HP ProCurve 3500yl Release Notes

Software version k.13.49.
Hide thumbs
Version K.13.49 Software
for the ProCurve Series 3500yl, 6200yl, 5400zl, and 8212zl Switches
These release notes include information on the following:
Downloading switch software and documentation from the Web
Best practices for major software updates, including contingency procedures for rolling back
to previous software versions and configurations. Please read before updating software
versions from K.12.xx to K.13.xx
Notes for ROM updates required for all yl and zl switches running K.13.45 or earlier
Clarifications for certain software features
A listing of software enhancements in recent releases
A listing of software fixes included in releases K.11.11 through K.13.49
Support Notes and Known Issues in releases K.11.11 through K.13.49
"Security notes about SNMP access to the hpSwitchAuth MIB objects" and other topics.
S u p p or t N o t i c e s :
WARNING. Updating to Version K.13.xx: . It is important that you update to K.13.xx from a
configuration that has not been previously converted from a pre-K.13.xx format (e.g. a K.11.xx or
K.12.xx configuration). If you have previously updated to K.13.xx and rolled back to K.12.xx to
workaround an issue, you should load a saved K.12.xx configuration to the switch and boot to it prior
to updating to K.13 again.
Performing major software updates: Before updating your software version from K.12.xx to
K.13.xx, read the recommended best practices for performing major software updates
Restriction in number of ACL mirror destinations: The K.13.01 software introduced a new
restriction to a single ACL mirror destination. For more information, see "Restriction in number of
ACL mirror destinations
PIM-SM: PIM-SM users should make sure ProCurve switches that run K software should all be on
the either pre-K.13.21 or post-K.13.21 versions of software due to a bug fix in K.13.21 that changes
the way a rendezvous point is chosen.
(page
(page
24) .
7).
(page
20)
(page
26)
(page
2)
(page
(page
145)
(page
17)—includes
(page
17)
7).

Advertising

   Also See for HP ProCurve 3500yl

   Related Manuals for HP ProCurve 3500yl

   Summary of Contents for HP ProCurve 3500yl

  • Page 1: Release Notes

    (e.g. a K.11.xx or K.12.xx configuration). If you have previously updated to K.13.xx and rolled back to K.12.xx to workaround an issue, you should load a saved K.12.xx configuration to the switch and boot to it prior to updating to K.13 again.

  • Page 2

    The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Software Updates ..............1 Download Switch Documentation and Software from the Web ......2 View or Download the Software Manual Set .

  • Page 4: Table Of Contents

    Release K.12.08 Enhancements ............57 Configuring a System Contact and Location for the Switch ......57...

  • Page 5: Table Of Contents

    Release K.12.10 Enhancements ............58 Show VLAN ports CLI Command Enhancement .

  • Page 6: Table Of Contents

    Release K.12.51 Enhancements ............66 Release K.12.52 Enhancements .

  • Page 7: Table Of Contents

    Enabling Customized Web Authentication Pages ........115 Dynamic IP Lockdown .

  • Page 8: Table Of Contents

    Release K.11.34 ..............151 Release K.11.35 .

  • Page 9: Table Of Contents

    Release K.12.09 ..............165 Release K.12.10 .

  • Page 10: Table Of Contents

    Release K.12.51 ..............176 Release K.12.52 .

  • Page 11: Table Of Contents

    Release K.13.26 through K.13.39 ............200 Release K.13.40 .

  • Page 12: Software Management, Premium License Switch Software Features, Software Updates

    Software Management Premium License Switch Software Features The ProCurve 3500yl and 5400zl switches ship with the ProCurve Intelligent Edge software feature set. The additional Premium License switch software features for the 3500yl and 5400zl switches can be acquired by purchasing the optional Premium License and installing it on the Intelligent Edge version of these switches.

  • Page 13: Download Switch Documentation And Software From The Web, View Or Download The Software Manual Set

    This section describes how to use the CLI to download software to the switch. You can also use the menu interface for software downloads. For more information, refer to the Management and Configuration Guide for your switch.

  • Page 14: Tftp Download From A Server, Xmodem Download From A Pc Or Unix Workstation

    Syntax: boot system flash [ < primary | secondary > ] After the switch reboots, it displays the CLI or Main Menu, depending on the Logon Default setting last configured in the menu’s Switch Setup screen.

  • Page 15

    To reduce the download time, you may want to increase the baud rate in your terminal emulator and in the switch to a value such as 115200 bits per second. (The baud rate must be the same in both devices.) For example, to change the baud rate in the switch to 115200, execute this...

  • Page 16: Using Usb To Download Switch Software

    Download Switch Documentation and Software from the Web Using USB to Download Switch Software To use the USB port on the switch to download a software version from a USB flash drive: ■ The software version must be stored on the USB flash drive, and you must know the file name (such as K_12_10.swi).

  • Page 17: Saving Configurations While Using The Cli

    When you use the CLI to make a configuration change, the switch places the change in the running-config file. If you want to preserve the change across reboots, you must save the change to the startup-config file.

  • Page 18: Best Practices For Major Software Updates, Updating The Switch: Overview

    C a u t i o n Before you update the switch software to a major new version, ProCurve strongly recommends that you save off a copy of your config file to an external location. ProCurve advises against rolling back (going from a newer software version to an older software version) without copying on a backup config file to the device.

  • Page 19: Updating The Switch: Detailed Steps

    This will ensure that you can use our proposed roll back procedures should the need arise. Updating the Switch: Detailed Steps The following detailed steps shows how to update the switch software from an existing version to a major new release (in the example provided here, from version K.12.57 to version K.13.06).

  • Page 20

    Software Management Best Practices for Major Software Updates b. Create a backup configuration file and verify the change. Switch1# copy config config1 config config2 Switch1# show config files Configuration files: id | act pri sec | name ---+-------------+---------------------------------------------- Save the current config to a tftp server using the copy tftp command. For example: Switch1# copy startup-config tftp 10.1.1.60 Switch1_config_K_12_57.cfg Note This step is necessary because ProCurve does not support roll back (going from a newer software...

  • Page 21

    Validating and Writing System Software to the Filesystem ... Verify that your images and configuration are set correctly. For example, if you updated from K.12.57 to K.13.06, you should see the following outputs from the switch show commands: Switch1# show version...

  • Page 22: Rolling Back Switch Software

    Switch1# reload System will be rebooted from primary image. Do you want to continue [y/n]? y At the prompt, answer y, for yes, and the switch will boot with the new image. N ot e : As an additional step, ProCurve advises saving the startup-config to a tftp server using the copy tftp command.

  • Page 23: Viewing Or Transferring Alternate Configuration Files

    For example, if a configuration is created on K.12.57 and saved as config2, and if it is then viewed or transferred while the switch is running K.13.06, it will appear as though K.13.06 has converted the configuration. However, the alternate configuration file, config2, will still be intact on the switch and load properly when the switch is booted into the same software version from which the configuration file originated.

  • Page 24

    Software Management Best Practices for Major Software Updates And later, the configuration that was created on K.12.57 is viewed while the switch is running K.13.06: ProCurve5406zl-onK1306# show config K1257config <cr> The command output will show how the K.12.57 config would be interpreted, if it were to be used by the K.13.06 software.

  • Page 25: Procurve Switch, Routing Switch, And Router Software Keys

    Switch 2510G Series (2510G-24 and 2510G-48) numeric Switch 9408sl, Switch 9300 Series (9304M, 9308M, and 9315M), Switch 6208M-SX and Switch 6308M-SX (Uses software version number only; no alphabetic prefix. For example 07.6.04.) ProCurve Switch, Routing Switch, and Router Software Keys...

  • Page 26: Os/web/java Compatibility Table, Minimum Software Versions

    Software Management OS/Web/Java Compatibility Table OS/Web/Java Compatibility Table The switch Web agent supports the following combinations of OS browsers and Java Virtual Machines: Operating System Internet Explorer Windows NT 4.0 SP6a 5.00, 5.01 5.01, SP1 6.0, SP1 Windows 2000 Pro SP4 5.05, SP2...

  • Page 27

    ProCurve Device Switch 5400zl 4p 10-GbE CX4 Module Switch 6200yl-24G-mGBIC Switch 3500yl 2p 10GbE X2 + 2p CX4 Module Software Management Minimum Software Versions Product Number Minimum Supported Software Version J8708A K.11.33 J8992A K.11.33 J8694A K.11.17...

  • Page 28: Support Notes, Rom Update Required, Using Snmp To View And Configure Switch Authentication Features

    MIB objects. This means that a device operating as a management station with access to the switch can be used to change the SNMP MIB settings. This can pose a security risk if the feature is used to incorrectly configure authentication features or to reconfigure authentication features to unauthorized settings.

  • Page 29: Support For The Wireless Edge Services Zl Module

    Resources (PR_1000388697): When the switch is writing large files to flash (for example, a transfer of a very large configuration or a software update), switch resources may be impacted during the write operation, causing some potential loss of hello packets. This may impact VRRP, OSPF or spanning tree protocol. In order to mitigate potentially undesirable affects, updates to the switch software should be made during a scheduled downtime.

  • Page 30: Caution: Updating To Version K.13.xx

    (e.g. a K.11.xx or K.12.xx configuration). If you have previously updated to K.13.xx and rolled back to K.12.xx to workaround an issue, you should load a saved K.12.xx configuration to the switch and boot to it prior to updating to K.13 again.

  • Page 31: Clarifications

    32 IP addresses. However, the maximum number of IP addresses that can be configured on the switch is 2048, so it is not possible to configure up to the maximum number of routed VLANs (512) with 32 IP addresses each. For example, if you wanted to use all available IP...

  • Page 32

    The number of UDP broadcast entries and IP helper addresses combined can be up to 16 per VLAN, with an overall maximum of 2048 on the switch. An earlier version of the Multicast and Routing Guide (page 5-142) had incorrectly stated that the overall maximum is 256.

  • Page 33: Known Issues

    When the RADIUS server replies with a large frame, the switch does not respond, causing the authentication process to halt. ■ SNMP Trap (PR_1000772026) — The ProCurve 3500yl Switches do not send the proper OID value for a Redundant Power Supply (RPS) failure. Known Issues Minimum Software Versions <x.x.x.x>...

  • Page 34

    Module Selftest (PR_0000001273) — After reboot, ports 1-24 or ports 25-48 on the ProCurve 3500yl or ports 1-24 on the 6200yl Switches may become unresponsive followed by green and amber port LEDs remaining lit. Ports recover automatically. The log file will show the following messages.

  • Page 35: Release K.13.02, Release K.13.01

    K.11.xx or K.12.xx to K.13.xx. ■ PCM+ USB Autorun (PR_1000767612) — Issuing the command copy startup-config usb test may crash the switch when executed in a PCM+ Autorun cmd file. The crash message is similar to: PPC Data Storage (Bus Error) exception vector 0x300: Restriction in number of ACL mirror destinations —...

  • Page 36

    Known Issues Release K.13.01...

  • Page 37: Enhancements, Release K.11.12 Enhancements, Release K.11.13 Through K.11.32 Enhancements, Release K.11.33 Enhancements, Release K.11.34 Enhancements

    ProCurve Series 3500yl, 6200yl, 5400zl, and 8212zl switches (January 2008), available on the Web at www.hp.com/rnd/support/manuals. Release K.11.11 was the first production software release for the ProCurve 3500yl, 6200yl, and 5400zl Series switches. Release K.12.31 was the first production software release for the ProCurve 8212zl switch.

  • Page 38: Release K.11.35 Enhancements, Release K.11.36 Through K.11.39 Enhancements, Release K.11.40 Enhancements

    Scheduled reload: Additional parameters have been added to the reload command to allow ■ for a scheduled reboot of the switch via the CLI. For more information, refer to the section on “Rebooting your Switch” in the Chapter titled “Switch Memory and Configuration” in the Management and Configuration Guide for your switch.

  • Page 39: Release K.11.41 Enhancements, Release K.11.42 Enhancements, Release K.11.43 Enhancements, Release K.11.44 Enhancements

    No enhancements, software fixes only. Release K.11.48 Enhancements Release K.11.48 includes the following enhancement: The show tech transceiver CLI command output now contains the HP part number and ■ revision information for all transceivers (mGBICs) on the switch. Release K.11.49 Enhancements Release K.11.49 includes the following enhancement:...

  • Page 40: Release K.11.60 Through K.11.63 Enhancements, Release K.11.64 Enhancements, Release K.11.68 Enhancements, Release K.11.69 Enhancements

    Improved SFlow function to accommodate bursty traffic. Release K.11.69 Enhancements No new enhancements, software fixes only. Release K.11.69 is the last release of the K.11.xx software. The 3500yl, 6200yl, and 5400zl switch series software code was rolled to the K.12.0x code branch with no intervening releases.

  • Page 41: Release K.12.01 Enhancements

    Refer to "Using USB To Download Switch Software" in the "File Transfers" appendix of the Management and Configuration Guide for your switch (February 2007 or newer). For information on USB device compatibility on the 3500yl, 5400zl, and 6200yl switches, refer to the HP ProCurve support Website: http://www.hp.com/rnd/support/faqs/index.htm.

  • Page 42

    Enhancements Advanced Traffic Management Guide Qos Queue Config: Allows you to reduce the number of outbound queues that all switch ports Number of Default VLANs: In the factory default state, support has been increased from 8 VLANs to Migrating Layer 3 VLANs Using...

  • Page 43: Release K.12.02 Enhancements, Release K.12.03 Enhancements

    Software Manual/ Enhancements Controlled Directions Web/MAC Auth: Note on Manual Updates: In addition to the above updates to the manuals, the chapter on ACLs has been moved from the Advanced Traffic Management Guide to the Access Security Guide. The Access Security Guide also provides a new introductory “Security Overview”...

  • Page 44: Release K.12.04 Enhancements, Configuring Mstp Port Connectivity Parameters

    Enhancements Release K.12.04 Enhancements For more information, refer to “QoS TCP/UDP Priority” in the Advanced Traffic Management Guide. Release K.12.04 Enhancements Release K.12.04 includes the following enhancement: Enhancement MSTP (PR_1000369492) — Update of MSTP implementation to the latest ■ IEEE P802.1Q-REV/D5.0 specification to stay in compliance with the protocol evolution. For more information on selected configuration options and updated MSTP port parameters, see “Configuring MSTP Port Connectivity Parameters”...

  • Page 45

    [admin-edge-port] Enables admin-edge-port for RSTP/MSTP. If a bridge or switch is detected on the segment, the port automatically operates as non-edge, not enabled. (Default: No - disabled) If admin-edge-port is disabled on a port and auto-edge-port has not been disabled, the auto-edge-port setting controls the behavior of the port.

  • Page 46

    True (default): Indicates a point-to-point link to a device such as a switch, bridge, or end-node. False: Indicates a connection to a hub (which is a shared LAN segment). Auto: Causes the switch to set False on the port if it is not running at full duplex. (Connections to hubs are half-duplex.)

  • Page 47: Release K.12.05 Enhancements, How Radius-based Authentication Affects Vlan Operation

    For example, if you configure “2” as the priority multiplier for a given port, then the actual priority is 32. Thus, after you specify the port priority multiplier, the switch displays the actual port priority (and not the multiplier) in the show spanning-tree config display. You can view the actual multiplier setting for ports by executing show running and looking for an entry in this form: spanning-tree <port-list>...

  • Page 48

    VLAN configuration is an untagged member of the VLAN for the duration of the authenticated session. This applies even if the port is also configured in the switch as a tagged member of the same VLAN. The following restrictions apply: •...

  • Page 49

    If the port is not already a member of the RADIUS-assigned (static or dynamic) untagged VLAN, the switch temporarily reassigns the port as an untagged member of the required VLAN (for the duration of the session). At the same time, if the ProCurve port is already configured as an untagged member of a different VLAN, the port loses access to the other VLAN for the duration of the session.

  • Page 50

    Enhancements Release K.12.05 Enhancements Therefore, on a port where one or more authenticated client sessions are already running, all such clients are on the same untagged VLAN. If a RADIUS server subsequently authenticates a new client, but attempts to re-assign the port to a different, untagged VLAN than the one already in use for the previously existing, authenticated client sessions, the connection for the new client will fail.

  • Page 51

    Figure 2. Active Configuration for VLAN 22 Temporarily Changes for the 802.1X Session However, as shown in Figure 1, because VLAN 33 is configured as untagged on port A2 and because a port can be untagged on only one VLAN, port A2 loses access to VLAN 33 for the duration of the 802.1X session on VLAN 22.

  • Page 52

    Enhancements Release K.12.05 Enhancements When the 802.1X client session on port A2 ends, the port removes the temporary untagged VLAN membership. The static VLAN (VLAN 33) that is “permanently” configured as untagged on the port becomes available again. Therefore, when the RADIUS-authenticated 802.1X session on port A2 ends, VLAN 22 access on port A2 also ends, and the untagged VLAN 33 access on port A2 is restored as shown in When the 802.1X session...

  • Page 53

    However, if a RADIUS-configured dynamic VLAN used for an authentication session is deleted from the switch through normal GVRP operation (for example, if no GVRP advertisements for the VLAN are received on any switch port), authenticated clients using this VLAN are deauthenticated.

  • Page 54: Release K.12.06 Enhancements, Saving Security Credentials In A Configuration File

    After verifying the configuration, you can then save it permanently by writing the settings to the startup-config file. By permanently saving a switch’s security credentials in a configuration file, you can upload ■ the file to a TFTP server or Xmodem host, and later download the file to the ProCurve switches on which you want to use the same security settings without having to manually configure the settings (except for SNMPv3 user parameters) on each switch.

  • Page 55

    ■ TACACS+ encryption keys ■ RADIUS shared secret (encryption) keys Public keys of SSH-enabled management stations that are used by the switch to authenticate ■ SSH clients that try to connect to the switch Local Manager and Operator Passwords In software releases earlier than K.12.06, the manager and operator passwords and user names used...

  • Page 56

    C a u t i o n If a startup configuration file does not contain a manager or operator password, the switch will not have password protection and can be accessed through Telnet, the serial port, or Web interface with full manager privileges.

  • Page 57

    The <hash-type> parameter specifies the type of algorithm (if any) used to hash the password. ■ Valid values are plaintext or sha-1. The <password> parameter is the clear ASCII text string or SHA-1 hash of the password. ■ You can enter a manager/operator password in clear ASCII text or hashed format, while the port-access password must be clear ASCII text only.

  • Page 58

    802.1X authenticator credentials are used by a port to authenticate supplicants requesting a point-to-point connection to the switch. 802.1X supplicant credentials are used by the switch to establish a point-to-point connection to a port on another 802.1X-aware switch. Only 802.1X authen- ticator credentials are stored in a configuration file.

  • Page 59

    In software releases earlier than K.12.06, the global and server-specific TACACS+ encryption keys cannot be saved in a configuration file that can be copied from the switch. These keys are stored only in flash memory and can be viewed by using the show tacacs command.

  • Page 60

    Client public-key authentication uses one or more public keys (from clients) that must be stored on the switch. Only a client with a private key that matches a public key stored on the switch can gain access at the manager or operator level. For more information about how to configure and use SSH public keys to authenticate SSH clients that try to connect to the switch, refer to the “Configuring...

  • Page 61

    Note In software release K.12.01 and earlier, you can add up to ten SSH client public-keys to the switch only by using the copy command; for example: $ copy tftp public-key ip-addr filename <manager|operator>...

  • Page 62

    Figure 6. Example of Hashed Content of an SSH Client Public Key If a switch configuration contains multiple SSH client public keys, each public key is saved as a separate entry in the configuration file. You can configure up to ten SSH client public-keys on a switch.

  • Page 63

    For more information, refer to the “Switch Memory and Configuration” chapter in the Management and Configuration Guide. To copy the contents of the running-config file from the switch to a USB flash memory device, enter the copy running-config usb command. For more information, refer to the “File Transfers”...

  • Page 64

    A warning message reminds you to permanently save a security setting, which was formerly automatically saved in internal flash, after you configure it.

  • Page 65

    Uploads a configuration file from the switch to a TFTP server. • copy tftp config: Downloads a configuration file from a TFTP server to the switch.

  • Page 66

    Enhancements Release K.12.06 Enhancements If you upgrade ProCurve software on a switch from an earlier software release to software ■ release K.12.06 or greater and then enter the include-credentials command, security passwords are managed as follows: • The manager password (if any) in the earlier software version is copied into the running configuration.

  • Page 67

    SNMPv3 engine ID value in the downloaded file must match the engine ID of the switch in order for the SNMPv3 users to be configured with the authentication and privacy passwords in the file. (To display the engine ID of a switch, enter the show snmpv3 engine-id command.

  • Page 68: Release K.12.07 Enhancements, Release K.12.08 Enhancements, Configuring A System Contact And Location For The Switch

    < system-contact > and <system-location > are ASCII strings up to 255 characters each. Web Browser Interface Using the Web browser interface for the switch, click the Configuration tab, and select System Info to access the System Location and System Contact fields. In each field, you can enter ASCII strings up to 255 characters each.

  • Page 69: Release K.12.09 Enhancements, Release K.12.10 Enhancements, Show Vlan Ports Cli Command Enhancement

    Release K.12.09 Enhancements No enhancements, software fixes only. Release K.12.10 Enhancements Release K.12.10 includes the following enhancement: Enhancement (PR_1000419653) — The show vlan ports command was enhanced to ■ display each port in the VLAN separately, display the friendly port name (if configured), and display the VLAN mode (tagged/untagged) for each port.

  • Page 70

    Jumbo: Indicates whether a VLAN is configured for Jumbo packets. For more on jumbos, refer to the chapter titled “Port Traffic Controls” in the Management and Configuration Guide for your switch. Mode: Indicates whether a VLAN is tagged or untagged.

  • Page 71: Release K.12.11 Enhancements, Release K.12.12 Enhancements, Release K.12.13 Enhancements, Release K.12.14 Enhancements, Release K.12.15 Enhancements

    RADIUS accounting packets sent to the RADIUS server by the switch. The IP address of the client is included in the RADIUS accounting packet sent by the switch to the RADIUS server. The client obtains the IP address through DHCP, so DHCP snooping must be enabled for the VLAN of which the client is a member.

  • Page 72

    Using community name and destination IP address, this command designates a destination network-management station for receiving SNMP event log messages from the switch. If you do not specify the event level, then the switch does not send event log messages as traps. You can specify up to 10 trap receivers (network management stations).

  • Page 73: Release K.12.16 Enhancements, Release K.12.17 Enhancements, Release K.12.18 Enhancements

    You can see if informs are enabled or disabled with the show snmp-server command as shown in Figure ProCurve(config)# show snmp-server SNMP Communities Community Name MIB View Write Access ---------------- -------- ------------ public Manager Trap Receivers Link-Change Traps Enabled on Ports [All] : All Send Authentication Traps [No] : No Informs [Yes] : Yes Address...

  • Page 74: Release K.12.19 Enhancements, Release K.12.20 Enhancements, Release K.12.21 Enhancements

    Enhancement (PR_1000374051) — The 5400zl switches are not detecting packets from ■ an Avaya G700 PBX or Cajun switch due to irregular Ethernet packets sent by those devices. This is a workaround that will alter the 5400zl software to allow 100Mb operation on the upcoming "C"...

  • Page 75: Release K.12.22 Enhancements, Release K.12.23 Enhancements, Release K.12.24 Enhancements, Release K.12.26 Through K.12.29 Enhancements

    Release K.12.31 Enhancements Release K.12.31 includes the following enhancement: ■ Enhancement — Support for the following ProCurve product was added. J9091A / J8715A (bundle) for the ProCurve switch 8212zl Release K.12.32 Enhancements Never released. Build K.12.32 includes the following enhancement: Enhancements...

  • Page 76: Release K.12.33 Through K.12.40 Enhancements, Release K.12.41 Through K.12.42 Enhancements, Release K.12.43 Enhancements

    ■ theoretically available VLAN IDs (1-4094) to an MSTP instance, even if some of the VLANs are not currently configured on the switch. (This enhancement was subsequently improved, “Release K.12.51 Enhancements” on page see the ProCurve Advanced Traffic Management Guide.

  • Page 77: Release K.12.45 Enhancements, Release K.12.46 Enhancements, Release K.12.47 Enhancements, Release K.12.48 Enhancements, Release K.12.49 Enhancements

    VLAN IDs (1-4094) to an MSTP instance, even if some of the VLANs are not currently configured on the switch. The initial implementation of this enhancement did not allow smooth migration of pre-existing MSTP configurations.

  • Page 78: Release K.12.52 Enhancements, Release K.12.53 Through K.12.55 Enhancements, Release K.12.56 Enhancements

    PR_1000457691 was added. This enhancement allows the mapping of all theoretically available VLAN IDs (1-4094) to an MSTP instance, even if some of the VLANs are not currently configured on the switch. For more information, see the ProCurve Management and Configuration Guide.

  • Page 79: Release K.12.57 Enhancements

    Enhancement (PR_1000464170) — This feature provides support for adding the LLDP ■ VLAN Name TLV to LLDP advertisements generated by ProCurve switches. For more information, see the ProCurve Management and Configuration Guide. Release K.12.57 Enhancements Release K.12.57 includes the following enhancement: Enhancement (PR_1000713394) —...

  • Page 80: Release K.13.01 Enhancements

    USB Secure Autorun: Helps ease the configuration of ProCurve switches by providing a way to SNMP Traps: Allow you to configure the switch to send network security and link-change MAC-based Remote Mirroring: Allows you to use MAC as a criteria in selecting traffic that needs to be Show Command Changes: The show power-management CLI command has been changed to show Scalability: Increased max trunks (60);...

  • Page 81

    This allows you, for example, to use IDM to dynam- ically configure tagged and untagged VLANs as required for different client devices, such as PCs and IP phones, that share the same switch port. See the section on “VLAN Assignment in an Authentication Session” in the chapter on “RADIUS Authentication and Accounting”.

  • Page 82: Release K.13.02 Enhancements, Vrrp Pre-emptive Delay Timer

    3500/5400/6200 software manuals have been combined into a single manual set. Where features apply only to a specific model or models, this will be indicated in the chapter or heading for that feature; for example, "Redundancy (Switch 8212zl)" or "Stack Management for the Series 3500yl Switches and the 6200yl Switch."...

  • Page 83

    When OSPF is Also Enabled on the VRRP Routers When OSPF is enabled on the routers and a Fail-back event occurs, the Owner router immediately takes control of the virtual IP address and provides the default gateway functionality. If OSPF has not converged, the route table in the Owner router may not be completely populated.

  • Page 84

    Enhancements Release K.13.02 Enhancements where VID = 16 VRID = 23 PDT = 12 seconds VRRP Preempt Mode with LACP and Older ProCurve Devices There can be an issue with VRRP Preempt Mode if an older ProCurve device (2524, 2650, 2848, 3400cl, or 5300) is the intermediate device connecting to a VRRP router and has LACP set in “enable, passive”...

  • Page 85

    There are trade-offs between selecting a small advertisement value and a large preempt delay time. A small advertisement value results in a faster failover to the Backup router. A larger PDT value allows OSPF to converge before the Owner router takes back control of its virtual IP address. Choosing a large PDT value (greater than the Master down time) may result in an unnecessary failover to the Backup router when the VRRP routers (Owner and Backup) start up together.

  • Page 86: Release K.13.03 Enhancements, New Cli Commands

    Enhancements Release K.13.03 Enhancements Error Messages Error Attempting to assign the preempt delay time to the Virtual Router before declaring it as an Owner or Backup Attempting to assign an out of range preempt delay time to the Virtual Router instance. Attempting to change the preempt delay time value when the Virtual Router is active.

  • Page 87: Release K.13.04 Enhancements, Clear Module Configuration

    There was no module present in the slot since the last boot ■ If there was a module present after the switch was booted, the switch will have to be rebooted before any module (new or same) can be used in the slot.

  • Page 88: Vrrp—dynamic Priority Change

    IP address. Router-2 takes control of the IP address and responds to ARP requests for it with the virtual MAC address that corresponds to VRID-1. (Virtual IP Address) Intranet Router-2 VLAN VID: 22 IP: 10.10.10.23 Router 2 Configuration Switch VRID: 1 VLAN VID: 22 Status: Backup Virtual IP Addr: 10.10.10.1 Host “A” MAC Addr: 00-00-5E-00-01-01 Priority: 100 VR 1 10.10.10.1...

  • Page 89

    Note A Backup VR switches to priority zero instead of its configured value when all its tracked entities go down. An Owner VR always uses priority 255 and never relinquishes control voluntarily. CLI Commands The following commands are used for this enhancement. Note You can only configure tracked interfaces or VLANs on the Backup router.

  • Page 90

    Enhancements Release K.13.04 Enhancements Configuring Track VLAN The track vlan command allows you to specify a VLAN or range of VLANs to be tracked by the VR. Notes VR operation must be down before executing this command. Use the no enable command to disable VR operation.

  • Page 91

    Syntax: no track The command allows you to remove tracking for all configured track entities (ports, trunks, and VLANs). The command is executed in VRID instance context. For example: ProCurve(vlan-25-vrid-1)# no track Failover Operation Failover operation involves handing off of the VRs control of the virtual IP to another VR. Once a failover command is issued, the VR begins sending advertisements with priority zero instead of the configured priority.

  • Page 92

    Enhancements Release K.13.04 Enhancements Displaying the VRRP Configuration You can display the VRRP tracked entities by entering the command shown in ProCurve(vlan-25-vrid-1)# show vrrp tracked-entities VRRP Tracked entities VLAN ID VR ID ---------- ---------- ---------- ------------------------------ Figure 11. Example of show vrrp tracked entities Command You can display the VRRP configuration by entering the command shown in ProCurve(vlan-25-vrid-1)# show vrrp vlan 25 vrid 1 config VRRP Virtual Router Configuration Information...

  • Page 93

    • The VRs operating VLAN can’t be configured as a tracking VLAN for that VR. • Ports that are part of a trunk can’t be tracked. • A port that is tracked can’t be included in a trunk. • Trunks that are tracked can’t be removed; you are not able to remove the last port from the trunk.

  • Page 94: Dhcp Option 66 Automatic Configuration Update

    One or more TFTP servers has the desired configuration file. C a u t i o n This feature must use configuration files generated on the switch to function correctly. If you use configuration files that were not generated on the switch, and then enable this feature, the switch may reboot continuously.

  • Page 95

    Replacing the Existing Configuration File: After the DHCP client downloads the configuration file, the switch compares the contents of that file with the existing configuration file. If the content is different, the new configuration file replaces the existing file and the switch reboots.

  • Page 96: Bootp/dhcp Relay Gateway

    Enhancements Release K.13.04 Enhancements • DHCP is preferred over BootP • If two BootP offers are received, the first one is selected • For two DHCP offers: – The offer from an authoritative server is selected – If there is no authoritative server, the offer with the longest lease is selected Log Messages The file transfer is implemented by the existing TFTP module.

  • Page 97

    If the IP address has not already been configured on the interface (VLAN), you will see the message shown in Figure ProCurve# config ProCurve(config)# vlan 1 ProCurve(vlan-1)# ip bootp-gateway 10.10.10.1 The IP address 10.10.10.1 is not configured on this VLAN. Figure 14.

  • Page 98: Inbound Rate-limiting For Broadcast And Multicast Traffic

    This enhancement allows rate-limiting (throttling) of inbound broadcast and multicast traffic on the switch. The rate-limiting is implemented as a percentage of the total available bandwidth on the port. Rate-limiting inbound broadcast or multicast traffic helps prevent the switch from being disrupted by traffic storms if they occur on the rate-limited port.

  • Page 99

    ProCurve(config)# int 3 ProCurve(eth-3)# rate-limit bcast in percent 50 ProCurve 3500(eth-3)# show rate-limit bcast Broadcast-Traffic Rate Limit Maximum % Port | Inbound Limit Mode ----- + ------------- --------- --------------- | Disabled | Disabled | 50 | Disabled | Disabled Figure 1. Example of Inbound Broadcast Rate-limiting of 50% on Port 3 If you rate-limit multicast traffic on the same port, the multicast limit is also in effect for that port, as shown in Figure...

  • Page 100: Dns Capabilities For Telnet

    • IPv4 address • IPv6 address • Hostname • Stack number of a member switch (1-16) if the switch is a commander in a stack and stacking is enabled Radius Override Disabled No-override Disabled No-override Disabled No-override...

  • Page 101: Show Module Enhancement

    For example, if the host “Labswitch” is in the domain abc.com, you can enter the following command and the destination is resolved to “Labswitch.abc.com”. ProCurve(config)# telnet Labswitch You can also enter the full domain name in the command: ProCurve(config)# telnet Labswitch.abc.com You can use the show telnet command to display the resolved IP address.

  • Page 102

    Enhancements Release K.13.04 Enhancements Syntax: show modules [details] Displays information about the installed modules, including: • The slot in which the module is installed • The module description • The serial number • The System Support Module description, serial number, and status (8212zl only) Additionally, the part number (J number) and serial number of the chassis is displayed.

  • Page 103: Vrrp Option With Debug Command

    Note On ProCurve 3500yl and 6200yl series switches, the mini-GBIC information does not display as the ports are fixed and not part of any module. Enhancement (PR_ 0000000101) — This enhancement adds a vrrp option to the debug ■ command.

  • Page 104: Copy Command With Show Tech Option

    To upload the customized list, the copy tftp command will include the show-tech option in the destination parameter. Syntax: copy <source> <destination> [options] Copy data files to or from the switch. : Yes : 22 : Initialize...

  • Page 105: Release K.13.05 Through K.13.15 Enhancements, Release K.13.16 Enhancements, Console/telnet Inactivity Timer

    <source>: specify the source of the data. It can be tftp, xmodem, command, usb, or any of the following switch data files: • running-config • startup-config • crash-log [a|b|c|d|e|f|g|h|master] • crash-data • event-log • flash • command-output <command> Note: When using command output, place the desired CLI command in double quotes, for example, “show system”.

  • Page 106: Management Access Security Enhancement

    Enhancements Release K.13.16 Enhancements Syntax: console inactivity-timer <minutes> If the console port has no activity for the number of minutes configured, the switch terminates the session. A value of zero indicates the inactivity timer is disabled. Default: 0 (zero) For example: ProCurve(config)# console inactivity-timer 20 Enhancement (PR_1000780247) —...

  • Page 107

    Only IPv4 is supported when using the menu to set the management access method. To access the menu screen, type menu at the switch prompt, then select 2. Switch Configuration, then 6. IP Authorized Managers. The menu screen for IP Managers displays. Click on Edit to make changes.

  • Page 108

    Enhancements Release K.13.16 Enhancements ProCurve ==========================- CONSOLE - MANAGER MODE -============================ Switch Configuration - IP Managers Authorized Manager IP ---------------------- 10.10.240.2 10.10.245.3 10.10.246.200 10.10.245.30 Actions-> Back Figure 7. Example of Menu Showing Authorized Managers with Access Method ProCurve ==========================- CONSOLE - MANAGER MODE -============================ Switch Configuration - IP Managers Authorized Manager IP: 10.10.245.3...

  • Page 109: Show Interfaces Custom

    Figure 9. Example of Configuring Authorized Manager Access Method in the Web Interface See “Using Authorized IP Managers” in the Access Security Guide for your switch for more information about authorized IP managers. Enhancement (PR_0000000090) — This enhancement allows you to choose which ■...

  • Page 110

    Enhancements Release K.13.16 Enhancements Syntax: show interfaces custom [port-list] column-list Select the information that you want to display. Parameters include: ■ port name ■ type vlan ■ intrusion ■ enabled ■ status ■ speed ■ ■ ■ flow Columns supported are: Parameter Column Displays port...

  • Page 111

    ProCurve(config)# show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi Status and Counters - Custom Port Status Port Name Type ---- ---------- ---------- ----- --------- ------- ------- -------- Acco 100/1000T Huma 100/1000T Deve 100/1000T Lab1 100/1000T Figure 20. Example of the Custom show interfaces Command You can specify the column width by entering a colon after the column name, then indicating the number of characters to display.

  • Page 112: Mirror Port Vlan Tagging

    Mirror Port VLAN Tagging ProCurve switches can mirror inbound and outbound traffic to local ports on the switch, or to ports on remote switches. Currently, a VLAN tag is added to the mirrored copy of untagged outbound packets to indicate the source VLAN of the packet. However, it is desirable in some situations to have mirrored packets look exactly like the original packet.

  • Page 113

    [no-tag-added] Assigns a mirroring source to a previously configured mirroring session on a source switch. It specifies the port, trunk, and/or mesh source to use, the direction of traffic to mirror, and the session identifier. Note: If configuring a mesh, designate it using the literal string “mesh”.

  • Page 114

    For more information about traffic mirroring, see “Monitoring and Analyzing Switch Operation” in the Management and Configuration Guide for your switch. For more information about ACL filtering, see “Access Control Lists (ACLs)” in the Access Security Guide for your switch. Using SNMP to Configure No-Tag-Added...

  • Page 115: Concurrent Web And Mac Authentication

    SHOULD save the change to non-volatile storage.” DEFVAL { 2 } ::= { hpicfBridgeMirrorSessionEntry 2 } Operating Notes • The specified port can be a physical port, a trunk port, or a mesh port. • Only a single logical port (physical port or trunk) can be associated with a mirror session when the no-tag-added option is specified.

  • Page 116: Ssh Enhancements

    Enhancements Release K.13.16 Enhancements • Web and MAC authentications are not allowed on the same port if unauthenticated VLAN (that is, a guest VLAN) is enabled for MAC authentication. An unauthenticated VLAN can’t be enabled for MAC authentication if Web and MAC authentication are both enabled on the port.

  • Page 117

    Syntax: [no] ip ssh [cipher <cipher-type>] Cipher types that can be used for connection by clients. Valid types are: • aes128-cbc • 3des-cbc • aes192-cbc • aes256-cbc • rijndael-cbc@lysator.liu.se • aes128-ctr • aes192-ctr • aes256-ctr Default: All cipher types are available. Use the no form of the command to disable a cipher type.

  • Page 118

    Enhancements Release K.13.16 Enhancements Table 1. RSA/DSA Values for Various ProCurve Switches Platform 5400/3500/6200/8200/2900 2610 Message Authentication Code (MAC) Support This enhancement allows configuration of the set of MACs that are available for selection. Syntax: [no] ip ssh [mac <MAC-type>] Allows configuration of the set of MACs that can be selected.

  • Page 119: Debug Logging

    ProCurve(config)# show ip ssh SSH Enabled : No TCP Port Number : 22 IP Version : IPv4orIPv6 Host Key Type : RSA Ciphers : aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc, rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr MACs : hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 Ses Type | Source IP --- -------- + ---------------------------------------------- ----- console inactive | inactive | inactive |...

  • Page 120: Release K.13.17 Enhancements, Release K.13.18 Enhancements, Release K.13.19 Enhancements, Using A Command Alias

    Enhancements Release K.13.17 Enhancements • debug • debug2 • debug3 Release K.13.17 Enhancements No enhancements; Bug fixes only. Release K.13.18 Enhancements Release K.13.18 includes the following enhancements: Enhancement (PR_1000406763) — New commands were added to the CLI response to ■ the show tech command.

  • Page 121

    Creates a shortcut alias name to use in place of a commonly used command. The alias command is executed from the current config context. name: Specifies the new command name to use to simplify keystrokes and aid memory. command: Specifies an existing command to be aliased. The command must be enclosed in quotes.

  • Page 122: Configure Logging Via Snmp

    SNMP, which allows more options for remote access and management of the switch. The HP enterprise MIB hpicfSyslog.mib is added to allow the configuration and monitoring of syslog. (RFC 3164 supported) The CLI has some additional parameters to permit interoperability with SNMP that are explained below.

  • Page 123

    Note See the section “Command Differences for the ProCurve Series 2600/2800/3400cl/6400cl Switches” on page 113 for command differences on these switches. Adding a Description for a Syslog Server You can associate a user-friendly description with each of the IP addresses (IPv4 only) configured for syslog using the CLI or SNMP.

  • Page 124

    Enhancements Release K.13.19 Enhancements Syntax: logging priority-descr <text_string> no logging priority-descr Provides a user-friendly description for the combined filter values of severity and system module. If no description is entered, this is blank. If <text_string> contains white space, use quotes around the string. Use the no form of the command to remove the description.

  • Page 125: Customizing Web Authentication Html Files

    Implementing multiple Web servers provides redundancy in case access to any of the other servers fail. Implementing Customized Web-Auth Pages Guidelines • Customized Web Authentication pages are configured per switch, so that each Web-Auth enabled port displays the same customized pages at client login. Enhancements Release K.13.19 Enhancements aaa port-access web-based...

  • Page 126: Enabling Customized Web Authentication

    Some template pages use Embedded Switch Includes (ESIs) or Active Server Pages. These should not be modified when customizing HTML files. ESIs behave as follows: A client’s Web browser sends a request for an HTML file. The switch passes the request to a configured Web server.

  • Page 127

    Customizable HTML Templates The sample HTML files described in the following sections are customizable templates. To help you create your own set HTML files, a set of the templates can be found on the download page for ‘K’ software. File Name index.html accept.html authen.html...

  • Page 128

    Enhancements Release K.13.19 Enhancements <!-- ProCurve Web Authentication Template index.html --> <html> <head> <title>User Login</title> </head> <body> <h1>User Login</h1> <p>In order to access this network, you must first log in.</p> <form action="/webauth/loginprocess" method="POST"> <table> <tr> <td>Username: </td> <td><input name="user" type="text"/></td> </tr>...

  • Page 129

    • The WAUTHREDIRECTTIMEGET ESI inserts the value for the waiting time used by the switch to redirect an authenticated client while the client renews its IP address and gains access to the network. The WAUTHREDIRECTURLGET ESI inserts the URL configured with the redirect-url •...

  • Page 130

    Enhancements Release K.13.19 Enhancements <!-- ProCurve Web Authentication Template accept.html --> <html> <head> <title>Access Granted</title> <!-- The following line is required to automatically redirect --> <meta http-equiv="refresh"content="<!- ESI(WAUTHREDIRECTTIMEGET, 1) ->;URL=<! ESI(WAUTHREDIRECTURLGET, 1) ->"/> </head> <body> <h1>Access Granted</h1> <!-- The ESI tag below will be replaced with the time in seconds until the page redirects.

  • Page 131

    The authen.html file is the Web page used to process a client login and is refreshed while user credentials are checked and verified. <!-- ProCurve Web Authentication Template authen.html --> <html> <head> <title>Authenticating</title> <!-- The following line is always required --> <meta http-equiv="refresh"...

  • Page 132

    VLAN used by unauthorized clients with the aaa port-access web-based unauth-vid command when you enable Web Authentication. The WAUTHREDIRECTTIMEGET ESI inserts the value for the waiting time used by the switch to redirect an unauthenticated client while the client renews its IP address and gains access to the VLAN for unauthorized clients.

  • Page 133

    The timeout.html file is the Web page used to return an error message if the RADIUS server is not reachable. You can configure the time period (in seconds) that the switch waits for a response from the RADIUS server used to verify client credentials with the aaa port-access web-based server-timeout command when you enable Web Authentication.

  • Page 134

    Enhancements Release K.13.19 Enhancements Retry Login Page (retry_login.html) Figure 22. Retry Login Page The retry_login.html file is the Web page displayed to a client that has entered an invalid username and/or password, and is given another opportunity to log in. The WAUTHRETRIESLEFTGET ESI displays the number of login retries that remain for a client that entered invalid login credentials.

  • Page 135

    <!-- ProCurve Web Authentication Template retry_login.html --> <html> <head> <title>Invalid Credentials</title> <!-- The following line is required to automatically redirect the user back to the login page. --> <meta http-equiv="refresh" content="5;URL=/EWA/index.html"> </head> <body> <h1>Invalid Credentials</h1> <p>Your credentials were not accepted. You have <!- ESI(WAUTHRETRIESLEFTGET,1 ->...

  • Page 136

    The sslredirect file is the Web page displayed when a client is redirected to an SSL server to enter credentials for Web Authentication. If you have enabled SSL on the switch, you can enable secure SSL-based Web Authentication by entering the aaa port-access web-based ssl-login command when you enable Web Authentication.

  • Page 137

    To specify the time period before a new authentication request can be received by the switch, configure a value for the aaa port-access web-based quiet-period command when you enable Web Authentication. This ESI should not be modified.

  • Page 138

    Enhancements Release K.13.19 Enhancements <!-- ProCurve Web Authentication Template reject_novlan.html --> <html> <head> <title>Access Denied</title> <!-- The line below is required to automatically redirect the user back to the login page. --> <meta http-equiv="refresh" content="<!- ESI(WAUTHQUIETTIMEGET,1) ->;URL=/EWA/index.html"> </head> <body> <h1>Access Denied</h1> <p>Your credentials were not accepted.

  • Page 139

    HTML files in their own directory, for example in “/EWA/”) ProCurve Switch (config)# aaa port-access web-based 47 ewa-server 10.0.12.179 /EWA ProCurve Switch (config)# aaa port-access web-based 47 ewa-server 10.0.12.180...

  • Page 140: Dynamic Ip Lockdown

    Displays the currently configured Web Authentication settings for all ports or specified ports, including web-specific settings for password retries, SSL login status, and a redirect URL, if specified. ProCurve Switch (config)# show port-access web-based 47 config Port Access Web-Based Configuration DHCP Base Address : 192.168.0.0 DHCP Subnet Mask : 255.255.255.0...

  • Page 141

    A source is considered “trusted” for all VLANs if it is seen on any VLAN without DHCP snooping enabled. • On the ProCurve switch series 5400 and 3500, dynamic IP lockdown is supported on a port configured for statically configured port-based ACLs. Enhancements Release K.13.19 Enhancements...

  • Page 142

    Enhancements Release K.13.19 Enhancements Prerequisite: DHCP Snooping Dynamic IP lockdown requires that you enable DHCP snooping as a prerequisite for its operation on ports and VLAN traffic: • Dynamic IP lockdown only enables traffic for clients whose leased IP addresses are already stored in the lease database created by DHCP snooping or added through a static configuration of an IP-to-MAC binding.

  • Page 143

    In this example, the following DHCP leases have been learned by DHCP snooping on port 5. VLANs 2 and 5 are enabled for DHCP snooping. IP Address MAC Address 10.0.8.5 001122-334455 10.0.8.7 001122-334477 10.0.10.3 001122-334433 Figure 28. Sample DHCP Snooping Entries The following example shows an IP-to-MAC address and VLAN binding that have been statically configured in the lease database on port 5.

  • Page 144: Operating Notes

    Dynamic IP lockdown is enabled at the port configuration level and applies to all bridged or routed IP packets entering the switch. The only IP packets that are exempt from dynamic IP lockdown are broadcast DHCP request packets, which are handled by DHCP snooping.

  • Page 145

    Adding an IP-to-MAC Binding to the DHCP Binding Database A switch maintains a DHCP binding database, which is used for dynamic IP lockdown as well as for DHCP and ARP packet validation. The DHCP snooping feature maintains the lease database by learning the IP-to-MAC bindings of VLAN traffic on untrusted ports.

  • Page 146

    Enhancements Release K.13.19 Enhancements Adding a Static Binding To add the static configuration of an IP-to-MAC binding for a port to the lease database, enter the ip source-binding command at the global configuration level. Use the no form of the command to remove the IP-to-MAC binding from the database.

  • Page 147

    An example of the show ip source-lockdown status command output is shown in Figure 31. Note that the operational status of all switch ports is displayed. This information indicates whether or not dynamic IP lockdown is supported on a port.

  • Page 148

    Enhancements Release K.13.19 Enhancements ProCurve(config)# show ip source-lockdown bindings Dynamic IP Lockdown (DIPLD) Bindings Mac Address IP Address ----------- ---------- 001122-334455 10.10.10.1 005544-332211 10.10.10.2 ......Figure 32.

  • Page 149: Release K.13.20 Enhancements

    ProCurve(config)# debug dynamic-ip-lockdown DIPLD 01/01/90 00:01:25 : denied ip 192.168.2.100 (0) (PORT 4) -> 192.168.2.1 (0), 1 packets DIPLD 01/01/90 00:06:25 : denied ip 192.168.2.100 (0) (PORT 4) -> 192.168.2.1 (0), 294 packets DIPLD 01/01/90 00:11:25 : denied ip 192.168.2.100 (0) (PORT 4) ->...

  • Page 150: Release K.13.21 Enhancements, Release K.13.22 Enhancements, Release K.13.23 Enhancements, Release K.13.24 Through K.13.25 Enhancements

    Enhancements Release K.13.21 Enhancements Release K.13.21 Enhancements No enhancements; Bug fixes only. Release K.13.22 Enhancements No enhancements; Bug fixes only. Release K.13.23 Enhancements No enhancements; Bug fixes only. Release K.13.24 through K.13.25 Enhancements No enhancements; Bug fixes only. Release K.13.26 through K.13.39 Enhancements No enhancements;...

  • Page 151: Clear Statistics Without Reboot

    ■ Clear Statistics Without Reboot It is useful to be able to clear all counters and statistics without rebooting the switch when troubleshooting network issues. The clear statistics global command clears all counters and statistics for all interfaces except SNMP. You can also clear the counters and statistics for an individual port using the clear statistics <port-list>...

  • Page 152: Increase Mac Lockout To 64, Configure Logging Via Snmp

    SNMP, which allows more options for remote access and management of the switch. The HP enterprise MIB hpicfSyslog.mib is added to allow the configuration and monitoring of syslog. (RFC 3164 supported) The CLI has some additional parameters to permit interoperability with SNMP that are explained below.

  • Page 153

    Adding a Description for a Syslog Server You can associate a user-friendly description with each of the IP addresses (IPv4 only) configured for syslog using the CLI or SNMP. The CLI command is: Syntax: logging <ip-addr> control-descr <text_string>] no logging <ip-addr> [control-descr] An optional user-friendly description that can be associated with a server IP address.

  • Page 154: Release K.13.41 Enhancements, Operating Notes, Release K.13.42 Enhancements, Release K.13.43 Enhancements

    Enhancement (PR_0000003557) — The ability to enable/disable the USB port via CLI and ■ SNMP was added. Note that after being disabled and subsequently re-enabled, the USB port may not function consistently with the PCM USB Autorun features until the switch has been reloaded.

  • Page 155: Release K.13.44 Enhancements, Release K.13.45 Enhancements, Release K.13.46 Through K.13.48 Enhancements, Release K.13.49 Enhancements

    Release K.13.44 Enhancements No enhancements; Bug fixes only. (Not a public release) Release K.13.45 Enhancements The following problems were resolved in release K.13.45. ■ Enhancement (PR_0000010783) — Support was added for the following products. J9099B - ProCurve 100-BX-D SFP-LC Transceiver J9100B - ProCurve 100-BX-U SFP-LC Transceiver J9142B - ProCurve 1000-BX-D SFP-LC Mini-GBIC J9143B –...

  • Page 156: Software Fixes In Release K.11.12 - K.13.49, Release K.11.12

    Unless otherwise noted, each new release includes the software fixes added in all previous releases. Release K.11.11 was the first production software release for the ProCurve 3500yl, 6200yl, and 5400zl Series switches. Release K.11.69 is the last release of the K.11.xx software. The 3500yl, 6200yl, and 5400zl switch series software code was rolled to the K.12.00 code branch with no intervening releases.

  • Page 157: Release K.11.13, Release K.11.14, Release K.11.15

    ■ RSTP (PR_1000307278) — Replacing an 802.1D bridge device with an end node (non-STP device) on the same Switch port, can result in the RSTP Switch sending TCNs. ■ Web UI (PR_1000303371) — In the Web User Interface, the QOS Device Priority window scroll bar does not allow sufficient scrolling to view all entries.

  • Page 158: Release K.11.16, Release K.11.17, Release K.11.32

    IP routes. ■ Crash (PR_1000322009)— The Switch may crash with a message similar to: Software exception in ISR at queues.c:123. Menu (PR_1000318531) — When using the Menu interface, the Switch hostname may be ■ displayed incorrectly. Release K.11.16 The following problems were resolved in release K.11.16 (not a general release)

  • Page 159

    Software exception at ldbal_cost.c:1577 -- in 'eDrvPoll', task ID = 0x1760650-> ASSERT: failed. ■ Crash (PR_1000314305) — The switch may crash with a message similar to: Software exception at ipamMApi.c:1592/1594 -- in 'eRouteCtrl' Crash (PR_1000323759) — The Switch may crash with a message similar to: ■...

  • Page 160

    Crash (PR_1000335430) — The Switch may crash with a message similar to: ■ "Cam range reservation error" crash at aqSlaveRanges.c:172. Event Log (PR_1000308669) — After a Switch reset, the event log does not display correct ■ information. Event Log (PR_1000310958) — Unsupported modules do not produce an event log ■...

  • Page 161: Release K.11.33

    10/100 ports. ■ VLAN (PR_1000334107) — User is unable to add a port to a VLAN and the Switch responds with an invalid error message. Web UI (PR_1000308213) — Removed Web Stacking Tab within the Web User Interface ■...

  • Page 162: Release K.11.34, Release K.11.35

    The following problems were resolved in release K.11.35 (never released) ■ Authentication (PR_1000343377) — When running the Windows XP 802.1x supplicant and the switch sends a re-authentication, Windows XP prompts the user to re-enter their username and password again. ■...

  • Page 163: Release K.11.36, Release K.11.37, Release K.11.38, Release K.11.39

    1. Release K.11.39 The following problems were resolved in release K.11.39 (never released) Crash (PR_1000344998) — The switch may crash with a message similar to ■ Software exception at sme.c:103 -- in 'mSess1', task ID = 0x8e05520 ->...

  • Page 164: Release K.11.40, Release K.11.41, Release K.11.43

    ■ Enhancement (PR_1000346164) — RSTP/MSTP BPDU Protection: When this feature is enabled on a port, the switch will disable (drop the link) a port that receives a spanning tree BPDU, log a message, and optionally, send an SNMP TRAP. Release K.11.41 The following problems were resolved in release K.11.41...

  • Page 165: Release K.11.44, Release K.11.46

    3500yl switches references slot letters when it should display port numbers. ■ Crash (PR_1000357083) — The switch management may run out of packet buffers and crash with a message similar to: Software exception at ngDmaTx.c:722 -- in 'tDevPollTx', task ID = 0x4305c504 ->...

  • Page 166: Release K.11.47, Release K.11.48, Release K.11.49

    Enhancement (PR_1000351445) — The "show tech transceiver" CLI command output now ■ contains the HP part number and revision information for all transceivers on the switch. ■ OSPF (PR_1000363648) — The "restrict" CLI command in OSPF redistribution does not filter the default route.

  • Page 167: Release K.11.61, Release K.11.62

    ■ proxy-arp column is shifted over to the left by one. ■ Crash (PR_1000356446) — When traffic monitoring is in use, the switch may crash with a message similar to this. Data Bus Error: Addr=0x704a6114 Data=0x00000011 flags=0x10000751, IP=0x4012eaac Task='mEaseUpdt' TaskID=0x42fef338 ■...

  • Page 168: Release K.11.63, Release K.11.64

    ■ enabled on a module, unless the user issues the commands "qos type-of service ip-precedence" or "qos type-of service diff-services". Crash (PR_1000368540) — The switch may crash with a message similar to: ■ Software exception at parser.c:8012 -- in 'mSess2', task ID = 0x90e10e0 ->...

  • Page 169: Release K.11.65, Release K.11.66

    CLI (PR_1000364628) — The command output from "show ip rip peer" yields an improperly formatted peer IP address. ■ Meshing (PR_1000386393) — A 5412zl switch may crash with a bus error, when 4 Port CX4 module (J8708A) in Slot L is configured for Meshing. The crash message is similar to the following.

  • Page 170: Release K.11.67, Release K.11.68

    The following problems were resolved in release K.11.67 (not a general release) ■ MSTP (PR_1000385573) — MSTP instability when root switch priority is changed. This causes other switches with better priority to assert themselves as root, thus causing a root war to occur.

  • Page 171: Release K.11.69, Release K.12.01

    Release K.11.69 is the last release of the K.11.xx software. The 3500yl, 6200yl, and 5400zl switch series software code was rolled to the K.12.0x code branch with no intervening releases.

  • Page 172: Release K.12.02

    Routing (PR_1000359162) — When the user configures a static route that overlaps with a local subnet configured on the switch, the router will not respond to packets destined for its own IP address. The packets for its own IP address will be routed using the configured static route.

  • Page 173: Release K.12.03

    ■ RIP (PR_1000393366) — The switch does not process RIP (v2) responses containing subnets with a classful subnet mask, when the receiving RIP switch has a connected VLSM network defined that would fall within that classful range. Release K.12.03 The following problems were resolved in release K.12.03 (not a general release)

  • Page 174: Release K.12.04

    ■ rebooting does not clean up the RMON 'alarm' table. ■ Crash (PR_1000405465) — Use of dynamically assigned ACLs may cause the switch to reboot with the following error: Software exception at aclBttfMUtils.c:1208 -- in 'midmCtrl', task ID = 0x85f6a60 -> internal error Enhancement MSTP (PR_1000369492) —...

  • Page 175: Release K.12.05, Release K.12.06, Release K.12.07

    45 through 48 on a 3500yl-48G-PWR switch. Crash (PR_1000410758) — When the interface <port-list> speed-duplex auto-10-100 ■ command is issued on a range of ports, the switch may crash with a message similar to: NMI event HW:IP=0x0083f224 MSR:0x00029210 LR:0x0033c3c4 Task='tDevPollRx' Task ID=0x9137e50 cr: 0x20000022 sp:0x09137d78 xer:0x20000000 ■...

  • Page 176: Release K.12.08, Release K.12.09, Release K.12.10

    30 seconds. Config (PR_1000416508) —- Cannot create alternate startup-config file. Although show ■ config files shows an available slot, the switch does not allow copying from an existing config file to create a new config file in the vacant slot. ■...

  • Page 177: Release K.12.11, Release K.12.12, Release K.12.13, Release K.12.14

    ■ management module serial number is returned instead of the chassis serial number. ■ SNMP (PR_1000422129) — HP Fault Finder doesn't send the interface index with the SNMP trap, even though it is listed in the system log. Release K.12.11 Software never released.

  • Page 178: Release K.12.15

    ■ Crash (PR_1000407238) — Execution of the "show config" command when the startup configuration is different than the running configuration may cause the switch to crash with a message similar to: Software exception at cli_mirror.c:6201 -- in 'mSess1', task ID = 0x8e53690 ->...

  • Page 179: Release K.12.16, Release K.12.17

    ID=0x0fp: 0x18020800 sp: Release K.12.17 The following problems were resolved in release K.12.17. STP (PR_1000420442) — The switch erroneously allows configuration of spanning tree ■ parameters on an interface that is a member of a trunk (link aggregation group), which creates an invalid configuration.

  • Page 180: Release K.12.18, Release K.12.19

    ■ Crash (PR_1000436274) — Typing a question mark ("?") at the "multi-line" input prompt (">") may cause the switch to crash. The crash occurs when the switch is trying to print the error message that states: Expansion help not available on multi-line input.

  • Page 181: Release K.12.20, Release K.12.21

    Enhancement (PR_1000374051) — The 5400zl switches are not detecting packets from an Avaya G700 PBX or Cajun switch due to irregular Ethernet packets sent by those devices. This is a workaround that will alter the 5400zl software to allow 100Mb operation on the upcoming "C"...

  • Page 182: Release K.12.22, Release K.12.23

    RADIUS (PR_1000442879) — If RADIUS (or TACACS+) keys are configured, and then the ■ switch is updated to a software revision with the ability to save the security credentials in the configuration file (K.12.06 or later), the RADIUS keys are no longer shown in output from the "show run”...

  • Page 183: Release K.12.24, Release K.12.25

    MSTP (PR_1000439775) — The switch generates a topology change when a port goes ■ off-line. With MSTP enabled and all ports left at default (auto-edge-port), when a port transitions to offline, a TC will be generated, and the topology change counter increases.

  • Page 184: Release K.12.26 Through K.12.29, Release K.12.30, Release K.12.31, Release K.12.32, Release K.12.33 Through K.12.40

    The following problems were resolved in release K.12.31. ■ Enhancement — Support for the following ProCurve product was added. J9091A / J8715A (bundle) for the ProCurve switch 8212zl Release K.12.32 Never released. The following problems were resolved in build K.12.32.

  • Page 185: Release K.12.44, Release K.12.45

    MAC auth RADIUS VLAN assignment. ■ SNMP (PR_1000389902) — The switch is not sending an "embedded URL" within the SNMP trap for an FFI event to the PCM server monitoring traps. The embedded URL, if sent, would allow someone looking at the log event on the PCM server to simply click on the URL and be immediately connected to the switch.

  • Page 186: Release K.12.46, Release K.12.47

    ■ the Telnet session may become unresponsive, and fail to reset by the kill command issued at the console prompt. This may require the switch to be reloaded to become active again. Release K.12.47 The following problems were resolved in release K.12.47.

  • Page 187: Release K.12.48, Release K.12.49, Release K.12.50, Release K.12.51

    VLAN IDs (1-4094) to an MSTP instance, even if some of the VLANs are not currently configured on the switch. The initial implementation of this enhancement did not allow smooth migration of pre-existing MSTP configurations.

  • Page 188: Release K.12.52, Release K.12.53

    Crash (PR_1000472846) — Rebooting the switch with an active Telnet session and while ■ remote mirroring is in use may cause the switch to crash with a message similar to the following. There may also be other, unknown triggers that cause this crash.

  • Page 189: Release K.12.54

    Link Speed (PR_1000432419) — Ports 1-24 on the ProCurve 3500yl-24G-PWR and ports ■ 25-48 on the ProCurve 3500yl-48G-PWR switches may link at 10/100 speeds rather than the gigabit speed they support. TFTP (PR_1000419582) — The switch CLI counter displays the wrong size of the file being ■...

  • Page 190: Release K.12.55, Release K.12.56, Release K.12.57

    Dynamic ARP Protection (DARPP) characteristics if the last two ports are DARPP configured. For example, if the switch has 24 ports and ports 23 and 24 have DARPP characteristics, the DARPP characteristics for port 24 will not be initialized. The last port will be initialized in all other cases.

  • Page 191

    Routing (PR_1000744325) — When a PC is using the switch as its default gateway, and that switch is set with a default route to another device on the same VLAN, duplication of packets may occur. Symptoms may include seeing TCP packets out of order due to retransmission.

  • Page 192

    VRRP (PR_1000401050) — Turning on IP multicast routing without enabling PIM may cause VRRP starvation. ■ SCP (PR_1000760416) — Software transferred through SCP upload becomes corrupted; the image is successfully copied via SCP, but when the switch processes the image in copying to flash, the write never completes.

  • Page 193: Release K.13.03

    Software exception at parser.c:2653 — in 'mSess1', task ID = 0x898e6a0-> ASSERT: PIM (PR_1000749627) — A switch with PIM-SM may send a prune to the RP when none ■ is required.

  • Page 194: Release K.13.04

    ‘auto’ or ‘1000-full’ for the dual-personality ports when the configuration file is transferred to the switch via tftp, scp or sftp. Other port settings that should be valid cause the file transfer to abort with a "corrupted download file" error.

  • Page 195

    CLI/sFlow (PR_0000000360) — The switch administrator is unable to configure sFlow ■ for ports on modules that have not been inserted yet into the switch. Software Fixes in Release K.11.12 - K.13.49 “Release K.13.04 Enhancements” on page “Release K.13.04 Enhancements”...

  • Page 196

    Software Fixes in Release K.11.12 - K.13.49 Release K.13.04 CLI (PR_0000000476) — Various CLI parameters are rejected by the switch as invalid ■ when the administrator is trying to configure ports of transceivers/modules that have not yet been inserted into the switch. Affected commands include ip source-binding; interface <x>...

  • Page 197: Release K.13.05

    Release K.13.05 The following problems were resolved in release K.13.05 (not a public release). Link/Config (PR_1000771549) — On a ProCurve 3500yl Series Switch, a link will not come ■ up after configuring the port mode from MDI to AUTOMDIX (on one side of the link).

  • Page 198: Release K.13.06, Release K.13.07

    Bootup/Flash (PR_1000785113) — During the write-to-flash process, the configuration file may become truncated if the switch is interrupted (by crash or power outage, for example). This fix minimizes that risk for ProCurve 3500yl, 6200yl, 5400zl Series switches. Release K.13.06 The following problems were resolved in release K.13.06 (not a public release).

  • Page 199: Release K.13.08

    Web/MAC Authentication (PR_1000793226) — Web or MAC authentication to the ■ switch by a client that moves from one port to another may either fail or cause the switch to crash with a message similar to the following. Program exception vector - Task='mWebAuth' Task ID=0x83bc390 Software Fixes in Release K.11.12 - K.13.49...

  • Page 200: Release K.13.09, Release K.13.10

    Web Authentication (PR_0000002047) — Use of Web authentication with MS-CHAP-v2 ■ to Microsoft IAS may cause the switch to crash with a message similar to the following. Software exception at exception.c:501 -- in 'mWebAuth', task ID = 0x8438440 Memory System error at 0x7f56610 - memPartFree ■...

  • Page 201: Release K.13.11, Release K.13.12

    “DHCPINFORM” after receiving address information, the DHCP server response is not forwarded to the client by the switch. Crash (1000790369) — Use of VRRP may cause the switch to crash with a message similar ■...

  • Page 202

    Module Selftest (PR 0000001273) — After a reboot, ports 1-24 or ports 25-48 on the ■ ProCurve 3500yl, or ports 1-24 on the 6200yl switches, may become unresponsive followed by green and amber port LEDs remaining lit. The ports recover automatically. The log file will show the following messages.

  • Page 203: Release K.13.13, Release K.13.14

    Release K.13.13 The following problems were resolved in release K.13.13 (never released). 802.1X (PR_1000446227) — Switch 802.1X authentication running over PAP does not ■ work if the RADIUS message authenticator attribute is required. This fix added the message authenticator attribute to non-EAP RADIUS responses.

  • Page 204: Release K.13.15, Release K.13.16

    Software Fixes in Release K.11.12 - K.13.49 Release K.13.15 Release K.13.15 The following problems were resolved in release K.13.15 (never released). No enhancements; No bug fixes. Release K.13.16 The following problems were resolved in release K.13.16 (not a public release). Enhancement (PR_0000001641) —...

  • Page 205: Release K.13.17

    ■ that is jumbo enabled, the Access-Request will specify a value of Framed-MTU of 9182 bytes. When the RADIUS server replies with a large frame, the switch does not respond, causing the authentication process to halt. Protocol Starvation (PR_0000003814) — If the switch is configured for routing, certain ■...

  • Page 206: Release K.13.18

    ■ Crash (PR_0000004166) — When the PIM Sparse Mode "trap all" parameter is configured and the link to PIM neighbor is disabled, the switch will crash and may report a message similar to the following. Software exception at exception.c:501 -- in 'mPimsmCtrl', task ID = 0x8215d30 Memory system error at 0x7c838f0 –...

  • Page 207: Release K.13.19, Release K.13.20

    Wake-On-LAN (PR_0000004794) — Wake-On-LAN does not always work successfully. ■ ■ IP Phone (PR_0000004803) — A tandem IP phone may stop talking to the switch after a connected PC login failure and reboot. ■ PIM-SM (PR_0000005219) — When the switch sends a “Register-Stop” message, it will use an incorrect source IP address in the packet header of the message.

  • Page 208: Release K.13.21

    CLI command. CLI (PR_0000005381) — Attempts to perform a copy flash <primary|secondary> at the ■ CLI of a 8212zl switch running K.13.05 or higher will fail with the following error. Flash-to-flash copy of product code failed ■...

  • Page 209: Release K.13.22, Release K.13.23

    ■ 10/100/1000 interface in an external configuration file and the configuration file is copied to the switch, the system returns the port setting to the default value, changing ‘auto-1000’ to ‘auto.’ CLI (PR_0000004687) — The CLI command ip access-list resequence <name-str> does ■...

  • Page 210: Release K.13.24, Release K.13.25

    VLAN that is jumbo enabled, the Access-Request will specify a value of Framed-MTU of 9182 bytes. This allows the RADIUS server to reply with a large fragment which the switch does not process, causing the authentication to fail. This is an additional fix for the issue described...

  • Page 211: Release K.13.26 Through K.13.39, Release K.13.40

    ” for a description of the behavior change with this fix. Note: This fix is associated with some new switch behavior: When only one port has learned of a dynamic VLAN, it will advertise that VLAN if an auth port has been RADIUS-assigned that dynamic VLAN, regardless of the unknown-VLANs configuration of that port.

  • Page 212: Release K.13.41, Release K.13.42

    Crash (PR_0000006476) — Some configuration commands entered at the CLI (e.g. web, ■ or no web) may cause the switch to crash with a message similar to the following: PPC Data Storage (Bus Error) exception vector 0x300:Stack Frame=0x088befe8HW Addr=0x00cff108 IP=0x0096ca4c Task='mSnmpCtrl' Task ID=0x88bf320 fp: 0x0845a7e0 ■...

  • Page 213: Release K.13.43, Release K.13.44

    IP address of the SNMP Request is the Loopback IP. The source IP address of the SNMP Response should be the destination IP of the SNMP Request, but instead the switch uses the IP address of the active interface from which the SNMP Response was sent.

  • Page 214: Release K.13.45

    ■ network, if the MSTP configuration of the uplink port is changed from auto-edge to no auto-edge there is a topology change event that takes place as the switch asserts itself as a new root. Enhancement (PR_0000010783) — Support was added for the following products.

  • Page 215: Release K.13.46

    Transceivers (PR_0000010525) — Intermittent self test failure may occur if transceivers are hot-swapped in and out of the switch in too short a time frame. Note that even with this fix, transceivers should always be allowed to initialize fully prior to removal and subsequent re-insertion.

  • Page 216

    Support Note: This fix has implications for rolling back the software. If password encryption is configured and a switch running software with the fix is rolled back to a software version prior to the fix using the same config file, the config loading will fail, and error messages for each line containing "sha0"...

  • Page 217: Release K.13.47, Release K.13.48

    OSPF ECMP (PR_0000004798) — Some IP subnets which are multiple hops away are not ■ reachable from certain clients despite the presence of the target subnet in the switch routing table. Workaround: Initiate a traceroute from the switch to the client PC.

  • Page 218: Release K.13.49

    Software Fixes in Release K.11.12 - K.13.49 Release K.13.49 Release K.13.49 The following problems were resolved in release K.13.49. Auto-TFTP (PR_0000014646/0000013552) — Certain software file names may trigger ■ auto-tftp to reload the same software file repeatedly.

  • Page 219

    © 2006 - 2008 Hewlett-Packard Development Company, LP. The information contained herein is subject to change without notice. January 2009 Manual Part Number 5991-4720...

Comments to this Manuals

Symbols: 0
Latest comments: