1. Manuals
  2. Brands
  3. ProCurve Manuals
  4. Switch
  5. 8200zl Series
  6. Management and configuration manual

ProCurve 8200zl Series Management And Configuration Manual

Hide thumbs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
Table of Contents

Advertisement

Quick Links

Download this manual
8200zl
6200yl
5400zl
3500yl
ProCurve Switches
K.13.01
www.procurve.com
Management and
Configuration Guide

Advertisement

Table of Contents
loading

Related Manuals for ProCurve 8200zl Series

Summary of Contents for ProCurve 8200zl Series

  • Page 1 Management and 8200zl 6200yl Configuration Guide 5400zl 3500yl ProCurve Switches K.13.01 www.procurve.com...
  • Page 3 ProCurve Series 3500yl Switches Series 5400zl Switches 6200yl Switch Series 8200zl Switches January 2008 K.13.01 Management and Configuration Guide...
  • Page 4 Nothing herein should be construed as constituting an additional warranty. HP shall Applicable Products not be liable for technical or editorial errors or omissions ProCurve Switch 3500yl-24G-PWR (J8692A) contained herein. ProCurve Switch 3500yl-48G-PWR (J8693A)

  • Page 5: Table Of Contents

    Contents Product Documentation About Your Switch Manual Set ......xxv Printed Publications......... xxv Electronic Publications .
  • Page 6 ProCurve Manager Plus ........
  • Page 7 Using ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+) ....... 5-5 Tasks for Your First ProCurve Web Browser Interface Session .
  • Page 8 Status Reporting Features ........5-16 The Overview Window .
  • Page 9 General Operation ......... . 6-27 Transitioning to Multiple Configuration Files .
  • Page 10 8 Configuring IP Addressing Contents ............8-1 Overview .
  • Page 11 Configuring a Broadcast Limit on the Switch ....10-14 Configuring ProCurve Auto-MDIX ......10-15 Web: Viewing Port Status and Configuring Port Parameters .
  • Page 12 Modules ..........10-24 Uni-Directional Link Detection (UDLD) .
  • Page 13 Viewing PoE Configuration and Status ..... . . 11-24 Displaying the Switch’s Global PoE Power Status ....11-24 Displaying PoE Status on All Ports .
  • Page 14 13 Port Traffic Controls Contents ........... . . 13-1 Overview .
  • Page 15 Configuring IP MTU ........13-33 SNMP Implementation .
  • Page 16 Terminology ......... . 14-33 Configuring sFlow .
  • Page 17 15 Redundancy (Switch 8212zl) Contents ........... . . 15-1 Overview .
  • Page 18 Show Redundancy ........15-24 Show Flash .
  • Page 19 General Software Download Rules ......A-4 Using TFTP To Download Switch Software from a Server ..A-4 Menu: TFTP Download from a Server to Primary Flash .
  • Page 20 Transferring ACL Command Files ......A-29 TFTP: Uploading an ACL Command File from a TFTP Server A-29 Xmodem: Uploading an ACL Command File from a Serially Connected PC or UNIX Workstation .
  • Page 21 Port Status ..........B-13 Menu: Displaying Port Status .
  • Page 22 1. Determine the Mirroring Session Identity and Destination ..B-44 2. Configure the Remote Mirroring Session on Destination Switch B-44 3. Configure the Mirroring Session on the Source Switch ..B-46 4.
  • Page 23 Browser or Telnet Access Problems ......C-6 Unusual Network Activity ........C-8 General Problems .
  • Page 24 Debug Messages ........C-49 Debug Destinations .
  • Page 25 When Insufficient Resources Are Available ....E-5 F Daylight Savings Time on ProCurve Switches G Scalability: IP Address, VLAN, and Routing Maximum...
  • Page 26 xxiv...

  • Page 27: Product Documentation

    Electronic Publications The latest version of each of the publications listed below is available in PDF format on the ProCurve Web site, as described in the Note at the top of this page. Management and Configuration Guide—Describes how to configure, ■...
  • Page 28 5400zl switches, Premium License features can be acquired by purchasing the optional Premium License and installing it on the Intelligent Edge version of these switches. (These features are automatically included on the ProCurve 6200yl and 8200zl switches.) Intelligent Edge Software Features. These features are automatically included on all switches.
  • Page 29 Intelligent Edge Software Manual Features Management Advanced Multicast and Access Traffic Routing Security Configuration Management Guide 802.1X Multiple Authenticated Clients Per Port Access Control Lists (ACLs) AAA Authentication Authorized IP Managers Authorized Manager List (Web, Telnet, TFTP) Auto MDIX Configuration BOOTP Config File Console Access...
  • Page 30 Jumbo Packets LACP Link LLDP LLDP-MED MAC Address Management MAC Lockdown MAC Lockout MAC-based Authentication Management VLAN Meshing Monitoring and Analysis Multicast Filtering Multiple Configuration Files Network Management Applications (SNMP) OpenView Device Management Passwords and Password Clear Protection ProCurve Manager (PCM)
  • Page 31 Intelligent Edge Software Manual Features Management Advanced Multicast and Access Traffic Routing Security Configuration Management Guide Ping Port Configuration Port Monitoring Port Security Port Status Port Trunking (LACP) Port-Based Access Control (802.1X) Power over Ethernet (PoE) Protocol Filters Protocol VLANS Quality of Service (QoS) RADIUS Authentication and Accounting RADIUS-Based Configuration...
  • Page 32 Intelligent Edge Software Manual Features Management Advanced Multicast and Access Traffic Routing Security Configuration Management Guide SSL (Secure Socket Layer) Stack Management (3500yl/6200yl switches only) Syslog System Information TACACS+ Authentication Telnet Access TFTP Time Protocols (TimeP, SNTP) Traffic Mirroring Traffic/Security Filters Troubleshooting Uni-Directional Link Detection (UDLD) UDP Forwarder...

  • Page 33: Contents

    Getting Started Contents Introduction ..........1-2 Conventions .

  • Page 34: Introduction

    For an overview of other product documentation for the above switches, refer to “Product Documentation” on page xiii. You can download documen- tation from the ProCurve Networking web site, www.procurve.com. Conventions This guide uses the following conventions for command syntax and displayed information.

  • Page 35: Command Prompts

    In the default configuration, your switch displays a CLI prompt similar to the following example: ProCurve 8212zl# To simplify recognition, this guide uses ProCurve to represent command prompts for all switch models. For example: ProCurve# (You can use the hostname command to change the text in the CLI prompt.) Screen Simulations Displayed Text.

  • Page 36: Sources For More Information

    “Software Feature Index” on page xiv. N o t e For the latest version of all ProCurve switch documentation referred to below, including Release Notes covering recently added features, visit the ProCurve Networking web site at www.procurve.com, click on Technical support, and then click on Product Manuals (all).
  • Page 37 Getting Started Sources for More Information Advanced Traffic Management Guide—Use this guide for information ■ on topics such as: • VLANs: Static port-based and protocol VLANs, and dynamic GVRP VLANs • spanning-Tree: 802.1D (STP), 802.1w (RSTP), and 802.1s (MSTP) • meshing •...

  • Page 38: Getting Documentation From The Web

    Click on Technical support. Click on Product manuals. Click on the product for which you want to view or download a manual. If you need further information on ProCurve switch technology, visit the ProCurve Networking web site at: www.procurve.com Online Help...

  • Page 39: Command Line Interface

    Figure 1-4. Button for Web Browser Interface Online Help N o t e To access the online Help for the ProCurve web browser interface, you need either ProCurve Manager (version 1.5 or greater) installed on your network or an active connection to the World Wide Web. Otherwise, Online help for...

  • Page 40: Need Only A Quick Start?

    If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, ProCurve recommends that you use the Switch Setup screen to quickly configure IP addressing. To do so, do one of the following: Enter setup at the CLI Manager level prompt.

  • Page 41: Contents

    ProCurve Manager Plus ........

  • Page 42: Overview

    VLAN management. (ProCurve includes a copy of PCM+ in-box for a free 30-day trial.) This manual describes how to use the menu interface (Chapter 3), the CLI (Chapter 4), the web browser interface (Chapter 5), and how to use these interfaces to configure and monitor the switch.

  • Page 43: Advantages Of Using The Menu Interface

    Selecting a Management Interface Advantages of Using the Menu Interface To use ProCurve Manager or ProCurve Manager Plus, refer to the Getting Started Guide and the Administrator’s Guide, which are available electron- ically with the software for these applications. For more information, visit the ProCurve Networking web site at www.procurve.com.

  • Page 44: Advantages Of Using The Cli

    Provides more security; configuration information and passwords are ■ not seen on the network. Advantages of Using the CLI Prompt for Operator Level ProCurve> Prompt for Manager Level ProCurve# Prompt for Global Configuration ProCurve(config)# Level Prompt for Context ProCurve(<context>)#...

  • Page 45: Advantages Of Using The Web Browser Interface

    Selecting a Management Interface Advantages of Using the Web Browser Interface To perform specific procedures (such as configuring IP addressing or ■ VLANs), use the Contents listing at the front of the manual to locate the information you need. ■ For monitoring and analyzing switch operation, refer to Appendix B.
  • Page 46 Selecting a Management Interface Advantages of Using the Web Browser Interface Many features have all their fields in one screen so you can view all ■ values at once ■ More visual cues, using colors, status bars, device icons, and other graphical objects instead of relying solely on alphanumeric values Display of acceptable ranges of values available in configuration list ■...

  • Page 47: Or Procurve Manager Plus

    Advantages of Using ProCurve Manager or ProCurve Manager Plus You can operate ProCurve Manager and ProCurve Manager Plus (PCM and PCM+) from a PC on the network to monitor traffic, manage your hubs and switches, and proactively recommend network changes to increase network uptime and optimize performance.
  • Page 48 Features and benefits of ProCurve Manager Plus: ■ • All of the Features of ProCurve Manager: Refer to the above listing. • In-Depth Traffic Analysis: An integrated, low-overhead traffic mon- itor interface shows detailed information on traffic throughout the network.

  • Page 49: Web Browser Interfaces

    Updates can be scheduled easily across large groups of devices, all at user-specified times. • Investment Protection: The modular software architecture of ProCurve Manager Plus will allow ProCurve to offer network admin- istrators add-on software solutions that complement their needs. Custom Login Banners for the Console and Web Browser Interfaces...

  • Page 50: Configuring And Displaying A Non-Default Banner

    Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus clears the banner window and prompts the user for a password (if configured). Following entry of the correct username/password information (or if no username/password is required), the switch then displays either the Registra- tion page or the switch’s home page.

  • Page 51: Example Of Configuring And Displaying A Banner

    Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus Example of Configuring and Displaying a Banner Suppose a system operator wanted to configure the following banner message on her company’s switches: This is a private system maintained by the Allied Widget Corporation.
  • Page 52 Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus Shows the current banner configuration. Figure 2-7. The Current Banner Appears in the Switch’s Running-Config File The next time someone logs onto the switch’s management CLI, the following...

  • Page 53: Operating Notes

    Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus If someone uses a Web browser to log in to the switch interface, the following message appears: Figure 2-9. Example of Web Browser Interface Result of the Login Banner...
  • Page 54 Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus 2-14...

  • Page 55: Contents

    Using the Menu Interface Contents Overview ........... . . 3-2 Starting and Ending a Menu Session .

  • Page 56: Overview

    Reboot the switch For a detailed list of menu features, see the “Menu Features List” on page 3-14. Privilege Levels and Password Security. ProCurve strongly recom- mends that you configure a Manager password to help prevent unauthorized access to your network. A Manager password grants full read-write access to the switch.

  • Page 57: Starting And Ending A Menu Session

    Using the Menu Interface Starting and Ending a Menu Session N o t e If the switch has neither a Manager nor an Operator password, anyone having access to the console interface can operate the console with full manager privileges. Also, if you configure only an Operator password, entering the Operator password enables full manager privileges.

  • Page 58: How To Start A Menu Interface Session

    • If no password has been configured, the CLI prompt appears. Go to the next step. When the CLI prompt appears, display the Menu interface by entering the menu command. For example: ProCurve# menu [Enter] results in the following display:...

  • Page 59: How To End A Menu Session And Exit From The Console:

    Using the Menu Interface Starting and Ending a Menu Session Figure 3-1. Example of the Main Menu with Manager Privileges For a description of Main Menu features, see “Main Menu Features” on page 3-7. N o t e To configure the switch to start with the menu interface instead of the CLI, go to the Manager level prompt in the CLI, enter the command, and in the setup...
  • Page 60 Using the Menu Interface Starting and Ending a Menu Session Asterisk indicates a configuration change that requires a reboot to activate. Figure 3-2. Example Indication of a Configuration Change Requiring a Reboot In the current session, if you have not made configuration changes that require a switch reboot to activate, return to the Main Menu and press (zero) to log out.

  • Page 61: Main Menu Features

    Using the Menu Interface Main Menu Features Main Menu Features Figure 3-3. The Main Menu View with Manager Privileges The Main Menu gives you access to these Menu interface features: ■ Status and Counters: Provides access to display screens showing switch information, port status and counters, and port and VLAN address tables.
  • Page 62 Using the Menu Interface Main Menu Features Command Line (CLI): Selects the Command Line Interface at the same ■ level (Manager or Operator) that you are accessing in the Menu interface. (Refer to Chapter 4, “Using the Command Line Interface (CLI)”.) ■...

  • Page 63: Screen Structure And Navigation

    Using the Menu Interface Screen Structure and Navigation Screen Structure and Navigation Menu interface screens include these three elements: ■ Parameter fields and/or read-only information such as statistics Navigation and configuration actions, such as Save, Edit, and Cancel ■ ■ Help line to describe navigation options, individual parameters, and read- only data For example, in the following System Information screen:...
  • Page 64 Using the Menu Interface Screen Structure and Navigation Table 3-1. How To Navigate in the Menu Interface Task: Actions: Execute an action Use either of the following methods: from the “Actions –>” • Use the arrow keys ([<], or [>]) to highlight the action you want list at the bottom of to execute, then press [Enter].
  • Page 65 Using the Menu Interface Screen Structure and Navigation To get Help on individual parameter descriptions. In most screens there is a Help option in the Actions line. Whenever any of the items in the Actions line is highlighted, press , and a separate help screen is displayed. For example: Pressing [H] or highlighting Help and pressing [Enter] displays Help for the...

  • Page 66: Rebooting The Switch

    Using the Menu Interface Rebooting the Switch Rebooting the Switch Rebooting the switch from the menu interface ■ Terminates all current sessions and performs a reset of the operating system Activates any menu interface configuration changes that require a reboot ■...
  • Page 67 Using the Menu Interface Rebooting the Switch Rebooting To Activate Configuration Changes. Configuration changes for most parameters in the menu interface become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the .

  • Page 68: Menu Features List

    Using the Menu Interface Menu Features List Menu Features List Status and Counters • General System Information • Switch Management Address Information • Port Status • Port Counters • Address Table • Port Address Table Switch Configuration • System Information •...

  • Page 69: Where To Go From Here

    Using the Menu Interface Where To Go From Here Where To Go From Here This chapter provides an overview of the menu interface and how to use it. The following table indicates where to turn for detailed information on how to use the individual features available through the menu interface.
  • Page 70 Using the Menu Interface Where To Go From Here 3-16...

  • Page 71: Contents

    Using the Command Line Interface (CLI) Contents Overview ........... . . 4-2 Accessing the CLI .

  • Page 72: Overview

    Using the Command Line Interface (CLI) Overview Overview The CLI is a text-based command interface for configuring and monitoring the switch. The CLI gives you access to the switch’s full set of commands while providing the same password protection that is used in the web browser interface and the menu interface.

  • Page 73: Privilege Levels At Logon

    In the above case, you will enter the CLI at the level corresponding to the password you provide (operator or manager). If no passwords are set when you log onto the CLI, you will enter at the Manager level. For example: ProCurve# _...

  • Page 74: Privilege Level Operation

    Using the CLI C a u t i o n ProCurve strongly recommends that you configure a Manager password. If a Manager password is not configured, then the Manager level is not password- protected, and anyone having in-band or out-of-band access to the switch may be able to reach the Manager level and compromise switch and network security.

  • Page 75: Manager Privileges

    Manager prompt. For example: ProCurve# config Enter config at the Manager prompt. ProCurve(config)#_ The Global Config prompt. Context Configuration level: Provides all Operator and Manager priv- ■ ileges, and enables you to make configuration changes in a specific context, such as one or more ports or a VLAN.
  • Page 76 Using the CLI Table 4-1. Privilege Level Hierarchy Privilege Example of Prompt and Permitted Operations Level Operator Privilege Operator Level ProCurve> show < command > View status and configuration information. setup ping < argument > Perform connectivity tests. link-test < argument >...

  • Page 77: How To Move Between Levels

    Using the Command Line Interface (CLI) Using the CLI How To Move Between Levels Change in Levels Example of Prompt, Command, and Result > enable Operator level ProCurve Password:_ Manager level enable After you enter , the Password prompt appears. After you enter the...

  • Page 78: Listing Commands And Command Options

    Using the Command Line Interface (CLI) Using the CLI For example, if you use the menu interface to configure an IP address of “X” for VLAN 1 and later use the CLI to configure a different IP address of “Y” for VLAN 1, then “Y”...
  • Page 79 [Tab] (with no spaces allowed). For example, at the Global Configuration level, if you press [Tab] immediately after typing “t”, the CLI displays the available command options that begin with “t”. For example: ProCurve(config)# t [Tab] tacacs-server telnet-server time timesync...

  • Page 80: Listing Command Options

    CLI completes the current word (if you have typed enough of the word for the CLI to distinguish it from other possibilities), including hyphenated exten- sions. For example: ProCurve(config)# port- [Tab] ProCurve(config)# port-security _ Pressing after a completed command word lists the further options for [Tab] that command.

  • Page 81: Displaying Cli "Help"

    Using the Command Line Interface (CLI) Using the CLI Displaying CLI “Help” CLI Help provides two types of context-sensitive information: ■ Command list with a brief summary of each command’s purpose Detailed information on how to use individual commands ■ Displaying Command-List Help.
  • Page 82 Note that trying to list the help for an individual command from a privilege level that does not include that command results in an error message. For example, trying to list the help for the interface command while at the global configuration level produces this result: ProCurve# speed-duplex help Invalid input: speed-duplex 4-12...

  • Page 83: Configuration Commands And The Context Configuration Modes

    Port or Trunk-Group Context. Includes port- or trunk-specific commands that apply only to the selected port(s) or trunk group, plus the global config- uration, Manager, and Operator commands. The prompt for this mode includes the identity of the selected port(s): ProCurve(config)# interface c3-c6 ProCurve(eth-C5-C8)# ProCurve(config)# interface trk1 ProCurve(eth-Trk1)#...
  • Page 84 Using the Command Line Interface (CLI) Using the CLI In the port context, the first block of commands in the “?” listing show the context-specific commands that will affect only ports C3-C6. The remaining commands in the listing are Manager, Operator, and context commands.
  • Page 85 VLAN ID of the selected VLAN. For example, if you had already configured a VLAN with an ID of 100 in the switch: ProCurve(config)# vlan 100 Command executed at configuration level to enter VLAN 100 context. ProCurve(vlan-100)# Resulting prompt showing VLAN 100 context.

  • Page 86: Cli Control And Editing

    Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing Keystrokes Function [Ctrl] [A] Jumps to the first character of the command line. or [<] Moves the cursor back one character. [Ctrl] [B] [Ctrl] [C] Terminates a task and displays the command prompt. [Ctrl] [D] Deletes the character at the cursor.

  • Page 87: Contents

    Using ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+) ....... 5-5 Tasks for Your First ProCurve Web Browser Interface Session .

  • Page 88: Overview

    Command Prompt or changing the Web Agent Enabled parameter setting to No (page 7-4). For information on operating system, browser, and Java versions for the switches covered in this guide, go to the ProCurve Networking web site at www.procurve.com and: Click on: Technical support...

  • Page 89: General Features

    Using the ProCurve Web Browser Interface General Features General Features The web browser interface includes these features: Switch Identity and Status: • General system data • Software version • Redundant Management Module software version • IP address • Status Overview •...

  • Page 90: Interface Session With The Switch

    Location or Address field instead of the IP address. Using DNS names typically improves browser performance. Contact your network adminis- trator to enquire about DNS names associated with your ProCurve switch. Type the IP address (or DNS name) of the switch in the browser Location or Address (URL) field and press .

  • Page 91: Procurve Manager Plus (Pcm+)

    Using ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+) ProCurve Manager and ProCurve Manager Plus are designed for installation on a network management workstation. For this reason, the system require- ments are different from the system requirements for accessing the switch’s web browser interface from a non-management PC or workstation.
  • Page 92 Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Switch First time install alert Figure 5-1. Example of Status Overview Screen...

  • Page 93: Tasks For Your First Procurve Web Browser Interface Session

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Tasks for Your First ProCurve Web Browser Interface Session The first time you access the web browser interface, there are three tasks you should perform: ■...

  • Page 94: In The Browser Interface

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session This window is the launching point for the basic configuration you need to perform to set web browser interface passwords for maintaining security and a fault detection policy, which determines the types of messages that the Alert Log displays.
  • Page 95 Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Figure 5-3. The Device Passwords Window To set the passwords: Access the Device Passwords screen by one of the following methods: • If the Alert Log includes a “First Time Install” event entry, double click on this event, then, in the resulting display, click on the secure access to the device link.

  • Page 96: Entering A User Name And Password

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Entering a User Name and Password Figure 5-4. Example of the Password Prompt in the Web Browser Interface The manager and operator passwords are used to control access to all switch interfaces.

  • Page 97: Online Help For The Web Browser Interface

    Context-sensitive help is provided for the screen you are on. N o t e To access the online Help for the ProCurve web browser interface, you need either ProCurve Manager (version 1.5 or greater) installed on your network or an active connection to the World Wide Web. Otherwise, Online help for the web browser interface will not be available.

  • Page 98: Support/Mgmt Urls Feature

    Support tab. The default is the URL for the ProCurve Networking home page. – The URL of a PCM (ProCurve Network Manager) workstation or other server for the online Help files for this web browser interface. (The default setting accesses the switch’s browser-based Help on the ProCurve World Wide...

  • Page 99: Support Url

    As an alternative, you can replace the ProCurve URL with the URL for a local site used for logging reports on network performance or other support activ- ities.

  • Page 100: Using The Pcm Server For Switch Web Help

    Figure 5-7. How To Access Web Browser Interface Online Help Using the PCM Server for Switch Web Help For ProCurve devices that support the “Web Help” feature, you can use the PCM server to host the switch help files for devices that do not have HTTP access to the ProCurve Support Web site.
  • Page 101 Using the ProCurve Web Browser Interface Support/Mgmt URLs Feature Add an entry, or edit the existing entry in the Discovery portion of the global properties (globalprops.prp) in PCM to redirect the switches to the help files on the PCM server. For example:...

  • Page 102: Status Reporting Features

    Using the ProCurve Web Browser Interface Status Reporting Features Status Reporting Features Browser elements covered in this section include: The Overview window (below) ■ ■ Port utilization and status (page 5-17) ■ The Alert log (page 5-20) The Status bar (page 5-22) ■...

  • Page 103: The Port Utilization And Status Displays

    Using the ProCurve Web Browser Interface Status Reporting Features Policy Management and Configuration. PCM can perform network-wide policy management and configuration of your switch. The Management Server URL field (page 5-13) shows the URL for the management station performing that function. For more information, refer to the documentation provided with the PCM software.
  • Page 104 Using the ProCurve Web Browser Interface Status Reporting Features % Error Pkts Rx: All error packets received by the port. (This indicator ■ is a reddish color on many systems.) Although errors received on a port are not propagated to the rest of the network, a consistently high number of errors on a specific port may indicate a problem on the device or network segment connected to the indicated port.

  • Page 105: Port Status

    Using the ProCurve Web Browser Interface Status Reporting Features Figure 5-11. Display of Numerical Values for the Bar Port Status Port Status Indicators Legend Figure 5-12. The Port Status Indicators and Legend The Port Status indicators show a symbol for each port that indicates the general status of the port.

  • Page 106: The Alert Log

    Using the ProCurve Web Browser Interface Status Reporting Features The Alert Log The web browser interface Alert Log, shown in the lower half of the screen, shows a list of network occurrences, or alerts, that were detected by the switch. Typical alerts are Broadcast Storm, indicating an excessive number of broadcasts received on a port, and Problem Cable, indicating a faulty cable.

  • Page 107: Alert Types And Detailed Views

    Using the ProCurve Web Browser Interface Status Reporting Features Alert Types and Detailed Views As of June, 2007, the web browser interface generates the following alert types: • Auto Partition • High collision or drop rate • Backup Transition • Loss of Link •...

  • Page 108: The Status Bar

    Using the ProCurve Web Browser Interface Status Reporting Features Figure 5-14. Example of Alert Log Detail View The Status Bar The Status Bar appears in the upper left corner of the web browser interface window. Figure 5-15 shows an expanded view of the status bar.
  • Page 109 Using the ProCurve Web Browser Interface Status Reporting Features The Status bar includes four objects: ■ Status Indicator. Indicates, by icon, the severity of the most critical alert in the current display of the Alert Log. This indicator can be one of four shapes and colors, as shown below.

  • Page 110: Setting Fault Detection Policy

    Using the ProCurve Web Browser Interface Status Reporting Features Setting Fault Detection Policy One of the powerful features in the web browser interface is the Fault Detection facility. For your switch, this feature controls the types of alerts reported to the Alert Log based on their level of severity.
  • Page 111 Never. Disables the Alert Log and transmission of alerts (traps) to the ■ management server (in cases where a network management tool such as ProCurve Manager is in use). Use this option when you don’t want to use the Alert Log. The Fault Detection Window also contains three Change Control Buttons: Apply Changes.
  • Page 112 Using the ProCurve Web Browser Interface Status Reporting Features 5-26...

  • Page 113: Contents

    Switch Memory and Configuration Contents Overview ........... . . 6-3 Configuration File Management .
  • Page 114 Switch Memory and Configuration Contents Changing or Overriding the Reboot Configuration Policy ..6-31 Managing Startup-Config Files in the Switch ....6-33 Renaming an Existing Startup-Config File .

  • Page 115: Overview

    Switch Memory and Configuration Overview Overview This chapter describes: ■ How switch memory manages configuration changes How the CLI implements configuration changes ■ ■ How the menu interface and web browser interface implement configu- ration changes ■ How the switch provides software options through primary/secondary flash images How to use the switch’s primary and secondary flash options, including ■...
  • Page 116 This allows you to test the change without making it “permanent”. When you are satisfied that the change is satisfactory, you can make it permanent by executing the command. For example, write memory suppose you use the following command to disable port 5: ProCurve(config)# interface ethernet 5 disable...
  • Page 117 ProCurve(config)# write memory If you use the CLI to make a configuration change and then change from the CLI to the Menu interface without first using write memory to save the change to the startup-config file, then the switch prompts you to save the change.

  • Page 118: Using The Cli To Implement Configuration Changes

    Switch Memory and Configuration Using the CLI To Implement Configuration Changes Using the CLI To Implement Configuration Changes The CLI offers these capabilities: Access to the full set of switch configuration features ■ ■ The option of testing configuration changes before making them perma- nent How To Use the CLI To View the Current Configuration Files.
  • Page 119 ProCurve(config)# interface e a5 speed-duplex auto-10 After you are satisfied that the link is operating properly, you can save the change to the switch’s permanent configuration (the startup-config file) by...
  • Page 120 For example: Disables port 1 in the running configuration, which causes port 1 to block all traffic. ProCurve(config)# interface e 1 disable ProCurve(config)# boot Device will be rebooted, do you want to continue [y/n]? y Press [Y] to continue the rebooting process.
  • Page 121 Syntax: erase startup-config For example: ProCurve(config)# erase startup-config Configuration will be deleted and device rebooted, continue [y/n]? Figure 6-3. Example of erase startup-config Command Press to replace the current configuration with the factory default config- uration and reboot the switch.

  • Page 122: Configuration Changes

    Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Using the Menu and Web Browser Interfaces To Implement Configuration Changes The menu and web browser interfaces offer these advantages: Quick, easy menu or window access to a subset of switch configuration ■...

  • Page 123: Rebooting From The Menu Interface

    Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes To save and implement the changes for all parameters in this screen, press the [Enter] key, then press [S] (for Save). To cancel all changes, press the [Enter] key, then press [C] (for Cancel) Figure 6-4.
  • Page 124 Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Optional Reboot Switch Command Figure 6-5. The Reboot Switch Option in the Main Menu Rebooting To Activate Configuration Changes. Configuration changes for most parameters become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the Maximum VLANs to support...

  • Page 125: Web: Implementing Configuration Changes

    Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Asterisk indicates a configuration change that requires a reboot in order to take effect. Reminder to reboot the switch to activate configuration changes. Figure 6-6. Indication of a Configuration Change Requiring a Reboot Web: Implementing Configuration Changes You can use the web browser interface to simultaneously save and implement...

  • Page 126: Using Primary And Secondary Flash Image Options

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options Using Primary and Secondary Flash Image Options The switches covered in this guide feature two flash memory locations for storing switch software image files: ■ Primary Flash: The default storage for a switch software image. ■...
  • Page 127 Switch Memory and Configuration Using Primary and Secondary Flash Image Options For example, if the switch is using a software version of K.12.XX stored in Primary flash, show version produces the following: ProCurve(config)# show version Image stamp: /su/code/build/info(s01) Dec 01 2006 10:50:26 K.12.XX...

  • Page 128: Switch Software Downloads

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options 1. In this example show version indicates the switch has version K.12.02 in primary flash. 2. After the boot system command, show version indicates that version K.12.01 is in secondary flash.

  • Page 129: Local Switch Software Replacement And Removal

    If you want to remove an unwanted software version from flash, ProCurve recommends that you do so by overwriting it with the same software version that you are using to operate the switch, or with another acceptable software version.
  • Page 130 Figure 6-10. Example Indicating Two Different Software Versions in Primary and Secondary Flash Execute the copy command as follows: ProCurve(config)# copy flash flash primary Erasing the Contents of Primary or Secondary Flash. This command deletes the software image file from the specified flash location.

  • Page 131: Rebooting The Switch

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options The prompt shows which flash location will be erased. Figure 6-11. Example of Erase Flash Prompt Type y at the prompt to complete the flash erase. Use show flash to verify erasure of the selected software flash image The “...

  • Page 132: Boot And Reload Command Comparison

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options tures. For example, suppose you have just downloaded a software upgrade that includes new features that are not supported in the software you used to create the current startup-config file. In this case, the software simply assigns factory-default values to the parameters controlling the new features.

  • Page 133: Setting The Default Flash

    You can specify the default flash to boot from on the next boot by entering the boot set-default flash command. Syntax: boot set-default flash [primary |secondary] Upon booting, set the default flash for the next boot to primary or secondary. ProCurve(config)# boot set-default flash secondary ProCurve(config)# show flash Image Size(Bytes) Date Version...

  • Page 134: Booting From The Default Flash (Primary Or Secondary)

    You can optionally select a configuration file from which to boot. ProCurve(config)# boot This management module will now reboot from primary image and will become the standby module! You will need to use the other management module's console interface.

  • Page 135: Booting From A Specified Flash

    : Primary The next boot is from primary Set to secondary flash ProCurve(config)# boot set-default flash secondary This command changes the location of the default boot. This command will change the default flash image to boot from secondary. Hereafter, 'reload' 'boot' commands will boot from secondary.

  • Page 136: Using Reload

    For example, if you change the number of VLANs the switch supports, you must reboot the switch in order to implement the change. The reload command prompts you to save or discard the configuration changes. ProCurve(config)# max-vlans 12 Command will take effect after saving configuration and reboot. ProCurve(config)# reload This command will cause a switchover to the other management module which may not be running the same software image and configurations.
  • Page 137 To schedule a reload for the same time the following day: ProCurve# reload after 01:00:00 To schedule a reload for the same day at 12:05: ■ ProCurve# reload at 12:05 To schedule a reload on some future date: ■ ProCurve# reload at 12:05 01/01/2008 6-25...

  • Page 138: Multiple Configuration Files

    Switch Memory and Configuration Multiple Configuration Files ProCurve(config)# reload after 04:14:00 Reload scheduled in 4 days, 14 hours, 0 minutes This command will cause a switchover at the scheduled time to the other management module which may not be running the same software image and configurations.

  • Page 139: General Operation

    Switch Memory and Configuration Multiple Configuration Files While you can still use remote storage for startup-config files, you can now maintain multiple startup-config files on the switch and choose which version to use for a reboot policy or an individual reboot. This choice of which configuration file to use for the startup-config at reboot provides the following new options: ■...
  • Page 140 Switch Memory and Configuration Multiple Configuration Files Changing the Startup-Config File. When the switch reboots, the startup- config file supplies the configuration for the running-config file the switch uses to operate. Making changes to the running-config file and then executing a write-mem command (or, in the Menu interface, the Save command) are written back to the startup-config file used at the last reboot.

  • Page 141: Transitioning To Multiple Configuration Files

    Switch Memory and Configuration Multiple Configuration Files Erase the active startup-config file. This generates a new, default startup- ■ config file that always results when the switch automatically reboots after deletion of the currently active startup-config file. (Refer to “Erasing a Startup-Config File”...

  • Page 142: Listing And Displaying Startup-Config Files

    Switch Memory and Configuration Multiple Configuration Files Listing and Displaying Startup-Config Files Command Page show config files Below show config < filename > 6-31 Viewing the Startup-Config File Status with Multiple Configuration Enabled Rebooting the switch automatically enables the multiple configuration fea- ture.

  • Page 143: Displaying The Content Of A Specific Startup-Config File

    Switch Memory and Configuration Multiple Configuration Files Displaying the Content of A Specific Startup-Config File With Multiple Configuration enabled, the switch can have up to three startup- config files. Because the show config command always displays the content of the currently active startup-config file, the command extension shown below is needed to allow viewing the contents of any other startup-config files stored in the switch.
  • Page 144 Switch Memory and Configuration Multiple Configuration Files Syntax: startup-default [ primary | secondary ] config < filename > Specifies a boot configuration policy option: [ primary | secondary ] config < filename >: Designates the startup-config file to use in a reboot with the software version stored in a specific flash location.

  • Page 145: Managing Startup-Config Files In The Switch

    Switch Memory and Configuration Multiple Configuration Files ProCurve(config)# startup-default pri config minconfig ProCurve(config) # startup-default sec config newconfig. Overriding the Default Reboot Configuration Policy. This command provides a method for manually rebooting with a specific startup-config file other than the file specified in the default reboot configuration policy.

  • Page 146: Renaming An Existing Startup-Config File

    Switch Memory and Configuration Multiple Configuration Files Renaming an Existing Startup-Config File Syntax: rename config < current-filename > < newname-str > This command changes the name of an existing startup- config file. A file name can include up to 63, alphanumeric characters.

  • Page 147: Erasing A Startup-Config File

    Switch Memory and Configuration Multiple Configuration Files For example, suppose both primary and secondary flash memory contain software release “A” and use a startup-config file named config1: Figure 6-22. Example of Using One Startup-Config File for Both Primary and Secondary Flash If you wanted to experiment with configuration changes to the software version in secondary flash, you could create and assign a separate startup- config file for this purpose.
  • Page 148 Switch Memory and Configuration Multiple Configuration Files In a redundant management system, this command erases the config or startup config file on both the active and the standby management modules as long as redundancy has not been disabled. If the standby management module is not in standby mode or has failed selftest, the config or startup config file is not erased.

  • Page 149: Switch To Its Default Configuration

    Switch Memory and Configuration Multiple Configuration Files Figure 6-24 illustrates using erase config < filename > to remove a startup-config file. Figure 6-24. Example of Erasing a Non-Active Startup-Config File With the same memory configuration as is shown in the bottom portion of figure 6-24, executing erase startup-config boots the switch from primary flash, resulting in a new file named minconfig in the same memory slot.

  • Page 150: Transferring Startup-Config Files To Or From A Remote Server

    “TFTP: Copying a Configuration File to a Remote Host” on page A-25. For example, the following command copies a startup-config file named test- 01 from the switch to a (UNIX) TFTP server at IP address 10.10.28.14: ProCurve(config)# copy config test-01 tftp 10.10.28.14 test-01.txt unix 6-38...

  • Page 151: Tftp: Copying A Configuration File From A Remote Host

    For example, the following command copies a startup-config file named test- 01.txt from a (UNIX) TFTP server at IP address 10.10.28.14 to the first empty memory slot in the switch: ProCurve(config)# copy tftp config test-01 10.10.28.14 test-01.txt unix Xmodem: Copying a Configuration File to a Serially...

  • Page 152: Connected Host

    Switch Memory and Configuration Multiple Configuration Files Xmodem: Copying a Configuration from a Serially Connected Host Syntax: copy xmodem config < dest-file > < pc | unix > This is an addition to the copy xmodem command options. Use this command to download a configuration file from an Xmodem host to the switch.

  • Page 153: Contents

    Interface Access and System Information Contents Overview ........... . . 7-2 Interface Access: Console/Serial Link, Web, and Inbound Telnet .

  • Page 154: Overview

    Chapter 3, “Using the Menu Interface” ■ Chapter 4, “Using the Command Line Interface (CLI)” Chapter 5, “Using the ProCurve Web Browser Interface” ■ Why Configure Interface Access and System Information? The inter- face access features in the switch operate properly by default. However, you can modify or disable access features to suit your particular needs.

  • Page 155: Interface Access: Console/Serial Link, Web, And Inbound Telnet

    Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access Features Feature Default Menu Inactivity Time 0 Minutes page 7-4 page 7-6 — (disabled) Inbound Telnet Access Enabled page 7-4 page 7-5...

  • Page 156: Menu: Modifying The Interface Access

    Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Menu: Modifying the Interface Access The menu interface enables you to modify these parameters: ■ Inactivity Timeout Inbound Telnet Enabled ■ Web Agent Enabled ■ To Access the Interface Access Parameters: From the Main Menu, Select...

  • Page 157: Cli: Modifying The Interface Access

    Console Control Options Figure 7-2. Listing of Show Console Command Reconfigure Inbound Telnet Access. In the default configuration, inbound Telnet access is enabled. Syntax: [no] telnet-server To disable inbound Telnet access: ProCurve(config)# no telnet-server To re-enable inbound Telnet access: ProCurve(config)# telnet-server...
  • Page 158 Telnet to another device that has an IP address. Syntax: telnet < ip-address > For example: ProCurve # telnet 10.28.27.204 Reconfigure Web Browser Access. In the default configuration, web browser access is enabled. Syntax: [no] web-management...
  • Page 159 Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet N o t e If you change the Baud Rate or Flow Control settings for the switch, you should make the corresponding changes in your console access device. Oth- erwise, you may lose connectivity between the switch and your terminal emulator due to differences between the terminal and switch settings for these two parameters.
  • Page 160 Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet You can also execute a series of console commands and then save the configuration and boot the switch. For example: Configure individual parameters. Save the changes. Boot the switch.

  • Page 161: Sessions

    Interface Access and System Information Denying Interface Access by Terminating Remote Management Sessions Denying Interface Access by Terminating Remote Management Sessions The switch supports up to five management sessions. You can use show ip ssh to list the current management sessions, and kill to terminate a currently running remote session.

  • Page 162: System Information

    Configuring system information is optional, but recommended. System Name: Using a unique name helps you to identify individual devices where you are using an SNMP network management tool such as ProCurve Manager. System Contact and Location: This information is helpful for identifying the person administratively responsible for the switch and for identifying the locations of individual switches.

  • Page 163: Menu: Viewing And Configuring System Information

    Daylight Time Rule: Specifies the daylight savings time rule to apply for your location. The default is None. (For more on this topic, refer to Appendix D, “Daylight Savings Time on ProCurve Switches.) Time: Used in the CLI to specify the time of day, the date, and other system parameters.

  • Page 164: Cli: Viewing And Configuring System Information

    Interface Access and System Information System Information Press (for Edit). The cursor moves to the System Name field. Refer to the online help provided with this screen for further information on configuration options for these features. When you have finished making changes to the above parameters, press (for Save) and return to the Main Menu.
  • Page 165 Interface Access and System Information System Information Configure a System Name, Contact, and Location for the Switch. To help distinguish one switch from another, configure a plain-language identity for the switch. Syntax: hostname < name-string > snmp-server [contact <system-contact>] [location <system-location>] Each field allows up to 255 characters.
  • Page 166 Interface Access and System Information System Information MENU ProCurve Switch 5406zl 24-Oct-2006 12:41:47 ===========================- TELNET - MANAGER MODE =========================== Switch Configuration - System Information System Name : Blue Switch System Contact : Bill_Smith System Location : + characters of the location are missing. It’s too long.
  • Page 167 MAC address for the age-out interval, measured in seconds. Default: 300 seconds. For example, to configure the age time to seven minutes: ProCurve(config)# mac-age-time 420 Configure the Time Zone and Daylight Time Rule. These commands: ■ Set the time zone you want to use ■...

  • Page 168: Web: Configuring System Parameters

    Syntax: time [ hh:mm [ :ss ]] [ mm/dd/ [ yy ] yy ] For example, to set the switch to 9:45 a.m. on November 17, 2002: ProCurve(config)# time 9:45 11/17/02 N o t e Executing reload or boot resets the time and date to their default startup values.

  • Page 169: Contents

    Configuring IP Addressing Contents Overview ........... . . 8-2 IP Configuration .

  • Page 170: Overview

    Configuring IP Addressing Overview Overview You can configure IP addressing through all of the switch’s interfaces. You can also: ■ Easily edit a switch configuration file to allow downloading the file to multiple switches without overwriting each switch’s unique gateway and VLAN 1 IP addressing.

  • Page 171: Just Want A Quick Start With Ip Addressing?

    If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, ProCurve recommends that you use the Switch Setup screen to quickly configure IP addressing. To do so, do one of the following: Enter setup at the CLI Manager level prompt.

  • Page 172: Ip Addressing With Multiple Vlans

    Configuring IP Addressing IP Configuration For more on using the Switch Setup screen, refer to the Installation and Getting Started Guide you received with the switch. IP Addressing with Multiple VLANs In the factory-default configuration, the switch has one, permanent default VLAN (named DEFAULT_VLAN) that includes all ports on the switch.

  • Page 173: Menu: Configuring Ip Address, Gateway, And Time-To-Live (Ttl)

    Configuring IP Addressing IP Configuration Menu: Configuring IP Address, Gateway, and Time-To- Live (TTL) Do one of the following: To manually enter an IP address, subnet mask, set the IP Config parameter ■ to Manual and then manually enter the IP address and subnet mask values you want for the switch.

  • Page 174: Cli: Configuring Ip Address, Gateway, And Time-To-Live (Ttl)

    Configuring IP Addressing IP Configuration If the switch needs to access a router, for example, to reach off-subnet destinations, select the Default Gateway field and enter the IP address of the gateway router. If you need to change the packet Time-To-Live (TTL) setting, select Default TTL and type in a value between 2 and 255.
  • Page 175 Configuring IP Addressing IP Configuration (You can also use the show management command to display the IP addressing and time server IP addressing configured on the switch. Refer to figure 9-6 on page 9-10.) For example, in the factory-default configuration (no IP addressing assigned), the switch’s IP addressing appears as: The Default IP Configuration...
  • Page 176 ProCurve(config)# vlan 1 ip address 10.28.227.103/24 This example deletes an IP address configured in VLAN 1. ProCurve (config) no vlan 1 ip address 10.28.227.103/24 Configure Multiple IP Addresses on a VLAN (Multinetting). The fol- lowing is supported: Up to 2000 IP addresses for the switch ■...
  • Page 177 Configuring IP Addressing IP Configuration 1. Go to VLAN 20. 2. Configure two additional IP addresses on VLAN 3. Display IP addressing. Figure 8-4. Example of Configuring and Displaying a Multinetted VLAN If you then wanted to multinet the default VLAN, you would do the following: Figure 8-5.

  • Page 178: Web: Configuring Ip Addressing

    Syntax: ip default-gateway < ip-address > For example: ProCurve(config)# ip default-gateway 10.28.227.115 Note The switch uses the IP default gateway only while operating as a Layer 2 device. While routing is enabled on the switch, the IP default gateway is not used.

  • Page 179: How Ip Addressing Affects Switch Operation

    Console RS-232 port. You can use direct-connect console access to take advantage of features that do not depend on IP addressing. However, to realize the full capabilities ProCurve proactive networking offers through the switch, configure the switch with an IP address and subnet mask compatible with your network.

  • Page 180: Dhcp/Bootp Operation

    Configuring IP Addressing IP Configuration DHCP/Bootp Operation Overview. DHCP/Bootp is used to provide configuration data from a DHCP or Bootp server to the switch. This data can be the IP address, subnet mask, default gateway, Timep Server address, and TFTP server address. If a TFTP server address is provided, this allows the switch to TFTP a previously saved configuration file from the TFTP server to the switch.
  • Page 181 Configuring IP Addressing IP Configuration DHCP Operation. A significant difference between a DHCP configuration and a Bootp configuration is that an IP address assignment from a DHCP server is automatic. Depending on how the DHCP server is configured, the switch may receive an IP address that is temporarily leased. Periodically the switch may be required to renew its lease of the IP configuration.

  • Page 182: Network Preparations For Configuring Dhcp/Bootp

    Configuring IP Addressing IP Configuration gw=10.66.77.1:\ lg=10.22.33.44:\ T144=”switch.cfg”:\ vm=rfc1048 where: 8212switch is a user-defined symbolic name to help you find the correct section of the bootptab file. If you have multiple switches that will be using Bootp to get their IP configuration, you should use a unique symbolic name for each switch.

  • Page 183: Loopback Interfaces

    Configuring IP Addressing Loopback Interfaces N o t e Designating a primary VLAN other than the default VLAN affects the switch’s use of information received via DHCP/Bootp. For more on this topic, refer to the chapter describing VLANs in the Advanced Traffic Management Guide for your switch.

  • Page 184: Configuring A Loopback Interface

    Configuring IP Addressing Loopback Interfaces You can use a loopback interface to establish a Telnet session, ping the ■ switch, and access the switch through SNMP, SSH, and HTTP (web interface). ■ A loopback IP address can be used by routing protocols. For example, you can configure the loopback IP address as the router ID used to identify the switch in an OSPF area.
  • Page 185 Configuring IP Addressing Loopback Interfaces ProCurve(config)# interface loopback 1 ProCurve (lo1)# ip address 10.1.1.1 Figure 8-6. Example of a Loopback Interface Configuration N o t e s ■ You can configure a loopback interface only from the CLI; you cannot configure a loopback interface from the web management or Menu inter- face.

  • Page 186: Displaying Loopback Interface Configurations

    (TTL) and ARP age-out values, and VLAN IP configura- tions. The following example displays the IP addresses configured for two user-defined loopback interfaces (lo1 and lo2). ProCurve> show ip Internet (IP) Service IP Routing : Enabled Default TTL : 64...
  • Page 187 IP address, enter the show ip route command. The following example displays the configuration of the default loopback interface (lo0) and one user-defined loopback interface (lo2). ProCurve> show ip route IP Route Entries IP Routing : Enabled Default TTL : 64...

  • Page 188: Ip Preserve: Retaining Vlan-1 Ip Addressing Across Configuration File Downloads

    Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads For the switches covered in this guide, IP Preserve enables you to copy a configuration file to multiple switches while retaining the individual IP address and subnet mask on VLAN 1 in each switch, and the Gateway IP address assigned to the switch.

  • Page 189: Enabling Ip Preserve

    Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads Enabling IP Preserve To set up IP Preserve, enter the ip preserve statement at the end of a configu- ration file. (Note that you do not execute IP Preserve by entering a command from the CLI).
  • Page 190 Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads ProCurve(config)# show run Running configuration: ; J8715A Configuration Editor; Created on release #K.12.07 hostname "ProCurve" module 1 type J8702A module 2 type J8705A trunk A11-A12 Trk1 Trunk ip default-gateway 10.10.10.115...
  • Page 191 Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads ProCurve# show run Running configuration: ; J8715A Configuration Editor; Created on release #K.12.07 hostname "ProCurve" module 1 type J8702A module 2 type J8705A trunk A11-A12 Trk1 Trunk Because switch 4 (figure 8-10) ip default-gateway 10.10.10.115...
  • Page 192 Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads 8-24...

  • Page 193: Contents

    Time Protocols Contents Overview ........... . . 9-2 TimeP Time Synchronization .

  • Page 194: Overview

    Time Protocols Overview Overview This chapter describes: ■ SNTP Time Protocol Operation Timep Time Protocol Operation ■ Using time synchronization ensures a uniform time among interoperating devices. This helps you to manage and troubleshoot switch operation by attaching meaningful time data to event and error messages. The switch offers TimeP and SNTP (Simple Network Time Protocol) and a timesync command for changing the time protocol selection (or turning off time protocol operation).

  • Page 195: Protocol Operation

    Time Protocols Selecting a Time Synchronization Protocol or Turning Off Time Protocol Operation N o t e To use Broadcast mode, the switch and the SNTP server must be in the same subnet. Unicast Mode: The switch requests a time update from the config- ■...

  • Page 196: Sntp: Viewing, Selecting, And Configuring

    Time Protocols SNTP: Viewing, Selecting, and Configuring In the System Information screen of the Menu interface, set the Time ■ Synch Method parameter to None, then press [Enter], then [S] (for Save). In the Global config level of the CLI, execute no timesync. ■...

  • Page 197: Menu: Viewing And Configuring Sntp

    Time Protocols SNTP: Viewing, Selecting, and Configuring Table 9-1. SNTP Parameters SNTP Parameter Operation Time Sync Used to select either SNTP, TIMEP, or None as the time synchronization method. Method SNTP Mode Disabled The Default. SNTP does not operate, even if specified by the Menu interface Time Sync Method parameter or the CLI timesync command.
  • Page 198 Time Protocols SNTP: Viewing, Selecting, and Configuring ==========================- CONSOLE - MANAGER MODE -======================== Switch Configuration - System Information System Name : ProCurve System Contact : System Location : Inactivity Timeout (min) [0] : 0 MAC Age Time (sec) [300] : 300...
  • Page 199 SNTP server version running on the device you specified in the preceding step (step ii). If you are unsure which version to use, ProCurve recommends leaving this value at the default setting of 3 and testing SNTP operation to determine whether any change is necessary.

  • Page 200: Cli: Viewing And Configuring Sntp

    Time Protocols SNTP: Viewing, Selecting, and Configuring CLI: Viewing and Configuring SNTP CLI Commands Described in this Section SNTP Command Page show sntp [no] timesync 9-10 and ff., 9-14 sntp broadcast 9-11 sntp unicast 9-11 sntp server 9-11 and ff. Protocol Version 9-13 Priority...
  • Page 201 Time Protocols SNTP: Viewing, Selecting, and Configuring ProCurve(config)# show sntp SNTP Configuration Time Sync Mode: Sntp SNTP Mode : Unicast Poll Interval (sec) [720] : 719 Priority SNTP Server Address Protocol Version -------- ---------------------------------------------- ---------------- 2001:db8::215:60ff:fe79:8980 10.255.5.24 fe80::123%vlan10 Figure 9-4. Example of SNTP Configuration When SNTP Is the Selected Time Synchronization Method...

  • Page 202: Configuring (Enabling Or Disabling) The Sntp Mode

    Time Protocols SNTP: Viewing, Selecting, and Configuring ProCurve(config)# show management Status and Counters - Management Address Information Time Server Address : fe80::215:60ff:fe7a:adc0%vlan10 Priority SNTP Server Address Protocol Version -------- ---------------------------------------------- ---------------- 2001:db8::215:60ff:fe79:8980 10.255.5.24 fe80::123%vlan10 Default Gateway : 10.0.9.80 VLAN Name...
  • Page 203 Time Protocols SNTP: Viewing, Selecting, and Configuring Enabling SNTP in Broadcast Mode. Because the switch provides an SNTP polling interval (default: 720 seconds), you need only these two commands for minimal SNTP broadcast configuration: Syntax: timesync sntp Selects SNTP as the time synchronization method. Syntax: sntp broadcast Configures broadcast as the SNTP mode.
  • Page 204 10.28.227.141 with the default server version (3) and default poll interval (720 seconds): ProCurve(config)# timesync sntp Selects SNTP. ProCurve(config)# sntp unicast Activates SNTP in Unicast mode. ProCurve(config)# sntp server 10.28.227.141 Specifies the SNTP server and accepts the current SNTP server version (default: 3). 9-12...

  • Page 205: Sntp Configuration

    Time Protocols SNTP: Viewing, Selecting, and Configuring ProCurve(config)# show sntp In this example, the Poll Interval and the Protocol SNTP Configuration Version appear at their default settings. Both IPv4 and IPv6 addresses are displayed. Time Sync Mode: Sntp SNTP Mode : Unicast...
  • Page 206 IPv6 addresses, see the “IPv6 Configura- tion Guide” for your switch. For example, to set one server to priority 1 and another to priority 2: ProCurve(config)# sntp server priority 1 10.28.22.141 ProCurve(config)# sntp server priority 2 2001:db8::215:60ff:fe79:8980 Disabling Time Synchronization Without Changing the SNTP Configuration.
  • Page 207 Time Protocols SNTP: Viewing, Selecting, and Configuring Disabling the SNTP Mode. If you want to prevent SNTP from being used even if selected by timesync (or the Menu interface’s Time Sync Method param- eter), configure the SNTP mode as disabled. Syntax: no sntp Disables SNTP by changing the SNTP mode configuration to Disabled.

  • Page 208: Timep: Viewing, Selecting, And Configuring

    Time Protocols TimeP: Viewing, Selecting, and Configuring TimeP: Viewing, Selecting, and Configuring TimeP Feature Default Menu view the Timep time synchronization configuration page 9-17 page 9-19 — select Timep as the time synchronization method TIMEP page 9-15 pages 9-21 ff. —...

  • Page 209: Menu: Viewing And Configuring Timep

    2. Switch Configuration... 1. System Information ==========================- CONSOLE - MANAGER MODE -========================== Switch Configuration - System Information System Name : ProCurve System Contact : System Location : Inactivity Timeout (min) [0] : 0 MAC Age Time (sec) [300] : 300...

  • Page 210: Cli: Viewing And Configuring Timep

    Time Protocols TimeP: Viewing, Selecting, and Configuring ii. Enter the IP address of the TimeP server you want the switch to use for time synchronization. Note: This step replaces any previously configured TimeP server IP address. [>] to move the cursor to the Poll Interval field, then go to iii.

  • Page 211: Viewing The Current Timep Configuration

    Time Protocols TimeP: Viewing, Selecting, and Configuring Viewing the Current TimeP Configuration Using different show commands, you can display either the full TimeP config- uration or a combined listing of all TimeP, SNTP, and VLAN IP addresses configured on the switch. Syntax: show timep This command lists both the time synchronization method (TimeP, SNTP, or None) and the TimeP configuration, even if...

  • Page 212: Configuring (Enabling Or Disabling) The Timep Mode

    Time Protocols TimeP: Viewing, Selecting, and Configuring ProCurve(config)# show management Status and Counters - Management Address Information Time Server Address : 10.10.28.100 Priority SNTP Server Address Protocol Version -------- ---------------------------------------------- ---------------- 10.10..28.101 10.255.5.24 fe80::123%vlan10 Default Gateway : 10.0.9.80 VLAN Name...
  • Page 213 Time Protocols TimeP: Viewing, Selecting, and Configuring Enabling TimeP in DHCP Mode. Because the switch provides a TimeP polling interval (default: 720 minutes), you need only these two commands for a minimal TimeP DHCP configuration: Syntax: timesync timep Selects TimeP as the time synchronization method. Syntax: ip timep dhcp Configures DHCP as the TimeP mode.
  • Page 214 TimeP server address of 10.28.227.141 and the default poll interval (720 minutes, assuming the TimeP poll interval is already set to the default): ProCurve(config)# timesync timep Selects TimeP. ProCurve(config)# ip timep manual 10.28.227.141 Activates TimeP in Manual mode. Figure 9-17. Example of Configuring Timep for Manual Operation 9-22...
  • Page 215 Syntax: ip timep < dhcp | manual > interval < 1 - 9999 > For example, to change the poll interval to 60 minutes: ProCurve(config)# ip timep interval 60 Disabling Time Synchronization Without Changing the TimeP Configuration. The recommended method for disabling time synchroniza- tion is to use the timesync command.
  • Page 216 Time Protocols TimeP: Viewing, Selecting, and Configuring For example, if the switch is running TimeP in DHCP mode, no ip timep changes the TimeP configuration as shown below, and disables time synchronization. Even though the Time Sync Mode is set to Timep, time synchronization is disabled because no ip timep has disabled the TimeP Mode parameter.

  • Page 217: Sntp Unicast Time Polling With Multiple Sntp Servers

    The CLI show management command displays all configured SNTP servers on the switch. ProCurve(config)# show management Status and Counters - Management Address Information Time Server Address : fe80::215:60ff:fe7a:adc0%vlan10...

  • Page 218: Adding And Deleting Sntp Server Addresses

    Syntax: no sntp server < ip-addr > For example, to delete the primary address in the above example (and automatically convert the secondary address to primary): ProCurve(config)# no sntp server 10.28.227.141 Menu: Operation with Multiple SNTP Server Addresses Configured When you use the Menu interface to configure an SNTP server IP address, the new address writes over the current primary address, if one is configured.

  • Page 219: Contents

    Configuring a Broadcast Limit on the Switch ....10-14 Configuring ProCurve Auto-MDIX ......10-15 Web: Viewing Port Status and Configuring Port Parameters .

  • Page 220: Overview

    10-6 page 10-11 page 10-18 10-1 on pages 10-3 thru 10-4 configuring ProCurve auto-mdix page 9-11 Note On Connecting If the switch either fails to show a link between an installed transceiver and Transceivers to another device, or demonstrates errors or other unexpected behavior on the...
  • Page 221 • Auto-10: Allows the port to negotiate between half-duplex (HDx) and full-duplex (FDx) while keeping speed at 10 Mbps. Also negotiates flow control (enabled or disabled). ProCurve recommends Auto- 10 for links between 10/100 auto-sensing ports connected with Cat 3 cabling. (Cat 5 cabling is required for 100 Mbps links.).
  • Page 222 Port Status and Configuration Viewing Port Status and Configuring Port Parameters Status or Description Parameter — Continued From Previous Page — Gigabit Fiber-Optic Ports (Gigabit-SX, Gigabit-LX, and Gigabit-LH): • 1000FDx: 1000 Mbps (1 Gbps), Full Duplex only • Auto (default): The port operates at 1000FDx and auto-negotiates flow control with the device connected to the port.

  • Page 223: Menu: Port Configuration

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Menu: Port Configuration From the menu interface, you can view and change the port configuration. Using the Menu To View Port Configuration. The menu interface dis- plays the configuration for ports and (if configured) any trunk groups. From the Main Menu, select: 1.
  • Page 224 Port Status and Configuration Viewing Port Status and Configuring Port Parameters Using the Menu To Configure Ports. You can configure and view the port settings by using the menu. N o t e The menu interface uses the same screen for configuring both individual ports and port trunk groups.

  • Page 225: Cli: Viewing Port Status And Configuring Port Parameters

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters CLI: Viewing Port Status and Configuring Port Parameters From the CLI, you can configure and view all port parameter settings and view all port status indicators. Port Status and Configuration Commands show interfaces brief page 10-8 show interfaces config...
  • Page 226 Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)# show interfaces brief Status and Counters - Port Status | Intrusion Flow Bcast Port Type | Alert Enabled Status Mode Mode Ctrl Limit ----- --------- + --------- ------- ------ ----------...

  • Page 227: Viewing Port Utilization Statistics

    Viewing Port Utilization Statistics Use the show interface port-utilization command to view a real-time rate display for all ports on the switch. The following shows a sample output from this command. ProCurve(config)# show interfaces port-utilization Status and Counters - Port Utilization Port Mode...
  • Page 228 • Part number—Allows you to determine the manufacturer for a spec- ified transceiver and revision number. For a non-ProCurve installed transceiver (see line 23 Figure 10-6), no ■ transceiver type, product number, or part information is displayed. In the Serial Number field, non-operational is displayed instead of a serial num- ber.

  • Page 229: Enabling Or Disabling Ports And Configuring Port Mode

    Transceiver type not supported in this software version. • Not a ProCurve Transceiver. Please go to: www.hp.com/rnd/device_help/2_inform for more info. Enabling or Disabling Ports and Configuring Port Mode You can configure one or more of the following port parameters. Refer to table 10-1 on pages 10-3 through 10-4.

  • Page 230: Enabling Or Disabling Flow Control

    ProCurve(config)# int c8 enable These commands enable and configure port C8 from the config level: ProCurve(config)# int c8 speed-duplex 100-full ProCurve(config)# int c8 flow-control ProCurve(config)# int c8 These commands select the port C8 context level and then apply the...
  • Page 231 Port Status and Configuration Viewing Port Status and Configuring Port Parameters Assuming that flow control is currently disabled on the switch, you would use these commands: Enables per-port flow control for ports A1 - A6. Figure 10-8. Example of Configuring Flow Control for a Series of Ports Disables per-port flow control on ports A5 and A6.

  • Page 232: Configuring A Broadcast Limit On The Switch

    Broadcast-Limit on switches covered in this guide is configured on a per-port basis. You must be at the port context level for this command to work, for example: ProCurve(config)#int B1 ProCurve(int B1)# broadcast-limit 1 Broadcast-Limit. Syntax: broadcast-limit <0-99> Enables or disables broadcast limiting for outbound broadcasts on a selected port on the switch.

  • Page 233: Configuring Procurve Auto-Mdix

    ProCurve Auto-MDIX was developed for auto-negotiating devices, and was shared with the IEEE for the development of the IEEE 802.3ab standard. ProCurve Auto-MDIX and the IEEE 802.3ab Auto MDI/MID-X feature are completely compatible. Additionally, ProCurve Auto-MDIX supports opera- tion in forced speed and duplex modes.
  • Page 234 Port Status and Configuration Viewing Port Status and Configuring Port Parameters For more information on MDI-X, refer to the appendix titled “Switch Ports and Network Cables” in the Installation and Getting Started Guide for your switch. Manual Override. If you require control over the MDI/MDI-X feature you can set the switch to either of two non-default modes: ■...
  • Page 235 Port Status and Configuration Viewing Port Status and Configuring Port Parameters Syntax: show interfaces brief Where a port is linked to another device, this command lists the MDI mode the port is currently using. In the case of ports configured for Auto (auto-mdix), the MDI mode appears as either MDI or MDIX, depending upon which option the port has negotiated with the device on the other end of the link.

  • Page 236: Web: Viewing Port Status And Configuring Port Parameters

    Port Status and Configuration Using Friendly (Optional) Port Names Web: Viewing Port Status and Configuring Port Parameters In the web browser interface: Click on the Configuration tab. Click on [Port Configuration] Select the ports you want to modify and click on [Modify Selected Ports] After you make the desired changes, click on [Apply Settings]...

  • Page 237: Configuring Friendly Port Names

    Port Status and Configuration Using Friendly (Optional) Port Names The friendly port names you configure appear in the output of the show ■ name [ port-list ], show config, and show interface < port-number > commands. They do not appear in the output of other show commands or in Menu interface screens.

  • Page 238: Displaying Friendly Port Names With Other Port Data

    Port Status and Configuration Using Friendly (Optional) Port Names Configuring the Same Name for Multiple Ports. Suppose that you want to use ports A5 through A8 as a trunked link to a server used by a drafting group. In this case you might configure ports A5 through A8 with the name “Draft-Server:Trunk”.
  • Page 239 Port Status and Configuration Using Friendly (Optional) Port Names Syntax: show name [ port-list ] Lists the friendly port name with its corresponding port number and port type. The show name command without a port list shows this data for all ports on the switch. For example: Ports Without “Friendly”...
  • Page 240 Port Status and Configuration Using Friendly (Optional) Port Names Syntax: show interface < port-number > Includes the friendly port name with the port’s traffic statistics listing. For example, if you configure port A1 with the name “O’Connor_10.25.101.43”, the show interface output for this port appears similar to the following: Friendly Port Name Figure 10-17.
  • Page 241 Port Status and Configuration Using Friendly (Optional) Port Names For example, if you configure port A1 with a friendly port name: This command sequence saves the friendly port name for port A1 in the startup- config file. The name entered for port A2 is not saved because it was executed after write memory.

  • Page 242: Been Inserted

    Port Status and Configuration Using Friendly (Optional) Port Names Configuring Transceivers and Modules That Haven’t Been Inserted Transceivers Previously, a port had to be valid and verified for the switch to allow it to be configured. Transceivers are removable ports and considered invalid when not present in the switch, so they cannot be configured unless they are already in the switch.

  • Page 243: Uni-Directional Link Detection (Udld)

    When UDLD is enabled on the trunk ports on each ProCurve switch, the switches detect the failed link, block the ports connected to the failed link, and use the remaining ports in the trunk group to forward the traffic.

  • Page 244: Configuring Udld

    When configuring UDLD, keep the following considerations in mind: ■ UDLD is configured on a per-port basis and must be enabled at both ends of the link. See the note below for a list of ProCurve switches that support UDLD. ■...

  • Page 245: Enabling Udld

    Enabling UDLD UDLD is enabled on a per port basis. For example, to enable UDLD on port a1, enter: ProCurve(config)#interface al link-keepalive To enable the feature on a trunk group, enter the appropriate port range. For example: ProCurve(config)#interface al-a4 link-keepalive...

  • Page 246: Changing The Keepalive Interval

    The default implementation of UDLD sends the UDLD control packets untagged, even across tagged ports. If an untagged UDLD packet is received by a non-ProCurve switch, that switch may reject the packet. To avoid such an occurrence, you can configure ports to send out UDLD control packets that are tagged with a specified VLAN.

  • Page 247: Viewing Udld Information

    To display summary information on all UDLD-enabled ports, enter the show link-keepalive command. For example: ProCurve(config)# show link-keepalive Total link-keepalive enabled ports: 4 Keepalive Retries: Keepalive Interval: 1 sec...
  • Page 248 To display detailed UDLD information for specific ports, enter the show link- keepalive statistics command. For example: Ports 1 and 2 are UDLD-enabled and show the number of health check packets sent and received on each port. ProCurve(config)# show link-keepalive statistics Port: Current State: Neighbor MAC Addr: 0000a1-b1c1d1...

  • Page 249: Configuration Warnings And Event Log Messages

    Port Status and Configuration Uni-Directional Link Detection (UDLD) Configuration Warnings and Event Log Messages Warning Messages. The following table shows the warning messages that may be issued and their possible causes, when UDLD is configured for tagged ports. Table 10-3. Warning Messages caused by configuring UDLD for Tagged Ports CLI Command Example Warning Message Possible Problem...
  • Page 250 Port Status and Configuration Uni-Directional Link Detection (UDLD) 10-32...

  • Page 251: Contents

    Power Over Ethernet (PoE) Operation Contents PoE Devices ..........11-3 Introduction to PoE .
  • Page 252 Power Over Ethernet (PoE) Operation Contents Planning and Implementing a PoE Configuration ....11-32 Assigning PoE Ports to VLANs ......11-32 Applying Security Features to PoE Configurations .

  • Page 253: Poe Devices

    PoE Devices PoE Devices The ProCurve switches covered in this guide are used as Power Sourcing Equipment (PSE) devices providing PoE power to the Powered Devices (PDs) through the 24 port Gig-T PoE module (J8702A) or the 20 port Gig-T plus 4 mini-GBIC PoE module (J8705A).

  • Page 254: Introduction To Poe

    LAN cabling. For more information about PoE technology, refer to the PoE Plan- ning and Implementation Guide, which is available on the ProCurve Net- working web site at www.procurve.com. (Click on technical support, then Product manuals (all)).

  • Page 255: Overview Of Operation

    A 24-port Gig-T PoE module (J8702A) or a 20-port Gig-T plus 4 mini-GBIC PoE module (J8705A) is a PSE device that receives PoE power from either a ProCurve J8712A Power Supply or a ProCurve J8713A Power Supply and distributes this power to the PDs connected to the PoE module’s Gig-T ports.
  • Page 256 ProCurve Networking web site at www.procurve.com. (Click on technical support, then Product manuals (all).) The latest version of any ProCurve product guide is always on the ProCurve Networking web site. Refer to “Getting Documentation From the Web” on page 1-6.

  • Page 257: General Poe Operation

    Product manuals (all)). Configuration Options In the default configuration, all Gig-T ports on the PoE module in a ProCurve switch covered in this guide are configured to support PoE operation. You can: Disable or re-enable per-port PoE operation on individual ports to ■...

  • Page 258: Pd Support

    Power Over Ethernet (PoE) Operation General PoE Operation Note The ports on a PoE module support standard networking links and PoE links. Thus, you can connect either a non-PoE device or a PD to a PoE-enabled port without reconfiguring the port. PD Support When you connect the first PD to a PoE port, the PoE module must have a minimum of 17 watts of PoE power available in order to detect and supply...
  • Page 259 Power Over Ethernet (PoE) Operation General PoE Operation port on the module loses PoE power and remains unpowered until the module once again has 17 or more watts available. (For information on power priority, refer to “Power Priority Operation” on page 11-10.) Disconnecting a PD from a PoE port causes the module to stop providing PoE power to that port and makes the power available to any other PoE ports that have PDs connected and waiting for power.

  • Page 260: Determining The Amount Of Poe Power Available

    Power Over Ethernet (PoE) Operation General PoE Operation Determining the Amount of PoE Power Available Table 11-1 shows the amount of PoE power available for powering PDs depending on the power supplies used. Table 11-1. PoE Power Available Source of Power PoE Power Available PoE Power Available for PoE (J8702A)

  • Page 261: How Is Power Allocation Prioritized?

    High In this example, the following CLI command sets ports C19-C22 to High: ProCurve(config)# interface c19-c22 power-over-ethernet high The High priority class receives power only if all PDs on ports with a Critical priority setting are receiving power. If there is not enough power to provision PDs on all ports with a high priority, then no power goes to ports with a low priority.

  • Page 262: Poe Priority With Two Or More Modules

    C22 - C24 In this example, the CLI command sets ports C23-C24 to Low ProCurve(config)# interface c23-c24 power-over-ethernet low This priority class receives power only if all PDs on ports with High and Critical priority settings are receiving power. If there is enough power to provision PDs on only some low- priority ports, then power is allocated to the ports in ascending order, beginning with the lowest-numbered port in the class (port 22, in this case), until all available power is in use.
  • Page 263 Power Over Ethernet (PoE) Operation General PoE Operation The result is that all the Critical priority ports on module C would receive power, but only 8 ports on module A would receive power. On module A, the port A1 has the highest priority of the ports in that module if all ports are in the same priority class, which is the case for this example.

  • Page 264: Configuring Poe Operation

    You can use one command to set the same priority level on PoE ports in multiple modules. For example, to configure the priority to High for ports c5-c10, C23-C24, D1-D10, and D12, you could use this command: ProCurve(config)# interface c5-c10,c23-c24, d1-d10,d12 power-over-ethernet high 11-14...

  • Page 265: Disabling Or Re-Enabling Poe Port Operation

    You must disable ALL ports in the module for this to occur. Enabling Support for Pre-Standard Devices The ProCurve switches covered in this guide also support some pre-802.3af devices. For a list of the devices supported, refer to the FAQs for your switch model.

  • Page 266: Configuring Poe Redundancy

    Power Over Ethernet (PoE) Operation Configuring PoE Operation Configuring PoE Redundancy When PoE redundancy is enabled, PoE redundancy occurs automatically. The switch keeps track of power use and won’t supply PoE power to additional PoE devices trying to connect if that results in the switch not having enough power in reserve for redundancy if one of the power supplies should fail.

  • Page 267: Changing The Threshold For Generating A Power Notice

    In this case, executing the following command sets the global notification threshold to 70% of available PoE power. ProCurve(config)# power-over-ethernet threshold With this setting, if module B is allocated 100 watts of PoE power and is using 68 watts, and then another PD is connected to the module in slot B that uses 8 watts, the 70% threshold of 70 watts is exceeded.

  • Page 268: Poe Allocation Using Lldp Information

    For example, you could set the power threshold for a PoE module in slot “A” to 75% and the threshold for the module in slot “B” to 68% by executing the following two commands: ProCurve(config)# power-over-ethernet slot a threshold 75 ProCurve(config)# power-over-ethernet slot b threshold 68...
  • Page 269 LLDP. By default, PoE information detected through LLDP is ignored. Default: Disabled For example, you can enter this command to enable LLDP detection: ProCurve(config)# int A7 poe-lldp-detect enabled or in interface context: ProCurve(eth-A7)# poe-lldp-detect enabled Note Detecting PoE information via LLDP only affects power delivery;...

  • Page 270: Controlling Poe Allocation

    Figure 11-2. Possible PD Class Detected with Ranges For example, to allocate by class for ports A6 -A8: ProCurve(config)# int A6-A8 poe-allocate-by class Manually Configuring PoE Power Levels You can specify a power level (in watts) allocated for a port, ranging from 1 to 17 watts in 1 watt increments, by using the value option.
  • Page 271 Power Over Ethernet (PoE) Operation Configuring PoE Operation Then select a value between 1 and 17: ProCurve(config)# int A6 poe-value 15 or in interface context: ProCurve(eth-A6)# poe-value 15 To view the settings, enter the show power-over-ethernet command: ProCurve(config)# show power-over-ethernet A6...

  • Page 272: Configuring Optional Poe Port Identifiers

    Power Over Ethernet (PoE) Operation Configuring PoE Operation Configuring Optional PoE Port Identifiers The Configured Type field in the MIB allows you to configure a unique identifier for a PoE port that indicates the intended use for that port. Such identifiers are useful when viewing PoE status with the following commands: show power-over-ethernet brief (page 11-26) show power-over-ethernet <...
  • Page 273 For example, to return port A5 in the above figure to a null setting, use this command: ProCurve(config)# setmib pethPsePortType.1.5 -D " " For more on displaying PoE configuration and status, refer to “Viewing PoE Configuration and Status” on page 11-24.

  • Page 274: Viewing Poe Configuration And Status

    Power Over Ethernet (PoE) Operation Viewing PoE Configuration and Status Viewing PoE Configuration and Status Displaying the Switch’s Global PoE Power Status Syntax: show power-over-ethernet [brief | [ethernet] <port-list> |[slot <slot-id-range> | all>]] Displays the switch’s global PoE power status, including: •...
  • Page 275 Power Over Ethernet (PoE) Operation Viewing PoE Configuration and Status ProCurve(config)# show power-over-ethernet Status and Counters - System Power Status Pre-standard Detect : On Power Redundancy : none Chassis power-over-ethernet: Total Provided Power: 273 W Total Failover Power: Total Redundancy Power:...

  • Page 276: Displaying Poe Status On All Ports

    Power Over Ethernet (PoE) Operation Viewing PoE Configuration and Status Displaying PoE Status on All Ports Syntax: show power-over-ethernet brief Displays the following port power status: • Port: Lists all PoE-capable ports on the switch. • Power Enable: Shows Yes for ports enabled to support PoE (the default) and No for ports on which PoE is disabled.
  • Page 277 17 Searching Figure 11-7. Example of Show Power-Over-Ethernet Brief Output You can also show the PoE information by slot: ProCurve(config)# show power-over-ethernet slot A Status and Counters - System Power Status for slot A Maximum Power : 273 W...

  • Page 278: Displaying The Poe Status On Specific Ports

    Power Over Ethernet (PoE) Operation Viewing PoE Configuration and Status Displaying the PoE Status on Specific Ports Syntax: show power-over-ethernet <port-list > Displays the following PoE status and statistics (since the last reboot) for each port in <port-list >: • Power Enable: Shows Yes for ports enabled to support PoE (the default) and No for ports on which PoE is disabled.
  • Page 279 Power Over Ethernet (PoE) Operation Viewing PoE Configuration and Status Syntax: show power-over-ethernet <port-list > (Continued) Power Denied Cnt: Shows the number of times PDs requesting • power on the port have been denied due to insufficient power available. Each occurrence generates an Event Log message. Voltage: The total voltage, in dV, being delivered to PDs.
  • Page 280 For example, if you wanted to view the PoE status of ports A6 and A7, you would use show power-over-ethernet A6-A7 to display the data: ProCurve(config)# show power-over-ethernet A6-A7 Status and Counters - Port Power Status for port A6 Power Enable...

  • Page 281: Displaying Information About Power Supplies

    If you want to know information about the power supplies, enter this com- mand: Syntax: show chassis-power-supply Displays the power information for each power supply in the chassis. ProCurve(config)# show chassis-power-supply Power Supply Status: PS# | State | AC/DC + V | Wattage...

  • Page 282: Planning And Implementing A Poe Configuration

    Configuration This section provides an overview of some considerations for planning a PoE application. For additional information on this topic, refer to the ProCurve PoE Planning and Implementation Guide which is available on the ProCurve Networking web site at www.procurve.com. (Click on technical support, then Product manuals (all)).

  • Page 283: Assigning Priority Policies To Poe Traffic

    For more information on security options, refer to the latest edition of the Access Security Guide for your switch. (The ProCurve Networking web site offers the latest version of all ProCurve product publications. Refer to “Getting Documentation From the Web” on page 1-6.)

  • Page 284: Calculating The Maximum Load For A Poe Module

    Calculating the Maximum Load for a PoE Module The maximum power available for a PoE module depends on the type of power supplies used. ProCurve recommends that if you use more than one power supply, use the same type of power supplies in your PoE implementation, that...

  • Page 285: When A Power Supply Fails

    For additional information about planning your PoE configuration, refer to the PoE Planning and Implementation Guide, which is available from the ProCurve Networking web site at www.procurve.com. (Click on technical support, then Product manuals (all).) 11-35...

  • Page 286: Poe Operating Notes

    PoE device connected to port 1 on a PoE module installed in slot D: ProCurve(config)# no interface d1 power-over-ethernet ProCurve(config)# interface d1 power-over-ethernet Disabling all PoE ports in a module allows you to recover the 22 watts ■...

  • Page 287: Poe Event Log Messages

    Slot <slot-id > software update started A module needs to have its PoE firmware updated and the on PoE controller <controller-id> software begins the update process. On ProCurve 8212zl switches the controller-id is always “1” Slot <slot-id > software update A module has its PoE firmware updated and the software completed on PoE controller <controller-...

  • Page 288: Warning" Poe Event-Log Messages

    Power Over Ethernet (PoE) Operation PoE Operating Notes “Warning” PoE Event-Log Messages Message Meaning W < > chassis > < Message header, with severity, date, system time, and system module type. For more information on Event Log operation, including severity indicators, refer to “Using the Event Log for Troubleshooting Switch Problems”...

  • Page 289: Contents

    Port Trunking Contents Overview ........... . 12-2 Port Trunk Features and Operation .

  • Page 290: Overview

    Port Trunking Overview Overview This chapter describes creating and modifying port trunk groups. This includes non-protocol trunks and LACP (802.3ad) trunks. Port Status and Configuration Features Feature Default Menu viewing port trunks page 12-9 page 12-11 page 12-17 configuring a static trunk none page 12-9 page 12-15...
  • Page 291 Port Trunking Overview Port Connections and Configuration: All port trunk links must be point- to-point connections between a switch and another switch, router, server, or workstation configured for port trunking. No intervening, non-trunking devices are allowed. It is important to note that ports on both ends of a port trunk group must have the same mode (speed and duplex) and flow control settings.

  • Page 292: Port Trunk Features And Operation

    LACP requires full-duplex (FDx) links of the same media type (10/100Base-T, 100FX, etc.) and the same speed, and enforces speed and duplex conformance across a trunk group. For most installations, ProCurve recommends that you leave the port Mode settings at Auto (the default). LACP also operates with Auto-10, Auto-100, and Auto-1000 (if negotiation selects FDx), and 10FDx, 100FDx, and 1000FDx settings.
  • Page 293 Port Trunking Trunk Configuration Methods ProCurve(config) int c1-c4 lacp active Note that the preceding example works if the ports are not already operating in a trunk. To change the LACP option on ports already operating as a trunk, you must first remove them from the trunk. For example, if ports C1 - C4 were...
  • Page 294 For more information, refer to “Trunk Group Operation Using LACP” on page 12-18. Trunk Provides manually configured, static-only trunking to: (non- • Most ProCurve switches and routing switches not running the 802.3ad LACP protocol. protocol) • Windows NT and HP-UX workstations and servers Use the Trunk option when: –...
  • Page 295 Port Configuration: The default port configuration is Auto, which enables a port to sense speed and negotiate duplex with an Auto-Enabled port on another device. ProCurve recommends that you use the Auto setting for all ports you plan to use for trunking.
  • Page 296 Port Trunking Trunk Configuration Methods Spanning Tree: 802.1D (STP) and 802.1w (RSTP) Spanning Tree operate as a global setting on the switch (with one instance of Spanning Tree per switch). 802.1s (MSTP) Spanning Tree operates on a per-instance basis (with multiple instances allowed per switch).

  • Page 297: Menu: Viewing And Configuring A Static Trunk Group

    Port Trunking Menu: Viewing and Configuring a Static Trunk Group Menu: Viewing and Configuring a Static Trunk Group Important Configure port trunking before you connect the trunked links to another switch, routing switch, or server. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured.
  • Page 298 Port Trunking Menu: Viewing and Configuring a Static Trunk Group • For proper trunk operation, all ports in a trunk must have the same media type and mode (such as 10/100TX set to 100FDx, or 100FX set to 100FDx). The flow control settings must also be the same for all ports in a given trunk.

  • Page 299: Cli: Viewing And Configuring Port Trunk Groups

    Port Trunking CLI: Viewing and Configuring Port Trunk Groups Connect the trunked ports on the switch to the corresponding ports on the opposite device. If you previously disabled any of the trunked ports on the switch, enable them now. (Refer to “Viewing Port Status and Configuring Port Parameters”...
  • Page 300 Port Trunking CLI: Viewing and Configuring Port Trunk Groups Using a port list specifies, for switch ports in a static trunk group, only the ports you want to view. In this case, the command specifies ports A5 through A7. However, because port A6 is not in a static trunk group, it does not appear in the resulting listing: Port A5 appears with an example of a name that you can optionally assign using the Friendly Port Names feature.
  • Page 301 Port Trunking CLI: Viewing and Configuring Port Trunk Groups Listing Static LACP and Dynamic LACP Trunk Data. Syntax: show lacp Lists data for only the LACP-configured ports.. In the following example, ports A1 and A2 have been previously configured for a static LACP trunk. (For more on the “Active” parameter, see table 12-5 on page 12-21.) Figure 12-8.

  • Page 302: Using The Cli To Configure A Static Or Dynamic Trunk Group

    Port Trunking CLI: Viewing and Configuring Port Trunk Groups “Up” Links Standby Link Figure 12-9. Example of a Dynamic LACP Trunk with One Standby Link Using the CLI To Configure a Static or Dynamic Trunk Group I m p o r t a n t Configure port trunking before you connect the trunked links between switches.
  • Page 303 Removing a port from a trunk can create a loop and cause a broadcast storm. When you remove a port from a trunk where spanning tree is not in use, ProCurve recommends that you first disable the port or disconnect the link on that port.
  • Page 304 < port-list >. This example uses ports C4 and C5 to enable a dynamic LACP trunk group. ProCurve(config)# interface c4-c5 lacp active Removing Ports from an Dynamic LACP Trunk Group. To remove a port from dynamic LACP trunk operation, you must turn off LACP on the port.

  • Page 305: Web: Viewing Existing Port Trunk Groups

    To help prevent a broadcast storm when you remove a port from a trunk where spanning tree is not in use, ProCurve recommends that you first disable the port or disconnect the link on that port.

  • Page 306: Trunk Group Operation Using Lacp

    LACP requires full-duplex (FDx) links of the same media type (10/100Base-T, 100FX, etc.) and the same speed, and enforces speed and duplex conformance across a trunk group. For most installations, ProCurve recommends that you leave the port Mode settings at Auto (the default). LACP also operates with Auto-10, Auto-100, and Auto-1000 (if negotiation selects FDx), and 10FDx, 100FDx, and 1000FDx settings.
  • Page 307 Port Trunking Trunk Group Operation Using LACP Table 12-4. LACP Trunk Types LACP Port Trunk Operation Configuration 802.3ad-compliant Dynamic LACP This option automatically establishes an trunk group, with LACP for the port Type parameter and DynX for the port Group name, where X is an automatically assigned value from 1 to 60, depending on how many dynamic and static trunks are currently on the switch.
  • Page 308 Port Trunking Trunk Group Operation Using LACP LACP Port Trunk Operation Configuration Static LACP Provides a manually configured, static LACP trunk to accommodate these conditions: • The port on the other end of the trunk link is configured for a static LACP trunk. •...

  • Page 309: Default Port Operation

    Table 12-5 lists the elements of per-port LACP operation. To display this data for a switch, execute the following command in the CLI: ProCurve> show lacp Table 12-5. LACP Port Status Data Status Name...

  • Page 310: Lacp Notes And Restrictions

    If you configure port security on a port on which LACP (active or passive) is configured, the switch removes the LACP configuration, displays a notice that LACP is disabled on the port(s), and enables 802.1X on that port. ProCurve(config)# aaa port-access authenticator b1 LACP has been disabled on 802.1x port(s). ProCurve(config)# The switch will not allow you to configure LACP on a port on which port access (802.1X) is enabled.
  • Page 311 Port Trunking Trunk Group Operation Using LACP ProCurve(config)# int a17 lacp passive Error configuring port A17: LACP and port security cannot be run together. ProCurve(config)# To restore LACP to the port, you must remove port security and re-enable LACP active or passive.
  • Page 312 Status becomes “Up”). When the other port becomes active again, the replace- ment port goes back to blocked (Port Status is “Blocked”). It can take a few seconds for the switch to discover the current status of the ports. ProCurve(eth-B1-B8)# show lacp LACP PORT...
  • Page 313 Port Trunking Trunk Group Operation Using LACP If there are ports that you do not want on the default VLAN, ensure that ■ they cannot become dynamic LACP trunk members. Otherwise a traffic loop can unexpectedly occur. For example: VLAN-1 VLAN-1 VLAN-1 VLAN-1...

  • Page 314: Trunk Group Operation Using The "Trunk" Option

    Port Trunking Trunk Group Operation Using the “Trunk” Option Dynamic/Static LACP Interoperation: A port configured for dynamic LACP can properly interoperate with a port configured for static (TrkX) LACP, but any ports configured as standby LACP links will be ignored. Trunk Group Operation Using the “Trunk”...

  • Page 315: How The Switch Lists Trunk Data

    Port Trunking How the Switch Lists Trunk Data How the Switch Lists Trunk Data Static Trunk Group: Appears in the menu interface and the output from the CLI show trunk and show interfaces commands. Dynamic LACP Trunk Group: Appears in the output from the CLI show lacp command.
  • Page 316 Port Trunking Outbound Traffic Distribution Across Trunked Links The load-balancing is done on a per communication basis. Otherwise, traffic is transmitted across the same path as shown in figure 12-13. That is, if Client A attached to Switch 1 sends five packets of data to Server A attached to Switch 2, the same link is used to send all five packets.
  • Page 317 Port Trunking Outbound Traffic Distribution Across Trunked Links Table 12-6. Example of Link Assignments in a Trunk Group (SA/DA Distribution) Source: Destination: Link: Node A Node W Node B Node X Node C Node Y Node D Node Z Node A Node Y Node B Node W...
  • Page 318 Port Trunking Outbound Traffic Distribution Across Trunked Links 12-30...

  • Page 319: Contents

    Port Traffic Controls Contents Overview ........... . 13-3 Rate-Limiting .
  • Page 320 Port Traffic Controls Contents Configuring Jumbo Frame Operation ......13-30 Overview ..........13-30 Viewing the Current Jumbo Configuration .

  • Page 321: Overview

    Port Traffic Controls Overview Overview Feature Default Menu Rate-Limiting None 13-4 Guaranteed Minimum Per Queue (1-8 order): 13-19 Bandwidth 2%-3%-30%-10%-10%- 10%-15%-20% Jumbo Packets Disabled 13-27 This chapter includes: ■ Rate-Limiting: Enables a port to limit the amount of bandwidth a user or device may utilize for traffic on the switch.

  • Page 322: Rate-Limiting

    Port Traffic Controls Rate-Limiting Rate-Limiting Feature Default Menu rate-limit all none page 13-5 show rate-limit all page 13-6 rate-limit icmp none page 13-13 show rate-limit icmp page 13-14 All Traffic Rate-Limiting Rate-limiting for all traffic operates on a per-port basis to allow only the specified bandwidth to be used for inbound or outbound traffic.

  • Page 323: Configuring Rate-Limiting

    Port Traffic Controls Rate-Limiting Configuring Rate-Limiting N o t e The mode using bits per second (bps) in releases before K.12.XX has been replaced by the kilobits per second (kbps) mode. Switches that have config- urations with bps values will be automatically converted when you update your software to the new version.

  • Page 324: Displaying The Current Rate-Limit Configuration

    Configuring a rate limit of 0 (zero) on a port blocks all traffic on that port. However, if this is the desired behavior on the port, ProCurve recommends using the < port-list > disable command instead of configuring a rate limit of 0.
  • Page 325 Port Traffic Controls Rate-Limiting ProCurve(eth-A5)# show rate-limit all a1-a6 Ports A1-A4 are configured with an outbound rate limit of 200 Kbps; Port A5 is configured with an inbound rate limit of 20%. All-Traffic Rate Limit Maximum % (Port A6 is not configured for rate-limiting.)

  • Page 326: Operating Notes For Rate-Limiting

    Port Traffic Controls Rate-Limiting ProCurve(config)# show config Startup configuration: ; J8697A Configuration Editor; Created on release #K.12.XX hostname "ProCurve Switch 8212zl" module 1 type J8705A snmp-server community "public" Unrestricted vlan 1 name "DEFAULT_VLAN" untagged A1-A24 Ports A1-A4 are configured with an ip address dhcp-bootp outbound rate limit of 100 kbps.
  • Page 327 Port Traffic Controls Rate-Limiting rate-limiting on the port while it is in the trunk. Attempting to configure rate-limiting on a port that already belongs to a trunk generates the following message: < port-list >: Operation is not allowed for a trunked port. ■...

  • Page 328: Icmp Rate-Limiting

    Port Traffic Controls Rate-Limiting Optimum rate-limiting operation: Optimum rate-limiting occurs with ■ 64-byte packet sizes. Traffic with larger packet sizes can result in performance somewhat below the configured bandwidth. This is to ensure the strictest possible rate-limiting of all sizes of packets. Note on Testing Rate-limiting is applied to the available bandwidth on a port, and not to any Rate-Limiting...

  • Page 329: Terminology

    Port Traffic Controls Rate-Limiting messages to an extent where no other traffic can get through. (ICMP messages themselves can also be misused as virus carriers). Such malicious misuses of ICMP can include a high number of ping packets that mimic a valid source IP address and an invalid destination IP address (spoofed pings), and a high number of response messages (such as Destination Unreachable error mes- sages) generated by the network.

  • Page 330: Guidelines For Configuring Icmp Rate-Limiting

    Port Traffic Controls Rate-Limiting Spoofed Ping: An ICMP echo request packet intentionally generated with a valid source IP address and an invalid destination IP address. Spoofed pings are often created with the intent to oversubscribe network resources with traffic having invalid destinations. Guidelines for Configuring ICMP Rate-Limiting Apply ICMP rate-limiting on all connected interfaces on the switch to effec- tively throttle excessive ICMP messaging from any source.

  • Page 331: Configuring Icmp Rate-Limiting

    For example, either of the following commands configures an inbound rate limit of 1% on ports A3 - A5, which are used as network edge ports: ProCurve(config)# int a3-a5 rate-limit icmp 1 ProCurve (eth-A3-A5)# rate-limit icmp 1 N o t e When using kbps-mode ICMP rate-limiting, the rate-limiting only operates on the IP payload part of the ICMP packet (as required by metering RFC 2698).

  • Page 332: On The Same Interface

    Port Traffic Controls Rate-Limiting Using Both ICMP Rate-Limiting and All-Traffic Rate-Limiting on the Same Interface ICMP and all-traffic rate-limiting can be configured on the same interface. All-traffic rate-limiting applies to all inbound or outbound traffic (including ICMP traffic), while ICMP rate-limiting applies only to inbound ICMP traffic. Note that if the all-traffic load on an interface meets or exceeds the currently configured all-traffic inbound rate-limit while the ICMP traffic rate-limit on the same interface has not been reached, then all excess traffic will be...

  • Page 333: Operating Notes For Icmp Rate-Limiting

    Port Traffic Controls Rate-Limiting For example, if you wanted to view the rate-limiting configuration on the first six ports in the module in slot “B”: ProCurve(config)# show rate-limit icmp b1-b6 Inbound ICMP Rate Limit Maximum Percentage Rate Port | Mode...
  • Page 334 Port Traffic Controls Rate-Limiting 0.5 Mbps of inbound traffic. If an interface experiences an inbound flow of ICMP traffic in excess of its configured limit, the switch generates a log message and an SNMP trap (if an SNMP trap receiver is configured). ■...

  • Page 335: Icmp Rate-Limiting Trap And Event Log Messages

    Port Traffic Controls Rate-Limiting interface must be receiving more inbound ICMP traffic than the configured bandwidth limit allows. If the interface is configured with both rate-limit all and rate-limit icmp, then the ICMP limit can be met or exceeded only if the rate limit for all types of inbound traffic has not already been met or exceeded.
  • Page 336 A1 on a switch would use the following setmib command to reset the port to send a new message if the condition occurs again. ProCurve(config)# setmib hpicmpratelimitportalarm- flag.1 -i 1 Determining the Switch Port Number Used in ICMP Port Reset Commands: To enable excess ICMP traffic notification traps and Event Log messages, use the setmib command described on page 13-17.

  • Page 337: Guaranteed Minimum Bandwidth (Gmb)

    Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Guaranteed Minimum Bandwidth (GMB) Feature Default Menu bandwidth-min output Per-Queue: page 13-22 2%-3%-30%-10% 10%-10%-15%-20% show bandwidth output [ port-list ] page 13-25 Introduction Guaranteed Minimum Bandwidth (GMB) provides a method for ensuring that each of a given port’s outbound traffic priority queues has a specified mini- mum consideration for sending traffic out on the link to another device.
  • Page 338 Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Table 13-1. Per-Port Outbound Priority Queues 802.1p Priority Settings in Tagged VLAN Outbound Priority Queue for a Given Port Packets* 1 (low) 2 (low) 0 (normal) 3 (normal) 4 (medium) 5 (medium) 6 (high) 7 (high) *The switch processes outbound traffic from an untagged port at the "0"...

  • Page 339: Impacts Of Qos Queue Configuration On Gmb Operation

    Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) N o t e For a given port, when the demand on one or more outbound queues exceeds the minimum bandwidth configured for those queues, the switch apportions unallocated bandwidth to these queues on a priority basis. As a result, speci- fying a minimum bandwidth for a high-priority queue but not specifying a minimum for lower-priority queues can starve the lower-priority queues dur- ing periods of high demand on the high priority queue.

  • Page 340: Outbound Traffic

    For any port or group of ports you can configure either the default minimum bandwidth settings for each outbound priority queue or a customized band- width allocation. For most applications, ProCurve recommends configuring GMB with the same values on all ports on the switch so that the outbound traffic profile is consistent for all outbound traffic.
  • Page 341 Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Syntax: [ no ] int < port-list > bandwidth-min output [ < queue1% > < queue2% > < queue3% > < queue4% > <queue5%> <queue6%> <queue7%> <queue8%>] For ports in < port-list >, specifies the minimum outbound bandwidth as a percent of the total bandwidth for each outbound queue.
  • Page 342 Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Notes: Configuring 0% for a queue can result in that queue being starved if any higher queue becomes over- subscribed and is then given all unused bandwidth. The switch applies the bandwidth calculation to the link speed the port is currently using.

  • Page 343: Configuration

    Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Either of the following commands configures ports A1 through A5 with bandwidth settings: ProCurve(config)#int a1-a5 bandwidth-min output 2 3 30 10 10 10 15 20 ProCurve(eth-A1-A5)#bandwidth-min output 2 3 30 10 10 10 15 20...

  • Page 344: Gmb Operating Notes

    Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) This is how the preceding listing of the GMB configuration would appear in the startup-config file. The outbound port priority queues 1 - 8 for ports A1-A5 are configured with the indicated Guaranteed Minimum Bandwidth percentages.

  • Page 345: Jumbo Frames

    Port Traffic Controls Jumbo Frames Jumbo Frames Feature Default Menu display VLAN jumbo status — 13-30 — configure jumbo VLANs Disabled — 13-32 — The Maximum Transmission Unit (MTU) is the maximum size IP frame the switch can receive for Layer 2 frames inbound on a port. The switch drops any inbound frames larger than the MTU allowed on the port.

  • Page 346: Operating Rules

    Port Traffic Controls Jumbo Frames Operating Rules Required Port Speed: This feature allows inbound and outbound jumbo ■ frames on ports operating at speeds of 1 gigabit or higher. At lower port speeds, only standard (1522-byte or smaller) frames are allowed, regard- less of the jumbo configuration.

  • Page 347: Configuring Jumbo Frame Operation

    Port Traffic Controls Jumbo Frames Configuring Jumbo Frame Operation Command Page show vlans 13-30 show vlans ports < port-list > 13-31 show vlans < vid > 13-32 jumbo 13-32 jumbo max-frame-size 13-32 Overview Determine the VLAN membership of the ports or trunks through which you want the switch to accept inbound jumbo traffic.

  • Page 348: Viewing The Current Jumbo Configuration

    Port Traffic Controls Jumbo Frames Viewing the Current Jumbo Configuration Syntax: show vlans Lists the static VLANs configured on the switch and includes a Jumbo column to indicate which VLANs are configured to support inbound jumbo traffic. All ports belonging to a jumbo-enabled VLAN can receive jumbo traffic.
  • Page 349 Port Traffic Controls Jumbo Frames Indicates which static VLANs are configured to enable jumbo frames. Figure 13-9. Example of Listing the VLAN Memberships for a Range of Ports Syntax: show vlans < vid > This command shows port membership and jumbo configuration for the specified <...

  • Page 350: Enabling Or Disabling Jumbo Traffic On A Vlan

    Port Traffic Controls Jumbo Frames Enabling or Disabling Jumbo Traffic on a VLAN Syntax: vlan < vid > jumbo [ no ] vlan < vid > jumbo Configures the specified VLAN to allow jumbo frames on all ports on the switch that belong to that VLAN. If the VLAN is not already configured on the switch, vlan <...

  • Page 351: Configuring Ip Mtu

    Port Traffic Controls Jumbo Frames Configuring IP MTU N o t e The following feature is available on the switches covered in this guide. Jumbos support is required. On switches that do not support this command, the IP MTU value is derived from the maximum frame size and is not config- urable.

  • Page 352: Displaying The Maximum Frame Size

    VLANs of which the port is a member are not enabled for Jumbo support. Operating Notes for Jumbo Traffic-Handling ProCurve does not recommend configuring a voice VLAN to accept jumbo ■ frames. Voice VLAN frames are typically small, and allowing a voice VLAN to accept jumbo frame traffic can degrade the voice transmission perfor- mance.
  • Page 353 Port Traffic Controls Jumbo Frames When the switch applies the default MTU (1522-bytes) to a VLAN, all ports ■ in the VLAN can receive incoming frames of up to 1522 bytes in length. When the switch applies the jumbo MTU (9220 bytes) to a VLAN, all ports in that VLAN can receive incoming frames of up to 9220 bytes in length.
  • Page 354 In this regard, if a mesh domain includes any ProCurve 1600M/2400M/2424M/4000M/8000M switches along with the switches covered in this guide configured to support jumbo traffic, only the switches covered in this guide will receive jumbo frames.

  • Page 355: Troubleshooting

    Port Traffic Controls Jumbo Frames Troubleshooting A VLAN is configured to allow jumbo frames, but one or more ports drops all inbound jumbo frames. The port may not be operating at 1 giga- bit or higher. Regardless of a port’s configuration, if it is actually operating at a speed lower than 1 gigabit, it drops inbound jumbo frames.
  • Page 356 Port Traffic Controls Jumbo Frames 13-38...

  • Page 357: Contents

    Configuring for Network Management Applications Contents Using SNMP Tools To Manage the Switch ..... . 14-3 Overview ..........14-3 SNMP Management Features .
  • Page 358 Configuring for Network Management Applications Contents Terminology ......... . 14-33 Configuring sFlow .

  • Page 359: Overview

    Overview You can manage the switch via SNMP from a network management station running an application such as ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+). For more on PCM and PCM+, visit the ProCurve Networking web site at: www.procurve.com Click on products index in the sidebar, then click on the appropriate link appearing under the Network Management heading.

  • Page 360: Snmp Management Features

    HP OpenView, you can ensure that it is using the latest version of the MIB file by downloading the file to the OpenView database. To do so, go to the ProCurve Networking web site at: www.procurve.com Click on software updates, then MIBs.

  • Page 361: Configuring For Snmp Version 3 Access To The Switch

    C a u t i o n For ProCurve Manager (PCM) version 1.5 or earlier (or any TopTools version), deleting the “public” community disables some network management functions (such as traffic monitoring, SNMP trap generation, and threshold setting).

  • Page 362: Snmp Version 3 Commands

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Version 3 Commands SNMP version 3 (SNMPv3) adds some new commands to the CLI for configuring SNMPv3 functions. To enable SMNPv3 operation on the switch, use the snmpv3 enable command. An initial user entry will be generated with MD5 authentication and DES privacy.

  • Page 363: Enabling Snmpv3

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Enabling SNMPv3 The snmpv3 enable command allows the switch to: ■ Receive SNMPv3 messages. ■ Configure initial users. Restrict non-version 3 messages to “read only” (optional). ■ Figure 14-1 shows an example of how to use the snmpv3 enable command. N o t e : To create new users, most SNMPv3 management software requires an initial S N M P...
  • Page 364 Add user Network Admin with ProCurve(config)# snmpv3 user NetworkAdmin no authentication or privacy. ProCurve(config)# snmpv3 user NetworkMgr auth md5 authpass priv privpass Privacy is enabled and the Add user Network Mgr with MD5 authentication is enabled and password is set to “privpass”.
  • Page 365 This example displays information about the management stations configured on VLAN 1 to access the switch. ProCurve# configure terminal ProCurve(config)# vlan 1 ProCurve(vlan-1)# show snmpv3 user Status and Counters - SNMPv3 Global Configuration Information Auth. Protocol Privacy Protocol User Name...
  • Page 366 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Assigning Users to Groups. Then you must set the group access level for the user by assigning the user to a group. This is done with the snmpv3 group command.

  • Page 367: Group Access Levels

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Group Access Levels The switch supports eight predefined group access levels. There are four levels for use with version 3 users and four are used for access by version 2c or version 1 management applications.
  • Page 368 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: [no] snmpv3 community This command maps or removes a mapping of a community name to a group access level. To remove a mapping you, only need to specify the index_name parameter.

  • Page 369: Communities

    C a u t i o n For ProCurve Manager (PCM) version 1.5 or earlier (or any TopTools version), deleting the “public” community disables some network management functions (such as traffic monitoring, SNMP trap generation, and threshold setting).
  • Page 370 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Note: This screen gives an overview of the SNMP communities that are currently Add and Edit options are configured. All fields in used to modify the SNMP this screen are read- options.

  • Page 371: Cli: Viewing And Configuring Snmp Community Names

    Figure 14-7. Example of the SNMP Community Listing with Two Communities To list the data for only one community, such as the “public” community, use the above command with the community name included. For example: ProCurve# show snmp-server public 14-15...
  • Page 372 (Access to all MIB objects (read-only) except the CONFIG MIB.) ProCurve(config)# snmp-server community red-team manager unrestricted ProCurve(config)# snmp-server community blue-team operator restricted To eliminate a previously configured community named "gold-team": ProCurve(config) # no snmp-server community gold-team 14-16...

  • Page 373: Snmp Notifications

    ■ In addition, you can enable the switch to send the following types of notifications to configured trap receivers. For information on how to configure each notification, refer to the ProCurve software guide under which the notification is listed. ■...

  • Page 374: General Steps For Configuring Snmp Notifications

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Advance Traffic Management Guide: ■ • Loop protection • Spanning Tree (STP, RSTP, MSTP) Access Security Guide: ■ • MAC lockdown • MAC lockout • Uni-Directional Link Detection (UDLD) •...

  • Page 375: Snmpv1 And Snmpv2C Traps

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMPv1 and SNMPv2c Traps The switches covered in this guide support the following functionality from earlier SNMP versions (SNMPv1 and SNMPv2c): ■ Trap receivers: A trap receiver is a management station to which the switch sends SNMP traps and (optionally) event log messages sent from the switch.
  • Page 376 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: snmp-server host <ipv4-addr | ipv6-addr> <community name> Configures a destination network management station to receive SNMPv1/v2c traps, and (optionally) event log messages sent as traps from the switch, using the specified community name and destination IPv4 or IPv6 address.

  • Page 377: Enabling Snmpv2C Informs

    For example, to configure a trap receiver in a community named "red-team" with an IP address of 10.28.227.130 to receive only "critical" event log messages, you can enter the following command: ProCurve(config)# snmp-server host 10.28.227.130 red-team critical N o t e s To replace one community name with another for the same IP address, you must first enter the no snmp-server host <...
  • Page 378 N o t e The retries and timeout values are not used to send trap requests. To verify the configuration of SNMPv2c informs, enter the show snmp-server command: ProCurve Switch 5406zl(config)# show snmp-server SNMP Communities Community Name MIB View Write Access...

  • Page 379: Configuring Snmpv3 Notifications

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring SNMPv3 Notifications The SNMPv3 notification process allows messages that are passed via SNMP between the switch and a network management station to be authenticated and encrypted. To configure SNMPv3 notifications, follow these steps: Enable SNMPv3 operation on the switch by entering the snmpv3 enable command (see “SNMP Version 3 Commands”...
  • Page 380 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configure the target address of the SNMPv3 management station to which SNMPv3 informs and traps are sent by entering the snmpv3 targetaddress command. Syntax: [no] snmpv3 targetaddress < ipv4-addr | ipv6-addr> < name > Configures the IPv4 or IPv6 address, name, and configuration filename of the SNMPv3 management station to which notification messages are sent.
  • Page 381 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: [no] snmpv3 targetaddress < ipv4-addr | ipv6-addr> < name > —Continued— [timeout < value >] (Optional) Time (in millisecond increments) allowed to receive a response from the target before notification packets are retransmitted.

  • Page 382: Managing Network Security Notifications

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch An example of how to configure SNMPv3 notification is shown here: Params _name value in the snmpv3 targetaddress command The tag _name value in snmpv3 notify command matches the matches the params _name value in the snmpv3 params tag _name value in the snmpv3 targetaddress command.
  • Page 383 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch To enable or disable notification/traps for network security failures and other security events, enter the snmp-server enable traps command. Syntax: [no] snmp-server enable traps [snmp-auth | password-change-mgr | login- failure-mgr | port-security | auth-server-fail | dhcp-snooping | arp-protect] Enables or disables sending one of the following types of security notification to configured trap receivers:...

  • Page 384: Enabling Link-Change Traps

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch ProCurve(config)# show snmp-server traps Link-change trap setting Trap Receivers Link-Change Traps Enabled on Ports [All] : A1-A24 Trap Category Current Trap Configuration ------------------------------ -------------------------- SNMP Authentication extended Password change...

  • Page 385: Configuring The Source Ip Address For Snmp Notifications

    For example, to use the IP address of the destination interface on which an SNMP request was received as the source IP address in the IP header of SNMP traps and replies, enter the following command: ProCurve(config)# snmp-server response-source dst-ip-of-request 14-29...
  • Page 386 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch To configure the switch to use a specified source IP address in generated trap PDUs, enter the snmp-server trap-source command. Syntax: [no] snmp-server trap-source [<ipv4-addr > | loopback<0-7>] Specifies the source IP address to be used for a trap PDU.

  • Page 387: Displaying Snmp Notification Configuration

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch ProCurve_8212(config)# show snmp-server SNMP Communities Community Name MIB View Write Access ---------------- -------- ------------ public Manager Unrestricted Trap Receivers Link-Change Traps Enabled on Ports [All] : All Excluded MIBs Snmp Response Pdu Source-IP Information dstIpOfRequest: The destination IP address of...
  • Page 388 In the following example, the show snmp-server command output shows that the switch has been configured to send SNMP traps and notifications to management stations that belong to the “public”, “red-team”, and “blue-team” communities. ProCurve(config)# show snmp-server SNMP Communities SNMP Community Community Name...

  • Page 389: Advanced Management: Rmon

    Event groups from the ProCurve Manager network management software. For more on ProCurve Manager, visit the ProCurve Networking web site at www.procurve.com Click on products index, then look for the ProCurve Manager topic under the Network Manager bar. CLI-Configured sFlow with Multiple Instances In earlier software releases, sFlow was configured on the switch via SNMP using a single sFlow instance.

  • Page 390: Configuring Sflow

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring sFlow The following sFlow commands allow you to configure sFlow instances via the CLI. Syntax: [no] sflow <receiver-instance> destination <ip-address> [udp-port-num] Enables an sFlow receiver/destination. The receiver-instance number must be a 1, 2, or 3.
  • Page 391 Agent Address 10.0.10.228 Figure 14-13. Example of Viewing sFlow Agent Information The show sflow <instance> destination command includes information about the management-station’s destination address, receiver port, and owner. ProCurve# show sflow 2 destination Destination Instance sflow Enabled Datagrams Sent Destination Address 10.0.10.41...
  • Page 392 You can specify a list or range of ports for which to view sampling information. ProCurve# show sflow 2 sampling-polling A1-A4 Number denotes the sampling/polling instance to which the receiver is coupled.

  • Page 393: Lldp (Link-Layer Discovery Protocol)

    CDP as documented in this manual. For the latest information on your switch model, consult the Release Notes (available on the ProCurve Networking web site). If LLDP has not yet been implemented (or if you are running an older version of software), consult a previous version of the Management and Configuration Guide for device discovery details.

  • Page 394: Terminology

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP-MED (LLDP Media Endpoint Discovery): Provides an extension to LLDP and is designed to support VoIP deployments. N o t e LLDP-MED is an extension for LLDP, and the switch requires that LLDP be enabled as a prerequisite to LLDP-MED operation.
  • Page 395 PD (Powered Device): This is an IEEE 802.3af-compliant device that receives its power through a direct connection to a 10/100Base-TX PoE RJ-45 port in a ProCurve fixed-port or chassis-based switch. Examples of PDs include Voice-over-IP (VoIP) telephones, wireless access points, and remote video cameras.

  • Page 396: General Lldp Operation

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) TLV (Type-Length-Value): A data unit that includes a data type field, a data unit length field (in bytes), and a field containing the actual data the unit is designed to carry (as an alphanumeric string, a bitmap, or a subgroup of information).

  • Page 397: Configuration Options

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Configuration Options Enable or Disable LLDP on the Switch. In the default configuration, LLDP is globally enabled on the switch. To prevent transmission or receipt of LLDP traffic, you can disable LLDP operation (page 14-41) Enable or Disable LLDP-MED.
  • Page 398 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) SNMP Notification. You can enable the switch to send a notification to any configured SNMP trap receiver(s) when the switch detects a remote LLDP data change on an LLDP-enabled port (page 14-51). Per-Port (Outbound) Data Options.

  • Page 399: Options For Reading Lldp Information Collected By The Switch

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Data Type Configuration Default Description Options The Packet Time-to-Live value is included in LLDP data packets. (Refer to “Changing the Time-to-Live for Transmitted Advertisements” on page 14-49.) Subelement of the Chassis ID TLV. Subelement of the Port ID TLV.

  • Page 400: Lldp Operating Rules

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) RFC 2737 (Entity MIB) ■ ■ RFC 2863 (Interfaces MIB) ■ ANSI/TIA-1057/D6 (LLDP-MED; refer to “LLDP-MED (Media-Endpoint- Discovery)” on page 14-56.) LLDP Operating Rules (For additional information specific to LLDP-MED operation, refer to “LLDP- MED (Media-Endpoint-Discovery)”...

  • Page 401: Configuring Lldp Operation

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Spanning-Tree Blocking. Spanning tree does not prevent LLDP packet transmission or receipt on STP-blocked links. 802.1X Blocking. Ports blocked by 802.1X operation do not allow transmission or receipt of LLDP packets. Configuring LLDP Operation In the default configuration, LLDP is enabled and in both transmit and receive mode on all active ports.
  • Page 402 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displays the LLDP global configuration, LLDP port status, and SNMP notification status. For information on port admin status, refer to “Configuring Per-Port Transmit and Receive Modes” on page 14-52. For example, show lldp config produces the following display when the switch is in the default LLDP configuration: Note: This value corresponds to the lldp refresh-interval...

  • Page 403: Configuring Global Lldp Packet Controls

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying Port Configuration Details. This command displays the port- specific configuration, including. Syntax show lldp config < port-list > Displays the LLDP port-specific configuration for all ports in < port-list >, including which optional TLVs and any non-default IP address that are included in the port’s outbound advertisements.
  • Page 404 (Default: Enabled) For example, to disable LLDP on the switch: ProCurve(config)# no lldp run Changing the Packet Transmission Interval. This interval controls how often active ports retransmit advertisements to their neighbors. Syntax lldp refresh-interval < 5 - 32768 >...
  • Page 405 2, which would result in a Time-to- Live of 30 seconds. ProCurve(config)# lldp holdtime-multiplier 2 Changing the Delay Interval Between Advertisements Generated by Value or Status Changes to the LLDP MIB. The switch uses a delay- interval setting to delay transmitting successive advertisements resulting from these LLDP MIB changes.
  • Page 406 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax setmib lldpTxDelay.0 -i < 1 - 8192 > Uses setmib to change the minimum time (delay-interval) any LLDP port will delay advertising successive LLDP advertisements due to a change in LLDP MIB content. (Default: 2;...

  • Page 407: Configuring Snmp Notification Support

    (Default: 2 seconds; Range: 1 - 10 seconds) For example, the following command changes the reinitialization delay interval to five seconds: ProCurve(config)# setmib lldpreinitdelay.0 -i 5 Configuring SNMP Notification Support You can enable SNMP trap notification of LLDP data changes detected on advertisements received from neighbor devices, and control the interval between successive notifications of data changes on the same neighbor.

  • Page 408: Configuring Per-Port Transmit And Receive Modes

    (Default: 5 seconds) For example, the following command limits change notification traps from a particular switch to one per minute. ProCurve(config)# setmib lldpnotificationinterval.0 -i 60 lldpNotificationInterval.0 = 60 Configuring Per-Port Transmit and Receive Modes These commands control advertisement traffic inbound and outbound on active ports.

  • Page 409: Configuring Basic Lldp Per-Port Advertisement Content

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Configuring Basic LLDP Per-Port Advertisement Content In the default LLDP configuration, outbound advertisements from each port on the switch include both mandatory and optional data. Mandatory Data. An active LLDP port on the switch always includes the mandatory data in its outbound advertisements.
  • Page 410 10.10.10.100 and you wanted port 3 to use this secondary address in LLDP advertisements, you would need to execute the following command: ProCurve(config)# lldp config 3 ipAddrEnable 10.10.10.100 Optional Data. You can configure an individual port or group of ports to exclude one or more of these data types from outbound LLDP advertisements.

  • Page 411: Advertisements

    For example, if you wanted to exclude the system name TLV from the outbound LLDP advertisements for all ports on a switch, you would use this command: ProCurve(config)# no lldp config 1-24 basicTlvEnable system_name If you later decided to reinstate the system name TLV on ports 1-5, you would...

  • Page 412: Lldp-Med (Media-Endpoint-Discovery)

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax: [ no ] lldp config < port-list > dot3TlvEnable macphy_config For outbound advertisements, this TLV includes the (local) switch port’s current speed and duplex settings, the range of speed and duplex settings the port supports, and the method required for reconfiguring the speed and duplex settings on the device (auto-negotiation during link initialization, or manual configuration).
  • Page 413 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Power over Ethernet (PoE) status and troubleshooting support via ■ SNMP support for IP telephony network troubleshooting of call quality ■ issues via SNMP This section describes how to configure and use LLDP-MED features in the switches to support VoIP network edge devices (Media Endpoint Devices) such as: ■...
  • Page 414 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) able to use the following network policy elements configured on the ■ client port • voice VLAN ID • 802.1p (Layer 2) QoS • Diffserv codepoint (DSCP) (Layer 3) QoS discover and advertise device location data learned from the switch ■...

  • Page 415: Lldp-Med Topology Change Notification

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Class 3 (Communication Devices): These devices are typically IP ■ phones or end-user devices that otherwise support IP media and offer all Class 1 and Class 2 features, plus location identification and emergency 911 capability, Layer 2 switch support, and device infor- mation management.
  • Page 416 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax: lldp top-change-notify < port-list > Topology change notification, when enabled on an LLDP port, causes the switch to send an SNMP trap if it detects LLDP- MED endpoint connection or disconnection activity on the port, or an age-out of the LLDP-MED neighbor on the port.

  • Page 417: Lldp-Med Fast Start Control

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP-MED Fast Start Control Syntax: lldp fast-start-count < 1 - 10 > An LLDP-MED device connecting to a switch port may use the data contained in the MED TLVs from the switch to configure itself.
  • Page 418 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) N o t e LLDP-MED operation requires the macphy_config TLV subelement—enabled by default—that is optional for IEEE 802.1AB LLDP operation. Refer to the dot3TlvEnable macphy_config command on page 14-56. Network Policy Advertisements. Network policy advertisements are intended for real-time voice and video applications, and include these TLV subelements: ■...
  • Page 419 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) N o t e s A codepoint must have an 802.1p priority before you can configure it for use in prioritizing packets by VLAN-ID. If a codepoint you want to use shows No Override in the Priority column of the DSCP policy table (display with show qos- dscp map, then use qos-dscp map <...
  • Page 420 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) network-policy This TLV enables the switch port to advertise its configured network policies (voice VLAN, Layer 2 QoS, Layer 3 QoS), and allows LLDP-MED endpoint devices to auto-configure the voice network policy advertised by the switch.

  • Page 421: Configuring Location Data For Lldp-Med Devices

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) PoE Advertisements. These advertisements inform an LLDP-MED endpoint of the power (PoE) configuration on switch ports. Similar advertisements from an LLDP-MED endpoint inform the switch of the endpoint’s power needs and provide information that can be used to identify power priority mismatches.
  • Page 422 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ELIN (Emergency Location Identification Number): an emergency ■ number typically assigned to MLTS (Multiline Telephone System Opera- tors) in North America ■ coordinate-based location: attitude, longitude, and altitude informa- tion (Requires configuration via an SNMP application.) Syntax: [ no ] lldp config <...
  • Page 423 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) — Continued— Type/Value Pairs ( CA-TYPE CA-VALUE ): This is a series of data pairs, each composed of a location data “type” specifier and the corresponding location data for that type. That is, the first value in a pair is expected to be the civic address “type”...
  • Page 424 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note: A switch port allows one instance of any given CA- TYPE. For example, if a type/value pair of 6 Atlantic (to specify “Atlantic” as a street name) is configured on port A5 and later another type/value pair of 6 Pacific is configured on the same port, then Pacific replaces Atlantic in the civic address location configured for port A5.
  • Page 425 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Table 14-4. Some Location Codes Used in CA-TYPE Fields* Location Element Code Location Element Code national subdivision street number regional subdivision additional location data city or township unit or apartment city subdivision floor street room number...

  • Page 426: Displaying Advertisement Data

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Figure 14-20 shows the commands for configuring and displaying the above data. Figure 14-20. Example of a Civic Address Configuration Displaying Advertisement Data Command Page show lldp info local-device below walkmib lldpXdot3LocPortOperMauType show lldp info remote-device 14-73 walkmib lldpXdot3RemPortAutoNegAdvertisedCap...

  • Page 427: Advertisements

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying Switch Information Available for Outbound Advertisements These commands display the current switch information that will be used to populate outbound LLDP advertisements. Syntax show lldp info local-device [ port-list ] Without the [ port-list ] option, this command displays the global switch information and the per-port information currently available for populating outbound LLDP advertisements.
  • Page 428 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) The Management Address field displays only the LLDP-configurable IP addresses on the switch. (Only manually-configured IP addresses are LLDP-configurable.) If the switch has only an IP address from a DHCP or Bootp server, then the Management Address field is empty (because there are no LLDP- configurable IP addresses available).
  • Page 429 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) information on displaying the currently configured port speed and duplex on an LLDP-MED endpoint, refer to “Displaying the Current Port Speed and Duplex Configuration on a Switch Port” on page 14-72. Syntax: show interfaces brief <...
  • Page 430 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Figure 14-23. Example of a Global Listing of Discovered Devices Indicates the policy configured on the telephone. A configuration mismatch occurs if the supporting port is configured differently. Figure 14-24. Example of an LLLDP-MED Listing of an Advertisement Received From an LLDP-MED (VoIP Telephone) Source 14-74...

  • Page 431: Displaying Lldp Statistics

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying LLDP Statistics LLDP statistics are available on both a global and a per-port levels. Rebooting the switch resets the LLDP statistics counters to zero. Disabling the transmit and/or receive capability on a port “freezes” the related port counters at their current values.
  • Page 432 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) — Continued — Per-Port LLDP Counters: NumFramesRecvd: Shows the total number of valid, inbound LLDP advertisements received from any neighbor(s) on < port- list >. Where multiple neighbors are connected to a port through a hub, this value is the total number of LLDP advertisements received from all sources.

  • Page 433: Lldp Operating Notes

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Counters showing frames sent on a port but no frames received on that port indicates an active link with a device that either has LLDP disabled on the link or is not LLDP- aware.
  • Page 434 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP Packet Forwarding: An 802.1D-compliant switch does not forward LLDP packets, regardless of whether LLDP is globally enabled or disabled on the switch. One IP Address Advertisement Per-Port: LLDP advertises only one IP address per-port, even if multiple IP addresses are configured by lldp config <...

  • Page 435: Lldp And Cdp Data Management

    LLDP packets received from neighbor devices. CDP operation is limited to reading incoming CDP packets from neighbor devices. (ProCurve switches do not generate CDP packets.) LLDP and CDP Neighbor Data With both LLDP and (read-only) CDP enabled on a switch port, the port can read both LLDP and CDP advertisements, and stores the data from both types of advertisements in its neighbor database.
  • Page 436 Neighbors database. N o t e Because ProCurve switches do not generate CDP packets, they are not represented in the CDP data collected by any neighbor devices running CDP. A switch with CDP disabled forwards the CDP packets it receives from other devices, but does not store the CDP information from these packets in its own MIB.

  • Page 437: Cdp Operation And Commands

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Protocol State Packet Inbound Data Management Inbound Packet Forwarding Generation CDP Enabled Store inbound CDP data. No forwarding of inbound CDP packets. CDP Disabled No storage of CDP data from Floods inbound CDP packets neighbor devices.
  • Page 438 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Command Page show cdp 14-82 show cdp neighbors [< port-list > detail] 14-83 [detail < port-list >] [no] cdp run 14-84 [no] cdp enable < port-list > 14-84 N o t e For details on how to use an SNMP utility to retrieve information from the switch’s CDP Neighbors table maintained in the switch’s MIB (Management Information Base), refer to the documentation provided with the particular...
  • Page 439 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Viewing the Switch’s Current CDP Neighbors Table. Devices are listed by the port on which they were detected. Syntax: show cdp neighbors Lists the neighboring CDP devices the switch detects, with a subset of the information collected from the device’s CDP packet.
  • Page 440 Disabling CDP on a port causes it to drop inbound CDP packets without recording their data in the CDP Neighbors table. Syntax: [no] cdp enable < [e] port-list > For example, to disable CDP on port A1: ProCurve(config)# no cdp enable a1 14-84...

  • Page 441: Contents

    Redundancy (Switch 8212zl) Contents Overview ........... . 15-3 Terminology .
  • Page 442 Redundancy (Switch 8212zl) Contents Disabling Redundancy with Two Modules Present ... . . 15-21 Disabling Redundancy With Only One Module Present ..15-22 Displaying Management Information .

  • Page 443: Overview

    Redundancy (Switch 8212zl) Overview Overview Redundancy provides the ability to keep your switch operating by using dual management modules, one active module and one standby module. In the event of a failure, the currently active management module will switchover to the standby management module, which then becomes the active management module.

  • Page 444: How The Management Modules Interact

    Redundancy (Switch 8212zl) Overview Secondary Image. The software version stored in secondary flash on each management module. Selftest. A test performed at boot to ensure the management module is functioning correctly. If the module fails selftest, it does not go into active or standby mode.

  • Page 445: Using Redundant Management

    Redundancy (Switch 8212zl) Using Redundant Management Using Redundant Management There are new CLI commands for redundant management as well as modifications to existing commands. (See “Existing CLI Commands Affected by Redundant Management” on page 15-29) New Redundant Management Commands Page redundancy management-module below redundancy switchover...

  • Page 446: Enabling Or Disabling Redundant Management

    ---------- Failovers Last Failover : Slot Module Description Status SW Version Boot Image ---- ---------------------------------------- -------- ---------- ---------- ProCurve J9092A Management Module 8200zl Active K.12.XX Primary ProCurve J9092A Management Module 8200zl Standby K.12.XX Primary ProCurve J9093A F2 Fabric Module 8200zl...
  • Page 447 2 remains the active management module. N o t e ProCurve recommends that you leave redundancy enabled. If the active management module has a hardware failure, the standby module may take over and may have an old configuration since file synchronization has not occurred.

  • Page 448: Directing The Standby Module To Become Active

    Last Failover : Tue Mar 19 12:42:31 2007 Slot Module Description Status SW Version Boot Image ---- ---------------------------------------- -------- ----------- --------- ProCurve J9092A Management Module 8200zl Offline K.12.XX Primary ProCurve J9092A Management Module 8200zl Active K.12.XX Primary ProCurve J9093A F2 Fabric Module 8200zl...

  • Page 449: Setting The Active Management Module For Next Boot

    Redundancy (Switch 8212zl) Using Redundant Management ProCurve(config)# redundancy switchover This management module will now reboot from primary image and will become the standby module! You will need to use the other management module's console interface. Do you want to continue [y/n]? y...
  • Page 450 Slot Module Description Status SW Version Boot Image ---- ---------------------------------------- ------ ---------- ---------- ProCurve J9092A Management Module 8200zl Standby K.12.XX Primary ProCurve J9092A Management Module 8200zl Active K.12.XX Primary ProCurve J9093A F2 Fabric Module 8200zl Enabled ProCurve J9093A F2 Fabric Module 8200zl Enabled Figure 15-5.
  • Page 451 ---------- Failovers Last Failover : Slot Module Description Status SW Version Boot Image ---- ---------------------------------------- -------- ----------- --------- ProCurve J9092A Management Module 8200zl Active K.12.XX Primary ProCurve J9092A Management Module 8200zl Offline K.12.XX Primary ProCurve J9093A Fabric Module 8200zl Enabled...

  • Page 452: Enabling And Disabling Fabric Modules

    Use this command to enable or disable the redundant fabric modules. Disabling one fabric module reduces the overall switching capacity of the 8200zl series switches. On some networks where network utilization is less than 50%, you may not notice any degradation of performance.

  • Page 453: Management Module Switchover

    Redundancy (Switch 8212zl) Management Module Switchover Management Module Switchover Events that Cause a Switchover There are a number of events that can cause the active management module to switchover to the standby management module when redundancy is enabled: The active management module crashes ■...

  • Page 454: Resetting The Management Module

    C a u t i o n ProCurve does not recommend using the MM Reset button to trigger a switchover. Files being copied over at the time of the reset will be aborted.

  • Page 455: Hotswapping Management Modules

    Redundancy (Switch 8212zl) Hotswapping Management Modules Hotswapping Management Modules Hotswapping Out the Active Management Module You can hotswap out the active management module and have switch operations taken over by the standby management module by following the correct shutdown procedure on the active module using the MM Shutdown button.

  • Page 456: When The Standby Module Is Not Available

    Redundancy (Switch 8212zl) Hotswapping Management Modules When the Standby Module is not Available If you have disabled redundancy with the no redundancy management-module command, or the standby module failed selftest, the Dwn LED will not turn green to indicate it is OK to hotswap out the active management module. N o t e If you remove the active management module without pressing the MM Shutdown button, any files that may have been in the process of...

  • Page 457: Downloading A New Software Version

    Redundancy (Switch 8212zl) Downloading a New Software Version Downloading a New Software Version File Synchronization after Downloading After downloading a new software version to either the primary or secondary flash of the active management module, the software version is immediately copied to the corresponding flash (primary or secondary) of the standby module unless the standby module failed selftest or redundancy was disabled with the no redundancy management-module command.

  • Page 458: After Downloading

    (you can verify this using the show redundancy command), you can now switch over to the management module running the newer software with this command: ProCurve# redundancy switchover This causes a switchover to the management module that received the new software version, which becomes the active management module. This method incurs the least amount of network downtime for booting.
  • Page 459 Redundancy (Switch 8212zl) Downloading a New Software Version C a u t i o n If you have booted one module out of primary flash and one module out of secondary flash, and the secondary flash is running a prior software version because the latest version was never copied over from the primary flash, you will have an software version mismatch.
  • Page 460 ---------- Failovers Last Failover : Slot Module Description Status SW Version Boot Image ---- ---------------------------------------- -------- ---------- ---------- ProCurve J9092A Management Module 8200zl Active K.12.30 Primary ProCurve J9092A Management Module 8200zl Standby K.12.30 Primary ProCurve J9093A F2 Fabric Module 8200zl...

  • Page 461: Disabling Redundancy With Two Modules Present

    ProCurve(config)# no redundancy management-module After executing this command, the second management module will not boot into standby mode; it is off line and no longer receives configuration file changes from the active module.

  • Page 462: Disabling Redundancy With Only One Module Present

    ---------- Failovers Last Failover : Slot Module Description Status SW Version Boot Image ---- ---------------------------------------- -------- ---------- ---------- ProCurve J9092A Management Module 8200zl Offline K.12.XX Primary ProCurve J9092A Management Module 8200zl Active K.12.XX Primary ProCurve J9093A F2 Fabric Module 8200zl...

  • Page 463: Displaying Management Information

    ProCurve J8708A 4p 10G CX4 zl Module 333333333333 ProCurve J8702A 24p Gig-T zl Module 444444444444 ProCurve J8702A 24p Gig-T zl Module 555555555555 ProCurve J8702A 24p Gig-T zl Module SG710AT0ZZ Figure 15-13. Example of Show Modules Command on an 8200zl Series Switch 15-23...

  • Page 464: Show Redundancy

    ---------- Failovers Last Failover : Slot Module Description Status SW Version Boot Image ---- ---------------------------------------- -------- ---------- ---------- ProCurve J9092A Management Module 8200zl Standby K.12.XX Primary ProCurve J9092A Management Module 8200zl Active K.12.XX Secondary ProCurve J9093A F2 Fabric Module 8200zl...

  • Page 465: Show Version

    The output of the show version command when redundancy is enabled is shown in Figure 15-16. ProCurve(config)# show version Management Module 1: Standby Image stamp: /sw/code/build/btm(t2g) 5 2007 13:20:59 K.12.XX...

  • Page 466: Show Log

    The show log command displays the status of the switch and its management modules. See “Logging Messages” on page 15-41. To show log messages in reverse chronological order (most recent messages displayed first), enter show log -r. ProCurve Switch 8200zl(config)# show log Keys: W=Warning I=Information...

  • Page 467: Show Flash

    Failovers Last Failover : Mon Sep 26 09:50:40 2005 Slot Module Description Status SW Version Boot Image ---- ---------------------------------------- -------- ---------- ---------- ProCurve J9092A Management Module 8200zl Active K.12.XX Secondary ProCurve J9092A Management Module 8200zl Standby K.12.XX Primary ProCurve J9093A F1 Fabric Module 8200zl...
  • Page 468 Redundancy (Switch 8212zl) Displaying Management Information booted from on the next boot. Unlike executing the show version command on an active management module, this only shows the running version of software on the standby management module. Standby Console> show version Image stamp: /sw/code/build/btm(t2g) Mar 21 2007 15:03:31...

  • Page 469: Existing Cli Commands Affected By Redundant Management

    Redundancy (Switch 8212zl) Existing CLI Commands Affected by Redundant Management Existing CLI Commands Affected by Redundant Management Several existing commands have changes related to redundant management. Boot Command In redundant management systems, the boot or boot active command causes a switchover to the standby management module as long as the standby module is in standby mode.
  • Page 470 Redundancy (Switch 8212zl) Existing CLI Commands Affected by Redundant Management Command Action Boot active Boots the active management module. The switch starts to boot from the default flash image. You can select which image to boot from during the boot process itself. See Figure 15-22.

  • Page 471: Setting The Default Flash For Boot

    Redundancy (Switch 8212zl) Existing CLI Commands Affected by Redundant Management ProCurve(config)# boot set-default flash secondary This command changes the location of the default boot. This command will change the default flash image to boot from secondary. Hereafter, ‘reload’ and ‘boot’ commands will boot from secondary. Do you want to...

  • Page 472: Reload Command

    Boot Rom Version: K.12.01 Default Boot : Primary ProCurve(config)# boot set-default flash secondary This command changes the location of the default boot. This command will change the default flash image to boot from secondary. Hereafter, ‘reload’ and ‘boot’ commands will boot from secondary.
  • Page 473 Failovers Last Failover : Mon April 30 09:10:11 2007 Slot Module Description Status SW Version Boot Image ---- ---------------------------------------- -------- ---------- ---------- ProCurve J9092A Management Module 8200zl Active K.12.XX Primary ProCurve J9092A Management Module 8200zl Standby K.12.XX Primary Figure 15-25. Example of Reload Command with Redundancy Enabled...

  • Page 474: Additional Commands Affected By Redundant Management

    Redundancy (Switch 8212zl) Existing CLI Commands Affected by Redundant Management Additional Commands Affected by Redundant Management The other existing commands operate with redundant management as shown below. Command Action auto-tftp If a new image is downloaded using auto-tftp, the active management module downloads the new software version to both the active and standby modules.
  • Page 475 Redundancy (Switch 8212zl) Existing CLI Commands Affected by Redundant Management Command Action fastboot When fastboot is enabled, this information is saved to the standby management module when the config files are sync’d. The fastboot value is used during the next boot on both modules. front-panel-security This command and its options only affects the active management module.

  • Page 476: Using The Web Browser For Redundant Management

    The web browser interface can be used to display information about the active and standby management modules. To learn more about using the web browser interface on your switch, see the chapter “Using the ProCurve Web Browser Interface” in this guide.

  • Page 477: Overview Page

    Redundancy (Switch 8212zl) Using the Web Browser for Redundant Management Overview Page To view status information about the management modules select the Status tab, and then the Overview button. The following information is shown: ■ Which module is the active module and which is the standby module Version of software running on each management module ■...

  • Page 478: Device View Page

    Redundancy (Switch 8212zl) Using the Web Browser for Redundant Management Figure 15-28.Redundancy Status Page Showing Information about the Active and Standby Modules Device View Page The Device View page displays a graphical representation of the switch. Select the Configuration tab and then the Device View button. The information displayed includes: ■...
  • Page 479 Redundancy (Switch 8212zl) Using the Web Browser for Redundant Management Figure 15-29. Device View Showing Two Management Modules 15-39...

  • Page 480: Management Module Led Behavior

    Redundancy (Switch 8212zl) Management Module LED Behavior Management Module LED Behavior Active (Actv) LED Behavior The Actv (Active) LED shows the LED behavior for various states on the active and standby management modules. See Table 15-2 for the available states and what they indicate.

  • Page 481: Logging Messages

    For more information on command options available with the show logging command, see “CLI: Displaying the Event Log” in the “Troubleshooting” chapter of this guide. An example of the log file listing is shown in Figure 15-31. ProCurve(config)# show logging Keys: W=Warning I=Information...

  • Page 482: Crash Files

    Redundancy (Switch 8212zl) Logging Messages Crash Files Crash logs for all modules are always available on the active management module. The copy crash-log and copy crash-data commands can be used to copy the information to a file of your choice. Syntax: copy crash-log [<slot-id>...
  • Page 483 Redundancy (Switch 8212zl) Logging Messages ProCurve Switch 8200zl$ show boot-history Mgmt Module 1 -- Saved Crash Information (most recent first): ============================================================= Mgmt Module 1 in Active Mode went down: 11/07/05 14:48:36 Operator warm reload from CONSOLE session. Mgmt Module 1 in Active Mode went down: 11/07/05 11:43:10 Operator cold reboot from CONSOLE session.

  • Page 484: Notes On How The Active Module Is Determined

    Redundancy (Switch 8212zl) Notes on How the Active Module is Determined Notes on How the Active Module is Determined Both management modules run selftest routines to determine which module becomes the active management module and which becomes the standby management module. The module that was last active in the chassis is given precedence and becomes the “active”...

  • Page 485: Diagram Of Decision Process

    Redundancy (Switch 8212zl) Notes on How the Active Module is Determined Diagram of Decision Process Both management modules start to boot Both modules fail Switch fails to boot selftest Module passing selftest One module fails becomes active selftest Both modules Module last booted in One module booted were booted...

  • Page 486: Event Log Messages

    Redundancy (Switch 8212zl) Event Log Messages Event Log Messages System Message Severity Description Mgmt module [1 or 2] went down info The specified management module went down without saving crash information without saving the crash information. RMON_BOOT_NO_CRASH_RECORD Mgmt module [1 or 2] went down info The specified management module was rebooted.
  • Page 487 Redundancy (Switch 8212zl) Event Log Messages System Message Severity Description Mgmt Module [1 or 2] - Running info The specified management module is running a different version of SW different version of software from the other management module. RMON_SYSTEM_MGMT_OS_DIFF Mgmt Module [1 or 2] - Failover warn Switchover occurred.
  • Page 488 Redundancy (Switch 8212zl) Event Log Messages System Message Severity Description Initial active to standby sync started info Indicates the beginning of the initial synchronization of the active management module’s flash image to the standby management module. RMON_SYSTEM_SYNC_BEGIN Initial active to standby sync complete info Indicates the end of the initial synchronization of the active management module’s flash image to the standby management module.

  • Page 489: Contents

    File Transfers Contents Overview ........... . A-3 Downloading Switch Software .
  • Page 490 File Transfers Contents Transferring Switch Configurations ......A-24 TFTP: Copying a Configuration File to a Remote Host ..A-25 TFTP: Copying a Configuration File from a Remote Host .

  • Page 491: Overview

    Downloading Switch Software ProCurve periodically provides switch software updates through the ProCurve Networking web site. For more information, refer to the support and warranty booklet shipped with the switch, or visit www.procurve.com and click on software updates. After you acquire a new software version, you can...

  • Page 492: General Software Download Rules

    A software version for the switch has been stored on a TFTP server accessible to the switch. (The software file is typically available from the ProCurve Networking web site at www.procurve.com.) The switch is properly connected to your network and has already been ■...

  • Page 493: Menu: Tftp Download From A Server To Primary Flash

    File Transfers Downloading Switch Software Menu: TFTP Download from a Server to Primary Flash Note that the menu interface accesses only the primary flash. In the console Main Menu, select Download OS to display the screen in figure A-1. (The term “OS”, or “operating system” refers to the switch software): Figure A-1.
  • Page 494 File Transfers Downloading Switch Software A “progress” bar indicates the progress of the download. When the entire software file has been received, all activity on the switch halts and you will see Validating and writing system software to FLASH... After the primary flash memory has been updated with the new software, you must reboot the switch to implement the newly downloaded software.

  • Page 495: Cli: Tftp Download From A Server To Flash

    File Transfers Downloading Switch Software To find more information on the cause of a download failure, examine the messages in the switch’s Event Log by executing the show log tftp command from the CLI. (For more on the Event Log, see “Using the Event Log for Troubleshooting Switch Problems”...
  • Page 496 File Transfers Downloading Switch Software This message means that the image you Dynamic counter continually displays the want to upload will replace the image number of bytes transferred. currently in primary flash. Figure A-4. Example of the Command to Download an OS (Switch Software) When the switch finishes downloading the software file from the server, it displays this progress message: Validating and Writing System Software to FLASH …...

  • Page 497: Using Secure Copy And Sftp

    As described earlier in this chapter you can use a TFTP client on the admin- istrator workstation to update software images. This is a plain text mechanism and it connects to a standalone TFTP server or another ProCurve switch acting as a TFTP server to obtain the software image file(s). Using SCP and SFTP allows you to maintain your switches with greater security.

  • Page 498: How It Works

    To enable secure file transfer on the switch (once you have an SSH session established between the switch and your computer), open a terminal window and type in the following command: ProCurve(config)# ip ssh filetransfer A-10...

  • Page 499: Disable Tftp And Auto-Tftp For Enhanced Security

    Disable TFTP and Auto-TFTP for Enhanced Security Using the ip ssh filetransfer command to enable Secure FTP (SFTP) automati- cally disables TFTP and auto-TFTP (if either or both are enabled). ProCurve(config)# ip ssh filetransfer Enabling SFTP automatically disables TFTP Tftp and auto-tftp have been disabled.
  • Page 500 File Transfers Downloading Switch Software Enables/Disables TFTP. Note: If SFTP is enabled, this field will be set to No. You cannot use this field to enable TFTP if SFTP is enabled. Attempting to do so produces an Inconsistent value message in the banner below the Actions line. Figure A-6.

  • Page 501: Command Options

    As a matter of policy, administrators should not enable the SSHv1-only or the SSHv1-or-v2 advertisement modes. SSHv1 is supported on only some legacy switches (such as the ProCurve Series 2500 switches). To confirm that SSH is enabled type in the command...

  • Page 502: Authentication

    File Transfers Downloading Switch Software Authentication Switch memory allows up to ten public keys. This means the authentication and encryption keys you use for your third-party client SCP/SFTP software can differ from the keys you use for the SSH session, even though both SCP and SFTP use a secure SSH tunnel.

  • Page 503: Using Xmodem To Download Switch Software From A Pc Or Unix

    File Transfers Downloading Switch Software crash-data-I “ “ crash-data-J “ “ crash-data-K “ “ crash-data-L “ “ crash-log crash-log-a crash-log-b crash-log-c crash-log-d 8212zl only crash-log-e “ “ crash-log-f “ “ crash-log-g 8212zl only crash-log-h “ “ crash-log-I “ “ crash-log-J “...

  • Page 504: Menu: Xmodem Download To Primary Flash

    File Transfers Downloading Switch Software Menu: Xmodem Download to Primary Flash Note that the menu interface accesses only the primary flash. From the console Main Menu, select 7. Download OS (for Edit). Press Use the Space bar to select XMODEM in the Method field. Press , then (for eXecute) to begin the software download.

  • Page 505: Cli: Xmodem Download From A Pc Or Unix Workstation To Primary Or Secondary Flash

    File Transfers Downloading Switch Software CLI: Xmodem Download from a PC or UNIX Workstation to Primary or Secondary Flash Using Xmodem and a terminal emulator, you can download a software file to either primary or secondary flash. Syntax: copy xmodem flash [< primary | secondary >] Downloads a software file to primary or secondary flash.

  • Page 506: Using Usb To Transfer Files To And From The Switch

    This procedure assumes that: A software version for the switch has been stored on a USB flash drive. ■ (The latest software file is typically available from the ProCurve Network- ing web site at www.procurve.com.) ■ The USB device has been plugged into the switch’s USB port.
  • Page 507 File Transfers Downloading Switch Software Before you use the procedure: ■ Determine the name of the software file stored on the USB flash drive (for example, k0800.swi). Decide whether the image will be installed in the primary or secondary ■ flash.

  • Page 508: Switch-To-Switch Download

    File Transfers Downloading Switch Software Boots from the flash image and startup-config file. A switch covered in this guide (with multiple configuration files), also uses the current startup-config file. (For more on these commands, refer to “Rebooting the Switch” on page 6-19.) To confirm that the software downloaded correctly, execute show system and check the Firmware revision line.

  • Page 509: Cli: Switch-To-Switch Downloads

    File Transfers Downloading Switch Software After the primary flash memory has been updated with the new software, you must reboot the switch to implement the newly downloaded software. (for Reboot Switch). You will then Return to the Main Menu and press see this prompt: Continue reboot of system? : No Press the space bar once to change No to Yes, then press...

  • Page 510: Using Pcm+ To Update Switch Software

    Figure A-9. Switch-to-Switch, from Either Flash in Source to Either Flash in Destination Using PCM+ to Update Switch Software ProCurve Manager Plus includes a software update utility for updating on ProCurve switch products. For further information, refer to the Getting Started Guide and the Administrator’s Guide, provided electronically with the application.

  • Page 511: Copying Software Images

    For example, to copy the primary flash to a TFTP server having an IP address of 10.28.227.105: ProCurve# copy flash tftp 10.28.227.105 k0800.swi where k0800.swi is the filename given to the flash image being copied. Xmodem: Copying a Software Image from the Switch to a...

  • Page 512: Usb: Copying A Software Image To A Usb Device

    For example, to copy the primary image to a USB flash drive: Insert a USB device into the switch’s USB port. Execute the following command: Procurve# copy flash usb k0800.swi where k0800.swi is the name given to the primary flash image that is copied from the switch to the USB device.

  • Page 513: Tftp: Copying A Configuration File To A Remote Host

    For example, to upload the current startup configuration to a file named sw8200 in the configs directory on drive “d” in a TFTP server having an IP address of 10.28.227.105: ProCurve# copy startup-config tftp 10.28.227.105 d:\configs\sw8200 TFTP: Copying a Configuration File from a Remote Host Syntax: copy tftp <...

  • Page 514: Xmodem: Copying A Configuration File To A Serially Connected Pc Or Unix Workstation

    File Transfers Transferring Switch Configurations Xmodem: Copying a Configuration File to a Serially Connected PC or UNIX Workstation To use this method, the switch must be connected via the serial port to a PC or UNIX workstation. You will need to: ■...
  • Page 515 File Transfers Transferring Switch Configurations Syntax: copy xmodem startup-config < pc | unix > copy xmodem config < filename > < pc | unix > Copies a configuration file from a serially connected PC or UNIX workstation to a designated configuration file on the switch.

  • Page 516: Usb: Copying A Configuration File To A Usb Device

    Insert a USB device into the switch’s USB port. Execute the following command: Procurve# copy startup-config usb procurve-config where procurve-config is the name given to the configuration file that is copied from the switch to the USB device. USB: Copying a Configuration File from a USB Device To use this method, the switch must be connected via the USB port to a USB flash drive on which is stored the configuration file you want to copy.

  • Page 517: Transferring Acl Command Files

    File Transfers Transferring ACL Command Files Transferring ACL Command Files This section describes how to upload and execute a command file to the switch for configuring or replacing an Access Control List (ACL) in the switch configuration. Such files should contain only ACE (Access Control Entry) commands.

  • Page 518: Xmodem: Uploading An Acl Command File From A Serially Connected Pc Or Unix Workstation

    Transferring ACL Command Files Using a PC workstation, you then execute the following from the CLI to upload the file to the switch and implement the ACL commands it contains: ProCurve(config)# copy tftp command-file 18.38.124.16 vlan10_in.txt pc The switch displays this message:...

  • Page 519: Usb: Uploading An Acl Command File From A Usb Device

    Copied the file to a USB flash drive. Using a PC workstation, you then execute the following from the CLI to upload the file to the switch and implement the ACL commands it contains: ProCurve(config)# copy usb command-file vlan10_in.txt pc A-31...

  • Page 520: Copying Diagnostic Data To A Remote Host, Usb Device, Pc Or Unix Workstation

    File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation The switch displays this message: Running configuration may change, do you want to continue [y/n]? To continue with the upload, press the key. To abort the upload, press the key.

  • Page 521: Copying Command Output To A Destination Device

    File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation Copying Command Output to a Destination Device Syntax: copy command-output < “cli-command” > tftp < ip-address > < filepath- filename > copy command-output < “cli-command” > usb < filename > copy command-output <“cli-command”>...

  • Page 522: Copying Crash Data Content To A Destination Device

    File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation At this point, press [Enter] and start the Xmodem command sequence in your terminal emulator. Figure A-12. Example of Sending Event Log Content to a File on an Attached PC Copying Crash Data Content to a Destination Device This command uses TFTP, USB, or Xmodem to copy the Crash Data content to a destination device.

  • Page 523: Copying Crash Log Data Content To A Destination Device

    File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation Copying Crash Data with Redundant Management. When you are using redundant management, the copy crash-data command operates somewhat differently. Syntax: copy crash-data [<slot-id> | mm] tftp <ip-address> <filename> Copies both the active and standby management modules’...
  • Page 524 File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation At this point, press [Enter] and start the Xmodem command sequence in your terminal emulator. Figure A-14. Example of sending a Crash Log for Slot C to a File on an Attached PC Copying Crash Logs with Redundant Management.

  • Page 525: Using Usb Autorun

    The overall USB autorun solution requires the following components: A ProCurve switch which can securely use USB autorun to load autho- ■ rized configurations and write reporting information. This requires soft- ware versions K.13.01, T.13.01 or greater.

  • Page 526: Security Considerations

    File Transfers Using USB Autorun d. determine if the file will be ‘run once’ (moved to a ‘processed’ direc- tory on execution) or ‘run many’ (kept in the root directory of the flash drive from where it can be executed again). Deploy the AutoRun file to a USB flash drive.

  • Page 527: Troubleshooting Autorun Operations

    PCM+ provides a mechanism to read these status files and capture the results of the commands executed. It also allows you to verify the report files for their authenticity and reject files that have not been signed (refer to the ProCurve Manager documentation for details).

  • Page 528: Configuring Autorun On The Switch

    File Transfers Using USB Autorun Event Log or Syslog. For details on how to use the switch’s event log or syslog for help in isolating autorun-related problems, see “Using the Event Log for Troubleshooting Switch Problems” on page C-27. Configuring Autorun on the Switch To enable/disable the autorun feature on the switch, the following commands can be executed from configuration mode in the CLI.

  • Page 529: Operating Notes And Restrictions

    When an operator or manager password is configured on a switch, autorun will be disabled automatically, and a message is displayed on the screen as shown in the following example: ProCurve# password manager New password for manager: ***** Please retype new password for manager: ***** Autorun is disabled as operator/manager is configured.

  • Page 530: Viewing Autorun Configuration Information

    File Transfers Using USB Autorun Viewing Autorun Configuration Information The show autorun command displays autorun configuration status information as shown in the following example. ProCurve(config)# show autorun Autorun configuration status Enabled : Yes Secure-mode : Disabled Encryption-key : A-42...

  • Page 531: Contents

    Monitoring and Analyzing Switch Operation Contents Overview ........... . B-4 Status and Counters Data .
  • Page 532 Monitoring and Analyzing Switch Operation Contents Web Browser Interface Status Information ....B-25 Traffic Mirroring ..........B-26 Terminology .
  • Page 533 Monitoring and Analyzing Switch Operation Contents Viewing Mirroring in the Current Configuration File ..B-67 Mirroring Configuration Examples ......B-68 Local Mirroring Destination .

  • Page 534: Overview

    Monitoring and Analyzing Switch Operation Overview Overview The switches covered in this guide have several built-in tools for monitoring, analyzing, and troubleshooting switch and network operation: ■ Status: Includes options for displaying general switch information, man- agement address data, port status, port and trunk group statistics, MAC addresses detected on each port or VLAN, and STP, IGMP, and VLAN data (page B-5).

  • Page 535: Status And Counters Data

    Monitoring and Analyzing Switch Operation Status and Counters Data Status and Counters Data This section describes the status and counters screens available through the switch console interface and/or the web browser interface. N o t e You can access all console screens from the web browser interface via Telnet to the console.

  • Page 536: Menu Access To Status And Counters

    Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access To Status and Counters Beginning at the Main Menu, display the Status and Counters menu by select- ing: 1. Status and Counters Figure B-1. The Status and Counters Menu Each of the above menu items accesses the read-only screens described on the following pages.

  • Page 537: General System Information

    Monitoring and Analyzing Switch Operation Status and Counters Data General System Information Menu Access From the console Main Menu, select: 1. Status and Counters 1. General System Information Figure B-2. Example of General Switch Information This screen dynamically indicates how individual switch resources are being used.

  • Page 538: Cli Access To System Information

    Shows chassis power supply and settings. temperature Shows system temperature and settings. fans Shows system fan status. ProCurve(config)# show system fans Fan Information | State | Failures -------+-------------+---------- Sys-1 | Fan OK 0 / 1 Fans in Failure State 0 / 1 Fans have been in Failure State Figure B-3.

  • Page 539: Switch Management Address Information

    Monitoring and Analyzing Switch Operation Status and Counters Data ProCurve(config)# show system Status and Counters - General System Information System Name : ProCurve Switch 2900yl-24G System Contact System Location MAC Age Time (sec) : 300 Time Zone Daylight Time Rule : None Software revision : T.13.XX...

  • Page 540: Cli Access

    Monitoring and Analyzing Switch Operation Status and Counters Data Figure B-5. Example of Management Address Information with VLANs Configured This screen displays addresses that are important for management of the switch. If multiple VLANs are not configured, this screen displays a single IP address for the entire switch.

  • Page 541: Module Information

    Monitoring and Analyzing Switch Operation Status and Counters Data Module Information Use this feature to determine which slots have modules installed and which type(s) of modules are installed. Menu: Displaying Port Status From the Main Menu, select: 1. Status and Counters … 3.

  • Page 542: Cli Access

    ProCurve J8708A 4p 10G CX4 zl Module 333333333333 ProCurve J8702A 24p Gig-T zl Module 444444444444 ProCurve J8702A 24p Gig-T zl Module 555555555555 ProCurve J8702A 24p Gig-T zl Module SG710AT0ZZ Figure B-7. Example of Show Modules Command on an 8200zl Series Switch B-12...

  • Page 543: Port Status

    Monitoring and Analyzing Switch Operation Status and Counters Data Port Status The web browser interface and the console interface show the same port status data. Menu: Displaying Port Status From the Main Menu, select: 1. Status and Counters … 4. Port Status Figure B-8.

  • Page 544: Viewing Port And Trunk Group Statistics And Flow Control Status

    Monitoring and Analyzing Switch Operation Status and Counters Data Viewing Port and Trunk Group Statistics and Flow Control Status Feature Default Menu viewing port and trunk statistics for all page B-15 page B-16 page B-16 ports, and flow control status viewing a detailed summary for a page B-15 page B-16...

  • Page 545: Menu Access To Port And Trunk Statistics

    Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to Port and Trunk Statistics To access this screen from the Main Menu, select: 1. Status and Counters … 4. Port Counters Figure B-9. Example of Port Counters on the Menu Interface To view details about the traffic on a particular port, use the [v] key to highlight that port number, then select Show Details.

  • Page 546: Cli Access To Port And Trunk Group Statistics

    Monitoring and Analyzing Switch Operation Status and Counters Data CLI Access To Port and Trunk Group Statistics To Display the Port Counter Summary Report. Syntax: show interfaces This command provides an overview of port activity for all ports on the switch. To Display a Detailed Traffic Summary for Specific Ports.

  • Page 547: Viewing The Switch's Mac Address Tables

    Monitoring and Analyzing Switch Operation Status and Counters Data Viewing the Switch’s MAC Address Tables Feature Default Menu viewing MAC addresses on all page B-17 page B-20 — ports on a specific VLAN viewing MAC addresses on a page B-19 page B-20 —...
  • Page 548 Monitoring and Analyzing Switch Operation Status and Counters Data Figure B-11. Example of the Address Table To page through the listing, use Next page and Prev page. Finding the Port Connection for a Specific Device on a VLAN. This feature uses a device’s MAC address that you enter to identify the port used by that device.
  • Page 549 Monitoring and Analyzing Switch Operation Status and Counters Data Port-Level MAC Address Viewing and Searching. This feature displays and searches for MAC addresses on the specified port instead of for all ports on the switch. From the Main Menu, select: 1.

  • Page 550: Cli Access For Mac Address Views And Searches

    To List All Learned MAC Addresses on a VLAN, with Their Port Numbers. This command lists the MAC addresses associated with the ports for a given VLAN. For example: ProCurve> show mac-address vlan 100 N o t e The switches covered in this guide operate with a multiple forwarding database architecture.

  • Page 551: Spanning Tree Protocol (Mstp) Information

    Monitoring and Analyzing Switch Operation Status and Counters Data Spanning Tree Protocol (MSTP) Information CLI Access to MSTP Data This option lists the MSTP configuration, root data, and per-port data (cost, priority, state, and designated bridge). Syntax: show spanning-tree This command displays the switch’s global and regional spanning-tree status, plus the per-port spanning-tree operation at the regional level.

  • Page 552: Internet Group Management Protocol (Igmp) Status

    Monitoring and Analyzing Switch Operation Status and Counters Data Internet Group Management Protocol (IGMP) Status The switch uses the CLI to display the following IGMP status on a per-VLAN basis: Show Command Output show ip igmp Global command listing IGMP status for all VLANs configured in the switch: •...

  • Page 553: Vlan Information

    Monitoring and Analyzing Switch Operation Status and Counters Data VLAN Information The switch uses the CLI to display the following VLAN status: Show Command Output show vlan Lists: • Maximum number of VLANs to support • Existing VLANs • Status (static or dynamic) •...
  • Page 554 Monitoring and Analyzing Switch Operation Status and Counters Data Listing the VLAN ID (VID) and Status for Specific Ports. Because ports A1 and A2 are not members of VLAN- 44, it does not appear in this listing. Figure B-17. Example of VLAN Listing for Specific Ports Listing Individual VLAN Status.

  • Page 555: Web Browser Interface Status Information

    Alert Log, which informs you of any problems that may have occurred on the switch. For more information on this screen, refer to the chapter titled “Using the ProCurve Web Browser Interface”. Port Utilization Graphs...

  • Page 556: Traffic Mirroring

    A switch can be configured as the destination for: ■ • 32 remote mirroring sessions originating on other ProCurve switches running software release K.12.xx. This allows simultaneous mirroring sessions configured on multiple source switches to be directed to one or more exit ports on a given exit switch previously configured to support those sessions.

  • Page 557: Terminology

    Monitoring and Analyzing Switch Operation Traffic Mirroring • 4 local mirroring sessions originating on the same switch as the mirrored traffic ■ A switch can be the originator (source) of four mirroring sessions, with each session mirroring traffic associated with a list composed of ports and/or static trunks, a mesh, or a VLAN interface.
  • Page 558 Allowing a mirroring exit port connection to a net- work can result in serious network performance problems, and is strongly discouraged by ProCurve Networking. Remote Exit Switch: The destination switch for mirrored traffic when the source and destination of mirrored traffic are on different switches. Also termed the Remote Destination Switch.

  • Page 559: Mirrored Traffic Destinations

    IPv4 encapsulation, if the intended exit switch is not already configured as the destination for that session, its performance may be adversely affected by the stream of mirrored traffic. For this reason, ProCurve strongly recommends that you configure the exit switch for a remote mirror- ing session before configuring the source switch for that same session.

  • Page 560: Criteria For Selecting Traffic To Mirror

    Each of the four mirroring sessions supported at a mirroring source can have either the same or a different destination. Destination options include an exit port on the source (local) switch and/or on one remote ProCurve switch configured to support remote mirroring. This offers the following benefits: ■...

  • Page 561: Configuration

    Monitoring and Analyzing Switch Operation Traffic Mirroring You can reduce the risk of oversubscribing a single exit port by directing ■ traffic from different session sources to different exit ports ■ You can segregate traffic by type, direction, or source. A given switch can operate as both a source and a destination for mirroring sessions.

  • Page 562: Endpoint Switches And Intermediate Devices

    Endpoint Switches and Intermediate Devices The endpoint switches used for remote mirroring source and remote mirroring exit functions must be ProCurve switches that support the mirroring functions described in this chapter. However, because remote mirroring on your ProCurve switch uses IPv4 encapsulation of mirrored traffic to remote desti- nation switches, the intermediate switches and routers in a layer 2/3 domain can be from any vendor supporting IPv4.

  • Page 563: Using The Menu Or Web Interface To Configure Local Mirroring

    Monitoring and Analyzing Switch Operation Traffic Mirroring N o t e s Booting from Software Versions Earlier than K.12.xx: If it is necessary to boot the switch from a legacy (pre-K.12.xx) software version after using version K.12.xx or greater to configure mirroring, remove mirroring from the configuration before booting with the earlier software.

  • Page 564: Configuration Steps

    Monitoring and Analyzing Switch Operation Traffic Mirroring Configuration Steps N o t e s If mirroring has already been enabled on the switch, the Menu screens will appear differently than shown in this section. From the Main Menu, Select: 2. Switch Configuration... 3.
  • Page 565 Monitoring and Analyzing Switch Operation Traffic Mirroring Move the cursor to the Monitoring Port parameter, then use the Space bar to select the local exit port. Figure B-21. How To Select a Local Exit Port Use the Space bar to select the port to use for sending mirrored traffic to a locally connected traffic analyzer or IDS.
  • Page 566 Monitoring and Analyzing Switch Operation Traffic Mirroring Use the down arrow key to move the cursor to the Action column for the individual port interfaces and position the cursor at a port, trunk, or mesh you want to mirror. Use the down arrow key to select the interface(s) whose traffic you want to mirror to the local exit port.

  • Page 567: Cli: Configuring Local And Remote Mirroring

    Using the CLI you can configure a mirroring session to an exit port on either the same switch as the source interface (local mirroring) or on another switch (remote mirroring). (The remote switch must be a ProCurve switch offering the full mirroring capabilities described in this chapter.)

  • Page 568: General Steps For Using The Cli To Configure Mirroring

    For this reason, ProCurve strongly recommends that you configure the exit switch for a remote mirroring session before configuring the source switch for that same session.
  • Page 569 Monitoring and Analyzing Switch Operation Traffic Mirroring b. Use one of the following commands to configure the mirroring source(s) selected in step 4 and assign them to the configured session: interface < port/trunk/mesh > monitor vlan < vid > monitor monitor mac <...

  • Page 570: Quick Reference To Local Mirroring Set-Up

    Monitoring and Analyzing Switch Operation Traffic Mirroring Quick Reference to Local Mirroring Set-Up These commands configure or remove mirroring where the mirroring source and destination are on the same switch. For command syntax details, refer to the pages listed after each heading. For each mirroring Source Switch option: The mirror command identifies the destination for the mirroring session.

  • Page 571: Quick Reference To Remote Mirroring Set-Up

    Monitoring and Analyzing Switch Operation Traffic Mirroring The no form of the command removes vlan < vid-# > mirroring source from the specified session, but leaves the session available for other assignments. N o t e If session 1 is already configured with a destination, you can execute [no] vlan <...
  • Page 572 Monitoring and Analyzing Switch Operation Traffic Mirroring the source and destination IP addresses you plan to use in the mirroring ■ session configuration in the source switch ■ the port number of the exit port you want to use on the destination switch Source Data Relates Mirrored Session to Exit Port on Destination Switch (Page B-44): mirror endpoint ip <...
  • Page 573 Monitoring and Analyzing Switch Operation Traffic Mirroring To Configure VLAN Mirroring on a Source Switch: Directional Criteria Selects Traffic To Mirror (Page B-52): [no] vlan < vid-# > monitor all < in | out | both > mirror < 1 - 4 | name-str > [<...

  • Page 574: Determine The Mirroring Session Identity And Destination

    Monitoring and Analyzing Switch Operation Traffic Mirroring 1. Determine the Mirroring Session Identity and Destination For a Local Mirroring Session. Determine the port number for the exit port (such as A5, B10, etc.), then go to “4. Configure Mirroring Sources” on page B-49.
  • Page 575 Monitoring and Analyzing Switch Operation Traffic Mirroring Syntax: mirror endpoint ip < src-ip > < src-udp-port > < dst-ip > < port-# > no mirror endpoint ip < src-ip > < src-udp-port > < dst-ip > This command is used on a destination switch to establish the endpoint for a specific mirroring session you will configure on a remote mirroring source switch.

  • Page 576: Configure The Mirroring Session On The Source Switch

    Monitoring and Analyzing Switch Operation Traffic Mirroring Syntax: mirror endpoint ip < src-ip > < src-udp-port > < dst-ip > < port-# > no mirror endpoint ip < src-ip > < src-udp-port > < dst-ip > < port-# >: Exit port for mirrored traffic from the specified session.
  • Page 577 For this reason, ProCurve strongly recommends that you configure the exit switch for a remote mirroring session, as described under “2. Configure the Remote Mirroring Session on Destination Switch”...
  • Page 578 Monitoring and Analyzing Switch Operation Traffic Mirroring Syntax: [no] mirror < 1 - 4 > [name < name-str >] remote ip < src-ip > < src-udp-port > < dst-ip > The no form of the command removes the mirroring session and any mirroring source previously assigned to that session.

  • Page 579: Configure Mirroring Sources

    Monitoring and Analyzing Switch Operation Traffic Mirroring 4. Configure Mirroring Sources This action configures a source switch with the criteria for selecting the traffic to mirror, and assigns the configured source criteria to a previously configured mirroring session. Traffic Selection Options To configure traffic mirroring, you must determine the interface, direction, and selection criteria for the traffic you want to mirror from the following options:...

  • Page 580: Using Interface Identity And Direction Of Movement To Select The Traffic To Mirror From A Source Switch

    Monitoring and Analyzing Switch Operation Traffic Mirroring Using Interface Identity and Direction of Movement To Select the Traffic To Mirror from a Source Switch Use the commands in this section to configure mirrored traffic selection for either local or remote mirroring. Options for the selection criteria includes: ■...
  • Page 581 Monitoring and Analyzing Switch Operation Traffic Mirroring — Continued from Preceding Page— mirror < 1 - 4 | < name-str >: Assigns the traffic defined by the interface and direction to a session by number or (if configured) by name. (The session must have been previously configured.
  • Page 582 Monitoring and Analyzing Switch Operation Traffic Mirroring VLAN Interface with Traffic Direction as the Selection Criteria. Use this command when the direction of traffic movement on a specific VLAN interface defines the criteria for mirroring traffic.: Syntax: vlan < vid-# > monitor all < in | out | both > mirror < 1 - 4 | name-str > [<...

  • Page 583: Using Acl Assignment And Traffic Direction To Select The Traffic To Mirror From A Source Switch

    Monitoring and Analyzing Switch Operation Traffic Mirroring — Continued from Preceding Page— [ name < name-str >]: Optional; uses a previously configured alphanumeric identifier to associate the traffic source with the mirroring session. The string can be used interchangeably with the mirroring session number when using this command to assign a mirroring source to a session.
  • Page 584 Monitoring and Analyzing Switch Operation Traffic Mirroring N o t e s If a mirroring session is configured with a mirroring source that uses an ACL for traffic selection, then no other mirroring sources can be configured to use that session. Conversely, if a mirroring session is already configured with a mirroring source that does not use an ACL, then the session cannot accept an additional mirroring source that does use an ACL.
  • Page 585 Monitoring and Analyzing Switch Operation Traffic Mirroring — Continued from Preceding Page— monitor ip access-group < acl-name > in: For the interface specified by < port/trunk/mesh >, selects the IP traffic to mirror based on the selection criteria specified in the named ACL.
  • Page 586 Monitoring and Analyzing Switch Operation Traffic Mirroring ACL (Access Control List) Selection Criteria for Mirroring from a VLAN Interface. Syntax: vlan < vid-# > monitor ip access-group < acl-name > in mirror < 1 - 4 | name-str > [< 1 - 4 | name-str >] [< 1 - 4 | name-str >] [<...

  • Page 587: Using A Mac Address As Mirroring Criteria

    Outbound traffic Both inbound and outbound traffic ■ MAC-based mirroring is useful in ProCurve Network Immunity security solu- tions that provide detection and response to malicious traffic at the network edge. After isolating a malicious MAC address, a security administrator can mirror all traffic sent to, and received from, the suspicious address for troubleshooting and traffic analysis.
  • Page 588 Monitoring and Analyzing Switch Operation Traffic Mirroring The MAC address that you enter with the monitor mac mirror command is configured to select traffic for mirroring from all ports and learned VLANs on the switch. Therefore, a suspicions MAC address used in wireless applications can be continuously monitored as it re-appears in switch traffic on different ports or VLAN interfaces.
  • Page 589 Monitoring and Analyzing Switch Operation Traffic Mirroring — Continued from Preceding Page— < src | dest | both >: Specifies how the MAC address is used to filter and mirror packets in inbound and/or outbound traffic on the interfaces on which the mirroring session is applied: src: Mirrors all packets in inbound traffic that contain the specified MAC address as source address.
  • Page 590 Monitoring and Analyzing Switch Operation Traffic Mirroring R e s t r i c t i o n s The following restrictions apply to MAC-based mirroring: ■ Up to 320 different MAC addresses are supported for traffic selection in all mirroring sessions configured on the switch. ■...

  • Page 591: Displaying The Mirroring Configuration

    Monitoring and Analyzing Switch Operation Traffic Mirroring A mirroring session in which you configure MAC-based mirroring is not ■ supported on a port, trunk, mesh or VLAN interface on which a mirroring session with ACL-based mirroring is configured. Displaying the Mirroring Configuration Displaying the Mirroring Configuration Summary Use the show monitor command to display summary information on the current source and destination mirroring configured on the switch.

  • Page 592: Network Monitoring

    For example, the following summary shows three mirroring sources (one local and two remote) and one remote mirroring destination configured on the switch. Local and Remote Mirroring Sources: ProCurve# show monitor • Session 1 is performing local mirroring from an ACL source. Network Monitoring • Session 2 is performing remote mirroring using non-ACL, MAC- based sources.

  • Page 593: Displaying The Remote Endpoint Configuration

    For example, the following output indicates that a switch is configured as the endpoint (destination) for two remote mirroring sessions from the same source. ProCurve(config)# show monitor endpoint Remote Mirroring - Remote Endpoints Type UDP Source Addr...

  • Page 594: Displaying A Mirroring Session Configuration On A Source Switch

    Monitoring and Analyzing Switch Operation Traffic Mirroring Displaying a Mirroring Session Configuration on a Source Switch Syntax: show monitor < 1 - 4 | name < name-str > Use this command to display detailed configuration information on the specified local or remote mirroring session on a source switch.
  • Page 595 2 as shown in Figure B-24, you can enter the show monitor 2 command to verify the configuration (see Figure B-25). ProCurve(config)# mirror 2 name test-10 remote ip 10.10.10.1 8010 10.10.30.2 Caution: Please configure destination switch first. Do you want to continue [y/n]? y ProCurve(config)# interface b1 monitor all both mirror 2 Figure B-24.
  • Page 596 Monitoring and Analyzing Switch Operation Traffic Mirroring ProCurve_8200(config)# show monitor 3 Network Monitoring Session: 3 Session Name: ACL: no ACL relationship exists Mirror Destination: (Port) Monitoring Sources Direction ------------------ --------- If no mirroring sources are configured for a mirroring session, no information MAC: 112233-445566 Source is displayed in these columns.

  • Page 597: Viewing Mirroring In The Current Configuration File

    Using the show run command, you can view the current mirroring configura- tion on the switch. Source mirroring session entries begin with the mirror keyword and the mirroring sources are listed per-interface. For example: ProCurve(config)# show run Running configuration: ; J8697A Configuration Editor; Created on release #K.12.XX max-vlans 300 ip access-list extended "100"...

  • Page 598: Mirroring Configuration Examples

    C24. ProCurve(config)# mirror 1 port c24 Caution: Please configure destination switch first. Do you want to continue [y/n]? y ProCurve(config)# interface a5,b17 monitor all in mirror 1 Reminder to configure mirroring Assigns mirrored inbound destination before configuring traffic from ports A5 and source.

  • Page 599: Remote Mirroring Destination Using A Vlan Interface And An Acl For Mirroring Criteria

    Monitoring and Analyzing Switch Operation Traffic Mirroring Remote Mirroring Destination Using a VLAN Interface and an ACL for Mirroring Criteria In the network shown in figure B-33, the system operator has connected a traffic analyzer to port A15 (in VLAN 30) on switch D, and wants to monitor the Telnet traffic to the server at 10.10.30.153 from the workstations on switches A and B.
  • Page 600 Monitoring and Analyzing Switch Operation Traffic Mirroring The following three figures illustrate the configuration steps on the mirroring destination switch (switch D) and on the mirroring sources (switches A and B). Since there is no need for a mirroring configuration on the intermediate device (switch C), this device can be any switch (or router) supporting IPv4 operation.

  • Page 601: Remote Mirroring Destination Using A Port Interface And Directional Mirroring Criteria

    Monitoring and Analyzing Switch Operation Traffic Mirroring Except for the differences in source VLAN and IP address, the configuration for switch B is the same as for switch 1 (figure B-35). Switch-B(config)# mirror 1 remote ip 10.10.20.145 9300 10.10.30.2 Caution: Please configure destination switch first. Do you want to continue [y/n]? y Switch-B(config)# access-list 100 permit tcp any host 10.10.30.153 eq telnet...
  • Page 602 Monitoring and Analyzing Switch Operation Traffic Mirroring Switch A VLAN 10 Switch C 10.10.10.119 VLAN 10 10.10.10.1 Server VLAN 20 10.10.30.153 Switch B 10.10.20.1 VLAN 20 VLAN 30 Switch D 10.10.20.145 10.10.30.1 VLAN 30 Traffic 10.10.30.2 Analyzer 1 VLAN 40 10.10.40.1 Traffic Analyzer 2...

  • Page 603: Maximum Supported Frame Size

    Monitoring and Analyzing Switch Operation Traffic Mirroring Mirror Session Mirror Session 2 Identity Destination Switch-A(config)# mirror 2 remote ip 10.10.10.119 9400 10.10.40.1 Caution: Please configure destination switch first. Do you want to continue [y/n]? y Switch-A(config)# interface c12 monitor all in mirror 2 Mirror Directional Criteria for Interface to...

  • Page 604: Effect Of Downstream Vlan Tagging On Untagged, Mirrored Traffic

    Monitoring and Analyzing Switch Operation Traffic Mirroring Table B-2. Maximum Frame Sizes for Mirroring Frame Type Maximum VLAN Frame Mirrored Frame Mirrored to Configuration Frame to Local Port Remote Port Size Data Data IPv4 Header Non-Jumbo 1518 1518 1464 (default config.) Jumbo on All VLANs 9216...

  • Page 605: Operating Notes

    Monitoring and Analyzing Switch Operation Traffic Mirroring Tagged 10 Gbps VLAN link. Adds 4 bytes to each frame. 6200yl Router in the 8212zl Aggregator Mirror Path Remote 1Gbps Mirror Destination Untagged 1 Gbps VLAN Links Traffic 3500yl 3500yl Analyzer Mirror Source Mirror Source Due to VLAN tagging on the 10 Gbps link, untagged traffic from the mirror sources must...
  • Page 606 Monitoring and Analyzing Switch Operation Traffic Mirroring Effect of IGMP on Mirroring: If both inbound and outbound mirroring ■ is operating when IGMP is enabled on any VLAN, two copies of mirrored IGMP frames may appear at the mirroring destination. ■...

  • Page 607: Troubleshooting Mirroring

    A mirroring exit port should be connected only to a network analyzer, IDS, or other network edge device that has no connection to other network resources. Allowing a mirroring exit port connection to a network can result in serious network performance problems, and is strongly discouraged by ProCurve Networking. B-77...

  • Page 608: Locating A Device

    Turns the chassis Locate LED on for a selected number of minutes (default is 30 minutes). Turns the chassis Locate LED off. ProCurve(config)# chassislocate blink <1-1440> Blink the chassis locate led (default 30 minutes). Turn the chassis locate led off.

  • Page 609: Contents

    Troubleshooting Contents Overview ........... . C-4 Troubleshooting Approaches .
  • Page 610 Troubleshooting Contents CLI: Clearing Event Log Entries ......C-37 CLI: Turning Event Numbering On ......C-37 Using Log Throttling to Reduce Duplicate Event Log and SNMP Messages C-37 Log Throttle Periods .
  • Page 611 Troubleshooting Contents Operating Notes ........C-71 Event Log Messages .

  • Page 612: Overview

    N o t e ProCurve periodically places switch software updates on the ProCurve Networking web site. ProCurve recommends that you check this web site for software updates that may have fixed a problem you are experiencing. For information on support and warranty provisions, refer to the Support and...

  • Page 613: Troubleshooting Approaches

    Troubleshooting Approaches Troubleshooting Approaches Use these approaches to diagnose switch problems: ■ Check the ProCurve Networking web site for software updates that may have solved your problem: www.procurve.com ■ Check the switch LEDs for indications of proper switch operation: •...

  • Page 614: Browser Or Telnet Access Problems

    Troubleshooting Browser or Telnet Access Problems Browser or Telnet Access Problems Cannot access the web browser interface: Access may be disabled by the Web Agent Enabled parameter in the switch ■ console. Check the setting on this parameter by selecting: 2.
  • Page 615 Troubleshooting Browser or Telnet Access Problems Cannot Telnet into the switch console from a station on the network: ■ Off subnet management stations can lose Telnet access if you enable routing without first configuring a static (default) route. That is, the switch uses the IP default gateway only while operating as a Layer 2 device.

  • Page 616: Unusual Network Activity

    Unusual network activity is usually indicated by the LEDs on the front of the switch or measured with the switch console interface or with a network management tool such as ProCurve Manager. Refer to the Installation Guide you received with the switch for information on using LEDs to identify unusual network activity.

  • Page 617: 802.1Q Prioritization Problems

    Troubleshooting Unusual Network Activity This can also happen, for example, if the server is first configured to issue IP addresses with an unlimited duration, then is subsequently configured to issue IP addresses that will expire after a limited duration. One solution is to configure “reservations”...
  • Page 618 Troubleshooting Unusual Network Activity Indicates that routing is enabled; a require- ment for ACL operation. (There is an exception. Refer to the Note, below.) Figure C-1. Indication that Routing Is Enabled Note If an ACL assigned to a VLAN includes an ACE referencing an IP address on the switch itself as a packet source or destination, the ACE screens traffic to or from this switch address regardless of whether IP routing is enabled.
  • Page 619 Troubleshooting Unusual Network Activity Error (Invalid input) when entering an IP address. When using the “host” option in the command syntax, ensure that you are not including a mask in either dotted decimal or CIDR format. Using the “host” option implies a specific host device and therefore does not permit any mask entry.
  • Page 620 Troubleshooting Unusual Network Activity common mistake is to either not explicitly permit the switch’s IP address as a DA or to use a wildcard ACL mask in a deny statement that happens to include the switch’s IP address. For an example of this problem, refer to the section titled “General ACL Operating Notes”...
  • Page 621 Troubleshooting Unusual Network Activity 8212zl 10 Net -- VLAN 1 Switch 2 IP: 10.08.15 10 Net -- VLAN 1 IP: 10.0.8.16 (Deflt. G’Way = 10.0.8.1) (Deflt. G’way = 10.0.8.1) Switch 1 20 Net VLAN 2 20 Net -- VLAN 2 IP: 20.0.8.1 IP: 20.0.8.21 Switch 1 cannot...

  • Page 622: Igmp-Related Problems

    Removing a port from a trunk without first disabling the port can create a traffic loop that can slow down or halt your network. Before removing a port from a trunk, ProCurve recommends that you either disable the port or disconnect it from the LAN.

  • Page 623: Mesh-Related Problems

    Troubleshooting Unusual Network Activity Mesh-Related Problems Traffic on a dynamic VLAN does not get through the switch mesh . GVRP enables dynamic VLANs. Ensure that all switches in the mesh have GVRP enabled. Port-Based Access Control (802.1X)-Related Problems Note To list the 802.1X port-access Event Log messages stored on the switch, use show log 802.
  • Page 624 Troubleshooting Unusual Network Activity VLAN as untagged on the port to support the client access, as specified in the response from the RADIUS server. Refer to “How 802.1X Authentication Affects VLAN Operation” in the Access Security Guide for your switch. The switch appears to be properly configured as a supplicant, but cannot gain access to the intended authenticator port on the switch to which it is connected.
  • Page 625 Troubleshooting Unusual Network Activity RADIUS server fails to respond to a request for service, even though the server’s IP address is correctly configured in the switch. Use show radius to verify that the encryption key (RADIUS secret key) the switch is using is correct for the server being contacted.

  • Page 626: Qos-Related Problems

    Troubleshooting Unusual Network Activity QoS-Related Problems Loss of communication when using VLAN-tagged traffic. If you cannot communicate with a device in a tagged VLAN environment, ensure that the device either supports VLAN tagged traffic or is connected to a VLAN port that is configured as Untagged Radius-Related Problems...

  • Page 627: Spanning-Tree Protocol (Mstp) And Fast-Uplink Problems

    Troubleshooting Unusual Network Activity Global RADIUS Encryption Key Unique RADIUS Encryption Key for the RADIUS server at 10.33.18.119 Figure C-7. Examples of Global and Unique Encryption Keys Spanning-Tree Protocol (MSTP) and Fast-Uplink Problems C a u t i o n If you enable MSTP, it is recommended that you leave the remainder of the MSTP parameter settings at their default values until you have had an oppor- tunity to evaluate MSTP performance in your network.

  • Page 628: Ssh-Related Problems

    Troubleshooting Unusual Network Activity Fast-Uplink Troubleshooting. Some of the problems that can result from incorrect usage of Fast-Uplink MSTP include temporary loops and generation of duplicate packets. Problem sources can include: ■ Fast-Uplink is configured on a switch that is the MSTP root device. ■...
  • Page 629 Troubleshooting Unusual Network Activity Switch does not detect a client’s public key that does appear in the switch’s public key file (show ip client-public-key). The client’s public key entry in the public key file may be preceded by another entry that does not terminate with a new line (CR).

  • Page 630: Tacacs-Related Problems

    Troubleshooting Unusual Network Activity TACACS-Related Problems Event Log. When troubleshooting TACACS+ operation, check the switch’s Event Log for indications of problem areas. All Users Are Locked Out of Access to the Switch. If the switch is func- tioning properly, but no username/password pairs result in console or Telnet access to the switch, the problem may be due to how the TACACS+ server and/or the switch are configured.
  • Page 631 Troubleshooting Unusual Network Activity The encryption key configured in the server does not match the ■ encryption key configured in the switch (by using the tacacs-server key command). Verify the key in the server and compare it to the key configured in the switch.

  • Page 632: Timep, Sntp, Or Gateway Problems

    Troubleshooting Unusual Network Activity TimeP, SNTP, or Gateway Problems The Switch Cannot Find the Time Server or the Configured Gateway . TimeP, SNTP, and Gateway access are through the primary VLAN, which in the default configuration is the DEFAULT_VLAN. If the primary VLAN has been moved to another VLAN, it may be disabled or does not have ports assigned to it.
  • Page 633 Troubleshooting Unusual Network Activity Link supporting VLAN_1 and VLAN_2 Switch “Y” Switch “X” Port Y- 7 Port X-3 VLAN Port Assignment VLAN Port Assignment Port VLAN_1 VLAN_2 Port VLAN_1 VLAN_2 Untagged Tagged Untagged Tagged Figure C-8. Example of Correct VLAN Port Assignments on a Link If VLAN_1 (VID=1) is configured as “Untagged”...

  • Page 634: Fan Failure

    When two or more fans fail, a tow-minute timer starts. After two minutes, the switch is powered down and must be rebooted to restart it. This protects the switch from possible overheating. ProCurve recommends that you replace a failed fan tray assembly within one minute of removing it. C-26...

  • Page 635: Using The Event Log For Troubleshooting Switch Problems

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems Using the Event Log for Troubleshooting Switch Problems The Event Log records operating events in single- or double-line entries and serves as a tool to isolate and troubleshoot problems. Starting in software release K.13.xx, the maximum number of entries supported in the Event Log is increased from 1000 to 2000 entries.
  • Page 636 Troubleshooting Using the Event Log for Troubleshooting Switch Problems (debug) is reserved for ProCurve internal diagnostic information. Date is the date in the format mm/dd/yy when an entry is recorded in the log. Time is the time in the format hh:mm:ss when an entry is recorded in the log.
  • Page 637 Cisco Discovery Protocol: Supports reading CDP packets Management and Configuration Guide received from neighbor devices, enabling a switch to learn about adjacent CDP devices. ProCurve switches do not support the transmission of CDP packets to neighbor devices. chassis Hardware operation, including modules and ports, power...
  • Page 638 Access Security Guide type, the switch can forward or drop traffic to a specific set of destination ports on the switch. licensing ProCurve premium licensing: Provide access to expanded Premium License Installation Guide features on certain ProCurve network devices. C-30...
  • Page 639 VLAN. • MAC lockout blocks a specific MAC address so that the switch drops all traffic to or from the specified address. ProCurve Manager (PCM) and ProCurve Manager Plus Management and Configuration Guide (PCM+): Windows-based network management solutions for managing and monitoring performance of ProCurve devices.
  • Page 640 Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Documented in ProCurve Hardware/ Description Module Software guide Multicast Listener Discovery (MLD): IPv6 protocol used by a Multicast and Routing Guide router to discover the presence of multicast listeners. MLD can also optimize IPv6 multicast traffic flow with the snooping feature.
  • Page 641 ROM image, memory buffers, traffic Access Security Guide and security filters. System messages also include events from Management interfaces (menu, CLI, web browser, ProCurve Manager) used to reconfigure the switch and monitor switch status and performance. tacacs...
  • Page 642 IP broadcasts addressed to a UDP application port on a network server. update Updates (TFTP or serial) to ProCurve software and updates to Management and Configuration Guide running-config and start-up config files Auxiliary port that allows you to connect external devices to Installation and Getting Started Guide the switch.

  • Page 643: Menu: Displaying And Navigating In The Event Log

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Documented in ProCurve Hardware/ Description Module Software guide xrrp Extended Router Redundancy Protocol: Routing protocol not — used for logging messages in software release K.13. Menu: Displaying and Navigating in the Event Log To display the Event Log from the Main Menu, select Event Log.

  • Page 644: Cli: Displaying The Event Log

    Examples. To display all Event Log messages that have “system” in the message text or module name, enter the following command: ProCurve# show logging -a system To display all Event Log messages recorded since the last reboot that have the word, “system”, in the message text or module name, enter:...

  • Page 645: Cli: Clearing Event Log Entries

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems CLI: Clearing Event Log Entries Use the clear logging command to hide, but not erase, Event Log entries displayed in show logging command output. Only new entries generated after you enter the command will be displayed. To redisplay all hidden entries, including Event Log entries recorded prior to the last reboot, enter the show logging -a command.

  • Page 646: Log Throttle Periods

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems includes counter data showing how many times the event has occurred since the last reboot. The switch manages messages to SNMP trap receivers in the same way. Log Throttle Periods The length of the log throttle period differs according to an event’s severity level: Severity Level Log Throttle Period...
  • Page 647 Troubleshooting Using the Event Log for Troubleshooting Switch Problems If PIM operation caused the same event to occur six more times during the initial log throttle period, there would be no further entries in the Event Log. However, if the event occurred again after the log throttle period expired, the switch would repeat the message (with an updated counter) and start a new log throttle period.

  • Page 648: Example Of Event Counter Operation

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems Example of Event Counter Operation Suppose the switch detects the following after a reboot: ■ Three duplicate instances of the PIM “Send error” during the first log throttle period for this event ■...

  • Page 649: Debug/Syslog Operation

    Troubleshooting Debug/Syslog Operation Debug/Syslog Operation While the Event Log records switch-level progress, status, and warning messages on the switch, the Debug/System Logging (Syslog) feature provides a way to record Event Log and debug messages on a remote device. For example, you can send messages about routing misconfigurations and other network protocol details to an external device, and later use them to debug network-level problems.

  • Page 650: Debug/Syslog Configuration Commands

    Troubleshooting Debug/Syslog Operation Debug/Syslog Configuration Commands Event — Automatically sends switch-level event messages to the switch’s Event Log. Debug Notification and Syslog do not affect this operation, but add the capability of directing Event Logging Log messaging to an external device. logging <syslog-ip-addr>...
  • Page 651 ■ Series 2600 switches and the Switch 6108 (software release H.07.30 or greater) For the latest feature information on ProCurve switches, visit the ProCurve Networking web site and check the latest release notes for the switch products you use. ■...

  • Page 652: Configuring Debug/Syslog Operation

    < debug- type > command: ProCurve# debug < acl | all | event | ip [ospf-rip] | lldp > Repeat this step if necessary to enable multiple debug message types.

  • Page 653: Displaying A Debug/Syslog Configuration

    To remove a configured setting and restore the default values that send all Event Log messages, enter one or both of the following commands: ProCurve(config)# no logging severity < debug | major | error | warning | info> ProCurve(config)# no logging system-module < system-module >...
  • Page 654 Enabled debug types: Event Log messages to send to the event Syslog server. ProCurve(config)# logging severity error ProCurve(config)# logging system-module iplock Figure C-2. Syslog Configuration to Receive Event Log Messages From Specified System Module and Severity Levels C-46...
  • Page 655 Troubleshooting Debug/Syslog Operation As shown at the top of Figure C-2, if you enter the show debug command when no Syslog server IP address is configured, the configuration settings for Syslog server facility, Event Log severity level and system module are not displayed. However, after you configure a Syslog server address and enable Syslog logging, all debug and logging settings are displayed with the show debug command.
  • Page 656 Configure the debug messages types that you want to send to the Syslog ProCurve(config)# no debug event server and CLI session. ProCurve(config)# debug acl ProCurve(config)# debug ip ospf packet ProCurve(config)# debug destination session ProCurve(config)# show debug Configure the CLI session as a debug destination.

  • Page 657: Debug Command

    Troubleshooting Debug/Syslog Operation Debug Command At the manager level, use the debug command to perform two main functions: ■ Specifies the types of event messages to be sent to an external destination. Specifies the destinations to which selected message types are sent. ■...
  • Page 658 Troubleshooting Debug/Syslog Operation Syntax: [no] debug < debug-type > (Continued) event Event Log messages are automatically enabled to be sent to debug destinations in these conditions: • If no Syslog server address is configured and you enter the logging <syslog-ip-addr> command to configure a destination address.

  • Page 659: Debug Destinations

    Telnet, or SSH access to the CLI at the Manager level prompt (ProCurve#_ ). If more than one terminal device has a console session with the CLI, you can redirect the desti- nation from the current device to another device.

  • Page 660: Logging Command

    Event Log messages of all severity levels and from all system modules are sent to configured Syslog servers: ProCurve(config)# no logging severity < debug | major | error | warning | info> ProCurve(config)# no logging system-module < system-module > C-52...

  • Page 661: Configuring A Syslog Server

    Troubleshooting Debug/Syslog Operation Configuring a Syslog Server Syslog is a client-server logging tool that allows a client switch to send event notification messages to a networked device operating with Syslog server software. Messages sent to a Syslog server can be stored to a file for later debugging analysis.
  • Page 662 Troubleshooting Debug/Syslog Operation Syntax: [no] logging < syslog-ip-addr > Enables or disables Syslog messaging to the specified IP address. You can configure up to six addresses. If you configure an address when none are already configured, this command enables destination logging (Syslog) and the Event debug type.
  • Page 663 - local17 — Reserved for system use Use the no form of the command to remove the configured facility and reconfigure the default (user) value. For a list of supported ProCurve switches, refer to the Note on page C-43. C-55...

  • Page 664: Configuring The Severity Level For Event Log Messages Sent To A

    Warning: A switch service has behaved unexpectedly. Information: Information on a normal switch event. Debug: Reserved for ProCurve internal diagnostic information. Using the logging severity command, you can select a set of Event Log messages according to their severity level and send them to a Syslog server.

  • Page 665: Syslog Server

    Troubleshooting Debug/Syslog Operation Configuring the System Module Used to Select the Event Log Messages Sent to a Syslog Server Event Log messages contain the name of the system module that reported the event. Using the logging system-module command, you can select a set of Event Log messages according to the originating system module and send them to a Syslog server.

  • Page 666: Operating Notes For Debug And Syslog

    Troubleshooting Debug/Syslog Operation Operating Notes for Debug and Syslog Rebooting the Switch or pressing the Reset button resets the ■ Debug Configuration. Debug Option Effect of a Reboot or Reset logging (debug destination) If Syslog server IP addresses are stored in the startup-config file, they are saved across a reboot and the logging destination option remains enabled.

  • Page 667: Diagnostic Tools

    Troubleshooting Diagnostic Tools Diagnostic Tools Diagnostic Features Feature Default Menu Port Auto negotiation Ping Test — page C-62 page C-61 Link Test — page C-62 page C-61 Display Config File — page C-73 page C-73 Admin. and Troubleshooting — page C-75 —...

  • Page 668: Ping And Link Tests

    Troubleshooting Diagnostic Tools Ping and Link Tests The Ping test and the Link test are point-to-point tests between your switch and another IEEE 802.3-compliant device on your network. These tests can tell you whether the switch is communicating properly with another device. N o t e To respond to a Ping test or a Link test, the device you are trying to reach must be IEEE 802.3-compliant.

  • Page 669: Web: Executing Ping Or Link Tests

    Troubleshooting Diagnostic Tools Web: Executing Ping or Link Tests 1. Click here. 2. Click here. 3. Select Ping Test (the default) or Link Test 4. For a Ping test, enter the IP address of the target device. For a Link test, enter the MAC address of the target device.

  • Page 670: Cli: Ping Or Link Tests

    Troubleshooting Diagnostic Tools Number of Packets to Send is the number of times you want the switch to attempt to test a connection. Timeout in Seconds is the number of seconds to allow per attempt to test a connection before determining that the current attempt has failed. To halt a Link or Ping test before it concludes, click on the Stop button.
  • Page 671 Troubleshooting Diagnostic Tools Link Tests. You can issue single or multiple link tests with varying repeti- tions and timeout periods. The defaults are: ■ Repetitions: 1 (1 - 999) Timeout: 5 seconds (1 - 256 seconds) ■ Syntax: link < mac-address > [repetitions < 1 - 999 >] [timeout < 1 - 256 >] [vlan <...

  • Page 672: Dns Resolver

    Troubleshooting Diagnostic Tools DNS Resolver The Domain Name System (DNS) resolver is designed for use in local network domains where it enables use of a host name or fully qualified domain name with DNS-compatible switch CLI commands. (At software release K.13.01, the DNS-compatible commands include ping and traceroute .) Beginning with software release K.13.01, DNS operation supports both IPv4 and IPv6 DNS resolution and multiple, prioritized DNS servers.

  • Page 673: Basic Operation

    DNS server. Example. Suppose the switch is configured with the domain suffix mygroup.procurve.net and the IP address for an accessible DNS server. If an operator wants to use the switch to ping a target host in this domain by using the DNS name “leader”...

  • Page 674: Configuring And Using Dns Resolution With Dns-Compatible

    Example. Suppose the switch is configured with the domain suffix mygroup.procurve.net and the IP address for an accessible DNS server in this same domain. This time, the operator wants to use the switch to trace the route to a host named “remote-01”...

  • Page 675: Configuring A Dns Entry

    Troubleshooting Diagnostic Tools The domain name for an accessible domain in which there are hosts you want to reach with a DNS-compatible command. (This is the domain suffix in the fully qualified domain name for a given host operating in the selected domain. Refer to “Terminology” on page C- 64.) Note that if a domain suffix is not configured, fully qualified domain names can be used to resolve DNS-compatible commands.

  • Page 676: Example Using Dns Names With Ping And Traceroute

    Troubleshooting Diagnostic Tools Syntax: [no] ip dns domain-name < domain-name-suffix > This optional DNS command configures the domain suffix that is automatically appended to the host name entered with a DNS-compatible command. When the domain suffix and the IP address for a DNS server that can access that domain are both configured on the switch, you can execute a DNS-compatible command using only the host name of the desired target.
  • Page 677 With the above already configured, the following commands enable a DNS- compatible command with the host name docserver to reach the document server at 10.28.229.219. ProCurve(config)# ip dns server-address 10.28.229.10 ProCurve(config)# ip dns domain-name pubs.outdoors.com Figure C-19. Configuring Switch “A” in FigureC-18 To Support DNS Resolution ProCurve# ping docservr 10.28.229.219 is alive, time = 1 ms...

  • Page 678: Viewing The Current Dns Configuration

    DNS- compatible commands. For example, using the document server in Figure C- 18 as a target: ProCurve# ping docservr.pubs.outdoors.com 10.28.229.219 is alive, time = 1 ms Target’s Fully Qualified Domain Name ProCurve# traceroute docservr.pubs.outdoors.com...

  • Page 679: Operating Notes

    Troubleshooting Diagnostic Tools Operating Notes ■ Configuring another IP address for a priority that has already been assigned to an IP address is not allowed. To replace one IP address at a given priority level with another address having the same priority, you must first use the no form of the command to remove the unwanted address.

  • Page 680: Event Log Messages

    Troubleshooting Diagnostic Tools Event Log Messages Message Meaning DNS server address not configured The switch does not have an IP address configured for the DNS server. DNS server not responding The DNS server failed to respond or is unreachable. An incorrect server IP address can produce this result.

  • Page 681: Displaying The Configuration File

    Troubleshooting Diagnostic Tools Displaying the Configuration File The complete switch configuration is contained in a file that you can browse from either the web browser interface or the CLI. It may be useful in some troubleshooting scenarios to view the switch configuration. CLI: Viewing the Configuration File Using the CLI, you can display either the running configuration or the startup configuration.
  • Page 682 Troubleshooting Diagnostic Tools Status and counters — port status ■ ■ IP routes ■ Status and counters — VLAN information GVRP support ■ ■ Load balancing (trunk and LACP) Syntax:show tech Executing show tech outputs a data listing to your terminal emulator. However, using your terminal emulator’s text capture features, you can also save show tech data to a text file for viewing, printing, or sending to an associate.

  • Page 683: Cli Administrative And Troubleshooting Commands

    Diagnostic Tools Click [Start] to create and open the text file. Execute show tech: ProCurve# show tech Each time the resulting listing halts and displays -- MORE --, press the Space bar to resume the listing. b. When the CLI prompt appears, the show tech listing is complete. At this point, click on Transfer | Capture Text | Stop in HyperTerminal to stop copying data into the text file created in the preceding steps.

  • Page 684: Traceroute Command

    Troubleshooting Diagnostic Tools setup Displays the Switch Setup screen from the menu interface. repeat Repeatedly executes the previous command until a key is pressed. kill Terminates all other active sessions. Traceroute Command The traceroute command enables you to trace the route from the switch to a host address.
  • Page 685 Troubleshooting Diagnostic Tools [maxttl < 1-255 >] For the current instance of traceroute, changes the maximum number of hops allowed for each probe packet sent along the route. If the destination address is further from the switch than maxttl allows, then traceroute lists the IP addresses for all hops it detects up to the maxttl limit.
  • Page 686 Troubleshooting Diagnostic Tools Traceroute does not reach destination IP address because of low maxttl setting. The asterisk indicates there was a timeout on the second probe to the third hop. Figure C-26. Example of Incomplete Traceroute Due to Low Maxttl Setting If A Network Condition Prevents Traceroute from Reaching the Destination.

  • Page 687: Restoring The Factory-Default Configuration

    ■ Clear/Reset button combination N o t e ProCurve recommends that you save your configuration to a TFTP server before resetting the switch to its factory-default configuration. You can also save your configuration via Xmodem, to a directly connected PC.

  • Page 688: Restoring A Flash Image

    Troubleshooting Restoring a Flash Image When the Self Test LED begins to flash, release the Clear button. The switch will then complete its self test and begin operating with the configuration restored to the factory default settings. Restoring a Flash Image The switch can lose its operating system if either the primary or secondary flash image location is empty or contains a corrupted OS file and an operator uses the erase flash command to erase a good OS image file from the opposite...
  • Page 689 Troubleshooting Restoring a Flash Image Since the OS file is large, you can increase the speed of the download by changing the switch console and terminal emulator baud rates to a high speed. For example: Change the switch baud rate to 115,200 Bps. =>...
  • Page 690 Troubleshooting Restoring a Flash Image Figure C-28. Example of Xmodem Download in Progress When the download completes, the switch reboots from primary flash using the OS image you downloaded in the preceding steps, plus the most recent startup-config file. C-82...

  • Page 691: Contents

    MAC Address Management Contents Overview ........... . D-2 Determining MAC Addresses .

  • Page 692: Overview

    MAC Address Management Overview Overview The switch assigns MAC addresses in these areas: ■ For management functions, one Base MAC address is assigned to the default VLAN (VID = 1). (All VLANs on the switches covered in this guide use the same MAC address.) For internal switch operations: One MAC address per port (Refer to “CLI: ■...

  • Page 693: Determining Mac Addresses

    MAC Address Management Determining MAC Addresses Determining MAC Addresses MAC Address Viewing Methods Feature Default Menu view switch’s base (default vlan) MAC address — and the addressing for any added VLANs view port MAC addresses (hexadecimal format) n/a — — ■...

  • Page 694: Menu: Viewing The Switch's Mac Addresses

    MAC Address Management Determining MAC Addresses Menu: Viewing the Switch’s MAC Addresses The Management Address Information screen lists the MAC addresses for: ■ Base switch (default VLAN; VID = 1) Any additional VLANs configured on the switch. ■ Also, the Base MAC address appears on a label on the back of the switch. N o t e The Base MAC address is used by the first (default) VLAN in the switch.

  • Page 695: Cli: Viewing The Port And Vlan Mac Addresses

    ProCurve# walkmib ifPhysAddress (The above command is not case-sensitive.) For example, a ProCurve 8212zl switch with the following module configura- tion shows MAC address assignments similar to those shown in figure D-2: a 4-port module in slot A, a 24-port module in slot C, and no modules in ■...
  • Page 696 MAC Address Management Determining MAC Addresses ProCurve# walkmib ifphysaddress ifPhysAddress.1 - 4: Ports A1 - A4 in Slot A ifPhysAddress.1 = 00 12 79 88 b1 ff ifPhysAddress.2 = 00 12 79 88 b1 fe (Addresses 5 - 24 in slot A are unused.) ifPhysAddress.3 = 00 12 79 88 b1 fd...

  • Page 697: Viewing The Mac Addresses Of Connected Devices

    MAC Address Management Viewing the MAC Addresses of Connected Devices Viewing the MAC Addresses of Connected Devices Syntax: show mac-address [ | mac-addr | Lists the MAC addresses of the devices the switch has detected, along with the number of the specific port on which each MAC address was detected.
  • Page 698 MAC Address Management Viewing the MAC Addresses of Connected Devices...

  • Page 699: Contents

    Monitoring Resources Contents Viewing Information on Resource Usage ..... . . E-2 Policy Enforcement Engine ........E-2 Displaying Current Resource Usage .

  • Page 700: Viewing Information On Resource Usage

    Monitoring Resources Viewing Information on Resource Usage Viewing Information on Resource Usage The switch allows you to view information about the current usage and availability of resources in the Policy Enforcement engine, including the following software features: ■ Access control lists (ACLs) ■...

  • Page 701: Displaying Current Resource Usage

    Monitoring Resources Viewing Information on Resource Usage QoS configurations ■ ■ Management VLAN configuration ■ DHCP snooping Dynamic ARP protection ■ ■ Remote-mirroring endpoint configuration Resource usage on the following features, which are configured per-port, applies only to the slot or port group on which the feature is configured: ACLs applied per-port through RADIUS authentication ■...
  • Page 702 IDM resources on ports 25-48, and ICMP rate-limiting usage of different resource levels on ports 1-24 and 25-48, and on slot A. The “IDM” column shows the rules used for RADIUS-based authentication with or without the IDM option. ProCurve# show access-list resources Resource usage in Policy Enforcement Engine Rules...

  • Page 703: When Insufficient Resources Are Available

    If virus throttling is enabled on a port and a large amount of IPv6 traffic goes through that port, the CPU resources may be used up. ProCurve recommends that you do not enable virus throttling on any port that may receive large amounts of IPv6 traffic.
  • Page 704 Monitoring Resources When Insufficient Resources Are Available...
  • Page 705 • ProCurve AdvanceStack Routers ProCurve switches provide a way to automatically adjust the system clock for Daylight Savings Time (DST) changes. To use this feature you define the month and date to begin and to end the change from standard time. In addition to the value “none”...
  • Page 706 Daylight Savings Time on ProCurve Switches Middle Europe and Portugal: • Begin DST at 2am the first Sunday on or after March 25th. • End DST at 2am the first Sunday on or after September 24th. Southern Hemisphere: • Begin DST at 2am the first Sunday on or after October 25th.
  • Page 707 Daylight Savings Time on ProCurve Switches Before configuring a “User defined” Daylight Time Rule, it is important to understand how the switch treats the entries. The switch knows which dates are Sundays, and uses an algorithm to determine on which date to change the system clock, given the configured “Beginning day”...
  • Page 708 Daylight Savings Time on ProCurve Switches...
  • Page 709 Scalability: IP Address, VLAN, and Routing Maximum Values The following table lists the switch scalability values for the areas of VLANs, hardware, ARP, and routing. Subject Maximum Layer-3 VLANs with at least one IP Address IP addresses per system 2048 IP 2048 IPv6 IP addresses per VLAN static routes...
  • Page 710 Scalability: IP Address, VLAN, and Routing Maximum Values...
  • Page 711 Index Symbols sorting the entries … 5-20 allocation, class … 11-20 allocation, value … 11-20 => prompt … C-80 arp age, default … 8-7 Numerics maximums … G-1 ARP protection 802.1X SNMP notification … 14-17, 14-26 effect, LLDP … 14-78 asterisk LLDP blocked …...
  • Page 712 boot ROM console … A-4 configuration boot ROM mode … C-80 Bootp … 8-13 boot-history command … 15-42 comparing startup to running … 6-6 Bootp console … 7-3 Bootp table file … 8-13 copying … A-24 Bootptab file … 8-13 factory default …...
  • Page 713 default reboot from primary … 6-32 context level erasing … 6-35 global config … 4-5, 8-10 memory assignments … 6-29 manager level … 4-5 memory slot … 6-27, 6-30, 6-32 moving between contexts … 4-7 minconfig … 6-32, 6-36 port or trunk-group … 4-13 newconfig …...
  • Page 714 address problems … C-8 switch-to-switch … A-20 Bootp operation … 8-12 TFTP … A-5 effect of no reply … C-8 troubleshooting … A-6 manual gateway precedence … 8-12 Xmodem … A-15 DHCP snooping See also switch software. resource usage … E-2 duplex advertisements …...
  • Page 715 factory default configuration starving queues … 13-21 restoring … 6-9, C-79 failure, switch software download … A-7 fans, show status … B-8 Help fastboot command … 6-24 for CLI … 1-7, 4-11 fault detection policy … 5-8, 5-24 for menu interface … 1-6, 3-9, 3-11 fault-tolerance …...
  • Page 716 not working … C-14 statistics … B-22 jumbo frames inactivity timeout … 7-4 configuration … 13-29 Inbound Telnet Enabled parameter … C-7 excessive inbound … 13-35 informs flow control … 13-35 sending to trap receiver … 14-20 GVRP operation … 13-28 SNMP …...
  • Page 717 status, terms … 12-21 general operation … 14-40 STP … 12-23 global counters … 14-75 trunk limit … 12-19 holdtime multiplier … 14-49 VLANs … 12-23 hub, packet-forwarding … 14-40 with 802.1X … 12-22 IEEE P802.1AB/D9 … 14-43 with port security … 12-22 inconsistent value …...
  • Page 718 SNMP notification … 14-42 lost password … 5-10 SNMP traps … 14-42 spanning-tree blocking … 14-45 standards compatibility … 14-43 MAC address … 8-13, B-7, D-2 statistics … 14-75 displaying detected devices … D-7 statistics, displaying … 14-75 duplicate … C-19, C-25 system capabilities …...
  • Page 719 mirroring … B-26 exit port, local mirroring … B-28, B-39 meshed ports, mirroring … B-29 exit port, oversubscribe … B-31 exit port, remote mirroring … B-28, B-42 HP proprietary … 14-4 exit port, VLAN rule … B-27, B-28, B-30, B-38, listing …...
  • Page 720 rate … B-32 See mirroring. remote destination switch MPS, defined … 11-4 See remote exit switch. Multiline Telephone system … 14-39 remote, configuration steps … B-38 multinetting … 8-3, 8-8 remote, defined … B-29 See also ACLs. remote, first release … B-26 multiple configuration file remote, supported switches …...
  • Page 721 console … 3-7 power, provisioning … 11-5 creating … 5-8 prioritizing power … 11-10 delete … 5-10 priority class … 11-4, 11-11 disables usb autorun … A-41 priority class, defined … 11-4 if you lose the password … 5-10 priority policies … 11-33 lost …...
  • Page 722 … 12-7 updating switch software … A-22 static trunk, overview … 12-4 using Java-enabled browser … 5-5 static/dynamic limit … 12-19 ProCurve, HP, URL … 14-4 STP … 12-8 prompt, => … C-80 STP operation … 12-7 PSAP … 14-39...
  • Page 723 PSE … 14-39 See also boot. PSE, defined … 11-4 redundancy … 11-16 Public Safety Answering Point … 14-39 boot command … 15-29 public SNMP community … 14-5, 14-13 boot-history … 15-42 causes of switchover … 15-13 disabling … 15-6, 15-21 downloading software …...
  • Page 724 RFC 2863 … 14-43, 14-44 username and password … 5-8 RFC 2922 … 14-43 web browser access, RADIUS … 5-8 RFC 3176 … 14-33 Self Test LED See also MIB. behavior during factory default reset … C-80 serial number … B-7 broadcast traffic …...
  • Page 725 configusing trap receivers … 14-19 operating modes … 9-2 DHCP snooping events … 14-17 poll interval different versions … 14-17 See TimeP. enabling informs … 14-21 priority … 9-14 enabling network security traps … 14-27 selecting … 9-3 enabling SNMPv3 … 14-23 server priority …...
  • Page 726 See console. SSH exclusion … A-14 switch setup menu … 3-8 Telnet switch software connecting to switch … 3-4 copy from a USB device … A-18 enable/disable … 7-4 download using TFTP … A-4 outbound … 7-6 download, failure indication … A-7 terminate session, kill command …...
  • Page 727 TLV … 14-40 ping and link tests … C-60 TLVs, mandatory … 14-78 resource usage … E-2 traceroute … C-64, C-66, C-69 restoring factory default configuration … C-79 asterisk … C-78 spanning tree … C-19 blocked route … C-78 SSH … C-20 fails …...
  • Page 728 … 5-13 transceiver status … 10-9 management … 5-13 virtual interface management server … 5-12, 5-13 See loopback interface ProCurve … 5-13, 14-4 virus-throttling support … 5-12, 5-13 See connection-rate filtering. VLAN autorun … A-37–A-42 address …...
  • Page 729 … 15-36 walkmib … 11-22, 14-43, D-5, D-6 web site, HP … 14-4 warranty … -ii world wide web site, HP web agent See ProCurve. advantages … 2-5 write access … 14-13 disabling access … 5-2 write memory enable/disable … 7-4 effect on menu interface …...
  • Page 730 20 – Index...
  • Page 732 © Copyright 2005-2008 Hewlett-Packard Development Company, L.P. January 2008 Manual Part Number 5992-3059...

This manual is also suitable for:

6200yl series5400zl series3500yl series

Table of Contents