Page of 662
Download Print This PagePrint Bookmark

HP 6120G/XG Configuration Manual

Procurve series 6120 blade switches management and configuration guide.
Hide thumbs
   
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662
ProCurve Series 6120 Switches
Management and Configuration Guide
November 2010
Version Z.14.22

Advertising

   Also See for HP 6120G/XG

   Related Manuals for HP 6120G/XG

   Summary of Contents for HP 6120G/XG

  • Page 1

    ProCurve Series 6120 Switches Management and Configuration Guide November 2010 Version Z.14.22...

  • Page 3

    HP ProCurve 6120G/XG Switch 6120XG Switch November 2010 Z.14.22 Management and Configuration Guide...

  • Page 4

    HP shall not be liable for technical or editorial errors or omissions contained herein. Hewlett-Packard assumes no responsibility for the use or reliability of its software on equipment that is not furnished by Hewlett-Packard.

  • Page 5: Table Of Contents, Getting Started

    Contents Product Documentation About Your Switch Manual Set ......xxiii Printed Publications........xxiii Electronic Publications .

  • Page 6: Table Of Contents, Selecting A Management Interface, Using The Menu Interface

    Selecting a Management Interface Contents ............2-1 Overview .

  • Page 7: Table Of Contents, Using The Command Line Interface (cli), Using The Procurve Web Browser Interface

    4 Using the Command Line Interface (CLI) Contents ............4-1 Overview .

  • Page 8: Table Of Contents, Switch Memory And Configuration

    Entering a User Name and Password ..... . 5-11 Using a User Name ........5-11 If You Lose the Password .

  • Page 9: Table Of Contents

    Rebooting the Switch ........6-19 Operating Notes about Booting .

  • Page 10: Table Of Contents, Interface Access And System Information

    7 Interface Access and System Information Contents ............7-1 Overview .

  • Page 11: Table Of Contents, Time Protocols

    The Source IP Selection Policy ......8-21 Displaying the Source IP Interface Information ....8-24 Error Messages .

  • Page 12: Table Of Contents

    Displaying All SNTP Server Addresses Configured on the Switch . . 9-37 Adding and Deleting SNTP Server Addresses ....9-38 Menu: Operation with Multiple SNTP Server Addresses Configured .

  • Page 13: Table Of Contents, Port Trunking

    Configuring UDLD ......... 10-32 Enabling UDLD .

  • Page 14: Table Of Contents

    12 Port Traffic Controls Contents ........... . . 12-1 Overview .

  • Page 15: Table Of Contents

    13 Configuring for Network Management Applications Contents ........... . . 13-1 Using SNMP Tools To Manage the Switch .

  • Page 16: Table Of Contents

    LLDP-MED ......... . . 13-43 Packet Boundaries in a Network Topology .

  • Page 17: Table Of Contents

    A File Transfers Contents ........... . . A-1 Overview .

  • Page 18: Table Of Contents

    Xmodem: Copying a Configuration File to a USB Serial Console Connected PC or UNIX Workstation ....A-28 Xmodem: Copying a Configuration File from a Serially Connected PC or UNIX Workstation ..... . A-29 Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation .

  • Page 19: Table Of Contents

    Internet Group Management Protocol (IGMP) Status ... B-19 VLAN Information ......... B-20 Web Browser Interface Status Information .

  • Page 20: Table Of Contents

    C Troubleshooting Contents ........... . . C-1 Overview .

  • Page 21: Table Of Contents

    Displaying a Debug/Syslog Configuration ....C-41 Debug Command ......... . C-44 Debug Messages .

  • Page 22: Table Of Contents

    Basic Operation ......... . . C-79 Configuring and Using DNS Resolution with DNS-Compatible Commands .

  • Page 23: Table Of Contents

    OOBM enable/disable ........G-8 OOBM port enable/disable ....... G-9 OOBM IPv4 address configuration .

  • Page 24

    xxii...

  • Page 25: Product Documentation

    Product Documentation About Your Switch Manual Set N o t e For the latest version of switch documentation, please visit any of the follow­ ing websites: www.hp.com/networking/support www.hp.com/go/bladesystem/documentation h18004.www1.hp.com/products/blades/components/c-class-tech-installing.html Printed Publications The publication listed below is printed and shipped with your switch. The latest version is also available in PDF format, as described in the Note at the top of this page.

  • Page 26

    Software Feature Index This feature index indicates which manual to consult for information on a given software feature. N o t e This Index does not cover IPv6 capable software features. For information on IPv6 protocol operations and features (such as DHCPv6, DNS for IPv6, and Ping6), refer to the IPv6 Configuration Guide.

  • Page 27

    Intelligent Edge Software Manual Features Management Advanced Multicast and Access Traffic Routing Security Configuration Management Guide Authorized Manager List (Web, Telnet, TFTP) Auto MDIX Configuration BOOTP CEE (Converged Enhanced Ethernet) (6120XG only) Config File Console Access Copy Command CoS (Class of Service) Debug DHCP Configuration DHCP Option 82...

  • Page 28

    Intelligent Edge Software Manual Features Management Advanced Multicast and Access Traffic Routing Security Configuration Management Guide IGMP Interface Access (Telnet, Console/Serial, Web) IP Addressing IP Routing Jumbo Packets LACP LLDP LLDP-MED Loop Protection MAC Address Management MAC Lockdown MAC Lockout MAC-based Authentication Monitoring and Analysis Network Management Applications (SNMP)

  • Page 29

    Intelligent Edge Software Manual Features Management Advanced Multicast and Access Traffic Routing Security Configuration Management Guide RADIUS Authentication and Accounting RADIUS-Based Configuration RMON 1,2,3,9 Routing - IP static Secure Copy sFlow SFTP SNMPv3 Software Downloads (SCP/SFTP, TFPT, Xmodem) Source-Port Filters Spanning Tree (STP, RSTP, MSTP) SSHv2 (Secure Shell) Encryption SSL (Secure Socket Layer)

  • Page 30

    Intelligent Edge Software Manual Features Management Advanced Multicast and Access Traffic Routing Security Configuration Management Guide Web UI xxviii...

  • Page 31: Contents

    Getting Started Contents Introduction ..........1-2 Conventions .

  • Page 32: Introduction, Conventions, Command Syntax Statements

    Getting Started Introduction Introduction This guide is intended for use with the HP ProCurve 6120G/XG and 6120XG switches. It describes how to use the command line interface (CLI), Menu interface, and web browser to configure, manage, monitor, and troubleshoot switch opera­...

  • Page 33: Command Prompts, Screen Simulations, Configuration And Operation Examples, Keys

    Conventions Command Prompts In the default configuration, your switch displays a CLI prompt similar to the following examples: ProCurve 6120G/XG Blade Switch# ProCurve 6120XG Blade Switch# To simplify recognition, this guide uses ProCurve to represent command prompts. For example: ProCurve# (You can use the hostname command to change the text in the CLI prompt.)

  • Page 34: Sources For More Information

    Getting Started Sources for More Information Sources for More Information For information about switch operation and features not covered in this guide, consult the following sources: ■ Feature Index—For information on which manual to consult for a given software feature, refer to the “Software Feature Index” on page xiv. N o t e For the latest version of all HP ProCurve switch documentation referred to below, including Release Notes covering recently added features, visit any of...

  • Page 35

    Getting Started Sources for More Information • SNMP, LLDP, and other network management topics • file transfers, switch monitoring, troubleshooting, and MAC address management ■ Advanced Traffic Management Guide—Use this guide for information on topics such as: • VLANs: Static port-based and protocol VLANs, and dynamic GVRP VLANs •...

  • Page 36: Getting Documentation From The Web, Online Help, Menu Interface

    Getting Started Sources for More Information Getting Documentation From the Web To obtain the latest versions of documentation and release notes for your switch, go to any of the following web sites: www.procurve.com/manuals www.hp.com/go/bladesystem/documentation h18004.www1.hp.com/products/blades/components/c-class-tech-installing.html Online Help Menu Interface If you need information on specific parameters in the menu interface, refer to the online help provided in the interface.

  • Page 37: Command Line Interface, Web Browser Interface

    Getting Started Sources for More Information Command Line Interface If you need information on a specific command in the CLI, type the command name followed by help. For example: Figure 1-3. Example of CLI Help Web Browser Interface If you need information on specific features in the HP ProCurve Web Browser Interface (hereafter referred to as the “web browser interface”), use the online Help.

  • Page 38: Need Only A Quick Start?, Ip Addressing, Need Only A Quick Start

    Getting Started Need Only a Quick Start? The Help Button Figure 1-5. Button for Onboard Administrator Interface Online Help Need Only a Quick Start? IP Addressing If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, ProCurve recommends that you use the Switch Setup screen to quickly configure IP addressing.

  • Page 39: To Set Up And Install The Switch In Your Network, Physical Installation

    Getting Started To Set Up and Install the Switch in Your Network To Set Up and Install the Switch in Your Network Physical Installation Use the Installation and Getting Started Guide for the following: ■ Notes, cautions, and warnings related to installing and using the switch and its related modules ■...

  • Page 40

    Getting Started To Set Up and Install the Switch in Your Network 1-10...

  • Page 41

    Selecting a Management Interface Contents Selecting a Management Interface Contents Overview ........... . . 2-2 Understanding Physical Interfaces .

  • Page 42: Overview, Understanding Physical Interfaces

    Selecting a Management Interface Overview Overview This chapter describes the following: ■ Physical Interfaces Management interfaces ■ ■ Advantages of using each interface Understanding Physical Interfaces Physical interfaces on the switch and the C-class enclosure it is installed in provide the following options for accessing the management interfaces described in the next section: Data ports on the switch console provide networked in-band access ■...

  • Page 43: Understanding Management Interfaces

    Selecting a Management Interface Understanding Management Interfaces N o t e The switches covered in this guide allow up to 6 console connections. Console session 1 always belongs to the serial console, console session 2 always belongs to the USB serial console, and the remaining 4 can be used via ssh or telnet from a network connection.

  • Page 44: Advantages Of Using The Menu Interface

    Selecting a Management Interface Advantages of Using the Menu Interface Advantages of Using the Menu Interface Figure 2-1. Example of the Console Interface Display Provides quick, easy management access to a menu-driven subset of ■ switch configuration and performance features: • IP addressing •...

  • Page 45: Advantages Of Using The Cli, General Benefits, Information On Using The Cli

    Selecting a Management Interface Advantages of Using the CLI Advantages of Using the CLI Prompt for Operator Level ProCurve> Prompt for Manager Level ProCurve# Prompt for Global Configuration ProCurve(config)# Level Prompt for Context ProCurve(<context>)# Configuration Levels For example: ProCurve(eth-1-5)# ProCurve(vlan-1)# Figure 2-2.

  • Page 46: Advantages Of Using The Web Browser Interface

    Selecting a Management Interface Advantages of Using the Web Browser Interface Advantages of Using the Web Browser Interface Figure 2-3. Example of the Web Browser Interface Easy access to the switch from anywhere on the network ■ Familiar browser interface--locations of window objects consistent ■...

  • Page 47: Or Procurve Manager Plus

    Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus Advantages of Using ProCurve Manager or ProCurve Manager Plus You can operate ProCurve Manager and ProCurve Manager Plus (PCM and PCM+) from a PC on the network to monitor traffic, manage your hubs and switches, and proactively recommend network changes to increase network uptime and optimize performance.

  • Page 48: Web Browser Interfaces

    Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus RMON and sFlow, users can monitor overall traffic levels, segments with the highest traffic, or even the top users within a network segment. • Group and Policy Management: Changes in configuration are tracked and logged, and archived configurations can be applied to one or many devices.

  • Page 49: Banner Operation With Telnet, Serial, Or Sshv2 Access, Banner Operation With Web Browser Access

    Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus Banner Operation with Telnet, Serial, or SSHv2 Access When a system operator begins a login session, the switch displays the banner above the local password prompt or, if no password is configured, above the Press any key to continue prompt.

  • Page 50: Example Of Configuring And Displaying A Banner

    Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus < banner-text-string > The switch allows up to 3070 banner characters, including blank spaces and CR-LF ([Enter]). (The tilde “ “ and the delimiter defined by banner motd <delimiter> are not allowed as part of the banner text.) While entering banner text, you can backspace to edit the current line (that is, a line that has not been terminated by a CR-LF.)

  • Page 51

    Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus ProCurve(config)# show banner motd Banner Information Banner status: Enabled Configured Banner: This is a private system maintained by the Allied Widget Corporation. Unauthorized use of this system can result in civil and criminal penalties! Figure 2-5.

  • Page 52

    Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus The next time someone logs onto the switch’s management CLI, the following appears: The login screen displays the configured banner. Entering a correct password clears the banner and displays the CLI prompt.

  • Page 53: Operating Notes

    Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus If someone uses a Web browser to log in to the switch interface, the following message appears: Figure 2-8. Example of Web Browser Interface Result of the Login Banner Configuration Operating Notes ■...

  • Page 54

    Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus 2-14...

  • Page 55

    Using the Menu Interface Contents Overview ........... . . 3-2 Starting and Ending a Menu Session .

  • Page 56

    Using the Menu Interface Overview Overview This chapter describes the following features: Overview of the Menu Interface (page 3-2) ■ Starting and ending a Menu session (page 3-3) ■ ■ The Main Menu (page 3-7) Screen structure and navigation (page 3-9) ■...

  • Page 57: Starting And Ending A Menu Session

    Using the Menu Interface Starting and Ending a Menu Session N o t e If the switch has neither a Manager nor an Operator password, anyone having access to the console interface can operate the console with full manager privileges. Also, if you configure only an Operator password, entering the Operator password enables full manager privileges.

  • Page 58: How To Start A Menu Interface Session

    Using the Menu Interface Starting and Ending a Menu Session How To Start a Menu Interface Session In its factory default configuration, the switch console starts with the CLI prompt. To use the menu interface with Manager privileges, go to the Manager level prompt and enter the command.

  • Page 59: How To End A Menu Session And Exit From The Console:

    Using the Menu Interface Starting and Ending a Menu Session Figure 3-1. Example of the Main Menu with Manager Privileges For a description of Main Menu features, see “Main Menu Features” on page 3-7. N o t e To configure the switch to start with the menu interface instead of the CLI, go to the Manager level prompt in the CLI, enter the command, and in the setup...

  • Page 60

    Using the Menu Interface Starting and Ending a Menu Session Asterisk indicates a configuration change that requires a reboot to activate. Figure 3-2. Example Indication of a Configuration Change Requiring a Reboot 1. In the current session, if you have not made configuration changes that require a switch reboot to activate, return to the Main Menu and press (zero) to log out.

  • Page 61: Main Menu Features

    Using the Menu Interface Main Menu Features Main Menu Features Figure 3-3. The Main Menu View with Manager Privileges The Main Menu gives you access to these Menu interface features: ■ Status and Counters: Provides access to display screens showing switch information, port status and counters, and port and VLAN address tables.

  • Page 62

    Using the Menu Interface Main Menu Features Command Line (CLI): Selects the Command Line Interface at the same ■ level (Manager or Operator) that you are accessing in the Menu interface. (Refer to Chapter 4, “Using the Command Line Interface (CLI)”.) ■...

  • Page 63: Screen Structure And Navigation

    Using the Menu Interface Screen Structure and Navigation Screen Structure and Navigation Menu interface screens include these three elements: ■ Parameter fields and/or read-only information such as statistics Navigation and configuration actions, such as Save, Edit, and Cancel ■ ■ Help line to describe navigation options, individual parameters, and read- only data For example, in the following System Information screen:...

  • Page 64

    Using the Menu Interface Screen Structure and Navigation Table 3-1. How To Navigate in the Menu Interface Task: Actions: Execute an action Use either of the following methods: from the “Actions –>” • Use the arrow keys ([<], or [>]) to highlight the action you want list at the bottom of to execute, then press [Enter].

  • Page 65

    Using the Menu Interface Screen Structure and Navigation To get Help on individual parameter descriptions. In most screens there is a Help option in the Actions line. Whenever any of the items in the Actions line is highlighted, press , and a separate help screen is displayed. For example: Pressing [H] or highlighting Help and pressing [Enter] displays Help for the...

  • Page 66: Rebooting The Switch

    Using the Menu Interface Rebooting the Switch Rebooting the Switch Rebooting the switch from the menu interface ■ Terminates all current sessions and performs a reset of the operating system Activates any menu interface configuration changes that require a reboot ■...

  • Page 67

    Using the Menu Interface Rebooting the Switch Rebooting To Activate Configuration Changes. Configuration changes for most parameters in the menu interface become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the .

  • Page 68: Menu Features List

    Using the Menu Interface Menu Features List Menu Features List Status and Counters • General System Information • Switch Management Address Information • Port Status • Port Counters • Address Table • Port Address Table Switch Configuration • System Information •...

  • Page 69: Where To Go From Here

    Using the Menu Interface Where To Go From Here Where To Go From Here This chapter provides an overview of the menu interface and how to use it. The following table indicates where to turn for detailed information on how to use the individual features available through the menu interface.

  • Page 70

    Using the Menu Interface Where To Go From Here 3-16...

  • Page 71

    Using the Command Line Interface (CLI) Contents Overview ........... . . 4-2 Accessing the CLI .

  • Page 72: Accessing The Cli, Overview, Using The Cli

    Using the Command Line Interface (CLI) Overview Overview The CLI is a text-based command interface for configuring and monitoring the switch. The CLI gives you access to the switch’s full set of commands while providing the same password protection that is used in the web browser interface and the menu interface.

  • Page 73: Privilege Levels At Logon

    Using the Command Line Interface (CLI) Using the CLI When you use the CLI to make a configuration change, the switch writes the change to the Running-Config file in volatile memory. This allows you to test your configuration changes before making them permanent. To make changes permanent, you must use the write memory command to save them to the Startup-Config file in non-volatile memory.

  • Page 74: Privilege Level Operation, Operator Privileges

    Using the Command Line Interface (CLI) Using the CLI C a u t i o n ProCurve strongly recommends that you configure a Manager password. If a Manager password is not configured, then the Manager level is not password- protected, and anyone having in-band or out-of-band access to the switch may be able to reach the Manager level and compromise switch and network security.

  • Page 75: Manager Privileges

    Using the Command Line Interface (CLI) Using the CLI Manager Privileges Manager privileges give you three additional levels of access: Manager, Global Configuration, and Context Configuration. A “#” character delimits any Man­ ager prompt. For example: ProCurve#_ Example of the Manager prompt. ■...

  • Page 76

    Using the Command Line Interface (CLI) Using the CLI Table 4-1. Privilege Level Hierarchy Privilege Example of Prompt and Permitted Operations Level Operator Privilege Operator Level ProCurve> show < command > View status and configuration information. setup ping < argument > Perform connectivity tests.

  • Page 77: How To Move Between Levels

    Using the Command Line Interface (CLI) Using the CLI How To Move Between Levels Change in Levels Example of Prompt, Command, and Result Operator level > enable ProCurve Password:_ Manager level enable After you enter , the Password prompt appears. After you enter the Manager password, the system prompt appears with the # symbol: ProCurve...

  • Page 78: Listing Commands And Command Options, Listing Commands Available At Any Privilege Level

    Using the Command Line Interface (CLI) Using the CLI For example, if you use the menu interface to configure an IP address of “X” for VLAN 1 and later use the CLI to configure a different IP address of “Y” for VLAN 1, then “Y”...

  • Page 79

    Using the Command Line Interface (CLI) Using the CLI Typing ? at the Manager level produces this listing: When - - MORE - - appears, use the Space bar or [Return] to list additional commands. Figure 4-4.Example of the Manager-Level Command Listing When - - MORE - - appears, there are more commands in the listing.

  • Page 80: Listing Command Options

    Using the Command Line Interface (CLI) Using the CLI As mentioned above, if you type part of a command word and press , the [Tab] CLI completes the current word (if you have typed enough of the word for the CLI to distinguish it from other possibilities), including hyphenated exten­...

  • Page 81: Displaying Cli "help", Displaying Cli "help

    Using the Command Line Interface (CLI) Using the CLI Displaying CLI “Help” CLI Help provides two types of context-sensitive information: ■ Command list with a brief summary of each command’s purpose Detailed information on how to use individual commands ■ Displaying Command-List Help.

  • Page 82

    Using the Command Line Interface (CLI) Using the CLI Figure 4-7.Example of How To Display Help for a Specific Command Note that trying to list the help for an individual command from a privilege level that does not include that command results in an error message. For example, trying to list the help for the interface command while at the global configuration level produces this result: ProCurve# speed-duplex help...

  • Page 83: Configuration Commands And The Context Configuration Modes

    Using the Command Line Interface (CLI) Using the CLI Configuration Commands and the Context Configuration Modes You can execute any configuration command in the global configuration mode or in selected context modes. However, using a context mode enables you to execute context-specific commands faster, with shorter command strings.

  • Page 84

    Using the Command Line Interface (CLI) Using the CLI In the port context, the first block of commands in the “?” listing show the context-specific commands that will affect only ports C3-C6. The remaining commands in the listing are Manager, Operator, and context commands.

  • Page 85

    Using the Command Line Interface (CLI) Using the CLI VLAN Context . Includes VLAN-specific commands that apply only to the selected VLAN, plus Manager and Operator commands. The prompt for this mode includes the VLAN ID of the selected VLAN. For example, if you had already configured a VLAN with an ID of 100 in the switch: ProCurve(config)# vlan 100 Command executed at configuration level to enter VLAN 100 context.

  • Page 86: Cli Control And Editing, Executing A Prior Command—redo, Repeating Execution Of A Command

    Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing Executing a Prior Command—Redo The redo command executes a prior command in the history list. Syntax: redo [number | command-str] Re-executes a command from history. Executes the last command by default.

  • Page 87

    Using the Command Line Interface (CLI) CLI Control and Editing Syntax: repeat [cmdlist] [count] [delay] Repeats execution of a previous command. Repeats the last command by default until a key is pressed. cmdlist: If a number or range of numbers is specified, the command repeats the n most recent commands (where “n”...

  • Page 88: Using A Command Alias

    Using the Command Line Interface (CLI) CLI Control and Editing Using a Command Alias You can create a simple command alias to use in place of a command name and its options. Choose an alias name that is not an existing CLI command already.

  • Page 89

    Using the Command Line Interface (CLI) CLI Control and Editing ProCurve(config)# show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi Status and Counters - Custom Port Status Intrusion Port Name Type VLAN Alert Speed Enabled MDI-mode ---- ---------- ---------- ----- --------- ------- ------- -------- Acco 100/1000T 1000FDx Yes...

  • Page 90: Cli Shortcut Keystrokes

    Using the Command Line Interface (CLI) CLI Control and Editing ProCurve(config)# show alias Name Command -------------------- ------------------------------ show config show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi Figure 4-13. Example of Alias Commands and Their Configurations CLI Shortcut Keystrokes Keystrokes Function...

  • Page 91

    Using the ProCurve Web Browser Interface Contents Overview ........... . . 5-3 General Features .

  • Page 92

    Using the ProCurve Web Browser Interface Contents Setting Fault Detection Policy ....... . 5-25...

  • Page 93

    Using the ProCurve Web Browser Interface Overview Overview The ProCurve web browser interface built into the switch lets you easily access the switch from a browser-based PC on your network. This lets you do the following: Optimize your network uptime by using the Alert Log and other diagnostic ■...

  • Page 94: General Features

    Using the ProCurve Web Browser Interface General Features General Features The web browser interface includes these features: Switch Identity and Status: • General system data • Software version • IP address • Status Overview • Port utilization • Port counters •...

  • Page 95: Interface Session With The Switch

    Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Switch Starting a Web Browser Interface Session with the Switch You can start a web browser session in the following ways: ■ Using a standalone web browser on a network connection from a PC or UNIX workstation: •...

  • Page 96: Procurve Manager Plus (pcm+)

    Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Switch Using ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+) ProCurve Manager and ProCurve Manager Plus are designed for installation on a network management workstation. For this reason, the system require­ ments are different from the system requirements for accessing the switch’s web browser interface from a non-management PC or workstation.

  • Page 97

    Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Switch First time install alert Figure 5-1. Example of Status Overview Screen...

  • Page 98: Tasks For Your First Procurve Web Browser Interface Session, Viewing The "first Time Install" Window

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Tasks for Your First ProCurve Web Browser Interface Session The first time you access the web browser interface, there are three tasks you should perform: ■...

  • Page 99: In The Browser Interface

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session This window is the launching point for the basic configuration you need to perform to set web browser interface passwords for maintaining security and a fault detection policy, which determines the types of messages that the Alert Log displays.

  • Page 100

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Figure 5-3. The Device Passwords Window To set the passwords: 1. Access the Device Passwords screen by one of the following methods: • If the Alert Log includes a “First Time Install” event entry, double click on this event, then, in the resulting display, click on the secure access to the device link.

  • Page 101: Entering A User Name And Password, Using A User Name, If You Lose The Password

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Entering a User Name and Password Figure 5-4. Example of the Password Prompt in the Web Browser Interface The manager and operator passwords are used to control access to all switch interfaces.

  • Page 102: Online Help For The Web Browser Interface

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session The Clear button is provided for your convenience, but its presence means that if you are concerned with the security of the switch configuration and operation, you should make sure the switch is installed in a secure location, such as a locked wiring closet.

  • Page 103: Support/mgmt Urls Feature

    Using the ProCurve Web Browser Interface Support/Mgmt URLs Feature Support/Mgmt URLs Feature The Support/Mgmt URLs window enables you to change the World Wide Web Universal Resource Locator (URL) for two functions: ■ Support URL – A support information site for your switch Management Server URL –...

  • Page 104: Support Url, Help And The Management Server Url

    Using the ProCurve Web Browser Interface Support/Mgmt URLs Feature Support URL For technical support, go to: www.hp.com/#Support. Help and the Management Server URL The Management Server URL field specifies the URL the switch uses to find online Help for the web browser interface. ■...

  • Page 105: Using The Pcm Server For Switch Web Help

    PCM server to host the switch help files for devices that do not have HTTP access to the ProCurve Support Web site. Go to the ProCurve Support web site to get the Device Help files: www.hp.com//rnd/device_help/ Copy the Web help files to the PCM server, under: C:\\program files\hewlett-packard\pnm\server\webroot\ rnd\sevice_help\help\hpwnd\webhelp 5-15...

  • Page 106

    Using the ProCurve Web Browser Interface Support/Mgmt URLs Feature 3. Add an entry, or edit the existing entry in the Discovery portion of the global properties (globalprops.prp) in PCM to redirect the switches to the help files on the PCM server. For example: Global { TempDir=data/temp Discovery{...

  • Page 107: Status Reporting Features, The Overview Window

    Using the ProCurve Web Browser Interface Status Reporting Features Status Reporting Features Browser elements covered in this section include: The Overview window (below) ■ ■ Port utilization and status (page 5-18) ■ The Alert log (page 5-21) The Status bar (page 5-23) ■...

  • Page 108: The Port Utilization And Status Displays, Port Utilization

    Using the ProCurve Web Browser Interface Status Reporting Features Policy Management and Configuration. PCM can perform network-wide policy management and configuration of your switch. The Management Server URL field (page 5-14) shows the URL for the management station performing that function. For more information, refer to the documentation provided with the PCM software.

  • Page 109

    Using the ProCurve Web Browser Interface Status Reporting Features % Error Pkts Rx: All error packets received by the port. (This indicator ■ is a reddish color on many systems.) Although errors received on a port are not propagated to the rest of the network, a consistently high number of errors on a specific port may indicate a problem on the device or network segment connected to the indicated port.

  • Page 110: Port Status

    Using the ProCurve Web Browser Interface Status Reporting Features Figure 5-11. Display of Numerical Values for the Bar Port Status Port Status Indicators Legend Figure 5-12. The Port Status Indicators and Legend The Port Status indicators show a symbol for each port that indicates the general status of the port.

  • Page 111: The Alert Log, Sorting The Alert Log Entries

    Using the ProCurve Web Browser Interface Status Reporting Features The Alert Log The web browser interface Alert Log, shown in the lower half of the screen, shows a list of network occurrences, or alerts, that were detected by the switch. Typical alerts are Broadcast Storm, indicating an excessive number of broadcasts received on a port, and Problem Cable, indicating a faulty cable.

  • Page 112: Alert Types And Detailed Views

    Using the ProCurve Web Browser Interface Status Reporting Features Alert Types and Detailed Views As of June, 2007, the web browser interface generates the following alert types: • Auto Partition • High collision or drop rate • Backup Transition • Loss of Link •...

  • Page 113: The Status Bar

    Using the ProCurve Web Browser Interface Status Reporting Features Figure 5-14. Example of Alert Log Detail View The Status Bar The Status Bar appears in the upper left corner of the web browser interface window. Figure 5-15 shows an expanded view of the status bar. Status Indicator Most Critical Alert Description Product Name...

  • Page 114

    Using the ProCurve Web Browser Interface Status Reporting Features The Status bar includes four objects: ■ Status Indicator. Indicates, by icon, the severity of the most critical alert in the current display of the Alert Log. This indicator can be one of four shapes and colors, as shown below.

  • Page 115: Setting Fault Detection Policy

    Using the ProCurve Web Browser Interface Status Reporting Features Setting Fault Detection Policy One of the powerful features in the web browser interface is the Fault Detection facility. For your switch, this feature controls the types of alerts reported to the Alert Log based on their level of severity. Set this policy in the Fault Detection window (figure 5-16).

  • Page 116

    Using the ProCurve Web Browser Interface Status Reporting Features To provide the most information on network problems in the Alert Log, the recommended sensitivity level for Log Network Problems is High Sensitivity. The Fault Detection settings are: ■ High Sensitivity. This policy directs the switch to send all alerts to the Alert Log.

  • Page 117

    Switch Memory and Configuration Contents Overview ........... . . 6-3 Configuration File Management .

  • Page 118: Table Of Contents

    Switch Memory and Configuration Contents Changing or Overriding the Reboot Configuration Policy ..6-30 Managing Startup-Config Files in the Switch ....6-32 Renaming an Existing Startup-Config File .

  • Page 119: Configuration File Management, Overview

    Switch Memory and Configuration Overview Overview This chapter describes: ■ How switch memory manages configuration changes How the CLI implements configuration changes ■ ■ How the menu interface and web browser interface implement configu­ ration changes ■ How the switch provides software options through primary/secondary flash images How to use the switch’s primary and secondary flash options, including ■...

  • Page 120

    Switch Memory and Configuration Configuration File Management Startup-config File: Exists in flash (non-volatile) memory and is used ■ to preserve the most recently-saved configuration as the “permanent” configuration. Booting the switch replaces the current running-config file with a new run­ ning-config file that is an exact copy of the current startup-config file.

  • Page 121

    Switch Memory and Configuration Configuration File Management The above command disables port 5 in the running-config file, but not in the startup-config file. Port 5 remains disabled only until the switch reboots. If you want port 5 to remain disabled through the next reboot, use write memory to save the current running-config file to the startup-config file in flash memory.

  • Page 122: Using The Cli To Implement Configuration Changes

    Switch Memory and Configuration Using the CLI To Implement Configuration Changes Using the CLI To Implement Configuration Changes The CLI offers these capabilities: Access to the full set of switch configuration features ■ ■ The option of testing configuration changes before making them perma­ nent How To Use the CLI To View the Current Configuration Files.

  • Page 123

    Switch Memory and Configuration Using the CLI To Implement Configuration Changes 3. Observe the switch’s performance with the new parameter settings to verify the effect of your changes. 4. When you are satisfied that you have the correct parameter settings, use command to copy the changes to the startup-config file.

  • Page 124

    Switch Memory and Configuration Using the CLI To Implement Configuration Changes How To Cancel Changes You Have Made to the Running-Config File. If you use the CLI to change parameter settings in the running-config file, and then decide that you don’t want those changes to remain, you can use either of the following methods to remove them: ■...

  • Page 125

    Switch Memory and Configuration Using the CLI To Implement Configuration Changes N o t e If you use the CLI to make a change to the running-config file, you should either use the command or select the save option allowed during write memory a reboot (figure 6-6-2, above) to save the change to the startup-config file.

  • Page 126: Configuration Changes, Menu: Implementing Configuration Changes

    Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Using the Menu and Web Browser Interfaces To Implement Configuration Changes The menu and web browser interfaces offer these advantages: Quick, easy menu or window access to a subset of switch configuration ■...

  • Page 127: Rebooting From The Menu Interface

    Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes To save and implement the changes for all parameters in this screen, press the [Enter] key, then press [S] (for Save). To cancel all changes, press the [Enter] key, then press [C] (for Cancel) Figure 6-4.

  • Page 128

    Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Optional Reboot Switch Command Figure 6-5. The Reboot Switch Option in the Main Menu Rebooting To Activate Configuration Changes. Configuration changes for most parameters become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the Maximum VLANs to support...

  • Page 129: Web: Implementing Configuration Changes

    Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Asterisk indicates a configuration change that requires a reboot in order to take effect. Reminder to reboot the switch to activate configuration changes. Figure 6-6. Indication of a Configuration Change Requiring a Reboot Web: Implementing Configuration Changes You can use the web browser interface to simultaneously save and implement...

  • Page 130: Using Primary And Secondary Flash Image Options, Displaying The Current Flash Image Data

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options Using Primary and Secondary Flash Image Options The switches covered in this guide feature two flash memory locations for storing switch software image files: ■ Primary Flash: The default storage for a switch software image. ■...

  • Page 131

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options For example, if the switch is using a software version of Z.14.04 stored in Primary flash, show version produces the following: ProCurve(config)# show version Image stamp: /sw/code/build/vern(t4br) Jul 27 2009 13:42:40 Z.14.04 1037 Boot Image:...

  • Page 132: Switch Software Downloads

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options switch from the opposite flash image and using show version again, you can determine the version(s) of switch software in both flash sources. For exam­ ple: ProCurve(config)# show version 1.

  • Page 133: Local Switch Software Replacement And Removal

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options N o t e xmodem should not be used over the OA serial console. It should only be used over the USB serial console connection. Download Interruptions. In most cases, if a power failure or other cause interrupts a flash image download, the switch reboots with the image previ­...

  • Page 134

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options flash image in RAM. Do not reboot the switch. Instead, immediately download another valid flash image to primary or secondary flash. Otherwise, if the switch is rebooted without a software image in either primary or secondary flash, the temporary flash image in RAM will be cleared and the switch will go down.

  • Page 135: Operating Notes About Booting, Rebooting The Switch

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options Syntax: erase flash < primary | secondary > For example, to erase the software image in primary flash, do the following: 1. First verify that a usable flash image exists in secondary flash. The most reliable way to ensure this is to reboot the switch from the flash image you want to retain.

  • Page 136: Boot And Reload Command Comparison

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options Image does not exist Operation aborted. Interaction of Primary and Secondary Flash Images with the Current Configuration. The switch has one startup-config file (page 6-3), which it always uses for reboots, regardless of whether the reboot is from primary or secondary flash.

  • Page 137: Setting The Default Flash

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options Table 6-2. Comparing the Boot and Reload Commands Actions Included In Included In Reload Note Boot? Save all Optional, Optional with reload Config changes saved to configuration with prompt <cr>, when prompt the startup-config file if reload...

  • Page 138: Booting From The Default Flash (primary Or Secondary), Booting From A Specified Flash

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options Booting from the Default Flash (Primary or Secondary) The boot command boots the switch from the flash image that you are currently booted on, or the flash image that was set either by the boot set- default command or by the last executed boot system flash <primary | secondary>...

  • Page 139: Using Reload

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options ProCurve(config)# boot system flash secondary System will be rebooted from secondary image. Do you want to continue [y/n]? Figure 6-15. Example of Boot Command with Secondary Flash Option In the above example, typing either a at the second prompt initiates the reboot operation.

  • Page 140

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options ProCurve(config)# max-vlans 12 Command will take effect after saving configuration and reboot. ProCurve(config)# reload This command will cause a switchover to the other management module which may not be running the same software image and configurations. Do you want to continue [y/n]? y Figure 6-16.

  • Page 141: Multiple Configuration Files

    Switch Memory and Configuration Multiple Configuration Files Multiple Configuration Files Action Page Listing and Displaying Startup-Config Files 6-29 Changing or Overriding the Reboot Configuration Policy 6-30 Managing Startup-Config Files Renaming Startup-Config Files 6-33 Copying Startup-Config Files 6-33 Erasing Startup-Config Files 6-35 Effect of Using the Clear + Reset Buttons 6-37...

  • Page 142: General Operation

    Switch Memory and Configuration Multiple Configuration Files Transitions from one software release to another can be performed while ■ maintaining a separate configuration for the different software release versions. ■ By setting a reboot policy using a known good configuration and then overriding the policy on a per-instance basis, you can test a new configu­...

  • Page 143: Transitioning To Multiple Configuration Files

    Switch Memory and Configuration Multiple Configuration Files 2. Use the CLI to make configuration changes in the running-config file, and then execute write mem. The result is that the startup-config file used to reboot the switch is modified by the actions in step 2. Boot Command Primary Boot Path Active Startup-Config File:...

  • Page 144

    Switch Memory and Configuration Multiple Configuration Files Saves a copy of the existing startup-config file in memory slot 2 with the ■ filename workingConfig. Assigns the workingConfig file as the active configuration and the default ■ configuration for all subsequent reboots using either primary or second­ ary flash.

  • Page 145: Listing And Displaying Startup-config Files, Configuration Enabled

    Switch Memory and Configuration Multiple Configuration Files Listing and Displaying Startup-Config Files Command Page show config files Below show config < filename > 6-30 Viewing the Startup-Config File Status with Multiple Configuration Enabled Rebooting the switch automatically enables the multiple configuration fea­ ture.

  • Page 146: Displaying The Content Of A Specific Startup-config File, Changing Or Overriding The Reboot Configuration Policy

    Switch Memory and Configuration Multiple Configuration Files Displaying the Content of A Specific Startup-Config File With Multiple Configuration enabled, the switch can have up to three startup­ config files. Because the show config command always displays the content of the currently active startup-config file, the command extension shown below is needed to allow viewing the contents of any other startup-config files stored in the switch.

  • Page 147

    Switch Memory and Configuration Multiple Configuration Files Syntax: startup-default [ primary | secondary ] config < filename > Specifies a boot configuration policy option: [ primary | secondary ] config < filename >: Designates the startup-config file to use in a reboot with the software version stored in a specific flash location.

  • Page 148: Managing Startup-config Files In The Switch

    Switch Memory and Configuration Multiple Configuration Files ProCurve(config)# startup-default pri config minconfig ProCurve(config) # startup-default sec config newconfig. Overriding the Default Reboot Configuration Policy. This command provides a method for manually rebooting with a specific startup-config file other than the file specified in the default reboot configuration policy. Syntax: boot system flash <...

  • Page 149: Renaming An Existing Startup-config File, Creating A New Startup-config File

    Switch Memory and Configuration Multiple Configuration Files Renaming an Existing Startup-Config File Syntax: rename config < current-filename > < newname-str > This command changes the name of an existing startup­ config file. A file name can include up to 63, alphanumeric characters.

  • Page 150

    Switch Memory and Configuration Multiple Configuration Files This command makes a local copy of an existing startup­ config file by copying the contents of an existing startup­ config file in one memory slot to a new startup-config file in another, empty memory slot. This enables you to use a sepa­ rate configuration file to experiment with configuration changes, while preserving the source file unchanged.

  • Page 151: Erasing A Startup-config File

    Switch Memory and Configuration Multiple Configuration Files If you wanted to experiment with configuration changes to the software version in secondary flash, you could create and assign a separate startup­ config file for this purpose. The first two commands copy the config1 startup-config file to config2, and then make config2 the default startup-config file for booting from secondary flash.

  • Page 152

    Switch Memory and Configuration Multiple Configuration Files Note: Where a file is assigned to either the primary or the secondary flash, but is not the currently active startup­ config file, erasing the file does not remove the flash assignment from the memory slot for that file. Thus, if the switch boots using a flash location that does not have an assigned startup-config, then the switch creates a new, default startup-config file and uses this file in the reboot.

  • Page 153: Switch To Its Default Configuration, Transferring Startup-config Files To Or From A Remote Server

    Switch Memory and Configuration Multiple Configuration Files With the same memory configuration as is shown in the bottom portion of figure 6-22, executing erase startup-config boots the switch from primary flash, resulting in a new file named minconfig in the same memory slot. The new file contains the default configuration for the software version currently in pri­...

  • Page 154: Tftp: Copying A Configuration File To A Remote Host

    Switch Memory and Configuration Multiple Configuration Files copy config < src-file > xmodem < pc | unix > [oobm] 6-40 copy xmodem config < dest-file > < pc | unix > [oobm] 6-40 TFTP: Copying a Configuration File to a Remote Host Syntax: copy config <...

  • Page 155: Tftp: Copying A Configuration File From A Remote Host

    Switch Memory and Configuration Multiple Configuration Files TFTP: Copying a Configuration File from a Remote Host Syntax: copy tftp config < dest-file > < ip-addr > < remote-file > < pc | unix > [oobm] This is an addition to the copy tftp command options. Use this command to download a configuration file from a TFTP server to the switch.

  • Page 156: Connected Host

    Switch Memory and Configuration Multiple Configuration Files Xmodem: Copying a Configuration File to a Serially Connected Host Syntax: copy config < filename > xmodem < pc | unix > [oobm] This is an addition to the copy < config > xmodem command options.

  • Page 157: Operating Notes For Multiple Configuration Files, Automatic Configuration Update With Dhcp Option 66, Cli Command

    Switch Memory and Configuration Automatic Configuration Update with DHCP Option 66 Operating Notes for Multiple Configuration Files SFTP/SCP: The configuration files are available for sftp/scp transfer as ■ /cfg/< filename >. Automatic Configuration Update with DHCP Option 66 ProCurve switches are initially booted up with the factory-shipped configura­ tion file.

  • Page 158: Possible Scenarios For Updating The Configuration File, Operating Notes

    Switch Memory and Configuration Automatic Configuration Update with DHCP Option 66 Possible Scenarios for Updating the Configuration File The following table shows various network configurations and how Option 66 is handled. Scenario Behavior Single Server serving Multiple VLANs • Each DHCP -enabled VLAN interface initiates DHCPDISCOVER message, receives DHCPOFFER from the server, and send DHCPREQUEST to obtain the offered parameters.

  • Page 159: Log Messages

    Switch Memory and Configuration Automatic Configuration Update with DHCP Option 66 Global DHCP Parameters: Global parameters are processed only if received on the primary VLAN. Best Offer: The “Best Offer” is the best DHCP or BootP offer sent by the DHCP server in response to the DHCPREQUEST sent by the switch.

  • Page 160

    Switch Memory and Configuration Automatic Configuration Update with DHCP Option 66 6-44...

  • Page 161

    Interface Access and System Information Contents Overview ........... . . 7-2 Interface Access: Console/Serial Link, Web, and Inbound Telnet .

  • Page 162

    Interface Access and System Information Overview Overview This chapter describes how to: ■ View and modify the configuration for switch interface access Use the CLI kill command to terminate a remote session ■ ■ View and modify switch system information For help on how to actually use the interfaces built into the switch, refer to: ■...

  • Page 163: Interface Access: Console/serial Link, Web, And Inbound Telnet

    Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access Features Feature Default Menu Inactivity Time 0 Minutes page 7-4 page 7-8 — (disabled) Inbound Telnet Access Enabled page 7-4 page 7-5...

  • Page 164: Menu: Modifying The Interface Access

    Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Menu: Modifying the Interface Access The menu interface enables you to modify these parameters: ■ Inactivity Timeout Inbound Telnet Enabled ■ Web Agent Enabled ■ To Access the Interface Access Parameters: From the Main Menu, Select...

  • Page 165: Cli: Modifying The Interface Access

    Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet CLI: Modifying the Interface Access Interface Access Commands Used in This Section show console below [no] telnet-server below [no] web-management page 7-8 console page 7-8 Listing the Current Console/Serial Link Configuration. This com­ mand lists the current interface access parameter settings.

  • Page 166

    Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Outbound Telnet to Another Device. This feature operates indepen­ dently of the telnet-server status and enables you to Telnet to another device that has an IP address. Syntax: telnet <ipv4-addr | ipv6-addr | hostname | switch-num>...

  • Page 167: Making Window Size Negotiation Available For A Telnet Session

    Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet ProCurve(config)# show telnet Telnet Activity -------------------------------------------------------- Session : ** Privilege: Manager From : Console ------------------------------------------------------- Session : ** Privilege: Manager From : 12.13.14.10 : 15.33.66.20 ------------------------------------------------------- Session : ** Privilege: Operator From...

  • Page 168

    Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet The switch currently responds to a request from the remote telnet client to negotiate window size. However, some telnet clients do not request to nego­ tiate window size unless the switch’s telnet server suggests that NAWS is available.

  • Page 169

    Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Syntax: console [terminal < vt100 | ansi | none >] [screen-refresh < 1 | 3 | 5 | 10 | 20 | 30 | 45 | 60 >] [baud-rate <...

  • Page 170

    Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet N o t e If you change the Baud Rate or Flow Control settings for the switch, you should make the corresponding changes in your console access device. Oth­ erwise, you may lose connectivity between the switch and your terminal emulator due to differences between the terminal and switch settings for these two parameters.

  • Page 171

    Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet You can also execute a series of console commands and then save the configuration and boot the switch. For example: Configure individual parameters. Save the changes. Boot the switch.

  • Page 172: Sessions

    Interface Access and System Information Denying Interface Access by Terminating Remote Management Sessions Denying Interface Access by Terminating Remote Management Sessions The switch supports up to five management sessions. You can use show ip ssh to list the current management sessions, and kill to terminate a currently running remote session.

  • Page 173: System Information

    Interface Access and System Information System Information System Information System Information Features Feature Default Menu System Name switch product page page page name 7-14 7-16 7-20 System Contact page page page 7-14 7-16 7-20 System Location page page page 7-14 7-16 7-20 MAC Age Time...

  • Page 174: Menu: Viewing And Configuring System Information

    Interface Access and System Information System Information Time Zone: The number of minutes your time zone location is to the West (+) or East (-) of Coordinated Universal Time (formerly GMT). The default 0 means no time zone is configured. For example, the time zone for Berlin, Germany is + 60 (minutes) and the time zone for Vancouver, Canada is - 480 (minutes).

  • Page 175: Cli: Viewing And Configuring System Information

    Interface Access and System Information System Information 2. Press (for Edit). The cursor moves to the System Name field. 3. Refer to the online help provided with this screen for further information on configuration options for these features. 4. When you have finished making changes to the above parameters, press (for Save) and return to the Main Menu.

  • Page 176

    Interface Access and System Information System Information Listing the System Enclosure Information. This command lists the sys­ tem enclosure information. Syntax: show system enclosure This example shows the switch’s enclosure configuration. ProCurve# show system enclosure Rack and Enclosure Information Rack Name : Donner_Bldg5U Rack Unique ID : Default RUID...

  • Page 177

    Interface Access and System Information System Information New hostname, contact, and location data from previous commands. Additional System Information Figure 7-10. System Information Listing After Executing the Preceding Commands The menu interface will only display up to 47 characters although you can specify a name up to 255 characters in length.

  • Page 178

    Interface Access and System Information System Information MENU ProCurve Switch 6120 24-Oct-2008 12:41:47 ===========================- TELNET - MANAGER MODE =========================== Switch Configuration - System Information System Name : Blue Switch System Contact : Bill_Smith System Location : + characters of the location are missing. It’s too long. Inactivity Timeout (min) [0] : 0 MAC Age Time (sec) [300] : 300 Inbound Telnet Enabled [Yes] : Yes...

  • Page 179

    Interface Access and System Information System Information Syntax: mac-age-time < 10 - 1000000 > (seconds) Allows you to set the MAC address table’s age-out interval. An address is aged out if the switch does not receive traffic from that MAC address for the age-out interval, measured in seconds. Default: 300 seconds.

  • Page 180: Web: Configuring System Parameters

    Interface Access and System Information System Information Web: Configuring System Parameters In the web browser interface, you can enter the following system information: ■ System Name System Location ■ System Contact ■ For access to the MAC Age Interval and the Time parameters, use the menu interface or the CLI.

  • Page 181

    Configuring IP Addressing Contents Overview ........... . . 8-2 IP Configuration .

  • Page 182: Ip Configuration, Overview

    Configuring IP Addressing Overview Overview You can configure IP addressing through all of the switch’s interfaces. You can also: ■ Easily edit a switch configuration file to allow downloading the file to multiple switches without overwriting each switch’s unique gateway and VLAN 1 IP addressing.

  • Page 183: Just Want A Quick Start With Ip Addressing?

    Configuring IP Addressing IP Configuration use the menu interface or the CLI to manually configure the initial IP values. After you have network access to a device, you can use the web browser interface to modify the initial IP configuration if needed. For information on how IP addressing affects switch operation, refer to “How IP Addressing Affects Switch Operation”...

  • Page 184: Ip Addressing With Multiple Vlans

    Configuring IP Addressing IP Configuration For more on using the Switch Setup screen, refer to the Installation and Getting Started Guide you received with the switch. IP Addressing with Multiple VLANs In the factory-default configuration, the switch has one, permanent default VLAN (named DEFAULT_VLAN) that includes all ports on the switch.

  • Page 185: Menu: Configuring Ip Address, Gateway, And Time-to-live (ttl)

    Configuring IP Addressing IP Configuration Menu: Configuring IP Address, Gateway, and Time-To- Live (TTL) Do one of the following: To manually enter an IP address, subnet mask, set the IP Config parameter ■ to Manual and then manually enter the IP address and subnet mask values you want for the switch.

  • Page 186: Cli: Configuring Ip Address, Gateway, And Time-to-live (ttl)

    Configuring IP Addressing IP Configuration 3. If the switch needs to access a router, for example, to reach off-subnet destinations, select the Default Gateway field and enter the IP address of the gateway router. 4. If you need to change the packet Time-To-Live (TTL) setting, select Default TTL and type in a value between 2 and 255.

  • Page 187

    Configuring IP Addressing IP Configuration (You can also use the show management command to display the IP addressing and time server IP addressing configured on the switch. Refer to figure 9-6 on page 9-11.) For example, in the factory-default configuration (no IP addressing assigned), the switch’s IP addressing appears as: The Default IP Configuration...

  • Page 188

    Configuring IP Addressing IP Configuration N o t e The default IP address setting for the DEFAULT_VLAN is DHCP/Bootp. On additional VLANs you create, the default IP address setting is Disabled. Syntax: [ no ] vlan < vlan-id > ip address <ip-address/mask-length> [ no ] vlan <...

  • Page 189

    Configuring IP Addressing IP Configuration 1. Go to VLAN 20. 2. Configure two additional IP addresses on VLAN 3. Display IP addressing. Figure 8-4. Example of Configuring and Displaying a Multinetted VLAN If you then wanted to multinet the default VLAN, you would do the following: Figure 8-5.

  • Page 190: Web: Configuring Ip Addressing

    Configuring IP Addressing IP Configuration Removing or Replacing IP Addresses in a Multinetted VLAN. To remove an IP address from a multinetted VLAN, use the no form of the IP address command shown on page 8-8. Generally, to replace one IP address with another, you should first remove the address you want to replace, and then enter the new address.

  • Page 191: How Ip Addressing Affects Switch Operation

    Configuring IP Addressing IP Configuration 3. If you need further information on using the web browser interface, click to access the web-based help available for the switch. How IP Addressing Affects Switch Operation Without an IP address and subnet mask compatible with your network, the switch can be managed only through a direct terminal device connection to the OA console connection or the USB serial console.

  • Page 192: Dhcp/bootp Operation

    Configuring IP Addressing IP Configuration DHCP/Bootp Operation Overview. DHCP/Bootp is used to provide configuration data from a DHCP or Bootp server to the switch. This data can be the IP address, subnet mask, default gateway, Timep Server address, and TFTP server address. If a TFTP server address is provided, this allows the switch to TFTP a previously saved configuration file from the TFTP server to the switch.

  • Page 193

    Configuring IP Addressing IP Configuration DHCP Operation. A significant difference between a DHCP configuration and a Bootp configuration is that an IP address assignment from a DHCP server is automatic. Depending on how the DHCP server is configured, the switch may receive an IP address that is temporarily leased. Periodically the switch may be required to renew its lease of the IP configuration.

  • Page 194: Network Preparations For Configuring Dhcp/bootp

    Configuring IP Addressing IP Configuration gw=10.66.77.1:\ lg=10.22.33.44:\ T144=”switch.cfg”:\ vm=rfc1048 where: 6120switch is a user-defined symbolic name to help you find the correct section of the bootptab file. If you have multiple switches that will be using Bootp to get their IP configuration, you should use a unique symbolic name for each switch.

  • Page 195

    Configuring IP Addressing IP Configuration N o t e Designating a primary VLAN other than the default VLAN affects the switch’s use of information received via DHCP/Bootp. For more on this topic, refer to the chapter describing VLANs in the Advanced Traffic Management Guide for your switch.

  • Page 196: Ip Preserve: Retaining Vlan-1 Ip Addressing Across Configuration File Downloads, Operating Rules For Ip Preserve

    Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads For the switches covered in this guide, IP Preserve enables you to copy a configuration file to multiple switches while retaining the individual IP address and subnet mask on VLAN 1 in each switch, and the Gateway IP address assigned to the switch.

  • Page 197: Enabling Ip Preserve

    Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads Enabling IP Preserve To set up IP Preserve, enter the ip preserve statement at the end of a configu­ ration file. (Note that you do not execute IP Preserve by entering a command from the CLI).

  • Page 198

    Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads ProCurve(config)# show run Running configuration: ; 498358-B21 Configuration Editor; Created on release #Z.14.04 hostname "ProCurve" module 1 type J8702A module 2 type J8705A trunk A11-A12 Trk1 Trunk ip default-gateway 10.10.10.115 snmp-server community "public"...

  • Page 199

    Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads ProCurve# show run Running configuration: ; J8715A Configuration Editor; hostname "ProCurve" module 1 type J8702A module 2 type J8705A trunk A11-A12 Trk1 Trunk Because switch 4 (figure 8-7) received ip default-gateway 10.10.10.115 its most recent IP addressing from a DHCP/Bootp server, the switch...

  • Page 200: Configuring A Single Source Ip Address, Overview, Specifying The Source Ip Address

    Configuring IP Addressing Configuring a Single Source IP Address Configuring a Single Source IP Address Overview This feature applies to the following software applications: • RADIUS • SNTP • System Logging applications • TACACS • Telnet • TFTP The above IP-based software applications use a client-server communication model, that is, the client’s source IP address is used for unique client identifi­...

  • Page 201: The Source Ip Selection Policy

    Configuring IP Addressing Configuring a Single Source IP Address Syntax [no] ip source-interface <radius | sntp | syslog | tacacs | telnet | tftp | all> <loopback <id> | vlan <vlan-id> address <ip-address>> Determines the source IP address used by the specified software application when transmitting IP packets.

  • Page 202

    Configuring IP Addressing Configuring a Single Source IP Address Configured IP Address—the specific IP address that is used as the source ■ IP address. This address is configured on one of the switch’s IP interfaces, either a VLAN interface or a Loopback interface. ■...

  • Page 203

    Configuring IP Addressing Configuring a Single Source IP Address ProCurve(config)# ip source-interface radius address 10.10.10.2 ProCurve(config)# show ip source-interface radius Source-IP Configuration Information Protocol | Admin Selection Policy IP Interface IP Address -------- + ----------------------- -------------- --------------- Radius | Configured IP Address vlan 3 10.10.10.2 Figure 8-11.

  • Page 204: Displaying The Source Ip Interface Information

    Configuring IP Addressing Configuring a Single Source IP Address Displaying the Source IP Interface Information There are several show commands that can be used to display information about the source IP interface status. Syntax show ip source-interface status [radius | sntp | tacacs | telnet | tftp | syslog] Displays the operational status information for the source IP address selection policy.

  • Page 205

    Configuring IP Addressing Configuring a Single Source IP Address ProCurve(config)# show ip source-interface Source-IP Configuration Information Protocol | Admin Selection Policy IP Interface IP Address -------- + ----------------------- -------------- --------------- Tacacs | Configured IP Interface vlan 22 Radius | Configured IP Address 10.10.10.2 Syslog | Configured IP Interface vlan 10...

  • Page 206

    Configuring IP Addressing Configuring a Single Source IP Address ProCurve(config)# show ip source-interface detail Source-IP Detailed Information Protocol : Tacacs Admin Policy : Configured IP Interface Oper Policy : Configured IP Interface Source IP Interface : vlan 22 Source IP Address : 10.10.10.4 Source Interface State : Up Protocol : Radius...

  • Page 207

    Configuring IP Addressing Configuring a Single Source IP Address ProCurve(config)# show radius Status and Counters - General RADIUS Information Deadtime(min) : 0 Timeout(secs) : 5 Retransmit Attempts : 3 Global Encryption Key : Dynamic Authorization UDP Port : 3799 Source IP Selection for the specified application protocol is displayed.

  • Page 208: Error Messages

    Configuring IP Addressing Configuring a Single Source IP Address ProCurve(config)# show telnet Telnet Activity Source IP Selection is displayed. Source IP Selection: 10.10.10.11 -------------------------------------------------------- Session : ** Privilege: Manager From : Console Figure 8-20. Example of show telnet Command Displaying Source IP Selection ProCurve(config)# show sntp SNTP Configuration SNTP Authentication : Disabled...

  • Page 209

    Time Protocols Contents Overview ........... . . 9-3 TimeP Time Synchronization .

  • Page 210

    Time Protocols Contents Configuring (Enabling or Disabling) the TimeP Mode ..9-32 SNTP Unicast Time Polling with Multiple SNTP Servers ..9-37 Displaying All SNTP Server Addresses Configured on the Switch . . 9-37 Adding and Deleting SNTP Server Addresses .

  • Page 211: Timep Time Synchronization, Overview, Sntp Time Synchronization

    Time Protocols Overview Overview This chapter describes: ■ SNTP Time Protocol Operation Timep Time Protocol Operation ■ Using time synchronization ensures a uniform time among interoperating devices. This helps you to manage and troubleshoot switch operation by attaching meaningful time data to event and error messages. The switch offers TimeP and SNTP (Simple Network Time Protocol) and a timesync command for changing the time protocol selection (or turning off time protocol operation).

  • Page 212: Protocol Operation, General Steps For Running A Time Protocol On The Switch:, Disabling Time Synchronization

    Time Protocols Selecting a Time Synchronization Protocol or Turning Off Time Protocol Operation N o t e To use Broadcast mode, the switch and the SNTP server must be in the same subnet. Unicast Mode: The switch requests a time update from the config­ ■...

  • Page 213: Sntp: Viewing, Selecting, And Configuring

    Time Protocols SNTP: Viewing, Selecting, and Configuring In the System Information screen of the Menu interface, set the Time ■ Synch Method parameter to None, then press [Enter], then [S] (for Save). In the Global config level of the CLI, execute no timesync. ■...

  • Page 214: Menu: Viewing And Configuring Sntp

    Time Protocols SNTP: Viewing, Selecting, and Configuring Table 9-1. SNTP Parameters SNTP Parameter Operation Time Sync Used to select either SNTP, TIMEP, or None as the time synchronization method. Method SNTP Mode Disabled The Default. SNTP does not operate, even if specified by the Menu interface Time Sync Method parameter or the CLI timesync command.

  • Page 215

    Time Protocols SNTP: Viewing, Selecting, and Configuring ==========================- CONSOLE - MANAGER MODE -======================== Switch Configuration - System Information System Name : ProCurve System Contact : System Location : Inactivity Timeout (min) [0] : 0 MAC Age Time (sec) [300] : 300 Inbound Telnet Enabled [Yes] : Yes Web Agent Enabled [Yes] : Yes Time Sync Method [None] : TIMEP...

  • Page 216

    Time Protocols SNTP: Viewing, Selecting, and Configuring Note: This step replaces any previously configured server IP address. If you will be using backup SNTP servers (requires use of the CLI), then refer to “SNTP Unicast Time Polling with Multiple SNTP Servers” on page 9-37. iii. Press to move the cursor to the Server Version field.

  • Page 217: Cli: Viewing And Configuring Sntp, Viewing The Current Sntp Configuration

    Time Protocols SNTP: Viewing, Selecting, and Configuring CLI: Viewing and Configuring SNTP CLI Commands Described in this Section SNTP Command Page show sntp [no] timesync 9-11 and ff., 9-16 sntp broadcast 9-12 sntp unicast 9-12 sntp server 9-12 and ff. Protocol Version 9-15 Priority...

  • Page 218

    Time Protocols SNTP: Viewing, Selecting, and Configuring ProCurve(config)# show sntp SNTP Configuration Time Sync Mode: Sntp SNTP Mode : Unicast Poll Interval (sec) [720] : 719 Priority SNTP Server Address OOBM Protocol Version -------- ------------------------------- ------------- ---------------- 2001:db8::215:60ff:fe79:8980 10.255.5.24 fe80::123%vlan10 Figure 9-4.

  • Page 219: Configuring (enabling Or Disabling) The Sntp Mode

    Time Protocols SNTP: Viewing, Selecting, and Configuring ProCurve(config)# show management Status and Counters - Management Address Information Time Server Address : fe80::215:60ff:fe7a:adc0%vlan10 Priority SNTP Server Address Protocol Version -------- ---------------------------------------------- ---------------- 2001:db8::215:60ff:fe79:8980 10.255.5.24 fe80::123%vlan10 Default Gateway : 10.0.9.80 VLAN Name MAC Address | IP Address ------------ ------------------- + -------------------...

  • Page 220

    Time Protocols SNTP: Viewing, Selecting, and Configuring Enabling SNTP in Broadcast Mode. Because the switch provides an SNTP polling interval (default: 720 seconds), you need only these two commands for minimal SNTP broadcast configuration: Syntax: timesync sntp Selects SNTP as the time synchronization method. Syntax: sntp broadcast Configures broadcast as the SNTP mode.

  • Page 221

    Time Protocols SNTP: Viewing, Selecting, and Configuring second or third server, you must use the CLI. For more on SNTP operation with multiple servers, refer to “SNTP Unicast Time Polling with Multiple SNTP Servers” on page 9-37. Syntax: timesync sntp Selects SNTP as the time synchronization method.

  • Page 222

    Time Protocols SNTP: Viewing, Selecting, and Configuring ProCurve(config)# timesync sntp Selects SNTP. ProCurve(config)# sntp unicast Activates SNTP in Unicast mode. ProCurve(config)# sntp server 10.28.227.141 Specifies the SNTP server and accepts the current SNTP server version (default: 3). ProCurve(config)# show sntp In this example, the Poll Interval and the Protocol SNTP Configuration Version appear at their default settings.

  • Page 223

    Time Protocols SNTP: Viewing, Selecting, and Configuring Deletes unicast SNTP server entry. Re-enters the unicast server with a non- default protocol version. show sntp displays the result. Figure 9-9. Example of Specifying the SNTP Protocol Version Number Changing the SNTP Poll Interval. sntp poll-interval <...

  • Page 224

    Time Protocols SNTP: Viewing, Selecting, and Configuring Disabling Time Synchronization Without Changing the SNTP Configuration. The recommended method for disabling time synchroniza­ tion is to use the timesync command. Syntax: no timesync Halts time synchronization without changing your SNTP configuration. For example, suppose SNTP is running as the switch’s time synchronization protocol, with Broadcast as the SNTP mode and the factory-default polling interval.

  • Page 225: Sntp Client Authentication, Requirements

    Time Protocols SNTP: Viewing, Selecting, and Configuring Even though the Time Sync Mode is set to Sntp, time synchronization is disabled because no sntp has disabled the SNTP Mode parameter. Figure 9-11. Example of Disabling Time Synchronization by Disabling the SNTP Mode SNTP Clien Authentication Enabling SNTP authentication allows network devices such as HP ProCurve...

  • Page 226

    Time Protocols SNTP: Viewing, Selecting, and Configuring Among the keys that have been configured, one key or a set of keys ■ must be configured as trusted. Only trusted keys will be used for SNTP authentication. If the SNTP server requires authentication, one of the trusted keys ■...

  • Page 227: Key-value, Configuring A Trusted Key

    Time Protocols SNTP: Viewing, Selecting, and Configuring Configuring the Key-Identifier, Authentication Mode, and Key-Value This command configures the key-id, authentication-mode, and key-value, which are required for authentication. It is executed in the global configura­ tion context. Syntax sntp authentication key-id <key-id> authentication-mode <md5> key-value <key-string>...

  • Page 228: Associating A Key With An Sntp Server

    Time Protocols SNTP: Viewing, Selecting, and Configuring succeeds. Only trusted key-id value information is used for SNTP authentica­ tion. See“Configuring Unicast and Broadcast Mode” on page 9-21 for informa­ tion about configuring these modes. If the packet contains key-id value information that is not configured on the SNTP client switch or the received packet contains no authentication infor­...

  • Page 229: Enabling Sntp Client Authentication, Configuring Unicast And Broadcast Mode

    Time Protocols SNTP: Viewing, Selecting, and Configuring <version-num>: Specifies the SNTP software version to use, and is assigned on a per-server basis. The version setting is backwards-compatible. For example, using version 3 means that the switch accepts versions 1 through 3. Default: 3;...

  • Page 230: Displaying Sntp Configuration Information

    Time Protocols SNTP: Viewing, Selecting, and Configuring To set the SNTP mode or change from one mode to the other, enter the appropriate command. Syntax: sntp unicast sntp broadcast Enables SNTP for either broadcast or unicast mode. Default: SNTP mode is disabled by default. SNTP does not operate even if specified by the CLI timesync command or by the menu interface Time Sync Method parameter.

  • Page 231

    Time Protocols SNTP: Viewing, Selecting, and Configuring ProCurve(config)# show sntp SNTP Configuration SNTP Authentication : Enabled Time Sync Mode: Sntp SNTP Mode : Unicast Poll Interval (sec) [720] : 720 Priority SNTP Server Address Protocol Version KeyId -------- --------------------------------------- ---------------- ----- 10.10.10.2 fe80::200:24ff:fec8:4ca8 Figure 9-14.

  • Page 232: Include-credentials Command

    Time Protocols SNTP: Viewing, Selecting, and Configuring ProCurve(config)# show sntp statistics SNTP Statistics Received Packets Sent Packets Dropped Packets SNTP Server Address Auth Failed Pkts --------------------------------------- ---------------- 10.10.10.1 fe80::200:24ff:fec8:4ca8 Figure 9-16. Example of SNTP Authentication Statistical Information Saving Configuration Files and the Include-Credentials Command You can use the include-credentials command to store security information in the running-config file.

  • Page 233

    Time Protocols SNTP: Viewing, Selecting, and Configuring ProCurve(config)# show config Startup configuration: timesync sntp SNTP authentication has been sntp broadcast enabled and a key-id of 55 has been created. sntp 50 sntp authentication sntp server priority 1 10.10.10.2 3 key-id 55 sntp server priority 2 fe80::200:24ff:fec8:4ca8 4 key-id 55 Figure 9-17.

  • Page 234

    Time Protocols SNTP: Viewing, Selecting, and Configuring If include-credentials is configured, the SNTP authentication configuration is saved in the configuration file. When the show config command is entered, all of the information that has been configured for SNTP authentication displays, including the key-values.

  • Page 235: Timep: Viewing, Selecting, And Configuring

    Time Protocols TimeP: Viewing, Selecting, and Configuring TimeP: Viewing, Selecting, and Configuring TimeP Feature Default Menu view the Timep time synchronization configuration page 9-28 page 9-30 — select Timep as the time synchronization method TIMEP page 9-17 pages 9-33 ff. —...

  • Page 236: Menu: Viewing And Configuring Timep

    Time Protocols TimeP: Viewing, Selecting, and Configuring Table 9-2. Timep Parameters SNTP Parameter Operation Time Sync Used to select either TIMEP (the default), SNTP, or None as the time synchronization method. Method Timep Mode Disabled The Default. Timep does not operate, even if specified by the Menu interface Time Sync Method parameter or the CLI timesync command.

  • Page 237

    Time Protocols TimeP: Viewing, Selecting, and Configuring ==========================- CONSOLE - MANAGER MODE -========================== Switch Configuration - System Information System Name : ProCurve System Contact : System Location : Inactivity Timeout (min) [0] : 0 MAC Age Time (sec) [300] : 300 Inbound Telnet Enabled [Yes] : Yes Web Agent Enabled [Yes] : Yes Time Sync Method [None] : TIMEP...

  • Page 238: Cli: Viewing And Configuring Timep, Viewing The Current Timep Configuration

    Time Protocols TimeP: Viewing, Selecting, and Configuring 5. In the Poll Interval field, enter the time in minutes that you want for a TimeP Poll Interval. Press to return to the Actions line, then [S] (for Save) to enter the new [Enter] time protocol configuration in both the startup-config and running-config files.

  • Page 239

    Time Protocols TimeP: Viewing, Selecting, and Configuring ProCurve (config)# show timep Timep Configuration Time Sync Mode: Timep TimeP Mode [Disabled] : Manual Server Address : 10.10.28.100 Poll Interval (min) [720] : 720 OOBM : Yes Figure 9-21. Example of TimeP Configuration When TimeP Is the Selected Time Synchronization Method If SNTP is the selected time synchronization method, still lists the...

  • Page 240: Configuring (enabling Or Disabling) The Timep Mode

    Time Protocols TimeP: Viewing, Selecting, and Configuring ProCurve(config)# show management Status and Counters - Management Address Information Time Server Address : 10.10.28.100 Priority SNTP Server Address Protocol Version -------- ---------------------------------------------- ---------------- 10.10..28.101 10.255.5.24 fe80::123%vlan10 Default Gateway : 10.0.9.80 VLAN Name MAC Address | IP Address ------------ ------------------- + -------------------...

  • Page 241

    Time Protocols TimeP: Viewing, Selecting, and Configuring Enabling TimeP in DHCP Mode. Because the switch provides a TimeP polling interval (default: 720 minutes), you need only these two commands for a minimal TimeP DHCP configuration: Syntax: timesync timep Selects TimeP as the time synchronization method. Syntax: ip timep dhcp Configures DHCP as the TimeP mode.

  • Page 242

    Time Protocols TimeP: Viewing, Selecting, and Configuring Enabling Timep in Manual Mode. Like DHCP mode, configuring TimeP for Manual mode enables TimeP. However, for manual operation, you must also specify the IP address of the TimeP server. (The switch allows only one TimeP server.) To enable the TimeP protocol: Syntax: timesync timep Selects Timep.

  • Page 243

    Time Protocols TimeP: Viewing, Selecting, and Configuring Figure 9-25. Example of Configuring Timep for Manual Operation Changing the TimeP Poll Interval. This command lets you specify how long the switch waits between time polling intervals. The default is 720 minutes and the range is 1 to 9999 minutes. (This parameter is separate from the poll interval parameter used for SNTP operation.) Syntax: ip timep <...

  • Page 244

    Time Protocols TimeP: Viewing, Selecting, and Configuring Figure 9-26. Example of TimeP with Time Synchronization Disabled Disabling the TimeP Mode. Disabling the TimeP mode means to configure it as disabled. (Disabling TimeP prevents the switch from using it as the time synchronization protocol, even if it is the selected Time Sync Method option.) Syntax: no ip timep Disables TimeP by changing the TimeP mode configuration...

  • Page 245: Sntp Unicast Time Polling With Multiple Sntp Servers

    Time Protocols SNTP Unicast Time Polling with Multiple SNTP Servers SNTP Unicast Time Polling with Multiple SNTP Servers When running SNTP unicast time polling as the time synchronization method, the switch requests a time update from the server you configured with either the Server Address parameter in the menu interface, or the primary server in a list of up to three SNTP servers configured using the CLI.

  • Page 246: Adding And Deleting Sntp Server Addresses, Configured, Sntp Messages In The Event Log

    Time Protocols SNTP Messages in the Event Log Adding and Deleting SNTP Server Addresses Adding Addresses. As mentioned earlier, you can configure one SNTP server address using either the Menu interface or the CLI. To configure a second and third address, you must use the CLI. To configure the remaining two addresses, you would do the following: ProCurve(config)# sntp server 2001:db8::215:60ff:fe79:8980 ProCurve(config)# sntp server 10.255.5.24...

  • Page 247

    Port Status and Configuration Contents Overview ........... . 10-3 Viewing Port Status and Configuring Port Parameters .

  • Page 248

    Port Status and Configuration Contents Configuring UDLD ......... 10-32 Enabling UDLD .

  • Page 249: Viewing Port Status And Configuring Port Parameters, Overview

    Port Status and Configuration Overview Overview This chapter describes how to view the current port configuration and how to configure ports to non-default settings, including ■ Enable/Disable Mode (speed and duplex) ■ ■ Flow Control ■ Broadcast Limit Friendly Port Names ■...

  • Page 250

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Table 10-1. Status and Parameters for Each Port Type Status or Description Parameter Enabled Yes (default): The port is ready for a network connection. No: The port will not operate, even if properly connected in a network. Use this setting, for example, if the port needs to be shut down for diagnostic purposes or while you are making topology changes.

  • Page 251

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Status or Description Parameter — Continued From Previous Page — Gigabit Fiber-Optic Ports (Gigabit-SX, Gigabit-LX, and Gigabit-LH): • 1000FDx: 1000 Mbps (1 Gbps), Full Duplex only • Auto (default): The port operates at 1000FDx and auto-negotiates flow control with the device connected to the port.

  • Page 252: Menu: Port Configuration

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Menu: Port Configuration From the menu interface, you can view and change the port configuration. Using the Menu To View Port Configuration. The menu interface dis­ plays the configuration for ports and (if configured) any trunk groups. From the Main Menu, select: 1.

  • Page 253

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Using the Menu To Configure Ports. You can configure and view the port settings by using the menu. N o t e The menu interface uses the same screen for configuring both individual ports and port trunk groups.

  • Page 254: Cli: Viewing Port Status And Configuring Port Parameters, Viewing Port Status And Configuration

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters CLI: Viewing Port Status and Configuring Port Parameters From the CLI, you can configure and view all port parameter settings and view all port status indicators. Port Status and Configuration Commands show interfaces brief page 10-9 show interfaces config...

  • Page 255

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)# show interfaces brief Status and Counters - Port Status | Intrusion Flow Bcast Port Type | Alert Enabled Status Mode Mode Ctrl Limit ----- --------- + --------- ------- ------ ---------- ----- ----- ------ 100/1000T | No Down...

  • Page 256: Customizing The Show Interfaces Command

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Syntax: show interfaces display Initiates the dynamic update of a command. The output is the same as the equivalent “show” command.The information is updated every 3 seconds. Note: Select “Back” to exit the display. For example: ProCurve# show interfaces display Dynamically updates...

  • Page 257

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Syntax: show interfaces custom [port-list] column-list Select the information that you want to display. Parameters include: port name ■ type ■ ■ vlan ■ intrusion ■ enabled ■ status ■...

  • Page 258

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)# show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi Status and Counters - Custom Port Status Intrusion Port Name Type VLAN Alert Speed Enabled MDI-mode ---- ---------- ---------- ----- --------- ------- ------- -------- Acco 100/1000T...

  • Page 259: Custom" Command, Viewing Port Utilization Statistics

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Note on Using Pattern Matching with the “Show Interfaces Custom” Command If you have included a pattern matching command to search for a field in the output of the show int custom command and the show int custom command produces an error, the error message may not be visible and the output is empty.

  • Page 260: Viewing Transceiver Status

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Operating Notes: For each port on the switch, the command provides a real-time display ■ of the rate at which data is received (Rx) and transmitted (Tx) in terms of kilobits per second (KBits/s), number of packets per second (Pkts/ s), and utilization (Util) expressed as a percentage of the total band­...

  • Page 261: Enabling Or Disabling Ports And Configuring Port Mode

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Operating Notes: ■ The following information is displayed for each installed transceiver: • Port number on which transceiver is installed. • Type of transceiver. • Product number—Includes revision letter, such as A, B, or C. If no revision letter follows a product number, this means that no revision is available for the transceiver.

  • Page 262

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Specifies the port’s data transfer speed and mode. Does not use the no form of the command. ([Default: auto.) Note that in the above syntax you can substitute an “int” for “interface”; that is: int <...

  • Page 263: Enabling Or Disabling Flow Control

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Enabling or Disabling Flow Control N o t e Flow control is enabled by default on the downlink ports. You must enable flow control on the uplink ports in a given link. Otherwise, flow control does not operate on the link, and appears as Off in the show interfaces brief port listing, even if flow control is configured as enabled on the port in the switch.

  • Page 264: Configuring A Broadcast Limit On The Switch

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Disables per-port flow control on ports A5 and A6. Figure 10-11. Example Continued from Figure 10-10 Disables per-port flow control on ports A1 through A4. Flow control is now disabled on the switch.

  • Page 265: Configuring Procurve Auto-mdix

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)#int B1 ProCurve(int B1)# broadcast-limit 1 Broadcast-Limit. Syntax: broadcast-limit <0-99> Enables or disables broadcast limiting for inbound broadcasts on a selected port on the switch. The value selected is the percentage of traffic allowed, for example, broadcast-limit 5 allows 5% of the maximum amount of traffic for that port.

  • Page 266

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters 100/1000-T xl module ports ■ ■ 10/100/1000-T xl module ports Using the above ports: ■ If you connect a copper port using a straight-through cable on a switch to a port on another switch or hub that uses MDI-X ports, the switch port automatically operates as an MDI port.

  • Page 267

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters The Auto-MDIX features apply only to copper port switches using twisted-pair copper Ethernet cables. Syntax: interface < port-list > mdix-mode < auto-mdix | mdi | mdix > auto-mdix is the automatic, default setting. This configures the port for automatic detection of the cable (either straight-through or crossover).

  • Page 268: Web: Viewing Port Status And Configuring Port Parameters

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Per-Port MDI Configuration Figure 10-13. Example of Displaying the Current MDI Configuration Per-Port MDI Operating Mode Figure 10-14. Example of Displaying the Current MDI Operating Mode Web: Viewing Port Status and Configuring Port Parameters In the web browser interface: Click on the Configuration tab.

  • Page 269: Using Friendly (optional) Port Names, Configuring And Operating Rules For Friendly Port Names

    Port Status and Configuration Using Friendly (Optional) Port Names Using Friendly (Optional) Port Names Feature Default Menu Configure Friendly Port Names Standard Port page 24 Numbering Display Friendly Port Names page 25 This feature enables you to assign alphanumeric port names of your choosing to augment automatically assigned numeric port names.

  • Page 270: Configuring Friendly Port Names

    Port Status and Configuration Using Friendly (Optional) Port Names To retain friendly port names across reboots, you must save the current ■ running-configuration to the startup-config file after entering the friendly port names. (In the CLI, use the write memory command.) Configuring Friendly Port Names Syntax: interface <...

  • Page 271: Displaying Friendly Port Names With Other Port Data

    Port Status and Configuration Using Friendly (Optional) Port Names Configuring the Same Name for Multiple Ports. Suppose that you want to use ports A5 through A8 as a trunked link to a server used by a drafting group. In this case you might configure ports A5 through A8 with the name “Draft-Server:Trunk”.

  • Page 272

    Port Status and Configuration Using Friendly (Optional) Port Names Syntax: show name [port-list ] Lists the friendly port name with its corresponding port number and port type. The show name command without a port list shows this data for all ports on the switch. For example: Ports Without “Friendly”...

  • Page 273

    Port Status and Configuration Using Friendly (Optional) Port Names Syntax: show interface < port-number > Includes the friendly port name with the port’s traffic statistics listing. For example, if you configure port A1 with the name “O’Connor_10.25.101.43”, the show interface output for this port appears similar to the following: Friendly Port Name Figure 10-19.

  • Page 274

    Port Status and Configuration Using Friendly (Optional) Port Names For example, if you configure port A1 with a friendly port name: This command sequence saves the friendly port name for port A1 in the startup­ config file. The name entered for port A2 is not saved because it was executed after write memory.

  • Page 275: Been Inserted, Transceivers, Modules, Clearing The Module Configuration

    Port Status and Configuration Using Friendly (Optional) Port Names Configuring Transceivers and Modules That Haven’t Been Inserted Transceivers Previously, a port had to be valid and verified for the switch to allow it to be configured. Transceivers are removable ports and considered invalid when not present in the switch, so they cannot be configured unless they are already in the switch.

  • Page 276

    Port Status and Configuration Using Friendly (Optional) Port Names Syntax: [no] module <slot> Allows removal of the module configuration in the configura­ tion file after the module has been removed. Enter an integer between 1 and 12 for <slot>. For example: ProCurve(config)# no module 3 N o t e This does not change how hot-swap works.

  • Page 277: Uni-directional Link Detection (udld), Uni-directional Link Detection (udld)

    Port Status and Configuration Uni-Directional Link Detection (UDLD) Uni-Directional Link Detection (UDLD) Uni-directional Link Detection (UDLD) monitors a link between two ProCurve switches and blocks the ports on both ends of the link if the link fails at any point between the two devices. This feature is particularly useful for detecting failures in fiber links and trunks.

  • Page 278: Configuring Udld

    Port Status and Configuration Uni-Directional Link Detection (UDLD) connected ports. UDLD-enabled ports; however, will prevent traffic from being sent across a bad link by blocking the ports in the event that either the individual transmitter or receiver for that connection fails. Ports enabled for UDLD exchange health-check packets once every five seconds (the link-keepalive interval).

  • Page 279: Enabling Udld

    Port Status and Configuration Uni-Directional Link Detection (UDLD) Syntax: link-keepalive interval <interval> Determines the time interval to send UDLD control packets. The <interval> parameter specifies how often the ports send a UDLD packet. You can specify from 10 – 100, in 100 ms increments, where 10 is 1 second, 11 is 1.1 seconds, and so on.

  • Page 280: Changing The Keepalive Interval, Changing The Keepalive Retries, Configuring Udld For Tagged Ports

    Port Status and Configuration Uni-Directional Link Detection (UDLD) Changing the Keepalive Interval By default, ports enabled for UDLD send a link health-check packet once every 5 seconds. You can change the interval to a value from 10 – 100 deciseconds, where 10 is 1 second, 11 is 1.1 seconds, and so on.

  • Page 281: Viewing Udld Information

    Port Status and Configuration Uni-Directional Link Detection (UDLD) To re-assign a VLAN ID, re-enter the command with the new VLAN ID ■ number. The new command will overwrite the previous command setting. When configuring UDLD for tagged ports, you may receive a warning ■...

  • Page 282

    Port Status and Configuration Uni-Directional Link Detection (UDLD) To display detailed UDLD information for specific ports, enter the show link­ keepalive statistics command. For example: Ports 1 and 2 are UDLD-enabled and show the number of health check packets sent and received on each port.

  • Page 283: Configuration Warnings And Event Log Messages

    Port Status and Configuration Uni-Directional Link Detection (UDLD) Configuration Warnings and Event Log Messages Warning Messages. The following table shows the warning messages that may be issued and their possible causes, when UDLD is configured for tagged ports. Table 10-3. Warning Messages caused by configuring UDLD for Tagged Ports CLI Command Example Warning Message Possible Problem...

  • Page 284: Uplink Failure Detection, Terminology

    Port Status and Configuration Uplink Failure Detection Uplink Failure Detection Uplink Failure Detection (UFD) is an alternative path redundancy feature that works in conjunction with active-standby NIC teaming functionality on the server to create a failover path for traffic from the server NIC through to the distribution switch.

  • Page 285: Guidelines

    Port Status and Configuration Uplink Failure Detection DC Switch 1 DC Switch 2 DC Switch 1 DC Switch 2 Uplink Ports Uplink Ports Blade Switch 1 Blade Switch 2 Blade Switch 1 Blade Switch 2 Downlink Ports Downlink Ports NIC 1 NIC 2 NIC 1 NIC 2...

  • Page 286: Configuring Ufd, Example Of Ufd Configuration

    Port Status and Configuration Uplink Failure Detection Configuring UFD You must first enable UFD by entering this command in global context. Syntax: [no] uplink-failure-detection Globally enables Uplink Failure Detection on the switch. The no form of the command disables Uplink Failure Detection. Default: Disabled Then configure the LtM to LtD pairings.

  • Page 287

    Port Status and Configuration Uplink Failure Detection ProCurve(config)# show uplink-failure-detection Uplink Failure Detection Information UFD Enabled : Yes TRACK ID | Monitored Links Links to Disable LtM State LtD State -------- + --------------- ---------------- --------- --------- | Trk5 3,12 | 23-24 Down Auto-Disabled | 17...

  • Page 288

    Port Status and Configuration Uplink Failure Detection 10-42...

  • Page 289

    Port Trunking Contents Overview ........... . 11-2 Port Trunk Features and Operation .

  • Page 290

    Port Trunking Overview Overview This chapter describes creating and modifying port trunk groups. This includes non-protocol trunks and LACP (802.3ad) trunks. Port Status and Configuration Features Feature Default Menu viewing port trunks page 11-9 page 11-11 page 11-17 configuring a static trunk none page 11-9 page 11-15...

  • Page 291

    Port Trunking Overview Port Connections and Configuration: All port trunk links must be point­ to-point connections between a switch and another switch, router, server, or workstation configured for port trunking. No intervening, non-trunking devices are allowed. It is important to note that ports on both ends of a port trunk group must have the same mode (speed and duplex) and flow control settings.

  • Page 292: Port Trunk Features And Operation, Trunk Configuration Methods

    Port Trunking Port Trunk Features and Operation Port Trunk Features and Operation The switches covered in this guide offer these options for port trunking: ■ LACP: IEEE 802.3ad—page 11-18 Trunk: Non-Protocol—page 11-26 ■ Up to 60 trunk groups are supported on the switches covered in this guide. The actual maximum depends on the number of ports available on the switch and the number of links in each trunk.

  • Page 293

    Port Trunking Trunk Configuration Methods ProCurve(config) int c1-c4 lacp active Note that the preceding example works if the ports are not already operating in a trunk. To change the LACP option on ports already operating as a trunk, you must first remove them from the trunk. For example, if ports C1 - C4 were LACP-active and operating in a trunk with another device, you would do the following to change them to LACP-passive: ProCurve(config)# no int c1-c4 lacp...

  • Page 294

    Port Trunking Trunk Configuration Methods Table 11-2. Trunk Configuration Protocols Protocol Trunking Options LACP Provides dynamic and static LACP trunking options. (802.3ad) • Dynamic LACP — Use the switch-negotiated dynamic LACP trunk when: – The port on the other end of the trunk link is configured for Active or Passive LACP. – You want fault-tolerance for high-availability applications.

  • Page 295

    Port Trunking Trunk Configuration Methods Table 11-3. General Operating Rules for Port Trunks Media: For proper trunk operation, all ports on both ends of a trunk group must have the same media type and mode Auto (speed and duplex). (For the switches covered in this guide, ProCurve recommends leaving the port Mode setting at Auto-10 or, in networks using Cat 3 cabling, Port Configuration: The default port configuration is Auto, which enables a port to sense speed and negotiate duplex with...

  • Page 296

    Port Trunking Trunk Configuration Methods Spanning Tree: 802.1D (STP) and 802.1w (RSTP) Spanning Tree operate as a global setting on the switch (with one instance of Spanning Tree per switch). 802.1s (MSTP) Spanning Tree operates on a per-instance basis (with multiple instances allowed per switch).

  • Page 297: Menu: Viewing And Configuring A Static Trunk Group

    Port Trunking Menu: Viewing and Configuring a Static Trunk Group Menu: Viewing and Configuring a Static Trunk Group Important Configure port trunking before you connect the trunked links to another switch, routing switch, or server. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured.

  • Page 298

    Port Trunking Menu: Viewing and Configuring a Static Trunk Group • For proper trunk operation, all ports in a trunk must have the same media type and mode (such as 10/100TX set to 100FDx, or 100FX set to 100FDx). The flow control settings must also be the same for all ports in a given trunk.

  • Page 299: Cli: Viewing And Configuring Port Trunk Groups, Using The Cli To View Port Trunks

    Port Trunking CLI: Viewing and Configuring Port Trunk Groups 8. Connect the trunked ports on the switch to the corresponding ports on the opposite device. If you previously disabled any of the trunked ports on the switch, enable them now. (Refer to “Viewing Port Status and Configuring Port Parameters”...

  • Page 300

    Port Trunking CLI: Viewing and Configuring Port Trunk Groups Using a port list specifies, for switch ports in a static trunk group, only the ports you want to view. In this case, the command specifies ports A5 through A7. However, because port A6 is not in a static trunk group, it does not appear in the resulting listing: Port A5 appears with an example of a name that you can optionally assign using the Friendly Port Names feature.

  • Page 301

    Port Trunking CLI: Viewing and Configuring Port Trunk Groups Listing Static LACP and Dynamic LACP Trunk Data. Syntax: show lacp Lists data for only the LACP-configured ports.. In the following example, ports A1 and A2 have been previously configured for a static LACP trunk. (For more on the “Active” parameter, see table 11-5 on page 11-21.) Figure 11-8.

  • Page 302: Using The Cli To Configure A Static Or Dynamic Trunk Group

    Port Trunking CLI: Viewing and Configuring Port Trunk Groups “Up” Links Standby Link Figure 11-9. Example of a Dynamic LACP Trunk with One Standby Link Using the CLI To Configure a Static or Dynamic Trunk Group I m p o r t a n t Configure port trunking before you connect the trunked links between switches.

  • Page 303

    Port Trunking CLI: Viewing and Configuring Port Trunk Groups Configuring a Static Trunk or Static LACP Trunk Group. Syntax: trunk < port-list > < trk1 ... trk60 > < trunk | lacp > Configures the specified static trunk type. This example uses ports C4 - C6 to create a non-protocol static trunk group with the group name of Trk2.

  • Page 304

    Port Trunking CLI: Viewing and Configuring Port Trunk Groups Switch “A” Switch “B” with ports set with ports set to LACP to LACP passive. passive. Dynamic LACP trunk cannot automatically form because both ends of the links are LACP passive. (In this case spanning-tree blocking is needed to prevent a loop.

  • Page 305: Web: Viewing Existing Port Trunk Groups

    Port Trunking Web: Viewing Existing Port Trunk Groups C a u t i o n Unless spanning tree is running on your network, removing a port from a trunk can result in a loop. To help prevent a broadcast storm when you remove a port from a trunk where spanning tree is not in use, ProCurve recommends that you first disable the port or disconnect the link on that port.

  • Page 306: Trunk Group Operation Using Lacp

    Port Trunking Trunk Group Operation Using LACP Trunk Group Operation Using LACP The switch can automatically configure a dynamic LACP trunk group or you can manually configure a static LACP trunk group. N o t e LACP requires full-duplex (FDx) links of the same media type (10/100Base-T, 100FX, etc.) and the same speed, and enforces speed and duplex conformance across a trunk group.

  • Page 307

    Port Trunking Trunk Group Operation Using LACP Table 11-4. LACP Trunk Types LACP Port Trunk Operation Configuration 802.3ad-compliant Dynamic LACP This option automatically establishes an trunk group, with LACP for the port Type parameter and DynX for the port Group name, where X is an automatically assigned value from 1 to 60, depending on how many dynamic and static trunks are currently on the switch.

  • Page 308

    Port Trunking Trunk Group Operation Using LACP LACP Port Trunk Operation Configuration Static LACP Provides a manually configured, static LACP trunk to accommodate these conditions: • The port on the other end of the trunk link is configured for a static LACP trunk. • You want to configure non-default spanning tree or IGMP parameters on an LACP trunk group.

  • Page 309: Default Port Operation

    Port Trunking Trunk Group Operation Using LACP Default Port Operation In the default configuration, LACP is disabled for all ports. If LACP is not configured as Active on at least one end of a link, then the port does not try to detect a trunk configuration and operates as a standard, untrunked port.

  • Page 310: Lacp Notes And Restrictions

    Port Trunking Trunk Group Operation Using LACP Status Name Meaning LACP Status Success: LACP is enabled on the port, detects and synchronizes with a device on the other end of the link, and can move traffic across the link. Failure: LACP is enabled on a port and detects a device on the other end of the link, but is not able to synchronize with this device, and therefore not able to send LACP packets across the link.

  • Page 311

    Port Trunking Trunk Group Operation Using LACP ProCurve(config)# int a17 lacp passive Error configuring port A17: LACP and port security cannot be run together. ProCurve(config)# To restore LACP to the port, you must remove port security and re-enable LACP active or passive. Changing Trunking Methods.

  • Page 312

    Port Trunking Trunk Group Operation Using LACP ProCurve(eth-B1-B8)# show lacp LACP PORT LACP TRUNK PORT LACP LACP NUMB ENABLED GROUP STATUS PARTNER STATUS ---- ------- ------- ------- ------- ------- Active Dyn1 Success Active Dyn1 Success Active Dyn1 Success Active Dyn1 Success Active Dyn1...

  • Page 313

    Port Trunking Trunk Group Operation Using LACP Spanning Tree and IGMP. If Spanning Tree and/or IGMP is enabled in the switch, a dynamic LACP trunk operates only with the default settings for these features and does not appear in the port listings for these features. Half-Duplex and/or Different Port Speeds Not Allowed in LACP Trunks.

  • Page 314: Trunk Group Operation Using The "trunk" Option

    Port Trunking Trunk Group Operation Using the “Trunk” Option Trunk Group Operation Using the “Trunk” Option This method creates a trunk group that operates independently of specific trunking protocols and does not use a protocol exchange with the device on the other end of the trunk.

  • Page 315: How The Switch Lists Trunk Data, Outbound Traffic Distribution Across Trunked Links

    Port Trunking How the Switch Lists Trunk Data How the Switch Lists Trunk Data Static Trunk Group: Appears in the menu interface and the output from the CLI show trunk and show interfaces commands. Dynamic LACP Trunk Group: Appears in the output from the CLI show lacp command.

  • Page 316

    Port Trunking Outbound Traffic Distribution Across Trunked Links The load-balancing is done on a per communication basis. Otherwise, traffic is transmitted across the same path as shown in figure 11-13. That is, if Client A attached to Switch 1 sends five packets of data to Server A attached to Switch 2, the same link is used to send all five packets.

  • Page 317

    Port Trunking Outbound Traffic Distribution Across Trunked Links Table 11-6. Example of Link Assignments in a Trunk Group (SA/DA Distribution) Source: Destination: Link: Node A Node W Node B Node X Node C Node Y Node D Node Z Node A Node Y Node B Node W...

  • Page 318

    Port Trunking Outbound Traffic Distribution Across Trunked Links 11-30...

  • Page 319

    Port Traffic Controls Contents Overview ........... . 12-3 Rate-Limiting .

  • Page 320

    Port Traffic Controls Contents Operating Notes for Jumbo Traffic-Handling ....12-27 Troubleshooting ......... . 12-29 Cut-Through Switching on the HP 6120XG .

  • Page 321

    Port Traffic Controls Overview Overview Feature Default Menu Rate-Limiting None Jumbo Packets Disabled 12-20 This chapter includes: ■ Rate-Limiting: Enables a port to limit the amount of bandwidth a user or device may utilize for traffic on the switch. Jumbo Frames: Enables ports operating at 1 Gbps or 10 Gbps speeds to ■...

  • Page 322: Rate-limiting, All Traffic Rate-limiting, Configuring Rate-limiting

    Port Traffic Controls Rate-Limiting Rate-Limiting Feature Default Menu rate-limit all none page 12-4 show rate-limit all page 12-6 All Traffic Rate-Limiting Rate-limiting for all traffic operates on a per-port basis to allow only the specified bandwidth to be used for inbound or outbound traffic. When traffic exceeds the configured limit, it is dropped.

  • Page 323

    Port Traffic Controls Rate-Limiting Syntax: [no] int <port-list> rate-limit all in <percent <0-100> | kbps < 0-10000000>> Configures a traffic rate limit (on non-trunked ports) on the link. The "no" form of the command disables rate-limiting on the specified ports. (Default: Disabled.) Options include: • in —...

  • Page 324: Displaying The Current Rate-limit Configuration, Operating Notes For Rate-limiting

    Port Traffic Controls Rate-Limiting Displaying the Current Rate-Limit Configuration The show rate-limit all command displays the per-port rate-limit configuration. Syntax: show rate-limit all [ port-list ] Without [ port-list ], this command lists the rate-limit configuration for all ports on the switch. With [ port-list ], this command lists the rate-limit configuration for the specified port(s).

  • Page 325

    Port Traffic Controls Rate-Limiting Rate-limiting is visible as an outbound forwarding rate: Because ■ inbound rate-limiting is performed on packets during packet-processing, it is not shown via the inbound drop counters. Instead, this limit is verifiable as the ratio of outbound traffic from an inbound rate-limited port versus the inbound rate.

  • Page 326

    Port Traffic Controls Rate-Limiting Note on Testing Rate-limiting is applied to the available bandwidth on a port, and not to any Rate-Limiting specific applications running through the port. If the total bandwidth requested by all applications is less than the configured maximum rate, then no rate-limit can be applied.

  • Page 327

    Port Traffic Controls Rate-Limiting Syntax: broadcast-limit <0-99> Enables or disables broadcast limiting for outbound broadcasts on a selected port on the switch. The value selected is the percentage of traffic allowed, for example, broadcast-limit 5 allows 5% of the maximum amount of traffic for that port. A value of zero disables broadcast limiting for that port.

  • Page 328: Guaranteed Minimum Bandwidth (gmb), Introduction, Terminology, Gmb Operation, Guaranteed Minimum Bandwidth (gmb)

    Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Guaranteed Minimum Bandwidth (GMB) Feature Default Menu bandwidth-min output Per-Queue: page 2%-3%-30%-10% 12-13 10%-10%-15%-20% show bandwidth output [ port-list ] page 12-17 Introduction Guaranteed Minimum Bandwidth (GMB) provides a method for ensuring that each of a given port’s outbound traffic priority queues has a specified mini­...

  • Page 329

    Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Table 12-1. Per-Port Outbound Priority Queues 802.1p Priority Settings in Tagged VLAN Outbound Priority Queue for a Given Port Packets* 1 (low) 2 (low) 0 (normal) 3 (normal) 4 (medium) 5 (medium) 6 (high) 7 (high) *The switch processes outbound traffic from an untagged port at the "0"...

  • Page 330: Impacts Of Qos Queue Configuration On Gmb Operation

    Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) N o t e For a given port, when the demand on one or more outbound queues exceeds the minimum bandwidth configured for those queues, the switch apportions unallocated bandwidth to these queues on a priority basis. As a result, speci­ fying a minimum bandwidth for a high-priority queue but not specifying a minimum for lower-priority queues can starve the lower-priority queues dur­...

  • Page 331: Outbound Traffic

    Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) For switches covered in this guide, the actual minimum guaranteed bandwidth allocated for each queue is accurate to +/- six percent of the expected value. N o t e For more information on queue configuration and the associated default minimum bandwidth settings, refer to the chapter titled “Quality of Service (QoS): Managing Bandwidth More Effectively”...

  • Page 332

    Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Syntax: [ no ] int < port-list > bandwidth-min output Configures the default minimum bandwidth allocation for the outbound priority queue for each port in < port-list >. The default values per priority queue are: •...

  • Page 333

    Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Syntax: [ no ] int < port-list > bandwidth-min output [ < queue1% > < queue2% > < queue3% > < queue4% > <queue5%> <queue6%> <queue7%> <queue8%>] For ports in < port-list >, specifies the minimum outbound bandwidth as a percent of the total bandwidth for each outbound queue.

  • Page 334

    Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Notes: Configuring 0% for a queue can result in that queue being starved if any higher queue becomes over­ subscribed and is then given all unused bandwidth. A queue configured with 0% will be serviced as “strict”. This means that packets on this queue will be sent until the queue is empty, before servicing the next lower- priority queue, regardless of that lower priority queue’s...

  • Page 335: Configuration

    Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Priority of Minimum Effect on Outbound Bandwidth Allocation Outbound Bandwidth Port Queue Queue 2 has a guaranteed minimum bandwidth of 3% and, if oversubscribed, is subordinate to queues, 8, 7, 6, 5, 4, and 3 for any unused outbound bandwidth available on the port.

  • Page 336

    Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) ProCurve(config)# show bandwidth output a1-a5 Outbound Guaranteed Minimum Bandwidth % Port ---- User-Configured Minimum Bandwidth Settings Figure 12-2. Example of Listing the Guaranteed Minimum Bandwidth Configuration This is how the preceding listing of the GMB configuration would appear in the startup-config file.

  • Page 337: Gmb Operating Notes

    Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) GMB Operating Notes Impact of QoS Queue Configuration on GMB commands. Changing the number of queues affects the GMB commands (interface bandwidth-min and show bandwidth output) to operate only on the number of queues currently configured.

  • Page 338: Jumbo Frames, Terminology

    Port Traffic Controls Jumbo Frames Jumbo Frames Feature Default Menu display VLAN jumbo status — 12-23 — configure jumbo VLANs Disabled — 12-25 — The Maximum Transmission Unit (MTU) is the maximum size IP frame the switch can receive for Layer 2 frames inbound on a port. The switch drops any inbound frames larger than the MTU allowed on the port.

  • Page 339: Operating Rules

    Port Traffic Controls Jumbo Frames Operating Rules Required Port Speed: This feature allows inbound and outbound jumbo ■ frames on ports operating at speeds of 1 gigabit or higher. At lower port speeds, only standard (1522-byte or smaller) frames are allowed, regard­ less of the jumbo configuration.

  • Page 340: Configuring Jumbo Frame Operation, Overview

    Port Traffic Controls Jumbo Frames Configuring Jumbo Frame Operation Command Page show vlans 12-23 show vlans ports < port-list > 12-24 show vlans < vid > 12-25 jumbo 12-25 jumbo max-frame-size 12-25 Overview 1. Determine the VLAN membership of the ports or trunks through which you want the switch to accept inbound jumbo traffic.

  • Page 341: Viewing The Current Jumbo Configuration

    Port Traffic Controls Jumbo Frames Viewing the Current Jumbo Configuration Syntax: show vlans Lists the static VLANs configured on the switch and includes a Jumbo column to indicate which VLANs are configured to support inbound jumbo traffic. All ports belonging to a jumbo-enabled VLAN can receive jumbo traffic.

  • Page 342

    Port Traffic Controls Jumbo Frames Indicates which static VLANs are configured to enable jumbo frames. Figure 12-5. Example of Listing the VLAN Memberships for a Range of Ports Syntax: show vlans < vid > This command shows port membership and jumbo configuration for the specified <...

  • Page 343: Enabling Or Disabling Jumbo Traffic On A Vlan, Configuring A Maximum Frame Size, Snmp Implementation

    Port Traffic Controls Jumbo Frames Enabling or Disabling Jumbo Traffic on a VLAN Syntax: vlan < vid > jumbo [no] vlan < vid > jumbo Configures the specified VLAN to allow jumbo frames on all ports on the switch that belong to that VLAN. If the VLAN is not already configured on the switch, vlan <...

  • Page 344: Displaying The Maximum Frame Size, Operating Notes For Maximum Frame Size

    Port Traffic Controls Jumbo Frames Jumbo IP MTU. The IP MTU for Jumbos is supported with the following proprietary MIB object: hpSwitchIpMTU OBJECT-TYPE This is the value of the global Jumbos IP MTU (or L3 MTU) supported by the switch. The default value is set to 9198 bytes (a value that is 18 bytes less than the largest possible maximum frame size of 9216 bytes).

  • Page 345: Operating Notes For Jumbo Traffic-handling

    Port Traffic Controls Jumbo Frames Operating Notes for Jumbo Traffic-Handling ProCurve does not recommend configuring a voice VLAN to accept jumbo ■ frames. Voice VLAN frames are typically small, and allowing a voice VLAN to accept jumbo frame traffic can degrade the voice transmission perfor­ mance.

  • Page 346

    Port Traffic Controls Jumbo Frames If there are security concerns with grouping the ports as shown for VLAN 300, you can either use source-port filtering to block unwanted traffic paths or create separate jumbo VLANs, one for ports 6 and 7, and another for ports 12 and 13.

  • Page 347: Troubleshooting, Hp 6120xg

    Port Traffic Controls Cut-Through Switching on the HP 6120XG Troubleshooting A VLAN is configured to allow jumbo frames, but one or more ports drops all inbound jumbo frames. The port may not be operating at 1 giga­ bit or higher. Regardless of a port’s configuration, if it is actually operating at a speed lower than 1 gigabit, it drops inbound jumbo frames.

  • Page 348

    Port Traffic Controls Cut-Through Switching on the HP 6120XG ProCurve(config)# cut-through Switch needs to be rebooted for configuration to become active Figure 12-8. Example of Enabling Cut-through Mode To display the status of cut-through mode, enter this command. Syntax: show cut-through Displays the cut-through mode status.

  • Page 349

    Configuring for Network Management Applications Contents Using SNMP Tools To Manage the Switch ..... . 13-4 Overview ..........13-4 SNMP Management Features .

  • Page 350: Table Of Contents

    Configuring for Network Management Applications Contents CLI-Configured sFlow with Multiple Instances ....13-36 Terminology ......... . 13-36 Configuring sFlow .

  • Page 351

    Configuring for Network Management Applications Contents LLDP and CDP Data Management ......13-83 LLDP and CDP Neighbor Data ......13-83 CDP Operation and Commands .

  • Page 352: Using Snmp Tools To Manage The Switch, Overview

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Using SNMP Tools To Manage the Switch Overview You can manage the switch via SNMP from a network management station running an application such as ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+). For more on PCM and PCM+, visit the ProCurve Networking web site at: www.procurve.com Click on products index in the sidebar, then click on the appropriate link...

  • Page 353

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch VLAN feature, refer to the section titled “The Secure Management VLAN” in the “Static Virtual LANs (VLANs)” chapter of the Advanced Traffic Management Guide for your switch. 13-5...

  • Page 354: Snmp Management Features, Configuring For Snmp Version 1 And 2c Access To The Switch

    (RFC 1515), and others. The switch SNMP agent also uses certain variables that are included in a Hewlett-Packard proprietary MIB (Management Information Base) file. If you are using HP OpenView, you can ensure that it is using the latest version of the MIB file by downloading the file to the OpenView database.

  • Page 355: Configuring For Snmp Version 3 Access To The Switch

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch If you want to restrict access to one or more specific nodes, you can use the switch’s IP Authorized Manager feature. (Refer to the Access Security Guide for your switch.) C a u t i o n For ProCurve Manager (PCM) version 1.5 or earlier (or any TopTools version), deleting the “public”...

  • Page 356: Snmp Version 3 Commands

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Version 3 Commands SNMP version 3 (SNMPv3) adds some new commands to the CLI for configuring SNMPv3 functions. To enable SMNPv3 operation on the switch, use the snmpv3 enable command. An initial user entry will be generated with MD5 authentication and DES privacy.

  • Page 357: Enabling Snmpv3, Snmpv3 Users, Enabling Snmpv

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Enabling SNMPv3 The snmpv3 enable command allows the switch to: ■ Receive SNMPv3 messages. ■ Configure initial users. Restrict non-version 3 messages to “read only” (optional). ■ Figure 13-1 shows an example of how to use the snmpv3 enable command. N o t e : To create new users, most SNMPv3 management software requires an initial S N M P...

  • Page 358

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch 1. Configure users in the User Table with the snmpv3 user command. To view the list of configured users, enter the show snmpv3 user command (see “Adding Users” on page 13-10). 2. Assign users to Security Groups based on their security model with the snmpv3 group command (see “Assigning Users to Groups”...

  • Page 359

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMPv3 User Commands Syntax: [no] snmpv3 user <user_name> Adds or deletes a user entry for SNMPv3. Authorization and privacy are optional, but to use privacy, you must use authorization. When you delete a user, only the <user_name>...

  • Page 360

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Assigning Users to Groups. Then you must set the group access level for the user by assigning the user to a group. This is done with the snmpv3 group command.

  • Page 361: Group Access Levels, Snmpv3 Communities

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Group Access Levels The switch supports eight predefined group access levels. There are four levels for use with version 3 users and four are used for access by version 2c or version 1 management applications.

  • Page 362

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: [no] snmpv3 community This command maps or removes a mapping of a community name to a group access level. To remove a mapping you, only need to specify the index_name parameter.

  • Page 363: Communities

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Community Features Feature Default Menu SNMP show communities page page — 13-15 13-17 configure identity information none — page 13-18 configure community names public page page — 13-15 13-18 MIB view for a community name...

  • Page 364

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Note: This screen gives an overview of the SNMP communities that are currently Add and Edit options are configured. All fields in used to modify the SNMP this screen are read- options.

  • Page 365: Cli: Viewing And Configuring Snmp Community Names

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch CLI: Viewing and Configuring SNMP Community Names Community Name Commands Page show snmp-server [<community-string>] 13-17 [no] snmp-server 13-18 [community <community-str>] 13-18 [host <community-str> <ip-addr>] 13-21 [<none | debug | all | not-info | critical>] [enable traps <authentication>...

  • Page 366

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring Community Names and Values. The snmp-server command enables you to add SNMP communities with either default or specific access attributes, and to delete specific communities. Syntax: [no] snmp-server community < community-name > Configures a new community name.

  • Page 367: Snmp Notifications, Supported Notifications

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Notifications The switches covered in this guide support: ■ SNMP version 1 or SNMP version 2c traps SNMPv2c informs ■ SNMPv3 notification process, including traps ■ This section describes how to configure a switch to send network security and link-change notifications to configured trap receivers.

  • Page 368: General Steps For Configuring Snmp Notifications

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Advance Traffic Management Guide: ■ • Loop protection • Spanning Tree (STP, RSTP, MSTP) Access Security Guide: ■ • MAC lockdown • MAC lockout • Uni-Directional Link Detection (UDLD) General Steps for Configuring SNMP Notifications To configure SNMP notifications, follow these general steps: 1. Determine the versions of SNMP notifications that you want to use in your...

  • Page 369: Snmpv1 And Snmpv2c Traps, Configuring An Snmp Trap Receiver

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMPv1 and SNMPv2c Traps The switches covered in this guide support the following functionality from earlier SNMP versions (SNMPv1 and SNMPv2c): ■ Trap receivers: A trap receiver is a management station to which the switch sends SNMP traps and (optionally) event log messages sent from the switch.

  • Page 370

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: snmp-server host <ipv4-addr | ipv6-addr> <community name> Configures a destination network management station to receive SNMPv1/v2c traps, and (optionally) event log messages sent as traps from the switch, using the specified community name and destination IPv4 or IPv6 address.

  • Page 371: Enabling Snmpv2c Informs

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch For example, to configure a trap receiver in a community named "red-team" with an IP address of 10.28.227.130 to receive only "critical" event log messages, you can enter the following command: ProCurve(config)# snmp-server host 10.28.227.130 red-team critical N o t e s...

  • Page 372

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch N o t e The retries and timeout values are not used to send trap requests. To verify the configuration of SNMPv2c informs, enter the show snmp-server command: ProCurve(config)# show snmp-server SNMP Communities Community Name...

  • Page 373: Configuring Snmpv3 Notifications

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring SNMPv3 Notifications The SNMPv3 notification process allows messages that are passed via SNMP between the switch and a network management station to be authenticated and encrypted. To configure SNMPv3 notifications, follow these steps: 1. Enable SNMPv3 operation on the switch by entering the snmpv3 enable command (see “SNMP Version 3 Commands”...

  • Page 374

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch 5. Configure the target address of the SNMPv3 management station to which SNMPv3 informs and traps are sent by entering the snmpv3 targetaddress command. Syntax: [no] snmpv3 targetaddress < ipv4-addr | ipv6-addr> < name > Configures the IPv4 or IPv6 address, name, and configuration filename of the SNMPv3 management station to which notification messages are sent.

  • Page 375

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: [no] snmpv3 targetaddress < ipv4-addr | ipv6-addr> < name > —Continued— [timeout < value >] (Optional) Time (in millisecond increments) allowed to receive a response from the target before notification packets are retransmitted.

  • Page 376: Managing Network Security Notifications

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch An example of how to configure SNMPv3 notification is shown here: Params _name value in the snmpv3 targetaddress command The tag _name value in snmpv3 notify command matches the matches the params _name value in the snmpv3 params tag _name value in the snmpv3 targetaddress command.

  • Page 377

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch To enable or disable notification/traps for network security failures and other security events, enter the snmp-server enable traps command. Syntax: [no] snmp-server enable traps [snmp-auth | password-change-mgr | login­ failure-mgr | port-security | auth-server-fail] Enables or disables sending one of the following types of security notification to configured trap receivers:...

  • Page 378: Enabling Link-change Traps

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch ProCurve(config)# show snmp-server traps Link-change trap setting Trap Receivers Link-Change Traps Enabled on Ports [All] : A1-A24 Trap Category Current Trap Configuration ------------------------------ -------------------------- SNMP Authentication extended Password change enabled Network security notification settings...

  • Page 379: Configuring The Source Ip Address For Snmp Notifications

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring the Source IP Address for SNMP Notifications The switch uses an interface IP address as the source IP address in IP headers when sending SNMP notifications (traps and informs) or responses to SNMP requests.

  • Page 380

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch To configure the switch to use a specified source IP address in generated trap PDUs, enter the snmp-server trap-source command. Syntax: [no] snmp-server trap-source [<ipv4-addr >] Specifies the source IP address to be used for a trap PDU. The no form of the command resets the switch to the default behavior (compliant with rfc-1517).

  • Page 381: Displaying Snmp Notification Configuration

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch ProCurve(config)# show snmp-server SNMP Communities Community Name MIB View Write Access ---------------- -------- ------------ public Manager Unrestricted Trap Receivers Link-Change Traps Enabled on Ports [All] : All Excluded MIBs dstIpOfRequest: The Snmp Response Pdu Source-IP Information destination IP address of...

  • Page 382

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch In the following example, the show snmp-server command output shows that the switch has been configured to send SNMP traps and notifications to management stations that belong to the “public”, “red-team”, and “blue-team” communities.

  • Page 383: Configuring Listening Mode

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring Listening Mode For switches that have a separate out-of-band management port, you can specify whether a configured SNMP server listens for SNMP queries over the out-of-band management interface, the data interface, or both. By default, the switch listens over both interfaces.

  • Page 384: Advanced Management: Rmon, Cli-configured Sflow With Multiple Instances, Terminology

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Advanced Management: RMON The switch supports RMON (Remote Monitoring) on all connected network segments. This allows for troubleshooting and optimizing your network. The following RMON groups are supported: ■...

  • Page 385: Configuring Sflow, Viewing Sflow Configuration And Status

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring sFlow The following sFlow commands allow you to configure sFlow instances via the CLI. Syntax: [no] sflow <receiver-instance> destination <ip-address> [udp-port-num] Enables an sFlow receiver/destination. The receiver-instance number must be a 1, 2, or 3.

  • Page 386

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: show sflow <receiver instance> sampling-polling <port-list/range> Displays status information about sFlow sampling and polling. The show sflow agent command displays read-only switch agent information. The version information shows the sFlow version, MIB support and software versions;...

  • Page 387

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Max Datagram Size shows the currently set value (typically a ■ default value, but this can also be set by the management station). The show sflow <instance> sampling-polling [port-list] command displays infor­ mation about sFlow sampling and polling on the switch.

  • Page 388: Lldp (link-layer Discovery Protocol), Lldp (link-layer Discovery Protocol)

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP (Link-Layer Discovery Protocol) To standardize device discovery on all ProCurve switches, LLDP will be implemented while offering limited read-only support for CDP as documented in this manual. For the latest information on your switch model, consult the Release Notes (available on the ProCurve Networking web site).

  • Page 389: Terminology

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP-MED (LLDP Media Endpoint Discovery): Provides an extension to LLDP and is designed to support VoIP deployments. N o t e LLDP-MED is an extension for LLDP, and the switch requires that LLDP be enabled as a prerequisite to LLDP-MED operation.

  • Page 390

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP Neighbor: An LLDP device that is either directly connected to another LLDP device or connected to that device by another, non-LLDP Layer 2 device (such as a hub) Note that an 802.1D-compliant switch does not forward LLDP data packets even if it is not LLDP-aware.

  • Page 391: General Lldp Operation, Lldp-med, Packet Boundaries In A Network Topology

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) TLV (Type-Length-Value): A data unit that includes a data type field, a data unit length field (in bytes), and a field containing the actual data the unit is designed to carry (as an alphanumeric string, a bitmap, or a subgroup of information).

  • Page 392: Configuration Options

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Configuration Options Enable or Disable LLDP on the Switch. In the default configuration, LLDP is globally enabled on the switch. To prevent transmission or receipt of LLDP traffic, you can disable LLDP operation (page 13-44) Enable or Disable LLDP-MED.

  • Page 393

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) SNMP Notification. You can enable the switch to send a notification to any configured SNMP trap receiver(s) when the switch detects a remote LLDP data change on an LLDP-enabled port (page 13-54). Per-Port (Outbound) Data Options.

  • Page 394: Options For Reading Lldp Information Collected By The Switch, Lldp And Lldp-med Standards Compatibility

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Data Type Configuration Default Description Options The Packet Time-to-Live value is included in LLDP data packets. (Refer to “Changing the Time-to-Live for Transmitted Advertisements” on page 13-52.) Subelement of the Chassis ID TLV. Subelement of the Port ID TLV.

  • Page 395: Lldp Operating Rules

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) RFC 2737 (Entity MIB) ■ ■ RFC 2863 (Interfaces MIB) ■ ANSI/TIA-1057/D6 (LLDP-MED; refer to “LLDP-MED (Media-Endpoint- Discovery)” on page 13-62.) LLDP Operating Rules (For additional information specific to LLDP-MED operation, refer to “LLDP­ MED (Media-Endpoint-Discovery)”...

  • Page 396: Configuring Lldp Operation, Viewing The Current Configuration

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Spanning-Tree Blocking. Spanning tree does not prevent LLDP packet transmission or receipt on STP-blocked links. 802.1X Blocking. Ports blocked by 802.1X operation do not allow transmission or receipt of LLDP packets. Configuring LLDP Operation In the default configuration, LLDP is enabled and in both transmit and receive mode on all active ports.

  • Page 397

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displays the LLDP global configuration, LLDP port status, and SNMP notification status. For information on port admin status, refer to “Configuring Per-Port Transmit and Receive Modes” on page 13-55. For example, show lldp config produces the following display when the switch is in the default LLDP configuration: Note: This value corresponds to the lldp refresh-interval...

  • Page 398: Configuring Global Lldp Packet Controls

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying Port Configuration Details. This command displays the port- specific configuration, including. Syntax show lldp config < port-list > Displays the LLDP port-specific configuration for all ports in < port-list >, including which optional TLVs and any non-default IP address that are included in the port’s outbound advertisements.

  • Page 399

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Add entries to its neighbors table based on data read from incoming LLDP ■ advertisements. Syntax [no] lldp run Enables or disables LLDP operation on the switch. The no form of the command, regardless of individual LLDP port configurations, prevents the switch from transmitting outbound LLDP advertisements, and causes the switch to drop all LLDP advertisements received from other devices.

  • Page 400

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Changing the Time-to-Live for Transmitted Advertisements. The Time-to-Live value (in seconds) for all LLDP advertisements transmitted from a switch is controlled by the switch that generates the advertisement, and determines how long an LLDP neighbor retains the advertised data before discarding it.

  • Page 401

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax setmib lldpTxDelay.0 -i < 1 - 8192 > Uses setmib to change the minimum time (delay-interval) any LLDP port will delay advertising successive LLDP advertisements due to a change in LLDP MIB content. (Default: 2;...

  • Page 402: Configuring Snmp Notification Support

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) delay interval delays the port’s ability to reinitialize and generate LLDP traffic following an LLDP disable/enable cycle. Syntax setmib lldpReinitDelay.0 -i < 1 - 10 > Uses setmib to change the minimum time (reinitialization delay interval) an LLDP port will wait before reinitializing after receiving an LLDP disable command followed closely by a txonly or tx_rx command.

  • Page 403: Configuring Per-port Transmit And Receive Modes

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Changing the Minimum Interval for Successive Data Change Notifications for the Same Neighbor. If LLDP trap notification is enabled on a port, a rapid succession of changes in LLDP information received in advertisements from one or more neighbors can generate a high number of traps.

  • Page 404: Configuring Basic Lldp Per-port Advertisement Content

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Configuring Basic LLDP Per-Port Advertisement Content In the default LLDP configuration, outbound advertisements from each port on the switch include both mandatory and optional data. Mandatory Data. An active LLDP port on the switch always includes the mandatory data in its outbound advertisements.

  • Page 405

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) For example, if port 3 belongs to a subnetted VLAN that includes an IP address of 10.10.10.100 and you wanted port 3 to use this secondary address in LLDP advertisements, you would need to execute the following command: ProCurve(config)# lldp config 3 ipAddrEnable 10.10.10.100 Optional Data.

  • Page 406: Advertisements

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) system_cap For outbound advertisements, this TLV includes a bitmask of supported system capabilities (device functions). Also includes information on whether the capabilities are enabled. (Default: Enabled) For example, if you wanted to exclude the system name TLV from the outbound LLDP advertisements for all ports on a switch, you would use this command: ProCurve(config)# no lldp config 1-24 basicTlvEnable...

  • Page 407: Port Vlan Id Tlv Support On Lldp, Configuring The Vlan Id Tlv

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax: [no] lldp config < port-list > dot3TlvEnable macphy_config For outbound advertisements, this TLV includes the (local) switch port’s current speed and duplex settings, the range of speed and duplex settings the port supports, and the method required for reconfiguring the speed and duplex settings on the device (auto-negotiation during link initialization, or manual configuration).

  • Page 408: Displaying The Tlvs Advertised

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying the TLVs Advertised The show commands display the configuration of the TLVs. The command show lldp config lists the TLVs advertised for each port. ProCurve(config)# show lldp config a1 LLDP Port Configuration Detail Port : a1 AdminStatus [Tx_Rx] : Tx_Rx NotificationEnabled [False] : False...

  • Page 409: Snmp Support

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ProCurve(config)# show lldp info local-device a1 LLDP Local Port Information Detail Port : A1 PortType : local PortId PortDesc : A1 The information that LLDP used in its Port VLAN ID : 1 advertisement.

  • Page 410: Lldp-med (media-endpoint-discovery), Lldp-med (media-endpoint-discovery)

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) The port VLAN ID TLV local information can be obtained from the MIB object lldpXdot1LocPortVlanId in the local information table lldpXdot1LocTable. The port VLAN ID TLV information about all the connected peer devices can be obtained from the MIB object lldpXdot1RemPortVlanId in the remote information table lldpXdot1RemTable.

  • Page 411

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) IP communications controllers ■ other VoIP devices or servers ■ LLDP-MED Class 1 Generic Endpoints Switches Providing Network Access to LLDP-MED Endpoints Such As IP Call Control Devices IP Network IP Network IP Network IP Network Infrastructure...

  • Page 412

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) provide information on network connectivity capabilities (for ■ example, a multi-port VoIP phone with Layer 2 switch capability) support the fast start capability ■ N o t e LLDP-MED on the switches covered in this guide is intended for use with VoIP endpoints, and is not designed to support links between network infrastructure devices, such as switch-to-switch or switch-to-router links.

  • Page 413: Lldp-med Topology Change Notification

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP-MED Topology Change Notification This optional feature provides information an SNMP application can use to track LLDP-MED connects and disconnects. Syntax: lldp top-change-notify < port-list > Topology change notification, when enabled on an LLDP port, causes the switch to send an SNMP trap if it detects LLDP­...

  • Page 414: Lldp-med Fast Start Control, And Location Data

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP-MED Fast Start Control Syntax: lldp fast-start-count < 1 - 10 > An LLDP-MED device connecting to a switch port may use the data contained in the MED TLVs from the switch to configure itself.

  • Page 415

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) N o t e LLDP-MED operation requires the macphy_config TLV subelement—enabled by default—that is optional for IEEE 802.1AB LLDP operation. Refer to the dot3TlvEnable macphy_config command on page 13-59. Network Policy Advertisements. Network policy advertisements are intended for real-time voice and video applications, and include these TLV subelements: ■...

  • Page 416

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) N o t e s A codepoint must have an 802.1p priority before you can configure it for use in prioritizing packets by VLAN-ID. If a codepoint you want to use shows No Override in the Priority column of the DSCP policy table (display with show qos­...

  • Page 417: Configuring Location Data For Lldp-med Devices

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) network-policy This TLV enables the switch port to advertise its configured network policies (voice VLAN, Layer 2 QoS, Layer 3 QoS), and allows LLDP-MED endpoint devices to auto-configure the voice network policy advertised by the switch.

  • Page 418

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax: [no] lldp config < port-list > medPortLocation < Address-Type > Configures location or emergency call data the switch advertises location_id per port in the TLV. This TLV is for use by LLDP­ MED endpoints employing location-based applications.

  • Page 419

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) — Continued— Type/Value Pairs ( CA-TYPE CA-VALUE ): This is a series of data pairs, each composed of a location data “type” specifier and the corresponding location data for that type. That is, the first value in a pair is expected to be the civic address “type”...

  • Page 420

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note: A switch port allows one instance of any given CA­ TYPE. For example, if a type/value pair of 6 Atlantic (to specify “Atlantic” as a street name) is configured on port A5 and later another type/value pair of 6 Pacific is configured on the same port, then Pacific replaces Atlantic in the civic address location configured for port A5.

  • Page 421

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Table 13-4. Some Location Codes Used in CA-TYPE Fields* Location Element Code Location Element Code national subdivision street number regional subdivision additional location data city or township unit or apartment city subdivision floor street room number...

  • Page 422: Displaying Advertisement Data

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ProCurve(config)# lldp config d1 medportlocation civic-addr US 2 1 C ProCurve(config)# show lldp config d1 LLDP Port Configuration Detail Port : D1 AdminStatus [Tx_Rx] : disable NotificationEnabled [False] : False Med Topology Trap Enabled [False] : False Country Name : US What...

  • Page 423

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying Switch Information Available for Outbound Advertisements These commands display the current switch information that will be used to populate outbound LLDP advertisements. Syntax show lldp info local-device [port-list] Without the [port-list] option, this command displays the global switch information and the per-port information currently available for populating outbound LLDP advertisements.

  • Page 424

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ProCurve# show lldp info local-device LLDP Local Device Information Chassis Type : mac-address Chassis Id : 00 24 81 b0 09 21 System Name : ProCurve 6120 Blade Switch System Description : ProCurve 498358-B21 6120 Blade Switch, revision ... System Capabilities Supported:bridge System Capabilities Enabled:bridge The Management Address field displays only...

  • Page 425

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) an LLDP-MED endpoint, refer to “Displaying the Current Port Speed and Duplex Configuration on a Switch Port” on page 13-76. Syntax: show interfaces brief < port-list > Includes port speed and duplex configuration in the Mode column of the resulting display.

  • Page 426

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ProCurve# show lldp info remote-device LLDP Remote Devices Information LocalPort | ChassisId PortId PortDescr SysName --------- + ------------------------- ------ --------- --------------------- | HP ProCurve Switch 282... 1 | HP ProCurve Switch 252... 9 | HP ProCurve Switch 282...

  • Page 427: Displaying Lldp Statistics

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying LLDP Statistics LLDP statistics are available on both a global and a per-port levels. Rebooting the switch resets the LLDP statistics counters to zero. Disabling the transmit and/or receive capability on a port “freezes” the related port counters at their current values.

  • Page 428

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) — Continued — Per-Port LLDP Counters: NumFramesRecvd: Shows the total number of valid, inbound LLDP advertisements received from any neighbor(s) on < port- list >. Where multiple neighbors are connected to a port through a hub, this value is the total number of LLDP advertisements received from all sources.

  • Page 429: Lldp Operating Notes

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Counters showing frames sent on a port but no frames received on that port indicates an active link with a device that either has LLDP disabled on the link or is not LLDP- aware.

  • Page 430

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) One IP Address Advertisement Per-Port: LLDP advertises only one IP address per-port, even if multiple IP addresses are configured by lldp config < port-list > ipAddrEnable on a given port. 802.1Q VLAN Information. LLDP packets do not include 802.1Q header information, and are always handled as untagged packets.

  • Page 431: Lldp And Cdp Data Management, Lldp And Cdp Neighbor Data

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ProCurve# walkmib ifDescr ifDescr.1 = D1 ifDescr.2 = D2 ifDescr.3 = D3 ifDescr.23 = X1 ifDescr.24 = X2 ifDescr.25 = C1 ifDescr.75 = DEFAULT_VLAN Figure 13-31. Matching Internal Port Numbers to External Slot/Port Numbers LLDP and CDP Data Management This section describes points to note regarding LLDP (Link-Layer Discovery Protocol) and CDP (Cisco Discovery Protocol) data received by the switch...

  • Page 432

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) • The LLDP “System Descr” field maps to CDP’s “Version” and “Plat­ form” fields. • The switch assigns “ChassisType” and “PortType” fields as “local” for both the LLDP and the CDP advertisements it receives. •...

  • Page 433: Cdp Operation And Commands

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Protocol State Packet Inbound Data Management Inbound Packet Forwarding Generation Both CDP data collection and LLDP transmit/receive are enabled in the default configuration. If a switch receives CDP packets and LLDP packets from the same neighbor device on the same port, it stores and displays the two types of information separately if the chassis and port ID information in the two types of advertisements is different.

  • Page 434

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Command Page show cdp 13-86 show cdp neighbors [< port-list > detail] 13-87 [detail < port-list >] [no] cdp run 13-87 [no] cdp enable < port-list > 13-88 N o t e For details on how to use an SNMP utility to retrieve information from the switch’s CDP Neighbors table maintained in the switch’s MIB (Management Information Base), refer to the documentation provided with the particular...

  • Page 435

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Viewing the Switch’s Current CDP Neighbors Table. Devices are listed by the port on which they were detected. Syntax: show cdp neighbors Lists the neighboring CDP devices the switch detects, with a subset of the information collected from the device’s CDP packet.

  • Page 436

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) For example, to disable CDP read-only on the switch: ProCurve(config)# no cdp run When CDP is disabled: ■ show cdp neighbors displays an empty CDP Neighbors table ■ displays show cdp Global CDP information Enable CDP [Yes]: No Enabling or Disabling CDP Operation on Individual Ports.

  • Page 437: Console Connected Pc Or Unix Workstation, Contents, Connected Pc Or Unix Workstation

    File Transfers Contents Overview ........... . A-3 Downloading Switch Software .

  • Page 438: Copying Command Output To A Destination Device, Copying Event Log Output To A Destination Device

    File Transfers Contents Transferring Switch Configurations ......A-26 TFTP: Copying a Configuration File to a Remote Host ..A-26 TFTP: Copying a Configuration File from a Remote Host .

  • Page 439: Downloading Switch Software, Overview

    File Transfers Overview Overview The switches covered in this guide support several methods for transferring files to and from a physically connected device, or via the network, including TFTP, Xmodem, and USB. This appendix explains how to download new switch software, and upload or download switch configuration files and software images.

  • Page 440: General Software Download Rules, Using Tftp To Download Software From A Server

    File Transfers Downloading Switch Software General Software Download Rules Switch software that you download via the menu interface always goes ■ to primary flash. ■ After a software download, you must reboot the switch to implement the new software. Until a reboot occurs, the switch continues to run on the software it was using before the download commenced.

  • Page 441: Menu: Tftp Download From A Server To Primary Flash

    File Transfers Downloading Switch Software Menu: TFTP Download from a Server to Primary Flash Note that the menu interface accesses only the primary flash. 1. In the console Main Menu, select Download OS to display the screen in figure A-1. (The term “OS”, or “operating system” refers to the switch software): ===========================-TELNET - MANAGER MODE -============================ Download OS...

  • Page 442

    File Transfers Downloading Switch Software A “progress” bar indicates the progress of the download. When the entire software file has been received, all activity on the switch halts and you will see Validating and writing system software to FLASH... 7. After the primary flash memory has been updated with the new software, you must reboot the switch to implement the newly downloaded software.

  • Page 443: Cli: Tftp Download From A Server To Flash

    File Transfers Downloading Switch Software To find more information on the cause of a download failure, examine the messages in the switch’s Event Log by executing the show log tftp command from the CLI. Also: ■ For more on the Event Log, see “Using the Event Log for Troubleshooting Switch Problems”...

  • Page 444

    File Transfers Downloading Switch Software This command automatically downloads a switch software file to primary or secondary flash. Note that if you do not specify the flash destination, the TFTP download defaults to primary flash. For switches that have a separate out-of-band management port, the oobm parameter specifies that the traffic will go through the out-of-band management interface.

  • Page 445: Enabling Tftp

    File Transfers Downloading Switch Software 4. To confirm that the software downloaded correctly, execute show system and check the Firmware revision line. For information on primary/secondary flash memory and the boot commands, refer to “Using Primary and Secondary Flash Image Options” on page 6-14. N o t e If you use auto-tftp to download a new image in a redundant management system, the active management module downloads the new image to both the...

  • Page 446

    File Transfers Downloading Switch Software The no tftp <client | server> command does not disable auto-TFTP operation. To disable an auto-TFTP command configured on the switch, use the no auto­ tftp command described on page A-11 to remove the command entry from the switch’s configuration.

  • Page 447: Using Auto-tftp

    File Transfers Downloading Switch Software Using Auto-TFTP The auto-tftp command allows you to configure the switch to download software automatically from a TFTP server. How It Works. At switch startup, the auto-TFTP feature automatically downloads a specified software image to the switch from a specified TFTP server, then reboots the switch.

  • Page 448: Using Secure Copy And Sftp

    File Transfers Downloading Switch Software Using Secure Copy and SFTP For some situations you may want to use a secure method to issue commands or copy files to the switch. By opening a secure, encrypted SSH session and enabling ip ssh file transfer, you can then use a third-party software application to take advantage of Secure Copy (SCP) and Secure ftp (SFTP).

  • Page 449: How It Works, The Scp/sftp Process

    File Transfers Downloading Switch Software Protocol major versions differ: 2 vs. 1 Connection closed Protocol major versions differ: 1 vs. 2 Connection closed Received disconnect from < ip-addr >: /usr/local/ libexec/sftp-server: command not supported Connection closed SCP (secure copy) is an implementation of the BSD rcp (Berkeley UNIX remote copy) command tunneled through an SSH connection.

  • Page 450: Disable Tftp And Auto-tftp For Enhanced Security

    File Transfers Downloading Switch Software Disable TFTP and Auto-TFTP for Enhanced Security Using the ip ssh filetransfer command to enable Secure FTP (SFTP) automat­ ically disables TFTP and auto-TFTP (if either or both are enabled). ProCurve(config)# ip ssh filetransfer Enabling SFTP automatically disables TFTP Tftp and auto-tftp have been disabled.

  • Page 451: Command Options

    File Transfers Downloading Switch Software Enables/Disables TFTP. Note: If SFTP is enabled, this field will be set to No. You cannot use this field to enable TFTP if SFTP is enabled. Attempting to do so produces an Inconsistent value message in the banner below the Actions line. Figure A-6.

  • Page 452: Authentication, Scp/sftp Operating Notes

    File Transfers Downloading Switch Software Note As a matter of policy, administrators should not enable the SSHv1-only or the SSHv1-or-v2 advertisement modes. SSHv1 is supported on only some legacy switches (such as the HP ProCurve 2500 switches). To confirm that SSH is enabled type in the command ProCurve(config)# show ip ssh Once you have confirmed that you have enabled an SSH session (with the show ip ssh command), enter ip ssh filetransfer so that SCP and/or SFTP can run.

  • Page 453

    File Transfers Downloading Switch Software When an SFTP client connects, the switch provides a file system display­ ■ ing all of its available files and folders. No file or directory creation is permitted by the user. Files may only be uploaded or downloaded, accord­ ing to the permissions mask.

  • Page 454: Troubleshooting Ssh, Sftp, And Scp Operations

    File Transfers Downloading Switch Software authorized_keys \---oper_keys authorized_keys ■ When using SFTP to copy a software image onto the switch, the command return takes only a few seconds. However, this does not mean that the transfer is complete, because the switch requires additional time (typi­ cally more than one minute) to write the image to flash in the background.

  • Page 455: A Pc Or Unix Workstation

    File Transfers Downloading Switch Software N o t e The Bad file number is from the system error value and may differ depending on the cause of the failure. In the third example, the device file to read was closed as the device read was about to occur. Attempt to Start a Session During a Flash Write.

  • Page 456: Menu: Xmodem Download To Primary Flash

    File Transfers Downloading Switch Software Menu: Xmodem Download to Primary Flash Note that the menu interface accesses only the primary flash. 1. From the console Main Menu, select 7. Download OS (for Edit). 2. Press 3. Use the Space bar to select XMODEM in the Method field. 4. Press , then (for eXecute) to begin the software download.

  • Page 457: Primary Or Secondary Flash

    File Transfers Downloading Switch Software CLI: Xmodem Download from a PC or UNIX Workstation to Primary or Secondary Flash Using Xmodem and a terminal emulator, you can download a software file to either primary or secondary flash. Syntax: copy xmodem flash [< primary | secondary >] Downloads a software file to primary or secondary flash.

  • Page 458: Switch-to-switch Download, Menu: Switch-to-switch Download To Primary Flash

    File Transfers Downloading Switch Software 4. To confirm that the software downloaded correctly: ProCurve> show system Check the Firmware revision line. It should show the software version that you downloaded in the preceding steps. If you need information on primary/secondary flash memory and the boot commands, refer to “Using Primary and Secondary Flash Image Options”...

  • Page 459: Cli: Switch-to-switch Downloads

    File Transfers Downloading Switch Software 7. After the primary flash memory has been updated with the new software, you must reboot the switch to implement the newly downloaded software. (for Reboot Switch). You will then Return to the Main Menu and press see this prompt: Continue reboot of system? : No Press the space bar once to change No to Yes, then press...

  • Page 460: Using Pcm+ To Update Switch Software

    File Transfers Downloading Switch Software Running Total of Bytes Downloaded Figure A-7. Switch-To-Switch, from Primary in Source to Either Flash in Destination Downloading from Either Flash in the Source Switch to Either Flash in the Destination Switch. Syntax: copy tftp flash < ip-addr > < /os/primary > | < /os/secondary > [ primary | secondary ] This command (executed in the destination switch) gives you the most options for downloading between switches.

  • Page 461: Tftp: Copying A Software Image To A Remote Host

    File Transfers Copying Software Images Copying Software Images Using the CLI commands described in this section, you can copy software images from the switch to another device using tftp, xmodem, or usb. N o t e For details on how switch memory operates, including primary and secondary flash, refer to Chapter 6, “Switch Memory and Configuration”.

  • Page 462: Transferring Switch Configurations, Tftp: Copying A Configuration File To A Remote Host

    File Transfers Transferring Switch Configurations Transferring Switch Configurations Transfer Features Feature Page Use TFTP to copy from a remote host to a config file A-27 Use TFTP to copy a config file to a remote host A-28 Use Xmodem to copy a configuration from a serially connected host to a config file A-28 Use Xmodem to copy a config file to a serially connected host A-29 Using the CLI commands described in this section, you can copy switch...

  • Page 463: Tftp: Copying A Customized Command File To A Switch

    File Transfers Transferring Switch Configurations TFTP: Copying a Configuration File from a Remote Host Syntax: copy tftp < startup-config | running-config > < ip-address > < remote-file > [ pc | unix ] copy tftp config < filename > < ip-address > < remote-file > [ pc | unix ] This command can copy a configuration from a remote host to a designated config file in the switch.

  • Page 464

    File Transfers Transferring Switch Configurations Syntax: show tech custom Executes the commands found in a custom file instead of the hard-coded list. Note: Exit the global config mode (if needed) before executing show tech commands. You can include show tech commands in the custom file, with the exception of show tech custom.

  • Page 465

    File Transfers Transferring Switch Configurations Execute the following command: 3. After you see the above prompt, press [Enter] 4. Execute the terminal emulator commands to begin the file transfer. Xmodem: Copying a Configuration File from a Serially Connected PC or UNIX Workstation To use this method, the switch must be connected via the serial port to a PC or UNIX workstation on which is stored the configuration file you want to copy.

  • Page 466

    File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation Syntax: boot system flash [ primary | secondary ] boot system flash [ config < filename > Switches boot from the designated configuration file. For more on multiple configuration files, refer to “Multiple Configuration Files”...

  • Page 467: Copying Command Output To A Destination Device, Copying Event Log Output To A Destination Device

    File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation Copying Command Output to a Destination Device Syntax: copy command-output < “cli-command” > tftp < ip-address > < filepath­ filename > copy command-output < “cli-command” > usb < filename > copy command-output <“cli-command”>...

  • Page 468: Copying Crash Data Content To A Destination Device

    File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation At this point, press [Enter] and start the Xmodem command sequence in your terminal emulator. Figure A-12. Example of Sending Event Log Content to a File on an Attached PC Copying Crash Data Content to a Destination Device This command uses TFTP, USB, or Xmodem to copy the Crash Data content to a destination device.

  • Page 469: Copying Crash Log Data Content To A Destination Device

    File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation Copying Crash Log Data Content to a Destination Device Syntax: copy crash-log [mm>] tftp <ip-address> <filepath and filename> copy crash-log [mm>] usb <filename> copy crash-log [mm>] xmodem where: mm Retrieves the crash log from the switch’s chassis processor.

  • Page 470

    File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation A-34...

  • Page 471

    Monitoring and Analyzing Switch Operation Contents Overview ........... . B-3 Status and Counters Data .

  • Page 472

    Monitoring and Analyzing Switch Operation Contents Mirrored Traffic Destinations ....... B-26 Local Destinations .

  • Page 473

    Monitoring and Analyzing Switch Operation Overview Overview The switches covered in this guide have several built-in tools for monitoring, analyzing, and troubleshooting switch and network operation: ■ Status: Includes options for displaying general switch information, man­ agement address data, port status, port and trunk group statistics, MAC addresses detected on each port or VLAN, and STP, IGMP, and VLAN data (page B-4).

  • Page 474: Status And Counters Data

    Monitoring and Analyzing Switch Operation Status and Counters Data Status and Counters Data This section describes the status and counters screens available through the switch console interface and/or the web browser interface. N o t e You can access all console screens from the web browser interface via Telnet to the console.

  • Page 475: Menu Access To Status And Counters

    Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access To Status and Counters Beginning at the Main Menu, display the Status and Counters menu by select­ ing: 1. Status and Counters Figure B-1. The Status and Counters Menu Each of the above menu items accesses the read-only screens described on the following pages.

  • Page 476: General System Information, Menu Access

    Monitoring and Analyzing Switch Operation Status and Counters Data General System Information Menu Access From the console Main Menu, select: 1. Status and Counters 1. General System Information Figure B-2. Example of General Switch Information This screen dynamically indicates how individual switch resources are being used.

  • Page 477: Cli Access To System Information

    Monitoring and Analyzing Switch Operation Status and Counters Data CLI Access to System Information The show system command displays general system information about the switch. Syntax: show system [information | enclosure] Displays global system information and operational parameters for the switch. information Displays global system information and operational parameters for the switch.

  • Page 478: Task Monitor—collecting Processor Data, Switch Management Address Information, Menu Access

    Monitoring and Analyzing Switch Operation Status and Counters Data Task Monitor—Collecting Processor Data The task monitor feature allows you to enable or disable the collection of processor utilization data. The task-monitor cpu command is equivalent to the existing debug mode command “taskusage -d”. (The taskUsageShow command is available as well.) When the task-monitor command is enabled, the show cpu command summa­...

  • Page 479: Cli Access

    Monitoring and Analyzing Switch Operation Status and Counters Data Figure B-5. Example of Management Address Information with VLANs Configured This screen displays addresses that are important for management of the switch. If multiple VLANs are not configured, this screen displays a single IP address for the entire switch.

  • Page 480: Menu: Displaying Port Status, Port Status, Cli Access, Web Access

    Monitoring and Analyzing Switch Operation Status and Counters Data Port Status The web browser interface and the console interface show the same port status data. Menu: Displaying Port Status From the Main Menu, select: 1. Status and Counters … 4. Port Status Figure B-6.

  • Page 481

    Monitoring and Analyzing Switch Operation Status and Counters Data Viewing Port and Trunk Group Statistics and Flow Control Status Feature Default Menu viewing port and trunk statistics for all page B-12 page B-13 page B-22 ports, and flow control status viewing a detailed summary for a page B-12 page B-13...

  • Page 482: Menu Access To Port And Trunk Statistics

    Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to Port and Trunk Statistics To access this screen from the Main Menu, select: 1. Status and Counters … 4. Port Counters Figure B-7. Example of Port Counters on the Menu Interface To view details about the traffic on a particular port, use the [v] key to highlight that port number, then select Show Details.

  • Page 483: Cli Access To Port And Trunk Group Statistics, Viewing The Switch's Mac Address Tables

    This command provides traffic details for the port(s) you specify Viewing the Switch’s MAC Address Tables N o t e The 6120G/XG supports a maximum of 16,000 MAC address entries. The 6120XG supports a maximum of 32,000 MAC address entries. Feature Default...

  • Page 484

    Monitoring and Analyzing Switch Operation Status and Counters Data The MAC addresses that the switch has learned from network devices ■ attached to the switch ■ The port on which each MAC address was learned 1. From the Main Menu, select: 1.

  • Page 485

    Monitoring and Analyzing Switch Operation Status and Counters Data 2. Type the MAC address you want to locate and press [Enter]. The address and port number are highlighted if found. If the switch does not find the MAC address on the currently selected VLAN, it leaves the MAC address listing empty.

  • Page 486: Cli Access For Mac Address Views And Searches

    Monitoring and Analyzing Switch Operation Status and Counters Data Port. Proceeding from step 2, above: Press [S] (for Search), to display the following prompt: Enter MAC address: _ 2. Type the MAC address you want to locate and press [Enter]. The address is highlighted if found.

  • Page 487

    Monitoring and Analyzing Switch Operation Status and Counters Data B-17...

  • Page 488: Spanning Tree Protocol (mstp) Information, Cli Access To Mstp Data

    Monitoring and Analyzing Switch Operation Status and Counters Data Spanning Tree Protocol (MSTP) Information CLI Access to MSTP Data This option lists the MSTP configuration, root data, and per-port data (cost, priority, state, and designated bridge). Syntax: show spanning-tree This command displays the switch’s global and regional spanning-tree status, plus the per-port spanning-tree operation at the regional level.

  • Page 489: Internet Group Management Protocol (igmp) Status

    Monitoring and Analyzing Switch Operation Status and Counters Data Internet Group Management Protocol (IGMP) Status The switch uses the CLI to display the following IGMP status on a per-VLAN basis: Show Command Output show ip igmp Global command listing IGMP status for all VLANs configured in the switch: •...

  • Page 490: Vlan Information

    Status and Counters Data VLAN Information The switch uses the CLI to display the following VLAN status: N o t e The 6120G/XG supports a maximum of 256 VLANs. The 6120XG supports a maximum of 1,024 VLANs. Show Command Output...

  • Page 491

    Monitoring and Analyzing Switch Operation Status and Counters Data Figure B-14. Example of VLAN Listing for the Entire Switch Listing the VLAN ID (VID) and Status for Specific Ports. Because ports A1 and A2 are not members of VLAN­ 44, it does not appear in this listing.

  • Page 492: Web Browser Interface Status Information

    Monitoring and Analyzing Switch Operation Status and Counters Data Web Browser Interface Status Information The “home” screen for the web browser interface is the Status Overview screen, as shown below. As the title implies, it provides an overview of the status of the switch, including summary graphs indicating the network utili­...

  • Page 493: Traffic Mirroring

    Monitoring and Analyzing Switch Operation Traffic Mirroring Traffic Mirroring Mirror Features Feature Default Menu Mirror CLI Quick Reference B-34 Configure Mirror Source disabled page B-29 page B-35 Configure Mirror Destination at Source disabled page B-29 page B-35 Display Mirror Configuration page B-29 page B-38 Traffic mirroring (Intelligent Mirroring) allows you to mirror (send a copy of) network traffic received or transmitted on a switch interface to a local...

  • Page 494: Mirroring Terminology

    Monitoring and Analyzing Switch Operation Traffic Mirroring All traffic: Monitors all traffic entering or leaving the switch on one or ■ more interfaces (inbound and outbound). Mirroring Terminology Figure B-18 shows an example of the terms used to describe the configuration of a sample local mirroring session: In the local session, inbound traffic entering Switch A is monitored on ■...

  • Page 495

    Monitoring and Analyzing Switch Operation Traffic Mirroring C a u t i o n An exit port should be connected only to a network analyzer, IDS, or other network edge device that has no connection to other network resources. Connecting a mirroring exit port to a network can result in serious network performance problems, and is strongly discouraged by ProCurve Networking.

  • Page 496: Mirrored Traffic Destinations, Local Destinations, Monitored Traffic Sources, Criteria For Selecting Mirrored Traffic, Mirroring Sessions

    Monitoring and Analyzing Switch Operation Traffic Mirroring Mirrored Traffic Destinations Local Destinations A local mirrored traffic destination is a port on the same switch as the source of the traffic being mirrored. C a u t i o n Configuring a mirroring source switch with the destination and traffic selec­ tion criteria for a given mirroring session causes the switch to immediately begin mirroring traffic to that destination.

  • Page 497: Mirroring Configuration

    Monitoring and Analyzing Switch Operation Traffic Mirroring Mirroring Configuration Table B-1 shows the different types of mirroring that you can configure using the CLI, Menu, and SNMP interfaces. Table B-1. Mirroring Configuration Options Monitoring Traffic Selection Traffic Direction Interface and Criteria CLI Config Menu and Web...

  • Page 498: Endpoint Switches And Intermediate Devices

    Monitoring and Analyzing Switch Operation Traffic Mirroring C o n f i g u r a t i o n Using the CLI, you can configure all mirroring options on a switch. N o t e s Using the Menu or Web interface, you can configure session 1 local mirroring for traffic in both directions on specified interfaces.

  • Page 499: Using The Menu Or Web Interface To Configure Local Mirroring, Menu And Web Interface Limits

    Monitoring and Analyzing Switch Operation Traffic Mirroring Using the Menu or Web Interface To Configure Local Mirroring Menu and Web Interface Limits The Menu and Web interfaces can be used to quickly configure or reconfigure local mirroring on session 1, and allow the following mirroring source option: ■...

  • Page 500: Configuration Steps

    Monitoring and Analyzing Switch Operation Traffic Mirroring Configuration Steps N o t e s If mirroring has already been enabled on the switch, the Menu screens will appear differently than shown in this section. 1. From the Main Menu, select: 2.

  • Page 501

    Monitoring and Analyzing Switch Operation Traffic Mirroring Switch Configuration - Network Monitoring Port Move the cursor to the Monitoring Port parameter, Monitoring Enabled [No] : Yes Monitoring Port : then use the Space bar to select the local exit port. Monitor : Ports Port Type...

  • Page 502

    Monitoring and Analyzing Switch Operation Traffic Mirroring Switch Configuration - Network Monitoring Port Monitoring Enabled [No] : Yes Use the down arrow key to select the interface(s) Monitoring Port : whose traffic you want to mirror to the local exit port. Monitor : Ports Port Type...

  • Page 503: Cli: Configuring Local Mirroring, Local Mirroring Overview

    Monitoring and Analyzing Switch Operation Traffic Mirroring CLI: Configuring Local Mirroring Command Page Quick Reference Local Mirroring Commands B-34 Configuring a Local Mirroring Destination On the local switch: mirror < session > port < exit-port > B-35 Configuring Monitored Traffic interface <...

  • Page 504

    Monitoring and Analyzing Switch Operation Traffic Mirroring Determine the session and local destination port: • Session number (1-4) and (optional) alphanumeric name • Exit port (any port on the switch except a monitored interface used to mirror traffic) 2. Enter the mirror < session-# > [ name < session-name >] port < port-# > command to configure the session.

  • Page 505: Determine The Mirroring Session And Destination, Configure A Mirroring Session On The Source Switch

    Monitoring and Analyzing Switch Operation Traffic Mirroring 1. Determine the Mirroring Session and Destination For a Local Mirroring Session. Determine the port number for the exit port (such as A5, B10, etc.), then go to “3. Configure the Monitored Traffic in a Mirror Session”...

  • Page 506: Traffic Selection Options, Mirroring-source Restrictions, Selecting All Inbound/outbound Traffic To Mirror

    Monitoring and Analyzing Switch Operation Traffic Mirroring Traffic Selection Options To configure traffic mirroring, you must specify the source interface, traffic direction, and criteria to be used to select the traffic to be mirrored using the following options: ■ Interface type •...

  • Page 507

    Monitoring and Analyzing Switch Operation Traffic Mirroring This command assigns a mirroring source to a previously configured mirroring session on a source switch. It specifies the port and/or trunk source(s) to use, the direction of traffic to mirror, and the session identifier. The no form of the command removes a mirroring source assigned to the session, but does not remove the session itself.

  • Page 508: Displaying A Mirroring Configuration, Displaying The Mirroring Configuration Summary

    Monitoring and Analyzing Switch Operation Traffic Mirroring Displaying a Mirroring Configuration Displaying the Mirroring Configuration Summary Use the show monitor command to display information on the currently con­ figured status, traffic-selection criteria, and number of monitored interfaces in each mirroring session on a switch. Local Mirroring Source: ProCurve# show monitor •...

  • Page 509

    Monitoring and Analyzing Switch Operation Traffic Mirroring Syntax: show monitor Policy: Indicates whether the source is using a classifier-based mirroring policy to select inbound IPv4 or IPv6 traffic for mirroring. B-39...

  • Page 510: Viewing Mirroring In The Current Configuration File

    Monitoring and Analyzing Switch Operation Traffic Mirroring Viewing Mirroring in the Current Configuration File Using the show run command, you can view the current mirroring configura­ tion on the switch. Source mirroring session entries begin with the mirror keyword and the mirroring sources are listed per-interface.

  • Page 511: Mirroring Configuration Examples, Local Mirroring Using Traffic-direction Criteria

    Monitoring and Analyzing Switch Operation Traffic Mirroring Mirroring Configuration Examples Local Mirroring Using Traffic-Direction Criteria Example of Local Mirroring Configuration. An administrator wants to mirror the inbound traffic from workstation “X” on port A5 and workstation “Y” on port B17 to a traffic analyzer connected to port C24. In this case, the administrator chooses “1”...

  • Page 512: Maximum Supported Frame Size

    Monitoring and Analyzing Switch Operation Traffic Mirroring Maximum Supported Frame Size The IPv4 encapsulation of mirrored traffic adds a 54-byte header to each mirrored frame. If a resulting frame exceeds the MTU (Maximum Transmis­ sion Unit) allowed in the network, the frame is dropped. N o t e Mirroring does not truncate frames, and oversized mirroring frames will be dropped.

  • Page 513: Enabling Jumbo Frames To Increase Mirroring Path Mtu

    Monitoring and Analyzing Switch Operation Traffic Mirroring Enabling Jumbo Frames To Increase Mirroring Path MTU On 1 Gbps and 10 Gbps ports in the mirroring path, you can reduce the number of dropped frames by enabling jumbo frames on all intermediate switches and routers.

  • Page 514: Untagged, Mirrored Traffic

    Monitoring and Analyzing Switch Operation Traffic Mirroring Effect of Downstream VLAN Tagging on Untagged, Mirrored Traffic In a mirroring application, if mirrored traffic leaves the switch without 802.1Q VLAN tagging, but is forwarded through a downstream device that adds 802.1Q VLAN tags, then the MTU for untagged, mirrored frames leaving the source switch is reduced below the values shown in table B-2.

  • Page 515

    Monitoring and Analyzing Switch Operation Traffic Mirroring Operating Notes Mirroring Dropped Traffic: Where an interface is configured to mirror­ ■ ing traffic to a destination, it does so regardless of whether the traffic is dropped while on the interface. ■ Mirroring and Spanning Tree: Mirroring is done regardless of the spanning-tree (STP) state of a port or trunk.

  • Page 516

    Monitoring and Analyzing Switch Operation Traffic Mirroring ports B5, B6, and B7 is being mirrored through port B7 to a network analyzer, the mirrored frames from traffic on ports B5 and B6 will not be mirrored a second time as they pass through port B7. ■...

  • Page 517: Troubleshooting Mirroring

    Monitoring and Analyzing Switch Operation Traffic Mirroring Troubleshooting Mirroring Mirrored traffic does not reach configured remote destination switch or remote exit port. For a given mirroring session, the mirror command parameters con­ • figured on the source switch for source IP address, source UDP port, and destination IP address must be identical to their counterparts in the mirror endpoint command configured on the destination switch.

  • Page 518

    Monitoring and Analyzing Switch Operation Traffic Mirroring B-48...

  • Page 519

    Troubleshooting Contents Overview ........... . C-4 Troubleshooting Approaches .

  • Page 520

    Troubleshooting Contents Debug/Syslog Operation ........C-37 Debug/Syslog Messaging .

  • Page 521

    Troubleshooting Contents CLI: Resetting to the Factory-Default Configuration ... . C-75 Clear/Reset: Resetting to the Factory-Default Configuration ..C-75 Restoring a Flash Image ........C-76 DNS Resolver .

  • Page 522

    Troubleshooting Overview Overview This appendix addresses performance-related network problems that can be caused by topology, switch configuration, and the effects of other devices or their configurations on switch operation. (For switch-specific information on hardware problems indicated by LED behavior, cabling requirements, and other potential hardware-related problems, refer to the Installation and Getting Started Guide you received with the switch.) N o t e...

  • Page 523: Troubleshooting Approaches

    Troubleshooting Troubleshooting Approaches Troubleshooting Approaches Use these approaches to diagnose switch problems: ■ Check the HP support web site for software updates that may have solved your problem: www.hp.com/#support ■ Check the switch LEDs for indications of proper switch operation: •...

  • Page 524

    Troubleshooting Troubleshooting Approaches For the downlink and ISL ports, troubleshooting can be done from the OA ■ Web interface. These ports are controlled from both the OA and the switch configuration. A port state is a combination of OA Enable/Disable state and the switch Enable/Disable state.

  • Page 525: Browser Or Telnet Access Problems

    Troubleshooting Browser or Telnet Access Problems Browser or Telnet Access Problems Cannot access the web browser interface: Access may be disabled by the Web Agent Enabled parameter in the switch ■ console. Check the setting on this parameter by selecting: 2.

  • Page 526

    Troubleshooting Browser or Telnet Access Problems Cannot Telnet into the switch console from a station on the network: Telnet access may be disabled by the Inbound Telnet Enabled parameter in ■ the System Information screen of the menu interface: 2. Switch Configuration 1.

  • Page 527: Unusual Network Activity, General Problems

    Troubleshooting Unusual Network Activity Unusual Network Activity Network activity that fails to meet accepted norms may indicate a hardware problem with one or more of the network components, possibly including the switch. Such problems can also be caused by a network loop or simply too much traffic for the network as it is currently designed and implemented.

  • Page 528: Q Prioritization Problems, Igmp-related Problems

    Troubleshooting Unusual Network Activity This can also happen, for example, if the server is first configured to issue IP addresses with an unlimited duration, then is subsequently configured to issue IP addresses that will expire after a limited duration. One solution is to configure “reservations”...

  • Page 529: Lacp-related Problems, Port-based Access Control (802.1x)-related Problems

    Troubleshooting Unusual Network Activity IP Multicast Traffic Floods Out All Ports; IGMP Does Not Appear To Filter Traffic. The IGMP feature does not operate if the switch or VLAN does not have an IP address configured manually or obtained through DHCP/Bootp. To verify whether an IP address is configured for the switch or VLAN, do either of the following: ■...

  • Page 530

    Troubleshooting Unusual Network Activity The switch does not receive a response to RADIUS authentication requests. In this case, the switch will attempt authentication using the secondary method configured for the type of access you are using (console, Telnet, or SSH). There can be several reasons for not receiving a response to an authentication request.

  • Page 531

    Troubleshooting Unusual Network Activity The supplicant statistics listing shows multiple ports with the same authenticator MAC address. The link to the authenticator may have been moved from one port to another without the supplicant statistics having been cleared from the first port. Refer to “Note on Supplicant Statistics” in the chapter on Port-Based and User-Based Access Control in the Access Security Guide for your switch.

  • Page 532: Qos-related Problems

    Troubleshooting Unusual Network Activity Global RADIUS Encryption Key Unique RADIUS Encryption Key for the RADIUS server at 10.33.18.119 Figure C-2. Displaying Encryption Keys Also, ensure that the switch port used to access the RADIUS server is not blocked by an 802.1X configuration on that port. For example, show port- access authenticator <...

  • Page 533: Radius-related Problems

    Troubleshooting Unusual Network Activity Radius-Related Problems The switch does not receive a response to RADIUS authentication requests. In this case, the switch will attempt authentication using the secondary method configured for the type of access you are using (console, Telnet, or SSH). There can be several reasons for not receiving a response to an authentication request.

  • Page 534: Spanning-tree Protocol (mstp) And Fast-uplink Problems

    Troubleshooting Unusual Network Activity Spanning-Tree Protocol (MSTP) and Fast-Uplink Problems C a u t i o n If you enable MSTP, it is recommended that you leave the remainder of the MSTP parameter settings at their default values until you have had an oppor­ tunity to evaluate MSTP performance in your network.

  • Page 535: Ssh-related Problems

    Troubleshooting Unusual Network Activity SSH-Related Problems Switch access refused to a client. Even though you have placed the client’s public key in a text file and copied the file (using the copy tftp pub-key­ file command) into the switch, the switch refuses to allow the client to have access.

  • Page 536

    Troubleshooting Unusual Network Activity Switch does not detect a client’s public key that does appear in the switch’s public key file (show ip client-public-key). The client’s public key entry in the public key file may be preceded by another entry that does not terminate with a new line (CR).

  • Page 537: Tacacs-related Problems

    Troubleshooting Unusual Network Activity TACACS-Related Problems Event Log. When troubleshooting TACACS+ operation, check the switch’s Event Log for indications of problem areas. All Users Are Locked Out of Access to the Switch. If the switch is func­ tioning properly, but no username/password pairs result in console or Telnet access to the switch, the problem may be due to how the TACACS+ server and/or the switch are configured.

  • Page 538

    Troubleshooting Unusual Network Activity The encryption key configured in the server does not match the ■ encryption key configured in the switch (by using the tacacs-server key command). Verify the key in the server and compare it to the key configured in the switch.

  • Page 539: Timep, Sntp, Or Gateway Problems, Vlan-related Problems

    Troubleshooting Unusual Network Activity TimeP, SNTP, or Gateway Problems The Switch Cannot Find the Time Server or the Configured Gateway . TimeP, SNTP, and Gateway access are through the primary VLAN, which in the default configuration is the DEFAULT_VLAN. If the primary VLAN has been moved to another VLAN, it may be disabled or does not have ports assigned to it.

  • Page 540

    Troubleshooting Unusual Network Activity Link supporting VLAN_1 and VLAN_2 Switch “Y” Switch “X” Port Y- 7 Port X-3 VLAN Port Assignment VLAN Port Assignment Port VLAN_1 VLAN_2 Port VLAN_1 VLAN_2 Untagged Tagged Untagged Tagged Figure C-4. Example of Correct VLAN Port Assignments on a Link 1. If VLAN_1 (VID=1) is configured as “Untagged”...

  • Page 541

    Troubleshooting Unusual Network Activity MAC Address “A”; VLAN 1 Server VLAN 1 Switch with 8212zl Switch Single (Multiple MAC Address “A”; VLAN 2 Forwarding Forwarding Database Database) VLAN 2 Problem: This switch detects continual moves of MAC address “A” between ports. Figure C-5.

  • Page 542: Using The Event Log For Troubleshooting Switch Problems, Event Log Entries

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems Using the Event Log for Troubleshooting Switch Problems The Event Log records operating events in single- or double-line entries and serves as a tool to isolate and troubleshoot problems. The maximum number of entries supported in the Event Log is 2000 entries. Entries are listed in chronological order, from the oldest to the most recent.

  • Page 543

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems (debug) is reserved for ProCurve internal diagnostic information. Date is the date in the format mm/dd/yy when an entry is recorded in the log. Time is the time in the format hh:mm:ss when an entry is recorded in the log. Event Number is the number assigned to an event.

  • Page 544

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Documented in ProCurve Hardware/ Description Module Software guide Class of Service (CoS): Provides priority handling of packets Advanced Traffic Management Guide traversing the switch, based on the IEEE 802.1p priority carried by each packet.

  • Page 545

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Documented in ProCurve Hardware/ Description Module Software guide IP addressing: Configures the switch with an IP address and Management and Configuration Guide subnet mask to communicate on the network and support Multicast and Routing Guide remote management access;...

  • Page 546

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Documented in ProCurve Hardware/ Description Module Software guide maclock MAC lockdown and MAC lockout Access Security Guide • MAC lockdown prevents station movement and MAC address “hijacking” by requiring a MAC address to be used only an assigned port on the switch.

  • Page 547

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Documented in ProCurve Hardware/ Description Module Software guide Multiple-instance spanning tree protocol/MSTP (802.1s): Advanced Traffic Management Guide Ensures that only one active path exists between any two nodes in a group of VLANs in the network. MSTP operation is designed to avoid loops and broadcast storms of duplicate messages that can bring down the network.

  • Page 548

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Documented in ProCurve Hardware/ Description Module Software guide vlan Static 802.1Q VLAN operations, including port-and protocol- Advanced Traffic Management Guide based configurations that group users by logical function instead of physical location •...

  • Page 549: Menu: Displaying And Navigating In The Event Log

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems Menu: Displaying and Navigating in the Event Log To display the Event Log from the Main Menu, select Event Log. Figure C-6 shows a sample event log display. ProCurve Switch 5406zl 25-Oct-2007 18:02:52 ==========================-CONSOLE - MANAGER MODE -============================...

  • Page 550: Cli: Displaying The Event Log, Cli: Clearing Event Log Entries

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems Action Rolls back display by one event (up one line). Advances to the end of the log. Displays Help for the Event Log. CLI: Displaying the Event Log To display messages recorded in the event log from the CLI, enter the show logging command.

  • Page 551: Cli: Turning Event Numbering On, Event Log And Snmp Messages

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems To redisplay all hidden entries, including Event Log entries recorded prior to the last reboot, enter the show logging -a command. Syntax: clear logging Removes all entries from the event log display output. CLI: Turning Event Numbering On Syntax: [no] log-numbers Turns event numbering on and off...

  • Page 552: Log Throttle Periods, Example Of Log Throttling

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems Log Throttle Periods The length of the log throttle period differs according to an event’s severity level: Severity Level Log Throttle Period I (Information) 6000 Seconds W (Warning) 600 Seconds D (Debug) 60 Seconds M (Major) 6 Seconds...

  • Page 553

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems If PIM operation caused the same event to occur six more times during the initial log throttle period, there would be no further entries in the Event Log. However, if the event occurred again after the log throttle period expired, the switch would repeat the message (with an updated counter) and start a new log throttle period.

  • Page 554: Example Of Event Counter Operation

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems Example of Event Counter Operation Suppose the switch detects the following after a reboot: ■ Three duplicate instances of the PIM “Send error” during the first log throttle period for this event ■...

  • Page 555: Debug/syslog Operation, Debug/syslog Messaging, Debug/syslog Destination Devices

    Troubleshooting Debug/Syslog Operation Debug/Syslog Operation While the Event Log records switch-level progress, status, and warning messages on the switch, the Debug/System Logging (Syslog) feature provides a way to record Event Log and debug messages on a remote device. For example, you can send messages about routing misconfigurations and other network protocol details to an external device, and later use them to debug network-level problems.

  • Page 556: Debug/syslog Configuration Commands

    Troubleshooting Debug/Syslog Operation A Debug/Syslog destination device can be a Syslog server and/or a console session. You can configure debug and logging messages to be sent to: ■ Up to six Syslog servers A CLI session through a direct RS-232 console connection, or a Telnet or ■...

  • Page 557: Configuring Debug/syslog Operation

    Troubleshooting Debug/Syslog Operation ipv6 dhcpv6-client: Sends DHCPv6 client debug messages to the configured debug destination. nd: Sends IPv6 debug messages for IPv6 neighbor discovery to the configured debug destination(s). packet: Sends IPv6 packet messages to the debug destination(s). lldp Sends LLDP debug logging to the debug destination(s). ssh Sends SSH debug messages at the specified level to the debug destination.

  • Page 558

    Troubleshooting Debug/Syslog Operation b. Re-enter the logging command in Step “a” to configure additional Syslog servers. You can configure up to a total of six servers. (When multiple server IP addresses are configured, the switch sends the debug message types that you configure in Step 3 to all IP addresses.) 2. To use a CLI session on a destination device for debug messaging: a. Set up a serial, Telnet, or SSH connection to access the switch’s CLI.

  • Page 559: Displaying A Debug/syslog Configuration

    Troubleshooting Debug/Syslog Operation C a u t i o n If you configure a severity-level, system-module, logging destination, or logging facility value and save the settings to the startup configuration (for example, by entering the write memory command), the debug settings are saved after a system reboot (power cycle or reboot) and re-activated on the switch.

  • Page 560

    Troubleshooting Debug/Syslog Operation messages sent to the Syslog server, specify a set of messages by entering the logging severity and logging system-module commands. ProCurve(config)# show debug Displays the default debug Debug Logging configuration. (No Syslog server IP Destination: None addresses or debug types are Enabled debug types: configured.) None are enabled...

  • Page 561

    Troubleshooting Debug/Syslog Operation Blocking Event Log messages from being sent from the switch to the ■ Syslog server and a CLI session. To configure Syslog operation in these ways with the Debug/Syslog feature disabled on the switch, you would enter the commands shown in Figure C-6. ProCurve# config ProCurve(config)# logging 10.38.64.164 Configure a Syslog server IP address.

  • Page 562: Debug Command, Debug Messages

    Troubleshooting Debug/Syslog Operation Debug Command At the manager level, use the debug command to perform two main functions: ■ Specifies the types of event messages to be sent to an external destination. Specifies the destinations to which selected message types are sent. ■...

  • Page 563: Debug Destinations

    Troubleshooting Debug/Syslog Operation ip [ rip < database | event | trigger > ] rip < database | event | trigger > > — Enables the specified RIP message type for the configured destination(s). database— Display database changes. event— Display RIP events. trigger—...

  • Page 564

    Troubleshooting Debug/Syslog Operation Note: Debug messages from the switches covered in this guide have a debug severity level. Because the default configuration of some Syslog servers ignore Syslog messages with the debug severity level, ensure that the Syslog servers you want to use to receive debug messages are configured to accept the debug level.

  • Page 565: Logging Command

    Troubleshooting Debug/Syslog Operation Logging Command At the global configuration level, the logging command allows you to enable debug logging on specified Syslog servers and select a subset of Event Log messages to send for debugging purposes according to: ■ Severity level System module ■...

  • Page 566: Configuring A Syslog Server

    Troubleshooting Debug/Syslog Operation Configuring a Syslog Server Syslog is a client-server logging tool that allows a client switch to send event notification messages to a networked device operating with Syslog server software. Messages sent to a Syslog server can be stored to a file for later debugging analysis.

  • Page 567

    Troubleshooting Debug/Syslog Operation Syntax: [no] logging < syslog-ip-addr > [oobm] Enables or disables Syslog messaging to the specified IP address. You can configure up to six addresses. If you configure an address when none are already configured, this command enables destination logging (Syslog) and the Event debug type.

  • Page 568: Adding A Description For A Syslog Server

    Troubleshooting Debug/Syslog Operation To disable Syslog logging on the switch without deleting config­ ured server addresses, enter the no debug destination logging command. Note that, unlike the case in which no Syslog servers are configured, if one or more Syslog servers are already configured and Syslog messaging is disabled, configuring a new server address does not re-enable Syslog messaging.

  • Page 569: Adding A Priority Description

    Troubleshooting Debug/Syslog Operation The CLI command is: Syntax: logging <ip-addr> control-descr <text_string>] no logging <ip-addr> [control-descr] An optional user-friendly description that can be associated with a server IP address. If no description is entered, this is blank. If <text_string> contains white space, use quotes around the string. IPv4 addresses only.

  • Page 570: Sent To A Syslog Server

    Troubleshooting Debug/Syslog Operation ProCurve(config)# logging priority-descr severe-pri Figure C-10. Example of the Logging Command with a Priority Description N o t e A notification is sent to the SNMP agent if there are any changes to the syslog parameters either through the CLI or with SNMP. Configuring the Severity Level for Event Log Messages Sent to a Syslog Server Event Log messages are entered with one of the following severity levels (from...

  • Page 571: Messages Sent To A Syslog Server, Operating Notes For Debug And Syslog

    Troubleshooting Debug/Syslog Operation Configuring the System Module Used to Select the Event Log Messages Sent to a Syslog Server Event Log messages contain the name of the system module that reported the event. Using the logging system-module command, you can select a set of Event Log messages according to the originating system module and send them to a Syslog server.

  • Page 572

    Troubleshooting Debug/Syslog Operation Debug Option Effect of a Reboot or Reset All (debug type) Disabled. event (debug type) If a Syslog server IP address is configured in the startup­ config file, the sending of Event Log messages is reset to enabled, regardless of the last active setting.

  • Page 573: Diagnostic Tools

    Troubleshooting Diagnostic Tools Diagnostic Tools Diagnostic Features Feature Default Menu Port Auto negotiation — — — Ping test — page C-58 page C-57 Link test — page C-58 page C-57 Traceroute operation — page C-60 View switch configuration files — page C-64 page C-64 View switch (show tech)

  • Page 574: Port Auto-negotiation, Ping And Link Tests

    Troubleshooting Diagnostic Tools Port Auto-Negotiation When a link LED does not light (indicating loss of link between two devices), the most common reason is a failure of port auto-negotiation between the connecting ports. If a link LED fails to light when you connect the switch to a port on another device, do the following: 1. Ensure that the switch port and the port on the attached end-node are both set to Auto mode.

  • Page 575: Web: Executing Ping Or Link Tests

    Troubleshooting Diagnostic Tools Web: Executing Ping or Link Tests 1. Click here. 2. Click here. 3. Select Ping Test (the default) or Link Test 4. For a Ping test, enter the IP address of the target device. For a Link test, enter the MAC address of the target device.

  • Page 576: Cli: Ping Test

    Troubleshooting Diagnostic Tools Number of Packets to Send is the number of times you want the switch to attempt to test a connection. Timeout in Seconds is the number of seconds to allow per attempt to test a connection before determining that the current attempt has failed. To halt a Link or Ping test before it concludes, click on the Stop button.

  • Page 577: Link Tests

    Troubleshooting Diagnostic Tools source <ip-addr | oobm | vlan-id > Source IP address, VLAN ID, or oobm. The source IP address must be owned by the router. If a VLAN is specified, the IP address associated with the specified VLAN is used. For switches that have a separate out-of-band management (OOBM) port, oobm specifies that the traffic originates from the out-of-band management port.

  • Page 578: Traceroute Command

    Troubleshooting Diagnostic Tools Syntax: link < mac-address > [repetitions < 1 - 999 >] [timeout < 1 - 256 >] [vlan < vlan-id >] Basic Link Test Link Test with Repetitions Link Test with Repetitions and Timeout Link Test Over a Specific VLAN Link Test Over a Specific VLAN;...

  • Page 579

    Troubleshooting Diagnostic Tools Lists the IP address or hostname of each hop in the route, plus the time in microseconds for the traceroute packet reply to the switch for each hop. Ctrl To halt an ongoing traceroute search, press the keys Note: For information about traceroute6, see the “IPv6 Configuration Guide”...

  • Page 580

    Troubleshooting Diagnostic Tools [source <ip-addr | vlan-id> | oobm] The source IP address or VLAN. The source IP address must be owned by the router. If a VLAN is specified, the IP address associated with the specified VLAN is used. For switches that have a separate out-of-band management (OOBM) port, oobm specifies that the traffic originates from the out-of­...

  • Page 581

    Troubleshooting Diagnostic Tools If A Network Condition Prevents Traceroute from Reaching the Destination. Common reasons for Traceroute failing to reach a destination include: Timeouts (indicated by one asterisk per probe, per hop; refer to Figure ■ C-15, above.) Unreachable hosts ■...

  • Page 582: Viewing Switch Configuration And Operation, Cli: Viewing The Startup Or Running Configuration File

    Troubleshooting Viewing Switch Configuration and Operation Viewing Switch Configuration and Operation In some troubleshooting scenarios, you may need to view the switch config­ uration to diagnose a problem. The complete switch configuration is con­ tained in a file that you can browse from either the web browser interface or the CLI using the commands described in this section.

  • Page 583

    Troubleshooting Viewing Switch Configuration and Operation Image stamp (software version data) ■ ■ Running configuration ■ Event Log listing Boot History ■ ■ Port settings ■ Status and counters — port status IP routes ■ ■ Status and counters — VLAN information ■...

  • Page 584: Saving Show Tech Command Output To A Text File

    Troubleshooting Viewing Switch Configuration and Operation Saving show tech Command Output to a Text File When you enter the show tech command, a summary of switch operational data is sent to your terminal emulator. You can use your terminal emulator’s text capture features to save the show tech data to a text file for viewing, printing, or sending to an associate to diagnose a problem.

  • Page 585: Customizing Show Tech Command Output

    Troubleshooting Viewing Switch Configuration and Operation ProCurve# show tech The show tech command output is copied into the text file and displayed on the terminal emulator screen. When the command output stops and displays -- MORE --, press the Space bar to display and copy more information.

  • Page 586

    Troubleshooting Viewing Switch Configuration and Operation Syntax: copy <source> show- tech crash-log [slot-id | master]: Includes the crash logs from all management and interface modules in show tech command output. event-log Copies the contents of the Event Log to show tech command output.

  • Page 587

    Troubleshooting Viewing Switch Configuration and Operation Syntax: copy <source> show- tech Copies the contents of a configuration file from a serially connected PC or UNIX workstation to show tech command output, where: startup-config: Specifies the name of the startup configuration file on the connected device. config <filename >: Specifies the pathname of a configuration file on the connected device.

  • Page 588: Cli: Viewing More Information On Switch Operation

    Troubleshooting Viewing Switch Configuration and Operation CLI: Viewing More Information on Switch Operation Use the following commands to display additional information on switch operation for troubleshooting purposes. Syntax: show boot-history Displays the crash information saved for each management module on the switch (see “Displaying Saved Crash Information”...

  • Page 589: Pattern Matching When Using The Show Command

    Troubleshooting Viewing Switch Configuration and Operation Pattern Matching When Using the Show Command The pattern matching option with the show command provides the ability to do searches for specific text. Selected portions of the output are displayed depending on the parameters chosen. Syntax: show <command option>...

  • Page 590

    Troubleshooting Viewing Switch Configuration and Operation ProCurve(config)# show run | exclude ipv6 Running configuration: ; J8697A Configuration Editor; Created on release #Z.14.XX hostname "ProCurve Switch 5406zl" module 1 type J8702A module 2 type J8705A snmp-server community "notpublic" Unrestricted vlan 1 name "DEFAULT_VLAN"...

  • Page 591

    Troubleshooting Viewing Switch Configuration and Operation ProCurve(config)# show run | begin ipv6 ipv6 enable no untagged B21-B24 Displays the running config beginning at the first line that contains “ipv6”. exit vlan 20 name "VLAN20" untagged B21-B24 ipv6 enable no ip address exit ipv6 access-list "EH-01"...

  • Page 592: Cli: Useful Commands For Troubleshooting Sessions

    Troubleshooting Viewing Switch Configuration and Operation CLI: Useful Commands for Troubleshooting Sessions Use the following commands in a troubleshooting session to more accurately display the information you need to diagnose a problem. For more information on other CLI practices, refer to chapter 4, “Using the Command Line Interface (CLI)”.

  • Page 593: Restoring The Factory-default Configuration, Cli: Resetting To The Factory-default Configuration

    Troubleshooting Restoring the Factory-Default Configuration Restoring the Factory-Default Configuration As part of your troubleshooting process, it may become necessary to return the switch configuration to the factory default settings. This process momen­ tarily interrupts the switch operation, clears any passwords, clears the console Event Log, resets the network counters to zero, performs a complete self test, and reboots the switch into its factory default configuration including deleting an IP address.

  • Page 594: Restoring A Flash Image

    Troubleshooting Restoring a Flash Image When the Self Test LED begins to flash, release the Clear button. The switch will then complete its self test and begin operating with the configuration restored to the factory default settings. Restoring a Flash Image The switch can lose its operating system if either the primary or secondary flash image location is empty or contains a corrupted OS file and an operator uses the erase flash command to erase a good OS image file from the opposite...

  • Page 595

    Troubleshooting Restoring a Flash Image Make sure that the switch automatically boots into ROM first. 4. Start the Console Download utility by typing do at the => prompt and pressing [Enter] => do 5. You will then see this prompt: 6. At the above prompt: a. Type (for Yes)

  • Page 596: Dns Resolver, Terminology

    Troubleshooting DNS Resolver DNS Resolver The Domain Name System (DNS) resolver is designed for use in local network domains where it enables use of a host name or fully qualified domain name with DNS-compatible switch CLI commands. DNS operation supports both IPv4 and IPv6 DNS resolution and multiple, prioritized DNS servers.

  • Page 597: Basic Operation

    Troubleshooting DNS Resolver Basic Operation When the switch is configured with only the IP address of a DNS ■ server available to the switch, then a DNS-compatible command, executed with a fully qualified domain name, can reach a device found in any domain accessible through the configured DNS server.

  • Page 598: Dns-compatible Commands

    Troubleshooting DNS Resolver Note that if the target host is in a domain other than the domain configured on the switch, then: The host’s domain must be reachable from the switch. This requires ■ that the DNS server for the switch must be able to communicate with the DNS server(s) in the path to the domain in which the target host operates.

  • Page 599: Configuring A Dns Entry

    Troubleshooting DNS Resolver operating in the selected domain. Refer to “Terminology” on page C­ 78.) Note that if a domain suffix is not configured, fully qualified domain names can be used to resolve DNS-compatible commands. d. the host names assigned to target IP addresses in the DNS server for the specified domain 2. Use the data from steps 1a through 1c to configure the DNS entry on the switch.

  • Page 600: Example Using Dns Names With Ping And Traceroute

    Troubleshooting DNS Resolver Syntax: [no] ip dns domain-name < domain-name-suffix > This optional DNS command configures the domain suffix that is automatically appended to the host name entered with a DNS-compatible command. When the domain suffix and the IP address for a DNS server that can access that domain are both configured on the switch, you can execute a DNS-compatible command using only the host name of the desired target.

  • Page 601

    Troubleshooting DNS Resolver Configuring switch “A” with the domain name and the IP address of a DNS server for the domain enables the switch to use host names assigned to IP addresses in the domain to perform ping and traceroute actions on the devices in the domain.

  • Page 602: Viewing The Current Dns Configuration

    Troubleshooting DNS Resolver As mentioned under “Basic Operation” on page C-79, if the DNS entry config­ ured in the switch does not include the domain suffix for the desired target, then you must use the target host’s fully qualified domain name with DNS- compatible commands.

  • Page 603

    Troubleshooting DNS Resolver Operating Notes Configuring another IP address for a priority that has already been ■ assigned to an IP address is not allowed. To replace one IP address at a given priority level with another address having the same priority, you must first use the no form of the command to remove the unwanted address.

  • Page 604: Event Log Messages

    Troubleshooting DNS Resolver Event Log Messages Message Meaning DNS server address not configured The switch does not have an IP address configured for the DNS server. DNS server not responding The DNS server failed to respond or is unreachable. An incorrect server IP address can produce this result.

  • Page 605

    MAC Address Management Contents Overview ........... . D-2 Determining MAC Addresses .

  • Page 606

    MAC Address Management Overview Overview The switch assigns MAC addresses in these areas: ■ For management functions, one Base MAC address is assigned to the default VLAN (VID = 1). (All VLANs on the switches covered in this guide use the same MAC address.) For internal switch operations: One MAC address per port (Refer to “CLI: ■...

  • Page 607: Determining Mac Addresses

    MAC Address Management Determining MAC Addresses Determining MAC Addresses MAC Address Viewing Methods Feature Default Menu view switch’s base (default vlan) MAC address n/a — and the addressing for any added VLANs view port MAC addresses (hexadecimal format) n/a — —...

  • Page 608: Menu: Viewing The Switch's Mac Addresses

    MAC Address Management Determining MAC Addresses Menu: Viewing the Switch’s MAC Addresses The Management Address Information screen lists the MAC addresses for: ■ Base switch (default VLAN; VID = 1) Any additional VLANs configured on the switch. ■ Also, the Base MAC address appears on a label on the back of the switch. N o t e The Base MAC address is used by the first (default) VLAN in the switch.

  • Page 609: Cli: Viewing The Port And Vlan Mac Addresses

    MAC address assignments for individual ports can sometimes be useful when diagnosing switch operation. Switch MAC Address Allocation 6120G/XG The switch’s base MAC address is assigned to VLAN (VID) 1 and appears in the walkmib listing after the MAC addresses for the ports. 6120XG (All VLANs in the switch have the same MAC address.)

  • Page 610

    MAC Address Management Determining MAC Addresses ProCurve# walkmib ifphysaddress ifPhysAddress.1 - 4: Ports A1 - A4 in Slot A ifPhysAddress.1 = 00 12 79 88 b1 ff (Addresses 5 - 24 in slot A are unused.) ifPhysAddress.2 = 00 12 79 88 b1 fe ifPhysAddress.3 = 00 12 79 88 b1 fd ifPhysAddress.4 = 00 12 79 88 b1 fc ifPhysAddress.49 - 72:Ports C1 - C24 in Slot C...

  • Page 611: Viewing The Mac Addresses Of Connected Devices

    MAC Address Management Viewing the MAC Addresses of Connected Devices Viewing the MAC Addresses of Connected Devices Syntax: show mac-address [ port-list | mac-addr | vlan <vid>] Lists the MAC addresses of the devices the switch has detected, along with the number of the specific port on which each MAC address was detected.

  • Page 612

    MAC Address Management Viewing the MAC Addresses of Connected Devices D-8...

  • Page 613

    Monitoring Resources Contents Viewing Information on Resource Usage ..... . . E-2 Policy Enforcement Engine ........E-2 When Insufficient Resources Are Available .

  • Page 614: Viewing Information On Resource Usage, Policy Enforcement Engine

    Monitoring Resources Viewing Information on Resource Usage Viewing Information on Resource Usage The switch allows you to view information about the current usage and availability of resources in the Policy Enforcement engine, including the following software features: ■ QoS through RADIUS authentication designated as “IDM”, with or without the optional identity-driven management (IDM) application ■...

  • Page 615: When Insufficient Resources Are Available

    Monitoring Resources When Insufficient Resources Are Available When Insufficient Resources Are Available The switch has ample resources for configuring features and supporting: RADIUS-authenticated clients (with or without the optional IDM applica­ ■ tion) ■ Virus throttling and blocking on individual clients. N o t e Virus throttling does not operate on IPv6 traffic.

  • Page 616

    Monitoring Resources When Insufficient Resources Are Available E-4...

  • Page 617

    Daylight Savings Time on ProCurve Switches ProCurve switches provide a way to automatically adjust the system clock for Daylight Savings Time (DST) changes. To use this feature you define the month and date to begin and to end the change from standard time. In addition to the value “none”...

  • Page 618

    Daylight Savings Time on ProCurve Switches Middle Europe and Portugal: • Begin DST at 2am the first Sunday on or after March 25th. • End DST at 2am the first Sunday on or after September 24th. Southern Hemisphere: • Begin DST at 2am the first Sunday on or after October 25th. •...

  • Page 619

    Daylight Savings Time on ProCurve Switches Before configuring a “User defined” Daylight Time Rule, it is important to understand how the switch treats the entries. The switch knows which dates are Sundays, and uses an algorithm to determine on which date to change the system clock, given the configured “Beginning day”...

  • Page 620

    Daylight Savings Time on ProCurve Switches F-4...

  • Page 621

    Network Out-of-Band Management (OOBM) Contents Concepts ........... . G-2 Example .

  • Page 622: Concepts

    For instructions on how to use the OOBM serial interface, see the Installation and Getting Started Guide. USB console port (serial, out of band) Figure G-1. 6120G/XG Management Ports USB console port (serial, out of band) Figure G-2. 6120XG Management Ports...

  • Page 623

    Network Out-of-Band Management (OOBM) Concepts management port (networked, out of band) Figure D-1. C-class enclosure OA Management port Out-of-band management (OOBM) operates on a “management plane” that is separate from the “data plane” used by data traffic on the switch and by in- band management traffic.

  • Page 624

    Network Out-of-Band Management (OOBM) Concepts In Band Out Of Band Networked Directly connected Networked Advantages allows centralized not affected by events on not affected by events on management data network, shows boot data network; allows sequence centralized management; allows improved security Disadvantages can be affected by events on requires PC to directly...

  • Page 625: Example

    Network Out-of-Band Management (OOBM) Concepts Example In a typical data center installation, blade switches in a C-class enclosure connect servers to the data network, while the management port of the OA module in the C-class enclosure connects the switches to a physically and logically separate management network.

  • Page 626: Oobm And Switch Applications

    Network Out-of-Band Management (OOBM) Concepts OOBM and Switch Applications The table below shows the switch applications that are supported on the OOBM interface as well as on the data interfaces. In this list, some applications are client-only, some are server-only, and some are both. Application Inbound OOBM Outbound OOBM...

  • Page 627: Tasks, Oobm Configuration, Oobm Context

    Network Out-of-Band Management (OOBM) Tasks Tasks OOBM Configuration OOBM context OOBM configuration commands can be issued from the global configuration context (config) or from a specific OOBM configuration context (oobm). To enter the OOBM configuration context from the general configuration con­ text, use the oobm command.

  • Page 628: Oobm Enable/disable

    Network Out-of-Band Management (OOBM) Tasks OOBM enable/disable To enable or disable network OOBM, use the enable or disable command. Network OOBM is enabled by default. Syntax: From the OOBM context: enable disable From the general configuration context: oobm enable oobm disable Enables or disables networked out-of-band-management on the switch.

  • Page 629: Oobm Port Enable/disable

    Network Out-of-Band Management (OOBM) Tasks OOBM port enable/disable The OOBM interface command enables or disables the OOBM interface (the OOBM port, as opposed to the OOBM function). Syntax: From the OOBM context: interface [enable | disable] From the general configuration context: oobm interface [enable | disable] Enables or disables the networked OOBM interface (port).

  • Page 630: Oobm Ipv4 Address Configuration, Oobm Ipv4 Default Gateway Configuration

    Network Out-of-Band Management (OOBM) Tasks OOBM IPv4 address configuration Configuring an IPv4 address for the OOBM interface is similar to VLAN IP address configuration, but it is accomplished within the OOBM context. Syntax: From the OOBM context: [no] ip address [dhcp-bootp | ip-address/mask-length] From the general configuration context: [no] oobm ip address [dhcp-bootp | ip-address/mask-length] Configures an IPv4 address for the switch’s OOBM interface.

  • Page 631: Oobm Show Commands, Show Oobm

    Network Out-of-Band Management (OOBM) Tasks OOBM Show Commands commands for OOBM are similar to the analogous commands for show the data plane. Note that you must always include the parameter to see oobm the information for the OOBM interface, regardless of the context. For instance, even from the OOBM context the command displays the IP show ip...

  • Page 632: Show Oobm Ip Configuration, Show Oobm Arp Information

    Network Out-of-Band Management (OOBM) Tasks Show OOBM IP configuration Use show oobm ip to see the IP configuration of the OOBM interface. Syntax: show oobm ip Summarizes the IP configuration of the OOBM interface. This command displays the status of IPv4 (enabled/disabled), the IPv4 default gateway, and the IPv4 address configured for the interface.

  • Page 633: Application Server Commands

    Network Out-of-Band Management (OOBM) Tasks Application Server Commands Application servers (as described in OOBM and Server Applications in the Concepts section above) have added a keyword with listen oobm|data|both options to specify which interface(s) is(are) active. Default value is for all servers. both For example: Telnet:...

  • Page 634

    Network Out-of-Band Management (OOBM) Tasks command shows the listen mode of the servers. show servers ProCurve# show servers Server listen mode Server Listen mode ----------------------------- Telnet both both Tftp both Web-management both Snmp both G-14...

  • Page 635: Application Client Commands

    Network Out-of-Band Management (OOBM) Tasks Application Client Commands CLI commands for client applications have added the keyword to allow oobm you to specify that the outgoing request be issued from the OOBM interface. If you do not specify the keyword, the request will be issued from the oobm appropriate in-band data interface.

  • Page 636

    Network Out-of-Band Management (OOBM) Tasks Example This example shows setup and use of network OOBM using the commands described above. Assume that the figure below describes how you want to set up your data center. Figure D-3. Example data center Assume that you are configuring the switch in the left-hand rack to commu­...

  • Page 637

    Network Out-of-Band Management (OOBM) Tasks Switch 41# config Switch 41(config)# vlan 1 Set up IP address on data network. Switch 41(vlan-1)# ip address 10.1.129.7/20 Exit back to manager context. Switch 41(vlan-1)# end Look at default OOBM configuration. Switch 41# show oobm Global Configuration OOBM Enabled : Yes...

  • Page 638

    Network Out-of-Band Management (OOBM) Tasks G-18...

  • Page 639: General Procedure

    Switch Licensing A Converged Enhanced Ethernet (CEE) License is required to enable Priority Flow Control and Data Center Bridging Exchange for the HP 6120XG switch.This allows the switch to interact with other CEE devices to run applications such as FCoE. The product number for this license is J9570A. General Procedure The general procedure for installing a software license involves several different numbers:...

  • Page 640

    Switch Licensing The procedure for installing a licensed feature into a switch is: 1. Locate the registration ID. When you purchase a software license, you receive a folded license registration card. The registration ID is located on the inside of the card, in the upper left corner. 2. Get the switch’s hardware ID.

  • Page 641

    Index Symbols SNTP client … 9-17 authentication trap => prompt … C-76 See also SNMP. authorized IP managers Numerics SNMP, blocking … 13-4 auto MDI/MDI-X 802.1X configuration, display … 10-21 effect, LLDP … 13-82 operation … 10-19, 10-21 LLDP blocked … 13-48 port mode, display …...

  • Page 642

    using with Unix systems … 8-13 copying … A-26 See also DHCP. DHCP Option 66 … 6-41 Bootp/DHCP differences … 8-13 DHCP, Best Offer … 6-43 Bootp/DHCP, LLDP … 13-56 factory default … 6-9, 8-2 broadcast limit … 10-5, 10-18, 12-8 file update with Option 66 …...

  • Page 643

    erasing … 6-35 context level memory assignments … 6-28 global config … 4-5, 8-10 memory slot … 6-26, 6-29, 6-31 manager level … 4-5 minconfig … 6-31, 6-36 moving between contexts … 4-7 newconfig … 6-31 port or trunk-group … 4-13 oldConfig …...

  • Page 644

    support for "debug" severity on Syslog system name, switch product name … 7-13 servers … C-46, C-54 task-monitor cpu, disabled … B-8 syntax … C-44 Telnet access, enabled … 7-3 using CLI session … C-45 terminal type, VT-100 … 7-3 debug logging TFTP, enabled …...

  • Page 645

    host name … C-78 debugging by severity level … C-38, C-47 IPv6 DNS resolution … C-78 debugging by system module … C-38, C-47 name, using in web browser format, date … C-25 operating notes … C-85 generated by system module … C-25 ping …...

  • Page 646

    statistics … B-19 inactivity timeout … 7-4 gateway inactivity-timer … 7-10 configuring … 8-5 Inbound Telnet Enabled parameter … C-8 default gateway … 8-3 include-credentials, SNTP … 9-24 IP address … 8-4, 8-6 informs manual config priority … 8-12 sending to trap receiver … 13-22 on primary VLAN …...

  • Page 647

    debug CLI access … 11-11 source IP address … 8-27 default port operation … 11-21 source IP with radius … 8-27 described … 11-6, 11-18 source IP with tacacs … 8-27 Dyn1 … 11-7 source-interface option … 8-21 dynamic … 11-19 IP Preserve enabling dynamic trunk …...

  • Page 648

    chassis ID … 13-56 packets not forwarded … 13-42 chassis type … 13-56 per-port counters … 13-80 clear statistics counters … 13-79 port description … 13-57 comparison with CDP data fields … 13-83 port ID … 13-56 configuration options … 13-44 port speed …...

  • Page 649

    endpoint support … 13-63 MDI/MDI-X fast start control … 13-66 configuration, display … 10-21 location data … 13-69 operation … 10-19 medTlvenable … 13-68 port mode, display … 10-21 Neighbors MIB … 13-77 media type, port trunk … 11-3 topology change notification … 13-65 memory Voice over IP …...

  • Page 650

    exit port, VLAN prerequisite … B-26 trunk source … B-27, B-31 exit port, VLAN rule … B-47 using MAC addresses … B-26 frame truncation, not allowed … B-42 VLAN … B-31 header … B-23 VLAN rule, exit port … B-47 IDS …...

  • Page 651

    network … 2-2, 6-38, 6-39, 6-40, 7-6, 7-8, 9-13, See TimeP. 9-34, 13-35, A-7, A-9, C-49, C-58, C-59, C-62, port C-81, G-8, G-9, G-10, G-11, G-12, G-13, G-15, address table … B-13 G-16, G-17 blocked by UDLD … 10-32 operating system broadcast limit …...

  • Page 652

    limit, combined … 11-19 switch documentation … -xxiii link requirements … 11-3 ProCurve Manager logical port … 11-8 security concerns when deleting public media requirements … 11-7 community … 13-7 media type … 11-3 starting web browser … 5-5 menu access to static trunk … 11-9 updating switch software …...

  • Page 653

    faster boot time … 6-23 from secondary flash … 6-22 scheduled reboot … 6-24 obtaining faster reboot time … 6-20 SCP/SFTP scheduling remotely … 6-24 enabling … A-13 via menu console … 3-8 session limit … A-17, A-19 via menu interface … 3-10, 3-12 transfer of config files …...

  • Page 654

    pattern matching with … C-71 assigning users to groups … 13-9 tech, custom … A-28 authentication, configuring … 13-11 telnet … 7-6 communities … 13-13 show cpu … B-8 enable command … 13-9 show debug … C-41 enabling … 13-8 show interfaces encryption, configuring …...

  • Page 655

    software image switching See switch software. cut-through … 12-29 software licensing … H-1 Syslog software version … B-6 "debug" severity level as default … C-52, C-54 sorting alert log entries … 5-21 adding priority description … C-51 source port filters compared to event log …...

  • Page 656

    enable/disable … 7-4 poll interval … 9-35 outbound … 7-6 selecting … 9-4 terminate session, kill command … 7-12 server address listing … 9-10, 9-31 troubleshooting access … C-8 show management … 9-31 telnet viewing and configuring, menu … 9-28 domain name address …...

  • Page 657

    configuring debug destinations … C-38 unauthorized access … 13-29 console access problems … C-7 undersize frames … 12-29 diagnosing unusual network activity … C-9 unicast mode diagnostics tools … C-55 SNTP … 9-21 displaying switch operation … C-64, C-67 Uni-directional Link Detection DNS See UDLD.

  • Page 658

    event log entries … C-25 bandwidth adjustment … 5-19 ID … 4-15 bar graph adjustment … 5-19 IP addressing with multiple … 8-4 disable access … 5-3 jumbo max frame size … 12-25 enabling … 5-5 link blocked … C-16 error packets …...

  • Page 659

    download to primary or secondary flash … A-21 using to download switch software … A-19 Index – 19...

  • Page 660

    20 – Index...

  • Page 662

    To learn more, visit www.hp.com/go/bladesystem/documentation/ © Copyright 2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services.

This manual also for:

6120xg

Comments to this Manuals

Symbols: 0
Latest comments: