HPE OfficeConnect 1920S8G series Management And Configuration Manual
  1. Manuals
  2. Brands
  3. HPE Manuals
  4. Switch
  5. OfficeConnect 1920S8G series
  6. Management and configuration manual

HPE OfficeConnect 1920S8G series Management And Configuration Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

HPE OfficeConnect 1920S
8G/24G/48G Switch Series
Management and Configuration
Guide
Abstract
Use this guide to assist in managing the following HPE OfficeConnect 1920S switches:
HPE OfficeConnect 1920S 8G Switch (JL380A)
HPE OfficeConnect 1920S 24G Switch (JL381A)
HPE OfficeConnect 1920S 48G Switch (JL382A)
HPE OfficeConnect 1920S 8G PPoE+ (65W) Switch (JL383A)
HPE OfficeConnect 1920S 24G PPoE+(185W) Switch (JL384A)
HPE OfficeConnect 1920S 24G PoE+(370W) Switch (JL385A)
HPE OfficeConnect 1920S 48G PPoE+ (370W) Switch (JL386A)
Part Number: 5200-2836a
Published: June 2017
Edition: 2

Advertisement

Table of Contents
loading

Related Manuals for HPE OfficeConnect 1920S8G series

Summary of Contents for HPE OfficeConnect 1920S8G series

  • Page 1 8G/24G/48G Switch Series Management and Configuration Guide Abstract Use this guide to assist in managing the following HPE OfficeConnect 1920S switches: HPE OfficeConnect 1920S 8G Switch (JL380A) HPE OfficeConnect 1920S 24G Switch (JL381A) HPE OfficeConnect 1920S 48G Switch (JL382A) HPE OfficeConnect 1920S 8G PPoE+ (65W) Switch (JL383A)
  • Page 2 This offer is valid to anyone in receipt of this information and shall expire three years following the date of the final distribu- tion of this product version by Hewlett Packard Enterprise Company. To receive the CD, HPE charges a small fee in order to cover the actual costs of manufacturing and shipping the CD.

  • Page 3: Table Of Contents

    Contents Preface......................10 About This Document ........................10 Audience ..........................10 About Your Switch Manual Set ..................... 10 Supported Features ........................11 1 Getting Started .....................12 Connecting the Switch to a Network..................... 12 Operating System and Browser Support................13 Getting Started With the Web Interface ..................13 Logging On..........................
  • Page 4 4 Switching Features..................36 Port Configuration......................... 36 Port Status ..........................36 Modifying Interface Settings .................... 38 Port Summary Statistics ......................39 Port Mirroring ..........................40 Port Mirroring Configuration ....................40 Configuring a Port Mirroring Session................41 Configuring a Port Mirroring Source ................42 Configuring the Port Mirroring Session Destination............
  • Page 5 Adding an SNMP v3 Trap Receiver................. 71 Removing an SNMP v3 Trap Receiver................72 Access Control Group ......................72 Adding an SNMP Access Control Group ................. 73 Removing an SNMP Access Control Group ..............73 User Security Model ....................... 74 Adding an SNMP v3 User....................
  • Page 6 Modifying Port PoE Settings ....................105 Viewing PoE Port Details ..................... 106 PoE Port Schedule ........................107 Configuring an Absolute Time Period .................. 108 Adding a Periodic Time Period..................... 109 9 Routing .......................110 Routing IP Interface Summary ..................... 110 Global Routing IP Configuration................... 112 Routing IP VLAN/Interface Configuration................
  • Page 7 Adding a Rule to an Extended or Named IPv4 ACL ............137 Adding a Rule to an Extended MAC ACL ..............140 Access Control List Interface Summary ................143 Associating an ACL with an Interface ................143 Removing an Association Between an ACL and an Interface ........144 Access Control List VLAN Summary..................
  • Page 8 Configuring Protected Ports......................176 Protected Ports Configuration ....................176 Creating a Protected Ports Group ................. 176 Editing a Protected Ports Group ..................177 Removing a Protected Ports Group ..................177 Storm Control..........................178 12 Green Features ..................180 Green Features Configuration ....................180 EEE Status ..........................
  • Page 9 B Warranty information .................209 Warranty information ........................209 Contents...

  • Page 10: Preface

    About This Document The HPE OfficeConnect 1920S Switch Series provides reliable, plug-and-play Gigabit network connec- tivity. The HPE OfficeConnect 1920S switches are ideal for open offices that require silent operation or businesses making the transition from unmanaged to managed networks.

  • Page 11: Supported Features

    Supported Features HPE OfficeConnect 1920S switches include support for the following features: Feature HPE OfficeConnect 1920S Series Switch HTTP and HTTPS sessions 4 each, 8 total SNMPv1/v2c/v3 (r/w community) MAC table 16382 entries SNTP server configuration Time zones count Jumbo frame size...

  • Page 12: Getting Started

    1 Getting Started This chapter describes how to make the initial connections to the switch and provides an overview of the web interface. Connecting the Switch to a Network To enable remote management of the switch through a web browser, the switch must be connected to the network.

  • Page 13: Operating System And Browser Support

    Operating System and Browser Support The following operating systems and browsers with JavaScript enabled are supported: Operating System Browser Windows 7 Internet Explorer 9, 10 Firefox 38.2.1, 40.0.3, 41.0.b1 (beta) Chrome 44.0.2403, 45.0.2454, 46.0 (beta) Windows 8/8.1 Internet Explorer 11 (included in base OS 8.1) Firefox 38.2.1, 40.0.3, 41.0.b1 (beta) Chrome 44.0.2403, 45.0.2454, 46.0 (beta) Windows 10...

  • Page 14: Interface Layout And Features

    Interface Layout and Features Figure 2 shows the initial view. Figure 2. Interface Layout and Features Navigation Pane Graphical Switch Common Links Click on any topic in the navigation pane to display related configuration options. The Dashboard page displays when you first log on and when you click Dashboard in the navigation pane.

  • Page 15: Common Page Elements

    Common Page Elements Most pages contain a common set of buttons that include one or more of the following:  Click on any page to display a help panel that explains the fields and configuration options on the page.  Click to send the updated configuration to the switch.

  • Page 16: Port Configuration And Summary

    Port Configuration and Summary You can point to any port to display the following information about the port:  The link status (up or down).  Auto negotiation status.  The maximum transmission unit (MTU), which is the largest packet size that can be transmitted on the port.

  • Page 17: Dashboard

    2 Dashboard You can use the Dashboard page to display and configure basic information about the system. The Dashboard page displays basic information such as the configurable switch name and description, the IP address for management access, and the software and operating system versions. This page also shows resource usage statistics.
  • Page 18 If you update the name, location, or contact information, click Apply to update the switch configuration. Your changes take effect immediately but are not retained across a switch reset unless you click Save Configuration. Table 1. Dashboard Page Fields Field Description System Information A description of the switch hardware, including the hardware type, software version, operating...

  • Page 19: Setup Network

    3 Setup Network You can use the Setup Network pages to configure how a management computer connects to the switch, to setup system time settings, and to manage switch administrator accounts and passwords. Get Connected Use the Get Connected page to configure settings for the network interface. The network interface is defined by an IP address, subnet mask, and gateway.
  • Page 20 Table 2. Get Connected Fields Field Description Network Details Internet Protocol Address Select whether to configure the IPv4 or IPv6 information for the switch. The rest of the fields in the Network Details section depend on the option you select. IPv4 Network Details Protocol Type Select the type of network connection:...
  • Page 21 Field Description HTTP Management Access HTTP Admin Mode Enables or disables the HTTP administrative mode. When enabled, the device can be accessed through a web browser using the HTTP protocol. HTTP Port The TCP port number on which the HTTP server listens for requests. Existing HTTP login sessions are closed whenever this value is changed.

  • Page 22: Https Configuration

    NOTE: A power cycle does not reset the IP address to its factory-default value. If the configured IP address is unknown, you can perform a manual reset to factory defaults to regain access to the switch (see “Factory Defaults” on page 195).
  • Page 23 Field Description Maximum Number of HTTPS The maximum number of HTTPS sessions that can be connected to the device Sessions simultaneously. Certificate Status The status of the SSL certificate generation process.  Present – The certificate has been generated and is present on the device ...

  • Page 24: System Time

    System Time Pages You click Setup Network > System Time to display the web pages for configuring the system clock, SNTP client functionality, system time zone, and daylight saving time settings. System Time The System Time page displays the current time, time zone, and Daylight Saving Time settings, and enables you to configure the time display format.

  • Page 25: Time Configuration

    Field Description Time Zone Time Zone The currently set time zone. The default is (GMT) Greenwich Mean Time: Dublin, Edinburgh, Lisbon, London. Acronym The acronym for the time zone, if one is configured on the system (e.g., PST, EDT). Daylight Saving Time Daylight Saving Time Shows whether Daylight Saving Time (DST) is enabled and the mode of operation: ...
  • Page 26 Figure 8. Time Configuration Page Table 5. Time Configuration Fields Field Description Set System Time Select Using Simple Network Time Protocol (SNTP) to configure the switch to acquire its time settings from an SNTP server. When selected, only the SNTP Configuration fields are available for configuration.

  • Page 27: Time Zone Configuration

    Field Description Last Update Status The status of the last update request to the SNTP server, which can be one of the following values:  Other—None of the following values apply or no message has been received.  Success—The SNTP operation was successful and the system time was updated. ...

  • Page 28: Daylight Saving Time Configuration

    Daylight Saving Time Configuration The Daylight Saving Time Configuration page is used to configure if and when Daylight Saving Time (DST) occurs within your time zone. When configured, the system time adjusts automatically one hour forward at the start of the DST period, and one hour backward at the end. To display the Daylight Saving Time page, click Setup Network >...
  • Page 29 Table 7. Daylight Saving Time Configuration Fields Field Description Daylight Saving Time Select how DST will operate:  Disable—No clock adjustment will be made for DST. This is the default selection.  Recurring—The settings will be in effect for the upcoming period and subsequent years. ...

  • Page 30: User Accounts

    User Accounts By default, the switch contains only the admin user account, which has read/write privileges. Click Setup Network > User Accounts to display the web pages to add switch management users, change user settings, or remove users. Configuration If you log on to the switch with a user account with read/write privileges (i.e., as admin), you can use the User Accounts Configuration page to assign passwords and set security parameters for the default accounts.

  • Page 31: Adding A User Account

    Adding a User Account To add a new user account: From the User Accounts Configuration page, click Add. Configure the settings for the new user. Field Description User Name Enter the name you want to give to the new account. (You can only enter data in this field when you are creating a new account.) User names are up to 32 alphanumeric characters in length and are not case sensitive.

  • Page 32: Changing User Account Information

    Changing User Account Information You cannot change the name of an existing user, but you can change the password, privilege, and password settings. To change user information, select the username with the information to change and click Edit. Update the fields as needed, and click Apply. Figure 13.

  • Page 33: Sessions

    Sessions The Sessions page identifies the users that are logged in to the management interface of the device. The page also provides information about their connections. To display this page, click Setup Network > User Accounts in the navigation pane and click the Ses- sions tab.

  • Page 34: Password Manager

    Password Manager Use this page to configure rules for locally-administered passwords. The rules you set determine the strength of local passwords that device users can associate with their usernames. The strength of a password is a function of length, complexity, and randomness. To display the Password Manager page, click Setup Network >...
  • Page 35 Field Description Lockout Attempts After a user fails to log in this number of times, the user is locked out until the password is reset by the administrator. Password Complexity Strength Check Enable or disable the password strength check feature. Enabling this feature forces the user to configure passwords that comply with the strong password configuration specified in the following fields.

  • Page 36: Switching Features

    4 Switching Features You can use the Switching pages to configure port operation and various Layer 2 features and capabil- ities. Port Configuration You can use the Port Configuration pages to display port status, configure port settings, and view sta- tistics on packets transmitted on the port.
  • Page 37 Field Description Physical Mode The port speed and duplex mode. If the mode is Auto, the port's maximum capabilities are advertised, and the duplex mode and speed are set from the auto-negotiation process. The physical mode for a trunk is reported as “LAG.” Physical Status Indicates the port speed and duplex mode for physical interfaces.

  • Page 38: Modifying Interface Settings

    Field Description Unicast Storm Recovery Specifies the unicast storm control mode and threshold for the port. Unicast storm control Level limits the amount of unicast frames accepted and forwarded by the switch. If the unicast traffic on the Ethernet port exceeds the configured threshold, the system blocks (discards) the unicast traffic.

  • Page 39: Port Summary Statistics

    Port Summary Statistics The Port Summary Statistics page displays statistics on packets transmitted and received on each port or trunk. These statistics can be used to identify potential problems with the switch. The displayed val- ues are the accumulated totals since the last clear operation. To display the Port Summary Statistics page, click Switching >...

  • Page 40: Port Mirroring

    Port Mirroring Port Mirroring is used to monitor the network traffic that one or more ports send and receive. The Port Mirroring feature creates a copy of the traffic that the source interface handles and sends it to a desti- nation port.

  • Page 41: Configuring A Port Mirroring Session

    Table 13. Port Mirroring Fields Field Description Session ID The port mirroring session ID. Up to four port mirroring sessions are allowed. Mode The administrative mode for the selected port mirroring session. If the mode is disabled, the configured source is not mirroring traffic to the destination. Destination Port The switch port to which packets will be mirrored.

  • Page 42: Configuring A Port Mirroring Source

    Configuring a Port Mirroring Source NOTE: If an interface participates in some VLAN and is a LAG member, this VLAN cannot be assigned as a source VLAN for a Monitor session. At the same time, if an interface participates in some VLAN and this VLAN is assigned as a source VLAN for a Monitor session, the interface can be assigned as a LAG member.

  • Page 43: Configuring The Port Mirroring Session Destination

    Configuring the Port Mirroring Session Destination NOTE: A port will be removed from a VLAN or LAG when it becomes a destination mirror. From the Port Mirroring page, select the Session ID for of the port mirroring session to configure. Click Configure Destination to display the Destination Configuration page.

  • Page 44: Port Mirroring Summary

    Port Mirroring Summary The Port Mirroring Summary page displays summary information for all port mirroring sessions. To dis- play the Port Mirroring Summary page, click Switching > Port Mirroring in the navigation pane and click the Summary tab. Figure 23. Port Mirroring Summary Page Table 14.

  • Page 45: Flow Control

    Flow Control When a port becomes congested, it may begin dropping all traffic for small bursts of time during the congestion condition. This can lead to high-priority and/or network control traffic loss. When 802.3x flow control is enabled, a lower-speed switch can communicate with a higher-speed switch by request- ing that the higher-speed switch refrain from sending packets.

  • Page 46: Spanning Tree

    HPE OfficeConnect 1920S series switches support STP versions IEEE 802.1D (STP), and 802.1w (Rapid STP, or RSTP). RSTP reduces the convergence time for network topology changes to about 3 to 5 seconds from the 30 seconds or more for the IEEE 802.1D STP standard.
  • Page 47 Table 15. Spanning Tree Switch Configuration Fields Field Description Spanning Tree Bridge Configuration Spanning Tree Admin Mode The administrative mode of STP on the device. When enabled, the device participates in the root bridge election process and exchanges Bridge Protocol Data Units (BPDUs) with other switches in the spanning tree to determine the root path costs and maintain topology information.

  • Page 48: Spanning Tree Mstp Summary

    Spanning Tree MSTP Summary Multiple Spanning Tree Protocol (MSTP) allows the creation of MSTIs based upon a VLAN or groups of VLANs. Configuring MSTIs creates an active topology with a better distribution of network traffic and an increase in available bandwidth when compared to classic STP. To display the Spanning Tree MSTP Summary page, click Switching >...

  • Page 49: Spanning Tree Mstp Port Summary

    Spanning Tree MSTP Port Summary To display the Spanning Tree MSTP Port Summary page, click Switching > Spanning Tree in the navigation pane, and then click the MSTP Port tab. Figure 27. Spanning Tree MSTP Port Summary Page Table 17. Spanning Tree MSTP Port Summary Fields Field Description MSTP ID...

  • Page 50: Viewing Mstp Port Details Or Editing Mstp Port Settings

    Field Description Port Priority The priority for the port within the MSTI. This value is used in determining which port on a switch becomes the root port when two ports have the same least-cost path to the root. The port with the lower priority value becomes the root port. If the priority values are the same, the port with the lower interface index becomes the root port.
  • Page 51 Field Description Port Priority The priority for the port within the MSTI. This value is used in determining which port on a switch becomes the root port when two ports have the same least-cost path to the root. The port with the lower priority value becomes the root port. If the priority values are the same, the port with the lower interface index becomes the root port.

  • Page 52: Cst Configuration

    CST Configuration Use the Spanning Tree CST Configuration page to configure the Common Spanning Tree (CST) set- tings. The settings and information on this page define the device within the spanning tree topology that connects all STP/RSTP bridges and MSTP regions. To display the CST Configuration page, click Switching >...
  • Page 53 Field Description BPDU Guard When enabled, BPDU Guard can disable edge ports that receive BPDU packets. This prevents a new device from entering the existing STP topology. Thus devices that were originally not a part of STP are not allowed to influence the STP topology. BPDU Filter When enabled, this feature filters the BPDU traffic on the edge ports.

  • Page 54: Cst Port Summary

    CST Port Summary Use the CST Port Summary page to view and configure the Common Spanning Tree (CST) settings for each interface on the device. To configure CST settings for an interface and to view additional informa- tion about the interface's role in the CST topology, select the interface to view or configure and click Edit.

  • Page 55: Viewing Cst Port Details Or Editing Cst Port Settings

    Field Description Port Priority The priority for the port within the CST. This value is used in determining which port on a switch becomes the root port when two ports have the same least-cost path to the root. The port with the lower priority value becomes the root port. If the priority values are the same, the port with the lower interface index becomes the root port.
  • Page 56 Table 21. Spanning Tree MSTP Port Edit and Details Fields Field Description Interface The port or link aggregation group (LAG) associated with the rest of the data in the row. When configuring CST settings for an interface, this field identifies the interface being configured. Port Priority The priority for the port within the CST.
  • Page 57 Field Description Designated Bridge The bridge ID of the bridge with the designated port. Designated Port The port ID of the designated port. Topology Change Indicates whether the next BPDU to be transmitted for this port will have the topology change Acknowledge acknowledgment flag set.

  • Page 58: Spanning Tree Statistics

    Spanning Tree Statistics Use the Spanning Tree Statistics page to view information about the number and type of bridge proto- col data units (BPDUs) transmitted and received on each port. To display the Spanning Tree Statistics page, click Switching > Spanning Tree in the navigation pane, and click the Statistics tab.

  • Page 59: Auto Recovery Configuration

    Auto Recovery Configuration The switch supports Auto Recovery for BPDU Guard, BPDU Rate Limiting, and Storm Control. A switch port will be placed into a diagnostically disabled state when defined error conditions are met. The error conditions that cause a port to be placed into the diagnostically disabled state are as follows: ...
  • Page 60 Table 23. Auto Recovery Configuration Fields Field Description Auto Recovery Parameters Recovery Time This configures the Auto Recovery time interval. The Auto Recovery time interval is common for BPDU Guard and BPDU Rate Limit. The default value of the timer is 300 seconds and the range is from 30 to 86400 seconds.

  • Page 61: Loop Protection

    Loop Protection Loops on a network consume resources and can degrade network performance. Detecting loops man- ually can be very cumbersome and time consuming. The HPE OfficeConnect 1920S series switch soft- ware provides an automatic loop protection feature. When loop protection is enabled on the switch and on one or more interfaces (ports or trunks), the interfaces send loop protection protocol data units (PDUs) to the multicast destination address 09:00:09:09:13:A6.

  • Page 62: Loop Protection Configuration

    Table 24. Loop Protection Status Fields Field Description Interface The port or trunk ID. Loop Protection Indicates whether the feature is administratively enabled or disabled on the port. Loop Protection is disabled by default. Configured Action Taken The action that is set to occur when a loop is detected on the port with loop protection enabled: ...

  • Page 63: Configuring Loop Protection Settings On Interfaces

    Table 25. Loop Protection Configuration Global Fields Field Description Loop Protection Select Enabled or Disabled to administratively enable or disable this feature globally on the switch. This feature is disabled by default. Transmission Time The interval at which the switch sends loop protection PDUs on interfaces that are enabled to send them.
  • Page 64 Table 26. Edit Loop Protection Port Configuration Fields Field Description Interface The port or ports that are being configured. Loop Protection Select Enabled or Disabled to administratively enable or disable this feature on the selected interfaces. By default, this feature is disabled on all interfaces. Note that loop protection can be enabled on static trunks, but cannot be enabled on trunks that are dynamically formed through LACP.

  • Page 65: Igmp Snooping

    IGMP Snooping Internet Group Management Protocol (IGMP) snooping allows a device to forward multicast traffic intelligently. Multicast IP traffic is traffic that is destined to a host group. Host groups are identified by class D IP addresses, which range from 224.0.0.0 to 239.255.255.255. Based on the IGMP query and report messages, the switch forwards traffic only to the ports that request the multicast traffic.

  • Page 66: Snmp

    SNMP Simple Network Management Protocol (SNMP) provides a method for managing network devices. The device supports SNMP version 1, SNMP version 2, and SNMP version 3. SNMP v1 and v2 The SNMP agent maintains a list of variables, which are used to manage the device. The variables are defined in the Management Information Base (MIB).

  • Page 67: Snmp Community Configuration

    SNMP Community Configuration Access rights are managed by defining communities on the SNMP Community Configuration page. When the community names are changed, access rights are also changed. SNMP Communities are defined only for SNMP v1 and SNMP v2. Use the SNMP Community Configuration page to enable SNMP and Authentication notifications. To display the Community Configuration page, click Switching >...

  • Page 68: Adding An Snmp Community Or Community Group

    Adding an SNMP Community or Community Group To add a new SNMP community, click Add Community. The Add New Community screen appears. Figure 39. Add SNMP Community Page Configure the community fields and click Apply. To add a new SNMP community group, click Add Community Group. The Add New Community Group screen appears.

  • Page 69: Snmp V1/V2 Trap Receivers

    SNMP v1/v2 Trap Receivers Use the SNMP v1/v2 Trap Receivers page to configure settings for each SNMPv1 or SNMPv2 man- agement host that will receive notifications about traps generated by the device. The SNMP manage- ment host is also known as the SNMP trap receiver. To access the Trap Receiver v1/v2 Configuration page, click Switching >...

  • Page 70: Removing An Snmp V1/V2 Trap Receiver

    Figure 42. Add SNMP v1/v2 Host Page Configure the required fields and click Apply. Note that the Reties and Timeout Value fields are avail- able only if the selected Notify Type is Inform. Removing an SNMP v1/v2 Trap Receiver To remove an SNMP v1/v2 trap receiver, select each item to delete and click Remove. You must con- firm the action before the entries are removed from the page.

  • Page 71: Adding An Snmp V3 Trap Receiver

    Table 30. SNMP v3Trap Receivers Fields Field Description Host IP Address The IP address of the SNMP management host that will receive traps generated by the device. User Name The name of the SNMP user that is authorized to receive the SNMP notification. Notify Type The type of SNMP notification to send the SNMP management host: ...

  • Page 72: Removing An Snmp V3 Trap Receiver

    Configure the required fields and click Apply. Note that the Reties and Timeout Value fields are avail- able only if the selected Notify Type is Inform. Removing an SNMP v3 Trap Receiver To remove an SNMP v3trap receiver, select each item to delete and click Remove. You must confirm the action before the entries are removed from the page.

  • Page 73: Adding An Snmp Access Control Group

    Field Description SNMP Version The SNMP version associated with the group. Security Level The security level associated with the group, which is one of the following:  No Auth No Priv – No authentication and no data encryption (no security). This is the only Security Level available for SNMPv1 and SNMPv2 groups.

  • Page 74: User Security Model

    User Security Model The User Security Model page provides the capability to configure the SNMP V3 user accounts. To access the User Security Model page, click System > Advanced Configuration > SNMP > User Security Model in the navigation menu. Figure 47.

  • Page 75: Adding An Snmp V3 User

    Field Description Privacy Specifies the privacy protocol to be used on encrypted messages on behalf of the specified user. This parameter is only valid if the value in the Authentication Method field is not None.  None - No privacy protocol will be used. ...

  • Page 76: Snmp View Entry

    SNMP View Entry Use the SNMP View Entry page to configure SNMP views. These SNMP views allow network manag- ers to control access to different parts of the MIB hierarchy permitting or denying access to objects. Once configured, views are associated to access control groups to complete access privileges. To access the SNMP View Entry page, click System >...

  • Page 77: Adding An Snmp View

    Adding an SNMP View To add an SNMP view, click Add. The Add New SNMP User screen appears. Figure 50. Add New View Configure the required fields and click Apply Removing an SNMP View To remove one or more SNMP views, select each view to delete and click Remove. Only user-config- ured views can be removed.

  • Page 78: Virtual Lan

    VLAN ID. A given port may handle traffic for more than one VLAN, but it can only sup- port one default VLAN ID. HPE OfficeConnect 1920S series switches support up to 256 VLANs. Viewing VLAN Status and Adding VLANs Use the VLAN Status page to view information on VLANs currently defined on the switch and to add and edit VLAN information.

  • Page 79: Adding Vlans

    The following information displays for each VLAN: Table 34. VLAN Configuration Fields Field Description VLAN ID The numerical VLAN identifier (VID) assigned to the VLAN, from 1 to 4093. Note: VLAN 0 (VID = 0x000 in a frame) is reserved and is used to indicate that the frame does not belong to any VLAN.

  • Page 80: Changing A Vlan Name

    Changing a VLAN Name When you create a VLAN, a default name is automatically assigned in the form VLANnnnn, where nnnn is the VLAN number with preceding zeros as needed. To change the VLAN name, select it on the VLAN Status page and click Edit. Figure 53.
  • Page 81 Table 35. VLAN Port Membership Fields Field Description VLAN ID Select the VLAN ID for which you want to view interface memberships. Interface The port or trunk ID. Participation The participation mode of the interface in the selected VLAN, which is one of the following: ...

  • Page 82: Vlan Port Configuration

    VLAN Port Configuration Use the VLAN Port Configuration page to configure the way interfaces handle VLAN-tagged, priority- tagged, and untagged traffic. To view this page, click VLANs > VLAN Port Configuration in the navi- gation pane. Figure 55. VLAN Port Configuration Page Table 36.

  • Page 83: Auto Voice Vlan Configuration

    Auto Voice VLAN Configuration The voice VLAN feature enables switch ports to carry voice traffic with defined settings so that voice and data traffic are separated when coming onto the port. A voice VLAN ensures that the sound quality of an IP phone is safeguarded from deterioration when data traffic on the port is high. The inherent isolation provided by VLANs ensures that inter-VLAN traffic is under management control and that network-attached clients cannot initiate a direct attack on voice components.
  • Page 84 Field Description CoS Override Mode The Class of Service override mode:  Enabled – The port ignores the 802.1p priority value in the Ethernet frames it receives from connected devices.  Disabled – The port trusts the priority value in the received frame. Voice VLAN Interface Mode Indicates how an IP phone connected to the port should send voice traffic: ...

  • Page 85: Trunks

    6 Trunks Trunks allow for the aggregation of multiple full-duplex Ethernet links into a single logical link. Network devices treat the aggregation as if it were a single link, which increases fault tolerance and provides load sharing capability. A trunk interface can be either static or dynamic: ...

  • Page 86: Trunk Configuration

    Trunk Configuration You can use the Trunk Configuration page to view and edit trunks. The number of trunks on the system is fixed, and all trunks are disabled by default. You can enable, disable, and edit settings for each trunk. Click Trunk > Trunk Configuration in the navigation pane. Figure 57.

  • Page 87: Modifying Trunk Settings

    Modifying Trunk Settings To modify a trunk, select it and click Edit. The Edit Existing Trunk page displays: Figure 58. Edit Existing Trunk Page You can define the trunk name, administratively enable and disable the trunk, and select between static and dynamic mode, as described in Table 38 on page 86.

  • Page 88: Trunk Statistics

    Note the following considerations when configuring trunks and trunk members:  All ports in a trunk must have the same full-duplex speed.  Loop protection is supported on static trunks, but not on dynamic trunks. If loop protection is enabled on a static trunk that is now being changed to a dynamic trunk, loop protection will be dis- abled on the trunk.

  • Page 89: Link Layer Discovery Protocol (Lldp And Lldp-Med)

    7 Link Layer Discovery Protocol (LLDP and LLDP-MED) LLDP is a standardized discovery protocol defined by IEEE 802.1AB. It allows stations residing on a LAN to advertise major capabilities, physical descriptions, and management information to other devices on the network. A network management system (NMS) can access and display this informa- tion.
  • Page 90 You can configure the following global settings: Table 41. LLDP Global Configuration Fields Field Description Transmit Interval Specify the time between transmission of LLDPDUs. The range is from 5 to 32768 seconds and the default is 30 seconds. Transmit Hold Multiplier Specify the multiplier value on the transmit interval, which is used to compute the time-to-live (TTL) value associated with LLDPDUs.

  • Page 91: Lldp Local Device Summary

    Figure 61. Edit LLDP Interface Select a box to enable the associated feature. Clear a box to disabled the associated feature. To modify settings on all interfaces, click Edit All. LLDP Local Device Summary Use the LLDP Local Device Summary page to view LLDP information for switch interfaces. To display this page, click LLDP >...

  • Page 92: Displaying Port Details

    If all LLDP functions are disabled on an interface, then it does not appear in the table. Table 43. LLDP Local Device Summary Fields Field Description Local Device Summary Chassis ID The hardware platform identifier for the device. Chassis ID Subtype The type of information used to identify the chassis.

  • Page 93: Lldp Remote Device Summary

    LLDP Remote Device Summary Page Table 45. LLDP Remote Device Summary Fields Field Description Interface The HPE OfficeConnect 1920S interface that received the LLDP data from the remote system. Remote ID The identifier assigned to the remote system that sent the LLDPDU. Chassis ID The hardware platform ID for the remote system.

  • Page 94: Lldp Global Statistics

    Field Description Capabilities Supported The capabilities on the remote device. The possible capabilities include other, repeater, bridge, WLAN AP, router, telephone, DOCSIS cable device, and station. Capabilities Enabled The capabilities on the remote device that are enabled. System ID The reported management IP or MAC addresses of the remote device. LLDP Global Statistics The Link Layer Discovery Protocol (LLDP) Statistics page displays summary and per-port information for LLDP and LLDP-MED frames transmitted and received on the switch.
  • Page 95 Field Description Age Outs The number of times the complete set of information advertised by a particular MSAP has been deleted from tables associated with the remote systems because the information timeliness interval has expired. Time Since Last Update Time when an entry was created, modified, or deleted in the tables associated with the remote system.

  • Page 96: Lldp-Med Global Configuration

    LLDP-MED is enabled. The default is 3. Device Class The device's MED classification. The HPE OfficeConnect 1920S switch is classified as a Network Connectivity device. If you change the Fast Start Repeat Count, click Apply to save any changes for the current boot ses- sion.
  • Page 97 The switch waits for the LLDP-MED device to advertise its information before the switch transmits its own LLDP-MED TLVs, at which point the operational status becomes enabled. Transmitted TLVs The LLDP-MED TLV(s) that the interface transmits. The HPE OfficeConnect 1920S switch, can transmit TLVs of the following types:  Capabilities ...

  • Page 98: Lldp-Med Local Device Summary

    LLDP-MED Local Device Summary Use the LLDP-MED Local Device Summary to view the information that is advertised by the switch interfaces when they are enabled for LLDP-MED. To display this page, click LLDP-MED > Local Devices in the navigation pane. Figure 68.

  • Page 99: Lldp-Med Remote Device Summary

    LLDP-MED Remote Device Summary Use the LLDP-MED Remote Device Summary page to view information about the remote devices the local system has learned through the LLDP-MED data units received on its interfaces. Information is available about remote devices only if an interface receives an LLDP-MED data unit from a device. To display this page, click LLDP-MED >...

  • Page 100: Displaying Remote Device Details

    Displaying Remote Device Details To view additional information about a remote device, select the interface that received the LLDP-MED data and click Details. Figure 70. LLDP-MED Remote Device Information Page The following additional fields appear on the LLDP-MED Remote Device Information page: Field Description Capability Information...
  • Page 101 Field Description Network Policy Information This section describes the information in the network policy TLVs received in the LLDP-MED frames on this interface. Media Application Type The media application type received in the TLV from the remote device. The application types are unknown, voicesignaling, guestvoice, guestvoicesignalling, softphonevoice, videoconferencing, streammingvideo, vidoesignalling.

  • Page 102: Power Over Ethernet

    8 Power Over Ethernet NOTE: The information in this chapter is valid only for the HPE OfficeConnect 1920S switches that support PoE. The switches that do not have PoE ports do not include the web pages this chapter describes. Power Over Ethernet (PoE) functionality is supported on certain HPE OfficeConnect 1920S switch models, enabling designated switch ports to provide power to connected devices.

  • Page 103: Poe Configuration

    PoE Configuration Use the PoE Configuration page to view global PoE settings. To display this page, click Power Over Ethernet > Configuration in the navigation pane. Figure 71. PoE Configuration Page Table 52. PoE Configuration Fields Field Description PoE Power Status The current status of the switch PoE functionality.

  • Page 104: Poe Port Configuration

    PoE Port Configuration You can use the PoE Port Configuration page to administratively enable or disable PoE on ports that support it and to configure the port priority and other settings. To display this page, click Power Over Ethernet > Port Configuration in the navigation pane. Figure 72.

  • Page 105: Modifying Port Poe Settings

    Field Description Power Detect Type The PD detection mechanism performed by the PSE port. Possible value are:  Dot3af/at—The 4-point detection scheme defined in IEEE 802.3af is used. This is the default option.  Dot3af/at + Pre-Standard—The 4-point detection scheme defined in IEEE 802.3af is used.

  • Page 106: Viewing Poe Port Details

    Viewing PoE Port Details To view additional PoE configuration information for a port, select the port and click Details. Figure 74. PoE Port Details Page Table 54. PoE Port Details Fields Field Description Interface The port number. High Power Indicates whether high power mode is enabled or disabled. When enabled, the port supports the PoE+ power standard, which allows for providing up to 30W of power.

  • Page 107: Poe Port Schedule

    PoE Port Schedule You can configure schedules for the allocation of power to PoE ports. Two built-in schedules, Schedule 1 and Schedule 2, are available for configuration. Schedules consist of one or more time periods when PoE power is to be supplied. Time periods can be periodic or absolute.

  • Page 108: Configuring An Absolute Time Period

    Configuring an Absolute Time Period To configure an absolute schedule, select the schedule from the Schedule list and click Add Abso- lute. Figure 76. Add Absolute Time Period Page Table 56. Add Absolute Time Period Fields Field Description Schedule The schedule to be configured. Start Time Select this option to configure values for the Start Date and the Starting Time of Day fields.

  • Page 109: Adding A Periodic Time Period

    Adding a Periodic Time Period To configure a periodic schedule, select the schedule from the Schedule list and click Add Periodic. NOTE: Periodic time periods cannot overlap. Consecutive periodic time periods must be at least three min- utes apart. Figure 77. Add Periodic Time Period Page Table 57.

  • Page 110: Routing

    9 Routing You can use the Routing pages to configure Layer 3 features and capabilities. Routing IP Interface Summary This page shows summary information about the routing configuration for all interfaces. To view addi- tional routing configuration information for an interface, select the interface with the settings to view and click Details.
  • Page 111 Field Description Proxy ARP Indicates whether proxy ARP is enabled or disabled on the interface. When proxy ARP is enabled, the interface can respond to an ARP request for a host other than itself. An interface can act as an ARP proxy if it is aware of the destination and can route packets to the intended host, which is on a different subnet than the host that sent the ARP request.

  • Page 112: Global Routing Ip Configuration

    Global Routing IP Configuration Use the Routing IP Configuration page to configure global routing settings on the device. Routing pro- vides a means of transmitting IP packets between subnets on the network. Routing configuration is necessary only if the device is used as a Layer 3 device that routes packets between subnets. If the device is used as a Layer 2 device that handles switching only, it typically connects to an external Layer 3 device that handles the routing functions;...
  • Page 113 Field Description Static Route Preference The default distance (preference) for static routes. Lower route-distance values are preferred when determining the best route. Changing the Static Route Preference does not update the preference of existing static routes. Local Route Preference The default distance (preference) for local routes. Maximum Next Hops The maximum number of hops supported by the switch.

  • Page 114: Routing Ip Vlan/Interface Configuration

    Routing IP VLAN/Interface Configuration Use the Routing IP VLAN/Interface Configuration page to configure the IP routing settings for each interface. To display the page, click Routing > Configuration in the navigation pane and click the VLAN/Inter- face Configuration tab. Figure 80. Routing IP VLAN/Interface Configuration Page Table 61.
  • Page 115 Field Description Status Indicates whether the interface is currently capable of routing IP packets (Up) or cannot route packets (Down). For the status to be Up, the routing mode and administrative mode for the interface must be enabled. Additionally, the interface must have an IP address and be physically up (active link).

  • Page 116: Routing Ip Statistics

    Field Description Destination Unreachables When this option is selected, the interface is allowed to send ICMP Destination Unreachable message to a host if the intended destination cannot be reached for some reason. If this option is clear, the interface will not send ICMP Destination Unreachable messages to inform the host about the error in reaching the intended destination.
  • Page 117 Table 62. Routing IP Statistics Fields Field Description IpInReceives The total number of input datagrams received from interfaces, including those received in error. IpInHdrErrors The number of input datagrams discarded due to errors in their IP headers, including bad checksums, version number mismatch, other format errors, time-to-live exceeded, errors discovered in processing their IP options, etc.
  • Page 118 Field Description IcmpInErrors The number of ICMP messages which the entity received but determined as having ICMP- specific errors (bad ICMP checksums, bad length, etc.). IcmpInDestUnreachs The number of ICMP Destination Unreachable messages received. IcmpInTimeExcds The number of ICMP Time Exceeded messages received. IcmpInParmProbs The number of ICMP Parameter Problem messages received.

  • Page 119: Ipv4 Routing

    IPv4 Routing The pages under the IPv4 Routing allow you to configure and display route tables. IP Route Summary The IP Route Summary page displays summary information about the entries in the IP routing table. To display the IP Route Summary page, click Routing > IPv4 Routing in the navigation pane, and ensure that the Status tab is selected.

  • Page 120: Configured Route Summary

    Field Description Route Adds The number of routes that have been added to the routing table. Route Modifies The number of routes that have been changed after they were initially added to the routing table. Route Deletes The number of routes that have been deleted from the routing table. Unresolved Route Adds The number of route adds that failed because none of the route's next hops were on a local subnet.

  • Page 121: Adding A Static Route

    Table 64. Configured Route Summary Fields Field Description Network Address The IP route prefix for the destination. Subnet Mask Also referred to as the subnet/network mask, this indicates the portion of the IP interface address that identifies the attached network. Next Hop IP Address The next hop router address to use when forwarding traffic to the destination.

  • Page 122: Route Table

    Route Table The route table manager collects routes from multiple sources: static routes and local routes. The route table manager may learn multiple routes to the same destination from multiple sources. The route table lists all routes. The best routes table displays only the most preferred route to each destination. To display the Route Table page, click Routing >...

  • Page 123: Dhcp Relay

    DHCP Relay HPE OfficeConnect 1920S switches can be used to relay packets between a DHCP client and server on different subnets. The switch acts as an L3 relay agent and must have an IP interface on the client subnets and, if it does not have an IP interface on the server’s subnet, it should be able to route traffic toward the server’s subnet.

  • Page 124: Adding A Dhcp Server

    Adding a DHCP Server To add a DHCP server to which packets are relayed: Click Add. The Add DHCP Relay Global Configuration page appears. Figure 87. Add DHCP Relay Global Configuration Page Specify the IP address of the DHCP server. Click Apply.

  • Page 125: Adding A Dhcp Server

    Table 67. DHCP Relay VLAN/Interface Configuration Fields Field Description Interface The routing interface that has the DHCP relay feature configured. UDP Destination Port The destination UDP port number of UDP packets to be relayed. Server Address The IPv4 address of the server to which packets are relayed for the specific UDP Destination Port.

  • Page 126: Dhcp Relay Statistics

    DHCP Relay Statistics Use the DHCP Relay Statistics page to add, view, or delete the DHCP relay configuration on a selected routing interface. To display the DHCP Relay Statistics page, click Routing > DHCP Relay in the navigation pane and click the Statics tab.

  • Page 127: Configuring Arp

    Configuring ARP The ARP protocol associates a layer 2 MAC address with a layer 3 IPv4 address. HPE OfficeConnect 1920S software features both dynamic and manual ARP configuration. With manual ARP configura- tion, you can statically add entries into the ARP table.

  • Page 128: Arp Table Summary

    ARP Table Summary Use the ARP Table Summary page to add an entry to the Address Resolution Protocol (ARP) table and to view existing entries. To display the ARP Table Summary page, click Routing > ARP in the navigation pane, and ensure that the Status tab is selected.

  • Page 129: Adding A Static Arp Entry

    Adding a Static ARP Entry To add a static ARP entry: Click Add. The Add Static ARP Entry dialog box opens. Figure 92. Add Static ARP Entry Page Specify the IP address and its associated MAC address. Click Apply. Removing an ARP Entry To delete one or more ARP entries, select each entry to delete and click Remove.

  • Page 130: Arp Table Configuration

    ARP Table Configuration Use this page to change the configuration parameters for the Address Resolution Protocol Table. To display the ARP Table Configuration page, click Routing > ARP in the navigation pane, and then click Configuration. Figure 93. ARP Table Configuration Page Table 70.

  • Page 131: Arp Table Statistics

    ARP Table Statistics Use this page to view information about the number and type of entries in the system ARP table. The ARP table contains entries that map IP addresses to MAC addresses. To display the ARP Table Statistics page, click Routing > ARP in the navigation pane, and then click Statistics.

  • Page 132: Quality Of Service (Qos)

    HPE OfficeConnect 1920S switches support IPv4 and MAC ACLs. The maximum number of ACLs (IPv4 and MAC) is 50. ACLs are applied per interface, and each interface supports a maximum of 10 rules.

  • Page 133: Adding An Acl

    Table 72. Access Control List Summary Fields Field Description ACL Identifier The name or number that identifies the ACL. The permitted identifier depends on the ACL type. Standard and Extended IPv4 ACLs use numbers within a set range, and Named IPv4 and MAC ACLs use alphanumeric characters.

  • Page 134: Removing An Acl

    Click Apply. Removing an ACL To delete one or more ACLs, select each entry to delete and click Remove. Access Control List Configuration Use this page to configure rules for the existing Access Control Lists (ACLs) on the system and to view summary information about the rules that have been added to an ACL.

  • Page 135: Adding A Rule To A Standard Ipv4 Acl

    Field Description ACL Type The type of ACL. The ACL type determines the criteria that can be used to match packets. The type also determines which attributes can be applied to matching traffic. IPv4 ACLs classify Layer 3 and Layer 4 IPv4 traffic and MAC ACLs classify Layer 2 traffic. The ACL types are as follows: ...
  • Page 136 Figure 98. Add Standard IPv4 ACL Page Specify a sequence number to indicate the position of a rule within the ACL. Specify the action for the rule:  Permit – The packet or frame is forwarded.  Deny – The packet or frame is dropped. Specify the match criteria and rule attributes shown in Table Click Apply...

  • Page 137: Adding A Rule To An Extended Or Named Ipv4 Acl

    Field Description Rule Attributes Assign Queue The number that identifies the hardware egress queue that will handle all packets matching this rule. Interface The interface to use for the action:  Redirect – Allows traffic that matches a rule to be redirected to the selected interface instead of being processed on the original port.
  • Page 138 Figure 99. Add Extended or Named IPv4 ACL Page Specify a sequence number to indicate the position of a rule within the ACL. Specify the action for the rule:  Permit – The packet or frame is forwarded.  Deny – The packet or frame is dropped. Specify the match criteria and rule attributes shown in Table Click Apply...
  • Page 139 Table 75. Extended or Named IPv4 ACL Match Criteria Field Description Match Criteria Every When this option is selected, all packets will match the rule and will be either permitted or denied. This option is exclusive to all other match criteria, so if Every is selected, no other match criteria can be configured.

  • Page 140: Adding A Rule To An Extended Mac Acl

    Field Description Service Type The service type to match in the IP header. The options in this menu are alternative ways of specifying a match condition for the same Service Type field in the IP header, but each service type uses a different user notation. After you select the service type, specify the value for the service type in the appropriate field.
  • Page 141 Figure 100. Add MAC ACL Page Specify a sequence number to indicate the position of a rule within the ACL. Specify the action for the rule:  Permit – The packet or frame is forwarded.  Deny – The packet or frame is dropped. Specify the match criteria and rule attributes shown in Table Click Apply...
  • Page 142 Field Description Source MAC Address / The MAC address to match to an Ethernet frame's source port MAC address. If desired, enter Mask the MAC Mask associated with the source MAC to match. The MAC address mask specifies which bits in the source MAC to compare against an Ethernet frame. Use F's and zeros in the MAC mask, which is in a wildcard format.

  • Page 143: Access Control List Interface Summary

    Access Control List Interface Summary Use this page to associate one or more ACLs with one or more interfaces on the device. When an ACL is associated with an interface, traffic on the port is checked against the rules defined within the ACL until a match is found.

  • Page 144: Removing An Association Between An Acl And An Interface

    Figure 102. Access Control List Interface Configuration Page Select one or more interfaces to associate with the ACL. To select multiple interfaces, Ctrl + click each interface, or Shift + click a contiguous set of inter- faces. Specify a sequence number or leave the field blank to let the switch assign the sequence number. Select the ID of the ACL to associate with the interface or interfaces.

  • Page 145: Associating An Acl With A Vlan

    Table 78. Access Control List VLAN Summary Fields Field Description VLAN ID The ID of the VLAN associated with the rest of the data in the row. When associating a VLAN with an ACL, use this field to select the desired VLAN. Direction Indicates whether the packet is checked against the rules in an ACL when it is received on a VLAN (Inbound) or after it has been received, routed, and is ready to exit a VLAN (Outbound).

  • Page 146: Access Control List Statistics

    Access Control List Statistics Use this page to display the statistical information about the packets forwarded or discarded by the port that matches the configured rules within an Access Control List (ACL). Each ACL rule is configured to match one or more aspects of traffic on the network. When a packet matches the conditions in a rule, the counter associated with the rule gets incremented, until it reaches the rollover value of the counter.

  • Page 147: Configuring Class Of Service

    Field Description Rule Attributes Each action — beyond the basic Permit and Deny actions — to perform on the traffic that matches the rule. Hit Count Indicates the number of packets that match the configured rule in an ACL. If a rule is configured without rate limit, then the hit count is the number of matched packets forwarded or discarded by the port.

  • Page 148: Configuring 802.1P Cos Mapping On An Interface

    Figure 106. 802.1p CoS Mapping Configuration Page Table 80. 802.1p CoS Mapping Configuration Fields Field Description Interface The interface associated with the rest of the data in the row. The Global entry represents the common settings for all interfaces, unless specifically overridden individually. Priority The heading row lists each 802.1p priority value (0–7), and the data in the table shows which traffic class is mapped to the priority value.

  • Page 149: Dscp Cos Global Mapping Configuration

    Figure 107. Edit 802.1p Priority Mapping Page Specify the traffic class to map to the 802.1p priority value for the interface or interfaces identified in the Interface field. Click Apply to update the switch configuration. Your changes take effect immediately but are not retained across a switch reset unless you click Save Configuration.
  • Page 150 Figure 108. DSCP CoS Global Mapping Configuration Page Table 81. DSCP CoS Global Mapping Configuration Fields Field Description IP DSCP Values Lists the IP DSCP values to which you can map an internal traffic class. The values range from 0-63. Traffic Class The traffic class is the hardware queue for a port.

  • Page 151: Cos Trust Configuration

    CoS Trust Configuration Use the CoS Trust Configuration page to apply an interface shaping rate to all ports or to a specific port. To display the CoS Trust Configuration page, click QoS > Class of Service in the navigation pane, and then click the Interfaces tab.

  • Page 152: Cos Interface Queue Configuration

    Figure 110. Edit Interface Configuration Page Specify the trust mode and shaping rate for all interfaces identified in the Interface field. Click Apply to update the switch configuration. Your changes take effect immediately but are not retained across a switch reset unless you click Save Configuration.

  • Page 153: Configuring Cos Queue Settings

    Table 83. CoS Interface Queue Configuration Fields Field Description Interface Specifies the interface (physical, LAG, or Global) to configure. Total Minimum Bandwidth Shows the sum of individual Minimum Bandwidth values for all queues in the interface. The Allocation sum cannot exceed the defined maximum of 100. This value is considered while configuring the Minimum Bandwidth for a queue in the selected interface.

  • Page 154: 11 Security

    11 Security The HPE OfficeConnect 1920S series switch software includes a robust set of built-in security features to secure access to the switch management interface and to protect the network. Advanced Security Configuration The HPE OfficeConnect 1920S switches include Denial-of-Service (DoS) and ICMP (ping) protection features on the Advanced Security page to help protect against various high-volume traffic scenarios or malicious attacks.
  • Page 155 Table 84. Advanced Security Configuration Fields Field Description Auto DoS Features Auto DoS Enable this option to enable all the DoS prevention mechanisms with default values. Enabling this feature makes all the fields in the remainder of the table inaccessible (grayed-out). When disabled, you can individually turn on and off the DoS features and change their default values.

  • Page 156: Radius Settings

    Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for networks. The HPE OfficeConnect 1920S switch includes a RADIUS client that can contact one or more RADIUS servers for various Authentication and Accounting (AAA) services. The RADIUS server maintains a centralized database that contains per-user information.
  • Page 157 Field Description Max Number of The maximum number of times the RADIUS client on the device will retransmit a request Retransmits packet to a configured RADIUS server after a response is not received. If multiple RADIUS servers are configured, the max retransmit value will be exhausted on the first server before the next server is attempted.

  • Page 158: Adding A Radius Server

    Adding a RADIUS Server To add a RADIUS server to the switch configuration: Click Add. The Add RADIUS Server page appears. Figure 115. Add RADIUS Server Page Specify the required information about the RADIUS server. Click Apply to update the switch configuration. Your changes take effect immediately but are not retained across a switch reset unless you click Save Configuration.

  • Page 159: Removing A Radius Server

    Update the RADIUS server information as needed. The IP address of an existing RADIUS server cannot be changed. Click Apply to update the switch configuration. Your changes take effect immediately but are not retained across a switch reset unless you click Save Configuration.
  • Page 160 Field Description Timeouts The number of times a response was not received from the server within the configured timeout value. Packets Dropped The number of RADIUS packets received from the server on the authentication port and dropped for some other reason. To view additional information about a RADIUS server, select the server with the information to view and click Details.

  • Page 161: Radius Accounting Server Status

    RADIUS Accounting Server Status The RADIUS Accounting Server Status page shows summary information about the accounting serv- ers configured on the system. To access the RADIUS Accounting Server Status page, click Security > RADIUS in the navigation pane, and then click the Accounting Server tab. Figure 118.

  • Page 162: Adding A Radius Accounting Server

    Adding a RADIUS Accounting Server To add a RADIUS accounting server to the switch configuration: Click Add. The Add RADIUS Accounting Server page appears. Figure 119. Add RADIUS Accounting Server Page Specify the required information about the RADIUS accounting server. Click Apply to update the switch configuration.

  • Page 163: Removing A Radius Accounting Server

    Your changes take effect immediately but are not retained across a switch reset unless you click Save Configuration. Removing a RADIUS Accounting Server To delete one or more RADIUS accounting servers, select each entry to delete and click Remove. RADIUS Accounting Server Statistics Use the RADIUS Accounting Server Statistics page to view statistical information for each RADIUS server configured on the system.
  • Page 164 To view additional information about a RADIUS accounting server, select the server with the informa- tion to view and click Details. The following table describes the additional RADIUS accounting server information that the RADIUS Accounting Server Detailed Statistics page shows. Table 90.

  • Page 165: Port Access Control

    Port Access Control In port-based authentication mode, when 802.1X is enabled globally and on the port, successful authentication of any one supplicant attached to the port results in all users being able to use the port without restrictions. At any given time, only one supplicant is allowed to attempt authentication on a port in this mode.
  • Page 166 Figure 122. Port Access Control Configuration Page Table 91. Port Access Control Configuration Fields Field Description Global Port Access Control Fields Administrative Mode Select Enable or Disable 802.1x mode on the switch. The default is Disable. This feature permits port-based authentication on the switch. VLAN Assignment Mode If enabled, when a supplicant is authenticated by a authentication server, the port that the supplicant is connected to is placed in a particular VLAN specified by the RADIUS server.
  • Page 167 Field Description Monitor Mode The administrative mode of the Monitor Mode feature on the device. Monitor mode is a special mode that can be enabled in conjunction with port-based access control. Monitor mode provides a way for network administrators to identify possible issues with the port- based access control configuration on the device without affecting the network access to the users of the device.

  • Page 168: Configuring Port Access Control On An Interface

    Field Description Backend State The current state of the back-end authentication state machine, which is the 802.1X process that controls the interaction between the 802.1X client on the local system and the remote authentication server. The state can be one of the following: ...

  • Page 169: Save Configuration

    Figure 123. Edit Port Configuration Page Update the 802.1X settings on the interface. Table 92 describes the fields on the page. Click Apply to update the switch configuration. Your changes take effect immediately but are not retained across a switch reset unless you click Save Configuration.
  • Page 170 Field Description Authenticator Options The fields in this section can be changed only when the selected port is configured as an authenticator port (that is, the PAE Capabilities field is set to Authenticator. Control Mode The port-based access control mode on the port, which is one of the following: ...

  • Page 171: Viewing Per-Port 802.1X Details

    Field Description Supplicant Options The fields in this section can be changed only when the selected port is configured as a supplicant port (that is, the PAE Capabilities field is set to Supplicant). Control Mode The port-based access control mode on the port, which is one of the following: ...

  • Page 172: Port Access Control Statistics

    Port Access Control Statistics Use this page to view information about the Extensible Authentication Protocol over LAN (EAPOL) frames and EAP messages sent and received by the local interfaces. To view additional per-interface EAPOL and EAP message statistics, select the interface with the information to view and click Details. To access the Port Access Control Statistics page, click Security >...
  • Page 173 Field Description Port Access Control Details The following information describes the additional fields that appear in the Details window. The fields this window displays depend on whether the interface is configured as an authenticator or supplicant, as noted in the applicable field descriptions. EAPOL Start Frames The total number of EAPOL-Start frames received on the interface.

  • Page 174: Port Access Control Client Summary

    Port Access Control Client Summary This page displays information about supplicant devices that are connected to the local authenticator ports. If there are no active 802.1X sessions, the table is empty. To view additional information about a supplicant, select the interface it is connected to and click Details. To access the Port Access Control Client Summary page, click Security >...

  • Page 175: Port Access Control History Log Summary

    Port Access Control History Log Summary Use this page to grant or deny port access to users configured on the system. To change the access control privileges for one or more ports, select each interface to configure and click Edit. The same settings are applied to all selected interfaces.

  • Page 176: Configuring Protected Ports

    Configuring Protected Ports A port that is a member of a protected ports group is a protected port. A port that is not a member of any protected ports group is an unprotected port. Each port can be a member of only one protected ports group.

  • Page 177: Editing A Protected Ports Group

    Figure 128. Add Protected Port Group Page Specify a name for the protected ports group. Select one or more available interface and click the > arrow to move the selected interface or inter- faces to the Selected Interfaces field. To select multiple interfaces, Ctrl + click each interface or use Shift + click to select a contiguous range of interfaces.

  • Page 178: Storm Control

    Storm Control The Storm Control feature protects against conditions where incoming packets flood the LAN, causing network performance degradation. The software includes Storm Control protection for unicast traffic with an unknown destination, and for broadcast and multicast traffic. Storm control provides the possibility of disabling an interface on which a storm is detected to prevent unnecessary congestion in the network.
  • Page 179 Table 97. Storm Control Configuration Fields Field Description Storm Control Features Storm Control Enable or disable storm control on the switch. Auto Recovery Parameters Auto Recovery Configures the administrative mode of the Storm Control auto recovery feature. Recovery Time The Storm Control auto recovery time interval. The default value of the timer is 300 seconds, and the range is from 30 to 86400 seconds.

  • Page 180: 12 Green Features

    12 Green Features The green features on the switch are Energy Efficient Ethernet (EEE) technologies, as defined by the IEEE 802.3az task force. These features are designed to reduce per-port power usage by shutting down ports when no link is present or when activity is low. Green Features Configuration To display the Green Features configuration page, click Green Features >...

  • Page 181: Eee Status

    EEE Status When EEE is enabled, you can use the EEE status page to view estimated power savings and power consumption information. This page also displays status information for each interface. To display the EEE status page, click Green Features > EEE Status in the navigation pane. Figure 131.
  • Page 182 Field Description Wakeup Time Negotiated Indicates whether the EEE wakeup time is negotiated with the link partner (Yes or No). by LLDP Rx Wakeup time The Rx wakeup time in effect for the port, if negotiated by LLDP (otherwise, a dash displays). Tx Wakeup time The Tx wakeup time in effect for the port, if negotiated by LLDP (otherwise, a dash displays).

  • Page 183: 13 Diagnostics

    13 Diagnostics You can use the Diagnostics pages to help troubleshoot network issues, view log and configuration information, reboot the switch, and reset the HPE OfficeConnect 1920S series switch to factory defaults. Buffered Log The log messages that the switch generates in response to events, faults, errors, and configuration changes are stored locally on the switch in the RAM (cache).

  • Page 184: Crash Log

    The following information displays in the Buffered Log table. Table 100.Buffered Log Fields Field Description Log Index The log number. Log Time Time at which the log was entered in the table. Severity The severity level associated with the log message. The severity can be one of the following: ...

  • Page 185: Log Configuration

    Log Configuration The HPE OfficeConnect 1920S series switch software supports logging system messages to the buff- ered log file or forwarding messages over the network using the Syslog protocol. Syslog messages can be captured by a designated host on the network that is running a Syslog daemon. You can use the Log Configuration page to configure buffered log and Syslog settings.
  • Page 186 Figure 134. Log Configuration Page Table 101.Log Configuration Fields Field Description Buffered Log Configuration Buffered Logging Enables or disables logging system events to the buffered log. This feature is enabled by default. Severity Filter Specify type of system messages logged using the Buffered Logging Level setting: ...

  • Page 187: Ping

    Ping A ping request is an Internet Control Message Protocol (ICMP) echo request packet. The switch sup- ports both ICMP for sending ping requests to IPv4 addresses and ICMPv6 for sending ping requests to IPv6 addresses. Ping IPv4 Use the Ping IPv4 page to send one or more ping requests from the switch to a specified IPv4 address. You can use the ping request to check whether the switch can communicate with a particular host on an IP network.

  • Page 188: Ping Ipv6

    Field Description Source IP The source IP address to use when sending a ping request. This field is enabled when IP Address is Address selected as the source option. Interface The interface to use when sending a ping request. This field is enabled when Interface is selected as the source option.
  • Page 189 Table 103.Ping IPv6 Fields Field Description Ping Select either a global IPv6 address or a link local address to ping. A global address is routable over the Internet, while a link-local address is intended for communication only within the local network. Link local addresses have a prefix of fe80::/64.

  • Page 190: Traceroute

    Traceroute Traceroute is a diagnostic tool that provides information about the route a packet takes from the switch to a specific IPv4 or IPv6 address as well as the amount of time it takes for the packet to reach its des- tination.
  • Page 191 Table 104.Traceroute IPv4 Fields Field Description IP Address The IP address of the system to attempt to reach. Probes Per Traceroute works by sending UDP packets with increasing Time-To-Live (TTL) values. Specify the number of probes sent with each TTL. MaxTTL The maximum Time-To-Live (TTL).

  • Page 192: Traceroute Ipv6

    Traceroute IPv6 Use this page to determine the Layer 3 path a packet takes from the device to a specific IPv6 address or hostname. When you initiate the traceroute command by clicking the Start button, the device sends a series of traceroute probes toward the destination. The results list the IP address of each Layer 3 device a probe passes through until it reaches its destination - or fails to reach its destination and is discarded.
  • Page 193 Field Description Port The UDP destination port number to be used in probe packets. The port number should be a port that the target host is not listening on, so that when the probe reaches the destination, it responds with an ICMP Port Unreachable message.

  • Page 194: Reboot Switch

    Reboot Switch Use this feature to perform a software reboot of the switch. If you applied configuration changes, click the Save Configuration button in the upper right of any page before rebooting. If the switch is config- ured to use DHCP to acquire its IP address, the address may change upon restart; you will need to determine the address before logging back in to the management utility.

  • Page 195: Factory Defaults

    Factory Defaults You can use the Reset Configuration page to restore all settings to their factory default values. All con- figuration changes, including those that were previously saved, are reset in the running system by this action.If the switch is configured to use DHCP to acquire its IP address, the address may change upon restart;...

  • Page 196: Support File

    Support File Use the support file page to display summary information for the switch on a single page. To display the Support File page, click Diagnostics > Support File in the navigation pane. Figure 142 shows a partial view of the page. Figure 142.

  • Page 197: Locator

     SNMP—Status and community configuration  Port Status and Port Summary Statistics—Port and trunk configuration details, summary, and sta- tistics  Trunk Configuration and Trunk Statistics—Trunk configuration details and flap count statistics  Flow Control and Storm Control Configuration—Enable/disable status ...

  • Page 198: Mac Table

    MAC Table The MAC address table keeps track of the Media Access Control (MAC) addresses associated with each port. This table enables the switch to forward unicast traffic through the appropriate port. The MAC address table is sometimes called the bridge table or the forwarding database. IMPORTANT: The address table supports up to 16K MAC address entires;...
  • Page 199 Field Description Interface Index The Interface Index of the MIB interface table entry associated with the source port. This value helps identify an interface when using SNMP to manage the switch. Status Provides information about the entry and why it is in the table. Possible values are the following: ...

  • Page 200: Maintenance

    14 Maintenance Pages You can use the maintenance pages to upgrade software, save the switch configuration, and select which of two software images is the active image and which is the backup image. Dual Image Configuration The switch can store up to two software images. One image is the active image and the other is the backup image (not actively running on the switch).

  • Page 201: Backup And Update Manager

    Backup and Update Manager The File Transfer page enables you to save a backup copy of the switch’s firmware image or configura- tion file on a local system or network directory and to update files on the switch by transferring newer files from a remote system.
  • Page 202 Figure 149. SFTP Backup File Page Configure the following settings: Table 108.TFTP, HTTP, and SFTP Backup File Fields Field Description File Type Select the type of file to back up from the switch to a remote system. You can back up the active or backup image, the system configuration file, the error log in persistent memory (also referred to as the event log), and the buffered log in RAM.

  • Page 203: Updating Files

    Updating Files To transfer a file from a remote system to the switch using HTTP, TFTP, or SFTP click in either row in the Update column. The HTTP Update, TFTP Update, or SFTP File Download page appears. To update a file using HTTP, configure the following information and click Begin Transfer. NOTE: Firmware upgrades can be performed on the backup code only.
  • Page 204 Field Description Digital Signature For the Backup Code, you can select this option to have the switch verify the file download Verification with a digital signature. Digital signature verification is applied to backup code only. Status Status information on the update process. Figure 151.
  • Page 205 To update a file using TFTP or SFTP, configure the following information and click Begin Transfer. Table 110.TFTP and SFTP Update File Fields Field Description File Type See the options in Table 109 on page 203. Server Address Enter the IP address or host name of the TFTP server. File Name Enter the path on the server where file is located followed by the filename.

  • Page 206: A Support And Other Resources

    Hewlett Packard Enterprise Support Center More Information on Access to Support Materials page: www.hpe.com/support/AccessToSupportMaterials NOTE:IMPORTANT: Access to some updates might require product entitlement when accessed through the Hewlett Packard Enterprise Support Center. You must have an HPE Passport set up with relevant entitlements. Page 206 Support and other resources...

  • Page 207: Websites

    Websites Website Link www.hpe.com/info/enterprise/docs Hewlett Packard Enterprise Information Library Hewlett Packard Enterprise Support Center www.hpe.com/support/hpesc Contact Hewlett Packard Enterprise Worldwide www.hpe.com/assistance Subscription Service/Support Alerts www.hpe.com/support/e-updates Software Depot www.hpe.com/support/softwaredepot Customer Self Repair www.hpe.com/support/selfrepair Insight Remote Support www.hpe.com/info/insightremotesupport/docs Serviceguard Solutions for HP-UX www.hpe.com/info/hpux-serviceguard-docs...

  • Page 208: Documentation Feedback

    Documentation Feedback ). When submitting your feedback, include the document title, part number, edi- docsfeedback@hpe.com tion, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.
  • Page 209 For important safety, environmental, and regulatory information, see Safety and Compliance Information for Server, Storage, Power, Networking, and Rack Products, available at www.hpe.com/support/Safety-Compliance-EnterpriseProducts. Warranty information HPE ProLiant and x86 Servers and Options ( http://www.hpe.com/support/ProLiantServers-Warranties HPE Enterprise Servers ( http://www.hpe.com/support/EnterpriseServers-Warranties HPE Storage Products ( http://www.hpe.com/support/Storage-Warranties...

This manual is also suitable for:

Officeconnect 1920s 48g seriesOfficeconnect 1920s 24g series

Table of Contents