Page of 392
Download Print This PagePrint Bookmark

HP ProCurve series 2500 Management And Configuration Manual

Procurve 2500 series.
Hide thumbs
management and
configuration guide
hp procurve series 2500 switches
www.hp.com/go/procurve

Advertising

   Related Manuals for HP HP ProCurve series 2500

   Summary of Contents for HP HP ProCurve series 2500

  • Page 1

    2500 switches www.hp.com/go/procurve...

  • Page 3

    HP ProCurve Switches 2512 and 2524 Software Release F.01or Greater Management and Configuration Guide...

  • Page 4

    Hewlett-Packard. Warranty See the Customer Support/Warranty booklet included with the product. A copy of the specific warranty terms applicable to your Hewlett-Packard products and replacement parts can be obtained from your HP Sales and Service Office or authorized dealer.

  • Page 5

    Interface (hereafter referred to as the “web browser interface”), use the online help available for the web browser interface. For more information on web browser Help options, refer to “Online Help for the HP Web Browser Interface” on page 4-12.

  • Page 7: Table Of Contents, Using The Menu Interface, Using The Command Line Interface (cli)

    Rebooting the Switch ........

  • Page 8: Table Of Contents, Using The Hp Web Browser Interface

    Using a Standalone Web Browser in a PC or UNIX Workstation ..4-5 Using HP TopTools for Hubs & Switches ..... . . 4-6 Tasks for Your First HP Web Browser Interface Session .

  • Page 9: Table Of Contents

    Web: Configuring IP Addressing ......5-10 How IP Addressing Affects Switch Operation ....5-10 DHCP/Bootp Operation .

  • Page 10: Table Of Contents

    Trunk Operation Using the “FEC” Option ..... . 6-27 How the Switch Lists Trunk Data ......6-28 Outbound Traffic Distribution Across Trunked Links .

  • Page 11: Table Of Contents

    Listing the Switch’s Current Authorized IP Manager(s) ..7-34 Configuring IP Authorized Managers for the Switch ..7-35 Web: Configuring IP Authorized Managers ..... 7-36 Building IP Masks .

  • Page 12: Table Of Contents

    Overview ........... . . 9-4 HP ProCurve Stack Management ....... 9-5 Which Devices Support Stacking? .

  • Page 13: Table Of Contents

    VLAN Tagging Information ........9-69 Effect of VLANs on Other Switch Features ..... 9-73 Spanning Tree Protocol Operation with VLANs .

  • Page 14: Table Of Contents

    Planning for GVRP Operation ....... . 9-84 Configuring GVRP On a Switch ....... 9-84 GVRP Operating Notes .

  • Page 15: Table Of Contents

    CLI Access ..........10-5 Switch Management Address Information ..... . 10-6 Menu Access .

  • Page 16: Table Of Contents

    Menu: Switch-to-Switch Download ......A-6 CLI: Switch-To-Switch Download ......A-7 Menu: Xmodem Download .

  • Page 17: Table Of Contents

    Transferring Switch Configurations ......A-10 B: MAC Address Management Appendix B Contents ......... B-1 Overview .

  • Page 18

    Contents...

  • Page 19: Chapter Contents

    Advantages of Using the CLI ........1-4 Advantages of Using the HP Web Browser Interface ... . . 1-5...

  • Page 20: Overview, Understanding Management Interfaces

    For information on how to access the web browser interface Help, see “Online Help for the Web Browser Interface” on page 4-12. To use HP TopTools for Hubs & Switches, refer to the HP TopTools User’s Guide and the TopTools online help, which are available electronically with the TopTools software.

  • Page 21: Advantages Of Using The Menu Interface

    • Software downloads Offers out-of-band access (through the RS-232 connection) to the switch, so network bottlenecks, crashes, lack of configured or correct IP address, and network downtime do not slow or prevent access Enables Telnet (in-band) access to the menu functionality.

  • Page 22: Advantages Of Using The Cli, Cli Usage

    To monitor and analyze switch operation, see chapter 10, "Monitoring and Analyzing Switch Operation". For information on individual CLI commands, refer to the Index or to the "Command Line Interface Reference Guide" available on HP’s ProCurve website at http://www.hp.com/go/procurve Operator Level...

  • Page 23: Advantages Of Using The Hp Web Browser Interface

    Advantages of Using the HP Web Browser Interface Figure 1-3. Example of the HP Web Browser Interface Easy access to the switch from anywhere on the network Familiar browser interface--locations of window objects consistent with commonly used browsers, uses mouse clicking for navigation, no...

  • Page 24: Advantages Of Using Hp Toptools For Hubs & Switches

    Advantages of Using HP TopTools for Hubs & Switches You can operate HP TopTools from a PC on the network to monitor traffic, manage your hubs and switches, and proactively recommend network changes to increase network uptime and optimize performance. Easy to install and use, HP TopTools for Hubs &...

  • Page 25

    Advantages of Using HP TopTools for Hubs & Switches • Notifies you when HP hubs use “self-healing” features to fix or limit common network problems. • Provides a list of discovered devices, with device type, connectivity status, the number of new or open alerts for each device, and the type of management for each device.

  • Page 26

    Selecting a Management Interface Advantages of Using HP TopTools for Hubs & Switches...

  • Page 27

    Rebooting the Switch ........

  • Page 28

    Event Log, and the Operator level in the CLI. After you configure passwords on the switch and log off of the interface, access to the menu interface (and the CLI and web browser interface) will require entry of either the Manager or Operator password.

  • Page 29: Starting And Ending A Menu Session

    This section assumes that either a terminal device is already configured and connected to the switch (see the Installation Guide shipped with your switch) or that you have already configured an IP address on the switch (required for Telnet access).

  • Page 30: How To Start A Menu Interface Session

    • A PC terminal emulator or terminal • Telnet (You can also use the stack Commander if the switch is a stack member. See "HP ProCurve Stack Management" on ). Do one of the following: • If you are using Telnet, go to step 3.

  • Page 31: How To End A Menu Session And Exit From The Console:

    For a description of Main Menu features, see “Main Menu Features” on page 2-7. N o t e To configure the switch to start with the menu interface instead of the CLI, go to the Manager level prompt, enter the setup...

  • Page 32

    Telnet session. If you have made configuration changes that require a switch reboot— that is, if an asterisk (*) appears next to a configured item or next to Switch Configuration in the Main menu: Return to the Main menu.

  • Page 33: Main Menu Features

    The Main Menu gives you access to these Menu interface features: Status and Counters: Provides access to display screens showing switch information, port status and counters, port and VLAN address tables, and spanning tree information. (See chapter 10, “Monitoring and Analyzing Switch Operation”.)

  • Page 34

    Stacking: Enables you to use a single IP address and standard network cabling to manage a group of up to 16 switches in the same subnet (broadcast domain). See “HP ProCurve Stack Management” on page 9-5. Logout: Closes the Menu interface and console session, and disconnects Telnet access to the switch.

  • Page 35: Screen Structure And Navigation

    Screen Structure and Navigation Menu interface screens include these three elements: Parameter fields and/or read-only information such as statistics Navigation and configuration actions, such as Save, Edit, and Cancel Help line to describe navigation options, individual parameters, and read- only data For example, in the following System Information screen: Screen title –...

  • Page 36

    (or flash) memory, and it is therefore not necessary to reboot the switch after making these changes. But if an asterisk appears next to any menu item you reconfigure, the switch will not activate or save the change for that item until you reboot the switch.

  • Page 37

    To get Help on individual parameter descriptions. In most screens there is a Help option in the Actions line. Whenever any of the items in the Actions line is highlighted, press [H], and a separate help screen is displayed. For example: Highlight on any item in the Actions line indicates that the...

  • Page 38: Rebooting The Switch

    To Reboot the switch, use the Reboot Switch option in the Main Menu. (Note that the Reboot Switch option is not available if you log on in Operator mode; that is, if you enter an Operator password instead of a manager password at the password prompt.)

  • Page 39

    Rebooting To Activate Configuration Changes. Configuration changes for most parameters become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the VLANs to support parameter select 2. Switch Configuration, then 8. VLAN Menu, then...

  • Page 40: Menu Features List

    Using the Menu Interface Menu Features List Menu Features List Status and Counters • General System Information • Switch Management Address Information • Port Status • Port Counters • Address Table • Port Address Table • Spanning Tree Information Switch Configuration •...

  • Page 41: Where To Go From Here

    Where To Go From Here Where To Turn See the Installation and Getting Started Guide shipped with the switch. “HP ProCurve Stack Management” on page 9-5 Chapter 10, "Monitoring and Analyzing Switch Operation" "Using Password Security" on page 7-4 "Using the Event Log To Identify Problem Sources"...

  • Page 42

    Using the Menu Interface Where To Go From Here 2-16...

  • Page 43

    Using the Command Line Interface (CLI) Chapter Contents Overview............3-2 Accessing the CLI .

  • Page 44: Accessing The Cli, Overview, Using The Cli

    Overview The CLI is a text-based command interface for configuring and monitoring the switch. The CLI gives you access to the switch’s full set of commands while providing the same password protection that is used in the web browser interface and the menu interface.

  • Page 45: Privilege Levels At Logon

    CLI levels. (For more on setting passwords, see "Using Password Security" on page 7-4.) When you use the CLI to log on to the switch, and passwords are set, you will be prompted to enter a password. For example: Password Prompt Figure 3-1.

  • Page 46: Privilege Level Operation, Operator Privileges

    Using the CLI C a u t i o n HP strongly recommends that you configure a Manager password. If a Man- ager password is not configured, then the Manager level is not password- protected, and anyone having in-band or out-of-band access to the switch may be able to reach the Manager level and compromise switch and network security.

  • Page 47: Manager Privileges

    Global Configuration level: Provides all Operator and Manager level privileges, and enables you to make configuration changes to any of the switch’s software features. The prompt for the Global Configuration level includes the system name and " config command at the Manager prompt. For example: (Enter config at the Manager prompt.)

  • Page 48

    Execute context-specific configuration commands, such as a particular VLAN or switch port. This is useful for shortening the command strings you type, and for entering a series of commands for the same context. For a list of available commands, enter at the prompt.

  • Page 49: How To Move Between Levels

    —or— Moving Between the CLI and the Menu Interface. When moving between interfaces, the switch retains the current privilege level (Manager or Operator). That is, if you are at the Operator level in the menu and select the Command Line Interface (CLI) option from the Main Menu, the CLI prompt appears at the Operator level.

  • Page 50: Listing Commands And Command Options, Listing Commands Available At Any Privilege Level

    Using the Command Line Interface (CLI) Using the CLI For example, if you use the CLI to set a Manager password, and then later use the Setup screen (in the menu interface) to set a different Manager password, then the first password will be replaced by the second one. Listing Commands and Command Options At any privilege level you can: List all of the commands available at that level...

  • Page 51

    Typing ? at the Manager level produces this listing: When - - MORE - - appears, use the Space bar or [Return] to list additional commands. Figure 3-4. Example of the Manager-Level Command Listing When - - MORE - - appears, there are more commands in the listing. To list the next screenfull of commands, press the Space bar.

  • Page 52: Command Option Displays

    Using the Command Line Interface (CLI) Using the CLI As mentioned above, if you type part of a command word and press [Tab], the CLI completes the current word (if you have typed enough of the word for the CLI to distinguish it from other possibilities), including hyphenated exten- sions.

  • Page 53: Displaying Cli "help", Displaying Cli "help

    Help summaries for both the Operator and Manager levels, and so on. help Syntax: For example, to list the Operator-Level commands with their purposes: Using the Command Line Interface (CLI) Using the CLI This example displays the command options for configuring port 5 on the switch. 3-11...

  • Page 54

    Using the Command Line Interface (CLI) Using the CLI Figure 3-7. Example of Context-Sensitive Command-List Help Displaying Help for an Individual Command. You can display Help for any command that is available at the current context level by entering enough of the command string to identify the command, along with help.

  • Page 55: Configuration Commands And The Context Configuration Modes

    Note that if you try to list the help for an individual command from a privilege level that does not include that command, the switch returns an error message. For example, trying to list the help for the interface command while at the...

  • Page 56

    Using the Command Line Interface (CLI) Using the CLI Figure 3-10. Context-Specific Commands Affecting Port Context 3-14 Lists the commands you can use in the port or static trunk context, plus the Manager, Operator, and context commands you can execute at this level.

  • Page 57

    VLAN, plus Manager and Operator commands. The prompt for this mode includes the VLAN ID of the selected VLAN. For example, if you had already configured a VLAN with an ID of 100 in the switch: In the VLAN...

  • Page 58: Cli Control And Editing

    Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing Keystrokes [Ctrl] [A] [Ctrl] [B] or [ <] [Ctrl] [C] [Ctrl] [D] [Ctrl] [E] [Ctrl] [F] or [ >] [Ctrl] [K] [Ctrl] [L] or [Ctrl] [R] [Ctrl] [N] or [ v] [Ctrl] [P] or [ ^] [Ctrl] [U] or [Ctrl] [X]...

  • Page 59

    Using a Standalone Web Browser in a PC or UNIX Workstation ..5 Using HP TopTools for Hubs & Switches ......6 Tasks for Your First HP Web Browser Interface Session .

  • Page 60

    Using the HP Web Browser Interface Overview Overview The HP web browser interface built into the switch lets you easily access the switch from a browser-based PC on your network. This lets you do the following: Optimize your network uptime by using the Alert Log and other diagnostic...

  • Page 61: General Features

    Port security and Intrusion Log Switch Diagnostics: • Ping/Link Test • Device reset • Configuration report Switch status • Port utilization • Port counters • Port status • Alert log Switch system information listing Using the HP Web Browser Interface General Features...

  • Page 62: Web Browser Interface Requirements

    Color Count Internet Browser (English-language browser only) PC Operating System UNIX® Operating System HP TopTools for Hubs & Switches (Optional) System Requirements for Accessing the HP Web Browser Interface Minimum 90 MHz Pentium 100 MHz 16 Mbytes 800 X 600 PCs: •...

  • Page 63: Starting An Hp Web Browser Interface Session With The Switch

    • Directly connected to your network • Connected through remote access to your network Using a management station running HP TopTools for Hubs & Switches on your network Using a Standalone Web Browser in a PC or UNIX Workstation This procedure assumes that you have a supported web browser (page 4-4) installed on your PC or workstation, and that an IP address has been config- ured on the switch.

  • Page 64: Using Hp Toptools For Hubs & Switches

    Using HP TopTools for Hubs & Switches HP TopTools for Hubs & Switches is designed for installation on a network management workstation. For this reason, the HP TopTools system require- ments are different from the system requirements for accessing the switch’s web browser interface from a non-management PC or workstation.

  • Page 65

    N o t e The above screen appears somewhat different if the switch is configured as a stack Commander. For an example, see figure 1-3 on page 1-5. Starting an HP Web Browser Interface Session with the Switch First-Time Install Alert...

  • Page 66: Tasks For Your First Hp Web Browser Interface Session, Viewing The "first Time Install" Window

    Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Tasks for Your First HP Web Browser Interface Session The first time you access the web browser interface, there are three tasks that you should perform: Review the “First Time Install”...

  • Page 67: Creating Usernames And Passwords In The Browser Interface

    Tasks for Your First HP Web Browser Interface Session This window is the launching point for the basic configuration you need to perform to set web browser interface passwords to maintain security and Fault Detection policy, which determines the types of messages that will be displayed in the Alert Log.

  • Page 68

    Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Figure 4-3. The Device Passwords Window To set the passwords: Access the Device Passwords screen by one of the following methods: • If the Alert Log includes a “First Time Install” event entry, double click on this event, then, in the resulting display, click on the secure access to the device link.

  • Page 69: Using The Passwords, Using The User Names, If You Lose A Password

    Tasks for Your First HP Web Browser Interface Session Using the Passwords Figure 4-4. Example of the Password Window in the Web Browser Interface The manager and operator passwords are used to control access to all switch interfaces. Once set, you will be prompted to supply the password every time you try to access the switch through any of its interfaces.

  • Page 70: Online Help For The Hp Web Browser Interface

    Context-sensitive help is provided for the screen you are on. N o t e If you do not have HP TopTools for Hubs and Switches installed on your network and do not have an active connection to the World Wide Web, then Online help for the web browser interface will not be available.

  • Page 71: Support/mgmt Urls Feature

    - the URL of the network Management server or other source of the online help files for this web browser inter- face. (The default accesses Help on HP’s World Wide Web site.) Figure 4-6. The Default Support/Mgmt URLs Window Using the HP Web Browser Interface 1.

  • Page 72: Support Url, Help And The Management Server Url

    4-6. The switch is shipped with the URL set to retrieve online Help from the HP World Wide Web site. However, if HP TopTools for Hubs & Switches is installed on a management station on your network and discovers the switch, the Management Server URL is automatically changed to retrieve the Help from your TopTools management station.

  • Page 73

    If you have World Wide Web access from your PC or workstation, and do not have HP TopTools installed on your network, enter the following URL in the Management Server URL field shown in figure 4-7 on page 4-15: http://www.hp.com/rnd/device_help...

  • Page 74: Status Reporting Features, The Overview Window

    Using the HP Web Browser Interface Status Reporting Features Status Reporting Features Browser elements covered in this section include: The Overview window (below) Port utilization and status (page ) The Alert log (page ) The Status bar (page ) The Overview Window The Overview Window is the home screen for any entry into the web browser interface.The following figure identifies the various parts of the screen.

  • Page 75: The Port Utilization And Status Displays, Port Utilization

    The Port Utilization and Status Displays The Port Utilization and Status displays show an overview of the status of the switch and the amount of network activity on each port. The following figure shows a sample reading of the Port Utilization and Port Status.

  • Page 76

    Using the HP Web Browser Interface Status Reporting Features Maximum Activity Indicator: As the bars in the graph area change height to reflect the level of network activity on the corresponding port, they leave an outline to identify the maximum activity level that has been observed on the port.

  • Page 77: Port Status

    Note that the Port Fault-Disabled symbol will be displayed in the legend only if one or more of the ports is in that status. See chapter 7, “Monitoring and Analyzing Switch Operation” for more information.

  • Page 78: The Alert Log, Sorting The Alert Log Entries

    Using the HP Web Browser Interface Status Reporting Features The Alert Log The web browser interface Alert Log, shown in the lower half of the screen, shows a list of network occurrences, or alerts, that were detected by the switch. Typical alerts are Broadcast Storm, indicating an excessive number of broadcasts received on a port, and Problem Cable, indicating a faulty cable.

  • Page 79: Alert Types

    Lost connection to one or multiple devices on the port. Loss of stack member The Commander has lost the connection to a stack member. Security violation A security violation has occurred. Alert Strings and Descriptions Using the HP Web Browser Interface Status Reporting Features 4-21...

  • Page 80: Viewing Detail Views Of Alert Log Entries

    Status Reporting Features N o t e When troubleshooting the sources of alerts, it may be helpful to check the switch’s Port Status and Port Counter windows and the Event Log in the console interface. Viewing Detail Views of Alert Log Entries By double clicking on Alert Entries, the web browser interface displays a Detail View or separate window detailing information about the events.

  • Page 81: The Status Bar

    Normal Activity Yellow Warning Critical System Name. The name you have configured for the switch by using Identity screen, system name command, or the switch console System Information screen. Most Critical Alert Description. A brief description of the earliest, unacknowledged alert with the current highest severity in the Alert Log, appearing in the right portion of the Status Bar.

  • Page 82: Setting Fault Detection Policy

    Using the HP Web Browser Interface Status Reporting Features Product Name. The product name of the switch to which you are connected in the current web browser interface session. Setting Fault Detection Policy One of the powerful features in the web browser interface is the Fault Detection facility.

  • Page 83

    Never. Disables the Alert Log and transmission of alerts (traps) to the management server (in cases where a network management tool such as HP TopTools for Hubs & Switches is in use). Use this option when you don’t want to use the Alert Log.

  • Page 84

    Using the HP Web Browser Interface Status Reporting Features 4-26...

  • Page 85

    Web: Configuring IP Addressing ......5-10 How IP Addressing Affects Switch Operation ....5-10 DHCP/Bootp Operation .

  • Page 86

    Chapter 2, “Using the Menu Interface” Chapter 3, “Using the Command Line Interface (CLI)” Chapter 4, Using the HP Web Browser Interface” Why Configure IP Addressing? In its factory default configuration, the switch operates as a multiport learning bridge with network connectivity provided by the ports on the switch.

  • Page 87: Ip Configuration

    VLANs. The gateway value is the IP address of the next-hop gateway node for the switch, which is used if the requested destina- tion address is not on a local subnet/VLAN. If the switch does not have a manually-configured default gateway and DHCP/Bootp is configured on the primary VLAN, then the default gateway value provided by the DHCP or Bootp server will be used.

  • Page 88: Just Want A Quick Start?, Ip Addressing With Multiple Vlans, Just Want A Quick Start

    If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, HP recommends that you use the Switch Setup screen to quickly configure IP addressing. To do so, do one of the following: Enter setup at the CLI Manager level prompt.

  • Page 89: Ip Addressing In A Stacking Environment, And Timep

    URL in your web browser. IP Addressing in a Stacking Environment If you are installing the switch into an HP ProCurve stack management environment, entering an IP address may not be required. See “HP ProCurve Stack Management”...

  • Page 90

    TTL and type in a value between 2 and 255 (seconds). At the TimeP Config field do one of the following: • If you want the switch to obtain the IP address of the Timep server via DHCP server, keep the value as DHCP. •...

  • Page 91: And Timep

    5-9 ip ttl page 5-9 [no] ip timep page 5-10 For a listing of the full CLI command set, including syntax and options, see the CLI command reference available on the HP ProCurve website at: http://www.hp.com/go/procurve IP Configuration...

  • Page 92

    IP Configuration Viewing the Current IP Configuration. The following command displays the IP addressing for each VLAN configured in the switch. If only the DEFAULT_VLAN exists, then its IP configuration applies to all ports in the switch. Where multiple VLANs are configured, the IP addressing is listed per VLAN.

  • Page 93

    ID of the VLAN for which you are configuring IP addressing or go to the context configuration level for that VLAN. (If you are not using VLANs on the switch—that is, if the only VLAN is the default VLAN—then the VLAN ID is always “1”.) N o t e The default IP address setting for the DEFAULT_VLAN is DHCP/Bootp.

  • Page 94: Web: Configuring Ip Addressing, How Ip Addressing Affects Switch Operation

    Console RS-232 port. You can use direct-connect console access to take advantage of features that do not depend on IP addressing. However, to realize the full performance capabilities HP proactive networking offers through the switch, configure the switch with an IP address and subnet mask compatible with your network.

  • Page 95: Dhcp/bootp Operation

    DHCP/Bootp Operation Overview. DHCP/Bootp is used to provide configuration data from a DHCP or Bootp server to the switch. This data can be the IP address, subnet mask, default gateway, Timep Server address, and TFTP server address. If a TFTP server address is provided, this allows the switch to TFTP a previously saved configuratin file from the TFTP server to the switch.

  • Page 96

    If the switch is initially configured for DHCP/Bootp operation (the default), or if it is rebooted with this configuration, it immediately begins sending request packets on the network. If the switch does not receive a reply to its DHCP/Bootp requests, it continues to periodically send request packets, but with decreasing frequency.

  • Page 97

    Bootp Database Record Entries. A minimal entry in the Bootp table file /etc/bootptab to update an IP address and subnet mask to the switch or a VLAN configured in the switch would be similar to this entry:...

  • Page 98: Network Preparations For Configuring Dhcp/bootp

    IP address and the address of a Timep server. If the DHCP/Bootp reply provides information for downloading a config- uration file, the switch uses TFTP to download the file from the designated source, then reboots itself. (This assumes that the switch or VLAN has...

  • Page 99: Globally Assigned Ip Network Addresses

    Configuring IP Addressing, Interface Access, and System Information Globally Assigned IP Network Addresses If you intend to connect your network to other networks that use globally administered IP addresses, Hewlett-Packard strongly recommends that you use IP addresses that have a network address assigned to you. There is a formal process for assigning unique IP addresses to networks worldwide.

  • Page 100: Interface Access: Console/serial Link, Web, And Inbound Telnet

    IP authorized managers. However if unauthorized access to the switch through in-band means (Telnet or the web browser interface), then you can disallow in-band access (as described in this section) and install the switch in a locked environment. 5-16...

  • Page 101: Menu: Modifying The Interface Access

    Inactivity Timeout Inbound Telnet Enabled Web Agent Enabled To Access the Interface Access Parameters: From the Main Menu, Select... 2. Switch Configuration... 1. System Information Interface Access Parameters Figure 5-4. The Default Interface Access Parameters Available in the Menu Interface Press [E] (for Edit).

  • Page 102: Cli: Modifying The Interface Access

    [no] web-management console Listing the Current Console/Serial Link Configuration. This com- mand lists the current interface access parameter settings. Syntax: This example shows the switch’s default console/serial configuration. Interface Access Enable/Disable Console Control Options Figure 5-5. Listing of Show Console Command Reconfigure Inbound Telnet Access.

  • Page 103

    Syntax: N o t e If you change the Baud Rate or Flow Control settings for the switch, you should make the corresponding changes in your console access device. Oth- erwise, you may lose connectivity between the switch and your terminal emulator due to differences between the terminal and switch settings for these two parameters.

  • Page 104

    Configure individual parameters. Save the changes. Boot the switch. Figure 5-7. Example of Executing a Series of Console Commands 5-20 The switch implements the Event Log change immediately. The switch implements write memory the other console changes after executing reload...

  • Page 105: System Information

    System Name: Using a unique name helps you to identify individual devices in stacking environments and where you are using an SNMP network manage- ment tool such as HP TopTools for Hubs & Switches. System Contact and Location: This information is helpful for identifying the person administratively responsible for the switch and for identifying the locations of individual switches.

  • Page 106: Menu: Viewing And Configuring System Information

    Daylight Time Rule: Specifies the daylight savings time rule to apply for your location. The default is None. (For more on this topic, see appendix D, “Daylight Savings Time on HP ProCurve Switches.) Time: Used in the CLI to specify the time of day, the date, and other system parameters.

  • Page 107: Cli: Viewing And Configuring System Information

    [contact <system contact>] [location <system location>] Note that no blank spaces are allowed in the variables for these commands. For example, to name the switch “Blue” with “Ext-4474” as the system contact, and “North-Data-Room” as the location: HP2512(config)# hostname Blue...

  • Page 108

    Configuring IP Addressing, Interface Access, and System Information System Information Figure 5-10. System Information Listing After Executing the Preceding Commands Reconfigure the Age Interval for Learned MAC Addresses. This com- mand corresponds to the MAC Age Interval in the menu interface, and is expressed in seconds.

  • Page 109: Web: Configuring System Parameters

    Also, executing time without param- eters lists the switch’s time of day and date. Note that the CLI uses a 24-hour clock scheme; that is, hour (hh) values from 1 p.m. to midnight are input as 13 - 24, respectively.

  • Page 110

    Configuring IP Addressing, Interface Access, and System Information System Information 5-26...

  • Page 111

    Trunk Operation Using the “FEC” Option ......27 How the Switch Lists Trunk Data ......28...

  • Page 112: Viewing Port Status And Configuring Port Parameters, Overview

    Creating and modifying a dynamic LACP or static port trunk group (page 6-10) Port numbers in the status and configuration screens correspond to the port numbers on the front of the switch. Viewing Port Status and Configuring Port Parameters Port Status and ConfigurationFeatures...

  • Page 113

    • Auto-10: Allows the port to negotiate between half-duplex (HDx) and full-duplex (FDx) while keeping speed at 10 Mbps. Also negotiates flow control (enabled or disabled). HP recommends Auto-10 for links between 10/100 autosensing ports connected with Cat 3 cabling. (Cat 5 cabling is required for 100 Mbps links.).

  • Page 114

    CLI: Appears in the (CLI) Note: An LACP trunk requires a full-duplex link. In most cases, HP recommends that you leave the port Mode setting at Auto (the default). See the LACP Note on page 6-11. For more on port trunking, see “Port Trunking” on page 6-10.

  • Page 115: Menu: Viewing Port Status And Configuring Port Parameters

    For information on port trunk groups, see “Port Trunking” on page 6-10. From the Main Menu, Select: 2. Switch Configuration... 2. Port/Trunk Settings Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters...

  • Page 116: Cli: Viewing Port Status And Configuring Port Parameters

    Lists the full status and configuration for all ports on the switch. show interface config: Lists a subset of the data shown by the show interfaces command (above); that is, only the enabled/disabled, mode, and flow control status for all ports on the switch. below page 6-7 page 6-8...

  • Page 117

    The next two figures list examples of the output of the above two commands for the same port configuration on a Switch 2512 or 2524. Figure 6-1. Example of a Show Interface Command Listing Figure 6-2. Example of a Show Interface Config Command Listing...

  • Page 118

    Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Using the CLI To Configure Ports. You can configure one or more of the following port parameters. For details on each option, see Table 6-1 on page 6-3.

  • Page 119: Web: Viewing Port Status And Configuring Port Parameters

    Optimizing Port Usage Through Traffic Control and Port Trunking Web: Viewing Port Status and Configuring Port Parameters In the web browser interface: Click on the Configuration tab. Click on [Port Configuration]. Select the ports you want to modify and click on [Modify Selected Ports]. After you make the desired changes, click on [Apply Settings].

  • Page 120: Port Trunking

    A trunk group is a set of up to four ports configured as members of the same port trunk. Note that the ports in a trunk group do not have to be consecutive. For example: Switch 1: Ports 1 - 4 configured as a port trunk group.

  • Page 121: Switch 2512 And 2524 Port Trunk Features And Operation

    L A C P N o t e LACP operation requires full-duplex (FDx) links. For most installations, HP recommends that you leave the port Mode settings at Auto (the default). LACP also operates with Auto-10 (if negotiation selects HDx), 10FDx, 100FDx, and 1000FDx settings.

  • Page 122: Trunk Configuration Methods

    Static Trunk: The switch uses the links you configure with the Port/Trunk Settings screen in the menu interface or the trunk command in the CLI to create a static port trunk. The switch offers three types of static trunks: LACP, Trunk, and FEC.

  • Page 123

    See “Trunk Group Operation Using LACP” on page 6-24. Trunk Provides manually configured, static-only trunking to: (non- • Most HP switches and routing switches not running the 802.3ad LACP protocol. protocol) • Windows NT and HP-UX workstations and servers Use the Trunk option when: –...

  • Page 124

    Media: All ports on both ends of a trunk group must have the same media type and mode (speed and duplex). The switch blocks any trunked links that do not conform to this rule. (For the Switch 2512 and 2524, HP recommends leaving the port...

  • Page 125

    IP Multicast Protocol (IGMP): A static trunk of any type appears in the IGMP configuration display, and you can configure IGMP for a static trunk in the same way that you would configure IGMP on a non-trunked port. (Note that the switch lists the trunk by name—Trk1—and does not list the individual ports in the trunk.) Also, creating a new trunk automatically...

  • Page 126: Menu: Viewing And Configuring A Static Trunk Group

    I m p o r t a n t Configure port trunking before you connect the trunked links to another switch, routing switch, or server. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured.

  • Page 127

    Trunk (the default type if you do not specify a type) – FEC (Fast EtherChannel All ports in the same trunk group on the same switch must have the same Type (LACP, Trunk, or FEC). When you are finished assigning ports to the trunk group, press [Enter], then [S] (for Save) and return to the Main Menu.

  • Page 128: Ports Are Operating Properly, Using The Cli To View Port Trunks

    Using the CLI To View Port Trunks You can list the trunk type and group for all ports on the switch or for selected ports. You can also list LACP-only status information for LACP-configured ports. Listing Static Trunk Type and Group for All Ports or Selected Ports.

  • Page 129

    Port Trunking The show trunk command in this example does not include a port list. As a result, the listing shows static trunk group information for all switch ports. Figure 6-7. Example of a Show Trunk Listing Without Specifying Ports Listing Static LACP and Dynamic LACP Trunk Data.

  • Page 130: Using The Cli To Configure A Static Or Dynamic Trunk Group

    If no trunk group exists, you can create a trunk group on the switch If a trunk group already exists on the switch, you can add ports to the trunk group or delete ports within the group. You can remove a subset of ports from a trunk group, or delete the trunk...

  • Page 131

    Removing a port from a trunk can result in a loop and cause a broadcast storm. When you remove a port from a trunk where STP is not in use, HP recommends that you disable the port or disconnect the link on that port.

  • Page 132

    Enabling a Dynamic LACP Trunk Group. In the default port configura- tion, all ports on the switch are set to LACP passive. However, to enable the switch to automatically form a trunk group that is dynamic on both ends of the link, the ports on one end of a set of links must be LACP active.

  • Page 133: Web: Viewing Existing Port Trunk Groups

    Unless STP is running on your network, removing a port from a trunk can result in a loop. To help prevent a broadcast storm when you remove a port from a trunk where STP is not in use, HP recommends that you first disconnect the link on that port.

  • Page 134: Trunk Group Operation Using Lacp

    Displaying Dynamic LACP Trunk Data: To list the configuration and status for a dynamic LACP trunk, show lacp use the CLI Note: The dynamic trunk is automatically created by the switch, and is not listed in the static trunk listings available in the menu interface or in the CLI show trunk listing. 6-24...

  • Page 135: Default Port Operation

    LACP trunking. A link having two passive LACP ports will not perform LACP trunking because both ports are waiting for an LACP protocol packet from the opposite device. Note: In the default switch configuration, all ports are configured for passive LACP operation. Trunk Group Trk1: This port has been manually configured into a static LACP trunk.

  • Page 136: Lacp Notes And Restrictions

    LACP Partner Yes: LACP is enabled on both ends of the link. No: LACP is enabled on the Switch 2512/2524, but is not enabled, or LACP has not been detected on the opposite device. LACP Status Success: LACP is enabled on the port, detects and synchronizes with a device on the other end of the link, and can move traffic across the link.

  • Page 137: Trunk Group Operation Using The "trunk" Option, Trunk Operation Using The "fec" Option

    Half-Duplex and/or Different Port Speeds Not Allowed in LACP Trunks. The ports on both sides of a trunk must be configured for the same speed and for full-duplex (FDx). In most cases,HP recommends the ing. The 802.3ad LACP standard specifies a full-duplex (FDx) requirement for LACP trunking.

  • Page 138: How The Switch Lists Trunk Data, Outbound Traffic Distribution Across Trunked Links

    SA/DA (source address/destination address) causes the switch to distribute outbound traffic to the links within the trunk group on the basis of source/ destination address pairs. That is, the switch sends traffic from the same source address to the same destination address through the same trunked link,...

  • Page 139

    In actual networking environments, this is rarely a problem. However, if it becomes a problem, you can use the HP TopTools for Hubs & Switches network management software available from Hewlett- Packard to quickly and easily identify the sources of heavy traffic (top talkers) and make adjustments to improve performance.

  • Page 140

    Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking 6-30...

  • Page 141

    Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Chapter Contents Overview ........... . . 7-3 Using Password Security .

  • Page 142: Table Of Contents

    Listing the Switch’s Current Authorized IP Manager(s) ..7-34 Configuring IP Authorized Managers for the Switch ..7-35 Web: Configuring IP Authorized Managers ..... 7-36 Building IP Masks .

  • Page 143

    File transfers using TFTP (for configurations and software updates) Thus, with authorized IP managers configured, having the correct passwords is not sufficient for accessing the switch through the network unless the station attempting access is also included in the switch’s Authorized IP Managers configuration.

  • Page 144: Using Password Security

    Access to the Status and Counters menu, the Event Log, and the CLI*, but no Configuration capabilities. On the Operator level, the configuration menus, Download OS, and Reboot Switch options in the Main Menu are not available. page 7-7 page 7-8 —...

  • Page 145: Menu: Setting Manager And Operator Passwords

    If there are both a Manager password and an Operator password, but neither is entered correctly, access to the console will be denied. If the switch has neither a Manager password nor an Operator password, anyone having access to the console interface can operate the console with full manager privileges.

  • Page 146

    To Delete Password Protection (Including Recovery from a Lost Password): This procedure deletes both passwords (Manager and Opera- tor). If you have physical access to the switch, press and hold the Clear button (on the front of the switch) for a minimumof one second to clear all password protection, then enter new passwords as described earlier in this chapter.

  • Page 147: Cli: Setting Manager And Operator Passwords

    Manager password, you can clear the password by getting physical access to the switch and pressing and holding the Clear button for a minimum of one second. This action deletes all passwords and user names (Manager and Operator) used by both the console and the web browser interface.

  • Page 148: Web: Configuring User Names And Passwords

    To remove user name and password protection, leave the fields blank. Implement the user names and passwords by clicking on [Apply Changes]. To access the web-based help provided for the switch, click on [?] in the web browser screen. tab.

  • Page 149: Configuring And Monitoring Port Security, Basic Operation

    Configuring Port Security Intrusion Alerts and Alert Flags Using Port Security, you can configure each switch port with a unique list of the MAC addresses of devices that are authorized to access the network through that port. This enables individual ports to detect, prevent, and log attempts by unauthorized devices to communicate through the switch.

  • Page 150: Blocking Unauthorized Traffic

    8-10.) Blocking Unauthorized Traffic Unless you configure the switch to disable a port on which a security violation is detected, the switch security measures block unauthorized traffic without disabling the port. This implementation enables you to apply the security...

  • Page 151: Trunk Group Exclusion, Planning Port Security

    Port security does not operate on either a static or dynamic trunk group. If you configure port security on one or more ports that are later added to a trunk group, the switch will reset the port security parameters for those ports to the factory-default configuration. (Ports configured for either Active or Passive LACP, and which are not members of a trunk, can be configured for port security.)

  • Page 152

    SNMP management station and to (2) optionally disable the port on which the intrusion was detected. d. How do you want to learn of the security violation attempts the switch detects? You can use one or more of these methods: –...

  • Page 153: Cli: Port Security Command Options And Operation

    [address-limit] [mac-address] [action] no port-security [clear-intrusion-flag] This section describes the CLI port security command and how the switch acquires and maintains authorized addresses. N o t e Use the global configuration level to execute port-security configuration commands. Configuring and Monitoring Port Security page 7-16: “CLI: Displaying Current Port Security Settings”...

  • Page 154

    Addresses learned this way appear in the switch and port address tables and age out according to the Address Age Interval in the System Information configuration screen (page 5-22).

  • Page 155

    None (the default): Prevents an SNMP trap from being sent. Send Alarm: Causes the switch to send an SNMP trap to a network management station. Send Alarm and Disable: Available only in the to a network management station and disable the port.

  • Page 156: Cli: Displaying Current Port Security Settings

    With port numbers included in the command, show port-security displays Learn Mode, Address Limit, (alarm) Action, and Authorized Addresses for the spec- ified ports on a switch. The following example lists the full port security configuration for a single port:...

  • Page 157: Cli: Configuring Port Security

    Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Figure 7-5. Example of the Port Security Configuration Display for a Single Port The following command example shows the option for entering a range of ports, including a series of non-contiguous ports. Note that no spaces are allowed in the port number portion of the command string: HP2512(config)# show port-security 1-3,6,8 CLI: Configuring Port Security...

  • Page 158

    If you manually configure authorized devices (MAC addresses) and/or an alarm action on a port, those settings remain unless you either manually change them or the switch is reset to its factory-default configuration. You can “turn off” authorized devices on a port by configuring the port to continuous Learn Mode, but subsequently reconfiguring the port to static Learn Mode restores those authorized devices.

  • Page 159

    Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Although the Address Limit is set to 2, only one device has been authorized for this port. In this case you can add another without having to also increase the Address Limit.

  • Page 160

    Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security To add a second authorized device to port 1, execute a port-security command for for port 1 that raises the address limit to 2 and specifies the additional device’s MAC address.

  • Page 161: Web: Displaying And Configuring Port Security Features

    Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access For example, suppose port 1 is configured as shown below and you want to remove 0c0090-123456 from the Authorized Address list: The following command serves this purpose by removing 0c0090-123456 and reducing the Address Limit to 1: HP2512(config) # port-security 1 address-limit 1 HP2512(config) # no port-security 1 mac-address...

  • Page 162: Reading Intrusion Alerts And Resetting Alert Flags, Notice Of Security Violations

    – – • In HP TopTools for Hubs & Switches via an SNMP trap sent to a net management station How the Intrusion Log Operates When the switch detects an intrusion attempt on a port, it enters a record of this event in the Intrusion Log.

  • Page 163: Keeping The Intrusion Log Current By Resetting Alert Flags

    The log shows the most recent intrusion at the top of the listing. You cannot delete Intrusion Log entries (unless you reset the switch to its factory-default configuration). Instead, if the log is filled when the switch detects a new intrusion, the oldest entry is dropped off the listing and the newest entry appears at the top of the listing.

  • Page 164: Resetting Alert Flags

    Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Menu: Checking for Intrusions, Listing Intrusion Alerts, and Resetting Alert Flags The menu interface indicates per-port intrusions in the Port Status screen, and provides details and the reset function in the Intrusion Log screen.

  • Page 165: Alert Flags

    Note also that the “ prior to ” text in the record for the earliest intrusion means that a switch reset occurred at the indicated time and that the intrusion occurred prior to the reset. To acknowledge the most recent intrusion entry on port 3 and enable the switch to enter a subsequently detected intrusion on this port, type [R] (for ).

  • Page 166

    Figure 7-10. Example of the Intrusion Log with Multiple Entries for the Same Port The above example shows three intrusions for port 1. Since the switch can show only one uncleared intrusion per port, the older two intrusions in this example have already been cleared by earlier use of the clear intrusion-log or the port-security 1 clear-intrusion-flag command.

  • Page 167: Using The Event Log To Find Intrusion Alerts

    To clear the intrusion from port 1 and enable the switch to enter any subse- quent intrusion for port 1 in the Intrusion Log, execute the port-security 1 clear- intrusion-flag command.

  • Page 168: And Resetting Alert Flags, Operating Notes For Port Security

    Operating Notes for Port Security Identifying the IP Address of an Intruder. The Intrusion Log lists detected intruders by MAC address. If you are using HP TopTools for Hubs & Switches to manage your network, you can use the TopTools inventory reports to link MAC addresses to their corresponding IP addresses.

  • Page 169

    MAC address, and not your PC or workstation MAC address, and interprets your connection as unauthorized. “Prior To” Entries in the Intrusion Log. If you reset the switch (using the Reset button, Device Reset, or Reboot Switch), the Intrusion Log will list the time of all currently logged intrusions as “prior to”...

  • Page 170: Using Ip Authorized Managers

    Manager or Operator access level N o t e This feature does not protect access to the switch through a modem or direct connection to the Console (RS-232) port. Also, if the IP address assigned to an authorized management station is configured in another station, the other station can gain management access to the switch even though a duplicate IP address condition exists.

  • Page 171: Access Levels, Defining Authorized Management Stations

    Authorized Manager IP value, specify an IP Mask, and select either for the Access Level. The IP Mask determines how the Authorized Operator Manager IP value is used to allow or deny access to the switch by a manage- ment station. Using IP Authorized Managers .

  • Page 172: Overview Of Ip Mask Operation

    Using IP Authorized Managers Overview of IP Mask Operation The default IP Mask is 255.255.255.255 and allows switch access only to a station having an IP address that is identical to the Authorized Manager IP parameter value. (“255” in an octet of the mask means that only the exact value in the corresponding octet of the Authorized Manager IP parameter is allowed in the IP address of an authorized management station.) However, you can...

  • Page 173: Menu: Viewing And Configuring Ip Authorized Managers

    Menu: Viewing and Configuring IP Authorized Managers From the console Main Menu, select: 2. Switch Configuration . . . 7. IP Authorized Managers Figure 7-13. Example of How To Add an Authorized Manager Entry 2. Enter an Authorized Manager IP address here.

  • Page 174: Cli: Viewing And Configuring Authorized Ip Managers, Listing The Switch's Current Authorized Ip Manager(s)

    <ip-address> mask <mask-bits> <operator | manager> Listing the Switch’s Current Authorized IP Manager(s) Use the show ip authorized-managers command to list IP stations authorized to access the switch. For example: Figure 7-15. Example of the Show IP Authorized-Manager Display...

  • Page 175: Configuring Ip Authorized Managers For The Switch

    Similarly, the next command authorizes manager-level access for any station having an IP address of 10.28.227.101 through 103: If you omit the mask when adding a new authorized manager, the switch automatically uses 255.255.255.255 for the mask. If you do not specify either Manager or Operator access, the switch automatically assigns the Manager access.

  • Page 176: Web: Configuring Ip Authorized Managers, Building Ip Masks

    For web-based help on how to use the web browser interface screen, click on the [?] button provided on the web browser screen. Building IP Masks The IP Mask parameter controls how the switch uses an Authorized Manager IP value to recognize the IP addresses of authorized manager stations on your network.

  • Page 177: Configuring Multiple Stations Per Authorized Manager Ip Entry

    The mask determines whether the IP address of a station on the network meets the criteria you specify. That is, for a given Authorized Manager entry, the switch applies the IP mask to the IP address you specify to determine a range of authorized IP addresses for management access. As described above, that...

  • Page 178

    (0) in the 4th octet of the mask allows any value between 0 and 255 in that octet of the corresponding IP address. This mask allows switch access to any device having an IP address of 10.28.227.xxx, where xxx is any value from 0 to 255.

  • Page 179: Additional Examples For Authorizing Multiple Stations, Operating And Troubleshooting Notes

    Even if you need proxy server access enabled in order to use other applications, you can still eliminate proxy service for web access to the switch. To do so, add the IP address or DNS name of the switch to the non-proxy, or “Exceptions” list in the web browser interface you are using on the authorized station.

  • Page 180

    Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers 7-40...

  • Page 181

    SNMP Management Features........8-3 Configuring for SNMP Access to the Switch ......8-4 SNMP Communities .

  • Page 182

    Overview You can manage the switch via SNMP from a network management station. For this purpose, HP recommends HP TopTools for Hubs & Switches — an easy-to-install and use network management application that runs on your Windows NT- or Windows 2000-based PC. HP TopTools for Hubs & Switches provides control of your switch through its web browser interface.

  • Page 183: Snmp Management Features

    Event reporting via SNMP • Version 1 traps • RMON: groups 1, 2, 3, and 9 Managing the switch with an SNMP network management tool such as HP TopTools for Hubs & Switches Supported Standard MIBs include: • Bridge MIB (RFC 1493) dot1dBase, dot1dTp, dot1dStp •...

  • Page 184: Configuring For Snmp Access To The Switch

    The switch SNMP agent also uses certain variables that are included in a Hewlett-Packard proprietary MIB file you can add to the SNMP database in your network management tool. You can copy the MIB file from the HP TopTools for Hubs & Switches CD, or from following World Wide Web site: http://www.hp.com/go/procurve...

  • Page 185

    Configuring for Network Management Applications Configuring for SNMP Access to the Switch C a u t i o n Deleting the community named “public” disables many network management functions (such as auto-discovery, traffic monitoring, SNMP trap generation, and threshold setting). If security for network management is a concern, it is recommended that you change the write access for the “public”...

  • Page 186: Snmp Communities, Menu: Viewing And Configuring Snmp Communities, To View, Edit, Or Add Snmp Communities:

    SNMP communities, each with either an operator-level or a manager- level view, and either restricted or unrestricted write access. Using SNMP requires that the switch have an IP address and subnet mask compatible with your network. C a u t i o n Deleting or changing the community named “public”...

  • Page 187

    Note: This screen gives an overview of the SNMP communities that are currently configured. All fields in this screen are read- only. Figure 8-1. The SNMP Communities Screen (Default Values) Press [A] (for Add) to display the following screen: If you are adding a community, the fields in this screen are blank.

  • Page 188: Cli: Viewing And Configuring Community Names, Listing Current Community Names And Values

    — see “Trap Receivers and Authentication Traps” on page 8-10). Syntax: This example lists the data for all communities in a switch; that is, both the default "public" community name and another community named "red-team" Default Community and...

  • Page 189: Configuring Identity Information, Configuring Community Names And Values

    Configuring Community Names and Values If you enter a community name without an operator or manager designation, the switch automatically assigns the community to Operator for the MIB view. Also, if you do not specify restricted or unrestricted for the read/write MIB access, the switch automatically restricts the community to read access for the MIB.

  • Page 190: Trap Receivers And Authentication Traps

    (trap receiver) snmp-server enable (authentication trap) A trap receiver is a management station designated by the switch to receive SNMP traps sent from the switch. An authentication trap is a specialized SNMP trap sent to trap receivers when an unauthorized management station tries to access the switch.

  • Page 191: Cli: Configuring And Displaying Trap Receivers, Using The Cli To List Current Snmp Trap Receivers

    (along with the current SNMP community name data — see “SNMP Communities” on page 8-6). Syntax: In the next example, the show snmp-server command shows that the switch has been previously configured to send SNMP traps to management stations belonging to the “public”, “red-team”, and “blue-team” communities.

  • Page 192: Configuring Trap Receivers, Using The Cli To Enable Authentication Traps

    If this feature is enabled, an authentication trap is sent to the configured trap receiver(s) if a management station attempts an unauthorized access of the switch. Check the event log in the console interface to help determine why the authentication trap was sent. (Refer to “Using the Event Log To Identify Problem Sources”...

  • Page 193: Rmon Support, Rmon, Extended Rmon, Advanced Management: Rmon And Hp Extended Rmon Support

    RMON lessens the load on devices and network bandwidth. The Extended RMON agent runs automatically on the switch. To use Extended RMON, simply use Traffic Monitor (included with HP TopTools for Hubs & Switches) on your network management station to enable sampling on the ports you want to monitor.

  • Page 194

    Configuring for Network Management Applications Advanced Management: RMON and HP Extended RMON Support 8-14...

  • Page 195

    Overview ........... . . 9-4 HP ProCurve Stack Management ......9- 5 Which Devices Support Stacking? .

  • Page 196: Table Of Contents

    Planning for GVRP Operation ....... 9- 84 Configuring GVRP On a Switch ......9- 84 Menu: Viewing and Configuring GVRP .

  • Page 197: Table Of Contents

    Role of the Switch ........

  • Page 198

    This chapter describes the following features and how to configure them with the switch’s built-in interfaces: HP ProCurve Stack Management (Page 9-5): Use your network to stack switches without the need for any specialized cabling—page 9-5. Port-Based VLANs — Page 9-50: GVRP —...

  • Page 199: Hp Procurve Stack Management

    HP ProCurve Stack Management (termed stacking) enables you to use a single IP address and standard network cabling to manage a group of up to 16 total switches in the same IP subnet (broadcast domain). Using stacking, you can: Reduce the number of IP addresses needed in your network.

  • Page 200: Which Devices Support Stacking?, Which Devices Support Stacking

    *Requires software release C.08.03 or later, which is included with the 8000M, 4000M, 2424M, and 1600M models as of July, 2000. Release C.08.03 or a later version is also available on the HP ProCurve website at www.hp.com/go/ procurve. (Click on...

  • Page 201: Components Of Hp Procurve Stack Management, General Stacking Operation

    A switch that has been manually configured as the controlling device for a stack. When this occurs, the switch’s stacking configuration appears as Commander. Candidate A switch that is ready to join (become a Member of) a stack through either automatic or manual methods. A switch configured as a Candidate is not in a stack. Member A switch that has joined a stack and is accessible from the stack Commander.

  • Page 202: Operating Rules For Stacking, General Rules

    Figure 9-2. Example of Stacking with One Commander Controlling Access to Wiring Closet Switches Interface Options. You can configure stacking through the switch’s menu interface, CLI, or the web browser interface. For information on how to use the web browser interface to configure stacking, see the online Help for the web browser interface.

  • Page 203: Specific Rules

    There is no limit on the number of stacks in the same IP subnet (broadcast domain), however a switch can belong to only one stack. If multiple VLANs are configured, stacking uses only the primary VLAN on any switch. In the factory-default configuration, the DEFAULT_VLAN is the primary VLAN.

  • Page 204

    Candidates from automatically joining a stack prematurely or joining the wrong stack (if more than one stack Commander is configured in a subnet or broadcast domain). If you plan to install more than one stack in a subnet, HP recommends that you leave manually add Members to their stacks.

  • Page 205: Overview Of Configuring And Bringing Up A Stack

    2400M, or 1600M in a stack, you must first update all such devices to software version C.08.xx. (You can get a copy of the software from HP’s ProCurve website and/or copy it from one switch to another. For downloading instructions, see appendix A, "File Transfers", in the Management and Configuration Guide you received with these switch models.)

  • Page 206

    Configuring Advanced Features HP ProCurve Stack Management Table 9-3. Stacking Configuration Guide Join Method Automatically add Candidate to Stack (Causes the first 15 eligible, discovered switches in the subnet to automatically join a stack.) Manually add Candidate to Stack (Prevent automatic joining of switches you don’t want in the stack)

  • Page 207: General Steps For Creating A Stack

    9-32 through 9-44 for the CLI. Determine the naming conventions for the stack. You will need a stack name. Also, to help distinguish one switch from another in the stack, you can configure a unique system name for each switch. Otherwise, the system name for a switch appearing in the Stacking Status screen appears as the stack name plus an automatically assigned switch number.

  • Page 208

    Configuring Advanced Features HP ProCurve Stack Management For automatically or manually pulling Candidate switches into a stack, you can leave such switches in their default stacking configuration. If you need to access Candidate switches through your network before they join the stack, assign IP addresses to these devices. Otherwise, IP addressing is optional for Candidates and Members.

  • Page 209: Configure Stacking, Commander Switch

    Configure Stacking Using the Menu Interface To View and Configure a Commander Switch Configure an IP address and subnet mask on the Commander switch. (See “IP Configuration” on page 5-3.) Display the Stacking Menu by selecting Figure 9-5. The Default Stacking Menu...

  • Page 210

    Configuring Advanced Features HP ProCurve Stack Management Figure 9-6. The Default Stack Configuration Screen Move the cursor to the Stack State field by pressing [E] (for use the Space bar to select the Press the downarrow key to display the Commander configuration fields in the Stack Configuration screen.

  • Page 211: Using The Menu To Manage A Candidate Switch

    ) to save your configuration changes and return to the Save Stacking menu. Your Commander switch should now be ready to automatically or manually acquire Member switches from the list of discovered Candidates, depending on your configuration choices. Using the Menu To Manage a Candidate Switch...

  • Page 212

    Auto Join Transmission Interval 60 Seconds Using the Menu To “Push” a Switch Into a Stack, Modify the Switch’s Configuration, or Disable Stacking on the Switch. Use Telnet or the web browser interface to access the Candidate if it has an IP address. Other- wise, use a direct connection from a terminal device to the switch’s console...

  • Page 213: Using The Commander To Manage The Stack

    1 to 300 seconds. Note: All switches in the stack must be set to the same transmis- sion interval to help ensure proper stacking operation. HP recom- mends that you leave this parameter set to the default 60 seconds.

  • Page 214

    Member include any of the following: Auto Grab Auto Join Note: When a switch leaves a stack and returns to Candidate status, its Auto Join stack from which it has just departed. A Manager password is set in the Candidate.

  • Page 215

    Figure 9-10. Example of Candidate List in Stack Management Screen Either accept the displayed switch number or enter another available number. (The range is 0 - 15, with 0 reserved for the Commander.) Use the downarrow key to move the cursor to the MAC Address field, then type the MAC address of the desired Candidate from the Candidate list in the lower part of the screen.

  • Page 216

    Configuring Advanced Features HP ProCurve Stack Management Figure 9-11. Example of Stack Management Screen After New Member Added Using the Commander’s Menu To Move a Member From One Stack to Another. Where two or more stacks exist in the same subnet (broadcast domain), you can easily move a Member of one stack to another stack if the destination stack is not full.

  • Page 217

    Press [A] (for any available candidates. (See figure 9-10 on page 9-21.) Note that you will not see the switch you want to add because it is a Member of another stack and not a Candidate.) Either accept the displayed switch number or enter another available number.

  • Page 218

    When you use the Commander to remove a switch from a stack, the switch rejoins the Candidate pool for your IP subnet (broadcast domain), with...

  • Page 219

    [Enter] to complete the deletion. The Stack Management screen updates to show the new stack Member list. Configuring Advanced Features HP ProCurve Stack Management For status descriptions, see the table on page 9-49. Stack Member List...

  • Page 220: Using The Commander To Access Member Switches For Configuration Changes And Monitoring Traffic

    Use the downarrow key to select the stack Member you want to access, then press [X] (for For example, if you selected switch number 1 (system name: 9-16 and then pressed [X], you would see the Main Menu for the switch named Coral Sea. 9-26 ) to display the console interface for the selected Member.

  • Page 221: Another Stack

    Commander to a Member of another stack. When moving a member, the procedure simply pulls a Member out of one stack and pushes it into another. From the Main Menu of the switch you want to move, select 9. Stacking To determine the MAC address of the destination Commander, select 2.

  • Page 222: Monitoring Stack Status

    Press [S] (for Save). Monitoring Stack Status Using the stacking options in the menu interface for any switch in a stack, you can view stacking data for that switch or for all stacks in the subnet (broadcast domain). (If you are using VLANs in your stack environment, see "Stacking Operation with a Tagged VLAN"...

  • Page 223

    Using Any Stacked Switch To View the Status for All Switches with Stacking Enabled. This procedure displays the general status of all switches in the IP subnet (broadcast domain) that have stacking enabled. Go to the console Main Menu for any switch configured for stacking and select: 9. Stacking ...

  • Page 224

    Viewing Member Status. This procedure displays the Member’s stacking information plus the Commander’s status, IP address, and MAC address. To display the status for a Member: Go to the console Main Menu of the Commander switch and select 9. Stacking ... 5. Stack Access...

  • Page 225

    Main Menu for the Candidate switch and select 9. Stacking ... 1. Stacking Status (This Switch) You will then see the Candidate’s Stacking Status screen: Figure 9-21. Example of a Candidate’s Stacking Screen Configuring Advanced Features HP ProCurve Stack Management 9-31...

  • Page 226: Using The Cli To View Stack Status And Configure Stacking

    “No” form eliminates named stack and returns Commander and stack Members to Candidate status with Auto Join set to No. “No” form prevents the switch from being discovered as a stacking-capable switch. Default: Switch Configured as a Candidate...

  • Page 227

    Manager password. telnet <1..15> Commander: Uses the SN (switch number— assigned by the stack Commander) to access the console interface (menu interface or CLI) of a stack member. To view the list of SN assignments for a stack, execute the show stack command in the Used In: Commander Only Commander’s CLI.

  • Page 228: Using The Cli To View Stack Status

    Viewing the Status of an Individual Switch. The following example illustrates how to use the CLI in a Switch 2524 (or 2512) to display the stack status for that switch. In this case, the switch is in the default stacking configuration.

  • Page 229

    Viewing the Status of all Stack-Enabled Switches Discovered in the IP Subnet. The next example lists all the stack-configured switches discovered in the IP subnet. Because the Switch 2524 on which the show stack all command was executed is a candidate, it is included in the “Others” category.

  • Page 230: Using The Cli To Configure A Commander Switch

    HP ProCurve Stack Management Using the CLI To Configure a Commander Switch You can configure any stacking-enabled switch to be a Commander as long as the intended stack name does not already exist on the broadcast domain. (When you configure a Commander, you automatically create a corresponding stack.)

  • Page 231

    Suppose, for example, that a Switch 2512 named “Bering Sea” is a Member of a stack named “Big_Waters”. To use the switch’s CLI to convert it from a stack Member to the Commander of a new stack named “Lakes”, you would use the...

  • Page 232: Adding To A Stack Or Moving Switches Between Stacks

    Configuring Advanced Features HP ProCurve Stack Management Removes the Member from the “Big_Waters” stack. Converts the former Member to the Com- mander of the new “Lakes” stack. Figure 9-27. Example of Using a Member’s CLI To Convert the Member to the...

  • Page 233

    Using the Commander’s CLI To Manually Add a Candidate to the Stack. To manually add a candidate, you will use: A switch number (SN) to assign to the new member. Member SNs range from 1 to 15. To see which SNs are already assigned to Members, use show stack view.

  • Page 234

    Configuring Advanced Features HP ProCurve Stack Management For example, if the HP 8000M in the above listing did not have a Manager password and you wanted to make it a stack Member with an would execute the following command: The show stack view command then lists the Member added by the above...

  • Page 235

    Use Telnet (if the Candidate has an IP address valid for your network) or a direct serial port connection to access the CLI for the Candidate switch. For example, suppose that a Candidate named “North Sea” with Auto Join off and a valid IP address of 10.28.227.104 is running on a network.

  • Page 236

    Using a Member CLI To “Push” the Member into Another Stack. You can use the Member’s CLI to “push” an HP 2512 or 2524 stack Member into a destination stack if you know the MAC address of the destination Commander.

  • Page 237: Using The Cli To Remove A Member From A Stack

    For example, suppose you have a Switch 2512 operating as the Commander for a temporary stack named “Test”. When it is time to eliminate the temporary “Test” stack and convert the Switch 2512 into a member of an existing stack named “Big_Waters”, you would execute the following commands in the CLI of the Switch 2512: Figure 9-33.

  • Page 238

    Remove this Member from the stack. Figure 9-34. Example of a Commander and Three Switches in a Stack You would then execute this command to remove the “North Sea” switch from the stack: where: • is the “North Sea” Member’s switch number ( •...

  • Page 239: Changes And Traffic Monitoring

    To find the switch number for the Member you want to access, execute the show stack view you wanted to configure a port trunk on the switch named “North Sea” in the stack named “Big_Waters”. Do do so you would go to the CLI for the “Big_Waters”...

  • Page 240: Snmp Community Operation In A Stack

    <MIB variable> 10.31.29.100 blue@sw1 Note that because the gray community is only on switch 3, you could not use the Commander IP address for gray community access from the management station. Instead, you would access switch 3 directly using the switch’s own IP address.

  • Page 241: Using The Cli To Disable Or Re-enable Stacking, Transmission Interval

    (Enables stacking on the switch.) Transmission Interval All switches in the stack must be set to the same transmission interval to help ensure proper stacking operation. HP recommends that you leave this param- eter set to the default 60 seconds. stack transmission-interval <seconds>...

  • Page 242: Web: Viewing And Configuring Stacking

    Configuring Advanced Features HP ProCurve Stack Management Stacking uses only the primary VLAN on each switch in a stack. The primary VLAN can be tagged or untagged as needed in the stacking path from switch to switch. The same VLAN ID (VID) must be assigned to the primary VLAN in each stacked switch.

  • Page 243: Status Messages

    If the switch is a Commander, use the [Stack Closeup] and [Stack Management] buttons for viewing and using stack features. To access the web-based Help provided for the switch, click on [?] in the web browser screen. Status Messages...

  • Page 244: Port-based Virtual Lans (static Vlans), Port-based Virtual Lans (static Vlans)

    VLANs configuring dynamic VLANs A VLAN is a group of ports designated by the switch as belonging to the same broadcast domain. (That is, all ports carrying traffic for a particular subnet address would normally belong to the same VLAN.)

  • Page 245

    An external router is required to enable separate VLANs on a switch to communicate with each other. For example, referring to figure 9-39, if ports 1 through 4 belong to VLAN_1...

  • Page 246

    Figure 9-40. Example of Overlapping VLANs Using the Same Server Similarly, using 802.1Q-compliant switches, you can connect multiple VLANs through a single switch-to-switch link. Figure 9-41. Example of Connecting Multiple VLANs Through the Same Link Introducing Tagged VLAN Technology into Networks Running Legacy (Untagged) VLANs.

  • Page 247: Overview Of Using Vlans, Vlan Support And The Default Vlan, Which Vlan Is Primary?

    VLANs and moving ports from the default VLAN to the new VLANs. (The switch supports up to 30 VLANs.) You can change the name of the default VLAN, but you cannot change the default VLAN’s VID (which is always “1”).

  • Page 248: Per-port Static Vlan Configuration Options

    Port-Based Virtual LANs (Static VLANs) DHCP or Bootp on different VLANs do not result in conflicting configuration values for the switch. The primary VLAN is the VLAN the switch uses to run and manage these features and data. In the factory-default configuration, the switch designates the default VLAN (DEFAULT_VLAN) as the primary VLAN.

  • Page 249

    Untagged Allows VLAN connection to a device that is configured for an untagged VLAN instead of a tagged VLAN. The switch allows no more than one untagged VLAN assignment per port. : Appears when the switch is not GVRP-enabled; prevents the port from - or - joining that VLAN.

  • Page 250: General Steps For Using Vlans, Notes On Using Vlans

    Any ports not specifically assigned to another VLAN will remain assigned to the DEFAULT_VLAN. To delete a VLAN from the switch, you must first remove from that VLAN any ports assigned to it. Changing the number of VLANs supported on the switch requires a reboot.

  • Page 251: Menu: Configuring Vlan Parameters, To Change Vlan Support Settings

    29 additional static VLANs by adding new VLAN names, and then assigning one or more ports to each VLAN. (The switch accepts a maximum of 30 VLANs, including the default VLAN and any dynamic VLANs the switch creates if you enable GVRP—page 9-77.) Note that each port can be assigned to multiple...

  • Page 252

    If you need more VLANs later, you can increase this number, but a switch reboot will be required at that time. Press [Enter] and then [S] to save the VLAN support configuration and return to the VLAN Menu screen.

  • Page 253: Adding Or Editing Vlan Names

    Type in a VID (VLAN ID number). This can be any number from 2 to 4095 that is not already being used by another VLAN. Remember that a VLAN must have the same VID in every switch in which you configure that same VLAN. (You can use GVRP to dynamically extend VLANs with correct VID numbering to other switches.

  • Page 254: Adding Or Changing A Vlan Port Assignment

    (Ports not specifically assigned to a VLAN are automat- ically in the default VLAN.) From the Main Menu select: 2. Switch Configuration 8. VLAN Menu . . . You will then see a VLAN Port Assignment screen similar to the following:...

  • Page 255

    Untagged, or Forbid). N o t e For GVRP Operation: If you enable GVRP on the switch, “No” converts to “Auto”, which allows the VLAN to dynamically join an advertised VLAN that has the same VID. See “Per-Port Options for Dynamic VLAN Advertising and Joining”...

  • Page 256: Cli: Configuring Vlan Parameters

    Return to the Main menu. CLI: Configuring VLAN Parameters In the factory default state, all ports on the switch belong to the default VLAN (DEFAULT_VLAN) and are in the same broadcast/multicast domain. (The default VLAN is also the default primary VLAN—see “Which VLAN Is Pri- mary?”...

  • Page 257

    9-67 (Available if GVRP enabled.) Displaying the Switch’s VLAN Configuration. The next command lists the VLANs currently running in the switch, with VID, VLAN name, and VLAN status. Dynamic VLANs appear only if the switch is running with GVRP enabled and one or more ports has dynamically joined an advertised VLAN.

  • Page 258

    Figure 9-51. Example of “Show VLAN” for a Specific Static VLAN Show VLAN lists this data when GVRP is enabled and at least one port on the switch has dynamically joined the designated VLAN. Figure 9-52. Example of “Show VLAN” for a Specific Dynamic VLAN 9-64 show vlan <vlan-id>...

  • Page 259

    Changing the Number of VLANs Allowed on the Switch. By default, the switch allows a maximum of 8 VLANs. You can specify any value from 1 to 30. (If GVRP is enabled, this setting includes any dynamic VLANs on the switch.) As part of implementing a new value, you must execute a write...

  • Page 260

    VLAN with that VID does not already exist, and places you in that VLAN’s context level. If you do not use the name option, the switch uses “VLAN” and the new VID to automatically name the VLAN. If the VLAN already exists, the switch places you in the context level for that VLAN.

  • Page 261

    VLAN in the same way that you would for any static VLAN. Syntax: If you need a VID reference, use show vlan to list the switch’s currently existing VLANs. For example, suppose a dynamic VLAN with a VID of 125 exists on the switch.

  • Page 262: Web: Viewing And Configuring Vlan Parameters

    In the web browser interface you can do the following: Add VLANs Rename VLANs Remove VLANs Configure GVRP security Select a new Primary VLAN 9-68 operation. Note that Auto is the default per-port setting for a static VLAN if GVRP is runing on the switch.

  • Page 263: Vlan Tagging Information

    (VLAN ID, or VID) assigned to a VLAN at the time that you configure the VLAN name in the switch. In the Series 2500 switches the tag can be any number from 1 to 4095 that is not already assigned to a VLAN.

  • Page 264

    Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Figure 9-54. Example of Tagged and Untagged VLAN Port Assignments In switch X: • VLANs assigned to ports X1 - X6 can all be untagged because there is only one VLAN assignment per port. Red VLAN traffic will go out only the Red ports;...

  • Page 265

    VLAN must be given the same VID in every device in which it is configured. That is, if the Red VLAN has a VID of 10 in switch X, then 10 must also be used for the Red VID in switch Y.

  • Page 266

    VLAN assigned per port. Port X1 has multiple VLANs assigned, which means that one VLAN assigned to this port can be untagged and any others must be tagged. The same applies to ports X2, Y1, and Y5. Switch X Port Red VLAN...

  • Page 267: Effect Of Vlans On Other Switch Features, Spanning Tree Protocol Operation With Vlans, Ip Interfaces

    9-110. Note that STP operates differently in different devices. For example, in the (non-802.1Q) HP Switch 2000 and the HP Switch 800T, STP operates on a per- VLAN basis, allowing redundant physical links as long as they are in separate VLANs.

  • Page 268: Vlan Mac Addresses, Port Trunks, Port Monitoring

    Port-Based Virtual LANs (Static VLANs) VLAN MAC Addresses The switch has one unique MAC address for each of its VLAN interfaces. You can send an 802.2 test packet to this MAC address to verify connectivity to the switch. Likewise, you can assign an IP address to the VLAN interface, and when you Ping that address, ARP will resolve the IP address to this MAC address.

  • Page 269: Vlan Restrictions

    DECnet Currently, the problem of duplicate MAC addresses in IPX and IP Host- Only environments is addressed through the HP router OS version described under “HP Router Requirements” on page 9-76. However, for XNS and DECnet environments, a satisfactory solution is not available from any vendor at this time.

  • Page 270: Symptoms Of Duplicate Mac Addresses In Vlan Environments

    Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) HP Router Requirements. Use the Hewlett-Packard version A.09.70 (or later) router OS release if any of the following Hewlett-Packard routers are installed in networks in which you will be using VLANs: HP Router 440 (formerly Router ER)

  • Page 271: Gvrp

    VLANs. In this manual, a GVRP BPDU is termed an advertisement. GVRP enables the Switch 2512/2524 to dynamically create 802.1Q-compliant VLANs on links with other devices running GVRP. This enables the switch to automatically create VLAN links between GVRP-aware devices. (A GVRP link can include intermediate devices that are not GVRP-aware.) This operation...

  • Page 272: General Operation

    N o t e There must be one common VLAN (that is, one common VID) connecting all of the GVRP-aware devices in the network to carry GVRP packets. HP recom- mends the default VLAN (DEFAULT_VLAN; VID = 1), which is automatically enabled and configured as untagged on every port of the Series 2500 switches).

  • Page 273

    Note that if a static VLAN is configured on at least one port of a switch, and that port has established a link with another device, then all other ports of that switch will send advertisements for that VLAN. For example, in the following figure, Tagged VLAN ports on switch “A” and switch “C”, below advertise VLANs 22 and 33 to ports on other GVRP-enabled...

  • Page 274: Per-port Options For Handling Gvrp "unknown Vlans", Per-port Options For Handling Gvrp "unknown Vlans

    “C” does not have this VLAN statically configured, VLAN 22 is handled as an “Unknown VLAN” on port 5 in switch “C”. Con- versely, if VLAN 22 was statically configured on switch C, but port 5 was not a member, port 5 would become a member when advertisements for VLAN 22 were received from switch “A”.

  • Page 275

    Prevents the port from dynamically joining a VLAN that is not statically configured on the switch. The port will still forward advertisements that were received by the switch on other ports. Block should typically be used on ports in unsecure networks, where there is exposure to “attacks”, such as ports where intruders can connect.

  • Page 276: Per-port Options For Dynamic Vlan Advertising And Joining

    Each port of a Series 2500 switch must be a Tagged or Untagged member of at least one VLAN. Thus, any port configured for GVRP to Learn or Block will generate and forward advertisements for the static VLAN(s) for which it has been configured as Tagged or Untagged .

  • Page 277: Gvrp And Vlan Access Control, Port-leave From A Dynamic Vlan

    Because dynamic VLANs operate as Tagged VLANs, and because a tagged port on one device cannot communicate with an untagged port on another device, HP recommends that you use Tagged VLANs for the static VLANs you will use to generate advertisements.

  • Page 278: Planning For Gvrp Operation, Configuring Gvrp On A Switch, Menu: Viewing And Configuring Gvrp

    “Unknown VLAN” parameter (Learn, Block, or Disable) for each port. Configure the static VLANs on the switch(es) where they are needed, along with the per-VLAN parameters (Tagged, Untagged, Auto, and Forbid— see table 9-9 on page 9-82) on the appropriate ports.

  • Page 279

    2. Switch Configuration . . . 8. VLAN Menu . . . Figure 9-60. The VLAN Support Screen (Default Configuration) Do the following to enable GVRP and display the Unknown VLAN fields: Press [E] (for Edit). b. Use [ v] to move the cursor to the GVRP Enabled field.

  • Page 280: Cli: Viewing And Configuring Gvrp

    Displaying the Switch’s Current GVRP Configuration. This command shows whether GVRP is disabled, along with the current settings for the maximum number of VLANs and the current Primary VLAN. (For more on the last two parameters, see “Port-Based Virtual LANs (Static VLANs)” on page 9-50.)

  • Page 281

    This example disables GVRP operation on the switch: Enabling and Disabling GVRP On Individual Ports. When GVRP is enabled on the switch, use the unknown-vlans command to change the Unknown VLAN field for one or more ports. You can use this command at either the Manager level or the interface context level for the desired port(s).

  • Page 282

    VLANs present in the switch. Syntax: For example, in the following illustration, switch “A” has one static VLAN (the default VLAN), with GVRP enabled and port 1 configured to Learn for Unknown VLANs. Switch “B” has GVRP enabled and has three static VLANs: the default VLAN, VLAN-222, and VLAN-333.

  • Page 283: Web: Viewing And Configuring Gvrp, Gvrp Operating Notes

    VLAN configuration. Within the same broadcast domain, a dynamic VLAN can pass through a device that is not GVRP-aware. This is because a hub or a switch that is not GVRP-ware will flood the GVRP (multicast) advertisement packets out all ports.

  • Page 284

    Configuring Advanced Features GVRP By receiving advertisements from other devices running GVRP, the switch learns of static VLANs on those other devices and dynamically (automat- ically) creates tagged VLANs on the links to the advertising devices. Similarly, the switch advertises its static VLANs to other GVRP-aware devices.

  • Page 285: Multimedia Traffic Control With Ip Multicast (igmp), Multimedia Traffic Control With Ip Multicast (igmp)

    IGMP (Internet Group Management Proto- col controls). In the factory default state (IGMP disabled), the switch forwards all IGMP traffic to all ports, which can cause unnecessary bandwidth usage on ports not belonging to multicast groups.

  • Page 286: Igmp Operating Features

    VLAN) context. IGMP requires an IP address and subnet mask for any VLAN used for IGMP traffic. If the switch relies on DHCP or Bootp to acquire an IP address, ensure that an IP addressing has been assigned to the appropriate VLANs by using Address Information”...

  • Page 287: Cli: Configuring And Displaying Igmp

    Querier: In the default state (enabled), eliminates the need for a multicast router. In most cases, HP recommends that you leave this parameter in the default “enabled” state even if you have a multicast router performing the querier function in your multicast group.

  • Page 288

    Multimedia Traffic Control with IP Multicast (IGMP) Viewing the Current IGMP Configuration. This command lists the IGMP configuration for all VLANs configured on the switch or for a specific VLAN. Syntax: (For IGMP operating status, see “Internet Group Management Protocol (IGMP) Status”...

  • Page 289

    N o t e If you disable IGMP on a VLAN and then later re-enable IGMP on that VLAN, the switch restores the last-saved IGMP configuration for that VLAN. For more on how switch memory operates, see appendic C, “Switch Memory and Configuration”.

  • Page 290

    VLAN context to specify how each port should handle IGMP traffic. Syntax: Default: For example, suppose you wanted to configure IGMP as follows for VLAN 1 on the 10/100 ports on the Switch 2512: Ports 1-7 Port 8 Ports 9-12...

  • Page 291: Web: Enabling Or Disabling Igmp, How Igmp Operates

    Default: Web: Enabling or Disabling IGMP In the web browser interface you can enable or disable IGMP on a per-VLAN basis. To configure other IGMP features, telnet to the switch console and use the CLI. To Enable or Disable IGMP Click on the Configuration tab.

  • Page 292: Role Of The Switch

    The following example illustrates this operation. Figure 9-67 on page 9-99 shows a network running IGMP. PCs 1 and 4, switch 2, and all of the routers are members of an IP multicast group. (The routers operate as queriers.) 9-98 querier feature enabled.) A set...

  • Page 293

    Thus, it is sending large amounts of unwanted multicast traffic out the ports to PCs 2 and 3. Switch 2 is recognizing IGMP traffic and learns that PC 4 is in the IP multicast group receiving multicast data from the video server (PC X).

  • Page 294

    Running Here Figure 9-68. Isolating IP Multicast Traffic in a Network In the above figure, the multicast group traffic does not go to switch 1 and beyond because either the port on switch 3 that connects to switch 1 has been configured as blocked or there are no hosts connected to switch 1 or switch 2 that belong to the multicast group.

  • Page 295: Number Of Ip Multicast Addresses Allowed, Interaction With Multicast Traffic/security Filters

    Number of IP Multicast Addresses Allowed Multicast filters and IGMP filters (addresses) together can total up to 255 in the switch. If multiple VLANs are configured, then each filter is counted once per VLAN in which it is used. Interaction with Multicast Traffic/Security Filters.

  • Page 296: Spanning Tree Protocol (stp), Spanning Tree Protocol (stp)

    N o t e You should enable STP in any switch that is part of a redundant physical link (loop topology). (It is recommended that you enable STP on all switches belonging to a loop topology.) This topic is covered in more detail under “How STP Operates”...

  • Page 297: Menu: Configuring Stp

    STP was disabled. C a u t i o n Because the switch automatically gives faster links a higher priority, the default STP parameter settings are usually adequate for spanning tree operation. Also because incorrect STP settings can adversely affect network performance, you should not make changes unless you have a strong under- standing of how STP operates.

  • Page 298

    Configuring Advanced Features Spanning Tree Protocol (STP) Read-Only Fields Figure 9-69. Example of the STP Configuration Screen If the remaining STP parameter settings are adequate for your network, go to step 8. Use [Tab] or the arrow keys to select the next parameter you want to change, then type in the new value or press the Space Bar to select a value.

  • Page 299: Cli: Configuring Stp

    See “Spanning Tree Protocol (STP) Information” on page 10-15 Viewing the Current STP Configuration. Regardless of whether STP is disabled (the default), this command lists the switch’s full STP configuration, including general settings and port settings. show spanning-tree configuration...

  • Page 300

    C a u t i o n Because incorrect STP settings can adversely affect network performance, HP recommends that you use the default STP parameter settings. You should not change these settings unless you have a strong understanding of how STP operates.

  • Page 301

    STP (if not already enabled) and configures the following per-port parameters: Table 9-11.Per-Port STP Parameters Name Default Range path-cost Ethernet: 100 1 - 65535 Assigns an individual port cost that the switch uses 10/100Tx: 100 Fx: Gigabit: priority 0 - 255 mode...

  • Page 302: Web: Enabling Or Disabling Stp, How Stp Operates

    5 and 6 to a path cost of Web: Enabling or Disabling STP In the web browser interface you can enable or disable STP on the switch. To configure other STP features, telnet to the switch console and use the CLI.

  • Page 303: Stp Fast Mode

    (Forwarding or Blocking, as determined by the STP negotiation). This sequence takes two times the forward delay value configured for the switch. The default is 15 seconds on HP switches, per the IEEE 802.1D standard recommendation, resulting in a total STP negotiation time of 30 seconds. Each switch port goes through this start-up sequence whenever the network con- nection is established on the port.

  • Page 304: Stp Operation With 802.1q Vlans

    VLANs, spanning tree will block all but one of those links. However, if you need to use STP on the Switch 2512 or Switch 2524 in a VLAN environment with redundant physical links, you can prevent blocked redundant links by using a port trunk.

  • Page 305

    Problem: STP enabled with 2 separate (non-trunked) links blocks a VLAN link. Nodes 1 and 2 cannot communicate because STP is blocking the link. Figure 9-72. Example of Using a Trunked Link with STP and VLANs For more information, refer to “Spanning Tree Protocol Operation with VLANs”...

  • Page 306

    Configuring Advanced Features Spanning Tree Protocol (STP) 9-112...

  • Page 307

    CLI Access ..........10-5 Switch Management Address Information ..... . 10-6 Menu Access .

  • Page 308

    Counters: Display details of traffic volume on individual ports. Event Log: Lists switch operating events. Alert Log: Lists network occurrences detected by the switch (in the Status | Overview screen of the web browser interface). Configurable trap receivers: Uses SNMP to enable management sta- tions on your network to receive SNMP traps from the switch.

  • Page 309: Status And Counters Data

    N o t e You can access all console screens from the web browser interface via Telnet to the console. Telnet access to the switch is available in the Device View window under the Configuration tab. Status or Counters Type...

  • Page 310: Menu Access To Status And Counters

    Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access To Status and Counters Beginning at the Main Menu, display the Status and Counters menu by select- ing: 1. Status and Counters Figure 10-1. The Status and Counters Menu Each of the above menu items accesses the read-only screens described on the following pages.

  • Page 311: General System Information, Menu Access, Cli Access

    From the console Main Menu, select: 1. Status and Counters 1. General System Information Figure 10-2. Example of General Switch Information This screen dynamically indicates how individual switch resources are being used. See the online Help for details. CLI Access show system-information...

  • Page 312: Switch Management Address Information, Menu Access, Cli Access

    Figure 10-3. Example of Management Address Information with VLANs Configured This screen displays addresses that are important for management of the switch. If multiple VLANs are not configured, this screen displays a single IP address for the entire switch. See the online Help for details.

  • Page 313: Menu: Displaying Port Status, Port Status, Cli Access, Web Access

    1. Status and Counters . . .3. Port Status Figure 10-4. Example of Port Status on the Menu Interface CLI Access show interfaces Syntax: Web Access Click on the Status tab. Click on [Port Status]. Monitoring and Analyzing Switch Operation Status and Counters Data 10-7...

  • Page 314: Viewing Port And Trunk Group Statistics

    These features enable you to determine the traffic patterns for each port since the last reboot or reset of the switch. You can display: A general report of traffic on all LAN ports and trunk groups in the switch A detailed summary of traffic on a selected port or trunk group.

  • Page 315: Menu Access To Port And Trunk Statistics

    Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to Port and Trunk Statistics To access this screen from the Main Menu, select: 1. Status and Counters . . . 4. Port Counters Figure 10-5. Example of Port Counters on the Menu Interface To view details about the traffic on a particular port, use the [ v] key to highlight that port number, then select Show Details.

  • Page 316: Cli Access To Port And Trunk Group Statistics

    CLI Access To Port and Trunk Group Statistics To Display the Port Counter Summary Report. This command provides an overview of port activity for all ports on the switch. Syntax: To Display a Detailed Traffic Summary for a Specific Port. This com- mand provides traffic details for the port you specify.

  • Page 317: Viewing The Switch's Mac Address Tables

    VLAN searching for a MAC address These features help you to view: The MAC addresses that the switch has learned from network devices attached to the switch The port on which each MAC address was learned Monitoring and Analyzing Switch Operation...

  • Page 318: Menu Access To The Mac Address Views And Searches

    Menu Access to the MAC Address Views and Searches Switch-Level MAC-Address Viewing and Searching. This feature lets you determine which switch port is being used to communicate with a specific device on the network. The listing includes: The MAC addresses that the switch has learned from network devices...

  • Page 319

    Type the MAC address you want to locate and press [Enter]. The address and port number are highlighted if found. If the switch does not find the address, it leaves the MAC address listing empty. Located MAC Address and Corresponding Port Number Figure 10-8.

  • Page 320: Cli Access For Mac Address Views And Searches

    Status and Counters Data Type the MAC address you want to locate and press [Enter]. The address is highlighted if found. If the switch does not find the address, it leaves the MAC address listing empty. CLI Access for MAC Address Views and Searches...

  • Page 321: Spanning Tree Protocol (stp) Information, Menu Access To Stp Data

    1. Status and Counters . . . 7. Spanning Tree Information STP must be enabled on the switch to display the following data: Figure 10-10.Example of Spanning Tree Information Use this screen to determine current switch-level STP parameter settings and statistics.

  • Page 322: Cli Access To Stp Data

    Monitoring and Analyzing Switch Operation Status and Counters Data Figure 10-11.Example of STP Port Information CLI Access to STP Data This option lists the STP configuration, root data, and per-port data (cost, priority, state, and designated bridge). Syntax: 10-16 show spanning-tree...

  • Page 323: Internet Group Management Protocol (igmp) Status

    Internet Group Management Protocol (IGMP) Status The switch uses the CLI to display the following IGMP status on a per-VLAN basis: Show Command Output show ip igmp Global command listing IGMP status for all VLANs configured in the switch: • VLAN ID (VID) and name •...

  • Page 324: Vlan Information

    1, 2 3, 4 The next three figures show how you could list data on the above VLANs. Listing the VLAN ID (VID) and Status for ALL VLANs in the Switch. Figure 10-13.Example of VLAN Listing for the Entire Switch 10-18...

  • Page 325

    Listing the VLAN ID (VID) and Status for Specific Ports. Because ports 1 and 2 are not members of VLAN-44, it does not appear in this listing. Figure 10-14.Example of VLAN Listing for Specific Ports Listing Individual VLAN Status. Monitoring and Analyzing Switch Operation Status and Counters Data 10-19...

  • Page 326: Web Browser Interface Status Information

    Alert Log, which informs you of any problems that may have occurred on the switch. For more information on this screen, see chapter 4, “Using the HP Web Browser Interface”. Port...

  • Page 327: Port Monitoring Features

    You can designate a port for monitoring traffic of one or more other ports or of a single VLAN configured on the switch. The switch monitors the network activity by copying all traffic from the specified monitoring sources (ports or VLAN) to the designated monitoring port, to which a network analyzer can be attached.

  • Page 328: Menu: Configuring Port Monitoring

    Monitoring and Analyzing Switch Operation Port Monitoring Features Menu: Configuring Port Monitoring This procedure describes configuring the switch for monitoring when moni- toring is disabled. (If monitoring has already been enabled, the screens will appear differently than shown in this procedure.) From the Console Main Menu, Select: 2.

  • Page 329

    Press the downarrow keyto move to the VLAN parameter (figure 10-18 on page page 10-24). iii. Press the Space bar again to select the VLAN that you want to monitor. Monitoring and Analyzing Switch Operation Port Monitoring Features Move the cursor to the Monitoring Port parameter.

  • Page 330: Cli: Configuring Port Monitoring

    Syntax: For example, if you assign port 12 as the monitoring port and configure the switch to monitor ports 1 - 3, show mirror-port displays the following: 10-24 exit from the screen.

  • Page 331

    For example, with a monitoring (mirror) port configured (above), you could select ports 1 and 2 for monitoring: Figure 10-20.Examples of Selecting Ports and VLANs as Monitoring Sources Monitoring and Analyzing Switch Operation Port Monitoring Features Port receiving monitored traffic.

  • Page 332: Web: Configuring Port Monitoring

    Monitoring and Analyzing Switch Operation Port Monitoring Features Figure 10-21.Examples of Removing Ports and VLANs as Monitoring Sources Web: Configuring Port Monitoring To enable port monitoring: Click on the Configuration tab. Click on [Monitor Port]. Do either of the following: •...

  • Page 333

    Troubleshooting Chapter Contents Overview ........... . 11-2 Troubleshooting Approaches .

  • Page 334

    Overview This chapter addresses performance-related network problems that can be caused by topology, switch configuration, and the effects of other devices or their configurations on switch operation. (For switch-specific information on hardware problems indicated by LED behavior, cabling requirements, and other potential hardware-related problems, refer to the installation guide you received with the switch.)

  • Page 335: Troubleshooting Approaches

    Installation Guide shipped with the switch for correct cable types and connector pin-outs. Use HP TopTools for Hubs & Switches (if installed on your network) to help isolate problems and recommend solutions. HP TopTools is shipped at no extra cost with the switch.

  • Page 336: Browser Or Console Access Problems

    DHCP/Bootp server configuration to verify correct IP addressing. If you are using DHCP to acquire the IP address for the switch, the IP address “lease time” may have expired so that the IP address has changed. For more information on how to “reserve” an IP address, refer to the documentation for the DHCP application that you are using.

  • Page 337

    Note: If DHCP/Bootp is used to configure the switch, see the Note, above. If you are using DHCP to acquire the IP address for the switch, the IP address “lease time” may have expired so that the IP address has changed.

  • Page 338: Unusual Network Activity, General Problems

    Unusual network activity is usually indicated by the LEDs on the front of the switch or measured with the switch console interface or with a network management tool such as the HP TopTools for Hubs & Switches. Refer to the Installation Guide you received with the switch for information on using LEDs to identify unusual network activity.

  • Page 339: Igmp-related Problems

    Filter Traffic. The IGMP feature does not operate if the switch or VLAN does not have an IP address configured manually or obtained through DHCP/Bootp. To verify whether an IP address is configured for the switch or VLAN, do either of the following: Try Using the Web Browser Interface: If you can access the web browser interface, then an IP address is configured.

  • Page 340: Problems Related To Spanning-tree Protocol (stp), Stacking-related Problems, Timep Or Gateway Problems

    STP Blocks a Link in a VLAN Even Though There Are No Redundant Links in that VLAN. In 802.1Q-compliant switches such as the Switch 2512 and Switch 2524, STP blocks redundant physical links even if they are in separate VLANs. A solution is to use only one, multiple-VLAN (tagged) link between the devices.

  • Page 341: Vlan-related Problems

    “Tagged” or “Untagged”. A VLAN assigned to a port connecting two 802.1Q- compliant devices must be configured the same on both ports. For example, VLAN_1 and VLAN_2 use the same link between switch “X” and switch “Y”. Link supporting VLAN_1 and VLAN_2 Switch “X”...

  • Page 342

    Similarly, if VLAN_2 (VID=2) is configured as “Tagged on the link port on switch “A”, then it must also be configured as “Tagged” on the link port on switch “B”. Make sure that the VLAN ID (VID) is the same on both switches.

  • Page 343: Using The Event Log To Identify Problem Sources

    The event log window contains 14 log entry lines and can be positioned to any location in the log. The event log will be erased if power to the switch is interrupted. (The event log is not erased by using the Reboot Switch command in the Main Menu.) Troubleshooting...

  • Page 344: Menu: Entering And Navigating In The Event Log

    Troubleshooting Using the Event Log To Identify Problem Sources Table 11-1. Event Log System Modules Module Event Description addrMgr Address table chassis switch hardware bootp bootp addressing console Console interface dhcp DHCP addressing download file transfer Find, Fix, and Inform) -- available in the...

  • Page 345: Cli:

    Display Help for the event log. CLI: Using the CLI, you can list Events recorded since the last boot of the switch All events recorded Event entries containing a specific keyword, either since the last boot or all events recorded Syntax: show logging [-a] [<search-text>]...

  • Page 346: Diagnostic Tools, Ping And Link Tests

    To respond to a Ping test or a Link test, the device you are trying to reach must be IEEE 802.3-compliant. Ping Test. This is a test of the path between the switch and another device on the same or another IP network that can respond to IP packets (ICMP Echo Requests).

  • Page 347: Web: Executing Ping Or Link Tests

    Destination IP/MAC Address is the network address of the target, or destination, device to which you want to test a connection with the switch. An IP address is in the X.X.X.X format where X is a decimal number between 0 and 255. A MAC address is made up of 12 hexadecimal digits, for example, 0060b0-080400.

  • Page 348: Cli: Ping Or Link Tests

    Troubleshooting Diagnostic Tools Number of Packets to Send is the number of times you want the switch to attempt to test a connection. Timeout in Seconds is the number of seconds to allow per attempt to test a connection before determining that the current attempt has failed.

  • Page 349

    Link Tests. You can issue single or multiple link tests with varying repititions and timeout periods. The defaults are: Repetitions: 1 (1 - 9999) Timeout: 5 seconds (1 - 256 seconds) link <mac-address> [repetitions <1 - 999>] [timeout <1 - 256>] Syntax: Basic Link Test Link Test with...

  • Page 350: Displaying The Configuration File, Cli: Viewing The Configuration File, Web: Viewing The Configuration File

    Diagnostic Tools Displaying the Configuration File The complete switch configuration is contained in a file that you can browse from either the web browser interface or the CLI. It may be useful in some troubleshooting scenarios to view the switch configuration.

  • Page 351: Cli Administrative And Troubleshooting Commands

    CLI Administrative and Troubleshooting Commands These commands provide information or perform actions that you may find helpful in troubleshooting operating problems with the switch. N o t e For more on the CLI, refer to chapter 3, "Using the Command Line Reference (CLI).

  • Page 352: Restoring The Factory-default Configuration, Cli: Resetting To The Factory-default Configuration

    Clear/Reset button combination N o t e HP recommends that you save your configuration to a TFTP server before resetting the switch to its factory-default configuration. You can also save your configuration via Xmodem, to a directly connected PC.

  • Page 353: Appendix Contents, Transferring Switch Configurations

    Troubleshooting TFTP Downloads ....... . A-9 Transferring Switch Configurations ....... A-10...

  • Page 354: Downloading An Operating System (os), Overview

    (OS) code to the switch: The TFTP feature (Download OS) command in the Main Menu of the switch console interface (page A-3) HP’s SNMP Download Manager included in HP TopTools for Hubs & Switches A switch-to-switch file transfer Xmodem transfer method N o t e Downloading a new OS does not change the current switch configuration.

  • Page 355: Using Tftp To Download The Os File From A Server

    This procedure assumes that: An OS file for the switch has been stored on a TFTP server accessible to the switch. (The OS file is typically available from HP’s electronic ser- vices—see the support and warranty booklet shipped with the switch.) The switch is properly connected to your network and has already been configured with a compatible IP address and subnet mask.

  • Page 356: Menu: Tftp Download From A Server

    Transferring an Operating System or Startup Configuration File Downloading an Operating System (OS) Menu: TFTP Download from a Server In the console Main Menu, select Download OS to display this screen: Figure A-15. Example of the Download OS Screen (Default Values) Press [E] (for Edit).

  • Page 357: Cli: Tftp Download From A Server

    When the switch finishes downloading the OS file from the server, it displays this progress message: Validating and Writing System Software to FLASH . . . After the switch reboots, it displays the CLI or Main Menu, depending on the Logon Default setting last configured in the menu’s Switch Setup screen.

  • Page 358: Using The Snmp-based Software Update Utility, Series 2500 Switch-to-switch Download, Menu: Switch-to-switch Download

    HP TopTools for Hubs & Switches includes a software update utility for updating on HP ProCurve switch products such as the Series 2500 switches. For further information, refer to the HP TopTools for Hubs & Switches User Guide, provided electronically with the HP TopTools software.

  • Page 359: Cli: Switch-to-switch Download, Using Xmodem To Download The Os File From A Pc

    CLI: Switch-To-Switch Download Syntax: copy tftp flash <ip-addr> flash For example, to download an OS file from a Switch 2512 with an IP address of 10.28.227.103: Running Total of Bytes Downloaded Figure 8-17.Switch-To-Switch OS Download Using the CLI Using Xmodem to Download the OS File From a PC...

  • Page 360: Cli: Xmodem Download From A Pc Or Unix Workstation

    Downloading an Operating System (OS) The download can take several minutes, depending on the baud rate used for the transfer. When the download finishes, the switch automatically reboots itself and begins running the new OS version. To confirm that the operating system downloaded correctly: From the Main Menu, select 1.

  • Page 361: Troubleshooting Tftp Downloads

    Figure A-18. Example of Message for Download Failure To find more information on the cause of a download failure, examine the messages in the switch’s Event Log by executing this CLI command: (For more on the Event Log, see “Using the Event Log To Identify Problem Sources”...

  • Page 362: Transferring Switch Configurations

    N o t e If an error occurs in which normal switch operation cannot be restored, the switch automatically reboots itself. In this case, an appropriate message is displayed in the copyright screen that appears after the switch reboots.

  • Page 363

    13.28.227.105: Xmodem: Copying a Configuration from the Switch to a Serially Connected PC or Unix Workstation. To use this method, the switch must be connected via the serial port to a PC or Unix workstation to which you want to copy the configuration file.

  • Page 364

    Transferring Switch Configurations Xmodem: Copying a Configuration from a Serially Connected PC or Unix Workstation. To use this method, the switch must be connected via the serial port to a PC or Unix workstation on which is stored the configuration file you want to copy.

  • Page 365: Appendix B Contents

    Determining MAC Addresses ........B-2 Menu: Viewing the Switch’s MAC Addresses ..... B-3 CLI: Viewing the Port and VLAN MAC Addresses .

  • Page 366: Determining Mac Addresses

    VLAN you have configured on the switch. N o t e The switch’s base MAC address is used for the default VLAN (VID = 1) that is always available on the switch. Use the CLI to view the switch’s port MAC addresses in hexadecimal format.

  • Page 367

    Base switch (default VLAN; VID = 1) Any additional VLANs configured on the switch. Also, the Base MAC address appears on a label on the back of the switch. N o t e The Base MAC address is used by the first (default) VLAN in the switch. This is usually the VLAN named “DEFAULT_VLAN”...

  • Page 368

    This procedure displays the MAC addresses for all ports and existing VLANs in the switch, regardless of which VLAN you select. If the switch is at the CLI Operator level, use the enable command to enter the Manager level of the CLI.

  • Page 369

    Switch Memory and Configuration Appendix Contents Appendix Contents ......... . . C-1 Overview .

  • Page 370: Overview Of Configuration File Management, Overview

    Running Config File: Exists in volatile memory and controls switch operation. If no configuration changes have been made in the CLI since the switch was last booted, the running-config file is identical to the startup-config file. Startup-config File: Exists in flash (non-volatile) memory and is used to preserve the most recently-saved configuration as the "permanent"...

  • Page 371

    5: The above command disables port 5 in the running-config file, but not in the startup-config file. Port 5 remains disabled only until the switch reboots. If you want port 5 to remain disabled through the next reboot, use to save the current running-config file to the startup-config file in flash memory.

  • Page 372: Using The Cli To Implement Configuration Changes

    How To Use the CLI To Reconfigure Switch Features. Use this proce- dure to permanently change the switch configuration (that is, to enter a change in the startup-config file). Use the appropriate CLI commands to reconfigure the desired switch parameters.

  • Page 373

    Syntax: For example, the default port mode setting is uses Cat 3 wiring and you want to connect the switch to another autosensing device capable of 100 Mbps operation. Because 100 Mbps over Cat 3 wiring can introduce transmission problems, the recommended port mode is which allows the port to negotiate full- or half-duplex, but restricts speed to 10 Mbps.

  • Page 374

    If you use the CLI to make a change to the running-config file, you must use write memory is, if you use the CLI to change a parameter setting, but then reboot the switch from either the CLI or the menu interface without first executing the...

  • Page 375: Configuration Changes, Using The Menu Interface To Implement Configuration Changes

    Syntax: For example: Press [Y] to replace the current configuration with the factory default config- uration and reboot the switch. Press [N] to retain the current configuration and prevent a reboot. Using the Menu and Web Browser Interfaces To Implement Configuration...

  • Page 376

    (even if you execute a Save operation in the menu interface). If you then execute a switch reboot command in the menu inter- face, the switch discards the configuration changes made while using the CLI.

  • Page 377: Rebooting From The Menu Interface

    To Reboot the switch, use the Reboot Switch option in the Main Menu. (Note that the Reboot Switch option is not available if you log on in Operator mode; that is, if you enter an Operator password instead of a manager password at the password prompt.)

  • Page 378

    Configuration Changes You can use the web browser interface to simultaneously save and implement a subset of switch configuration changes without having to reboot the switch. That is, when you save a configuration change (in most cases, by clicking on [Apply Changes] or [Apply Settings], you simultaneously change both the running- config file and the startup-config file.

  • Page 379

    This information applies to the following HP ProCurve switches: • 2512 • 2524 HP ProCurve switches provide a way to automatically adjust the system clock for Daylight Savings Time (DST) changes. For the following switches, HP ProCurve Switch 212M, 224M, 1600M, 2400M, 2424M, 4000M, and 8000M, the user defines the month and date to begin and end the change from standard time.

  • Page 380

    Daylight Savings Time on HP ProCurve Switches Middle Europe and Portugal: • Begin DST at 2am the first Sunday on or after March 25th. • End DST at 2am the first Sunday on or after September 24th. Southern Hemisphere: •...

  • Page 381

    Before configuring a "User defined" Daylight Time Rule, it is important to understand how the switch treats the entries. The switch knows which dates are Sundays, and uses an algorithm to determine on which date to change the system clock, given the configured "Beginning day" and "Ending day": If the configured day is a Sunday, the time changes at 2am on that day.

  • Page 383

    Index Numerics 802.1Q VLAN standard … 9-102 802.3u auto negotiation standard … 6-3 A.09.70 router release … 9-76 access manager … 8-6 operator … 8-6 access levels, authorized IP managers … 7-31 Actions line … 2-9–2-11 location on screen … 2-9 active path …...

  • Page 384

    … 11-14 DNS name … 4-6 domain … 9-57, 9-62 Domain Name Server … 4-6 download SNMP-based … A-6 switch-to-switch … A-6 troubleshooting … A-9 Xmodem … A-7 download OS … A-6 download, TFTP … A-2–A-4 duplicate IP address effect on authorized IP managers …...

  • Page 385

    HP Router 470 … 9-76 HP Router 480 … 9-76 HP Router 650 … 9-76 HP TopTools See TopTools HP web browser interface … 1-5 ICANN … 5-15 IEEE 802.1d … 9-102, 11-8 IEEE 802.3ab … 6-4 IGMP benefits … 9-91 configuration …...

  • Page 386

    configure per VLAN … 9-92 effect on filters … 9-101 example … 9-98–9-100 filter override … 9-101 high-priority forwarding … 9-92 host not receiving … 11-7 IP address required … 9-92 IP multicast address range … 9-101 leave group … 9-98 maximum address count …...

  • Page 387

    … 2-10 message inconsistent value … 7-19 VLAN already exists … 9-68 MIB … 8-4 MIB listing … 8-3 MIB, HP proprietary … 8-3 MIB, standard … 8-3 Microsoft Internet Explorer … 4-5 mirroring See port monitoring. Monitor parameter … 10-23 monitoring a VLAN …...

  • Page 388

    Address Table screen … 9-76 auto negotiation … 6-4 auto, IGMP … 9-92 auto-negotiation … 6-3 blocked by STP operation … 9-108 blocked, IGMP … 9-92 CLI access … 6-6 context level … 6-8 cost See spanning tree protocol. counters … 10-8 counters, reset …...

  • Page 389

    … 10-15 using with port trunking … 6-15 VLAN effect on … 9-73 stacking benefits … 9-5–9-6 minimum software version, other HP switches … 9-11 primary … 9-48 standard MIB … 8-3 starting a console session … 2-4 static VLAN, convert to … 9-77 statistical sampling …...

  • Page 390

    Unix, Bootp … 5-13 unrestricted write access … 8-6 unusual network activity … 11-6 up time … 10-5 URL … 4-14 browser interface online help location … 4-14 HP ProCurve … 4-14 management … 4-14 management server … 4-13–4-14 support … 4-13–4-14...

  • Page 391

    … 9-75 spanning tree operation … 9-110 stacking, primary VLAN … 9-54 static … 9-50, 9-54, 9-57, 9-62 support enable/disable … 2-8 switch capacity … 9-50 tagged … 9-51 tagging … 9-69, 9-71 tagging broadcast, multicast, and unicast traffic … 11-9 unknown VLAN …...

  • Page 392

    IP managers … 7-35–7-36 IGMP … 9-97 port security … 7-21 STP … 9-108 web server, proxy … 7-29 web site, HP … 8-4 world wide web site, HP See HP ProCurve write access … 8-6 write memory … 9-89 Xmodem OS download …...

This manual also for:

Procurve 2512, Procurve 2524

Comments to this Manuals

Symbols: 0
Latest comments: