HP ProCurve Switches 2512 and 2524 Software Release F.01or Greater Management and Configuration Guide...
Hewlett-Packard. Warranty See the Customer Support/Warranty booklet included with the product. A copy of the specific warranty terms applicable to your Hewlett-Packard products and replacement parts can be obtained from your HP Sales and Service Office or authorized dealer.
Interface (hereafter referred to as the “web browser interface”), use the online help available for the web browser interface. For more information on web browser Help options, refer to “Online Help for the HP Web Browser Interface” on page 4-12.
For information on how to access the web browser interface Help, see “Online Help for the Web Browser Interface” on page 4-12. To use HP TopTools for Hubs & Switches, refer to the HP TopTools User’s Guide and the TopTools online help, which are available electronically with the TopTools software.
• Software downloads Offers out-of-band access (through the RS-232 connection) to the switch, so network bottlenecks, crashes, lack of configured or correct IP address, and network downtime do not slow or prevent access Enables Telnet (in-band) access to the menu functionality.
To monitor and analyze switch operation, see chapter 10, "Monitoring and Analyzing Switch Operation". For information on individual CLI commands, refer to the Index or to the "Command Line Interface Reference Guide" available on HP’s ProCurve website at http://www.hp.com/go/procurve Operator Level...
Advantages of Using the HP Web Browser Interface Figure 1-3. Example of the HP Web Browser Interface Easy access to the switch from anywhere on the network Familiar browser interface--locations of window objects consistent with commonly used browsers, uses mouse clicking for navigation, no...
Advantages of Using HP TopTools for Hubs & Switches You can operate HP TopTools from a PC on the network to monitor traffic, manage your hubs and switches, and proactively recommend network changes to increase network uptime and optimize performance. Easy to install and use, HP TopTools for Hubs &...
Advantages of Using HP TopTools for Hubs & Switches • Notifies you when HP hubs use “self-healing” features to fix or limit common network problems. • Provides a list of discovered devices, with device type, connectivity status, the number of new or open alerts for each device, and the type of management for each device.
Selecting a Management Interface Advantages of Using HP TopTools for Hubs & Switches...
Event Log, and the Operator level in the CLI. After you configure passwords on the switch and log off of the interface, access to the menu interface (and the CLI and web browser interface) will require entry of either the Manager or Operator password.
This section assumes that either a terminal device is already configured and connected to the switch (see the Installation Guide shipped with your switch) or that you have already configured an IP address on the switch (required for Telnet access).
• A PC terminal emulator or terminal • Telnet (You can also use the stack Commander if the switch is a stack member. See "HP ProCurve Stack Management" on ). Do one of the following: • If you are using Telnet, go to step 3.
For a description of Main Menu features, see “Main Menu Features” on page 2-7. N o t e To configure the switch to start with the menu interface instead of the CLI, go to the Manager level prompt, enter the setup...
Telnet session. If you have made configuration changes that require a switch reboot— that is, if an asterisk (*) appears next to a configured item or next to Switch Configuration in the Main menu: Return to the Main menu.
The Main Menu gives you access to these Menu interface features: Status and Counters: Provides access to display screens showing switch information, port status and counters, port and VLAN address tables, and spanning tree information. (See chapter 10, “Monitoring and Analyzing Switch Operation”.)
Stacking: Enables you to use a single IP address and standard network cabling to manage a group of up to 16 switches in the same subnet (broadcast domain). See “HP ProCurve Stack Management” on page 9-5. Logout: Closes the Menu interface and console session, and disconnects Telnet access to the switch.
Screen Structure and Navigation Menu interface screens include these three elements: Parameter fields and/or read-only information such as statistics Navigation and configuration actions, such as Save, Edit, and Cancel Help line to describe navigation options, individual parameters, and read- only data For example, in the following System Information screen: Screen title –...
(or flash) memory, and it is therefore not necessary to reboot the switch after making these changes. But if an asterisk appears next to any menu item you reconfigure, the switch will not activate or save the change for that item until you reboot the switch.
To get Help on individual parameter descriptions. In most screens there is a Help option in the Actions line. Whenever any of the items in the Actions line is highlighted, press [H], and a separate help screen is displayed. For example: Highlight on any item in the Actions line indicates that the...
To Reboot the switch, use the Reboot Switch option in the Main Menu. (Note that the Reboot Switch option is not available if you log on in Operator mode; that is, if you enter an Operator password instead of a manager password at the password prompt.)
Rebooting To Activate Configuration Changes. Configuration changes for most parameters become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the VLANs to support parameter select 2. Switch Configuration, then 8. VLAN Menu, then...
Using the Menu Interface Menu Features List Menu Features List Status and Counters • General System Information • Switch Management Address Information • Port Status • Port Counters • Address Table • Port Address Table • Spanning Tree Information Switch Configuration •...
Where To Go From Here Where To Turn See the Installation and Getting Started Guide shipped with the switch. “HP ProCurve Stack Management” on page 9-5 Chapter 10, "Monitoring and Analyzing Switch Operation" "Using Password Security" on page 7-4 "Using the Event Log To Identify Problem Sources"...
Using the Menu Interface Where To Go From Here 2-16...
Using the Command Line Interface (CLI) Chapter Contents Overview............3-2 Accessing the CLI .
Overview The CLI is a text-based command interface for configuring and monitoring the switch. The CLI gives you access to the switch’s full set of commands while providing the same password protection that is used in the web browser interface and the menu interface.
CLI levels. (For more on setting passwords, see "Using Password Security" on page 7-4.) When you use the CLI to log on to the switch, and passwords are set, you will be prompted to enter a password. For example: Password Prompt Figure 3-1.
Using the CLI C a u t i o n HP strongly recommends that you configure a Manager password. If a Man- ager password is not configured, then the Manager level is not password- protected, and anyone having in-band or out-of-band access to the switch may be able to reach the Manager level and compromise switch and network security.
Global Configuration level: Provides all Operator and Manager level privileges, and enables you to make configuration changes to any of the switch’s software features. The prompt for the Global Configuration level includes the system name and " config command at the Manager prompt. For example: (Enter config at the Manager prompt.)
Execute context-specific configuration commands, such as a particular VLAN or switch port. This is useful for shortening the command strings you type, and for entering a series of commands for the same context. For a list of available commands, enter at the prompt.
—or— Moving Between the CLI and the Menu Interface. When moving between interfaces, the switch retains the current privilege level (Manager or Operator). That is, if you are at the Operator level in the menu and select the Command Line Interface (CLI) option from the Main Menu, the CLI prompt appears at the Operator level.
Using the Command Line Interface (CLI) Using the CLI For example, if you use the CLI to set a Manager password, and then later use the Setup screen (in the menu interface) to set a different Manager password, then the first password will be replaced by the second one. Listing Commands and Command Options At any privilege level you can: List all of the commands available at that level...
Typing ? at the Manager level produces this listing: When - - MORE - - appears, use the Space bar or [Return] to list additional commands. Figure 3-4. Example of the Manager-Level Command Listing When - - MORE - - appears, there are more commands in the listing. To list the next screenfull of commands, press the Space bar.
Using the Command Line Interface (CLI) Using the CLI As mentioned above, if you type part of a command word and press [Tab], the CLI completes the current word (if you have typed enough of the word for the CLI to distinguish it from other possibilities), including hyphenated exten- sions.
Help summaries for both the Operator and Manager levels, and so on. help Syntax: For example, to list the Operator-Level commands with their purposes: Using the Command Line Interface (CLI) Using the CLI This example displays the command options for configuring port 5 on the switch. 3-11...
Using the Command Line Interface (CLI) Using the CLI Figure 3-7. Example of Context-Sensitive Command-List Help Displaying Help for an Individual Command. You can display Help for any command that is available at the current context level by entering enough of the command string to identify the command, along with help.
Note that if you try to list the help for an individual command from a privilege level that does not include that command, the switch returns an error message. For example, trying to list the help for the interface command while at the...
Using the Command Line Interface (CLI) Using the CLI Figure 3-10. Context-Specific Commands Affecting Port Context 3-14 Lists the commands you can use in the port or static trunk context, plus the Manager, Operator, and context commands you can execute at this level.
VLAN, plus Manager and Operator commands. The prompt for this mode includes the VLAN ID of the selected VLAN. For example, if you had already configured a VLAN with an ID of 100 in the switch: In the VLAN...
Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing Keystrokes [Ctrl] [A] [Ctrl] [B] or [ <] [Ctrl] [C] [Ctrl] [D] [Ctrl] [E] [Ctrl] [F] or [ >] [Ctrl] [K] [Ctrl] [L] or [Ctrl] [R] [Ctrl] [N] or [ v] [Ctrl] [P] or [ ^] [Ctrl] [U] or [Ctrl] [X]...
Using the HP Web Browser Interface Overview Overview The HP web browser interface built into the switch lets you easily access the switch from a browser-based PC on your network. This lets you do the following: Optimize your network uptime by using the Alert Log and other diagnostic...
Port security and Intrusion Log Switch Diagnostics: • Ping/Link Test • Device reset • Configuration report Switch status • Port utilization • Port counters • Port status • Alert log Switch system information listing Using the HP Web Browser Interface General Features...
Color Count Internet Browser (English-language browser only) PC Operating System UNIX® Operating System HP TopTools for Hubs & Switches (Optional) System Requirements for Accessing the HP Web Browser Interface Minimum 90 MHz Pentium 100 MHz 16 Mbytes 800 X 600 PCs: •...
• Directly connected to your network • Connected through remote access to your network Using a management station running HP TopTools for Hubs & Switches on your network Using a Standalone Web Browser in a PC or UNIX Workstation This procedure assumes that you have a supported web browser (page 4-4) installed on your PC or workstation, and that an IP address has been config- ured on the switch.
Using HP TopTools for Hubs & Switches HP TopTools for Hubs & Switches is designed for installation on a network management workstation. For this reason, the HP TopTools system require- ments are different from the system requirements for accessing the switch’s web browser interface from a non-management PC or workstation.
N o t e The above screen appears somewhat different if the switch is configured as a stack Commander. For an example, see figure 1-3 on page 1-5. Starting an HP Web Browser Interface Session with the Switch First-Time Install Alert...
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Tasks for Your First HP Web Browser Interface Session The first time you access the web browser interface, there are three tasks that you should perform: Review the “First Time Install”...
Tasks for Your First HP Web Browser Interface Session This window is the launching point for the basic configuration you need to perform to set web browser interface passwords to maintain security and Fault Detection policy, which determines the types of messages that will be displayed in the Alert Log.
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Figure 4-3. The Device Passwords Window To set the passwords: Access the Device Passwords screen by one of the following methods: • If the Alert Log includes a “First Time Install” event entry, double click on this event, then, in the resulting display, click on the secure access to the device link.
Tasks for Your First HP Web Browser Interface Session Using the Passwords Figure 4-4. Example of the Password Window in the Web Browser Interface The manager and operator passwords are used to control access to all switch interfaces. Once set, you will be prompted to supply the password every time you try to access the switch through any of its interfaces.
Context-sensitive help is provided for the screen you are on. N o t e If you do not have HP TopTools for Hubs and Switches installed on your network and do not have an active connection to the World Wide Web, then Online help for the web browser interface will not be available.
- the URL of the network Management server or other source of the online help files for this web browser inter- face. (The default accesses Help on HP’s World Wide Web site.) Figure 4-6. The Default Support/Mgmt URLs Window Using the HP Web Browser Interface 1.
4-6. The switch is shipped with the URL set to retrieve online Help from the HP World Wide Web site. However, if HP TopTools for Hubs & Switches is installed on a management station on your network and discovers the switch, the Management Server URL is automatically changed to retrieve the Help from your TopTools management station.
If you have World Wide Web access from your PC or workstation, and do not have HP TopTools installed on your network, enter the following URL in the Management Server URL field shown in figure 4-7 on page 4-15: http://www.hp.com/rnd/device_help...
Using the HP Web Browser Interface Status Reporting Features Status Reporting Features Browser elements covered in this section include: The Overview window (below) Port utilization and status (page ) The Alert log (page ) The Status bar (page ) The Overview Window The Overview Window is the home screen for any entry into the web browser interface.The following figure identifies the various parts of the screen.
The Port Utilization and Status Displays The Port Utilization and Status displays show an overview of the status of the switch and the amount of network activity on each port. The following figure shows a sample reading of the Port Utilization and Port Status.
Using the HP Web Browser Interface Status Reporting Features Maximum Activity Indicator: As the bars in the graph area change height to reflect the level of network activity on the corresponding port, they leave an outline to identify the maximum activity level that has been observed on the port.
Note that the Port Fault-Disabled symbol will be displayed in the legend only if one or more of the ports is in that status. See chapter 7, “Monitoring and Analyzing Switch Operation” for more information.
Using the HP Web Browser Interface Status Reporting Features The Alert Log The web browser interface Alert Log, shown in the lower half of the screen, shows a list of network occurrences, or alerts, that were detected by the switch. Typical alerts are Broadcast Storm, indicating an excessive number of broadcasts received on a port, and Problem Cable, indicating a faulty cable.
Lost connection to one or multiple devices on the port. Loss of stack member The Commander has lost the connection to a stack member. Security violation A security violation has occurred. Alert Strings and Descriptions Using the HP Web Browser Interface Status Reporting Features 4-21...
Status Reporting Features N o t e When troubleshooting the sources of alerts, it may be helpful to check the switch’s Port Status and Port Counter windows and the Event Log in the console interface. Viewing Detail Views of Alert Log Entries By double clicking on Alert Entries, the web browser interface displays a Detail View or separate window detailing information about the events.
Normal Activity Yellow Warning Critical System Name. The name you have configured for the switch by using Identity screen, system name command, or the switch console System Information screen. Most Critical Alert Description. A brief description of the earliest, unacknowledged alert with the current highest severity in the Alert Log, appearing in the right portion of the Status Bar.
Using the HP Web Browser Interface Status Reporting Features Product Name. The product name of the switch to which you are connected in the current web browser interface session. Setting Fault Detection Policy One of the powerful features in the web browser interface is the Fault Detection facility.
Never. Disables the Alert Log and transmission of alerts (traps) to the management server (in cases where a network management tool such as HP TopTools for Hubs & Switches is in use). Use this option when you don’t want to use the Alert Log.
Using the HP Web Browser Interface Status Reporting Features 4-26...
Chapter 2, “Using the Menu Interface” Chapter 3, “Using the Command Line Interface (CLI)” Chapter 4, Using the HP Web Browser Interface” Why Configure IP Addressing? In its factory default configuration, the switch operates as a multiport learning bridge with network connectivity provided by the ports on the switch.
VLANs. The gateway value is the IP address of the next-hop gateway node for the switch, which is used if the requested destina- tion address is not on a local subnet/VLAN. If the switch does not have a manually-configured default gateway and DHCP/Bootp is configured on the primary VLAN, then the default gateway value provided by the DHCP or Bootp server will be used.
If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, HP recommends that you use the Switch Setup screen to quickly configure IP addressing. To do so, do one of the following: Enter setup at the CLI Manager level prompt.
URL in your web browser. IP Addressing in a Stacking Environment If you are installing the switch into an HP ProCurve stack management environment, entering an IP address may not be required. See “HP ProCurve Stack Management”...
TTL and type in a value between 2 and 255 (seconds). At the TimeP Config field do one of the following: • If you want the switch to obtain the IP address of the Timep server via DHCP server, keep the value as DHCP. •...
5-9 ip ttl page 5-9 [no] ip timep page 5-10 For a listing of the full CLI command set, including syntax and options, see the CLI command reference available on the HP ProCurve website at: http://www.hp.com/go/procurve IP Configuration...
IP Configuration Viewing the Current IP Configuration. The following command displays the IP addressing for each VLAN configured in the switch. If only the DEFAULT_VLAN exists, then its IP configuration applies to all ports in the switch. Where multiple VLANs are configured, the IP addressing is listed per VLAN.
ID of the VLAN for which you are configuring IP addressing or go to the context configuration level for that VLAN. (If you are not using VLANs on the switch—that is, if the only VLAN is the default VLAN—then the VLAN ID is always “1”.) N o t e The default IP address setting for the DEFAULT_VLAN is DHCP/Bootp.
Console RS-232 port. You can use direct-connect console access to take advantage of features that do not depend on IP addressing. However, to realize the full performance capabilities HP proactive networking offers through the switch, configure the switch with an IP address and subnet mask compatible with your network.
DHCP/Bootp Operation Overview. DHCP/Bootp is used to provide configuration data from a DHCP or Bootp server to the switch. This data can be the IP address, subnet mask, default gateway, Timep Server address, and TFTP server address. If a TFTP server address is provided, this allows the switch to TFTP a previously saved configuratin file from the TFTP server to the switch.
If the switch is initially configured for DHCP/Bootp operation (the default), or if it is rebooted with this configuration, it immediately begins sending request packets on the network. If the switch does not receive a reply to its DHCP/Bootp requests, it continues to periodically send request packets, but with decreasing frequency.
Bootp Database Record Entries. A minimal entry in the Bootp table file /etc/bootptab to update an IP address and subnet mask to the switch or a VLAN configured in the switch would be similar to this entry:...
IP address and the address of a Timep server. If the DHCP/Bootp reply provides information for downloading a config- uration file, the switch uses TFTP to download the file from the designated source, then reboots itself. (This assumes that the switch or VLAN has...
Configuring IP Addressing, Interface Access, and System Information Globally Assigned IP Network Addresses If you intend to connect your network to other networks that use globally administered IP addresses, Hewlett-Packard strongly recommends that you use IP addresses that have a network address assigned to you. There is a formal process for assigning unique IP addresses to networks worldwide.
IP authorized managers. However if unauthorized access to the switch through in-band means (Telnet or the web browser interface), then you can disallow in-band access (as described in this section) and install the switch in a locked environment. 5-16...
Inactivity Timeout Inbound Telnet Enabled Web Agent Enabled To Access the Interface Access Parameters: From the Main Menu, Select... 2. Switch Configuration... 1. System Information Interface Access Parameters Figure 5-4. The Default Interface Access Parameters Available in the Menu Interface Press [E] (for Edit).
[no] web-management console Listing the Current Console/Serial Link Configuration. This com- mand lists the current interface access parameter settings. Syntax: This example shows the switch’s default console/serial configuration. Interface Access Enable/Disable Console Control Options Figure 5-5. Listing of Show Console Command Reconfigure Inbound Telnet Access.
Syntax: N o t e If you change the Baud Rate or Flow Control settings for the switch, you should make the corresponding changes in your console access device. Oth- erwise, you may lose connectivity between the switch and your terminal emulator due to differences between the terminal and switch settings for these two parameters.
Configure individual parameters. Save the changes. Boot the switch. Figure 5-7. Example of Executing a Series of Console Commands 5-20 The switch implements the Event Log change immediately. The switch implements write memory the other console changes after executing reload...
System Name: Using a unique name helps you to identify individual devices in stacking environments and where you are using an SNMP network manage- ment tool such as HP TopTools for Hubs & Switches. System Contact and Location: This information is helpful for identifying the person administratively responsible for the switch and for identifying the locations of individual switches.
Daylight Time Rule: Specifies the daylight savings time rule to apply for your location. The default is None. (For more on this topic, see appendix D, “Daylight Savings Time on HP ProCurve Switches.) Time: Used in the CLI to specify the time of day, the date, and other system parameters.
[contact <system contact>] [location <system location>] Note that no blank spaces are allowed in the variables for these commands. For example, to name the switch “Blue” with “Ext-4474” as the system contact, and “North-Data-Room” as the location: HP2512(config)# hostname Blue...
Configuring IP Addressing, Interface Access, and System Information System Information Figure 5-10. System Information Listing After Executing the Preceding Commands Reconfigure the Age Interval for Learned MAC Addresses. This com- mand corresponds to the MAC Age Interval in the menu interface, and is expressed in seconds.
Also, executing time without param- eters lists the switch’s time of day and date. Note that the CLI uses a 24-hour clock scheme; that is, hour (hh) values from 1 p.m. to midnight are input as 13 - 24, respectively.
Configuring IP Addressing, Interface Access, and System Information System Information 5-26...
Creating and modifying a dynamic LACP or static port trunk group (page 6-10) Port numbers in the status and configuration screens correspond to the port numbers on the front of the switch. Viewing Port Status and Configuring Port Parameters Port Status and ConfigurationFeatures...
• Auto-10: Allows the port to negotiate between half-duplex (HDx) and full-duplex (FDx) while keeping speed at 10 Mbps. Also negotiates flow control (enabled or disabled). HP recommends Auto-10 for links between 10/100 autosensing ports connected with Cat 3 cabling. (Cat 5 cabling is required for 100 Mbps links.).
CLI: Appears in the (CLI) Note: An LACP trunk requires a full-duplex link. In most cases, HP recommends that you leave the port Mode setting at Auto (the default). See the LACP Note on page 6-11. For more on port trunking, see “Port Trunking” on page 6-10.
For information on port trunk groups, see “Port Trunking” on page 6-10. From the Main Menu, Select: 2. Switch Configuration... 2. Port/Trunk Settings Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters...
Lists the full status and configuration for all ports on the switch. show interface config: Lists a subset of the data shown by the show interfaces command (above); that is, only the enabled/disabled, mode, and flow control status for all ports on the switch. below page 6-7 page 6-8...
The next two figures list examples of the output of the above two commands for the same port configuration on a Switch 2512 or 2524. Figure 6-1. Example of a Show Interface Command Listing Figure 6-2. Example of a Show Interface Config Command Listing...
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Using the CLI To Configure Ports. You can configure one or more of the following port parameters. For details on each option, see Table 6-1 on page 6-3.
Optimizing Port Usage Through Traffic Control and Port Trunking Web: Viewing Port Status and Configuring Port Parameters In the web browser interface: Click on the Configuration tab. Click on [Port Configuration]. Select the ports you want to modify and click on [Modify Selected Ports]. After you make the desired changes, click on [Apply Settings].
A trunk group is a set of up to four ports configured as members of the same port trunk. Note that the ports in a trunk group do not have to be consecutive. For example: Switch 1: Ports 1 - 4 configured as a port trunk group.
L A C P N o t e LACP operation requires full-duplex (FDx) links. For most installations, HP recommends that you leave the port Mode settings at Auto (the default). LACP also operates with Auto-10 (if negotiation selects HDx), 10FDx, 100FDx, and 1000FDx settings.
Static Trunk: The switch uses the links you configure with the Port/Trunk Settings screen in the menu interface or the trunk command in the CLI to create a static port trunk. The switch offers three types of static trunks: LACP, Trunk, and FEC.
See “Trunk Group Operation Using LACP” on page 6-24. Trunk Provides manually configured, static-only trunking to: (non- • Most HP switches and routing switches not running the 802.3ad LACP protocol. protocol) • Windows NT and HP-UX workstations and servers Use the Trunk option when: –...
Media: All ports on both ends of a trunk group must have the same media type and mode (speed and duplex). The switch blocks any trunked links that do not conform to this rule. (For the Switch 2512 and 2524, HP recommends leaving the port...
IP Multicast Protocol (IGMP): A static trunk of any type appears in the IGMP configuration display, and you can configure IGMP for a static trunk in the same way that you would configure IGMP on a non-trunked port. (Note that the switch lists the trunk by name—Trk1—and does not list the individual ports in the trunk.) Also, creating a new trunk automatically...
I m p o r t a n t Configure port trunking before you connect the trunked links to another switch, routing switch, or server. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured.
Trunk (the default type if you do not specify a type) – FEC (Fast EtherChannel All ports in the same trunk group on the same switch must have the same Type (LACP, Trunk, or FEC). When you are finished assigning ports to the trunk group, press [Enter], then [S] (for Save) and return to the Main Menu.
Using the CLI To View Port Trunks You can list the trunk type and group for all ports on the switch or for selected ports. You can also list LACP-only status information for LACP-configured ports. Listing Static Trunk Type and Group for All Ports or Selected Ports.
Port Trunking The show trunk command in this example does not include a port list. As a result, the listing shows static trunk group information for all switch ports. Figure 6-7. Example of a Show Trunk Listing Without Specifying Ports Listing Static LACP and Dynamic LACP Trunk Data.
If no trunk group exists, you can create a trunk group on the switch If a trunk group already exists on the switch, you can add ports to the trunk group or delete ports within the group. You can remove a subset of ports from a trunk group, or delete the trunk...
Removing a port from a trunk can result in a loop and cause a broadcast storm. When you remove a port from a trunk where STP is not in use, HP recommends that you disable the port or disconnect the link on that port.
Enabling a Dynamic LACP Trunk Group. In the default port configura- tion, all ports on the switch are set to LACP passive. However, to enable the switch to automatically form a trunk group that is dynamic on both ends of the link, the ports on one end of a set of links must be LACP active.
Unless STP is running on your network, removing a port from a trunk can result in a loop. To help prevent a broadcast storm when you remove a port from a trunk where STP is not in use, HP recommends that you first disconnect the link on that port.
Displaying Dynamic LACP Trunk Data: To list the configuration and status for a dynamic LACP trunk, show lacp use the CLI Note: The dynamic trunk is automatically created by the switch, and is not listed in the static trunk listings available in the menu interface or in the CLI show trunk listing. 6-24...
LACP trunking. A link having two passive LACP ports will not perform LACP trunking because both ports are waiting for an LACP protocol packet from the opposite device. Note: In the default switch configuration, all ports are configured for passive LACP operation. Trunk Group Trk1: This port has been manually configured into a static LACP trunk.
LACP Partner Yes: LACP is enabled on both ends of the link. No: LACP is enabled on the Switch 2512/2524, but is not enabled, or LACP has not been detected on the opposite device. LACP Status Success: LACP is enabled on the port, detects and synchronizes with a device on the other end of the link, and can move traffic across the link.
Half-Duplex and/or Different Port Speeds Not Allowed in LACP Trunks. The ports on both sides of a trunk must be configured for the same speed and for full-duplex (FDx). In most cases,HP recommends the ing. The 802.3ad LACP standard specifies a full-duplex (FDx) requirement for LACP trunking.
SA/DA (source address/destination address) causes the switch to distribute outbound traffic to the links within the trunk group on the basis of source/ destination address pairs. That is, the switch sends traffic from the same source address to the same destination address through the same trunked link,...
In actual networking environments, this is rarely a problem. However, if it becomes a problem, you can use the HP TopTools for Hubs & Switches network management software available from Hewlett- Packard to quickly and easily identify the sources of heavy traffic (top talkers) and make adjustments to improve performance.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking 6-30...
File transfers using TFTP (for configurations and software updates) Thus, with authorized IP managers configured, having the correct passwords is not sufficient for accessing the switch through the network unless the station attempting access is also included in the switch’s Authorized IP Managers configuration.
Access to the Status and Counters menu, the Event Log, and the CLI*, but no Configuration capabilities. On the Operator level, the configuration menus, Download OS, and Reboot Switch options in the Main Menu are not available. page 7-7 page 7-8 —...
If there are both a Manager password and an Operator password, but neither is entered correctly, access to the console will be denied. If the switch has neither a Manager password nor an Operator password, anyone having access to the console interface can operate the console with full manager privileges.
To Delete Password Protection (Including Recovery from a Lost Password): This procedure deletes both passwords (Manager and Opera- tor). If you have physical access to the switch, press and hold the Clear button (on the front of the switch) for a minimumof one second to clear all password protection, then enter new passwords as described earlier in this chapter.
Manager password, you can clear the password by getting physical access to the switch and pressing and holding the Clear button for a minimum of one second. This action deletes all passwords and user names (Manager and Operator) used by both the console and the web browser interface.
To remove user name and password protection, leave the fields blank. Implement the user names and passwords by clicking on [Apply Changes]. To access the web-based help provided for the switch, click on [?] in the web browser screen. tab.
Configuring Port Security Intrusion Alerts and Alert Flags Using Port Security, you can configure each switch port with a unique list of the MAC addresses of devices that are authorized to access the network through that port. This enables individual ports to detect, prevent, and log attempts by unauthorized devices to communicate through the switch.
8-10.) Blocking Unauthorized Traffic Unless you configure the switch to disable a port on which a security violation is detected, the switch security measures block unauthorized traffic without disabling the port. This implementation enables you to apply the security...
Port security does not operate on either a static or dynamic trunk group. If you configure port security on one or more ports that are later added to a trunk group, the switch will reset the port security parameters for those ports to the factory-default configuration. (Ports configured for either Active or Passive LACP, and which are not members of a trunk, can be configured for port security.)
SNMP management station and to (2) optionally disable the port on which the intrusion was detected. d. How do you want to learn of the security violation attempts the switch detects? You can use one or more of these methods: –...
[address-limit] [mac-address] [action] no port-security [clear-intrusion-flag] This section describes the CLI port security command and how the switch acquires and maintains authorized addresses. N o t e Use the global configuration level to execute port-security configuration commands. Configuring and Monitoring Port Security page 7-16: “CLI: Displaying Current Port Security Settings”...
Addresses learned this way appear in the switch and port address tables and age out according to the Address Age Interval in the System Information configuration screen (page 5-22).
None (the default): Prevents an SNMP trap from being sent. Send Alarm: Causes the switch to send an SNMP trap to a network management station. Send Alarm and Disable: Available only in the to a network management station and disable the port.
With port numbers included in the command, show port-security displays Learn Mode, Address Limit, (alarm) Action, and Authorized Addresses for the spec- ified ports on a switch. The following example lists the full port security configuration for a single port:...
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Figure 7-5. Example of the Port Security Configuration Display for a Single Port The following command example shows the option for entering a range of ports, including a series of non-contiguous ports. Note that no spaces are allowed in the port number portion of the command string: HP2512(config)# show port-security 1-3,6,8 CLI: Configuring Port Security...
If you manually configure authorized devices (MAC addresses) and/or an alarm action on a port, those settings remain unless you either manually change them or the switch is reset to its factory-default configuration. You can “turn off” authorized devices on a port by configuring the port to continuous Learn Mode, but subsequently reconfiguring the port to static Learn Mode restores those authorized devices.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Although the Address Limit is set to 2, only one device has been authorized for this port. In this case you can add another without having to also increase the Address Limit.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security To add a second authorized device to port 1, execute a port-security command for for port 1 that raises the address limit to 2 and specifies the additional device’s MAC address.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access For example, suppose port 1 is configured as shown below and you want to remove 0c0090-123456 from the Authorized Address list: The following command serves this purpose by removing 0c0090-123456 and reducing the Address Limit to 1: HP2512(config) # port-security 1 address-limit 1 HP2512(config) # no port-security 1 mac-address...
– – • In HP TopTools for Hubs & Switches via an SNMP trap sent to a net management station How the Intrusion Log Operates When the switch detects an intrusion attempt on a port, it enters a record of this event in the Intrusion Log.
The log shows the most recent intrusion at the top of the listing. You cannot delete Intrusion Log entries (unless you reset the switch to its factory-default configuration). Instead, if the log is filled when the switch detects a new intrusion, the oldest entry is dropped off the listing and the newest entry appears at the top of the listing.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Menu: Checking for Intrusions, Listing Intrusion Alerts, and Resetting Alert Flags The menu interface indicates per-port intrusions in the Port Status screen, and provides details and the reset function in the Intrusion Log screen.
Note also that the “ prior to ” text in the record for the earliest intrusion means that a switch reset occurred at the indicated time and that the intrusion occurred prior to the reset. To acknowledge the most recent intrusion entry on port 3 and enable the switch to enter a subsequently detected intrusion on this port, type [R] (for ).
Figure 7-10. Example of the Intrusion Log with Multiple Entries for the Same Port The above example shows three intrusions for port 1. Since the switch can show only one uncleared intrusion per port, the older two intrusions in this example have already been cleared by earlier use of the clear intrusion-log or the port-security 1 clear-intrusion-flag command.
Operating Notes for Port Security Identifying the IP Address of an Intruder. The Intrusion Log lists detected intruders by MAC address. If you are using HP TopTools for Hubs & Switches to manage your network, you can use the TopTools inventory reports to link MAC addresses to their corresponding IP addresses.
MAC address, and not your PC or workstation MAC address, and interprets your connection as unauthorized. “Prior To” Entries in the Intrusion Log. If you reset the switch (using the Reset button, Device Reset, or Reboot Switch), the Intrusion Log will list the time of all currently logged intrusions as “prior to”...
Manager or Operator access level N o t e This feature does not protect access to the switch through a modem or direct connection to the Console (RS-232) port. Also, if the IP address assigned to an authorized management station is configured in another station, the other station can gain management access to the switch even though a duplicate IP address condition exists.
Authorized Manager IP value, specify an IP Mask, and select either for the Access Level. The IP Mask determines how the Authorized Operator Manager IP value is used to allow or deny access to the switch by a manage- ment station. Using IP Authorized Managers .
Using IP Authorized Managers Overview of IP Mask Operation The default IP Mask is 255.255.255.255 and allows switch access only to a station having an IP address that is identical to the Authorized Manager IP parameter value. (“255” in an octet of the mask means that only the exact value in the corresponding octet of the Authorized Manager IP parameter is allowed in the IP address of an authorized management station.) However, you can...
Menu: Viewing and Configuring IP Authorized Managers From the console Main Menu, select: 2. Switch Configuration . . . 7. IP Authorized Managers Figure 7-13. Example of How To Add an Authorized Manager Entry 2. Enter an Authorized Manager IP address here.
<ip-address> mask <mask-bits> <operator | manager> Listing the Switch’s Current Authorized IP Manager(s) Use the show ip authorized-managers command to list IP stations authorized to access the switch. For example: Figure 7-15. Example of the Show IP Authorized-Manager Display...
Similarly, the next command authorizes manager-level access for any station having an IP address of 10.28.227.101 through 103: If you omit the mask when adding a new authorized manager, the switch automatically uses 255.255.255.255 for the mask. If you do not specify either Manager or Operator access, the switch automatically assigns the Manager access.
For web-based help on how to use the web browser interface screen, click on the [?] button provided on the web browser screen. Building IP Masks The IP Mask parameter controls how the switch uses an Authorized Manager IP value to recognize the IP addresses of authorized manager stations on your network.
The mask determines whether the IP address of a station on the network meets the criteria you specify. That is, for a given Authorized Manager entry, the switch applies the IP mask to the IP address you specify to determine a range of authorized IP addresses for management access. As described above, that...
(0) in the 4th octet of the mask allows any value between 0 and 255 in that octet of the corresponding IP address. This mask allows switch access to any device having an IP address of 10.28.227.xxx, where xxx is any value from 0 to 255.
Even if you need proxy server access enabled in order to use other applications, you can still eliminate proxy service for web access to the switch. To do so, add the IP address or DNS name of the switch to the non-proxy, or “Exceptions” list in the web browser interface you are using on the authorized station.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers 7-40...
Overview You can manage the switch via SNMP from a network management station. For this purpose, HP recommends HP TopTools for Hubs & Switches — an easy-to-install and use network management application that runs on your Windows NT- or Windows 2000-based PC. HP TopTools for Hubs & Switches provides control of your switch through its web browser interface.
Event reporting via SNMP • Version 1 traps • RMON: groups 1, 2, 3, and 9 Managing the switch with an SNMP network management tool such as HP TopTools for Hubs & Switches Supported Standard MIBs include: • Bridge MIB (RFC 1493) dot1dBase, dot1dTp, dot1dStp •...
The switch SNMP agent also uses certain variables that are included in a Hewlett-Packard proprietary MIB file you can add to the SNMP database in your network management tool. You can copy the MIB file from the HP TopTools for Hubs & Switches CD, or from following World Wide Web site: http://www.hp.com/go/procurve...
Configuring for Network Management Applications Configuring for SNMP Access to the Switch C a u t i o n Deleting the community named “public” disables many network management functions (such as auto-discovery, traffic monitoring, SNMP trap generation, and threshold setting). If security for network management is a concern, it is recommended that you change the write access for the “public”...
SNMP communities, each with either an operator-level or a manager- level view, and either restricted or unrestricted write access. Using SNMP requires that the switch have an IP address and subnet mask compatible with your network. C a u t i o n Deleting or changing the community named “public”...
Note: This screen gives an overview of the SNMP communities that are currently configured. All fields in this screen are read- only. Figure 8-1. The SNMP Communities Screen (Default Values) Press [A] (for Add) to display the following screen: If you are adding a community, the fields in this screen are blank.
— see “Trap Receivers and Authentication Traps” on page 8-10). Syntax: This example lists the data for all communities in a switch; that is, both the default "public" community name and another community named "red-team" Default Community and...
Configuring Community Names and Values If you enter a community name without an operator or manager designation, the switch automatically assigns the community to Operator for the MIB view. Also, if you do not specify restricted or unrestricted for the read/write MIB access, the switch automatically restricts the community to read access for the MIB.
(trap receiver) snmp-server enable (authentication trap) A trap receiver is a management station designated by the switch to receive SNMP traps sent from the switch. An authentication trap is a specialized SNMP trap sent to trap receivers when an unauthorized management station tries to access the switch.
(along with the current SNMP community name data — see “SNMP Communities” on page 8-6). Syntax: In the next example, the show snmp-server command shows that the switch has been previously configured to send SNMP traps to management stations belonging to the “public”, “red-team”, and “blue-team” communities.
If this feature is enabled, an authentication trap is sent to the configured trap receiver(s) if a management station attempts an unauthorized access of the switch. Check the event log in the console interface to help determine why the authentication trap was sent. (Refer to “Using the Event Log To Identify Problem Sources”...
RMON lessens the load on devices and network bandwidth. The Extended RMON agent runs automatically on the switch. To use Extended RMON, simply use Traffic Monitor (included with HP TopTools for Hubs & Switches) on your network management station to enable sampling on the ports you want to monitor.
Configuring for Network Management Applications Advanced Management: RMON and HP Extended RMON Support 8-14...
This chapter describes the following features and how to configure them with the switch’s built-in interfaces: HP ProCurve Stack Management (Page 9-5): Use your network to stack switches without the need for any specialized cabling—page 9-5. Port-Based VLANs — Page 9-50: GVRP —...
HP ProCurve Stack Management (termed stacking) enables you to use a single IP address and standard network cabling to manage a group of up to 16 total switches in the same IP subnet (broadcast domain). Using stacking, you can: Reduce the number of IP addresses needed in your network.
*Requires software release C.08.03 or later, which is included with the 8000M, 4000M, 2424M, and 1600M models as of July, 2000. Release C.08.03 or a later version is also available on the HP ProCurve website at www.hp.com/go/ procurve. (Click on...
A switch that has been manually configured as the controlling device for a stack. When this occurs, the switch’s stacking configuration appears as Commander. Candidate A switch that is ready to join (become a Member of) a stack through either automatic or manual methods. A switch configured as a Candidate is not in a stack. Member A switch that has joined a stack and is accessible from the stack Commander.
Figure 9-2. Example of Stacking with One Commander Controlling Access to Wiring Closet Switches Interface Options. You can configure stacking through the switch’s menu interface, CLI, or the web browser interface. For information on how to use the web browser interface to configure stacking, see the online Help for the web browser interface.
There is no limit on the number of stacks in the same IP subnet (broadcast domain), however a switch can belong to only one stack. If multiple VLANs are configured, stacking uses only the primary VLAN on any switch. In the factory-default configuration, the DEFAULT_VLAN is the primary VLAN.
Candidates from automatically joining a stack prematurely or joining the wrong stack (if more than one stack Commander is configured in a subnet or broadcast domain). If you plan to install more than one stack in a subnet, HP recommends that you leave manually add Members to their stacks.
2400M, or 1600M in a stack, you must first update all such devices to software version C.08.xx. (You can get a copy of the software from HP’s ProCurve website and/or copy it from one switch to another. For downloading instructions, see appendix A, "File Transfers", in the Management and Configuration Guide you received with these switch models.)
Configuring Advanced Features HP ProCurve Stack Management Table 9-3. Stacking Configuration Guide Join Method Automatically add Candidate to Stack (Causes the first 15 eligible, discovered switches in the subnet to automatically join a stack.) Manually add Candidate to Stack (Prevent automatic joining of switches you don’t want in the stack)
9-32 through 9-44 for the CLI. Determine the naming conventions for the stack. You will need a stack name. Also, to help distinguish one switch from another in the stack, you can configure a unique system name for each switch. Otherwise, the system name for a switch appearing in the Stacking Status screen appears as the stack name plus an automatically assigned switch number.
Configuring Advanced Features HP ProCurve Stack Management For automatically or manually pulling Candidate switches into a stack, you can leave such switches in their default stacking configuration. If you need to access Candidate switches through your network before they join the stack, assign IP addresses to these devices. Otherwise, IP addressing is optional for Candidates and Members.
Configure Stacking Using the Menu Interface To View and Configure a Commander Switch Configure an IP address and subnet mask on the Commander switch. (See “IP Configuration” on page 5-3.) Display the Stacking Menu by selecting Figure 9-5. The Default Stacking Menu...
Configuring Advanced Features HP ProCurve Stack Management Figure 9-6. The Default Stack Configuration Screen Move the cursor to the Stack State field by pressing [E] (for use the Space bar to select the Press the downarrow key to display the Commander configuration fields in the Stack Configuration screen.
) to save your configuration changes and return to the Save Stacking menu. Your Commander switch should now be ready to automatically or manually acquire Member switches from the list of discovered Candidates, depending on your configuration choices. Using the Menu To Manage a Candidate Switch...
Auto Join Transmission Interval 60 Seconds Using the Menu To “Push” a Switch Into a Stack, Modify the Switch’s Configuration, or Disable Stacking on the Switch. Use Telnet or the web browser interface to access the Candidate if it has an IP address. Other- wise, use a direct connection from a terminal device to the switch’s console...
1 to 300 seconds. Note: All switches in the stack must be set to the same transmis- sion interval to help ensure proper stacking operation. HP recom- mends that you leave this parameter set to the default 60 seconds.
Member include any of the following: Auto Grab Auto Join Note: When a switch leaves a stack and returns to Candidate status, its Auto Join stack from which it has just departed. A Manager password is set in the Candidate.
Figure 9-10. Example of Candidate List in Stack Management Screen Either accept the displayed switch number or enter another available number. (The range is 0 - 15, with 0 reserved for the Commander.) Use the downarrow key to move the cursor to the MAC Address field, then type the MAC address of the desired Candidate from the Candidate list in the lower part of the screen.
Configuring Advanced Features HP ProCurve Stack Management Figure 9-11. Example of Stack Management Screen After New Member Added Using the Commander’s Menu To Move a Member From One Stack to Another. Where two or more stacks exist in the same subnet (broadcast domain), you can easily move a Member of one stack to another stack if the destination stack is not full.
Press [A] (for any available candidates. (See figure 9-10 on page 9-21.) Note that you will not see the switch you want to add because it is a Member of another stack and not a Candidate.) Either accept the displayed switch number or enter another available number.
When you use the Commander to remove a switch from a stack, the switch rejoins the Candidate pool for your IP subnet (broadcast domain), with...
[Enter] to complete the deletion. The Stack Management screen updates to show the new stack Member list. Configuring Advanced Features HP ProCurve Stack Management For status descriptions, see the table on page 9-49. Stack Member List...
Use the downarrow key to select the stack Member you want to access, then press [X] (for For example, if you selected switch number 1 (system name: 9-16 and then pressed [X], you would see the Main Menu for the switch named Coral Sea. 9-26 ) to display the console interface for the selected Member.
Commander to a Member of another stack. When moving a member, the procedure simply pulls a Member out of one stack and pushes it into another. From the Main Menu of the switch you want to move, select 9. Stacking To determine the MAC address of the destination Commander, select 2.
Press [S] (for Save). Monitoring Stack Status Using the stacking options in the menu interface for any switch in a stack, you can view stacking data for that switch or for all stacks in the subnet (broadcast domain). (If you are using VLANs in your stack environment, see "Stacking Operation with a Tagged VLAN"...
Using Any Stacked Switch To View the Status for All Switches with Stacking Enabled. This procedure displays the general status of all switches in the IP subnet (broadcast domain) that have stacking enabled. Go to the console Main Menu for any switch configured for stacking and select: 9. Stacking ...
Viewing Member Status. This procedure displays the Member’s stacking information plus the Commander’s status, IP address, and MAC address. To display the status for a Member: Go to the console Main Menu of the Commander switch and select 9. Stacking ... 5. Stack Access...
Main Menu for the Candidate switch and select 9. Stacking ... 1. Stacking Status (This Switch) You will then see the Candidate’s Stacking Status screen: Figure 9-21. Example of a Candidate’s Stacking Screen Configuring Advanced Features HP ProCurve Stack Management 9-31...
“No” form eliminates named stack and returns Commander and stack Members to Candidate status with Auto Join set to No. “No” form prevents the switch from being discovered as a stacking-capable switch. Default: Switch Configured as a Candidate...
Manager password. telnet <1..15> Commander: Uses the SN (switch number— assigned by the stack Commander) to access the console interface (menu interface or CLI) of a stack member. To view the list of SN assignments for a stack, execute the show stack command in the Used In: Commander Only Commander’s CLI.
Viewing the Status of an Individual Switch. The following example illustrates how to use the CLI in a Switch 2524 (or 2512) to display the stack status for that switch. In this case, the switch is in the default stacking configuration.
Viewing the Status of all Stack-Enabled Switches Discovered in the IP Subnet. The next example lists all the stack-configured switches discovered in the IP subnet. Because the Switch 2524 on which the show stack all command was executed is a candidate, it is included in the “Others” category.
HP ProCurve Stack Management Using the CLI To Configure a Commander Switch You can configure any stacking-enabled switch to be a Commander as long as the intended stack name does not already exist on the broadcast domain. (When you configure a Commander, you automatically create a corresponding stack.)
Suppose, for example, that a Switch 2512 named “Bering Sea” is a Member of a stack named “Big_Waters”. To use the switch’s CLI to convert it from a stack Member to the Commander of a new stack named “Lakes”, you would use the...
Configuring Advanced Features HP ProCurve Stack Management Removes the Member from the “Big_Waters” stack. Converts the former Member to the Com- mander of the new “Lakes” stack. Figure 9-27. Example of Using a Member’s CLI To Convert the Member to the...
Using the Commander’s CLI To Manually Add a Candidate to the Stack. To manually add a candidate, you will use: A switch number (SN) to assign to the new member. Member SNs range from 1 to 15. To see which SNs are already assigned to Members, use show stack view.
Configuring Advanced Features HP ProCurve Stack Management For example, if the HP 8000M in the above listing did not have a Manager password and you wanted to make it a stack Member with an would execute the following command: The show stack view command then lists the Member added by the above...
Use Telnet (if the Candidate has an IP address valid for your network) or a direct serial port connection to access the CLI for the Candidate switch. For example, suppose that a Candidate named “North Sea” with Auto Join off and a valid IP address of 10.28.227.104 is running on a network.
Using a Member CLI To “Push” the Member into Another Stack. You can use the Member’s CLI to “push” an HP 2512 or 2524 stack Member into a destination stack if you know the MAC address of the destination Commander.
For example, suppose you have a Switch 2512 operating as the Commander for a temporary stack named “Test”. When it is time to eliminate the temporary “Test” stack and convert the Switch 2512 into a member of an existing stack named “Big_Waters”, you would execute the following commands in the CLI of the Switch 2512: Figure 9-33.
Remove this Member from the stack. Figure 9-34. Example of a Commander and Three Switches in a Stack You would then execute this command to remove the “North Sea” switch from the stack: where: • is the “North Sea” Member’s switch number ( •...
To find the switch number for the Member you want to access, execute the show stack view you wanted to configure a port trunk on the switch named “North Sea” in the stack named “Big_Waters”. Do do so you would go to the CLI for the “Big_Waters”...
<MIB variable> 10.31.29.100 blue@sw1 Note that because the gray community is only on switch 3, you could not use the Commander IP address for gray community access from the management station. Instead, you would access switch 3 directly using the switch’s own IP address.
(Enables stacking on the switch.) Transmission Interval All switches in the stack must be set to the same transmission interval to help ensure proper stacking operation. HP recommends that you leave this param- eter set to the default 60 seconds. stack transmission-interval <seconds>...
Configuring Advanced Features HP ProCurve Stack Management Stacking uses only the primary VLAN on each switch in a stack. The primary VLAN can be tagged or untagged as needed in the stacking path from switch to switch. The same VLAN ID (VID) must be assigned to the primary VLAN in each stacked switch.
If the switch is a Commander, use the [Stack Closeup] and [Stack Management] buttons for viewing and using stack features. To access the web-based Help provided for the switch, click on [?] in the web browser screen. Status Messages...
VLANs configuring dynamic VLANs A VLAN is a group of ports designated by the switch as belonging to the same broadcast domain. (That is, all ports carrying traffic for a particular subnet address would normally belong to the same VLAN.)
An external router is required to enable separate VLANs on a switch to communicate with each other. For example, referring to figure 9-39, if ports 1 through 4 belong to VLAN_1...
Figure 9-40. Example of Overlapping VLANs Using the Same Server Similarly, using 802.1Q-compliant switches, you can connect multiple VLANs through a single switch-to-switch link. Figure 9-41. Example of Connecting Multiple VLANs Through the Same Link Introducing Tagged VLAN Technology into Networks Running Legacy (Untagged) VLANs.
VLANs and moving ports from the default VLAN to the new VLANs. (The switch supports up to 30 VLANs.) You can change the name of the default VLAN, but you cannot change the default VLAN’s VID (which is always “1”).
Port-Based Virtual LANs (Static VLANs) DHCP or Bootp on different VLANs do not result in conflicting configuration values for the switch. The primary VLAN is the VLAN the switch uses to run and manage these features and data. In the factory-default configuration, the switch designates the default VLAN (DEFAULT_VLAN) as the primary VLAN.
Untagged Allows VLAN connection to a device that is configured for an untagged VLAN instead of a tagged VLAN. The switch allows no more than one untagged VLAN assignment per port. : Appears when the switch is not GVRP-enabled; prevents the port from - or - joining that VLAN.
Any ports not specifically assigned to another VLAN will remain assigned to the DEFAULT_VLAN. To delete a VLAN from the switch, you must first remove from that VLAN any ports assigned to it. Changing the number of VLANs supported on the switch requires a reboot.
29 additional static VLANs by adding new VLAN names, and then assigning one or more ports to each VLAN. (The switch accepts a maximum of 30 VLANs, including the default VLAN and any dynamic VLANs the switch creates if you enable GVRP—page 9-77.) Note that each port can be assigned to multiple...
If you need more VLANs later, you can increase this number, but a switch reboot will be required at that time. Press [Enter] and then [S] to save the VLAN support configuration and return to the VLAN Menu screen.
Type in a VID (VLAN ID number). This can be any number from 2 to 4095 that is not already being used by another VLAN. Remember that a VLAN must have the same VID in every switch in which you configure that same VLAN. (You can use GVRP to dynamically extend VLANs with correct VID numbering to other switches.
(Ports not specifically assigned to a VLAN are automat- ically in the default VLAN.) From the Main Menu select: 2. Switch Configuration 8. VLAN Menu . . . You will then see a VLAN Port Assignment screen similar to the following:...
Untagged, or Forbid). N o t e For GVRP Operation: If you enable GVRP on the switch, “No” converts to “Auto”, which allows the VLAN to dynamically join an advertised VLAN that has the same VID. See “Per-Port Options for Dynamic VLAN Advertising and Joining”...
Return to the Main menu. CLI: Configuring VLAN Parameters In the factory default state, all ports on the switch belong to the default VLAN (DEFAULT_VLAN) and are in the same broadcast/multicast domain. (The default VLAN is also the default primary VLAN—see “Which VLAN Is Pri- mary?”...
9-67 (Available if GVRP enabled.) Displaying the Switch’s VLAN Configuration. The next command lists the VLANs currently running in the switch, with VID, VLAN name, and VLAN status. Dynamic VLANs appear only if the switch is running with GVRP enabled and one or more ports has dynamically joined an advertised VLAN.
Figure 9-51. Example of “Show VLAN” for a Specific Static VLAN Show VLAN lists this data when GVRP is enabled and at least one port on the switch has dynamically joined the designated VLAN. Figure 9-52. Example of “Show VLAN” for a Specific Dynamic VLAN 9-64 show vlan <vlan-id>...
Changing the Number of VLANs Allowed on the Switch. By default, the switch allows a maximum of 8 VLANs. You can specify any value from 1 to 30. (If GVRP is enabled, this setting includes any dynamic VLANs on the switch.) As part of implementing a new value, you must execute a write...
VLAN with that VID does not already exist, and places you in that VLAN’s context level. If you do not use the name option, the switch uses “VLAN” and the new VID to automatically name the VLAN. If the VLAN already exists, the switch places you in the context level for that VLAN.
VLAN in the same way that you would for any static VLAN. Syntax: If you need a VID reference, use show vlan to list the switch’s currently existing VLANs. For example, suppose a dynamic VLAN with a VID of 125 exists on the switch.
In the web browser interface you can do the following: Add VLANs Rename VLANs Remove VLANs Configure GVRP security Select a new Primary VLAN 9-68 operation. Note that Auto is the default per-port setting for a static VLAN if GVRP is runing on the switch.
(VLAN ID, or VID) assigned to a VLAN at the time that you configure the VLAN name in the switch. In the Series 2500 switches the tag can be any number from 1 to 4095 that is not already assigned to a VLAN.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Figure 9-54. Example of Tagged and Untagged VLAN Port Assignments In switch X: • VLANs assigned to ports X1 - X6 can all be untagged because there is only one VLAN assignment per port. Red VLAN traffic will go out only the Red ports;...
VLAN must be given the same VID in every device in which it is configured. That is, if the Red VLAN has a VID of 10 in switch X, then 10 must also be used for the Red VID in switch Y.
VLAN assigned per port. Port X1 has multiple VLANs assigned, which means that one VLAN assigned to this port can be untagged and any others must be tagged. The same applies to ports X2, Y1, and Y5. Switch X Port Red VLAN...
9-110. Note that STP operates differently in different devices. For example, in the (non-802.1Q) HP Switch 2000 and the HP Switch 800T, STP operates on a per- VLAN basis, allowing redundant physical links as long as they are in separate VLANs.
Port-Based Virtual LANs (Static VLANs) VLAN MAC Addresses The switch has one unique MAC address for each of its VLAN interfaces. You can send an 802.2 test packet to this MAC address to verify connectivity to the switch. Likewise, you can assign an IP address to the VLAN interface, and when you Ping that address, ARP will resolve the IP address to this MAC address.
DECnet Currently, the problem of duplicate MAC addresses in IPX and IP Host- Only environments is addressed through the HP router OS version described under “HP Router Requirements” on page 9-76. However, for XNS and DECnet environments, a satisfactory solution is not available from any vendor at this time.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) HP Router Requirements. Use the Hewlett-Packard version A.09.70 (or later) router OS release if any of the following Hewlett-Packard routers are installed in networks in which you will be using VLANs: HP Router 440 (formerly Router ER)
VLANs. In this manual, a GVRP BPDU is termed an advertisement. GVRP enables the Switch 2512/2524 to dynamically create 802.1Q-compliant VLANs on links with other devices running GVRP. This enables the switch to automatically create VLAN links between GVRP-aware devices. (A GVRP link can include intermediate devices that are not GVRP-aware.) This operation...
N o t e There must be one common VLAN (that is, one common VID) connecting all of the GVRP-aware devices in the network to carry GVRP packets. HP recom- mends the default VLAN (DEFAULT_VLAN; VID = 1), which is automatically enabled and configured as untagged on every port of the Series 2500 switches).
Note that if a static VLAN is configured on at least one port of a switch, and that port has established a link with another device, then all other ports of that switch will send advertisements for that VLAN. For example, in the following figure, Tagged VLAN ports on switch “A” and switch “C”, below advertise VLANs 22 and 33 to ports on other GVRP-enabled...
“C” does not have this VLAN statically configured, VLAN 22 is handled as an “Unknown VLAN” on port 5 in switch “C”. Con- versely, if VLAN 22 was statically configured on switch C, but port 5 was not a member, port 5 would become a member when advertisements for VLAN 22 were received from switch “A”.
Prevents the port from dynamically joining a VLAN that is not statically configured on the switch. The port will still forward advertisements that were received by the switch on other ports. Block should typically be used on ports in unsecure networks, where there is exposure to “attacks”, such as ports where intruders can connect.
Each port of a Series 2500 switch must be a Tagged or Untagged member of at least one VLAN. Thus, any port configured for GVRP to Learn or Block will generate and forward advertisements for the static VLAN(s) for which it has been configured as Tagged or Untagged .
Because dynamic VLANs operate as Tagged VLANs, and because a tagged port on one device cannot communicate with an untagged port on another device, HP recommends that you use Tagged VLANs for the static VLANs you will use to generate advertisements.
“Unknown VLAN” parameter (Learn, Block, or Disable) for each port. Configure the static VLANs on the switch(es) where they are needed, along with the per-VLAN parameters (Tagged, Untagged, Auto, and Forbid— see table 9-9 on page 9-82) on the appropriate ports.
2. Switch Configuration . . . 8. VLAN Menu . . . Figure 9-60. The VLAN Support Screen (Default Configuration) Do the following to enable GVRP and display the Unknown VLAN fields: Press [E] (for Edit). b. Use [ v] to move the cursor to the GVRP Enabled field.
Displaying the Switch’s Current GVRP Configuration. This command shows whether GVRP is disabled, along with the current settings for the maximum number of VLANs and the current Primary VLAN. (For more on the last two parameters, see “Port-Based Virtual LANs (Static VLANs)” on page 9-50.)
This example disables GVRP operation on the switch: Enabling and Disabling GVRP On Individual Ports. When GVRP is enabled on the switch, use the unknown-vlans command to change the Unknown VLAN field for one or more ports. You can use this command at either the Manager level or the interface context level for the desired port(s).
VLANs present in the switch. Syntax: For example, in the following illustration, switch “A” has one static VLAN (the default VLAN), with GVRP enabled and port 1 configured to Learn for Unknown VLANs. Switch “B” has GVRP enabled and has three static VLANs: the default VLAN, VLAN-222, and VLAN-333.
VLAN configuration. Within the same broadcast domain, a dynamic VLAN can pass through a device that is not GVRP-aware. This is because a hub or a switch that is not GVRP-ware will flood the GVRP (multicast) advertisement packets out all ports.
Configuring Advanced Features GVRP By receiving advertisements from other devices running GVRP, the switch learns of static VLANs on those other devices and dynamically (automat- ically) creates tagged VLANs on the links to the advertising devices. Similarly, the switch advertises its static VLANs to other GVRP-aware devices.
IGMP (Internet Group Management Proto- col controls). In the factory default state (IGMP disabled), the switch forwards all IGMP traffic to all ports, which can cause unnecessary bandwidth usage on ports not belonging to multicast groups.
VLAN) context. IGMP requires an IP address and subnet mask for any VLAN used for IGMP traffic. If the switch relies on DHCP or Bootp to acquire an IP address, ensure that an IP addressing has been assigned to the appropriate VLANs by using Address Information”...
Querier: In the default state (enabled), eliminates the need for a multicast router. In most cases, HP recommends that you leave this parameter in the default “enabled” state even if you have a multicast router performing the querier function in your multicast group.
Multimedia Traffic Control with IP Multicast (IGMP) Viewing the Current IGMP Configuration. This command lists the IGMP configuration for all VLANs configured on the switch or for a specific VLAN. Syntax: (For IGMP operating status, see “Internet Group Management Protocol (IGMP) Status”...
N o t e If you disable IGMP on a VLAN and then later re-enable IGMP on that VLAN, the switch restores the last-saved IGMP configuration for that VLAN. For more on how switch memory operates, see appendic C, “Switch Memory and Configuration”.
VLAN context to specify how each port should handle IGMP traffic. Syntax: Default: For example, suppose you wanted to configure IGMP as follows for VLAN 1 on the 10/100 ports on the Switch 2512: Ports 1-7 Port 8 Ports 9-12...
Default: Web: Enabling or Disabling IGMP In the web browser interface you can enable or disable IGMP on a per-VLAN basis. To configure other IGMP features, telnet to the switch console and use the CLI. To Enable or Disable IGMP Click on the Configuration tab.
The following example illustrates this operation. Figure 9-67 on page 9-99 shows a network running IGMP. PCs 1 and 4, switch 2, and all of the routers are members of an IP multicast group. (The routers operate as queriers.) 9-98 querier feature enabled.) A set...
Thus, it is sending large amounts of unwanted multicast traffic out the ports to PCs 2 and 3. Switch 2 is recognizing IGMP traffic and learns that PC 4 is in the IP multicast group receiving multicast data from the video server (PC X).
Running Here Figure 9-68. Isolating IP Multicast Traffic in a Network In the above figure, the multicast group traffic does not go to switch 1 and beyond because either the port on switch 3 that connects to switch 1 has been configured as blocked or there are no hosts connected to switch 1 or switch 2 that belong to the multicast group.
Number of IP Multicast Addresses Allowed Multicast filters and IGMP filters (addresses) together can total up to 255 in the switch. If multiple VLANs are configured, then each filter is counted once per VLAN in which it is used. Interaction with Multicast Traffic/Security Filters.
N o t e You should enable STP in any switch that is part of a redundant physical link (loop topology). (It is recommended that you enable STP on all switches belonging to a loop topology.) This topic is covered in more detail under “How STP Operates”...
STP was disabled. C a u t i o n Because the switch automatically gives faster links a higher priority, the default STP parameter settings are usually adequate for spanning tree operation. Also because incorrect STP settings can adversely affect network performance, you should not make changes unless you have a strong under- standing of how STP operates.
Configuring Advanced Features Spanning Tree Protocol (STP) Read-Only Fields Figure 9-69. Example of the STP Configuration Screen If the remaining STP parameter settings are adequate for your network, go to step 8. Use [Tab] or the arrow keys to select the next parameter you want to change, then type in the new value or press the Space Bar to select a value.
See “Spanning Tree Protocol (STP) Information” on page 10-15 Viewing the Current STP Configuration. Regardless of whether STP is disabled (the default), this command lists the switch’s full STP configuration, including general settings and port settings. show spanning-tree configuration...
C a u t i o n Because incorrect STP settings can adversely affect network performance, HP recommends that you use the default STP parameter settings. You should not change these settings unless you have a strong understanding of how STP operates.
STP (if not already enabled) and configures the following per-port parameters: Table 9-11.Per-Port STP Parameters Name Default Range path-cost Ethernet: 100 1 - 65535 Assigns an individual port cost that the switch uses 10/100Tx: 100 Fx: Gigabit: priority 0 - 255 mode...
5 and 6 to a path cost of Web: Enabling or Disabling STP In the web browser interface you can enable or disable STP on the switch. To configure other STP features, telnet to the switch console and use the CLI.
(Forwarding or Blocking, as determined by the STP negotiation). This sequence takes two times the forward delay value configured for the switch. The default is 15 seconds on HP switches, per the IEEE 802.1D standard recommendation, resulting in a total STP negotiation time of 30 seconds. Each switch port goes through this start-up sequence whenever the network con- nection is established on the port.
VLANs, spanning tree will block all but one of those links. However, if you need to use STP on the Switch 2512 or Switch 2524 in a VLAN environment with redundant physical links, you can prevent blocked redundant links by using a port trunk.
Problem: STP enabled with 2 separate (non-trunked) links blocks a VLAN link. Nodes 1 and 2 cannot communicate because STP is blocking the link. Figure 9-72. Example of Using a Trunked Link with STP and VLANs For more information, refer to “Spanning Tree Protocol Operation with VLANs”...
Configuring Advanced Features Spanning Tree Protocol (STP) 9-112...
Counters: Display details of traffic volume on individual ports. Event Log: Lists switch operating events. Alert Log: Lists network occurrences detected by the switch (in the Status | Overview screen of the web browser interface). Configurable trap receivers: Uses SNMP to enable management sta- tions on your network to receive SNMP traps from the switch.
N o t e You can access all console screens from the web browser interface via Telnet to the console. Telnet access to the switch is available in the Device View window under the Configuration tab. Status or Counters Type...
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access To Status and Counters Beginning at the Main Menu, display the Status and Counters menu by select- ing: 1. Status and Counters Figure 10-1. The Status and Counters Menu Each of the above menu items accesses the read-only screens described on the following pages.
From the console Main Menu, select: 1. Status and Counters 1. General System Information Figure 10-2. Example of General Switch Information This screen dynamically indicates how individual switch resources are being used. See the online Help for details. CLI Access show system-information...
Figure 10-3. Example of Management Address Information with VLANs Configured This screen displays addresses that are important for management of the switch. If multiple VLANs are not configured, this screen displays a single IP address for the entire switch. See the online Help for details.
1. Status and Counters . . .3. Port Status Figure 10-4. Example of Port Status on the Menu Interface CLI Access show interfaces Syntax: Web Access Click on the Status tab. Click on [Port Status]. Monitoring and Analyzing Switch Operation Status and Counters Data 10-7...
These features enable you to determine the traffic patterns for each port since the last reboot or reset of the switch. You can display: A general report of traffic on all LAN ports and trunk groups in the switch A detailed summary of traffic on a selected port or trunk group.
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to Port and Trunk Statistics To access this screen from the Main Menu, select: 1. Status and Counters . . . 4. Port Counters Figure 10-5. Example of Port Counters on the Menu Interface To view details about the traffic on a particular port, use the [ v] key to highlight that port number, then select Show Details.
CLI Access To Port and Trunk Group Statistics To Display the Port Counter Summary Report. This command provides an overview of port activity for all ports on the switch. Syntax: To Display a Detailed Traffic Summary for a Specific Port. This com- mand provides traffic details for the port you specify.
VLAN searching for a MAC address These features help you to view: The MAC addresses that the switch has learned from network devices attached to the switch The port on which each MAC address was learned Monitoring and Analyzing Switch Operation...
Menu Access to the MAC Address Views and Searches Switch-Level MAC-Address Viewing and Searching. This feature lets you determine which switch port is being used to communicate with a specific device on the network. The listing includes: The MAC addresses that the switch has learned from network devices...
Type the MAC address you want to locate and press [Enter]. The address and port number are highlighted if found. If the switch does not find the address, it leaves the MAC address listing empty. Located MAC Address and Corresponding Port Number Figure 10-8.
Status and Counters Data Type the MAC address you want to locate and press [Enter]. The address is highlighted if found. If the switch does not find the address, it leaves the MAC address listing empty. CLI Access for MAC Address Views and Searches...
1. Status and Counters . . . 7. Spanning Tree Information STP must be enabled on the switch to display the following data: Figure 10-10.Example of Spanning Tree Information Use this screen to determine current switch-level STP parameter settings and statistics.
Monitoring and Analyzing Switch Operation Status and Counters Data Figure 10-11.Example of STP Port Information CLI Access to STP Data This option lists the STP configuration, root data, and per-port data (cost, priority, state, and designated bridge). Syntax: 10-16 show spanning-tree...
Internet Group Management Protocol (IGMP) Status The switch uses the CLI to display the following IGMP status on a per-VLAN basis: Show Command Output show ip igmp Global command listing IGMP status for all VLANs configured in the switch: • VLAN ID (VID) and name •...
1, 2 3, 4 The next three figures show how you could list data on the above VLANs. Listing the VLAN ID (VID) and Status for ALL VLANs in the Switch. Figure 10-13.Example of VLAN Listing for the Entire Switch 10-18...
Listing the VLAN ID (VID) and Status for Specific Ports. Because ports 1 and 2 are not members of VLAN-44, it does not appear in this listing. Figure 10-14.Example of VLAN Listing for Specific Ports Listing Individual VLAN Status. Monitoring and Analyzing Switch Operation Status and Counters Data 10-19...
You can designate a port for monitoring traffic of one or more other ports or of a single VLAN configured on the switch. The switch monitors the network activity by copying all traffic from the specified monitoring sources (ports or VLAN) to the designated monitoring port, to which a network analyzer can be attached.
Monitoring and Analyzing Switch Operation Port Monitoring Features Menu: Configuring Port Monitoring This procedure describes configuring the switch for monitoring when moni- toring is disabled. (If monitoring has already been enabled, the screens will appear differently than shown in this procedure.) From the Console Main Menu, Select: 2.
Press the downarrow keyto move to the VLAN parameter (figure 10-18 on page page 10-24). iii. Press the Space bar again to select the VLAN that you want to monitor. Monitoring and Analyzing Switch Operation Port Monitoring Features Move the cursor to the Monitoring Port parameter.
Syntax: For example, if you assign port 12 as the monitoring port and configure the switch to monitor ports 1 - 3, show mirror-port displays the following: 10-24 exit from the screen.
For example, with a monitoring (mirror) port configured (above), you could select ports 1 and 2 for monitoring: Figure 10-20.Examples of Selecting Ports and VLANs as Monitoring Sources Monitoring and Analyzing Switch Operation Port Monitoring Features Port receiving monitored traffic.
Monitoring and Analyzing Switch Operation Port Monitoring Features Figure 10-21.Examples of Removing Ports and VLANs as Monitoring Sources Web: Configuring Port Monitoring To enable port monitoring: Click on the Configuration tab. Click on [Monitor Port]. Do either of the following: •...
Overview This chapter addresses performance-related network problems that can be caused by topology, switch configuration, and the effects of other devices or their configurations on switch operation. (For switch-specific information on hardware problems indicated by LED behavior, cabling requirements, and other potential hardware-related problems, refer to the installation guide you received with the switch.)
Installation Guide shipped with the switch for correct cable types and connector pin-outs. Use HP TopTools for Hubs & Switches (if installed on your network) to help isolate problems and recommend solutions. HP TopTools is shipped at no extra cost with the switch.
DHCP/Bootp server configuration to verify correct IP addressing. If you are using DHCP to acquire the IP address for the switch, the IP address “lease time” may have expired so that the IP address has changed. For more information on how to “reserve” an IP address, refer to the documentation for the DHCP application that you are using.
Note: If DHCP/Bootp is used to configure the switch, see the Note, above. If you are using DHCP to acquire the IP address for the switch, the IP address “lease time” may have expired so that the IP address has changed.
Unusual network activity is usually indicated by the LEDs on the front of the switch or measured with the switch console interface or with a network management tool such as the HP TopTools for Hubs & Switches. Refer to the Installation Guide you received with the switch for information on using LEDs to identify unusual network activity.
Filter Traffic. The IGMP feature does not operate if the switch or VLAN does not have an IP address configured manually or obtained through DHCP/Bootp. To verify whether an IP address is configured for the switch or VLAN, do either of the following: Try Using the Web Browser Interface: If you can access the web browser interface, then an IP address is configured.
STP Blocks a Link in a VLAN Even Though There Are No Redundant Links in that VLAN. In 802.1Q-compliant switches such as the Switch 2512 and Switch 2524, STP blocks redundant physical links even if they are in separate VLANs. A solution is to use only one, multiple-VLAN (tagged) link between the devices.
“Tagged” or “Untagged”. A VLAN assigned to a port connecting two 802.1Q- compliant devices must be configured the same on both ports. For example, VLAN_1 and VLAN_2 use the same link between switch “X” and switch “Y”. Link supporting VLAN_1 and VLAN_2 Switch “X”...
Similarly, if VLAN_2 (VID=2) is configured as “Tagged on the link port on switch “A”, then it must also be configured as “Tagged” on the link port on switch “B”. Make sure that the VLAN ID (VID) is the same on both switches.
The event log window contains 14 log entry lines and can be positioned to any location in the log. The event log will be erased if power to the switch is interrupted. (The event log is not erased by using the Reboot Switch command in the Main Menu.) Troubleshooting...
Troubleshooting Using the Event Log To Identify Problem Sources Table 11-1. Event Log System Modules Module Event Description addrMgr Address table chassis switch hardware bootp bootp addressing console Console interface dhcp DHCP addressing download file transfer Find, Fix, and Inform) -- available in the...
Display Help for the event log. CLI: Using the CLI, you can list Events recorded since the last boot of the switch All events recorded Event entries containing a specific keyword, either since the last boot or all events recorded Syntax: show logging [-a] [<search-text>]...
To respond to a Ping test or a Link test, the device you are trying to reach must be IEEE 802.3-compliant. Ping Test. This is a test of the path between the switch and another device on the same or another IP network that can respond to IP packets (ICMP Echo Requests).
Destination IP/MAC Address is the network address of the target, or destination, device to which you want to test a connection with the switch. An IP address is in the X.X.X.X format where X is a decimal number between 0 and 255. A MAC address is made up of 12 hexadecimal digits, for example, 0060b0-080400.
Troubleshooting Diagnostic Tools Number of Packets to Send is the number of times you want the switch to attempt to test a connection. Timeout in Seconds is the number of seconds to allow per attempt to test a connection before determining that the current attempt has failed.
Link Tests. You can issue single or multiple link tests with varying repititions and timeout periods. The defaults are: Repetitions: 1 (1 - 9999) Timeout: 5 seconds (1 - 256 seconds) link <mac-address> [repetitions <1 - 999>] [timeout <1 - 256>] Syntax: Basic Link Test Link Test with...
Diagnostic Tools Displaying the Configuration File The complete switch configuration is contained in a file that you can browse from either the web browser interface or the CLI. It may be useful in some troubleshooting scenarios to view the switch configuration.
CLI Administrative and Troubleshooting Commands These commands provide information or perform actions that you may find helpful in troubleshooting operating problems with the switch. N o t e For more on the CLI, refer to chapter 3, "Using the Command Line Reference (CLI).
Clear/Reset button combination N o t e HP recommends that you save your configuration to a TFTP server before resetting the switch to its factory-default configuration. You can also save your configuration via Xmodem, to a directly connected PC.
(OS) code to the switch: The TFTP feature (Download OS) command in the Main Menu of the switch console interface (page A-3) HP’s SNMP Download Manager included in HP TopTools for Hubs & Switches A switch-to-switch file transfer Xmodem transfer method N o t e Downloading a new OS does not change the current switch configuration.
This procedure assumes that: An OS file for the switch has been stored on a TFTP server accessible to the switch. (The OS file is typically available from HP’s electronic ser- vices—see the support and warranty booklet shipped with the switch.) The switch is properly connected to your network and has already been configured with a compatible IP address and subnet mask.
Transferring an Operating System or Startup Configuration File Downloading an Operating System (OS) Menu: TFTP Download from a Server In the console Main Menu, select Download OS to display this screen: Figure A-15. Example of the Download OS Screen (Default Values) Press [E] (for Edit).
When the switch finishes downloading the OS file from the server, it displays this progress message: Validating and Writing System Software to FLASH . . . After the switch reboots, it displays the CLI or Main Menu, depending on the Logon Default setting last configured in the menu’s Switch Setup screen.
HP TopTools for Hubs & Switches includes a software update utility for updating on HP ProCurve switch products such as the Series 2500 switches. For further information, refer to the HP TopTools for Hubs & Switches User Guide, provided electronically with the HP TopTools software.
CLI: Switch-To-Switch Download Syntax: copy tftp flash <ip-addr> flash For example, to download an OS file from a Switch 2512 with an IP address of 10.28.227.103: Running Total of Bytes Downloaded Figure 8-17.Switch-To-Switch OS Download Using the CLI Using Xmodem to Download the OS File From a PC...
Downloading an Operating System (OS) The download can take several minutes, depending on the baud rate used for the transfer. When the download finishes, the switch automatically reboots itself and begins running the new OS version. To confirm that the operating system downloaded correctly: From the Main Menu, select 1.
Figure A-18. Example of Message for Download Failure To find more information on the cause of a download failure, examine the messages in the switch’s Event Log by executing this CLI command: (For more on the Event Log, see “Using the Event Log To Identify Problem Sources”...
N o t e If an error occurs in which normal switch operation cannot be restored, the switch automatically reboots itself. In this case, an appropriate message is displayed in the copyright screen that appears after the switch reboots.
18.104.22.168: Xmodem: Copying a Configuration from the Switch to a Serially Connected PC or Unix Workstation. To use this method, the switch must be connected via the serial port to a PC or Unix workstation to which you want to copy the configuration file.
Transferring Switch Configurations Xmodem: Copying a Configuration from a Serially Connected PC or Unix Workstation. To use this method, the switch must be connected via the serial port to a PC or Unix workstation on which is stored the configuration file you want to copy.
VLAN you have configured on the switch. N o t e The switch’s base MAC address is used for the default VLAN (VID = 1) that is always available on the switch. Use the CLI to view the switch’s port MAC addresses in hexadecimal format.
Base switch (default VLAN; VID = 1) Any additional VLANs configured on the switch. Also, the Base MAC address appears on a label on the back of the switch. N o t e The Base MAC address is used by the first (default) VLAN in the switch. This is usually the VLAN named “DEFAULT_VLAN”...
This procedure displays the MAC addresses for all ports and existing VLANs in the switch, regardless of which VLAN you select. If the switch is at the CLI Operator level, use the enable command to enter the Manager level of the CLI.
Running Config File: Exists in volatile memory and controls switch operation. If no configuration changes have been made in the CLI since the switch was last booted, the running-config file is identical to the startup-config file. Startup-config File: Exists in flash (non-volatile) memory and is used to preserve the most recently-saved configuration as the "permanent"...
5: The above command disables port 5 in the running-config file, but not in the startup-config file. Port 5 remains disabled only until the switch reboots. If you want port 5 to remain disabled through the next reboot, use to save the current running-config file to the startup-config file in flash memory.
How To Use the CLI To Reconfigure Switch Features. Use this proce- dure to permanently change the switch configuration (that is, to enter a change in the startup-config file). Use the appropriate CLI commands to reconfigure the desired switch parameters.
Syntax: For example, the default port mode setting is uses Cat 3 wiring and you want to connect the switch to another autosensing device capable of 100 Mbps operation. Because 100 Mbps over Cat 3 wiring can introduce transmission problems, the recommended port mode is which allows the port to negotiate full- or half-duplex, but restricts speed to 10 Mbps.
If you use the CLI to make a change to the running-config file, you must use write memory is, if you use the CLI to change a parameter setting, but then reboot the switch from either the CLI or the menu interface without first executing the...
Syntax: For example: Press [Y] to replace the current configuration with the factory default config- uration and reboot the switch. Press [N] to retain the current configuration and prevent a reboot. Using the Menu and Web Browser Interfaces To Implement Configuration...
(even if you execute a Save operation in the menu interface). If you then execute a switch reboot command in the menu inter- face, the switch discards the configuration changes made while using the CLI.
To Reboot the switch, use the Reboot Switch option in the Main Menu. (Note that the Reboot Switch option is not available if you log on in Operator mode; that is, if you enter an Operator password instead of a manager password at the password prompt.)
Configuration Changes You can use the web browser interface to simultaneously save and implement a subset of switch configuration changes without having to reboot the switch. That is, when you save a configuration change (in most cases, by clicking on [Apply Changes] or [Apply Settings], you simultaneously change both the running- config file and the startup-config file.
This information applies to the following HP ProCurve switches: • 2512 • 2524 HP ProCurve switches provide a way to automatically adjust the system clock for Daylight Savings Time (DST) changes. For the following switches, HP ProCurve Switch 212M, 224M, 1600M, 2400M, 2424M, 4000M, and 8000M, the user defines the month and date to begin and end the change from standard time.
Daylight Savings Time on HP ProCurve Switches Middle Europe and Portugal: • Begin DST at 2am the first Sunday on or after March 25th. • End DST at 2am the first Sunday on or after September 24th. Southern Hemisphere: •...
Before configuring a "User defined" Daylight Time Rule, it is important to understand how the switch treats the entries. The switch knows which dates are Sundays, and uses an algorithm to determine on which date to change the system clock, given the configured "Beginning day" and "Ending day": If the configured day is a Sunday, the time changes at 2am on that day.
Index Numerics 802.1Q VLAN standard … 9-102 802.3u auto negotiation standard … 6-3 A.09.70 router release … 9-76 access manager … 8-6 operator … 8-6 access levels, authorized IP managers … 7-31 Actions line … 2-9–2-11 location on screen … 2-9 active path …...
… 11-14 DNS name … 4-6 domain … 9-57, 9-62 Domain Name Server … 4-6 download SNMP-based … A-6 switch-to-switch … A-6 troubleshooting … A-9 Xmodem … A-7 download OS … A-6 download, TFTP … A-2–A-4 duplicate IP address effect on authorized IP managers …...
HP Router 470 … 9-76 HP Router 480 … 9-76 HP Router 650 … 9-76 HP TopTools See TopTools HP web browser interface … 1-5 ICANN … 5-15 IEEE 802.1d … 9-102, 11-8 IEEE 802.3ab … 6-4 IGMP benefits … 9-91 configuration …...
configure per VLAN … 9-92 effect on filters … 9-101 example … 9-98–9-100 filter override … 9-101 high-priority forwarding … 9-92 host not receiving … 11-7 IP address required … 9-92 IP multicast address range … 9-101 leave group … 9-98 maximum address count …...
… 2-10 message inconsistent value … 7-19 VLAN already exists … 9-68 MIB … 8-4 MIB listing … 8-3 MIB, HP proprietary … 8-3 MIB, standard … 8-3 Microsoft Internet Explorer … 4-5 mirroring See port monitoring. Monitor parameter … 10-23 monitoring a VLAN …...
IP managers … 7-35–7-36 IGMP … 9-97 port security … 7-21 STP … 9-108 web server, proxy … 7-29 web site, HP … 8-4 world wide web site, HP See HP ProCurve write access … 8-6 write memory … 9-89 Xmodem OS download …...