure parameters at the global, area, and/or interface level...

  • Page 196: Configuring Ospf Areas

    OSPF Configuration Configuring OSPF Router Parameters If there are no addresses on the loopback interface, the switch will set the ■ default router ID to the address of the first interface that is in the up state that the switch encounters (except the interface management0, which is the Management Module’s interface).

  • Page 197: Configuring Summary Ranges

    OSPF Configuration Configuring OSPF Router Parameters Configuring Summary Ranges To reduce the amount of routing information propagated between areas, you can configure summary-ranges on Area Border Routers (ABRs). On the switch, summary-ranges are created using the range command ProCurve(config-ospf-area)#range <ipaddr-mask> The networks specified using this command describe the scope of an area.

  • Page 198: Configuring Not-so-stubby Areas (nssa)

    OSPF Configuration Configuring OSPF Router Parameters ProCurve(config-ospf-area)#stubhost <ipaddr> cost <costvalue> To specify the cost to inject into a stub area: ProCurve(config-ospf-area)#default-cost <num> To use a prefix-list to filter specific summary LSAs from a stub area, enter the following command: ProCurve(config-ospf-area)#summary-filter <prefix> Configuring Not-So-Stubby Areas (NSSA) NSSAs are similar to stub areas, in that they are used to restrict the AS-external routing for routers in the area.

  • Page 199: Creating Virtual Links

    OSPF Configuration Configuring OSPF Router Parameters Creating Virtual Links You can create a virtual link to: ■ Connect an area via a transit area to the backbone ■ Create a redundant backbone connection via another area Each ABR must be configured with the same virtual link. Note that virtual links cannot be configured through a stub or NSSA area.

  • Page 200: Configuring The Ospf Router

    OSPF Configuration Configuring OSPF Router Parameters Configuring the OSPF Router To specify the OSPF router ID, enter: ProCurve(config-router)#router-id <ip addr> For information on setting router IDs, see “Setting the Router ID” on page 13-5. Associating a Network with the OSPF Area To identify which network IP addresses belong to an OSPF area, enter the following command: ProCurve(config-router)#network <ip addr>...

  • Page 201: Logging Adjacency Changes

    OSPF Configuration Configuring OSPF Router Parameters Logging Adjacency Changes Support for logging changes in the adjacency states of OSPF neighbors is enabled by default. To turn it off, enter the following command: ProCurve(config-router)#no log-adjacency-changes Redistribution You can redistribute routes from another protocol into the OSPF domain. To redistribute connected routes, enter the following command: ProCurve(config-router)#redistribute connected [metric <default metric value>| metric-type <1 | 2>...

  • Page 202: Configuring Ospf Interface Parameters

    OSPF Configuration Configuring OSPF Router Parameters Configuring OSPF Interface Parameters To set OSPF interface parameters, use the ip ospf command for each interface in an OSPF area. The following parameters can be set at the interface level. Parameter Description authentication Enable authentication authentication-key Authentication password (key)

  • Page 203: Specifying The Interface Cost

    OSPF Configuration Configuring OSPF Router Parameters To override authentication specified at the area level by specifying the ■ authentication method at the interface level, enter: ProCurve(config-if)#ip ospf authentication null Specifying null turns off authentication for this interface even if area authentication is specified.

  • Page 204: Ignoring Maximum Transmission Unit Checks

    OSPF Configuration Configuring OSPF Router Parameters To limit the time between HELLO packets, enter: ■ ProCurve(config-if)#ip ospf hello-interval <num> To limit the time to wait before retransmitting lost-link-state ■ advertisements, enter: ProCurve(config-if)#ip ospf retransmit-interval <num> ■ To limit the link-state transmit delay, enter: ProCurve(config-if)#ip ospf transmit-delay <num>...

  • Page 205: Alternative Area Border Router (abr)

    OSPF Configuration Alternative Area Border Router (ABR) Alternative Area Border Router (ABR) The switch automatically supports the alternative ABR implementation, as defined in the IETF “Alternative OSPF ABR Implementations” Internet Working Draft. This feature improves the behavior of a router connected to multiple areas without an active backbone connection.

  • Page 206: Ospf Configuration Example

    OSPF Configuration OSPF Configuration Example OSPF Configuration Example Figure 13-1 shows a sample OSPF configuration of a ProCurve 8100fl and several neighboring routers. The interfaces are GigabitEthernet ports and have MD5 authentication enabled. Except where noted in the configuration, all other OSPF interface and router parameters use default values: Router 2 Router 3 172.18.1.14...

  • Page 207

    OSPF Configuration OSPF Configuration Example The configuration for this sample OSPF configuration would look like: interface GigabitEthernet1/1 no shutdown ip address 172.18.1.13 ip OSPF message-digest-key 109 md5 2router1 ip OSPF authentication message-digest interface GigabitEthernet1/2 no shutdown ip address 172.18.1.17 ip OSPF message-digest-key 109 md5 2router2 ip OSPF authentication message-digest interface GigabitEthernet1/3 no shutdown...

  • Page 208: Monitoring Ospf

    OSPF Configuration Monitoring OSPF Monitoring OSPF The show ip ospf commands allow you to display detailed versions of the various OSPF tables. The show ip ospf commands can only display OSPF tables for the switch on which the commands are being entered (see the following examples and commands).

  • Page 209

    OSPF Configuration Monitoring OSPF Example. Show ip ospf database: ProCurve#show ip ospf database OSPF Router with ID(66.1.1.1) (Process ID 11) Router Link States (Area 0.0.0.0) Link ID ADV Router Age Seq# Checksum Link Count 32.32.32.32 32.32.32.32 1364 0x80000003 0x2414 1 33.33.33.33 33.33.33.33 1371 0x80000003 0x1416 1 66.1.1.1 66.1.1.1 1362 0x8000000D 0x42C4 4 67.1.1.1 67.1.1.1 161 0x80000011 0xA783 3...

  • Page 210: Ospf Debug Commands

    OSPF Debug Commands To display information on selected OSPF processes, the following debug commands can be used from the Privileged Exec mode of the CLI: Command Function debug ip ospf ack Logs information about OSPF link state Ack packets. Includes the following command line options: •...

  • Page 211

    Configuring Routing Policies Contents Overview............14-2 Route Preferences .

  • Page 212

    Configuring Routing Policies Overview Overview The 8100fl switch supports flexible routing policies. These allow the network administrator to control import and export of routing information based on criteria including: ■ Source and destination interface Previous hop router ■ ■ Tag associated with routes ■...

  • Page 213: Import Policies

    Configuring Routing Policies Route Preferences A default preference is assigned to each source from which the switch routing process receives routes. Preference values range from 0 to 255 with the lowest number indicating the most preferred route. Table 14-1 summarizes the default preference values for routes learned in various ways.

  • Page 214: Route-filter

    Configuring Routing Policies Route Preferences The importation of RIP routes may be controlled by source interface and source gateway. RIP does not support the use of preference to choose between RIP routes. That is left to the protocol metrics. Due to the nature of OSPF, only the importation of ASE routes may be controlled.

  • Page 215: Export-source

    Configuring Routing Policies Authentication Export-Source This component specifies the source of the exported routes. It can also specify the metric to be associated with the routes exported from this source. The routes to be exported can be identified by their associated attributes: Their protocol type (RIP, OSPF, Static, Connected).

  • Page 216: Authentication Methods

    Configuring Routing Policies Authentication Authentication Methods There are two main authentication methods: simple password and MD5. Simple Password Authentication. In this method, an authentication key of up to 8 characters is included in the packet. If this does not match what is expected, the packet is discarded.

  • Page 217: Using Route Maps

    Configuring Routing Policies Authentication Using Route Maps A route map defines conditions and actions to be taken for: ■ importing routes or exporting routes redistributing routes from or into any routing protocol ■ A route map consists of one or more conditions and the action to be taken when the condition is met.

  • Page 218: Configuring Simple Routing Policies

    Configuring Routing Policies Configuring Simple Routing Policies Configuring Simple Routing Policies Simple routing policies provide an efficient way for routing information to be exchanged between routing protocols. The redistribute command can be used to redistribute routes from one routing domain into another routing domain. Redistribution of routes between routing domains is based on route policies.

  • Page 219: Redistributing Rip Into Ospf

    Configuring Routing Policies Configuring Simple Routing Policies To redistribute RIP into RIP, enter the following command in Router Configuration mode: ProCurve(config-router)#redistribute rip [metric|route-map] Redistributing RIP into OSPF RIP routes may be redistributed to OSPF. To redistribute RIP into OSPF, enter the following command in Router Configuration mode: ProCurve(config-router)#redistribute ospf [match <external|internal|nssa-external>...

  • Page 220

    — This page is intentionally unused. —...

  • Page 221

    Access Control Lists (ACLs) Contents Overview............15-2 Layer 3 Access Control List (ACLs) .

  • Page 222

    Access Control Lists (ACLs) Overview Overview This chapter explains how to configure and use Access Control Lists (ACLs) on the 8100fl switch. When used in conjunction with certain features, ACLs provide control over the forwarding of Layer 3 and layer-4 traffic as illustrated Figure 15-1.

  • Page 223: Layer 3 Access Control List (acls)

    Access Control Lists (ACLs) Layer 3 Access Control List (ACLs) Layer 3 Access Control List (ACLs) An ACL consists of a protocol type and one or more rules which tell the switch to either permit or deny packets or routes that match the match criteria on which each rule is based.

  • Page 224: Creating An Acl

    Access Control Lists (ACLs) Layer 3 Access Control List (ACLs) Creating an ACL To create an ACL, complete the following steps: 1. Specify a name (or number) for the ACL. N o t e Each ACL is identified by a name, consisting of alphanumeric characters. The ACL name can be a meaningful string such as denyFTP or it can be a simple number such as 100 or 101.

  • Page 225: The "any" Parameter And Wild Cards

    Access Control Lists (ACLs) Layer 3 Access Control List (ACLs) Option (Destination) Description Match only packets on a given port number (equal to) Match only packets with a port number greater than host A single destination host Match only packets with a port number less than range Match only packets in the port number range (Optional) Refine the ACL by specifying conditions for the traffic from the...

  • Page 226: How Multiple Acl Rules Are Evaluated

    Access Control Lists (ACLs) Layer 3 Access Control List (ACLs) Notice in the previous example that both the source address and the destination address are skipped over using the any parameter. The keyword any is needed only to skip a field in order to explicitly specify another field whose position is further along in the ACL.

  • Page 227: Implicit Deny Rule

    Access Control Lists (ACLs) Layer 3 Access Control List (ACLs) N o t e Remember that the first rule that applies to a packet is the only rule that affects the packet. The packet is permitted or denied according to the first rule it satisfies;...

  • Page 228

    Access Control Lists (ACLs) Layer 3 Access Control List (ACLs) To allow packets from a subnet other than 172.124.200.0 to pass through, a rule must be explicitly defined to permit other packets to go through. To change the previous example so that it accepts packets from other subnets, a new rule must be added ahead of the implicit deny rule that permits packets to pass.

  • Page 229: Editing Acls

    Access Control Lists (ACLs) Editing ACLs Editing ACLs To modify an ACL, edit it using a text editor on a remote workstation and upload it to the switch using TFTP. (You cannot edit existing ACLs from the CLI.) Edit, delete, replace, or reorder ACL rules and match criteria in a text file.

  • Page 230: Applying Acls

    Access Control Lists (ACLs) Applying ACLs Applying ACLs Until it is applied, an ACL itself is simply a set of one or more rules made up of match criteria and an indicator that specifies whether to permit or deny packets that meet the rules. For an ACL to actually do something on the switch, it must be applied to an interface or to some application, which permits or denies traffic to or from the switch.

  • Page 231: Acl Viewing

    Access Control Lists (ACLs) Applying ACLs ACL Viewing The switch provides the following show commands that you can use to display the ACLs, their rules, and their association to interfaces, ports and services. Table 15-1. ACL Show Commands Show Command Action show access-list Show all ACL definitions...

  • Page 232

    Access Control Lists (ACLs) Applying ACLs The following is an example of the display from the show access-list command: ProCurve#show access-list ProCurve#show access-lists IP access list 401 permit tcp 192.168.1.4 0.0.0.0 10.203.10.1 0.0.0.0 IP access list 403 deny tcp 10.20.20.0 0.0.0.255 permit tcp any any IP access list 404 permit ip 123.1.3.10 0.0.0.255 any default...

  • Page 233: Layer 2 Access Control Lists (acls)

    Access Control Lists (ACLs) Layer 2 Access Control Lists (ACLs) Layer 2 Access Control Lists (ACLs) Layer 2 traffic filtering on the switch is provided by: ■ Layer 2 filters - perform filtering on source or destination MAC addresses. Layer 2 access control lists - perform access control based on source or ■...

  • Page 234: Monitoring Layer 2 Acls

    Access Control Lists (ACLs) Layer 2 Access Control Lists (ACLs) To apply a Layer 2 ACL to a specified VLAN interface on input, enter the following command: ProCurve(config-if)#l2acl [police | <aclname>] vlan <vlanid> For example, to apply an ACL called 303 for traffic inbound to VLAN 220, you would enter;...

  • Page 235: Protocols And Keywords

    Access Control Lists (ACLs) Protocols and Keywords Protocols and Keywords Table 15-3 shows the list of protocols you can use in a Layer 3 ACL. All of these protocols can be referenced by their decimal number. Those protocols shown with a Keyword can alternately be referenced by this Keyword rather than by their decimal number.

  • Page 236

    Access Control Lists (ACLs) Protocols and Keywords Table 15-3. Protocol Decimal and Keyword Equivalents (Continued) Decimal Keyword Protocol/References Packet Radio Measurement [ZSU] XNS-IDP XEROX NS IDP [ETHERNET,XEROX] TRUNK-1 Trunk-1 [BWB6] TRUNK-2 Trunk-2 [BWB6] LEAF-1 Leaf-1 [BWB6] LEAF-2 Leaf-2 [BWB6] Reliable Data Protocol [RFC908,RH6] IRTP Internet Reliable Transaction [RFC938,TXM] ISO-TP4...

  • Page 237

    Access Control Lists (ACLs) Protocols and Keywords Table 15-3. Protocol Decimal and Keyword Equivalents (Continued) Decimal Keyword Protocol/References MHRP Mobile Host Routing Protocol [David Johnson] BNA [Gary Salamon] SIPP-ESP SIPP Encap Security Payload [Steve Deering] SIPP-AH SIPP Authentication Header [Steve Deering] I-NLSP Integrated Net Layer Security TUBA [GLENN] SWIPE...

  • Page 238

    Access Control Lists (ACLs) Protocols and Keywords Table 15-3. Protocol Decimal and Keyword Equivalents (Continued) Decimal Keyword Protocol/References ISO-IP ISO Internet Protocol [MTR] VMTP VMTP [DRC3] SECURE-VMTP SECURE-VMTP [DRC3] VINES VINES [BXH] TTP [JXS] NSFNET-IGP NSFNET-IGP [HWB] Dissimilar Gateway Protocol [DGP,ML109] TCF [GAL5] IGRP IGRP...

  • Page 239

    VRRP Configuration Contents Overview............16-2 Configuration Parameters .

  • Page 240

    VRRP Configuration Overview Overview This chapter explains how to set up and monitor the Virtual Router Redundancy Protocol (VRRP) on the switch. VRRP is defined in RFC 2338. In many networks, end hosts are often configured to send packets to a statically configured default router.

  • Page 241: Setting The Ip Address Of The Virtual Router

    VRRP Configuration Configuration Parameters Setting the IP Address of the Virtual Router To assign the virtual router’s IP address on VLAN 15 to be 10.50.50.5, enter: ProCurve(config-interface-vlan15)#vrrp 1 ip 10.50.50.5 Labeling the Virtual Router You can label each virtual router for easy identification in configurations and the show commands.

  • Page 242: Learning The Master Configuration

    VRRP Configuration Configuration Parameters Learning the Master Configuration When the Master router goes down, the Backup router takes over. When an interface comes up, the Master router may become available and take over from the Backup router. Before the Master router takes over, it may have to update its routing tables.

  • Page 243

    VRRP Configuration Configuration Parameters If a Backup router doesn’t receive a keep-alive advertisement from the ■ current Master within a certain period of time, it will transition to the Master state and start sending advertisements itself. The amount of time that a Backup router will wait before it becomes the new Master is based on the following equation: Master-down-interval = (3 * advertisement-interval) + skew-time...

  • Page 244: Configuring Vrrp

    VRRP Configuration Configuring VRRP Configuring VRRP This section presents two sample VRRP configurations: ■ A basic VRRP configuration with one virtual router A symmetrical VRRP configuration with two virtual routers ■ N o t e The 8100fl switch is limited to up to fifteen unique virtual router configurations per interface (physical port, LAG, or VLAN).

  • Page 245: Configuration Of Router R1

    VRRP Configuration Configuring VRRP If Router R1 should become unavailable, Router R2 would take over virtual router VRID=1 and its associated IP addresses. Packets sent to 10.0.0.1/24 would go to Router R2. When Router R1 comes up again, it would take over as Master, and Router R2 would revert to Backup.

  • Page 246: Vrrp Configuration With Two Routers

    VRRP Configuration Configuring VRRP VRRP Configuration with Two Routers Figure 16-2 shows a symmetrical VRRP configuration with two routers and two virtual routers. Routers R1 and R2 are both configured with two virtual routers (VRID=1 and VRID=2). Router R1 serves as: Master for VRID=1 ■...

  • Page 247

    VRRP Configuration Configuring VRRP In this configuration, half the hosts use 10.0.0.1/24 as their default route, and half use 11.0.0.1/24. IP address 10.0.0.1/24 is associated with virtual router VRID=1, and IP address 11.0.0.1 is associated with virtual router VRID=2. If Router R1, the Master for virtual router VRID=1, goes down, Router R2 would take over the IP address 10.0.0.1/24.

  • Page 248: Monitoring Vrrp

    VRRP Configuration Monitoring VRRP Monitoring VRRP The show vrrp command reports information about a VRRP configuration. You can specify individual VRIDs, or interfaces. You can tailor the display to show summary information using the show vrrp brief command. You can focus displayed information using output modifiers to customize the information returned.

  • Page 249

    Time Configuration Contents Overview............17-2 Setting the Date and Time .

  • Page 250

    Time Configuration Overview Overview This chapter discusses how to set time on the 8100fl switch and how to use the pool of Network Time Protocol (NTP) servers to set the clock to Universal Coordinated Time (UTC). Setting the Date and Time To set the date and time on the 8100fl switch, use the clock set command in Privileged Exec mode.

  • Page 251: Using Ntp

    Time Configuration Using NTP In this example, to convert PST to UTC, first convert the local time into a 24­ hour clock format, 08:10:40. Then add 8 to convert to UTC. This gives the time conversion as 16:10:40. A slightly more complicated conversion occurs when adding 8 (for PST) forces the 24-hour clock into the next morning.

  • Page 252

    Time Configuration Using NTP The following example shows a typical configuration of NTP servers. (The * symbol indicates the ip address of the server the switch is synchronized against, the = symbol identifies an additional ntp server.) Use the detail parameter to display all of the NTP statistics.

  • Page 253

    SNMP Configuration Contents Overview............18-2 Configuring Access to MIB Objects .

  • Page 254

    SNMP Configuration Overview Overview The Simple Network Management Protocol (SNMP) is an application layer protocol used to monitor and manage TCP/IP-based networks. It provides for the storage and exchange of management information. The 8100fl switch supports the following SNMP versions: ■...

  • Page 255: Configuring Access To Mib Objects

    SNMP Configuration Configuring Access to MIB Objects Configuring Access to MIB Objects The 8100fl switch supports many of the standard networking SNMP MIB modules. Each module is a collection of managed objects which can be accessed by the SNMP management stations. (For a list of MIB modules supported by the 8100fl switch, refer to “MIB Modules”...

  • Page 256: Configuring The Snmp Agent

    ProCurve(config)#snmp chassis-id s/n12345 ProCurve(config)#snmp mib if-mib The example sets the MIB objects sysContact to IT dept, sysLocation to building 1 closet, and hp-switch-fl-series-inventory-mib ChassisId to s/n12345, and enables the if-mib (RFC 2863). Configuring SNMP Notifications The 8100fl switch sends notifications to pre-defined targets. The targets are the SNMP management stations that receive the notifications.

  • Page 257: Enabling/disabling Snmp

    SNMP Configuration Configuring Access to MIB Objects Targets are defined by their IP addresses. Each target that is defined receives a copy of the notifications generated and sent by the ProCurve 8100fl agent. In addition, you need to specify a community string for the notifications. For security reasons, the community strings in notifications should be different from the read/write community strings.

  • Page 258: Mib Modules

    The 8100fl switch supports the following MIB modules. You can use these modules with any SNMP version. Table 18-1. Release 1.0 Supported MIBs MIB Name RFC Standard SNMPv2-MIB RFC 1907 IP-MIB RFC 2011 TCP-MIB RFC 2012 UDP-MIB RFC 2013 IP-FORWARD-MIB RFC 2096 IF-MIB RFC 2863 ENTITY-MIB RFC 2737 HP-SWITCH-FL-SERIES-INVENTORY-MIB 18-6...

  • Page 259: Loading Mibs

    Some of the following list of IETF standard MIB modules may already be loaded, so you do not need to load them again (unless they are newer versions). Load them in the order shown—with the HP Switch proprietary MIB module at the end.

  • Page 260: Enabling/disabling Mib Modules

    - IPv4 CIDR forwarding database per RFC 2096 ip-mib - Counters for IP and ICMP version 4 per RFC 2011 hp-switch-fl-series-inventory-mib - HP switch inventory details snmpv2-mib - System detail, SNMPv1/v2c/v3 counters per RFC 1907 tcp-mib - Counters for Transmission Control Protocol, IP...

  • Page 261: Displaying Snmp Information

    SNMP Configuration Configuring Access to MIB Objects Displaying SNMP Information The show snmp command is used to display SNMP configuration information. The status of the notifications are listed at the bottom of the output. ProCurve(config)#show snmp agent operational 343 seconds In/out packets: 0/0 last: last error occurred on: Bad version : 0...

  • Page 262: Troubleshooting Snmp

    UDP-MIB 2013 online IP-FORWARD-MIB 2096 online ENTITY-MIB 2737 online HP-SWITCH-FL-SERIES-INVENTORY-MIB online Troubleshooting SNMP SNMP misconfigurations typically generate the following error when you enter the show snmp command: ProCurve(config)#show snmp %SNMP agent not enabled ProCurve(config)# If you receive this error: Make sure you have configured a community string (see “Configuring...

  • Page 263: Snmp Notifications

    IF-MIB 1: ifIndex OID: 1.3.6.1.6.3.1.1.5.4 2: ifAdminStatus 3: ifOperStatus 4: ifDescr authenticationFailure SNMPv2-MIB No List OID: 1.3.6.1.6.3.1.1.5.5 Notifications from HP switch proprietary MIB module hotSwapOut HP-SWITCH-FL­ 1: entPhysicalDescr SERIES­ OID: 2: entPhysicalIndex INVENTORY­ 1.3.6.1.4.1.11.2.14.11.8.1.33.1.2.0.8 3: Trapdescription hotSwapIn 1: entPhysicalDescr...

  • Page 264

    — This page is intentionally unused. —...

  • Page 265

    Performance Monitoring Contents Overview............19-2 Show Commands.

  • Page 266

    Performance Monitoring Overview Overview The 8100fl switch performs as a full wire-speed Layer 2, Layer 3, and Layer 4 switching router, and is capable of displaying performance information at each layer. As packets enter the switch, Layer 2, 3, and 4 flow tables are populated on each interface module.

  • Page 267

    Performance Monitoring Show Commands show bridge fib Show bridging information show bridge mac-table Show master MAC table information show clock Show information about the system clock show configuration Show configuration data in flash show device-logging Show how the terminal, host, and buffer are configured for logging show environment Show environmental conditions of the chassis...

  • Page 268

    Performance Monitoring Show Commands show pinger Show pinger gateway information show policy Show IP policies show port Show Layer 2 port related information show process Show resource usage per process show radius servers Show Remote Access Dial-in User Service (RADIUS) server information show redundancy Show the status of redundant modules...

  • Page 269: Debug Commands

    Performance Monitoring Debug Commands N o t e All the show commands are accessible at the Privileged Exec mode. Many show commands are accessible from various configuration modes, and a limited number of show commands are available at the Exec mode level. Debug Commands To gather information on selected processes and to control tracing, enter the following commands from the Privileged Exec mode:...

  • Page 270: Clear Commands

    Performance Monitoring Clear Commands Clear Commands To delete data from the system, use the following commands from the Privi­ leged Exec mode: Command Function clear access-list Clear access-list counters for a specified Access Control List. clear arp Clear the Address Resolution Protocol (arp) entry IP address. clear arp-cache Clear the Address Resolution Protocol (arp) cache.

  • Page 271: Error Reporting And Message Logging

    Performance Monitoring Error Reporting and Message Logging Error Reporting and Message Logging Individual file system commands will report application specific errors as part of their normal output. ERRLOG messages will be generated on the following events: ■ A physical file system becomes full A user attempts to overwrite or remove a read-only system file ■...

  • Page 272: Configuring The Syslog Host

    Performance Monitoring Error Reporting and Message Logging To set the locations that receive messages (buffer, console, or syslog respec­ tively), use the following commands in Configuration mode. Command Function logging buffered Set buffered logging. logging host Set host logging. Requires an <ip address>. logging terminal Set terminal logging.

  • Page 273: Displaying Crash Log Files

    Performance Monitoring Error Reporting and Message Logging When logging is buffered, the following Privileged Exec command is useful to display logged messages: ProCurve#show logging The following Privileged Exec command can be used to clear the log buffer: ProCurve#clear logging Displaying Crash Log Files To display a log file after a crash occurs, enter the following command: ProCurve#dir flash: This will list the files located in the flash directory.

  • Page 274: Controlling The Size Of The Log And Messages

    Performance Monitoring Error Reporting and Message Logging N o t e The default alert level for the buffered messages is informational, and the default alert level for terminal messages is warning. The default alert level for syslog messages is informational. Controlling the Size of the Log and Messages You can set the number of messages that get stored in the history table.

  • Page 275: Configuring Port Mirroring

    Performance Monitoring Configuring Port Mirroring Configuring Port Mirroring The 8100fl switch allows you to monitor performance and activities of ports on the switch using port mirroring. Monitor Port Monitoring Device Destination Port Target Port Port 6/10 5/10 Figure 19-1. Port Mirroring Figure 19-1, the target port (5/10) is mirrored to a monitor port (6/1) on another interface module.

  • Page 276: Setting Rate-limits (2-port X2 Module)

    Performance Monitoring Setting Rate-Limits (2-port X2 Module) LAGs, and ports used within a LAG (link aggregated group), cannot be ■ used as a destination for port mirroring. C a u t i o n The mirror monitor-port command is not available from the Interface lag context.

  • Page 277

    Performance Monitoring Setting Rate-Limits (2-port X2 Module) For example, to specify a rate limit of 2000 Megabits per second for the first port on the module, you would enter the following: ProCurve(config)#interface tengigabitethernet 1/1 ProCurve(config-interface-10gig1/1)# mac-rate-limit 2000 Operating Notes for Rate-Limiting The mac-rate-limit command is only effective on the 2-Port X2 10GbE ■...

  • Page 278

    Performance Monitoring Setting Rate-Limits (2-port X2 Module) — This page is intentionally unused. — 19-14...

  • Page 279

    Command Line Index This index provides an alphabetical listing of all clear ip ospf … 13-6, 19-6 clear ip traffic … 19-6 the commands in the CLI that are referenced in clear l2acl … 19-6 this guide. clear lacp … 19-6 clear logging …...

  • Page 280

    macs (ssh) … 5-8 map … 8-4 image … 3-10 maximum-paths (rip) … 12-5 interface … 11-3 mirror monitor-port … 19-11 interface mtu … 11-5 mkdir … 3-6 ip access-group … 11-4, 15-10 more … 3-6 ip address … 11-4 mtu (config-vlan) …...

  • Page 281

    show aaa method-lists … 19-2 show spanning-tree mst-config … 9-31 show aaa servers … 19-2 show spolicy-input-map … 19-4 show access-lists … 19-2 show spolicy-output-map … 19-4 show arp … 11-9, 19-2 show startup-config … 3-3, 19-4 show bootvar … 19-2 show statistics …...

  • Page 282

    terminal … 2-9 timers basic (rip) … 12-5 timers spf … 13-11 traceroute … 11-10 username … 5-5, 5-11 version (rip) … 12-3 version (ssh) … 5-8 vlan … 6-5 vrrp … 16-3 width (config-line) … 4-7 write memory … 3-3 4 –...

  • Page 283

    Index Numerics 2-Port X2 10GbE Interface Module backing up system configuration … 3-7 rate control policies … 19-12 bandwidth loss, spanning tree … 9-10 802.1w as a region … 9-12 bandwidth manager … 8-2 banner authentication … 5-13 setting for login … 4-5 access modes …...

  • Page 284

    Configuration mode … 2-3, 2-4 networks in routing updates (RIP) … 12-5 contact person, configuring … 4-5 updates (RIP) … 12-4 copying files … 3-6 filters cost effect of IGMP … 10-17 calculating for OSPF … 13-10 layer-2 … 11-6, 15-13 calculating for OSPF interface …...

  • Page 285

    supported configurations … 11-4 storage devices … 3-4 IP address maximum transmission unit (MTU) … 11-5 assigning to management module … 4-2 MD5 authentication … 13-2, 13-12, 14-6 notation … 2-11 memory thresholds … 11-13 setting for a virtual router … 16-3 message logging …...

  • Page 286

    debug commands … 13-20 configuring parameters … 4-9–4-13 default cost for stub area … 13-8 modifying speed … 4-12 defining cost … 13-10 referencing … 4-9 enabling … 13-5 shutdown by default … 6-6 export routes … 14-5 power supply information … 3-14 importing routes …...

  • Page 287

    RFC 1583 … 13-10 Simple Network Management Protocol RFC 1587 … 13-2 See SNMP RFC 1901 … 18-2 slot numbering … 4-10 RFC 1905 … 18-2 slots, used to specify modules RFC 1906 … 18-2 modules RFC 2178 … 14-6 referencing …...

  • Page 288

    caution … 9-7 IST root … 9-6, 9-7, 9-9 CIST … 9-12 IST, defined … 9-6 CIST per-port hello time … 9-12 IST, switch membership … 9-6 CIST root … 9-20 legacy devices and the CST … 9-10 common and internal spanning tree legacy STP and RSTP …...

  • Page 289

    root switch, regional … 9-12 root, CIST … 9-18 TACACS+ root, IST … 9-7 authentication … 5-2 root, MSTI … 9-9 configuring … 5-17 routed traffic in a region … 9-9 monitoring … 5-18 RSTP as a region … 9-5 multiple connections on a single server …...

  • Page 290

    configuring an IP interface … 11-3 default … 6-6 enabled by default … 6-6 enabling trunk ports … 6-4 explicit and implicit … 6-3 IGMP configuration … 10-3 number of VLANs supported … 6-6 port-based … 6-2 static, 802.1s spanning tree … 9-6 trunk ports …...

  • Page 291

    — This page is intentionally unused. —...

  • Page 292

    Technical information in this document is subject to change without notice. © Copyright Hewlett-Packard Development Company, L.P. All rights reserved. Reproduction, adaptation, or translation without prior written permission is prohibited except as allowed under the copyright laws. March 2007 Manual Part Number 5990-8867...

Comments to this Manuals

Symbols: 0
Latest comments: