ProCurve 2910al-24g Management And Configuration Manual
  1. Manuals
  2. Brands
  3. ProCurve Manuals
  4. Switch
  5. 2910al-24g
  6. Management and configuration manual

ProCurve 2910al-24g Management And Configuration Manual

2910al
Hide thumbs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
Table of Contents

Advertisement

Quick Links

2910al
ProCurve Switches
W.14.03
www.procurve.com
Management and
Configuration Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 2910al-24g and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for ProCurve 2910al-24g

Summary of Contents for ProCurve 2910al-24g

  • Page 1 Management and Configuration Guide 2910al ProCurve Switches W.14.03 www.procurve.com...
  • Page 3 HP ProCurve 2910al Switch February 2009 W.14.03 Management and Configuration Guide...
  • Page 4 J9146A HP ProCurve 2910al-48G-PoE+ Switch J9148A reliability of its software on equipment that is not furnished by Hewlett-Packard. HP ProCurve 2-Port 10-GbE SFP+ al Module J9008A HP ProCurve 2-Port 10-GbE CX4 al Module J9149A HP ProCurve 10-GbE al Interconnect Kit...

  • Page 5: Table Of Contents

    Contents Product Documentation About Your Switch Manual Set ......xxi Printed Publications......... . xxi Electronic Publications .
  • Page 6 ProCurve Manager Plus ........
  • Page 7 Using ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+) ....... 5-6 Tasks for Your First ProCurve Web Browser Interface Session .
  • Page 8 Entering a User Name and Password ..... . 5-11 Using a User Name ........5-11 If You Lose the Password .
  • Page 9 Operating Notes about Booting ......6-18 Boot and Reload Command Comparison ....6-19 Setting the Default Flash .
  • Page 10 Denying Interface Access by Terminating Remote Management Sessions ............7-9 System Information .
  • Page 11 Selecting a Time Synchronization Protocol or Turning Off Time Protocol Operation ..........9-3 General Steps for Running a Time Protocol on the Switch: .
  • Page 12 Configuring a Broadcast Limit on the Switch ....10-17 Configuring ProCurve Auto-MDIX ......10-18 Web: Viewing Port Status and Configuring Port Parameters .
  • Page 13 Disabling or Re-Enabling PoE Port Operation ....11-8 Configuring the PoE Port Priority Level ..... . . 11-8 Enabling Support for Pre-Standard Devices .
  • Page 14 Using the CLI To Configure a Static or Dynamic Trunk Group . . . 12-14 Web: Viewing Existing Port Trunk Groups ....12-17 Trunk Group Operation Using LACP .
  • Page 15 14 Configuring for Network Management Applications Contents ........... . . 14-1 Using SNMP Tools To Manage the Switch .
  • Page 16 Packet Boundaries in a Network Topology ....14-40 Configuration Options ........14-41 Options for Reading LLDP Information Collected by the Switch .
  • Page 17 CLI: TFTP Download from a Server to Flash ....A-7 Using Secure Copy and SFTP ....... . A-9 How It Works .
  • Page 18 TFTP: Uploading an ACL Command File from a TFTP Server A-31 Xmodem: Uploading an ACL Command File from a Serially Connected PC or UNIX Workstation ..... . A-33 USB: Uploading an ACL Command File from a USB Device .
  • Page 19 Web Access ......... . . B-11 Viewing Port and Trunk Group Statistics and Flow Control Status B-11 Menu Access to Port and Trunk Statistics .
  • Page 20 Radius-Related Problems ........C-17 Spanning-Tree Protocol (MSTP) and Fast-Uplink Problems ..C-18 SSH-Related Problems .
  • Page 21 Port Auto-Negotiation ........C-60 Ping and Link Tests .
  • Page 22 Displaying Current Resource Usage ......E-3 When Insufficient Resources Are Available ....E-6 F Daylight Savings Time on ProCurve Switches Index...

  • Page 23: Product Documentation

    Electronic Publications The latest version of each of the publications listed below is available in PDF format on the ProCurve Web site, as described in the Note at the top of this page. Installation and Getting Started Guide—Explains how to prepare for ■...
  • Page 24 Software Feature Index For the software manual set supporting your 2910al switch model, this feature index indicates which manual to consult for information on a given software feature. N o t e This Index does not cover IPv6 capable software features. For information on IPv6 protocol operations and features (such as DHCPv6, DNS for IPv6, Ping6, and MLD Snooping), refer to the IPv6 Configuration Guide.
  • Page 25 Intelligent Edge Software Manual Features Management Advanced Multicast and Access Traffic Routing Security Configuration Management Guide DHCP/Bootp Operation Diagnostic Tools Downloading Software Dynamic ARP Protection Dynamic Configuration Arbiter Eavesdrop Protection Event Log Factory Default Settings Flow Control (802.3x) File Management File Transfers Friendly Port Names Guaranteed Minimum Bandwidth (GMB)
  • Page 26 Management VLAN Monitoring and Analysis Multicast Filtering Multiple Configuration Files Network Management Applications (SNMP) OpenView Device Management Passwords and Password Clear Protection ProCurve Manager (PCM) Ping Port Configuration Port Monitoring Port Security Port Status Port Trunking (LACP) Port-Based Access Control (802.1X)
  • Page 27 Intelligent Edge Software Manual Features Management Advanced Multicast and Access Traffic Routing Security Configuration Management Guide RMON 1,2,3,9 Routing Routing - IP Static Secure Copy sFlow SFTP SNMPv3 Software Downloads (SCP/SFTP, TFPT, Xmodem) Source-Port Filters Spanning Tree (STP, RSTP, MSTP) SSHv2 (Secure Shell) Encryption SSL (Secure Socket Layer) Stack Management (3500yl/6200yl switches only)
  • Page 28 Intelligent Edge Software Manual Features Management Advanced Multicast and Access Traffic Routing Security Configuration Management Guide Voice VLAN Web Authentication RADIUS Support Web-based Authentication Web UI Xmodem xxvi...

  • Page 29: Contents

    Getting Started Contents Introduction ..........1-2 Conventions .

  • Page 30: Introduction

    For an overview of other product documentation for the above switches, refer to “Product Documentation” on page xi. You can download documenta­ tion from the ProCurve Networking web site, www.procurve.com. Conventions Configuration and Operation Examples Unless otherwise noted, examples using a particular switch model apply to all switch models covered by this guide.

  • Page 31: Command Prompts

    In the default configuration, your switch displays a CLI prompt similar to the following example: ProCurve 2910al# To simplify recognition, this guide uses ProCurve to represent command prompts for all switch models. For example: ProCurve# (You can use the hostname command to change the text in the CLI prompt.) Screen Simulations Displayed Text.

  • Page 32: Keys

    “Software Feature Index” on page xii. N o t e For the latest version of all ProCurve switch documentation referred to below, including Release Notes covering recently added features, visit the ProCurve Networking web site at www.procurve.com, click on Customer Care, and then click on Manuals.
  • Page 33 Getting Started Sources for More Information • port configuration, trunking, traffic control, and PoE operation • SNMP, LLDP, and other network management topics • file transfers, switch monitoring, troubleshooting, and MAC address management Advanced Traffic Management Guide—Use this guide for information on ■...

  • Page 34: Getting Documentation From The Web

    Click on Customer Care. Click on Manuals. Click on the product for which you want to view or download a manual. If you need further information on ProCurve switch technology, visit the ProCurve Networking web site at: www.procurve.com Online Help...

  • Page 35: Command Line Interface

    Figure 1-4. Help for Web Browser Interface N o t e To access the online Help for the ProCurve web browser interface, you need either ProCurve Manager (version 1.5 or greater) installed on your network or an active connection to the World Wide Web. Otherwise, Online help for the...

  • Page 36: Need Only A Quick Start?

    If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, ProCurve recommends that you use the Switch Setup screen to quickly configure IP addressing. To do so, do one of the following: Enter setup at the CLI Manager level prompt.

  • Page 37: Contents

    ProCurve Manager Plus ........

  • Page 38: Overview

    VLAN management. (ProCurve includes a copy of PCM+ in-box for a 30-day trial.) This manual describes how to use the menu interface (Chapter 3), the CLI (Chapter 4), the web browser interface (Chapter 5), and how to use these interfaces to configure and monitor the switch.

  • Page 39: Advantages Of Using The Menu Interface

    Selecting a Management Interface Advantages of Using the Menu Interface To use ProCurve Manager or ProCurve Manager Plus, refer to the Getting Started Guide and the Administrator’s Guide, which are available electron­ ically with the software for these applications. For more information, visit the ProCurve Networking web site at www.procurve.com.

  • Page 40: Advantages Of Using The Cli

    Provides more security; configuration information and passwords are ■ not seen on the network. Advantages of Using the CLI Prompt for Operator Level ProCurve> Prompt for Manager Level ProCurve# Prompt for Global Configuration ProCurve(config)# Level Prompt for Context ProCurve(<context>)#...

  • Page 41: Advantages Of Using The Web Browser Interface

    Selecting a Management Interface Advantages of Using the Web Browser Interface To perform specific procedures (such as configuring IP addressing or ■ VLANs), use the Contents listing at the front of the manual to locate the information you need. ■ For monitoring and analyzing switch operation, refer to Appendix B.

  • Page 42: Or Procurve Manager Plus

    Advantages of Using ProCurve Manager or ProCurve Manager Plus You can operate ProCurve Manager and ProCurve Manager Plus (PCM and PCM+) from a PC on the network to monitor traffic, manage your hubs and switches, and proactively recommend network changes to increase network uptime and optimize performance.

  • Page 43: Web Browser Interfaces

    Updates can be scheduled easily across large groups of devices, all at user-specified times. • Investment Protection: The modular software architecture of Pro- Curve Manager Plus will allow ProCurve to offer network administra­ tors add-on software solutions that complement their needs. Custom Login Banners for the Console and Web Browser Interfaces...

  • Page 44: Banner Operation With Telnet, Serial, Or Sshv2 Access

    Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus If a banner is configured, the banner page is displayed when you access the Web user interface. The default product registration information is not displayed as there is already a product registration prompt displayed in the Web user interface.

  • Page 45: Example Of Configuring And Displaying A Banner

    Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus Use show banner motd to display the current banner status. Syntax: banner motd < delimiter > no banner motd This command defines the single character used to termi­...
  • Page 46 Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus Figure 2-4. Example of Configuring a Login Banner To view the current banner configuration, use either the show banner motd or show running command. ProCurve(config)# show banner motd...

  • Page 47: Operating Notes

    Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus The next time someone logs onto the switch’s management CLI, the following appears: The login screen displays the configured banner. Entering a correct password clears the banner and displays the CLI prompt.
  • Page 48 Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus If the switch is configured with ssh version 1 or ssh version 1-or-2, ■ configuring the banner sets the SSH configuration to ssh version 2 and displays the following message in the CLI: Warning: SSH version has been set to v2.

  • Page 49: Contents

    Using the Menu Interface Contents Overview ........... . . 3-2 Starting and Ending a Menu Session .

  • Page 50: Overview

    Reboot the switch For a detailed list of menu features, see the “Menu Features List” on page 3-14. Privilege Levels and Password Security. ProCurve strongly recom­ mends that you configure a Manager password to help prevent unauthorized access to your network. A Manager password grants full read-write access to the switch.

  • Page 51: Starting And Ending A Menu Session

    Using the Menu Interface Starting and Ending a Menu Session N o t e If the switch has neither a Manager nor an Operator password, anyone having access to the console interface can operate the console with full manager privileges. Also, if you configure only an Operator password, entering the Operator password enables full manager privileges.

  • Page 52: How To Start A Menu Interface Session

    If no password has been configured, the CLI prompt appears. Go to the next step. 4. When the CLI prompt appears, display the Menu interface by entering the menu command. For example: ProCurve# menu [Enter] results in the following display:...

  • Page 53: How To End A Menu Session And Exit From The Console:

    Using the Menu Interface Starting and Ending a Menu Session Figure 3-1. Example of the Main Menu with Manager Privileges For a description of Main Menu features, see “Main Menu Features” on page 3­ N o t e To configure the switch to start with the menu interface instead of the CLI, go to the Manager level prompt in the CLI, enter the setup command, and in the resulting display, change the Logon Default parameter to Menu.
  • Page 54 Using the Menu Interface Starting and Ending a Menu Session Asterisk indicates a configuration change that requires a reboot to activate. Figure 3-2. Example Indication of a Configuration Change Requiring a Reboot 1. In the current session, if you have not made configuration changes that require a switch reboot to activate, return to the Main Menu and press (zero) to log out.

  • Page 55: Main Menu Features

    Using the Menu Interface Main Menu Features Main Menu Features ProCurve Switch 2-Jan-1990 0:00:44 ===========================- TELNET - MANAGER MODE -========================= Main Menu 1. Status and Counters... 2. Switch Configuration... 3. Console Passwords... 4. Event Log 5. Command Line (CLI) 6. Reboot Switch 7.
  • Page 56 Using the Menu Interface Main Menu Features Command Line (CLI): Selects the Command Line Interface at the same ■ level (Manager or Operator) that you are accessing in the Menu interface. (Refer to Chapter 4, “Using the Command Line Interface (CLI)”.) ■...

  • Page 57: Screen Structure And Navigation

    Using the Menu Interface Screen Structure and Navigation Screen Structure and Navigation Menu interface screens include these three elements: ■ Parameter fields and/or read-only information such as statistics Navigation and configuration actions, such as Save, Edit, and Cancel ■ ■ Help line to describe navigation options, individual parameters, and read- only data For example, in the following System Information screen:...
  • Page 58 Using the Menu Interface Screen Structure and Navigation Table 3-5. How To Navigate in the Menu Interface Task: Actions: Execute an action Use either of the following methods: from the “Actions –>” • Use the arrow keys ([<], or [>]) to highlight the action you want list at the bottom of to execute, then press [Enter].
  • Page 59 Using the Menu Interface Screen Structure and Navigation To get Help on individual parameter descriptions. In most screens there is a Help option in the Actions line. Whenever any of the items in the Actions line is highlighted, press , and a separate help screen is displayed. For example: Pressing [H] or highlighting Help and pressing [Enter] displays Help for the...

  • Page 60: Rebooting The Switch

    Using the Menu Interface Rebooting the Switch Rebooting the Switch Rebooting the switch from the menu interface ■ Terminates all current sessions and performs a reset of the operating system Activates any menu interface configuration changes that require a reboot ■...
  • Page 61 Using the Menu Interface Rebooting the Switch Rebooting To Activate Configuration Changes. Configuration changes for most parameters in the menu interface become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the .

  • Page 62: Menu Features List

    Using the Menu Interface Menu Features List Menu Features List Status and Counters • General System Information • Switch Management Address Information • Port Status • Port Counters • VLAN Address Table • Port Address Table Switch Configuration • System Information •...

  • Page 63: Where To Go From Here

    Turn to: To use the Run Setup option Refer to the Installation and Getting Started Guide for your switch, available on the Procurve web site at www.procurve.com. To view and monitor switch status and Appendix B, “Monitoring and Analyzing Switch counters Operation”...
  • Page 64 Using the Menu Interface Where To Go From Here 3-16...

  • Page 65: Contents

    Using the Command Line Interface (CLI) Contents Overview ........... . . 4-2 Accessing the CLI .

  • Page 66: Overview

    Using the Command Line Interface (CLI) Overview Overview The CLI is a text-based command interface for configuring and monitoring the switch. The CLI gives you access to the switch’s full set of commands while providing the same password protection that is used in the web browser interface and the menu interface.

  • Page 67: Privilege Levels At Logon

    In the above case, you will enter the CLI at the level corresponding to the password you provide (operator or manager). If no passwords are set when you log onto the CLI, you will enter at the Manager level. For example: ProCurve# _...

  • Page 68: Privilege Level Operation

    Using the CLI C a u t i o n ProCurve strongly recommends that you configure a Manager password. If a Manager password is not configured, then the Manager level is not password- protected, and anyone having in-band or out-of-band access to the switch may be able to reach the Manager level and compromise switch and network security.

  • Page 69: Manager Privileges

    Manager prompt. For example: Enter config at the Manager prompt. ProCurve# config ProCurve(config)#_ The Global Config prompt. Context Configuration level: Provides all Operator and Manager priv­ ■ ileges, and enables you to make configuration changes in a specific context, such as one or more ports or a VLAN.
  • Page 70 Using the CLI Table 4-1. Privilege Level Hierarchy Privilege Example of Prompt and Permitted Operations Level Operator Privilege Operator Level ProCurve> show < command > View status and configuration information. setup ping < argument > Perform connectivity tests. link-test < argument >...

  • Page 71: How To Move Between Levels

    Using the Command Line Interface (CLI) Using the CLI How To Move Between Levels Change in Levels Example of Prompt, Command, and Result Operator level > enable ProCurve Password:_ Manager level enable After you enter , the Password prompt appears. After you enter the...

  • Page 72: Listing Commands And Command Options

    Using the Command Line Interface (CLI) Using the CLI For example, if you use the menu interface to configure an IP address of “X” for VLAN 1 and later use the CLI to configure a different IP address of “Y” for VLAN 1, then “Y”...
  • Page 73 [Tab] (with no spaces allowed). For example, at the Global Configuration level, if you press [Tab] immediately after typing “t”, the CLI displays the available command options that begin with “t”. For example: ProCurve(config)# t [Tab] tacacs-server telnet-server time timesync...

  • Page 74: Listing Command Options

    CLI completes the current word (if you have typed enough of the word for the CLI to distinguish it from other possibilities), including hyphenated exten­ sions. For example: ProCurve(config)# port- [Tab] ProCurve(config)# port-security _ Pressing after a completed command word lists the further options for [Tab] that command.

  • Page 75: Displaying Cli "Help"

    Using the Command Line Interface (CLI) Using the CLI Displaying CLI “Help” CLI Help provides two types of context-sensitive information: ■ Command list with a brief summary of each command’s purpose Detailed information on how to use individual commands ■ Displaying Command-List Help.
  • Page 76 Note that trying to list the help for an individual command from a privilege level that does not include that command results in an error message. For example, trying to list the help for the interface command while at the global configuration level produces this result: ProCurve# speed-duplex help Invalid input: speed-duplex 4-12...

  • Page 77: Configuration Commands And The Context Configuration Modes

    Port or Trunk-Group Context. Includes port- or trunk-specific commands that apply only to the selected port(s) or trunk group, plus the global config­ uration, Manager, and Operator commands. The prompt for this mode includes the identity of the selected port(s): ProCurve(config)# interface c3-c6 ProCurve(eth-C5-C8)# ProCurve(config)# interface trk1 ProCurve(eth-Trk1)#...
  • Page 78 Using the Command Line Interface (CLI) Using the CLI In the port context, the first block of commands in the “?” listing show the context-specific commands that will affect only ports C3-C6. The remaining commands in the listing are Manager, Operator, and context commands.
  • Page 79 VLAN ID of the selected VLAN. For example, if you had already configured a VLAN with an ID of 100 in the switch: ProCurve(config)# vlan 100 Command executed at configuration level to enter VLAN 100 context. ProCurve(vlan-100)# Resulting prompt showing VLAN 100 context.

  • Page 80: Cli Control And Editing

    When command-str is specified, the most recent command whose name matches the specified string is executed. ProCurve(config)# show history show arp show flash Executes the show arp command again. ProCurve(config)# redo 2...
  • Page 81 Repeats the command for the number of times specified. delay: The command repeats execution after a delay for the number of seconds specified. For example: ProCurve(config)# repeat 1-4,7-8,10 count 2 delay 3 ProCurve(config)# show history show ver show ip...

  • Page 82: Cli Editing Shortcuts

    Using the Command Line Interface (CLI) CLI Editing Shortcuts CLI Editing Shortcuts Keystrokes Function [Ctrl] [A] Jumps to the first character of the command line. or [<] Moves the cursor back one character. [Ctrl] [B] [Ctrl] [C] Terminates a task and displays the command prompt. [Ctrl] [D] Deletes the character at the cursor.

  • Page 83: Contents

    Using ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+) ....... 5-5 Tasks for Your First ProCurve Web Browser Interface Session .
  • Page 84 Using the ProCurve Web Browser Interface Contents 5-2...

  • Page 85: Overview

    Command Prompt or changing the Web Agent Enabled parameter setting to No (page 7-4). For information on operating system, browser, and Java versions for the switches covered in this guide, go to the ProCurve Networking web site at www.procurve.com and: Click on: Technical support...

  • Page 86: General Features

    Using the ProCurve Web Browser Interface General Features General Features The web browser interface includes these features: Switch Identity and Status: • General system data • Software version • Redundant Management Module software version • IP address • Status Overview •...

  • Page 87: Interface Session With The Switch

    Location or Address field instead of the IP address. Using DNS names typically improves browser performance. Contact your network adminis­ trator to enquire about DNS names associated with your ProCurve switch. Type the IP address (or DNS name) of the switch in the browser Location or Address (URL) field and press .

  • Page 88: Procurve Manager Plus (Pcm+)

    Using ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+) ProCurve Manager and ProCurve Manager Plus are designed for installation on a network management workstation. For this reason, the system require­ ments are different from the system requirements for accessing the switch’s web browser interface from a non-management PC or workstation.
  • Page 89 Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Switch First time install alert Figure 5-1. Example of Status Overview Screen...

  • Page 90: Tasks For Your First Procurve Web Browser Interface Session

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Tasks for Your First ProCurve Web Browser Interface Session The first time you access the web browser interface, there are three tasks you should perform: ■...

  • Page 91: In The Browser Interface

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session This window is the launching point for the basic configuration you need to perform to set web browser interface passwords for maintaining security and a fault detection policy, which determines the types of messages that the Alert Log displays.
  • Page 92 Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Figure 5-3.The Device Passwords Window To set the passwords: 1. Access the Device Passwords screen by one of the following methods: • If the Alert Log includes a “First Time Install” event entry, double click on this event, then, in the resulting display, click on the secure access to the device link.

  • Page 93: Entering A User Name And Password

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Entering a User Name and Password Figure 5-4. Example of the Password Prompt in the Web Browser Interface The manager and operator passwords are used to control access to all switch interfaces.

  • Page 94: Online Help For The Web Browser Interface

    Context-sensitive help is provided for the screen you are on. N o t e To access the online Help for the ProCurve web browser interface, you need either ProCurve Manager (version 1.5 or greater) installed on your network or an active connection to the World Wide Web. Otherwise, Online help for the web browser interface will not be available.

  • Page 95: Support/Mgmt Urls Feature

    Support tab. The default is the URL for the ProCurve Networking home page. – The URL of a PCM (ProCurve Network Manager) workstation or other server for the online Help files for this web browser interface. (The default setting accesses the switch’s browser-based Help on the ProCurve World Wide...

  • Page 96: Support Url

    As an alternative, you can replace the ProCurve URL with the URL for a local site used for logging reports on network performance or other support activ­...

  • Page 97: Using The Pcm Server For Switch Web Help

    Figure 5-7. How To Access Web Browser Interface Online Help Using the PCM Server for Switch Web Help For ProCurve devices that support the “Web Help” feature, you can use the PCM server to host the switch help files for devices that do not have HTTP access to the ProCurve Support Web site.
  • Page 98 Using the ProCurve Web Browser Interface Support/Mgmt URLs Feature 3. Add an entry, or edit the existing entry in the Discovery portion of the global properties (globalprops.prp) in PCM to redirect the switches to the help files on the PCM server. For example:...

  • Page 99: Status Reporting Features

    Using the ProCurve Web Browser Interface Status Reporting Features Status Reporting Features Browser elements covered in this section include: The Overview window (below) ■ ■ Port utilization and status (page 5-18) ■ The Alert log (page 5-21) The Overview Window The Overview Window is the home screen for any entry into the web browser interface.The following figure identifies the various parts of the screen.

  • Page 100: The Port Utilization And Status Displays

    Using the ProCurve Web Browser Interface Status Reporting Features The Port Utilization and Status Displays The Port Utilization and Status displays show an overview of the status of the switch and the amount of network activity on each port. The following figure shows a sample reading of the Port Utilization and Port Status.
  • Page 101 Using the ProCurve Web Browser Interface Status Reporting Features Maximum Activity Indicator: As the bars in the graph area change ■ height to reflect the level of network activity on the corresponding port, they leave an outline to identify the maximum activity level that has been observed on the port.

  • Page 102: Port Status

    Using the ProCurve Web Browser Interface Status Reporting Features Port Status Port Status Indicators Legend Figure 5-12. The Port Status Indicators and Legend The Port Status indicators show a symbol for each port that indicates the general status of the port. There are four possible statuses: Port Connected –...

  • Page 103: The Alert Log

    Using the ProCurve Web Browser Interface Status Reporting Features The Alert Log The web browser interface Alert Log, shown in the lower half of the screen, shows a list of network occurrences, or alerts, that were detected by the switch. Typical alerts are Broadcast Storm, indicating an excessive number of broadcasts received on a port, and Problem Cable, indicating a faulty cable.

  • Page 104: Alert Types And Detailed Views

    Using the ProCurve Web Browser Interface Status Reporting Features Alert Types and Detailed Views As of June, 2007, the web browser interface generates the following alert types: • Auto Partition • High collision or drop rate • Backup Transition • Loss of Link •...
  • Page 105 Using the ProCurve Web Browser Interface Status Reporting Features Figure 5-14. Example of Alert Log Detail View 5-23...

  • Page 106: Setting Fault Detection Policy

    Using the ProCurve Web Browser Interface Status Reporting Features Setting Fault Detection Policy One of the powerful features in the web browser interface is the Fault Detection facility. For your switch, this feature controls the types of alerts reported to the Alert Log based on their level of severity.
  • Page 107 Never. Disables the Alert Log and transmission of alerts (traps) to the ■ management server (in cases where a network management tool such as ProCurve Manager is in use). Use this option when you don’t want to use the Alert Log. The Fault Detection Window also contains three Change Control Buttons: Apply Changes.
  • Page 108 Using the ProCurve Web Browser Interface Status Reporting Features 5-26...

  • Page 109: Contents

    Switch Memory and Configuration Contents Overview ........... . . 6-3 Configuration File Management .
  • Page 110 Switch Memory and Configuration Contents Changing or Overriding the Reboot Configuration Policy ..6-28 Managing Startup-Config Files in the Switch ....6-30 Renaming an Existing Startup-Config File .

  • Page 111: Overview

    Switch Memory and Configuration Overview Overview This chapter describes: ■ How switch memory manages configuration changes How the CLI implements configuration changes ■ ■ How the menu interface and web browser interface implement configu­ ration changes ■ How the switch provides software options through primary/secondary flash images How to use the switch’s primary and secondary flash options, including ■...
  • Page 112 This allows you to test the change without making it “permanent”. When you are satisfied that the change is satisfactory, you can make it permanent by executing the command. For example, write memory suppose you use the following command to disable port 5: ProCurve(config)# interface ethernet 5 disable...
  • Page 113 ProCurve(config)# write memory If you use the CLI to make a configuration change and then change from the CLI to the Menu interface without first using write memory to save the change to the startup-config file, then the switch prompts you to save the change.

  • Page 114: Using The Cli To Implement Configuration Changes

    Switch Memory and Configuration Using the CLI To Implement Configuration Changes Using the CLI To Implement Configuration Changes The CLI offers these capabilities: Access to the full set of switch configuration features ■ ■ The option of testing configuration changes before making them perma­ nent How To Use the CLI To View the Current Configuration Files.
  • Page 115 ProCurve(config)# interface e a5 speed-duplex auto-10 After you are satisfied that the link is operating properly, you can save the change to the switch’s permanent configuration (the startup-config file) by...
  • Page 116 For example: Disables port 1 in the running configuration, which causes port 1 to block all traffic. ProCurve(config)# interface e 1 disable ProCurve(config)# boot Device will be rebooted, do you want to continue [y/n]? y Press [Y] to continue the rebooting process.

  • Page 117: Configuration Changes

    Syntax: erase startup-config For example: ProCurve(config)# erase startup-config Configuration will be deleted and device rebooted, continue [y/n]? Figure 6-3. Example of erase startup-config Command Press to replace the current configuration with the factory default config­...

  • Page 118: Menu: Implementing Configuration Changes

    Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Menu: Implementing Configuration Changes You can use the menu interface to simultaneously save and implement a subset of switch configuration changes without having to reboot the switch. That is, when you save a configuration change in the menu interface, you simultane­...

  • Page 119: Rebooting From The Menu Interface

    Reboot Switch option is not available if you log on in Operator mode; that is, if you enter an Operator password instead of a manager password at the password prompt.) ProCurve Switch 2-Jan-1990 0:00:44 ===========================- TELNET - MANAGER MODE -=========================== Main Menu 1.

  • Page 120: Web: Implementing Configuration Changes

    Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes If configuration changes requiring a reboot have been made, the switch displays an asterisk (*) next to the menu item in which the change has been made.

  • Page 121: Using Primary And Secondary Flash Image Options

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options Using Primary and Secondary Flash Image Options The switches covered in this guide feature two flash memory locations for storing switch software image files: ■ Primary Flash: The default storage for a switch software image. ■...
  • Page 122 Switch Memory and Configuration Using Primary and Secondary Flash Image Options For example, if the switch is using a software version of W.14.XX stored in Primary flash, show version produces the following: ProCurve(config)# show version Image stamp: /su/code/build/info(s01) Jun 01 2008 10:50:26 W.14.XX...

  • Page 123: Switch Software Downloads

    W.14.02 W.14.02 in primary flash. Boot Image: Primary ProCurve(config)# boot system flash secondary Device will be rebooted, do you want to continue [y/n]? y 2. After the boot system command, show version indicates that version W.14.01 is in secondary ProCurve>...

  • Page 124: Local Switch Software Replacement And Removal

    If you want to remove an unwanted software version from flash, ProCurve recommends that you do so by overwriting it with the same software version that you are using to operate the switch, or with another acceptable software version.
  • Page 125 Example Indicating Two Different Software Versions in Primary and Secondary Flash Execute the copy command as follows: ProCurve(config)# copy flash flash primary Erasing the Contents of Primary or Secondary Flash. This command deletes the software image file from the specified flash location.

  • Page 126: Rebooting The Switch

    Figure 6-11. Example of Erase Flash Prompt Type y at the prompt to complete the flash erase. Use show flash to verify erasure of the selected software flash image ProCurve(config)# show flash The “ ” here shows that...

  • Page 127: Boot And Reload Command Comparison

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options factory-default values to the parameters controlling the new features. Simi­ larly, If you create a startup-config file while using a version “Y” of the switch software, and then reboot the switch with an earlier software version “X” that does not include all of the features found in “Y”, the software simply ignores the parameters for any features that it does not support.

  • Page 128: Setting The Default Flash

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options Setting the Default Flash You can specify the default flash to boot from on the next boot by entering the boot set-default flash command. Syntax: boot set-default flash [primary |secondary] Upon booting, set the default flash for the next boot to primary or secondary.

  • Page 129: Using Reload

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options ProCurve(config)# boot system flash secondary System will be rebooted from secondary image. Do you want to continue [y/n]? Figure 6-13. Example of Boot Command with Secondary Flash Option In the above example, typing either a at the second prompt initiates the reboot operation.
  • Page 130 To schedule a reload for the same time the following day: ■ ProCurve# reload after 01:00:00 To schedule a reload for the same day at 12:05: ■ ProCurve# reload at 12:05 ■ To schedule a reload on some future date: ProCurve# reload at 12:05 01/01/2008 6-22...

  • Page 131: Multiple Configuration Files

    Switch Memory and Configuration Multiple Configuration Files Multiple Configuration Files Action Page Listing and Displaying Startup-Config Files 6-27 Changing or Overriding the Reboot Configuration Policy 6-28 Managing Startup-Config Files Renaming Startup-Config Files 6-31 Copying Startup-Config Files 6-31 Erasing Startup-Config Files 6-32 Effect of Using the Clear + Reset Buttons 6-34...

  • Page 132: General Operation

    Switch Memory and Configuration Multiple Configuration Files Transitions from one software release to another can be performed while ■ maintaining a separate configuration for the different software release versions. ■ By setting a reboot policy using a known good configuration and then overriding the policy on a per-instance basis, you can test a new configu­...

  • Page 133: Transitioning To Multiple Configuration Files

    Switch Memory and Configuration Multiple Configuration Files 2. Use the CLI to make configuration changes in the running-config file, and then execute write mem. The result is that the startup-config file used to reboot the switch is modified by the actions in step 2. Boot Command Primary Boot Path Active Startup-Config File:...
  • Page 134 Switch Memory and Configuration Multiple Configuration Files Saves a copy of the existing startup-config file in memory slot 2 with the ■ filename workingConfig. Assigns the workingConfig file as the active configuration and the default ■ configuration for all subsequent reboots using either primary or second­ ary flash.

  • Page 135: Listing And Displaying Startup-Config Files

    Switch Memory and Configuration Multiple Configuration Files Listing and Displaying Startup-Config Files Command Page show config files Below show config < filename > 6-28 Viewing the Startup-Config File Status with Multiple Configuration Enabled Rebooting the switch automatically enables the multiple configuration fea­ ture.

  • Page 136: Displaying The Content Of A Specific Startup-Config File

    Switch Memory and Configuration Multiple Configuration Files Displaying the Content of A Specific Startup-Config File With Multiple Configuration enabled, the switch can have up to three startup­ config files. Because the show config command always displays the content of the currently active startup-config file, the command extension shown below is needed to allow viewing the contents of any other startup-config files stored in the switch.
  • Page 137 Switch Memory and Configuration Multiple Configuration Files Syntax: startup-default [ primary | secondary ] config < filename > Specifies a boot configuration policy option: [ primary | secondary ] config < filename >: Designates the startup-config file to use in a reboot with the software version stored in a specific flash location.

  • Page 138: Managing Startup-Config Files In The Switch

    Switch Memory and Configuration Multiple Configuration Files ProCurve(config)# startup-default pri config minconfig ProCurve(config) # startup-default sec config newconfig. Overriding the Default Reboot Configuration Policy. This command provides a method for manually rebooting with a specific startup-config file other than the file specified in the default reboot configuration policy.

  • Page 139: Renaming An Existing Startup-Config File

    Switch Memory and Configuration Multiple Configuration Files Renaming an Existing Startup-Config File Syntax: rename config < current-filename > < newname-str > This command changes the name of an existing startup­ config file. A file name can include up to 63, alphanumeric characters.

  • Page 140: Erasing A Startup-Config File

    Switch Memory and Configuration Multiple Configuration Files Figure 6-17. Example of Using One Startup-Config File for Both Primary and Secondary Flash If you wanted to experiment with configuration changes to the software version in secondary flash, you could create and assign a separate startup­ config file for this purpose.
  • Page 141 Switch Memory and Configuration Multiple Configuration Files Syntax: erase < config < filename >> | startup-config > config < filename >: This option erases the specified startup­ config file. If the specified file is not the currently active startup-config file, then the file is simply deleted from the memory slot it occupies.

  • Page 142: Switch To Its Default Configuration

    Switch Memory and Configuration Multiple Configuration Files Figure 6-19 illustrates using erase config < filename > to remove a startup-config file. Figure 6-19. Example of Erasing a Non-Active Startup-Config File With the same memory configuration as is shown in the bottom portion of figure 6-19, executing erase startup-config boots the switch from primary flash, resulting in a new file named minconfig in the same memory slot.

  • Page 143: Transferring Startup-Config Files To Or From A Remote Server

    “TFTP: Copying a Configuration File to a Remote Host” on page A-26. For example, the following command copies a startup-config file named test­ 01 from the switch to a (UNIX) TFTP server at IP address 10.10.28.14: ProCurve(config)# copy config test-01 tftp 10.10.28.14 test-01.txt unix 6-35...

  • Page 144: Tftp: Copying A Configuration File From A Remote Host

    For example, the following command copies a startup-config file named test­ 01.txt from a (UNIX) TFTP server at IP address 10.10.28.14 to the first empty memory slot in the switch: ProCurve(config)# copy tftp config test-01 10.10.28.14 test-01.txt unix Xmodem: Copying a Configuration File to a Serially...

  • Page 145: Connected Host

    Switch Memory and Configuration Multiple Configuration Files Xmodem: Copying a Configuration from a Serially Connected Host Syntax: copy xmodem config < dest-file > < pc | unix > This is an addition to the copy xmodem command options. Use this command to download a configuration file from an Xmodem host to the switch.
  • Page 146 Switch Memory and Configuration Multiple Configuration Files 6-38...

  • Page 147: Contents

    Interface Access and System Information Contents Overview ........... . . 7-2 Interface Access: Console/Serial Link, Web, and Inbound Telnet .

  • Page 148: Overview

    Chapter 4, “Using the Command Line Interface (CLI)” ■ ■ Chapter 5, “Using the ProCurve Web Browser Interface” Why Configure Interface Access and System Information? The inter­ face access features in the switch operate properly by default. However, you can modify or disable access features to suit your particular needs. Similarly, you can choose to leave the system information parameters at their default settings.

  • Page 149: Interface Access: Console/Serial Link, Web, And Inbound Telnet

    Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access Features Feature Default Menu Inactivity Time 0 Minutes page 7-4 page 7-7 — (disabled) Inbound Telnet Access Enabled page 7-4 page 7-5...

  • Page 150: Menu: Modifying The Interface Access

    Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Menu: Modifying the Interface Access The menu interface enables you to modify these parameters: ■ Inactivity Timeout Inbound Telnet Enabled ■ Web Agent Enabled ■ To Access the Interface Access Parameters: From the Main Menu, Select...

  • Page 151: Cli: Modifying The Interface Access

    Types To List Console Control Options Figure 7-2. Listing of Show Console Command Reconfigure Inbound Telnet Access. In the default configuration, inbound Telnet access is enabled. Syntax: [no] telnet-server To disable inbound Telnet access: ProCurve(config)# no telnet-server To re-enable inbound Telnet access:...
  • Page 152 For example, if the host “Labswitch” is in the domain abc.com, you can enter the following command and the destination is resolved to “Labswitch.abc.com”. ProCurve(config)# telnet Labswitch You can also enter the full domain name in the command: ProCurve(config)# telnet Labswitch.abc.com...
  • Page 153 Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet ProCurve(config)# show telnet Telnet Activity -------------------------------------------------------- Session : ** Privilege: Manager From : Console ------------------------------------------------------- Session : ** Privilege: Manager From : 12.13.14.10 : 15.33.66.20 ------------------------------------------------------- Session...
  • Page 154 ■ No flow control Critical log events ■ you would use the following command sequence: ProCurve(config)# console terminal vt100 baud-rate 19200 flow-control none events critical Command will take effect after saving configuration and reboot ProCurve(config)# write memory ProCurve(config)# reload The switch implements the Event Log change immediately. The switch implements...

  • Page 155: Sessions

    Denying Interface Access by Terminating Remote Management Sessions You can also execute a series of console commands and then save the configuration and boot the switch. For example: ProCurve(config)# console baud-rate speed-sense Configure Command will take effect after saving configuration and reboot...
  • Page 156 Interface Access and System Information Denying Interface Access by Terminating Remote Management Sessions Session 2 is an active Telnet session. The kill 2 command terminates session 2. Figure 7-6. Example of Using the “Kill” Command To Terminate a Remote Session 7-10...

  • Page 157: System Information

    Configuring system information is optional, but recommended. System Name: Using a unique name helps you to identify individual devices where you are using an SNMP network management tool such as ProCurve Manager. System Contact and Location: This information is helpful for identifying the person administratively responsible for the switch and for identifying the locations of individual switches.

  • Page 158: Menu: Viewing And Configuring System Information

    Daylight Time Rule: Specifies the daylight savings time rule to apply for your location. The default is None. (For more on this topic, refer to Appendix D, “Daylight Savings Time on ProCurve Switches.) Time: Used in the CLI to specify the time of day, the date, and other system parameters.

  • Page 159: Cli: Viewing And Configuring System Information

    Listing the Current System Information. This command lists the current system information settings. Syntax: show system information This example shows the switch’s default console configuration. ProCurve# show system information Status and Counters - General System Information System Name : ProCurve...
  • Page 160 Interface Access and System Information System Information Configure a System Name, Contact, and Location for the Switch. To help distinguish one switch from another, configure a plain-language identity for the switch. Syntax: hostname < name-string > snmp-server [contact <system-contact>] [location <system-location>] Each field allows up to 255 characters.
  • Page 161 Interface Access and System Information System Information MENU ProCurve Switch 2910al 24-Oct-2006 12:41:47 ===========================- TELNET - MANAGER MODE =========================== Switch Configuration - System Information System Name : Blue Switch System Contact : Bill_Smith System Location : + characters of the location are missing. It’s too long.
  • Page 162 (hh) values from 1 p.m. to midnight are input as 13 - 24, respectively. Syntax: time [ hh:mm [ :ss ]] [ mm/dd/ [ yy ] yy ] For example, to set the switch to 9:45 a.m. on November 17, 2002: ProCurve(config)# time 9:45 11/17/02 7-16...

  • Page 163: Web: Configuring System Parameters

    Interface Access and System Information System Information N o t e Executing reload or boot resets the time and date to their default startup values. Web: Configuring System Parameters In the web browser interface, you can enter the following system information: ■...
  • Page 164 Interface Access and System Information System Information 7-18...

  • Page 165: Contents

    Configuring IP Addressing Contents Overview ........... . . 8-2 IP Configuration .

  • Page 166: Overview

    Configuring IP Addressing Overview Overview You can configure IP addressing through all of the switch’s interfaces. You can also: ■ Easily edit a switch configuration file to allow downloading the file to multiple switches without overwriting each switch’s unique gateway and VLAN 1 IP addressing.

  • Page 167: Just Want A Quick Start With Ip Addressing?

    If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, ProCurve recommends that you use the Switch Setup screen to quickly configure IP addressing. To do so, do one of the following: Enter setup at the CLI Manager level prompt.

  • Page 168: Ip Addressing With Multiple Vlans

    Configuring IP Addressing IP Configuration For more on using the Switch Setup screen, refer to the Installation and Getting Started Guide you received with the switch. IP Addressing with Multiple VLANs In the factory-default configuration, the switch has one, permanent default VLAN (named DEFAULT_VLAN) that includes all ports on the switch.

  • Page 169: Menu: Configuring Ip Address, Gateway, And Time-To-Live (Ttl)

    Configuring IP Addressing IP Configuration Menu: Configuring IP Address, Gateway, and Time-To- Live (TTL) Do one of the following: To manually enter an IP address, subnet mask, set the IP Config parameter ■ to Manual and then manually enter the IP address and subnet mask values you want for the switch.

  • Page 170: Cli: Configuring Ip Address, Gateway, And Time-To-Live (Ttl)

    Configuring IP Addressing IP Configuration 3. If the switch needs to access a router, for example, to reach off-subnet destinations, select the Default Gateway field and enter the IP address of the gateway router. 4. If you need to change the packet Time-To-Live (TTL) setting, select Default TTL and type in a value between 2 and 255.
  • Page 171 Configuring IP Addressing IP Configuration (You can also use the show management command to display the IP addressing and time server IP addressing configured on the switch. Refer to figure 9-6 on page 9-10.) For example, in the factory-default configuration (no IP addressing assigned), the switch’s IP addressing appears as: The Default IP Configuration...
  • Page 172 ProCurve(config)# vlan 1 ip address 10.28.227.103/24 This example deletes an IP address configured in VLAN 1. ProCurve (config) no vlan 1 ip address 10.28.227.103/24 Configure Multiple IP Addresses on a VLAN (Multinetting). The fol­ lowing is supported: Up to 2048 IP addresses for the switch ■...
  • Page 173 Configuring IP Addressing IP Configuration 1. Go to VLAN 20. 2. Configure two additional IP addresses on VLAN 3. Display IP addressing. Figure 8-4. Example of Configuring and Displaying a Multinetted VLAN If you then wanted to multinet the default VLAN, you would do the following: Figure 8-5.

  • Page 174: Web: Configuring Ip Addressing

    Syntax: ip default-gateway < ip-address > For example: ProCurve(config)# ip default-gateway 10.28.227.115 Note The switch uses the IP default gateway only while operating as a Layer 2 device. While routing is enabled on the switch, the IP default gateway is not used.

  • Page 175: How Ip Addressing Affects Switch Operation

    Console RS-232 port. You can use direct-connect console access to take advantage of features that do not depend on IP addressing. However, to realize the full capabilities ProCurve proactive networking offers through the switch, configure the switch with an IP address and subnet mask compatible with your network.

  • Page 176: Dhcp/Bootp Operation

    Configuring IP Addressing IP Configuration DHCP/Bootp Operation Overview. DHCP/Bootp is used to provide configuration data from a DHCP or Bootp server to the switch. This data can be the IP address, subnet mask, default gateway, Timep Server address, and TFTP server address. If a TFTP server address is provided, this allows the switch to TFTP a previously saved configuration file from the TFTP server to the switch.
  • Page 177 Configuring IP Addressing IP Configuration DHCP Operation. A significant difference between a DHCP configuration and a Bootp configuration is that an IP address assignment from a DHCP server is automatic. Depending on how the DHCP server is configured, the switch may receive an IP address that is temporarily leased. Periodically the switch may be required to renew its lease of the IP configuration.

  • Page 178: Network Preparations For Configuring Dhcp/Bootp

    Configuring IP Addressing IP Configuration gw=10.66.77.1:\ lg=10.22.33.44:\ T144=”switch.cfg”:\ vm=rfc1048 where: 8212switch is a user-defined symbolic name to help you find the correct section of the bootptab file. If you have multiple switches that will be using Bootp to get their IP configuration, you should use a unique symbolic name for each switch.

  • Page 179: Loopback Interfaces

    Configuring IP Addressing Loopback Interfaces N o t e Designating a primary VLAN other than the default VLAN affects the switch’s use of information received via DHCP/Bootp. For more on this topic, refer to the chapter describing VLANs in the Advanced Traffic Management Guide for your switch.

  • Page 180: Configuring A Loopback Interface

    Note that when you configure an IP address for a loopback interface, you do not specify a network mask. The default subnet mask 255.255.255.255 is used. ProCurve(config)# interface loopback 1 ProCurve (lo1)# ip address 10.1.1.1 Figure 8-6. Example of a Loopback Interface Configuration N o t e s ■...

  • Page 181: Displaying Loopback Interface Configurations

    Up to thirty-two IP addresses are supported on a loopback interface. The following example shows valid IP address configurations on two loopback interfaces. ProCurve(config)# interface loopback 0 ProCurve (lo0)# ip address 172.16.101.8 ProCurve (lo0)# ip address 172.16.101.9 ProCurve (lo0)# exit ProCurve (config)# interface loopback 1 ProCurve (lo1)# ip address 172.16.102.1...
  • Page 182 Configuring IP Addressing Loopback Interfaces ProCurve> show ip Internet (IP) Service IP Routing : Enabled Default TTL : 64 ARP Age : 20 VLAN IP Config IP Address Subnet Mask Proxy ARP -------- --------- ---------- ---------- ------- DEFAULT_VLAN Manual 10.0.8.121 255.255.0.0...
  • Page 183 IP address, enter the show ip route command. The following example displays the configuration of the default loopback interface (lo0) and one user-defined loopback interface (lo2). ProCurve> show ip route IP Route Entries IP Routing : Enabled Default TTL : 64...

  • Page 184: Ip Preserve: Retaining Vlan-1 Ip Addressing Across Configuration File Downloads

    Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads For the switches covered in this guide, IP Preserve enables you to copy a configuration file to multiple switches while retaining the individual IP address and subnet mask on VLAN 1 in each switch, and the Gateway IP address assigned to the switch.
  • Page 185 Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads ; J9146A Configuration Editor; Created on release #W.14.01 hostname “ProCurve” time daylight-time-rule None Entering “ip preserve” in the last line of a configuration file implements IP Preserve when the file is password manager downloaded to the switch and the switch reboots.
  • Page 186 Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads ProCurve(config)# show run Running configuration: ; J9146A Configuration Editor; Created on release #W.14.XX hostname "ProCurve" module 1 type J8702A module 2 type J8705A trunk A11-A12 Trk1 Trunk ip default-gateway 10.10.10.1...
  • Page 187 Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads ProCurve# show run Running configuration: ; J9146A Configuration Editor; Created on release #W.14.XX hostname "ProCurve" module 1 type J8702A module 2 type J8705A trunk A11-A12 Trk1 Trunk Because switch 4 (figure 8-10) ip default-gateway 10.10.10.1...
  • Page 188 Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads 8-24...

  • Page 189: Contents

    Time Protocols Contents Overview ........... . . 9-2 TimeP Time Synchronization .

  • Page 190: Overview

    Time Protocols Overview Overview This chapter describes: ■ SNTP Time Protocol Operation Timep Time Protocol Operation ■ Using time synchronization ensures a uniform time among interoperating devices. This helps you to manage and troubleshoot switch operation by attaching meaningful time data to event and error messages. The switch offers TimeP and SNTP (Simple Network Time Protocol) and a timesync command for changing the time protocol selection (or turning off time protocol operation).

  • Page 191: Protocol Operation

    Time Protocols Selecting a Time Synchronization Protocol or Turning Off Time Protocol Operation N o t e To use Broadcast mode, the switch and the SNTP server must be in the same subnet. Unicast Mode: The switch requests a time update from the config­ ■...

  • Page 192: Sntp: Viewing, Selecting, And Configuring

    Time Protocols SNTP: Viewing, Selecting, and Configuring In the System Information screen of the Menu interface, set the Time ■ Synch Method parameter to None, then press [Enter], then [S] (for Save). In the Global config level of the CLI, execute no timesync. ■...

  • Page 193: Menu: Viewing And Configuring Sntp

    Time Protocols SNTP: Viewing, Selecting, and Configuring Table 9-1. SNTP Parameters SNTP Parameter Operation Time Sync Used to select either SNTP, TIMEP, or None as the time synchronization method. Method SNTP Mode Disabled The Default. SNTP does not operate, even if specified by the Menu interface Time Sync Method parameter or the CLI timesync command.
  • Page 194 Time Protocols SNTP: Viewing, Selecting, and Configuring ==========================- CONSOLE - MANAGER MODE -======================== Switch Configuration - System Information System Name : ProCurve System Contact : System Location : Inactivity Timeout (min) [0] : 0 MAC Age Time (sec) [300] : 300...
  • Page 195 SNTP server version running on the device you specified in the preceding step (step ii). If you are unsure which version to use, ProCurve recommends leaving this value at the default setting of 3 and testing SNTP operation to determine whether any change is necessary.

  • Page 196: Cli: Viewing And Configuring Sntp

    Time Protocols SNTP: Viewing, Selecting, and Configuring CLI: Viewing and Configuring SNTP CLI Commands Described in this Section SNTP Command Page show sntp [no] timesync 9-10 and ff., 9-14 sntp broadcast 9-11 sntp unicast 9-12 sntp server 9-12 and ff. Protocol Version 9-10 9-12...
  • Page 197 Time Protocols SNTP: Viewing, Selecting, and Configuring ProCurve(config)# show sntp SNTP Configuration Time Sync Mode: Sntp SNTP Mode : Unicast Poll Interval (sec) [720] : 719 Priority SNTP Server Address Protocol Version -------- ---------------------------------------------- ---------------- 2001:db8::215:60ff:fe79:8980 10.255.5.24 fe80::123%vlan10 Figure 9-4. Example of SNTP Configuration When SNTP Is the Selected Time Synchronization Method...

  • Page 198: Configuring (Enabling Or Disabling) The Sntp Mode

    Time Protocols SNTP: Viewing, Selecting, and Configuring ProCurve(config)# show management Status and Counters - Management Address Information Time Server Address : fe80::215:60ff:fe7a:adc0%vlan10 Priority SNTP Server Address Protocol Version -------- ---------------------------------------------- ---------------- 2001:db8::215:60ff:fe79:8980 10.255.5.24 fe80::123%vlan10 Default Gateway : 10.0.9.80 VLAN Name...
  • Page 199 3. Enable SNTP for Broadcast mode. 4. View the SNTP configuration again to verify the configuration. The commands and output would appear as follows: ProCurve(config)# show sntp show sntp displays the SNTP configuration and also shows that TimeP is the currently active time synchronization mode.
  • Page 200 (720 seconds): ProCurve(config)# timesync sntp Selects SNTP. ProCurve(config)# sntp unicast Activates SNTP in Unicast mode. ProCurve(config)# sntp server priority 2 10.28.227.141 Specifies the SNTP server with a priority of “2” and accepts the current SNTP server version (default: 3). 9-12...
  • Page 201 10.28.227.141) with version 3. You would use the following commands to delete the server IP address and then re-enter it with the correct version number for that server: ProCurve(config)# no sntp server priority 2 10.28.227.141 Deletes unicast SNTP ProCurve(config)# sntp server priority 2 10.28.227.141 4 server entry.
  • Page 202 720 seconds. (This parameter is separate from the poll inter­ val parameter used for Timep operation.) For example, to change the poll interval to 300 seconds: ProCurve(config)# sntp poll-interval 300 Disabling Time Synchronization Without Changing the SNTP Configuration. The recommended method for disabling time synchroniza­...
  • Page 203 For example, if the switch is running SNTP in Unicast mode with an SNTP servers as shown in figure 9-9, no sntp changes the SNTP configuration as shown below, and disables time synchronization on the switch. ProCurve(config)# no sntp ProCurve(config)# show sntp SNTP Configuration...

  • Page 204: Timep: Viewing, Selecting, And Configuring

    Time Protocols TimeP: Viewing, Selecting, and Configuring TimeP: Viewing, Selecting, and Configuring TimeP Feature Default Menu view the Timep time synchronization configuration page 9-17 page 9-19 — select Timep as the time synchronization method TIMEP page 9-15 pages 9-21 ff. —...

  • Page 205: Menu: Viewing And Configuring Timep

    2. Switch Configuration... 1. System Information ==========================- CONSOLE - MANAGER MODE -========================== Switch Configuration - System Information System Name : ProCurve System Contact : System Location : Inactivity Timeout (min) [0] : 0 MAC Age Time (sec) [300] : 300...

  • Page 206: Cli: Viewing And Configuring Timep

    Time Protocols TimeP: Viewing, Selecting, and Configuring ii. Enter the IP address of the TimeP server you want the switch to use for time synchronization. Note: This step replaces any previously configured TimeP server IP address. [>] to move the cursor to the Poll Interval field, then go to iii. Press step 6.

  • Page 207: Viewing The Current Timep Configuration

    Time Protocols TimeP: Viewing, Selecting, and Configuring Viewing the Current TimeP Configuration Using different show commands, you can display either the full TimeP config­ uration or a combined listing of all TimeP, SNTP, and VLAN IP addresses configured on the switch. Syntax: show timep This command lists both the time synchronization method (TimeP, SNTP, or None) and the TimeP configuration, even if...

  • Page 208: Configuring (Enabling Or Disabling) The Timep Mode

    Time Protocols TimeP: Viewing, Selecting, and Configuring ProCurve(config)# show management Status and Counters - Management Address Information Time Server Address : 10.10.28.100 Priority SNTP Server Address Protocol Version -------- ---------------------------------------------- ---------------- 10.10..28.101 10.255.5.24 fe80::123%vlan10 Default Gateway : 10.0.9.80 VLAN Name...
  • Page 209 Time Protocols TimeP: Viewing, Selecting, and Configuring Enabling TimeP in DHCP Mode. Because the switch provides a TimeP polling interval (default: 720 minutes), you need only these two commands for a minimal TimeP DHCP configuration: Syntax: timesync timep Selects TimeP as the time synchronization method. Syntax: ip timep dhcp Configures DHCP as the TimeP mode.
  • Page 210 TimeP server address of 10.28.227.141 and the default poll interval (720 minutes, assuming the TimeP poll interval is already set to the default): ProCurve(config)# timesync timep Selects TimeP. ProCurve(config)# ip timep manual 10.28.227.141 Activates TimeP in Manual mode. Figure 9-17. Example of Configuring Timep for Manual Operation 9-22...
  • Page 211 Syntax: ip timep < dhcp | manual > interval < 1 - 9999 > For example, to change the poll interval to 60 minutes: ProCurve(config)# ip timep interval 60 Disabling Time Synchronization Without Changing the TimeP Configuration. The recommended method for disabling time synchroniza­...
  • Page 212 Time Protocols TimeP: Viewing, Selecting, and Configuring For example, if the switch is running TimeP in DHCP mode, no ip timep changes the TimeP configuration as shown below, and disables time synchronization. Even though the Time Sync Mode is set to Timep, time synchronization is disabled because no ip timep has disabled the TimeP Mode parameter.

  • Page 213: Sntp Unicast Time Polling With Multiple Sntp Servers

    The CLI show management command displays all configured SNTP servers on the switch. ProCurve(config)# show management Status and Counters - Management Address Information Time Server Address : fe80::215:60ff:fe7a:adc0%vlan10...

  • Page 214: Adding And Deleting Sntp Server Addresses

    Syntax: no sntp server < ip-addr > For example, to delete the primary address in the above example (and automatically convert the secondary address to primary): ProCurve(config)# no sntp server 10.28.227.141 Menu: Operation with Multiple SNTP Server Addresses Configured When you use the Menu interface to configure an SNTP server IP address, the new address writes over the current primary address, if one is configured.

  • Page 215: Contents

    Configuring a Broadcast Limit on the Switch ....10-17 Configuring ProCurve Auto-MDIX ......10-18 Web: Viewing Port Status and Configuring Port Parameters .
  • Page 216 Port Status and Configuration Contents Configuring UDLD ......... 10-30 Enabling UDLD .

  • Page 217: Overview

    10-21 configuring ports page 10-7 page 10-13 page 10-21 configuring ProCurve auto-mdix page 10-18 Note On Connecting If the switch either fails to show a link between an installed transceiver and Transceivers to another device, or demonstrates errors or other unexpected behavior on the...

  • Page 218: Menu: Port Status And Configuration

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Menu: Port Status and Configuration From the menu interface, you can view and change the port configuration. Using the Menu To View Port Configuration. The menu interface dis­ plays the configuration for ports and (if configured) any trunk groups. From the Main Menu, select: 1.

  • Page 219: Status Of Ports

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Status of Ports A port can be enabled or disabled: ■ Yes: Enabled, the default. This indicates the port is ready for a network connection. ■ No: Disabled, the port will not operate, even if properly connected to a network.

  • Page 220: Modes

    Allows the port to negotiate between half-duplex (HDx) and full-duplex (FDx) while keeping speed at 10Mbps. Also negotiates flow control (enabled or disabled). ProCurve recommends Auto-10 for links between 10/100 auto- sensing ports connected with Cat 3 cabling. (Cat 5 cabling is required for 100 Mbps links.)

  • Page 221: Configuring Ports

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Table 10-2. Protocols and Modes Supported for Copper Ports 10/100 Mbps Gigabit 10 Gigabit 10/100 TX 10/100/1000-T 10GBASE-CX4 Modes Settings Modes Settings Modes Settings Auto 100FDx Auto 1000FDx Auto 10 Gigabit FDx 10HDx 10HDx...

  • Page 222: Cli: Viewing Port Status And Configuring Port Parameters

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters ===========================- TELNET - MANAGER MODE -============= Switch Configuration - Port/Trunk Settings Port Type Enabled Mode Flow Ctrl Group Type ---- --------- + ------- ------------ --------- ----- ---- - 1000T | Yes Auto-10-100 Disable...

  • Page 223: Viewing Port Status And Configuration

    < port-list >: Shows a summary of network traffic handled by the specified ports. An example of the show interfaces brief command is shown below. ProCurve(config)# show interfaces brief Status and Counters - Port Status | Intrusion Flow...
  • Page 224 Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)# show interfaces config Port Settings Port Type | Enabled Mode Flow Ctrl MDI ----- --------- + ------- ------------ --------- ---- 100/1000T Auto-10-100 Disable Auto 100/1000T Auto Disable Auto...

  • Page 225: Viewing Port Utilization Statistics

    Viewing Port Utilization Statistics Use the show interface port-utilization command to view a real-time rate display for all ports on the switch. The following shows a sample output from this command. ProCurve(config)# show interfaces port-utilization Status and Counters - Port Utilization Port Mode...

  • Page 226: Viewing Transceiver Status

    ■ Display real-time status information about all installed transceivers, including non-operational transceivers. Figure 10-7 shows sample output from the show tech transceivers command. ProCurve# show tech transceivers Transceiver Technical Information: Port # | Type | Prod # | Serial #...

  • Page 227: Enabling Or Disabling Ports And Configuring Port Mode

    • Part number—Allows you to determine the manufacturer for a spec­ ified transceiver and revision number. For a non-ProCurve installed transceiver (see line 23 Figure 10-7), no ■ transceiver type, product number, or part information is displayed. In the Serial Number field, non-operational is displayed instead of a serial num­...
  • Page 228 Only these speeds are allowed with this setting. For example, to configure port 5 for auto-10-100, enter this command: ProCurve(config)# int 5 speed-duplex auto-10-100 To configure ports 1 through 3 and port 6 for 100Mbps full-duplex, you would...

  • Page 229: Enabling Or Disabling Flow Control

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Enabling or Disabling Flow Control N o t e You must enable flow control on both ports in a given link. Otherwise, flow control does not operate on the link, and appears as Off in the show interfaces brief port listing, even if flow control is configured as enabled on the port in the switch.
  • Page 230 10-Trk2 100/1000T | No 1000FDx Auto 100/1000T | No 1000FDx Auto Figure 10-9. Example of Configuring Flow Control for a Series of Ports ProCurve(config)# no int 11 flow-control ProCurve(config)# show int brief Status and Counters - Port Status | Intrusion Flow Bcast Port...

  • Page 231: Configuring A Broadcast Limit On The Switch

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)# no int 7-10 flow-control ProCurve(config)# show int brief Status and Counters - Port Status | Intrusion Flow Bcast Port Type | Alert Enabled Status Mode Mode Ctrl Limit...

  • Page 232: Configuring Procurve Auto-Mdix

    For example, the following command enables broadcast limiting of 1 percent of the traffic rate on the selected port on the switch: ProCurve(int B1)# broadcast-limit 1 For a one Gbps port this results in a broadcast traffic rate of ten Mbps.
  • Page 233 ProCurve Auto-MDIX was developed for auto-negotiating devices, and was shared with the IEEE for the development of the IEEE 802.3ab standard. ProCurve Auto-MDIX and the IEEE 802.3ab Auto MDI/MID-X feature are completely compatible. Additionally, ProCurve Auto-MDIX supports opera­ tion in forced speed and duplex modes.
  • Page 234 For example, show interfaces config displays the following data when port 1 is configured for auto-mdix, port 2 is configured for mdi, and port 3 is configured for mdix. ProCurve(config)# show interfaces config Per-Port MDI Configuration Port Settings...

  • Page 235: Web: Viewing Port Status And Configuring Port Parameters

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)# show int brief Per-Port MDI Operating Mode Status and Counters - Port Status | Intrusion Flow Bcast Port Type | Alert Enabled Status Mode Mode Ctrl Limit ------- --------- + --------- ------- ------ ---------- ----- ----- ------...

  • Page 236: Using Friendly (Optional) Port Names

    Port Status and Configuration Using Friendly (Optional) Port Names Using Friendly (Optional) Port Names Feature Default Menu Configure Friendly Port Names Standard Port page 23 Numbering Display Friendly Port Names page 24 This feature enables you to assign alphanumeric port names of your choosing to augment automatically assigned numeric port names.

  • Page 237: Configuring Friendly Port Names

    Port Status and Configuration Using Friendly (Optional) Port Names To retain friendly port names across reboots, you must save the current ■ running-configuration to the startup-config file after entering the friendly port names. (In the CLI, use the write memory command.) Configuring Friendly Port Names Syntax: interface <...

  • Page 238: Displaying Friendly Port Names With Other Port Data

    Port Status and Configuration Using Friendly (Optional) Port Names Configuring the Same Name for Multiple Ports. Suppose that you want to use ports A5 through A8 as a trunked link to a server used by a drafting group. In this case you might configure ports A5 through A8 with the name “Draft-Server:Trunk”.
  • Page 239 Port Status and Configuration Using Friendly (Optional) Port Names Syntax: show name [ port-list ] Lists the friendly port name with its corresponding port number and port type. The show name command without a port list shows this data for all ports on the switch. For example: Ports Without “Friendly”...
  • Page 240 Port Status and Configuration Using Friendly (Optional) Port Names Syntax: show interface < port-number > Includes the friendly port name with the port’s traffic statistics listing. For example, if you configure port A1 with the name “O’Connor_10.25.101.43”, the show interface output for this port appears similar to the following: Friendly Port Name Figure 10-18.

  • Page 241: Been Inserted

    Port Status and Configuration Using Friendly (Optional) Port Names For example, if you configure port A1 with a friendly port name: This command sequence saves the friendly port name for port A1 in the startup­ config file. The name entered for port A2 is not saved because it was executed after write memory.
  • Page 242 Port Status and Configuration Using Friendly (Optional) Port Names Syntax: module <module-num> type <module-type> Allows you to configure the type of the module. The same module command used in an uploaded configuration file is used to define a module that is being pre-configured. The validation performed when issued through the CLI is still performed just as if the command was executed on the switch, in other words, as if the module were actually present in the switch.

  • Page 243: Uni-Directional Link Detection (Udld)

    When UDLD is enabled on the trunk ports on each ProCurve switch, the switches detect the failed link, block the ports connected to the failed link, and use the remaining ports in the trunk group to forward the traffic.

  • Page 244: Configuring Udld

    When configuring UDLD, keep the following considerations in mind: ■ UDLD is configured on a per-port basis and must be enabled at both ends of the link. See the note below for a list of ProCurve switches that support UDLD. ■...

  • Page 245: Enabling Udld

    Enabling UDLD UDLD is enabled on a per port basis. For example, to enable UDLD on port a1, enter: ProCurve(config)#interface al link-keepalive To enable the feature on a trunk group, enter the appropriate port range. For example: ProCurve(config)#interface al-a4 link-keepalive...

  • Page 246: Changing The Keepalive Interval

    The default implementation of UDLD sends the UDLD control packets untagged, even across tagged ports. If an untagged UDLD packet is received by a non-ProCurve switch, that switch may reject the packet. To avoid such an occurrence, you can configure ports to send out UDLD control packets that are tagged with a specified VLAN.

  • Page 247: Viewing Udld Information

    Port Status and Configuration Uni-Directional Link Detection (UDLD) N o t e s You must configure the same VLANs that will be used for UDLD on ■ all devices across the network; otherwise, the UDLD link cannot be maintained. If a VLAN ID is not specified, then UDLD control packets are sent out ■...
  • Page 248 Port Status and Configuration Uni-Directional Link Detection (UDLD) To display summary information on all UDLD-enabled ports, enter the show link-keepalive command. For example: ProCurve(config)# show link-keepalive Total link-keepalive enabled ports: 4 Keepalive Retries: Keepalive Interval: 1 sec Port 1 is UDLD-enabled, and tagged for a specific VLAN.
  • Page 249 Port Status and Configuration Uni-Directional Link Detection (UDLD) Ports 1 and 2 are UDLD-enabled and show the number of health check packets sent and received on each port. ProCurve(config)# show link-keepalive statistics Port: Current State: Neighbor MAC Addr: 0000a1-b1c1d1 Udld Packets Sent:...

  • Page 250: Configuration Warnings And Event Log Messages

    Port Status and Configuration Uni-Directional Link Detection (UDLD) Configuration Warnings and Event Log Messages Warning Messages. The following table shows the warning messages that may be issued and their possible causes, when UDLD is configured for tagged ports. Table 10-5. Warning Messages caused by configuring UDLD for Tagged Ports CLI Command Example Warning Message Possible Problem...

  • Page 251: Contents

    Power Over Ethernet (PoE+) Operation Contents Introduction to PoE+ ......... 11-3 Related Publications .
  • Page 252 Power Over Ethernet (PoE+) Operation Contents Applying Security Features to PoE Configurations ... . . 11-26 Assigning Priority Policies to PoE Traffic ..... 11-27 PoE Event Log Messages .

  • Page 253: Introduction To Poe+

    PoE Planning and Implementation Guide, which is available on the Pro- Curve Networking web site at www.procurve.com. (Click on Customer Care, then Manuals.) The latest version of any ProCurve product guide is always on the ProCurve Networking web site. Refer to “Getting Documentation From the Web” on page 1-6.

  • Page 254: Poe Terminology

    Power Over Ethernet (PoE+) Operation Introduction to PoE+ PoE Terminology Term Use in this Manual active PoE port A PoE port connected to a PD requesting power. Data Terminal Equipment Maintenance Power Signature; the signal a PD sends to the switch to indicate that the PD is connected and requires power.

  • Page 255: Poe Operation

    PD to be supplied with power. This can reduce the number of PDs that can be powered by the switch. Configuration Options In the default configuration, all Gig-T ports in a ProCurve switch covered in this guide are configured to support PoE operation. You can: ■...

  • Page 256: Pd Support

    Power Over Ethernet (PoE+) Operation PoE Operation Configure per-port priority for allocating power in case power is ■ oversubscribed. Power for some lower-priority ports is dropped to support the demand on other, higher-priority ports. Configure a global power threshold. This setting acts as a trigger for ■...

  • Page 257: Power Priority Operation

    Power Over Ethernet (PoE+) Operation Configuring PoE Operation Power Priority Operation If a PSE can provide power for all connected PD demand, it does not use its power priority settings to allocate power. However, if the PD power demand oversubscribes the available power, then the power allocation is prioritized to the ports that present a PD power demand.

  • Page 258: Disabling Or Re-Enabling Poe Port Operation

    To cycle the power on a PD receiving power from a PoE port on the switch, disable, then re-enable the power to that port. For example, to cycle the power on a PoE device connected to port 1: ProCurve(config)# no interface 1 power-over-ethernet ProCurve(config)# interface 1 power-over-ethernet Configuring the PoE Port Priority Level Using a priority class method, you can assign a power priority of Low (the default), High, or Critical to each enabled PoE port.
  • Page 259 High In this example, the following CLI command sets ports 19-22 to High: ProCurve(config)# interface 19-22 power-over-ethernet high The High priority class receives power only if all PDs on ports with a Critical priority setting are receiving power. If there is not enough power to provision PDs on all ports with a high priority, then no power goes to ports with a low priority.

  • Page 260: Enabling Support For Pre-Standard Devices

    Configuring PoE Operation Enabling Support for Pre-Standard Devices The ProCurve switches covered in this guide are automatically backward compatible with 802.3af devices, and can also support some pre-802.3af devices. For a list of the devices supported, refer to the FAQs for your switch model.

  • Page 261: Manually Configuring Poe Power Levels

    Depends on cable type and PoE architecture. For example, to allocate by class for ports 6 -8: ProCurve(config)# int 6-8 PoE-allocate-by class Manually Configuring PoE Power Levels You can specify a power level (in watts) allocated for a port in 1 watt increments, by using the value option.
  • Page 262 Figure 11-1. Example Displaying PoE Allocation by Value If you set the PoE maximum value to less than the PD requires, a fault occurs. ProCurve(config)# int 7 PoE-value 4 ProCurve(config)# show power-over-ethernet 7 Status and Counters - Port Power Status for port 7...

  • Page 263: Changing The Threshold For Generating A Power Notice

    Power Over Ethernet (PoE+) Operation Configuring PoE Operation Changing the Threshold for Generating a Power Notice You can generate a power usage notice at a specified threshold by entering this command. Syntax: power-over-ethernet threshold < 1 - 99 > This command specifies the PoE usage level (as a percentage of the PoE power available) at which the switch generates a power usage notice.

  • Page 264: Poe With Lldp

    Power Over Ethernet (PoE+) Operation PoE with LLDP PoE with LLDP Overview The data link layer classification (DLC) for PoE provides more exact control over the power requirement between a PSE and PD. The DLC works in conjunction with the physical layer classification (PLC) and is mandatory for any Type-2 PD that requires more than 12.95 watts of input power.

  • Page 265: Enabling Advertisement Of Poe Tlvs

    Power Over Ethernet (PoE+) Operation PoE with LLDP For example, you can enter this command to enable LLDP detection: ProCurve(config)# int 7 PoE-lldp-detect enabled or in interface context: ProCurve(eth-7)# PoE-lldp-detect enabled Note Detecting PoE information via LLDP only affects power delivery; it does not affect normal Ethernet connectivity.

  • Page 266: Displaying Poe When Using Lldp Information

    To display information about LLDP port configuration, use the show lldp config command. Syntax: show lldp config <port-list> Displays the LLDP port configuration information, including the TLVs advertised. ProCurve(config)# show lldp config 4 LLDP Port Configuration Detail Port : 4 AdminStatus [Tx_Rx] : Tx_Rx NotificationEnabled [False] : False...

  • Page 267: Displaying Remote Power Information

    Power Over Ethernet (PoE+) Operation PoE with LLDP Syntax: show lldp info local-device <port-list> Displays detailed information about local PoE devices. ProCurve(config)# show lldp info local-device 1 LLDP Local Port Information Detail Port PortType : local PortId PortDesc : 1...
  • Page 268 : 00 16 35 ff 2d 40 PortType : local PortId : 23 SysName : ProCurve Switch System Descr : ProCurve J9146A Switch 2910al-24G-PoE, revision W.14.XX PortDescr : 23 System Capabilities Supported : bridge, router System Capabilities Enabled : bridge...
  • Page 269 Power Over Ethernet (PoE+) Operation PoE with LLDP Possible values for the PoE information are shown in table 11-4. Table 11-4. Values for Displayed PoE Information Name Possible Values Poe Device Type • Type2 PSE • Type2 PD • Type1 PSE •...

  • Page 270: Displaying The Global Poe Status

    <port-list>: Displays PoE information for the ports in <port-list>. See “Displaying the PoE Status on Specific Ports” on page 11-23. For example, show power-over-ethernet displays data similar to that in figure 11-7. ProCurve(config)# show power-over-ethernet Status and Counters - System Power Status Pre-standard Detect : On Operational Status...

  • Page 271: Displaying Poe Status On All Ports

    Power Over Ethernet (PoE+) Operation Displaying the Global PoE Status Displaying PoE Status on All Ports Syntax: show power-over-ethernet brief Displays the following port power status: • Port: Lists all PoE-capable ports on the switch. • Power Enable: Shows Yes for ports enabled to support PoE (the default) and No for ports on which PoE is disabled.
  • Page 272 Power Over Ethernet (PoE+) Operation Displaying the Global PoE Status For example, show power-over-ethernet brief displays this output: ProCurve(config)# show power-over-ethernet brief Status and Counters - Port Power Status | Power LLDP Power Alloc PoE Configured Detection Power Port | Enable...

  • Page 273: Displaying The Poe Status On Specific Ports

    Power Over Ethernet (PoE+) Operation Displaying the Global PoE Status Displaying the PoE Status on Specific Ports Syntax: show power-over-ethernet <port-list > Displays the following PoE status and statistics (since the last reboot) for each port in <port-list >: • Power Enable: Shows Yes for ports enabled to support PoE (the default) and No for ports on which PoE is disabled.
  • Page 274 Power Over Ethernet (PoE+) Operation Displaying the Global PoE Status Syntax: show power-over-ethernet <port-list > (Continued) Power Denied Cnt: Shows the number of times PDs requesting • power on the port have been denied due to insufficient power available. Each occurrence generates an Event Log message. Voltage: The total voltage, in dV, being delivered to PDs.
  • Page 275 For example, if you wanted to view the PoE status of ports 6 and 7, you would use show power-over-ethernet 6-7 to display the data: ProCurve(config)# show power-over-ethernet 6-7 Status and Counters - Port Power Status for port 6 Power Enable...

  • Page 276: Planning And Implementing A Poe Configuration

    Configuration This section provides an overview of some considerations for planning a PoE application. For additional information on this topic, refer to the ProCurve PoE Planning and Implementation Guide which is available on the ProCurve Networking web site at www.procurve.com. (Click on Customer Care, then Manuals).

  • Page 277: Assigning Priority Policies To Poe Traffic

    For more information on security options, refer to the latest edition of the Access Security Guide for your switch. (The ProCurve Networking web site offers the latest version of all ProCurve product publications. Refer to “Getting Documentation From the Web” on page 1-6.)

  • Page 278: Poe Event Log Messages

    Power Over Ethernet (PoE+) Operation Planning and Implementing a PoE Configuration PoE Event Log Messages PoE operation generates these Event Log messages. You can also configure the switch to send these messages to a configured debug destination (terminal device or SyslogD server). “Informational”...
  • Page 279 Power Over Ethernet (PoE+) Operation Planning and Implementing a PoE Configuration Message Meaning Port <port-id > PD Over Current The PD connected to < port-id > has requested more than indication 15.4 watts of power. This may indicate a short-circuit or other problem in the PD.
  • Page 280 Power Over Ethernet (PoE+) Operation Planning and Implementing a PoE Configuration 11-30...

  • Page 281: Contents

    Port Trunking Contents Overview ........... . 12-2 Port Trunk Features and Operation .

  • Page 282: Overview

    Port Trunking Overview Overview This chapter describes creating and modifying port trunk groups. This includes non-protocol trunks and LACP (802.3ad) trunks. Port Status and Configuration Features Feature Default Menu viewing port trunks page 12-9 page 12-11 page 12-17 configuring a static trunk none page 12-9 page 12-15...
  • Page 283 Port Trunking Overview Port Connections and Configuration: All port trunk links must be point- to-point connections between a switch and another switch, router, server, or workstation configured for port trunking. No intervening, non-trunking devices are allowed. It is important to note that ports on both ends of a port trunk group must have the same mode (speed and duplex) and flow control settings.

  • Page 284: Port Trunk Features And Operation

    LACP requires full-duplex (FDx) links of the same media type (10/100Base-T, 100FX, etc.) and the same speed, and enforces speed and duplex conformance across a trunk group. For most installations, ProCurve recommends that you leave the port Mode settings at Auto (the default). LACP also operates with Auto-10, Auto-100, and Auto-1000 (if negotiation selects FDx), and 10FDx, 100FDx, and 1000FDx settings.
  • Page 285 Port Trunking Trunk Configuration Methods ProCurve(config) int c1-c4 lacp active Note that the preceding example works if the ports are not already operating in a trunk. To change the LACP option on ports already operating as a trunk, you must first remove them from the trunk. For example, if ports C1 - C4 were...
  • Page 286 For more information, refer to “Trunk Group Operation Using LACP” on page 12-18. Trunk Provides manually configured, static-only trunking to: (non- • Most ProCurve switches and routing switches not running the 802.3ad LACP protocol. protocol) • Windows NT and HP-UX workstations and servers Use the Trunk option when: – The device to which you want to create a trunk link is using a non-802.3ad trunking protocol...
  • Page 287 Port Configuration: The default port configuration is Auto, which enables a port to sense speed and negotiate duplex with an Auto-Enabled port on another device. ProCurve recommends that you use the Auto setting for all ports you plan to use for trunking.
  • Page 288 Port Trunking Trunk Configuration Methods Spanning Tree: 802.1D (STP) and 802.1w (RSTP) Spanning Tree operate as a global setting on the switch (with one instance of Spanning Tree per switch). 802.1s (MSTP) Spanning Tree operates on a per-instance basis (with multiple instances allowed per switch).

  • Page 289: Menu: Viewing And Configuring A Static Trunk Group

    Port Trunking Menu: Viewing and Configuring a Static Trunk Group Menu: Viewing and Configuring a Static Trunk Group Important Configure port trunking before you connect the trunked links to another switch, routing switch, or server. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured.
  • Page 290 Port Trunking Menu: Viewing and Configuring a Static Trunk Group • For proper trunk operation, all ports in a trunk must have the same media type and mode (such as 10/100TX set to 100FDx, or 100FX set to 100FDx). The flow control settings must also be the same for all ports in a given trunk.

  • Page 291: Cli: Viewing And Configuring Port Trunk Groups

    Port Trunking CLI: Viewing and Configuring Port Trunk Groups 8. Connect the trunked ports on the switch to the corresponding ports on the opposite device. If you previously disabled any of the trunked ports on the switch, enable them now. (Refer to “Viewing Port Status and Configuring Port Parameters”...
  • Page 292 Port Trunking CLI: Viewing and Configuring Port Trunk Groups Using a port list specifies, for switch ports in a static trunk group, only the ports you want to view. In this case, the command specifies ports A5 through A7. However, because port A6 is not in a static trunk group, it does not appear in the resulting listing: Port A5 appears with an example of a name that you can optionally assign using the Friendly Port Names feature.
  • Page 293 Port Trunking CLI: Viewing and Configuring Port Trunk Groups Listing Static LACP and Dynamic LACP Trunk Data. Syntax: show lacp Lists data for only the LACP-configured ports.. In the following example, ports A1 and A2 have been previously configured for a static LACP trunk. (For more on the “Active” parameter, see table 12-5 on page 12-21.) Figure 12-8.

  • Page 294: Using The Cli To Configure A Static Or Dynamic Trunk Group

    Port Trunking CLI: Viewing and Configuring Port Trunk Groups “Up” Links Standby Link Figure 12-9. Example of a Dynamic LACP Trunk with One Standby Link Using the CLI To Configure a Static or Dynamic Trunk Group I m p o r t a n t Configure port trunking before you connect the trunked links between switches.
  • Page 295 Removing a port from a trunk can create a loop and cause a broadcast storm. When you remove a port from a trunk where spanning tree is not in use, ProCurve recommends that you first disable the port or disconnect the link on that port.
  • Page 296 < port-list >. This example uses ports C4 and C5 to enable a dynamic LACP trunk group. ProCurve(config)# interface c4-c5 lacp active Removing Ports from an Dynamic LACP Trunk Group. To remove a port from dynamic LACP trunk operation, you must turn off LACP on the port.

  • Page 297: Web: Viewing Existing Port Trunk Groups

    To help prevent a broadcast storm when you remove a port from a trunk where spanning tree is not in use, ProCurve recommends that you first disable the port or disconnect the link on that port.

  • Page 298: Trunk Group Operation Using Lacp

    LACP requires full-duplex (FDx) links of the same media type (10/100Base-T, 100FX, etc.) and the same speed, and enforces speed and duplex conformance across a trunk group. For most installations, ProCurve recommends that you leave the port Mode settings at Auto (the default). LACP also operates with Auto-10, Auto-100, and Auto-1000 (if negotiation selects FDx), and 10FDx, 100FDx, and 1000FDx settings.
  • Page 299 Port Trunking Trunk Group Operation Using LACP Table 12-4. LACP Trunk Types LACP Port Trunk Operation Configuration 802.3ad-compliant Dynamic LACP This option automatically establishes an trunk group, with LACP for the port Type parameter and DynX for the port Group name, where X is an automatically assigned value from 1 to 24, depending on how many dynamic and static trunks are currently on the switch.
  • Page 300 Port Trunking Trunk Group Operation Using LACP LACP Port Trunk Operation Configuration Static LACP Provides a manually configured, static LACP trunk to accommodate these conditions: • The port on the other end of the trunk link is configured for a static LACP trunk. • You want to configure non-default spanning tree or IGMP parameters on an LACP trunk group.

  • Page 301: Default Port Operation

    Table 12-5 lists the elements of per-port LACP operation. To display this data for a switch, execute the following command in the CLI: ProCurve> show lacp Table 12-5. LACP Port Status Data Status Name...

  • Page 302: Lacp Notes And Restrictions

    LACP (active or passive) is configured, the switch removes the LACP configuration, displays a notice that LACP is disabled on the port(s), and enables port security on that port. For example: ProCurve(config)# port-security a17 learn-mode static address-limit 2 LACP has been disabled on secured port(s).
  • Page 303 Trunk Group Operation Using LACP The switch will not allow you to configure LACP on a port on which port security is enabled. For example: ProCurve(config)# int a17 lacp passive Error configuring port A17: LACP and port security cannot be run together.
  • Page 304 Status becomes “Up”). When the other port becomes active again, the replace­ ment port goes back to blocked (Port Status is “Blocked”). It can take a few seconds for the switch to discover the current status of the ports. ProCurve(eth-B1-B8)# show lacp LACP PORT...
  • Page 305 Port Trunking Trunk Group Operation Using LACP If there are ports that you do not want on the default VLAN, ensure that ■ they cannot become dynamic LACP trunk members. Otherwise a traffic loop can unexpectedly occur. For example: VLAN-1 VLAN-1 VLAN-1 VLAN-1...

  • Page 306: Trunk Group Operation Using The "Trunk" Option

    Port Trunking Trunk Group Operation Using the “Trunk” Option Dynamic/Static LACP Interoperation: A port configured for dynamic LACP can properly interoperate with a port configured for static (TrkX) LACP, but any ports configured as standby LACP links will be ignored. Trunk Group Operation Using the “Trunk”...

  • Page 307: How The Switch Lists Trunk Data

    Port Trunking How the Switch Lists Trunk Data How the Switch Lists Trunk Data Static Trunk Group: Appears in the menu interface and the output from the CLI show trunk and show interfaces commands. Dynamic LACP Trunk Group: Appears in the output from the CLI show lacp command.
  • Page 308 Port Trunking Outbound Traffic Distribution Across Trunked Links The load-balancing is done on a per communication basis. Otherwise, traffic is transmitted across the same path as shown in figure 12-13. That is, if Client A attached to Switch 1 sends five packets of data to Server A attached to Switch 2, the same link is used to send all five packets.
  • Page 309 Port Trunking Outbound Traffic Distribution Across Trunked Links Table 12-6. Example of Link Assignments in a Trunk Group (SA/DA Distribution) Source: Destination: Link: Node A Node W Node B Node X Node C Node Y Node D Node Z Node A Node Y Node B Node W...
  • Page 310 Port Trunking Outbound Traffic Distribution Across Trunked Links 12-30...

  • Page 311: Contents

    Port Traffic Controls Contents Overview ........... . 13-2 Rate-Limiting .

  • Page 312: Overview

    Port Traffic Controls Overview Overview Feature Default Menu Rate-Limiting None 13-3 n/a Jumbo Packets Disabled 13-8 n/a This chapter includes: ■ Rate-Limiting: Enables a port to limit the amount of bandwidth a user or device may utilize for traffic on the switch. ■...

  • Page 313: Rate-Limiting

    Port Traffic Controls Rate-Limiting Rate-Limiting Feature Default Menu rate-limit all none page 13-3 show rate-limit all page 13-5 All Traffic Rate-Limiting Rate-limiting for all traffic operates on a per-port basis to allow only the specified bandwidth to be used for inbound or outbound traffic. When traffic exceeds the configured limit, it is dropped.
  • Page 314 Configuring a rate limit of 0 (zero) on a port blocks all traffic on that port. However, if this is the desired behavior on the port, ProCurve recommends using the < port-list > disable command instead of configuring a rate limit of 0.

  • Page 315: Displaying The Current Rate-Limit Configuration

    This command operates the same way in any CLI context. For example, if you wanted to view the rate-limiting configuration: ProCurve(config)# show rate-limit all Inbound Rate Limit Maximum % Port | Limit...
  • Page 316 Port Traffic Controls Rate-Limiting Rate-limiting is visible as an outbound forwarding rate: Because ■ inbound rate-limiting is performed on packets during packet-processing, it is not shown via the inbound drop counters. Instead, this limit is verifiable as the ratio of outbound traffic from an inbound rate-limited port versus the inbound rate.
  • Page 317 Port Traffic Controls Rate-Limiting Note on Testing Rate-limiting is applied to the available bandwidth on a port, and not to any Rate-Limiting specific applications running through the port. If the total bandwidth requested by all applications is less than the configured maximum rate, then no rate-limit can be applied.

  • Page 318: Jumbo Frames

    Port Traffic Controls Jumbo Frames Jumbo Frames Feature Default Menu display VLAN jumbo status — 13-11 — configure jumbo VLANs Disabled — 13-13 — The Maximum Transmission Unit (MTU) is the maximum size IP frame the switch can receive for Layer 2 frames inbound on a port. The switch drops any inbound frames larger than the MTU allowed on the port.

  • Page 319: Operating Rules

    Port Traffic Controls Jumbo Frames Operating Rules Required Port Speed: This feature allows inbound and outbound jumbo ■ frames on ports operating at speeds of 1 gigabit or higher. At lower port speeds, only standard (1522-byte or smaller) frames are allowed, regard­ less of the jumbo configuration.

  • Page 320: Configuring Jumbo Frame Operation

    Port Traffic Controls Jumbo Frames Configuring Jumbo Frame Operation Command Page show vlans 13-11 show vlans ports < port-list > 13-12 show vlans < vid > 13-13 jumbo 13-13 jumbo max-frame-size 13-13 Overview 1. Determine the VLAN membership of the ports or trunks through which you want the switch to accept inbound jumbo traffic.

  • Page 321: Viewing The Current Jumbo Configuration

    Port Traffic Controls Jumbo Frames Viewing the Current Jumbo Configuration Syntax: show vlans Lists the static VLANs configured on the switch and includes a Jumbo column to indicate which VLANs are configured to support inbound jumbo traffic. All ports belonging to a jumbo-enabled VLAN can receive jumbo traffic.
  • Page 322 Port Traffic Controls Jumbo Frames Indicates which static VLANs are configured to enable jumbo frames. Figure 13-3. Example of Listing the VLAN Memberships for a Range of Ports Syntax: show vlans < vid > This command shows port membership and jumbo configuration for the specified <...

  • Page 323: Enabling Or Disabling Jumbo Traffic On A Vlan

    Port Traffic Controls Jumbo Frames Enabling or Disabling Jumbo Traffic on a VLAN Syntax: vlan < vid > jumbo [ no ] vlan < vid > jumbo Configures the specified VLAN to allow jumbo frames on all ports on the switch that belong to that VLAN. If the VLAN is not already configured on the switch, vlan <...

  • Page 324: Configuring Ip Mtu

    Port Traffic Controls Jumbo Frames Configuring IP MTU N o t e The following feature is available on the switches covered in this guide. Jumbos support is required. On switches that do not support this command, the IP MTU value is derived from the maximum frame size and is not config­ urable.

  • Page 325: Displaying The Maximum Frame Size

    VLANs of which the port is a member are not enabled for Jumbo support. Operating Notes for Jumbo Traffic-Handling ProCurve does not recommend configuring a voice VLAN to accept jumbo ■ frames. Voice VLAN frames are typically small, and allowing a voice VLAN to accept jumbo frame traffic can degrade the voice transmission perfor­...
  • Page 326 Port Traffic Controls Jumbo Frames When the switch applies the default MTU (1522-bytes) to a VLAN, all ports ■ in the VLAN can receive incoming frames of up to 1522 bytes in length. When the switch applies the jumbo MTU (9220 bytes) to a VLAN, all ports in that VLAN can receive incoming frames of up to 9220 bytes in length.
  • Page 327 In this regard, if a mesh domain includes any ProCurve 1600M/2400M/2424M/4000M/8000M switches along with the switches covered in this guide configured to support jumbo traffic, only the switches covered in this guide will receive jumbo frames.

  • Page 328: Troubleshooting

    Port Traffic Controls Jumbo Frames Troubleshooting A VLAN is configured to allow jumbo frames, but one or more ports drops all inbound jumbo frames. The port may not be operating at 1 giga­ bit or higher. Regardless of a port’s configuration, if it is actually operating at a speed lower than 1 gigabit, it drops inbound jumbo frames.

  • Page 329: Contents

    Configuring for Network Management Applications Contents Using SNMP Tools To Manage the Switch ..... . 14-3 Overview ..........14-3 SNMP Management Features .
  • Page 330 Configuring for Network Management Applications Contents Terminology ......... . 14-33 Configuring sFlow .

  • Page 331: Using Snmp Tools To Manage The Switch

    Overview You can manage the switch via SNMP from a network management station running an application such as ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+). For more on PCM and PCM+, visit the ProCurve Networking web site at: www.procurve.com Click on products index in the sidebar, then click on the appropriate link appearing under the Network Management heading.

  • Page 332: Snmp Management Features

    HP OpenView, you can ensure that it is using the latest version of the MIB file by downloading the file to the OpenView database. To do so, go to the ProCurve Networking web site at: www.procurve.com Click on software updates, then MIBs.

  • Page 333: Configuring For Snmp Version 3 Access To The Switch

    C a u t i o n For ProCurve Manager (PCM) version 1.5 or earlier (or any TopTools version), deleting the “public” community disables some network management functions (such as traffic monitoring, SNMP trap generation, and threshold setting).

  • Page 334: Snmp Version 3 Commands

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Version 3 Commands SNMP version 3 (SNMPv3) adds some new commands to the CLI for configuring SNMPv3 functions. To enable SMNPv3 operation on the switch, use the snmpv3 enable command. An initial user entry will be generated with MD5 authentication and DES privacy.

  • Page 335: Enabling Snmpv3

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Enabling SNMPv3 The snmpv3 enable command allows the switch to: ■ Receive SNMPv3 messages. ■ Configure initial users. Restrict non-version 3 messages to “read only” (optional). ■ Figure 14-1 shows an example of how to use the snmpv3 enable command. N o t e : To create new users, most SNMPv3 management software requires an initial S N M P...
  • Page 336 Add user Network Admin with ProCurve(config)# snmpv3 user NetworkAdmin no authentication or privacy. ProCurve(config)# snmpv3 user NetworkMgr auth md5 authpass priv privpass Privacy is enabled and the Add user Network Mgr with MD5 authentication is enabled and password is set to “privpass”.
  • Page 337 This example displays information about the management stations configured on VLAN 1 to access the switch. ProCurve# configure terminal ProCurve(config)# vlan 1 ProCurve(vlan-1)# show snmpv3 user Status and Counters - SNMPv3 Global Configuration Information Auth. Protocol Privacy Protocol User Name...
  • Page 338 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Assigning Users to Groups. Then you must set the group access level for the user by assigning the user to a group. This is done with the snmpv3 group command.

  • Page 339: Group Access Levels

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Group Access Levels The switch supports eight predefined group access levels. There are four levels for use with version 3 users and four are used for access by version 2c or version 1 management applications.
  • Page 340 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: [no] snmpv3 community This command maps or removes a mapping of a community name to a group access level. To remove a mapping you, only need to specify the index_name parameter.

  • Page 341: Communities

    C a u t i o n For ProCurve Manager (PCM) version 1.5 or earlier (or any TopTools version), deleting the “public” community disables some network management functions (such as traffic monitoring, SNMP trap generation, and threshold setting).
  • Page 342 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Note: This screen gives an overview of the SNMP communities that are currently Add and Edit options are configured. All fields in used to modify the SNMP this screen are read- options.

  • Page 343: Cli: Viewing And Configuring Snmp Community Names

    Figure 14-8. Example of the SNMP Community Listing with Two Communities To list the data for only one community, such as the “public” community, use the above command with the community name included. For example: ProCurve# show snmp-server public 14-15...
  • Page 344 (Access to all MIB objects (read-only) except the CONFIG MIB.) ProCurve(config)# snmp-server community red-team manager unrestricted ProCurve(config)# snmp-server community blue-team operator restricted To eliminate a previously configured community named "gold-team": ProCurve(config) # no snmp-server community gold-team 14-16...

  • Page 345: Snmp Notifications

    ■ In addition, you can enable the switch to send the following types of notifications to configured trap receivers. For information on how to configure each notification, refer to the ProCurve software guide under which the notification is listed. ■...

  • Page 346: General Steps For Configuring Snmp Notifications

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Advance Traffic Management Guide: ■ • Loop protection • Spanning Tree (STP, RSTP, MSTP) Access Security Guide: ■ • MAC lockdown • MAC lockout • Uni-Directional Link Detection (UDLD) General Steps for Configuring SNMP Notifications To configure SNMP notifications, follow these general steps: 1. Determine the versions of SNMP notifications that you want to use in your...

  • Page 347: Snmpv1 And Snmpv2C Traps

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMPv1 and SNMPv2c Traps The switches covered in this guide support the following functionality from earlier SNMP versions (SNMPv1 and SNMPv2c): ■ Trap receivers: A trap receiver is a management station to which the switch sends SNMP traps and (optionally) event log messages sent from the switch.
  • Page 348 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: snmp-server host <ipv4-addr | ipv6-addr> <community name> Configures a destination network management station to receive SNMPv1/v2c traps, and (optionally) event log messages sent as traps from the switch, using the specified community name and destination IPv4 or IPv6 address.

  • Page 349: Enabling Snmpv2C Informs

    For example, to configure a trap receiver in a community named "red-team" with an IP address of 10.28.227.130 to receive only "critical" event log messages, you can enter the following command: ProCurve(config)# snmp-server host 10.28.227.130 red-team critical N o t e s To replace one community name with another for the same IP address, you must first enter the no snmp-server host <...
  • Page 350 N o t e The retries and timeout values are not used to send trap requests. To verify the configuration of SNMPv2c informs, enter the show snmp-server command: ProCurve(config)# show snmp-server SNMP Communities Community Name MIB View Write Access ---------------- -------- ------------...

  • Page 351: Configuring Snmpv3 Notifications

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring SNMPv3 Notifications The SNMPv3 notification process allows messages that are passed via SNMP between the switch and a network management station to be authenticated and encrypted. To configure SNMPv3 notifications, follow these steps: 1. Enable SNMPv3 operation on the switch by entering the snmpv3 enable command (see “SNMP Version 3 Commands”...
  • Page 352 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch 5. Configure the target address of the SNMPv3 management station to which SNMPv3 informs and traps are sent by entering the snmpv3 targetaddress command. Syntax: [no] snmpv3 targetaddress < ipv4-addr | ipv6-addr> < name > Configures the IPv4 or IPv6 address, name, and configuration filename of the SNMPv3 management station to which notification messages are sent.
  • Page 353 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: [no] snmpv3 targetaddress < ipv4-addr | ipv6-addr> < name > —Continued— [timeout < value >] (Optional) Time (in millisecond increments) allowed to receive a response from the target before notification packets are retransmitted.

  • Page 354: Managing Network Security Notifications

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch An example of how to configure SNMPv3 notification is shown here: Params _name value in the snmpv3 targetaddress command The tag _name value in snmpv3 notify command matches the matches the params _name value in the snmpv3 params tag _name value in the snmpv3 targetaddress command.
  • Page 355 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch To enable or disable notification/traps for network security failures and other security events, enter the snmp-server enable traps command. Syntax: [no] snmp-server enable traps [snmp-auth | password-change-mgr | login- failure-mgr | port-security | auth-server-fail | dhcp-snooping | arp-protect] Enables or disables sending one of the security notification types listed below to configured trap receivers.

  • Page 356: Enabling Link-Change Traps

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch ProCurve(config)# show snmp-server traps Link-change trap setting Trap Receivers Link-Change Traps Enabled on Ports [All] : A1-A24 Traps Category Current Status ------------------------------ ------------------------- - : Extended SNMP Authentication...

  • Page 357: Configuring The Source Ip Address For Snmp Notifications

    For example, to use the IP address of the destination interface on which an SNMP request was received as the source IP address in the IP header of SNMP traps and replies, enter the following command: ProCurve(config)# snmp-server response-source dst-ip-of-request 14-29...
  • Page 358 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch To configure the switch to use a specified source IP address in generated trap PDUs, enter the snmp-server trap-source command. Syntax: [no] snmp-server trap-source [<ipv4-addr > | loopback<0-7>] Specifies the source IP address to be used for a trap PDU.

  • Page 359: Displaying Snmp Notification Configuration

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch ProCurve_8212(config)# show snmp-server SNMP Communities Community Name MIB View Write Access ---------------- -------- ----------- - public Manager Unrestricted Trap Receivers Link-Change Traps Enabled on Ports [All] : All Excluded MIBs dstIpOfRequest: The Snmp Response Pdu Source-IP Information...
  • Page 360 In the following example, the show snmp-server command output shows that the switch has been configured to send SNMP traps and notifications to management stations that belong to the “public”, “red-team”, and “blue-team” communities. ProCurve(config)# show snmp-server SNMP Communities SNMP Community configuration...

  • Page 361: Advanced Management: Rmon

    Event groups from the ProCurve Manager network management software. For more on ProCurve Manager, visit the ProCurve Networking web site at www.procurve.com Click on products index, then look for the ProCurve Manager topic under the Network Manager bar. CLI-Configured sFlow with Multiple Instances Up to three distinct sFlow instances can be configured via the CLI.

  • Page 362: Configuring Sflow

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring sFlow The following sFlow commands allow you to configure sFlow instances via the CLI. Syntax: [no] sflow <receiver-instance> destination <ip-address> [udp-port-num] Enables an sFlow receiver/destination. The receiver-instance number must be a 1, 2, or 3.
  • Page 363 Agent Address 10.0.10.228 Figure 14-14. Example of Viewing sFlow Agent Information The show sflow <instance> destination command includes information about the management-station’s destination address, receiver port, and owner. ProCurve# show sflow 2 destination Destination Instance sflow Enabled Datagrams Sent Destination Address 10.0.10.41...
  • Page 364 You can specify a list or range of ports for which to view sampling information. ProCurve# show sflow 2 sampling-polling A1-A4 Number denotes the sampling/polling instance to which the receiver is coupled.

  • Page 365: Lldp (Link-Layer Discovery Protocol)

    CDP as documented in this manual. For the latest information on your switch model, consult the Release Notes (available on the ProCurve Networking web site). If LLDP has not yet been implemented (or if you are running an older version of software), consult a previous version of the Management and Configuration Guide for device discovery details.

  • Page 366: Terminology

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP-MED (LLDP Media Endpoint Discovery): Provides an extension to LLDP and is designed to support VoIP deployments. N o t e LLDP-MED is an extension for LLDP, and the switch requires that LLDP be enabled as a prerequisite to LLDP-MED operation.
  • Page 367 PD (Powered Device): This is an IEEE 802.3af-compliant device that receives its power through a direct connection to a 10/100Base-TX PoE RJ-45 port in a ProCurve fixed-port or chassis-based switch. Examples of PDs include Voice-over-IP (VoIP) telephones, wireless access points, and remote video cameras.

  • Page 368: General Lldp Operation

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) TLV (Type-Length-Value): A data unit that includes a data type field, a data unit length field (in bytes), and a field containing the actual data the unit is designed to carry (as an alphanumeric string, a bitmap, or a subgroup of information).

  • Page 369: Configuration Options

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Configuration Options Enable or Disable LLDP on the Switch. In the default configuration, LLDP is globally enabled on the switch. To prevent transmission or receipt of LLDP traffic, you can disable LLDP operation (page 14-41) Enable or Disable LLDP-MED.
  • Page 370 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) SNMP Notification. You can enable the switch to send a notification to any configured SNMP trap receiver(s) when the switch detects a remote LLDP data change on an LLDP-enabled port (page 14-51). Per-Port (Outbound) Data Options.

  • Page 371: Options For Reading Lldp Information Collected By The Switch

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Data Type Configuration Default Description Options System capabilities Enable/Disable Enabled Identifies the primary switch functions that are enabled, 5, 6 enabled such as routing. The Packet Time-to-Live value is included in LLDP data packets. (Refer to “Changing the Time-to-Live for Transmitted Advertisements”...

  • Page 372: Lldp And Lldp-Med Standards Compatibility

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP and LLDP-MED Standards Compatibility The operation covered by this section is compatible with these standards: ■ IEEE P802.1AB RFC 2922 (PTOPO, or Physical Topology MIB) ■ RFC 2737 (Entity MIB) ■...

  • Page 373: Configuring Lldp Operation

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) advertisements. Attempting to use the CLI to configure LLDP with an IP address that is either not configured on a VLAN, or has been acquired by DHCP or Bootp results in the following error message. xxx.xxx.xxx.xxx: This IP address is not configured or is a DHCP address.

  • Page 374: Viewing The Current Configuration

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Viewing the Current Configuration Displaying the Global LLDP, Port Admin, and SNMP Notification Status. This command displays the switch’s general LLDP configuration status, including some per-port information affecting advertisement traffic and trap notifications. Syntax show lldp config Displays the LLDP global configuration, LLDP port status, and SNMP notification status.

  • Page 375: Configuring Global Lldp Packet Controls

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying Port Configuration Details. This command displays the port- specific configuration, including. Syntax show lldp config < port-list > Displays the LLDP port-specific configuration for all ports in < port-list >, including which optional TLVs and any non-default IP address that are included in the port’s outbound advertisements.
  • Page 376 (Default: Enabled) For example, to disable LLDP on the switch: ProCurve(config)# no lldp run Changing the Packet Transmission Interval. This interval controls how often active ports retransmit advertisements to their neighbors. Syntax lldp refresh-interval < 5 - 32768 >...
  • Page 377 2, which would result in a Time-to- Live of 30 seconds. ProCurve(config)# lldp holdtime-multiplier 2 Changing the Delay Interval Between Advertisements Generated by Value or Status Changes to the LLDP MIB. The switch uses a delay- interval setting to delay transmitting successive advertisements resulting from these LLDP MIB changes.
  • Page 378 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax setmib lldpTxDelay.0 -i < 1 - 8192 > Uses setmib to change the minimum time (delay-interval) any LLDP port will delay advertising successive LLDP advertisements due to a change in LLDP MIB content. (Default: 2;...

  • Page 379: Configuring Snmp Notification Support

    (Default: 2 seconds; Range: 1 - 10 seconds) For example, the following command changes the reinitialization delay interval to five seconds: ProCurve(config)# setmib lldpreinitdelay.0 -i 5 Configuring SNMP Notification Support You can enable SNMP trap notification of LLDP data changes detected on advertisements received from neighbor devices, and control the interval between successive notifications of data changes on the same neighbor.

  • Page 380: Configuring Per-Port Transmit And Receive Modes

    (Default: 5 seconds) For example, the following command limits change notification traps from a particular switch to one per minute. ProCurve(config)# setmib lldpnotificationinterval.0 -i 60 lldpNotificationInterval.0 = 60 Configuring Per-Port Transmit and Receive Modes These commands control advertisement traffic inbound and outbound on active ports.

  • Page 381: Configuring Basic Lldp Per-Port Advertisement Content

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Configuring Basic LLDP Per-Port Advertisement Content In the default LLDP configuration, outbound advertisements from each port on the switch include both mandatory and optional data. Mandatory Data. An active LLDP port on the switch always includes the mandatory data in its outbound advertisements.
  • Page 382 10.10.10.100 and you wanted port 3 to use this secondary address in LLDP advertisements, you would need to execute the following command: ProCurve(config)# lldp config 3 ipAddrEnable 10.10.10.100 Optional Data. You can configure an individual port or group of ports to exclude one or more of these data types from outbound LLDP advertisements.

  • Page 383: Advertisements

    For example, if you wanted to exclude the system name TLV from the outbound LLDP advertisements for all ports on a switch, you would use this command: ProCurve(config)# no lldp config 1-24 basicTlvEnable system_name If you later decided to reinstate the system name TLV on ports 1-5, you would...

  • Page 384: Lldp-Med (Media-Endpoint-Discovery)

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax: [ no ] lldp config < port-list > dot3TlvEnable macphy_config For outbound advertisements, this TLV includes the (local) switch port’s current speed and duplex settings, the range of speed and duplex settings the port supports, and the method required for reconfiguring the speed and duplex settings on the device (auto-negotiation during link initialization, or manual configuration).
  • Page 385 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Power over Ethernet (PoE) status and troubleshooting support via ■ SNMP support for IP telephony network troubleshooting of call quality ■ issues via SNMP This section describes how to configure and use LLDP-MED features in the switches to support VoIP network edge devices (Media Endpoint Devices) such as: ■...
  • Page 386 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) able to use the following network policy elements configured on the ■ client port • v oice VLAN ID • 802.1p (Layer 2) QoS • Diffserv codepoint (DSCP) (Layer 3) QoS discover and advertise device location data learned from the switch ■...

  • Page 387: Lldp-Med Topology Change Notification

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Class 3 (Communication Devices): These devices are typically IP ■ phones or end-user devices that otherwise support IP media and offer all Class 1 and Class 2 features, plus location identification and emergency 911 capability, Layer 2 switch support, and device infor­...
  • Page 388 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax: lldp top-change-notify < port-list > Topology change notification, when enabled on an LLDP port, causes the switch to send an SNMP trap if it detects LLDP­ MED endpoint connection or disconnection activity on the port, or an age-out of the LLDP-MED neighbor on the port.

  • Page 389: Lldp-Med Fast Start Control

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP-MED Fast Start Control Syntax: lldp fast-start-count < 1 - 10 > An LLDP-MED device connecting to a switch port may use the data contained in the MED TLVs from the switch to configure itself.
  • Page 390 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) N o t e LLDP-MED operation requires the macphy_config TLV subelement—enabled by default—that is optional for IEEE 802.1AB LLDP operation. Refer to the dot3TlvEnable macphy_config command on page 14-56. Network Policy Advertisements. Network policy advertisements are intended for real-time voice and video applications, and include these TLV subelements: ■...
  • Page 391 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) N o t e s A codepoint must have an 802.1p priority before you can configure it for use in prioritizing packets by VLAN-ID. If a codepoint you want to use shows No Override in the Priority column of the DSCP policy table (display with show qos­...
  • Page 392 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) network-policy This TLV enables the switch port to advertise its configured network policies (voice VLAN, Layer 2 QoS, Layer 3 QoS), and allows LLDP-MED endpoint devices to auto-configure the voice network policy advertised by the switch.

  • Page 393: Configuring Location Data For Lldp-Med Devices

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) PoE Advertisements. These advertisements inform an LLDP-MED endpoint of the power (PoE) configuration on switch ports. Similar advertisements from an LLDP-MED endpoint inform the switch of the endpoint’s power needs and provide information that can be used to identify power priority mismatches.
  • Page 394 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ELIN (Emergency Location Identification Number): an emergency ■ number typically assigned to MLTS (Multiline Telephone System Opera­ tors) in North America ■ coordinate-based location: attitude, longitude, and altitude informa­ tion (Requires configuration via an SNMP application.) Syntax: [ no ] lldp config <...
  • Page 395 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) — Continued— Type/Value Pairs ( CA-TYPE CA-VALUE ): This is a series of data pairs, each composed of a location data “type” specifier and the corresponding location data for that type. That is, the first value in a pair is expected to be the civic address “type”...
  • Page 396 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note: A switch port allows one instance of any given CA­ TYPE. For example, if a type/value pair of 6 Atlantic (to specify “Atlantic” as a street name) is configured on port A5 and later another type/value pair of 6 Pacific is configured on the same port, then Pacific replaces Atlantic in the civic address location configured for port A5.
  • Page 397 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Table 14-4. Some Location Codes Used in CA-TYPE Fields* Location Element Code Location Element Code national subdivision street number regional subdivision additional location data city or township unit or apartment city subdivision floor street room number...

  • Page 398: Displaying Advertisement Data

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Figure 14-21 shows the commands for configuring and displaying the above data. Figure 14-21. Example of a Civic Address Configuration Displaying Advertisement Data Command Page show lldp info local-device below walkmib lldpXdot3LocPortOperMauType show lldp info remote-device 14-73 walkmib lldpXdot3RemPortAutoNegAdvertisedCap...

  • Page 399: Advertisements

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying Switch Information Available for Outbound Advertisements These commands display the current switch information that will be used to populate outbound LLDP advertisements. Syntax show lldp info local-device [ port-list ] Without the [ port-list ] option, this command displays the global switch information and the per-port information currently available for populating outbound LLDP advertisements.
  • Page 400 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) The Management Address field displays only the LLDP-configurable IP addresses on the switch. (Only manually-configured IP addresses are LLDP-configurable.) If the switch has only an IP address from a DHCP or Bootp server, then the Management Address field is empty (because there are no LLDP­...
  • Page 401 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) information on displaying the currently configured port speed and duplex on an LLDP-MED endpoint, refer to “Displaying the Current Port Speed and Duplex Configuration on a Switch Port” on page 14-72. Syntax: show interfaces brief <...
  • Page 402 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Figure 14-24. Example of a Global Listing of Discovered Devices Indicates the policy configured on the telephone. A configuration mismatch occurs if the supporting port is configured differently. Figure 14-25. Example of an LLLDP-MED Listing of an Advertisement Received From an LLDP-MED (VoIP Telephone) Source 14-74...

  • Page 403: Displaying Lldp Statistics

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying LLDP Statistics LLDP statistics are available on both a global and a per-port levels. Rebooting the switch resets the LLDP statistics counters to zero. Disabling the transmit and/or receive capability on a port “freezes” the related port counters at their current values.
  • Page 404 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) — Continued — Per-Port LLDP Counters: NumFramesRecvd: Shows the total number of valid, inbound LLDP advertisements received from any neighbor(s) on < port- list >. Where multiple neighbors are connected to a port through a hub, this value is the total number of LLDP advertisements received from all sources.

  • Page 405: Lldp Operating Notes

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Counters showing frames sent on a port but no frames received on that port indicates an active link with a device that either has LLDP disabled on the link or is not LLDP- aware.
  • Page 406 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP Packet Forwarding: An 802.1D-compliant switch does not forward LLDP packets, regardless of whether LLDP is globally enabled or disabled on the switch. One IP Address Advertisement Per-Port: LLDP advertises only one IP address per-port, even if multiple IP addresses are configured by lldp config <...

  • Page 407: Lldp And Cdp Data Management

    LLDP packets received from neighbor devices. CDP operation is limited to reading incoming CDP packets from neighbor devices. (ProCurve switches do not generate CDP packets.) LLDP and CDP Neighbor Data With both LLDP and (read-only) CDP enabled on a switch port, the port can read both LLDP and CDP advertisements, and stores the data from both types of advertisements in its neighbor database.
  • Page 408 Neighbors database. N o t e Because ProCurve switches do not generate CDP packets, they are not represented in the CDP data collected by any neighbor devices running CDP. A switch with CDP disabled forwards the CDP packets it receives from other devices, but does not store the CDP information from these packets in its own MIB.

  • Page 409: Cdp Operation And Commands

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Protocol State Packet Inbound Data Management Inbound Packet Forwarding Generation CDP Enabled Store inbound CDP data. No forwarding of inbound CDP packets. CDP Disabled No storage of CDP data from Floods inbound CDP packets neighbor devices.
  • Page 410 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Command Page show cdp 14-82 show cdp neighbors [< port-list > detail] 14-83 [detail < port-list >] [no] cdp run 14-84 [no] cdp enable < port-list > 14-84 N o t e For details on how to use an SNMP utility to retrieve information from the switch’s CDP Neighbors table maintained in the switch’s MIB (Management Information Base), refer to the documentation provided with the particular...
  • Page 411 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Viewing the Switch’s Current CDP Neighbors Table. Devices are listed by the port on which they were detected. Syntax: show cdp neighbors Lists the neighboring CDP devices the switch detects, with a subset of the information collected from the device’s CDP packet.
  • Page 412 Disabling CDP on a port causes it to drop inbound CDP packets without recording their data in the CDP Neighbors table. Syntax: [no] cdp enable < [e] port-list > For example, to disable CDP on port A1: ProCurve(config)# no cdp enable a1 14-84...

  • Page 413: Contents

    File Transfers Contents Overview ........... . A-3 Downloading Switch Software .
  • Page 414 File Transfers Contents USB: Copying a Software Image to a USB Device ... A-25 Transferring Switch Configurations ......A-26 TFTP: Copying a Configuration File to a Remote Host .

  • Page 415: Overview

    ProCurve periodically provides switch software updates through the Pro- Curve Networking web site. For more information, refer to the support and warranty booklet shipped with the switch, or visit www.procurve.com and click on software updates. After you acquire a new software version, you can use...

  • Page 416: General Software Download Rules

    A software version for the switch has been stored on a TFTP server accessible to the switch. (The software file is typically available from the ProCurve Networking web site at www.procurve.com.) The switch is properly connected to your network and has already been ■...

  • Page 417: Menu: Tftp Download From A Server To Primary Flash

    File Transfers Downloading Switch Software Menu: TFTP Download from a Server to Primary Flash Note that the menu interface accesses only the primary flash. 1. In the console Main Menu, select Download OS to display the screen in figure A-1. (The term “OS”, or “operating system” refers to the switch software): Figure A-1.
  • Page 418 File Transfers Downloading Switch Software A “progress” bar indicates the progress of the download. When the entire software file has been received, all activity on the switch halts and you will see Validating and writing system software to FLASH... 7. After the primary flash memory has been updated with the new software, you must reboot the switch to implement the newly downloaded software.

  • Page 419: Cli: Tftp Download From A Server To Flash

    For descriptions of individual Event Log messages, refer to the latest ■ version of the Event Log Message Reference Guide for your switch, available on the ProCurve website. (See also “Getting Documentation From the Web” on page 1-6.) Some of the causes of download failures include: Incorrect or unreachable address specified for the TFTP Server parameter.
  • Page 420 File Transfers Downloading Switch Software For example, to download a switch software file named k0800.swi from a TFTP server with the IP address of 10.28.227.103 to primary flash: 1. Execute copy as shown below: This message means that the image you Dynamic counter continually displays the want to upload will replace the image number of bytes transferred.

  • Page 421: Using Secure Copy And Sftp

    As described earlier in this chapter you can use a TFTP client on the admin­ istrator workstation to update software images. This is a plain text mechanism and it connects to a standalone TFTP server or another ProCurve switch acting as a TFTP server to obtain the software image file(s). Using SCP and SFTP allows you to maintain your switches with greater security.

  • Page 422: How It Works

    2. To enable secure file transfer on the switch (once you have an SSH session established between the switch and your computer), open a terminal window and type in the following command: ProCurve(config)# ip ssh filetransfer A-10...

  • Page 423: Disable Tftp And Auto-Tftp For Enhanced Security

    Disable TFTP and Auto-TFTP for Enhanced Security Using the ip ssh filetransfer command to enable Secure FTP (SFTP) automat­ ically disables TFTP and auto-TFTP (if either or both are enabled). ProCurve(config)# ip ssh filetransfer Enabling SFTP automatically disables TFTP Tftp and auto-tftp have been disabled.
  • Page 424 File Transfers Downloading Switch Software Enables/Disables TFTP. Note: If SFTP is enabled, this field will be set to No. You cannot use this field to enable TFTP if SFTP is enabled. Attempting to do so produces an Inconsistent value message in the banner below the Actions line. Figure A-6.

  • Page 425: Command Options

    As a matter of policy, administrators should not enable the SSHv1-only or the SSHv1-or-v2 advertisement modes. SSHv1 is supported on only some legacy switches (such as the ProCurve Series 2500 switches). To confirm that SSH is enabled type in the command...

  • Page 426: Authentication

    File Transfers Downloading Switch Software Authentication Switch memory allows up to ten public keys. This means the authentication and encryption keys you use for your third-party client SCP/SFTP software can differ from the keys you use for the SSH session, even though both SCP and SFTP use a secure SSH tunnel.
  • Page 427 File Transfers Downloading Switch Software All files have read-write permission. Several SFTP commands, such as ■ create or remove, are not allowed and return an error message. The switch displays the following files: +---cfg running-config startup-config +---log crash-data crash-data-a crash-data-b crash-data-c “...

  • Page 428: Troubleshooting Ssh, Sftp, And Scp Operations

    File Transfers Downloading Switch Software Troubleshooting SSH, SFTP, and SCP Operations You can verify secure file transfer operations by checking the switch’s event log, or by viewing the error messages sent by the switch that most SCP and SFTP clients will print out on their console. N o t e Messages that are sent by the switch to the client depend on the client software in use to display them on the user console.

  • Page 429: A Pc Or Unix Workstation

    File Transfers Downloading Switch Software Received disconnect from 10.0.12.31: 2: Wait for previous session to complete lost connection Attempt to Start a Second Session. The switch supports only one SFTP session or one SCP session at a time. If a second session is initiated (for example, an SFTP session is running and then an SCP session is attempted), then the following error message may appear on the client console: Received disconnect from 10.0.12.31: 2: Other SCP/SFTP...

  • Page 430: Primary Or Secondary Flash

    File Transfers Downloading Switch Software 5. Press and then execute the terminal emulator command(s) to begin [Enter] Xmodem binary transfer. For example, using HyperTerminal: a. Click on Transfer, then Send File. b. Type the file path and name in the Filename field. c. In the Protocol field, select Xmodem.

  • Page 431: Using Usb To Transfer Files To And From The Switch

    (For more on these commands, see “Rebooting the Switch” on page 6-18.) 4. To confirm that the software downloaded correctly: ProCurve> show system Check the Firmware revision line. It should show the software version that you downloaded in the preceding steps.

  • Page 432: Using Usb To Download Switch Software

    This procedure assumes that: ■ A software version for the switch has been stored on a USB flash drive. (The latest software file is typically available from the ProCurve Network­ ing web site at www.procurve.com.) ■ The USB device has been plugged into the switch’s USB port.

  • Page 433: Switch-To-Switch Download

    File Transfers Downloading Switch Software For example, to copy a switch software file named k0800.swi from a USB device to primary flash: 1. Execute copy as shown below: This message means that the image you want to upload will replace the image currently in primary flash.

  • Page 434: Menu: Switch-To-Switch Download To Primary Flash

    File Transfers Downloading Switch Software Menu: Switch-to-Switch Download to Primary Flash Using the menu interface, you can download a switch software file from either the primary or secondary flash of one switch to the primary flash of another switch of the same series. 1. From the switch console Main Menu in the switch to receive the down­...

  • Page 435: Cli: Switch-To-Switch Downloads

    File Transfers Downloading Switch Software CLI: Switch-To-Switch Downloads Where two switches in your network belong to the same series, you can download a software image between them by initiating a copy tftp command from the destination switch. The options for this CLI feature include: ■...

  • Page 436: Using Pcm+ To Update Switch Software

    Figure A-9. Switch-to-Switch, from Either Flash in Source to Either Flash in Destination Using PCM+ to Update Switch Software ProCurve Manager Plus includes a software update utility for updating on ProCurve switch products. For further information, refer to the Getting Started Guide and the Administrator’s Guide, provided electronically with the application.

  • Page 437: Usb: Copying A Software Image To A Usb Device

    For example, to copy the primary flash to a TFTP server having an IP address of 10.28.227.105: ProCurve# copy flash tftp 10.28.227.105 k0800.swi where k0800.swi is the filename given to the flash image being copied. Xmodem: Copying a Software Image from the Switch to a...

  • Page 438: Transferring Switch Configurations

    File Transfers Transferring Switch Configurations where k0800.swi is the name given to the primary flash image that is copied from the switch to the USB device. Transferring Switch Configurations Transfer Features Feature Page Use TFTP to copy from a remote host to a config file. A-27 Use TFTP to copy a config file to a remote host.

  • Page 439: Tftp: Copying A Configuration File From A Remote Host

    This list contains commands to display data such as the image stamp, running configuration, boot history, port settings, and so Syntax: copy tftp show-tech <ipv4 or ipv6 address> <filename> Copy a customized command file to the switch. ProCurve(config)# copy tftp show-tech 10.10.10.3 commandfile1 A-27...

  • Page 440: Xmodem: Copying A Configuration File To A Serially Connected Pc Or Unix Workstation

    For example, you can include the command show tech all. If no custom file is found, a message displays stating “No SHOW-TECH file found.” ProCurve# show tech custom No custom file was uploaded with the copy tftp show- No SHOW-TECH file found.

  • Page 441: Xmodem: Copying A Configuration File From A Serially Connected Pc Or Unix Workstation

    File Transfers Transferring Switch Configurations 1. Determine the file name and directory location on the PC. 2. Execute the following command: 3. After you see the above prompt, press [Enter] 4. Execute the terminal emulator commands to begin the file transfer. Xmodem: Copying a Configuration File from a Serially Connected PC or UNIX Workstation To use this method, the switch must be connected via the serial port to a PC...

  • Page 442: Usb: Copying A Configuration File To A Usb Device

    For example, to copy the startup configuration file to a USB flash drive: Insert a USB device into the switch’s USB port. Execute the following command: Procurve# copy startup-config usb procurve-config where procurve-config is the name given to the configuration file that is copied from the switch to the USB device. A-30...

  • Page 443: Usb: Copying A Configuration File From A Usb Device

    1. Insert a USB device into the switch’s USB port. 2. Execute the following command: Procurve# copy usb startup-config procurve-config where procurve-config is the name of the file to copy. 3. At the prompt, press [Enter] to reboot the switch and implement the newly downloaded software.
  • Page 444 2. Copied the file to a TFTP server at 18.38.124.16. Using a PC workstation, you then execute the following from the CLI to upload the file to the switch and implement the ACL commands it contains: ProCurve(config)# copy tftp command-file 18.38.124.16 vlan10_in.txt pc The switch displays this message:...

  • Page 445: Xmodem: Uploading An Acl Command File From A Serially Connected Pc Or Unix Workstation

    File Transfers Transferring ACL Command Files This message indicates that “show running” command just above it is not an ACL command and will be ignored by the switch. Manually executing show running from the CLI indicates that the file was implemented, creating ACL 155 in the switch’s running configuration.
  • Page 446 Using a PC workstation, you then execute the following from the CLI to upload the file to the switch and implement the ACL commands it contains: ProCurve(config)# copy usb command-file vlan10_in.txt pc The switch displays this message: Running configuration may change, do you want to continue...

  • Page 447: Copying Diagnostic Data To A Remote Host, Usb Device, Pc Or Unix Workstation

    File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation You can use the CLI to copy the following types of switch data to a text file in a destination device: Command Output: Sends the output of a switch CLI command as a file on ■...

  • Page 448: Copying Event Log Output To A Destination Device

    File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation At this point, press [Enter] and start the Xmodem command sequence in your terminal emulator. Indicates the operation is finished. Figure A-13. Example of Sending Command Output to a File on an Attached PC N o t e The command you specify must be enclosed in double-quote marks.

  • Page 449: Copying Crash Log Data Content To A Destination Device

    File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation Syntax: copy crash-data [<slot-id> | master] tftp <ip-address> <filename> copy crash-data [<slot-id> | mm] usb <filename> copy crash-data [<slot-id>| mm] xmodem where: slot-id a - h, and retrieves the crash log or crash data from the processor on the module in the specified slot.
  • Page 450 File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation These commands copy the Crash Log content to a remote host, attached USB device, or to a serially connected PC or UNIX workstation. You can copy individual slot information or the management module (mm) switch information.

  • Page 451: Using Usb Autorun

    The overall USB autorun solution requires the following components: A ProCurve switch which can securely use USB autorun to load autho­ ■ rized configurations and write reporting information. This requires soft­...

  • Page 452: Security Considerations

    File Transfers Using USB Autorun d. determine if the file will be ‘run once’ (moved to a ‘processed’ direc­ tory on execution) or ‘run many’ (kept in the root directory of the flash drive from where it can be executed again). 2. Deploy the AutoRun file to a USB flash drive.

  • Page 453: Troubleshooting Autorun Operations

    PCM+ provides a mechanism to read these status files and capture the results of the commands executed. It also allows you to verify the report files for their authenticity and reject files that have not been signed (refer to the ProCurve Manager documentation for details).

  • Page 454: Configuring Autorun On The Switch

    File Transfers Using USB Autorun Event Log or Syslog. For details on how to use the switch’s event log or syslog for help in isolating autorun-related problems, see “Using the Event Log for Troubleshooting Switch Problems” on page C-26. Configuring Autorun on the Switch To enable/disable the autorun feature on the switch, the following commands can be executed from configuration mode in the CLI.

  • Page 455: Operating Notes And Restrictions

    When an operator or manager password is configured on a switch, autorun will be disabled automatically, and a message is displayed on the screen as shown in the following example: ProCurve# password manager New password for manager: ***** Please retype new password for manager: ***** Autorun is disabled as operator/manager is configured.

  • Page 456: Viewing Autorun Configuration Information

    File Transfers Using USB Autorun Viewing Autorun Configuration Information The show autorun command displays autorun configuration status information as shown in the following example. ProCurve(config)# show autorun Autorun configuration status Enabled : Yes Secure-mode : Disabled Encryption-key : A-44...

  • Page 457: Contents

    Monitoring and Analyzing Switch Operation Contents Overview ........... . B-3 Status and Counters Data .
  • Page 458 Monitoring and Analyzing Switch Operation Contents Interface Monitoring Features ......B-24 Menu: Configuring Port and Static Trunk Monitoring .

  • Page 459: Overview

    Monitoring and Analyzing Switch Operation Overview Overview The switches covered in this guide have several built-in tools for monitoring, analyzing, and troubleshooting switch and network operation: ■ Status: Includes options for displaying general switch information, man­ agement address data, port status, port and trunk group statistics, MAC addresses detected on each port or VLAN, and STP, IGMP, and VLAN data (page B-4).

  • Page 460: Status And Counters Data

    Monitoring and Analyzing Switch Operation Status and Counters Data Status and Counters Data This section describes the status and counters screens available through the switch console interface and/or the web browser interface. N o t e You can access all console screens from the web browser interface via Telnet to the console.

  • Page 461: Menu Access To Status And Counters

    Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access To Status and Counters Beginning at the Main Menu, display the Status and Counters menu by select­ ing: 1. Status and Counters Figure B-1. The Status and Counters Menu Each of the above menu items accesses the read-only screens described on the following pages.

  • Page 462: General System Information

    Status and Counters Data General System Information Menu Access From the console Main Menu, select: 1. Status and Counters 1. General System Information ProCurve Switch 2-Jan-1990 22:14:32 ===========================- TELNET - MANAGER MODE -========================== Status and Counters - General System Information System Contact...

  • Page 463: Cli Access To System Information

    Shows chassis power supply and settings. temperature Shows system temperature and settings. fans Shows system fan status. ProCurve(config)# show system fans Fan Information | State | Failures -------+-------------+---------- Sys-1 | Fan OK 0 / 1 Fans in Failure State 0 / 1 Fans have been in Failure State Figure B-3.

  • Page 464: Task Monitor-Collecting Processor Data

    Monitoring and Analyzing Switch Operation Status and Counters Data ProCurve(config)# show system Status and Counters - General System Information System Name : ProCurve Switch System Contact System Location MAC Age Time (sec) : 300 Time Zone Daylight Time Rule : None Software revision : T.13.XX...

  • Page 465: Switch Management Address Information

    Monitoring and Analyzing Switch Operation Status and Counters Data ProCurve(config)# task-monitor cpu ProCurve(config)# show cpu 2 percent busy, from 2865 sec ago 1 sec ave: 9 percent busy 5 sec ave: 9 percent busy 1 min ave: 1 percent busy...

  • Page 466: Cli Access

    Monitoring and Analyzing Switch Operation Status and Counters Data N o t e As shown in figure B-6, all VLANs on the switches use the same MAC address. (This includes both the statically configured VLANs and any dynamic VLANs existing on the switch as a result of GVRP operation.) Also, the switches covered in this guide use a multiple forwarding database.

  • Page 467: Cli Access

    Monitoring and Analyzing Switch Operation Status and Counters Data Figure B-7. Example of Port Status on the Menu Interface CLI Access Syntax: show interfaces brief Web Access Click on the Status tab. Click on [Port Status] Viewing Port and Trunk Group Statistics and Flow Control Status Feature Default...
  • Page 468 Monitoring and Analyzing Switch Operation Status and Counters Data These features enable you to determine the traffic patterns for each port since the last reboot or reset of the switch. You can display: ■ A general report of traffic on all LAN ports and trunk groups in the switch, along with the per-port flow control status (On or Off).

  • Page 469: Menu Access To Port And Trunk Statistics

    Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to Port and Trunk Statistics To access this screen from the Main Menu, select: 1. Status and Counters … 4. Port Counters Figure B-8. Example of Port Counters on the Menu Interface To view details about the traffic on a particular port, use the [v] key to highlight that port number, then select Show Details.

  • Page 470: Cli Access To Port And Trunk Group Statistics

    Monitoring and Analyzing Switch Operation Status and Counters Data CLI Access To Port and Trunk Group Statistics To Display the Port Counter Summary Report. Syntax: show interfaces This command provides an overview of port activity for all ports on the switch. To Display a Detailed Traffic Summary for Specific Ports.

  • Page 471: Viewing The Switch's Mac Address Tables

    Monitoring and Analyzing Switch Operation Status and Counters Data Viewing the Switch’s MAC Address Tables Feature Default Menu viewing MAC addresses on all page B-15 page B-18 — ports on a specific VLAN viewing MAC addresses on a page B-17 page B-18 —...
  • Page 472 Monitoring and Analyzing Switch Operation Status and Counters Data Figure B-10. Example of the Address Table To page through the listing, use Next page and Prev page. Finding the Port Connection for a Specific Device on a VLAN. This feature uses a device’s MAC address that you enter to identify the port used by that device.
  • Page 473 Monitoring and Analyzing Switch Operation Status and Counters Data Port-Level MAC Address Viewing and Searching. This feature displays and searches for MAC addresses on the specified port instead of for all ports on the switch. 1. From the Main Menu, select: 1.

  • Page 474: Cli Access For Mac Address Views And Searches

    To List All Learned MAC Addresses on a VLAN, with Their Port Numbers. This command lists the MAC addresses associated with the ports for a given VLAN. For example: ProCurve> show mac-address vlan 100 N o t e The switches covered in this guide operate with a multiple forwarding database architecture.

  • Page 475: Spanning Tree Protocol (Mstp) Information

    Monitoring and Analyzing Switch Operation Status and Counters Data Spanning Tree Protocol (MSTP) Information CLI Access to MSTP Data This option lists the MSTP configuration, root data, and per-port data (cost, priority, state, and designated bridge). Syntax: show spanning-tree This command displays the switch’s global and regional spanning-tree status, plus the per-port spanning-tree operation at the regional level.

  • Page 476: Internet Group Management Protocol (Igmp) Status

    Monitoring and Analyzing Switch Operation Status and Counters Data Internet Group Management Protocol (IGMP) Status The switch uses the CLI to display the following IGMP status on a per-VLAN basis: Show Command Output show ip igmp Global command listing IGMP status for all VLANs configured in the switch: •...

  • Page 477: Vlan Information

    Monitoring and Analyzing Switch Operation Status and Counters Data VLAN Information The switch uses the CLI to display the following VLAN status: Show Command Output show vlan Lists: • Maximum number of VLANs to support • Existing VLANs • Status (static or dynamic) •...
  • Page 478 Monitoring and Analyzing Switch Operation Status and Counters Data Because ports A1 and A2 are not members of VLAN­ 44, it does not appear in this listing. Figure B-16. Example of VLAN Listing for Specific Ports Figure B-17. Example of Port Listing for an Individual VLAN B-22...

  • Page 479: Web Browser Interface Status Information

    Alert Log, which informs you of any problems that may have occurred on the switch. For more information on this screen, refer to chapter 5, “Using the ProCurve Web Browser Interface” . Port...

  • Page 480: Interface Monitoring Features

    Monitoring and Analyzing Switch Operation Interface Monitoring Features Interface Monitoring Features Port Monitoring Features Feature Default Menu display monitoring disabled page B-25 page B-27 page B-30 configuration configure the monitor port(s) ports: none page B-25 page B-28 page B-30 selecting or removing ports none selected page B-25 page B-29 page B-30 You can designate monitoring of inbound and outbound traffic on: Ports and static trunks: Allows monitoring of individual ports, groups...

  • Page 481: Menu: Configuring Port And Static Trunk Monitoring

    Monitoring and Analyzing Switch Operation Interface Monitoring Features Menu: Configuring Port and Static Trunk Monitoring This procedure describes configuring the switch for monitoring when moni­ toring is disabled. (If monitoring has already been enabled, the screens will appear differently than shown in this procedure.) 1. From the Console Main Menu, Select: 2.
  • Page 482 Monitoring and Analyzing Switch Operation Interface Monitoring Features Move the cursor to the Monitoring Port Inbound Port and Trunk Monitoring (Only) on the Switch 4108 Figure B-20. How To Select a Monitoring Port 5. Use the Space bar to select the port to use for monitoring. 6. Highlight the Monitor field and use the Space bar to select the interfaces to monitor: Ports: Use for monitoring ports or static trunks.

  • Page 483: Cli: Configuring Port And Static Trunk Monitoring

    Monitoring and Analyzing Switch Operation Interface Monitoring Features ii. Use the Space bar to select the VLAN you want to monitor. iii. Go to step 10. 8. Use the down arrow key to move the cursor to the Action column for the individual ports and position the cursor at a port you want to monitor.
  • Page 484 Removing the monitor port disables port monitoring and resets the monitoring parameters to their factory-default settings. For example, to assign port 6 as the monitoring port: ProCurve(config)# mirror-port 6 To turn off monitoring: ProCurve(config)# no mirror-port B-28...
  • Page 485 • A1 through A3, and A5 • Trunks 1 and 2 ProCurve(config)# int 6-9, 14 trk2, monitor Figure B-22. Examples of Selecting Ports and Static Trunks as Monitoring Sources To monitor a VLAN: B-29...

  • Page 486: Web: Configuring Port Monitoring

    Monitoring and Analyzing Switch Operation Interface Monitoring Features Configure monitoring of VLAN 20. Display current monitoring configuration: – Monitor port – Interface Being Monitored Figure B-23. Example of Configuring VLAN Monitoring These two commands show how to disable monitoring at the interface context level for a single port or all ports in an interface context level.

  • Page 487: Locating A Device

    Turns the chassis Locate LED on for a selected number of minutes (default is 30 minutes). Turns the chassis Locate LED off. ProCurve(config)# chassislocate blink <1-1440> Blink the chassis locate led (default 30 minutes). Turn the chassis locate led off.
  • Page 488 Monitoring and Analyzing Switch Operation Locating a Device B-32...

  • Page 489: Contents

    Troubleshooting Contents Overview ........... . C-4 Troubleshooting Approaches .
  • Page 490 Troubleshooting Contents Log Throttle Periods ........C-37 Example of Log Throttling .
  • Page 491 Troubleshooting Contents System Failures: Core Dump Utility ......C-79 CLI: Enabling/Disabling Core Dump ..... . C-80 CLI: Transferring Core Dump Files .

  • Page 492: Overview

    N o t e ProCurve periodically places switch software updates on the ProCurve Networking web site. ProCurve recommends that you check this web site for software updates that may have fixed a problem you are experiencing. For information on support and warranty provisions, refer to the Support and...

  • Page 493: Troubleshooting Approaches

    Troubleshooting Approaches Troubleshooting Approaches Use these approaches to diagnose switch problems: ■ Check the ProCurve Networking web site for software updates that may have solved your problem: www.procurve.com ■ Check the switch LEDs for indications of proper switch operation: •...

  • Page 494: Browser Or Telnet Access Problems

    Troubleshooting Browser or Telnet Access Problems Browser or Telnet Access Problems Cannot access the web browser interface: Access may be disabled by the Web Agent Enabled parameter in the switch ■ console. Check the setting on this parameter by selecting: 2.
  • Page 495 Troubleshooting Browser or Telnet Access Problems Cannot Telnet into the switch console from a station on the network: ■ Off subnet management stations can lose Telnet access if you enable routing without first configuring a static (default) route. That is, the switch uses the IP default gateway only while operating as a Layer 2 device.

  • Page 496: Unusual Network Activity

    Unusual network activity is usually indicated by the LEDs on the front of the switch or measured with the switch console interface or with a network management tool such as ProCurve Manager. Refer to the Installation Guide you received with the switch for information on using LEDs to identify unusual network activity.

  • Page 497: 802.1Q Prioritization Problems

    Troubleshooting Unusual Network Activity This can also happen, for example, if the server is first configured to issue IP addresses with an unlimited duration, then is subsequently configured to issue IP addresses that will expire after a limited duration. One solution is to configure “reservations”...
  • Page 498 Troubleshooting Unusual Network Activity Indicates that routing is enabled; a require­ ment for ACL operation. (There is an exception. Refer to the Note, below.) Figure C-1. Indication that Routing Is Enabled Note If an ACL assigned to a VLAN includes an ACE referencing an IP address on the switch itself as a packet source or destination, the ACE screens traffic to or from this switch address regardless of whether IP routing is enabled.
  • Page 499 Troubleshooting Unusual Network Activity Error (Invalid input) when entering an IP address. When using the “host” option in the command syntax, ensure that you are not including a mask in either dotted decimal or CIDR format. Using the “host” option implies a specific host device and therefore does not permit any mask entry.
  • Page 500 Troubleshooting Unusual Network Activity that happens to include the switch’s IP address. For an example of this problem, refer to the section titled “General ACL Operating Notes” in the “Access Control Lists (ACLs)” chapter of the latest Access Security Guide for your switch. Routing Through a Gateway on the Switch Fails Configuring a “deny”...

  • Page 501: Igmp-Related Problems

    Troubleshooting Unusual Network Activity To avoid inadvertently blocking the remote gateway for authorized traffic from another network (such as the 20 Net in this example): 1. Configure an ACE that specifically permits authorized traffic from the remote network. 2. Configure narrowly defined ACEs to block unwanted IP traffic that would otherwise use the gateway.

  • Page 502: Lacp-Related Problems

    Removing a port from a trunk without first disabling the port can create a traffic loop that can slow down or halt your network. Before removing a port from a trunk, ProCurve recommends that you either disable the port or disconnect it from the LAN.
  • Page 503 Troubleshooting Unusual Network Activity Verify that the switch has the correct IP address for each RADIUS server. ■ Ensure that the radius-server timeout period is long enough for network ■ conditions. The switch does not authenticate a client even though the RADIUS server is properly configured and providing a response to the authentication request.
  • Page 504 Troubleshooting Unusual Network Activity Port A9 shows an “Open” status even though Access Control is set to Unauthorized (Force Auth). This is because the port-access authenticator has not yet been activated. Figure C-5. Authenticator Ports Remain “Open” Until Activated RADIUS server fails to respond to a request for service, even though the server’s IP address is correctly configured in the switch.

  • Page 505: Qos-Related Problems

    Troubleshooting Unusual Network Activity Also, ensure that the switch port used to access the RADIUS server is not blocked by an 802.1X configuration on that port. For example, show port- access authenticator < port-list > gives you the status for the specified ports. Also, ensure that other factors, such as port security or any 802.1X configura­...

  • Page 506: Spanning-Tree Protocol (Mstp) And Fast-Uplink Problems

    Troubleshooting Unusual Network Activity Ensure that the radius-server timeout period is long enough for network ■ conditions. ■ Verify that the switch is using the same UDP port number as the server. RADIUS server fails to respond to a request for service, even though the server’s IP address is correctly configured in the switch.

  • Page 507: Ssh-Related Problems

    Troubleshooting Unusual Network Activity Broadcast Storms Appearing in the Network. This can occur when there are physical loops (redundant links) in the topology.Where this exists, you should enable MSTP on all bridging devices in the topology in order for the loop to be detected. STP Blocks a Link in a VLAN Even Though There Are No Redundant Links in that VLAN.
  • Page 508 Troubleshooting Unusual Network Activity Executing IP SSH does not enable SSH on the switch. The switch does not have a host key. Verify by executing show ip host-public-key. If you see the message ssh cannot be enabled until a host key is configured (use 'crypto' command).

  • Page 509: Tacacs-Related Problems

    Troubleshooting Unusual Network Activity FAILURE response may fail when attempting to connect. Ensure that compression is turned off before attempting a connection to prevent this problem. TACACS-Related Problems Event Log. When troubleshooting TACACS+ operation, check the switch’s Event Log for indications of problem areas. All Users Are Locked Out of Access to the Switch.
  • Page 510 Troubleshooting Unusual Network Activity The encryption key configured in the server does not match the ■ encryption key configured in the switch (by using the tacacs-server key command). Verify the key in the server and compare it to the key configured in the switch.

  • Page 511: Timep, Sntp, Or Gateway Problems

    Troubleshooting Unusual Network Activity TimeP, SNTP, or Gateway Problems The Switch Cannot Find the Time Server or the Configured Gateway . TimeP, SNTP, and Gateway access are through the primary VLAN, which in the default configuration is the DEFAULT_VLAN. If the primary VLAN has been moved to another VLAN, it may be disabled or does not have ports assigned to it.
  • Page 512 Troubleshooting Unusual Network Activity Link supporting VLAN_1 and VLAN_2 Switch “Y” Switch “X” Port Y- 7 Port X-3 VLAN Port Assignment VLAN Port Assignment Port VLAN_1 VLAN_2 Port VLAN_1 VLAN_2 Untagged Tagged Untagged Tagged Figure C-8. Example of Correct VLAN Port Assignments on a Link 1. If VLAN_1 (VID=1) is configured as “Untagged”...

  • Page 513: Fan Failure

    When two or more fans fail, a tow-minute timer starts. After two minutes, the switch is powered down and must be rebooted to restart it. This protects the switch from possible overheating. ProCurve recommends that you replace a failed fan tray assembly within one minute of removing it. C-25...

  • Page 514: Using The Event Log For Troubleshooting Switch Problems

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems Using the Event Log for Troubleshooting Switch Problems The Event Log records operating events in single- or double-line entries and serves as a tool to isolate and troubleshoot problems. Starting in software release K.13.xx, the maximum number of entries supported in the Event Log is increased from 1000 to 2000 entries.
  • Page 515 Troubleshooting Using the Event Log for Troubleshooting Switch Problems (debug) is reserved for ProCurve internal diagnostic information. Date is the date in the format mm/dd/yy when an entry is recorded in the log. Time is the time in the format hh:mm:ss when an entry is recorded in the log.
  • Page 516 Cisco Discovery Protocol: Supports reading CDP packets Management and Configuration Guide received from neighbor devices, enabling a switch to learn about adjacent CDP devices. ProCurve switches do not support the transmission of CDP packets to neighbor devices. chassis Hardware operation, including modules and ports, power...
  • Page 517 Access Security Guide type, the switch can forward or drop traffic to a specific set of destination ports on the switch. licensing ProCurve premium licensing: Provide access to expanded Premium License Installation Guide features on certain ProCurve network devices. C-29...
  • Page 518 VLAN. • MAC lockout blocks a specific MAC address so that the switch drops all traffic to or from the specified address. ProCurve Manager (PCM) and ProCurve Manager Plus Management and Configuration Guide (PCM+): Windows-based network management solutions for managing and monitoring performance of ProCurve devices.
  • Page 519 Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Documented in ProCurve Hardware/ Description Module Software guide Multicast Listener Discovery (MLD): IPv6 protocol used by a Multicast and Routing Guide router to discover the presence of multicast listeners. MLD can also optimize IPv6 multicast traffic flow with the snooping feature.
  • Page 520 ROM image, memory buffers, traffic Access Security Guide and security filters. System messages also include events from Management interfaces (menu, CLI, web browser, ProCurve Manager) used to reconfigure the switch and monitor switch status and performance. tacacs...
  • Page 521 IP broadcasts addressed to a UDP application port on a network server. update Updates (TFTP or serial) to ProCurve software and updates to Management and Configuration Guide running-config and start-up config files Auxiliary port that allows you to connect external devices to Installation and Getting Started Guide the switch.

  • Page 522: Menu: Displaying And Navigating In The Event Log

    Using the Event Log for Troubleshooting Switch Problems Menu: Displaying and Navigating in the Event Log To display the Event Log from the Main Menu, select Event Log. Figure C-11 shows a sample event log display. ProCurve Switch 25-Oct-2007 18:02:52 ==========================-CONSOLE - MANAGER MODE -============================ M 10/25/07 16:30:02 sys: 'Operator cold reboot from CONSOLE session.'...

  • Page 523: Cli: Displaying The Event Log

    Examples. To display all Event Log messages that have “system” in the message text or module name, enter the following command: ProCurve# show logging -a system To display all Event Log messages recorded since the last reboot that have the word, “system”, in the message text or module name, enter:...

  • Page 524: Cli: Turning Event Numbering On

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems To redisplay all hidden entries, including Event Log entries recorded prior to the last reboot, enter the show logging -a command. Syntax: clear logging Removes all entries from the event log display output. CLI: Turning Event Numbering On Syntax: [no] log-numbers Turns event numbering on and off...

  • Page 525: Log Throttle Periods

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems Log Throttle Periods The length of the log throttle period differs according to an event’s severity level: Severity Level Log Throttle Period I (Information) 6000 Seconds W (Warning) 600 Seconds D (Debug) 60 Seconds M (Major) 6 Seconds...
  • Page 526 Troubleshooting Using the Event Log for Troubleshooting Switch Problems If PIM operation caused the same event to occur six more times during the initial log throttle period, there would be no further entries in the Event Log. However, if the event occurred again after the log throttle period expired, the switch would repeat the message (with an updated counter) and start a new log throttle period.

  • Page 527: Example Of Event Counter Operation

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems Example of Event Counter Operation Suppose the switch detects the following after a reboot: ■ Three duplicate instances of a “Send error” during the first log throttle period for this event ■...

  • Page 528: Debug/Syslog Operation

    Troubleshooting Debug/Syslog Operation Debug/Syslog Operation While the Event Log records switch-level progress, status, and warning messages on the switch, the Debug/System Logging (Syslog) feature provides a way to record Event Log and debug messages on a remote device. For example, you can send messages about routing misconfigurations and other network protocol details to an external device, and later use them to debug network-level problems.

  • Page 529: Debug/Syslog Configuration Commands

    Troubleshooting Debug/Syslog Operation A Debug/Syslog destination device can be a Syslog server and/or a console session. You can configure debug and logging messages to be sent to: ■ Up to six Syslog servers A CLI session through a direct RS-232 console connection, or a Telnet or ■...
  • Page 530 Troubleshooting Debug/Syslog Operation event Sends standard Event Log messages to configured debug destinations. (The same messages are also sent to the switch’s Event Log, regardless of whether you enable this option.) forwarding: Sends IPv4 forwarding messages to the debug destination(s). packet: Sends IPv4 packet messages to the debug destination(s).

  • Page 531: Configuring Debug/Syslog Operation

    ■ Series 2600 switches and the Switch 6108 (software release H.07.30 or greater) For the latest feature information on ProCurve switches, visit the ProCurve Networking web site and check the latest release notes for the switch products you use. Configure the switch to send Event Log messages to the current manage­...
  • Page 532 Syslog servers by specifying a severity level and/or system module using the following commands ProCurve(config)# logging severity < debug | major | error | warning | info > ProCurve(config)# logging system-module < system-module > To display a list of valid values for each command, enter logging severity or logging system-module followed by ? or pressing the Tab key.

  • Page 533: Displaying A Debug/Syslog Configuration

    (If no Syslog server address is configured with the logging syslog-ip­ < addr command, no show debug command output is displayed.) > ProCurve(config)# show debug Debug Logging Destination: Logging - - 10.28.38.164 Facility=kern Severity=warning...
  • Page 534 Enabled debug types: Event Log messages to send to the event Syslog server. ProCurve(config)# logging severity error ProCurve(config)# logging system-module iplock Figure C-17. Syslog Configuration to Receive Event Log Messages From Specified System Module and Severity Levels As shown at the top of Figure C-17, if you enter the show debug command when no Syslog server IP address is configured, the configuration settings for Syslog server facility, Event Log severity level and system module are not displayed.
  • Page 535 Troubleshooting Debug/Syslog Operation Example. The next example shows how to configure: ■ Debug logging of ACL packet messages on a Syslog server at 18.38.64.164 (with user as the default logging facility). Display of these messages in the CLI session of your terminal device’s ■...
  • Page 536 Enabled debug types: destinations. event Configure the debug messages types that you want to send to the Syslog ProCurve(config)# no debug event server and CLI session. ProCurve(config)# debug acl ProCurve(config)# debug destination session ProCurve(config)# show debug Configure the CLI session as a debug Debug Logging destination.

  • Page 537: Debug Command

    Troubleshooting Debug/Syslog Operation Debug Command At the manager level, use the debug command to perform two main functions: ■ Specifies the types of event messages to be sent to an external destination. Specifies the destinations to which selected message types are sent. ■...
  • Page 538 Troubleshooting Debug/Syslog Operation Syntax: [no] debug < debug-type > (Continued) event Event Log messages are automatically enabled to be sent to debug destinations in these conditions: • If no Syslog server address is configured and you enter the logging <syslog-ip-addr> command to configure a destination address.

  • Page 539: Debug Destinations

    Telnet, or SSH access to the CLI at the Manager level prompt (ProCurve#_ ). If more than one terminal device has a console session with the CLI, you can redirect the desti­...

  • Page 540: Logging Command

    Event Log messages of all severity levels and from all system modules are sent to configured Syslog servers: ProCurve(config)# no logging severity < debug | major | error | warning | info> ProCurve(config)# no logging system-module < system-module > C-52...

  • Page 541: Configuring A Syslog Server

    Troubleshooting Debug/Syslog Operation Configuring a Syslog Server Syslog is a client-server logging tool that allows a client switch to send event notification messages to a networked device operating with Syslog server software. Messages sent to a Syslog server can be stored to a file for later debugging analysis.
  • Page 542 Troubleshooting Debug/Syslog Operation Syntax: [no] logging < syslog-ip-addr > Enables or disables Syslog messaging to the specified IP address. You can configure up to six addresses. If you configure an address when none are already configured, this command enables destination logging (Syslog) and the Event debug type.
  • Page 543 - local17 — Reserved for system use Use the no form of the command to remove the configured facility and reconfigure the default (user) value. For a list of supported ProCurve switches, refer to the Note on page C-42. C-55...

  • Page 544: Configuring The Severity Level For Event Log Messages Sent To A Syslog Server

    Warning: A switch service has behaved unexpectedly. Information: Information on a normal switch event. Debug: Reserved for ProCurve internal diagnostic information. Using the logging severity command, you can select a set of Event Log messages according to their severity level and send them to a Syslog server.

  • Page 545: Configuring The System Module Used To Select The Event Log Messages Sent To A Syslog Server

    Troubleshooting Debug/Syslog Operation Configuring the System Module Used to Select the Event Log Messages Sent to a Syslog Server Event Log messages contain the name of the system module that reported the event. Using the logging system-module command, you can select a set of Event Log messages according to the originating system module and send them to a Syslog server.
  • Page 546 Troubleshooting Debug/Syslog Operation Debug Option Effect of a Reboot or Reset event (debug type) If a Syslog server IP address is configured in the startup­ config file, the sending of Event Log messages is reset to enabled, regardless of the last active setting. If no Syslog server is configured, the sending of Event Log messages is disabled.

  • Page 547: Diagnostic Tools

    Troubleshooting Diagnostic Tools Diagnostic Tools Diagnostic Features Feature Default Menu Port Auto negotiation — — — Ping test — page C-62 page C-61 Link test — page C-62 page C-61 Traceroute operation — page C-64 View switch configuration files — page C-68 page C-68 View switch (show tech)

  • Page 548: Port Auto-Negotiation

    Troubleshooting Diagnostic Tools Port Auto-Negotiation When a link LED does not light (indicating loss of link between two devices), the most common reason is a failure of port auto-negotiation between the connecting ports. If a link LED fails to light when you connect the switch to a port on another device, do the following: 1. Ensure that the switch port and the port on the attached end-node are both set to Auto mode.

  • Page 549: Web: Executing Ping Or Link Tests

    Troubleshooting Diagnostic Tools Web: Executing Ping or Link Tests 1. Click here. 2. Click here. 3. Select Ping Test (the default) or Link Test 4. For a Ping test, enter the IP address of the target device. For a Link test, enter the MAC address of the target device.

  • Page 550: Cli: Ping Test

    Troubleshooting Diagnostic Tools Number of Packets to Send is the number of times you want the switch to attempt to test a connection. Timeout in Seconds is the number of seconds to allow per attempt to test a connection before determining that the current attempt has failed. To halt a Link or Ping test before it concludes, click on the Stop button.

  • Page 551: Link Tests

    Troubleshooting Diagnostic Tools source <ip-addr | hostname > Source IP address or hostname. The source IP address must be owned by the router. If a VLAN is specified, the IP address associated with the specified VLAN is used. data-size <0-65471> Size of packet sent.

  • Page 552: Traceroute Command

    Troubleshooting Diagnostic Tools Basic Link Test Link Test with Repetitions Link Test with Repetitions and Timeout Link Test Over a Specific VLAN Link Test Over a Specific VLAN; Test Fail Figure C-21. Example of Link Tests Traceroute Command The traceroute command enables you to trace the route from the switch to a host address.
  • Page 553 Troubleshooting Diagnostic Tools <ip-address | hostname> The IP address or hostname of the device to which to send the traceroute. [minttl < 1-255 >] For the current instance of traceroute, changes the minimum number of hops allowed for each probe packet sent along the route.
  • Page 554 Troubleshooting Diagnostic Tools Intermediate router hops with the time taken for the switch to receive acknowledgement of each probe reaching each router. Destination IP Address Figure C-22. Example of a Completed Traceroute Enquiry Continuing from the previous example (Figure C-22, above), executing traceroute with an insufficient maxttl for the actual hop count produces an output similar to this: Traceroute does not reach...
  • Page 555 Troubleshooting Diagnostic Tools If A Network Condition Prevents Traceroute from Reaching the Destination. Common reasons for Traceroute failing to reach a destination include: Timeouts (indicated by one asterisk per probe, per hop; refer to Figure ■ C-23, above.) Unreachable hosts ■...

  • Page 556: Viewing Switch Configuration And Operation

    Troubleshooting Viewing Switch Configuration and Operation Viewing Switch Configuration and Operation In some troubleshooting scenarios, you may need to view the switch config­ uration to diagnose a problem. The complete switch configuration is con­ tained in a file that you can browse from either the web browser interface or the CLI using the commands described in this section.
  • Page 557 Status and counters — VLAN information ■ GVRP support Load balancing (trunk and LACP) ■ Figure C-25 shows sample output from the show tech command. ProCurve# show tech show system Status and Counters - General System Information System Name : 5400_1 System Contact...

  • Page 558: Saving Show Tech Command Output To A Text File

    Troubleshooting Viewing Switch Configuration and Operation To specify the data displayed by the show tech command, use the copy show tech command as described in “Customizing show tech Command Output” on page C-71. Saving show tech Command Output to a Text File When you enter the show tech command, a summary of switch operational data is sent to your terminal emulator.

  • Page 559: Customizing Show Tech Command Output

    3. Click [Start] to create and open the text file. 4. From the global configuration context, enter the show tech command: ProCurve# show tech The show tech command output is copied into the text file and displayed on the terminal emulator screen. When the command output stops and displays -- MORE --, press the Space bar to display and copy more information.
  • Page 560 Troubleshooting Viewing Switch Configuration and Operation Syntax: copy <source> show- tech Includes the output of a specified command in show-tech command output. Enter the command name between double-quotation marks; for example, copy “show system” show-tech. crash-data [slot-id | master]: Includes the crash data from all management and interface modules in show tech command output.
  • Page 561 Troubleshooting Viewing Switch Configuration and Operation Syntax: copy <source> show- tech tftp config < startup-config | running-config > < ip-addr > < remote-file > < pc | unix > Downloads the contents of a configuration file from a remote host to show tech command output, where: ip-addr: Specifies the IP address of the remote host device.
  • Page 562 Troubleshooting Viewing Switch Configuration and Operation Syntax: copy <source> show- tech Copies the contents of a configuration file or ACL command file from a serially connected PC or UNIX workstation to show tech command output, where: startup-config: Specifies the name of the startup configuration file on the connected device.

  • Page 563: Cli: Viewing More Information On Switch Operation

    Troubleshooting Viewing Switch Configuration and Operation CLI: Viewing More Information on Switch Operation Use the following commands to display additional information on switch operation for troubleshooting purposes. Syntax: show boot-history Displays the crash information saved for each management module on the switch (see “Displaying Saved Crash Information”...
  • Page 564 N o t e Pattern matching is case-sensitive. Below are examples of what portions of the running config file display depending on the option chosen. ProCurve(config)# show run | include ipv6 ipv6 enable ipv6 enable Displays only lines that contain “ipv6”.
  • Page 565 Troubleshooting Viewing Switch Configuration and Operation ProCurve(config)# show run | exclude ipv6 Running configuration: ; J9146A Configuration Editor; Created on release #W.14.06 hostname "ProCurve Switch" module 1 type J8702A module 2 type J8705A snmp-server community "notpublic" Unrestricted vlan 1 name "DEFAULT_VLAN"...
  • Page 566 Troubleshooting Viewing Switch Configuration and Operation ProCurve(config)# show run | begin ipv6 ipv6 enable no untagged B21-B24 Displays the running config beginning at the first line that contains “ipv6”. exit vlan 20 name "VLAN20" untagged B21-B24 ipv6 enable no ip address exit policy qos "michael"...

  • Page 567: Cli: Useful Commands For Troubleshooting Sessions

    Troubleshooting Viewing Switch Configuration and Operation CLI: Useful Commands for Troubleshooting Sessions Use the following commands in a troubleshooting session to more accurately display the information you need to diagnose a problem. For more information on other these CLI practices, refer to chapter Chapter 4, “Using the Command Line Interface (CLI)”.

  • Page 568: Cli: Enabling/Disabling Core Dump

    N o t e The core dump file contains non-readable data and must be transferred to HP ProCurve Customer Care for analysis, diagnostics and troubleshooting. For instructions on how to transfer the file from the switch, see “CLI: Transferring Core Dump Files” on page C-80.

  • Page 569: Cli: Displaying Core Dump Information

    The show boot-history command will indicate if any core dump files exist on the switch. Syntax: show boot-history Displays any core dump files saved in the file system. ProCurve(config)# show boot-history Master -- Saved Crash Information (most recent first): ====================================================== SubSystem 0 went down: 07/16/08 23:29:10 Operator cold reboot from CONSOLE session.
  • Page 570 Troubleshooting Viewing Switch Configuration and Operation Figure C-32. Web User Interface: Core Dump Window 2. To enable or disable core dump file captures, check/uncheck the Enabled check box. 3. Click the Save button to apply the changes. A window will appear to confirm the current status. Figure C-33.

  • Page 571: Web Ui: Downloading Core Dump Files

    Troubleshooting Viewing Switch Configuration and Operation Web UI: Downloading Core Dump Files To download a core dump file from the switch, follow the steps below: 1. Navigate to the Diagnostics -> Core Dump tab. 2. From the Download Core Dump File area, select the required core dump file from the drop-down box.

  • Page 572: Restoring The Factory-Default Configuration

    (for example, 20090122-mm1.core). Once the file has been downloaded, it can be sent to HP ProCurve Customer Care for diagnosis and analysis of the system crash information contained within the file (see also “CLI: Transferring Core Dump Files”...

  • Page 573: Clear/Reset: Resetting To The Factory-Default Configuration

    Troubleshooting Restoring a Flash Image Clear/Reset: Resetting to the Factory-Default Configuration To execute the factory default reset, perform these steps: 1. Using pointed objects, simultaneously press both the Reset and Clear buttons on the front of the switch. 2. Continue to press the Clear button while releasing the Reset button. 3. When the Self Test LED begins to flash, release the Clear button.
  • Page 574 Troubleshooting Restoring a Flash Image 2. Ensure that the terminal program is configured as follows: ■ Baud rate: 9600 ■ 1 stop bit No parity No flow control ■ ■ 8 Bits ■ 3. Use the Reset button to reset the switch. The following prompt should then appear in the terminal emulator: Enter h or ? for help.
  • Page 575 Troubleshooting Restoring a Flash Image If you are using HyperTerminal, you will see a screen similar to the following to indicate that the download is in progress: Figure C-35. Example of Xmodem Download in Progress 8. When the download completes, the switch reboots from primary flash using the OS image you downloaded in the preceding steps, plus the most recent startup-config file.

  • Page 576: Dns Resolver

    Troubleshooting DNS Resolver DNS Resolver The Domain Name System (DNS) resolver is designed for use in local network domains where it enables use of a host name or fully qualified domain name with DNS-compatible switch CLI commands. (At software release K.13.01, the DNS-compatible commands include ping and traceroute.) Beginning with software release K.13.01, DNS operation supports both IPv4 and IPv6 DNS resolution and multiple, prioritized DNS servers.

  • Page 577: Basic Operation

    DNS server. Example. Suppose the switch is configured with the domain suffix mygroup.procurve.net and the IP address for an accessible DNS server. If an operator wants to use the switch to ping a target host in this domain by using the DNS name “leader”...

  • Page 578: Configuring And Using Dns Resolution With Dns-Compatible Commands

    Example. Suppose the switch is configured with the domain suffix mygroup.procurve.net and the IP address for an accessible DNS server in this same domain. This time, the operator wants to use the switch to trace the route to a host named “remote-01”...

  • Page 579: Configuring A Dns Entry

    Troubleshooting DNS Resolver c. The domain name for an accessible domain in which there are hosts you want to reach with a DNS-compatible command. (This is the domain suffix in the fully qualified domain name for a given host operating in the selected domain. Refer to “Terminology” on page C­ 88.) Note that if a domain suffix is not configured, fully qualified domain names can be used to resolve DNS-compatible commands.

  • Page 580: Example Using Dns Names With Ping And Traceroute

    Troubleshooting DNS Resolver Syntax: [no] ip dns domain-name < domain-name-suffix > This optional DNS command configures the domain suffix that is automatically appended to the host name entered with a DNS-compatible command. When the domain suffix and the IP address for a DNS server that can access that domain are both configured on the switch, you can execute a DNS-compatible command using only the host name of the desired target.
  • Page 581 With the above already configured, the following commands enable a DNS- compatible command with the host name docserver to reach the document server at 10.28.229.219. ProCurve(config)# ip dns server-address 10.28.229.10 ProCurve(config)# ip dns domain-name pubs.outdoors.com Figure C-39. Configuring Switch “A” in FigureC-38 To Support DNS Resolution ProCurve# ping docservr 10.28.229.219 is alive, time = 1 ms...

  • Page 582: Viewing The Current Dns Configuration

    DNS- compatible commands. For example, using the document server in Figure C­ 38 as a target: ProCurve# ping docservr.pubs.outdoors.com 10.28.229.219 is alive, time = 1 ms Target’s Fully Qualified Domain Name ProCurve# traceroute docservr.pubs.outdoors.com...

  • Page 583: Operating Notes

    Troubleshooting DNS Resolver Operating Notes Configuring another IP address for a priority that has already been ■ assigned to an IP address is not allowed. To replace one IP address at a given priority level with another address having the same priority, you must first use the no form of the command to remove the unwanted address.

  • Page 584: Event Log Messages

    Troubleshooting DNS Resolver Event Log Messages Message Meaning DNS server address not configured The switch does not have an IP address configured for the DNS server. DNS server not responding The DNS server failed to respond or is unreachable. An incorrect server IP address can produce this result.

  • Page 585: Contents

    MAC Address Management Contents Overview ........... . D-2 Determining MAC Addresses .

  • Page 586: Overview

    MAC Address Management Overview Overview The switch assigns MAC addresses in these areas: ■ For management functions, one Base MAC address is assigned to the default VLAN (VID = 1). (All VLANs on the switches covered in this guide use the same MAC address.) For internal switch operations: One MAC address per port (Refer to “CLI: ■...

  • Page 587: Determining Mac Addresses

    MAC Address Management Determining MAC Addresses Determining MAC Addresses MAC Address Viewing Methods Feature Default Menu view switch’s base (default vlan) MAC address — and the addressing for any added VLANs view port MAC addresses (hexadecimal format) n/a — — ■...

  • Page 588: Menu: Viewing The Switch's Mac Addresses

    MAC Address Management Determining MAC Addresses Menu: Viewing the Switch’s MAC Addresses The Management Address Information screen lists the MAC addresses for: ■ Base switch (default VLAN; VID = 1) Any additional VLANs configured on the switch. ■ Also, the Base MAC address appears on a label on the back of the switch. N o t e The Base MAC address is used by the first (default) VLAN in the switch.

  • Page 589: Cli: Viewing The Port And Vlan Mac Addresses

    ProCurve# walkmib ifPhysAddress (The above command is not case-sensitive.) For example, a ProCurve 8212zl switch with the following module configura­ tion shows MAC address assignments similar to those shown in figure D-2: a 4-port module in slot A, a 24-port module in slot C, and no modules in ■...
  • Page 590 MAC Address Management Determining MAC Addresses ProCurve# walkmib ifphysaddress ifPhysAddress.1 - 4: Ports A1 - A4 in Slot A ifPhysAddress.1 = 00 12 79 88 b1 ff (Addresses 5 - 24 in slot A are unused.) ifPhysAddress.2 = 00 12 79 88 b1 fe ifPhysAddress.3 = 00 12 79 88 b1 fd...

  • Page 591: Viewing The Mac Addresses Of Connected Devices

    MAC Address Management Viewing the MAC Addresses of Connected Devices Viewing the MAC Addresses of Connected Devices Syntax: show mac-address [ | mac-addr | Lists the MAC addresses of the devices the switch has detected, along with the number of the specific port on which each MAC address was detected.
  • Page 592 MAC Address Management Viewing the MAC Addresses of Connected Devices D-8...

  • Page 593: Contents

    Monitoring Resources Contents Viewing Information on Resource Usage ..... . . E-2 Policy Enforcement Engine ........E-2 Displaying Current Resource Usage .

  • Page 594: Viewing Information On Resource Usage

    Monitoring Resources Viewing Information on Resource Usage Viewing Information on Resource Usage The switch allows you to view information about the current usage and availability of resources in the Policy Enforcement engine, including the following software features: ■ Access control lists (ACL) ■...

  • Page 595: Displaying Current Resource Usage

    Monitoring Resources Viewing Information on Resource Usage ACLs ■ ■ QoS configurations that use the following commands: QoS device priority (IP Address) through the CLI using the qos • device-priority command • QoS application port through the CLI using qos tcp-port or qos udp-port ■...
  • Page 596 Monitoring Resources Viewing Information on Resource Usage RADIUS-based authentication, and other features (for an explanation of this output, refer to the notes on page E-5). ProCurve(config)# show access-list resources Resource usage in Policy Enforcement Engine Rules Rules Used Ports |...
  • Page 597 Monitoring Resources Viewing Information on Resource Usage Notes on show resources command output: ■ A 1:1 mapping of internal rules to configured policies in the switch does not necessarily exist. As a result, displaying current resource usage is the most reliable method for keeping track of available resources. Also, because some internal resources are used by multiple features, deleting a feature configuration may not increase the amount of available resources.

  • Page 598: When Insufficient Resources Are Available

    Monitoring Resources When Insufficient Resources Are Available When Insufficient Resources Are Available The switch has ample resources for configuring features and supporting: RADIUS-authenticated clients (with or without the optional IDM applica­ ■ tion) ■ Virus throttling and blocking on individual clients. N o t e Virus throttling does not operate on IPv6 traffic.

  • Page 599: F Daylight Savings Time On Procurve Switches

    • Series 4200vl Routers ProCurve switches provide a way to automatically adjust the system clock for Daylight Savings Time (DST) changes. To use this feature you define the month and date to begin and to end the change from standard time. In addition to the value “none”...
  • Page 600 Daylight Savings Time on ProCurve Switches Middle Europe and Portugal: • Begin DST at 2am the first Sunday on or after March 25th. • End DST at 2am the first Sunday on or after September 24th. Southern Hemisphere: • Begin DST at 2am the first Sunday on or after October 25th.
  • Page 601 Daylight Savings Time on ProCurve Switches Before configuring a “User defined” Daylight Time Rule, it is important to understand how the switch treats the entries. The switch knows which dates are Sundays, and uses an algorithm to determine on which date to change the system clock, given the configured “Beginning day”...
  • Page 602 Daylight Savings Time on ProCurve Switches F-4...
  • Page 603 Index Symbols ARP protection SNMP notification … 14-17, 14-26 => prompt … C-85 arp-protect debug messages … C-41 Numerics asterisk meaning in show config … 6-27, C-66 802.1X authentication effect, LLDP … 14-78 notification messages … 14-17, 14-26 LLDP blocked … 14-45 authentication trap 802.1X access control See also SNMP.
  • Page 604 Bootp/DHCP, LLDP … 14-53 transferring … A-26, 14-19 broadcast limit … 10-17 usb autorun … A-39, 3-7 broadcast storm … 12-3, C-19 viewing … 6-6 broadcast traffic web browser access … 7-3 IPX … 10-17 configuration file RIP … 10-17 browsing for troubleshooting …...
  • Page 605 copy Device Passwords window … 5-9 command output … A-35, A-36, A-37 DHCP event log output … A-36 address problems … C-8 multiple config file, tftp … 6-35 Bootp operation … 8-12 software images … A-24 effect of no reply … C-8 tftp show-tech …...
  • Page 606 TFTP … A-5 flow control troubleshooting … A-6 constraints … 10-15 Xmodem … A-17 effect on rate-limiting … 13-6 See also switch software. global … 10-15 duplex advertisements … 14-55 jumbo frames … 13-16 duplex information, displaying … 14-72 per-port … 10-15 duplicate MAC address terminal …...
  • Page 607 inactivity timeout … 7-4 MTU … 13-8 inactivity-timer … 7-8 port adds and moves … 13-9 Inbound Telnet Enabled parameter … C-7 security concerns … 13-16, 13-8, 13-17 informs through non-jumbo ports … 13-17, 13-9, 13-18 sending to trap receiver … 14-20 VLAN tag …...
  • Page 608 chassis ID … 14-53, 14-75, 14-80, 14-41, 14-54 facility … C-41 data options … 14-42, 14-43, 14-39, 14-43, C-41, logging command … C-49 C-42, 14-45 syntax … C-41, C-52 DHCP/Bootp operation … 14-44 logical port … 12-8 disable, per-port … 14-52, 14-73 loop, network …...
  • Page 609 moving to or from the CLI … 4-7 See also console. online Help mesh See Help. jumbo frames … 13-17 operating system See switch software. HP proprietary … 14-4 operation not allowed, LACP … C-14 listing … 14-4 operator access … 4-4, 4-6, 14-13 standard …...
  • Page 610 … 5-5 caution … 12-3, 12-9, 12-17 updating switch software … A-24, 5-6 CLI access … 12-11 ProCurve, HP, URL … 14-4 default trunk type … 12-10 prompt, => … C-85 enabling dynamic LACP … 12-15, 10-31 PSAP …...
  • Page 611 Public Safety Answering Point … 14-39 factory default reset … C-84 public SNMP community … 14-5, 14-13 resource monitor event log … E-6 resource usage displaying … E-3 insufficient resources … E-6 See Quality of Service. restricted write access … 14-13 Quality of Service RFCs resource usage …...
  • Page 612 web browser access, RADIUS … 5-9 fixed traps … 14-19 Self Test LED invalid password in login … 14-17 behavior during factory default reset … C-85 IP … 14-3 serial number … B-6 link-change traps … 14-17, 14-28 setmib, delay interval … 14-49 manager password change …...
  • Page 613 selecting event log messages for enabling or disabling … A-13 debugging … C-57 TACACS exclusion … A-14 System Name parameter … 7-12 troubleshooting … A-16, C-19 standard MIB … 14-4 starting a console session … 3-4 TACACS startup-config SSH exclusion … A-14 viewing …...
  • Page 614 URL approaches … C-5 browser interface online help location … 5-14 browsing the configuration file … C-68 management … 5-14, 5-13, 5-14 configuring debug destinations … C-41, C-6, ProCurve … 5-14, 14-4 C-79 support … 5-13, 5-14 12 – Index...
  • Page 615 … C-23 debug messages … C-42 event log entries … C-27 world wide web site, HP ID … 4-15, 8-4 See ProCurve. jumbo max frame size … 13-13 write access … 14-13 link blocked … C-19 write memory MAC address …...
  • Page 616 Xmodem copy command output … A-35, A-36, A-37, A-36, A-28, A-25 download to primary or secondary flash … A-18 uploading an ACL command file … A-33, A-17 14 – Index...
  • Page 618 © Copyright 2009 Hewlett-Packard Development Company, L.P. February 2009 Manual Part Number 5992-5437...

This manual is also suitable for:

2910al-48g2910al-24g-poe+2910al-48g-poe+

Table of Contents

Save PDF