Download  Print this page

HP PROCURVE 2520 Management And Configuration Manual

Hewlett-packard switch user manual
Hide thumbs
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544

Advertisement

Table of Contents
HP ProCurve Switch Software
Management and Configuration Guide
2520 Switches
Software version S.14.03
November 2009

Advertisement

Table of Contents
loading

  Also See for HP PROCURVE 2520

  Related Manuals for HP PROCURVE 2520

  Summary of Contents for HP PROCURVE 2520

  • Page 1 HP ProCurve Switch Software Management and Configuration Guide 2520 Switches Software version S.14.03 November 2009...
  • Page 3 HP ProCurve 2520 Switches Management and Configuration Guide November 2009 S.14.03...
  • Page 4 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
  • Page 5: Table Of Contents

    Product Documentation About Your Switch Manual Set ......xix Printed Publications......... . xix Electronic Publications .
  • Page 6: Selecting A Management Interface

    Rebooting the Switch ........
  • Page 7: Using The Procurve Web Browser Interface

    Starting a Web Browser Interface Session with the Switch ......5-4 Using a Standalone Web Browser in a PC or UNIX Workstation .
  • Page 8: Switch Memory And Configuration

    Displaying the Current Flash Image Data ..... . 6-13 Switch Software Downloads ....... . . 6-15 Entering a User Name and Password .
  • Page 9 Rebooting the Switch ........
  • Page 10: Interface Access And System Information

    Web: Configuring IP Addressing ......8-10 How IP Addressing Affects Switch Operation ....8-11 IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads .
  • Page 11: Time Protocols

    Protocol Operation ..........9-3 General Steps for Running a Time Protocol on the Switch: ..9-3 Disabling Time Synchronization .
  • Page 12 Enabling or Disabling Flow Control ......10-17 Configuring a Broadcast Limit on the Switch ....10-19 Configuring ProCurve Auto-MDIX .
  • Page 13 Viewing PoE Configuration and Status ..... . . 11-15 Displaying the Switch’s Global PoE Power Status ....11-15 Displaying an Overview of PoE Status on All Ports .
  • Page 14 Trunk Group Operation Using the “Trunk” Option ... . 12-26 How the Switch Lists Trunk Data ......12-27 Outbound Traffic Distribution Across Trunked Links .
  • Page 15 Overview ........... . A-3 Downloading Switch Software ....... . A-3 General Software Download Rules .
  • Page 16 PC or UNIX Workstation ........A-17 Switch-to-Switch Download ....... . A-19 Using PCM+ to Update Switch Software .
  • Page 17 Task Monitor—Collecting Processor Data ..... B-7 Switch Management Address Information ..... . B-8 Menu Access .
  • Page 18 Fan Failure ..........C-21 Using the Event Log for Troubleshooting Switch Problems ..C-22 Event Log Entries .
  • Page 19 Traceroute Command ........C-54 Viewing Switch Configuration and Operation ....C-58 CLI: Viewing the Startup or Running Configuration File .
  • Page 20 Determining MAC Addresses ........D-3 Menu: Viewing the Switch’s MAC Addresses ....D-4 CLI: Viewing the Port and VLAN MAC Addresses .
  • Page 21: Product Documentation

    Note at the top of this page. ■ Read Me First—Provides software update information, product notes, and other information. HP ProCurve Switch Quick Setup—Provides quick start installation ■ instructions. See the Installation and Getting Started Guide for more detailed information.
  • Page 22 Software Feature Index For the software manual set supporting your series 2520 switch models, this feature index indicates which manual to consult for information on a given software feature. Feature 802.1Q VLAN Tagging 802.1p Priority 802.1X Authentication AAA Authentication Authorized IP Managers...
  • Page 23 Feature File Transfers Friendly Port Names GVRP IGMP Interface Access (Telnet, Console/Serial, Web) IP Addressing LACP Link LLDP LLDP-MED Loop Protection MAC Address Management MAC Lockdown MAC Lockout MAC-based Authentication Monitoring and Analysis Multicast Filtering Network Management Applications (LLDP, SNMP) Passwords Ping Port Configuration...
  • Page 24 Feature Power over Ethernet (PoE) Quality of Service (QoS) RADIUS Authentication and Accounting Secure Copy SFTP SNMP Software Downloads (SCP/SFTP, TFTP, Xmodem) Spanning Tree (MSTP) SSH (Secure Shell) Encryption SSL (Secure Socket Layer) Stack Management (Stacking) Syslog System Information TACACS+ Authentication Telnet Access TFTP Time Protocols (TimeP, SNTP)
  • Page 25: Contents

    IP Addressing ..........1-8 To Set Up and Install the Switch in Your Network ....1-8 Physical Installation .
  • Page 26: Introduction

    ProCurve Networking web site, www.procurve.com. Conventions Configuration and Operation Examples Unless otherwise noted, examples using a particular switch model apply to all switch models covered by this guide. Protocol Acronyms IP Refers to the IPv4 protocol unless otherwise noted.
  • Page 27: Command Prompts

    Syntax: aaa port-access authenticator < port-list > Command Prompts In the default configuration, your switch displays a CLI prompt similar to the following example: ProCurve 2520-8-PoE# To simplify recognition, this guide uses ProCurve to represent command prompts for all switch models.
  • Page 28: Keys

    Simulations of actual keys use a bold, sans-serif typeface with square brackets. For example, the Tab key appears as Sources for More Information For information about switch operation and features not covered in this guide, consult the following sources: Feature Index—For information on which manual to consult for a given ■...
  • Page 29 • port configuration, trunking, traffic control, and PoE operation • SNMP, LLDP, and other network management topics • file transfers, switch monitoring, troubleshooting, and MAC address management Advanced Traffic Management Guide—Use this guide for information on ■ topics such as: •...
  • Page 30: Getting Documentation From The Web

    Click on Support. Click on Manuals. Click on the product for which you want to view or download a manual. If you need further information on ProCurve switch technology, visit the ProCurve Networking web site at: Online Help Menu Interface If you need information on specific parameters in the menu interface, refer to the online help provided in the interface.
  • Page 31: Command Line Interface

    Getting Started Sources for More Information Command Line Interface If you need information on a specific command in the CLI, type the command name followed by help. For example: Figure 1-3. Example of CLI Help Web Browser Interface If you need information on specific features in the ProCurve Web Browser Interface (hereafter referred to as the “web browser interface”), use the online Help.
  • Page 32: Ip Addressing

    Need Only a Quick Start? IP Addressing If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, ProCurve recommends that you use the Switch Setup screen to quickly configure IP addressing. To do so, do one of the following: Enter setup at the CLI Manager level prompt.
  • Page 33: Contents

    Selecting a Management Interface Contents Overview ........... . . 2-2 Understanding Management Interfaces .
  • Page 34: Overview

    VT-100/ANSI console built into the switch—2-4 ■ Web browser interface --a switch interface offering status information and a subset of switch commands through a standard web browser (such as Netscape Navigator or Microsoft Internet Explorer)—2-5 ■ ProCurve Manager (PCM)—a windows-based network management solution included in-box with all manageable ProCurve devices.
  • Page 35: Advantages Of Using The Menu Interface

    ■ Offers out-of-band access (through the RS-232 connection) to the switch, so network bottlenecks, crashes, lack of configured or correct IP address, and network downtime do not slow or prevent access Selecting a Management Interface Advantages of Using the Menu Interface •...
  • Page 36: Advantages Of Using The Cli

    ProCurve(<context>)# For example: Figure 2-2. Command Prompt Examples General Benefits ■ Provides access to the complete set of the switch configuration, perfor­ mance, and diagnostic features. Offers out-of-band access (through the RS-232 connection) or Telnet (in­ ■ band) access. ■...
  • Page 37: Advantages Of Using The Web Browser Interface

    VLANs), use the Contents listing at the front of the manual to locate the information you need. ■ For monitoring and analyzing switch operation, refer to Appendix B. For information on individual CLI commands, refer to the Index or to the ■...
  • Page 38: Or Procurve Manager Plus

    Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus More visual cues, using colors, status bars, device icons, and other ■ graphical objects instead of relying solely on alphanumeric values ■ Display of acceptable ranges of values available in configuration list boxes Advantages of Using ProCurve Manager or ProCurve Manager Plus...
  • Page 39 Advantages of Using ProCurve Manager or ProCurve Manager Plus • In-Depth Traffic Analysis: An integrated, low-overhead traffic mon­ itor interface shows detailed information on traffic throughout the network. Using enhanced traffic analysis protocols such as Extended RMON, users can monitor overall traffic levels, segments with the highest traffic, or even the top users within a network segment.
  • Page 40: And Web Browser Interfaces

    Custom Login Banners for the Console and Web Browser Interfaces You can now configure the switch to display a login banner of up to 3070 characters when an operator initiates a management session with the switch through any of the following methods: ■...
  • Page 41: Configuring And Displaying A Non-Default Banner

    Custom Login Banners for the Console and Web Browser Interfaces or if the switch is using the factory-default banner shown in figure 2-5, then the banner page does not appear in the Web browser when an operator initiates a login session with the switch.
  • Page 42 Selecting a Management Interface Custom Login Banners for the Console and Web Browser Interfaces This is a private system maintained by the Unauthorized use of this system can result in In this case, the operator will use the [Enter] key to create line breaks, blank spaces for line centering, and the % symbol to terminate the banner message.
  • Page 43 The next time someone logs onto the switch’s management CLI, the following appears: Figure 2-7. Example of CLI Result of the Login Banner Configuration If someone uses a Web browser to log in to the switch interface, the following message appears: Selecting a Management Interface...
  • Page 44: Operating Notes

    The default banner appears only when the switch is in the factory default configuration. Using no banner motd deletes the currently configured banner text and blocks display of the default banner. The default banner is restored only if the switch is reset to its factory- default configuration. ■...
  • Page 45: Contents

    Rebooting the Switch ........
  • Page 46: Overview

    Event Log, and the Operator level in the CLI. After you configure passwords on the switch and log off of the interface, access to the menu interface (and the CLI and web browser interface) will require entry of either the Manager or Operator password.
  • Page 47: Starting And Ending A Menu Session

    To enter the CLI from the Menu interface, select Starting and Ending a Menu Session You can access the menu interface using any of the following: A direct serial connection to the switch’s console port, as described in the ■ installation guide you received with the switch ■...
  • Page 48: How To Start A Menu Interface Session

    Starting and Ending a Menu Session How To Start a Menu Interface Session In its factory default configuration, the switch console starts with the CLI prompt. To use the menu interface with Manager privileges, go to the Manager level prompt and enter the menu command.
  • Page 49: How To End A Menu Session And Exit From The Console

    For a description of Main Menu features, see “Main Menu Features” on page 3­ N o t e To configure the switch to start with the menu interface instead of the CLI, go to the Manager level prompt in the CLI, enter the setup command, and in the resulting display, change the Logon Default parameter to Menu.
  • Page 50 Telnet session. 2. If you have made configuration changes that require a switch reboot— that is, if an asterisk (*) appears next to a configured item or next to Switch Configuration in the Main Menu: a. Return to the Main Menu.
  • Page 51: Main Menu Features

    The Main Menu gives you access to these Menu interface features: ■ Status and Counters: Provides access to display screens showing switch information, port status and counters, and port and VLAN address tables. (Refer to Appendix B, “Monitoring and Analyzing Switch Opera­ tion”.) Switch Configuration: Provides access to configuration screens for ■...
  • Page 52 (Refer to the Installation and Getting Started Guide for your switch.) Logout: Closes the Menu interface and console session, and disconnects ■ Telnet access to the switch. (See “How to End a Menu Session and Exit from the Console” on page 3-5.)
  • Page 53: Screen Structure And Navigation

    Screen Structure and Navigation Menu interface screens include these three elements: ■ Parameter fields and/or read-only information such as statistics Navigation and configuration actions, such as Save, Edit, and Cancel ■ ■ Help line to describe navigation options, individual parameters, and read- only data For example, in the following System Information screen: Screen title –...
  • Page 54 (or flash) memory, and it is therefore not necessary to reboot the switch after making these changes. But if an asterisk appears next to any menu item you reconfigure, the switch will not activate or save the change for that item until you reboot the switch.
  • Page 55 To get Help on individual parameter descriptions. In most screens there is a Help option in the Actions line. Whenever any of the items in the Actions line is highlighted, press For example: Highlight on any item in the Actions line indicates that the Actions line is active.
  • Page 56: Rebooting The Switch

    To Reboot the switch, use the Reboot Switch option in the Main Menu. (Note that Reboot Switch is not available if you log on in Operator mode; that is, if you enter an Operator password instead of a manager password at the password prompt.)
  • Page 57 If you make configuration changes in the menu interface that require a reboot, the switch displays an asterisk (*) next to the menu item in which the change has been made. For example, if you change and save the value for the Maximum...
  • Page 58: Menu Features List

    • • • • • • Console Passwords Event Log Command Line (CLI) Reboot Switch Download OS (Download Switch Software) Run Setup Stacking Logout 3-14 General System Information Switch Management Address Information Port Status Port Counters VLAN Address Table Port Address Table...
  • Page 59: Where To Go From Here

    Option: To use the Run Setup option To view and monitor switch status and Appendix B, “Monitoring and Analyzing Switch counters To learn how to configure and use passwords and other security features switch.
  • Page 60 Using the Menu Interface Where To Go From Here 3-16...
  • Page 61: Contents

    Using the Command Line Interface (CLI) Contents Overview ........... . . 4-2 Accessing the CLI .
  • Page 62: Accessing The Cli

    You can access the console out-of-band by directly connect­ ing a terminal device to the switch, or in-band by using Telnet either from a terminal device or through the web browser interface.
  • Page 63: Privilege Levels At Logon

    Access Security Guide for your switch.) When you use the CLI to log on to the switch, and passwords are set, you will be prompted to enter a password. For example: Password Prompt Figure 4-1.
  • Page 64: Privilege Level Operation

    A “>” character delimits the Operator-level prompt. For example: ProCurve> _ When using enable to move to the Manager level, the switch prompts you for the Manager password if one has already been configured. 1. Operator Level 2.
  • Page 65: Manager Privileges

    Global Configuration level: Provides all Operator and Manager level privileges, and enables you to make configuration changes to any of the switch’s software features. The prompt for the Global Configuration level includes the system name and “(config)”. To select this level, enter the config command at the Manager prompt.
  • Page 66 Operator and Manager commands. For a list of available commands, enter Execute context-specific configuration commands, such as a particular VLAN or switch port. This is useful for shortening the command strings you type, and for entering a series of commands for the same context. For a list of available commands, enter at the prompt.
  • Page 67: How To Move Between Levels

    ProCurve Moving Between the CLI and the Menu Interface. When moving between interfaces, the switch retains the current privilege level (Manager or Operator). That is, if you are at the Operator level in the menu and select the Command Line Interface (CLI) option from the Main Menu, the CLI prompt appears at the Operator level.
  • Page 68: Listing Commands And Command Options

    If you subsequently execute write memory in the CLI, then the switch also stores “Y” as the IP address for VLAN 1 in the startup-config file. (For more on the startup-config and running config files, see Chapter 6, “Switch Memory and Configuration”.)
  • Page 69 Typing ? at the Manager level produces this listing: When - - MORE - - appears, use the Space bar or [Return] to list additional commands. Figure 4-4.Example of the Manager-Level Command Listing When - - MORE - - appears, there are more commands in the listing. To list the next screenfull of commands, press the Space bar.
  • Page 70: Listing Command Options

    Figure 4-5. Example of How To List the Options for a Specific Command 4-10 [Tab] after a completed command word lists the further options for [Tab] [Tab] This example displays the command options for configuring the switch’s console settings. , the [Tab] . For example, suppose you want...
  • Page 71: Displaying Cli "Help

    Displaying CLI “Help” CLI Help provides two types of context-sensitive information: ■ Command list with a brief summary of each command’s purpose Detailed information on how to use individual commands ■ Displaying Command-List Help. Syntax: help For example, to list the Operator-Level commands with their purposes: Figure 4-6.
  • Page 72 Using the Command Line Interface (CLI) Using the CLI Figure 4-7.Example of How To Display Help for a Specific Command Note that trying to list the help for an individual command from a privilege level that does not include that command results in an error message. For example, trying to list the help for the interface command while at the global configuration level produces this result: ProCurve# speed-duplex help...
  • Page 73: Configuration Commands And The Context Configuration Modes

    However, using a context mode enables you to execute context-specific commands faster, with shorter command strings. The switch offers interface (port or trunk group) and VLAN context configu­ ration modes: Port or Trunk-Group Context. Includes port- or trunk-specific commands that apply only to the selected port(s) or trunk group, plus the global config­...
  • Page 74 Using the Command Line Interface (CLI) Using the CLI The remaining commands in the listing are Manager, Operator, and context commands. Figure 4-8. Context-Specific Commands Affecting Port Context 4-14 In the port context, the first block of commands in the “?” listing show the context-specific commands that will affect only ports C3-C6.
  • Page 75 VLAN, plus Manager and Operator commands. The prompt for this mode includes the VLAN ID of the selected VLAN. For example, if you had already configured a VLAN with an ID of 100 in the switch: ProCurve(config)# vlan 100 Command executed at configuration level to enter VLAN 100 context.
  • Page 76: Cli Control And Editing

    Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing Executing a Prior Command—Redo The redo command executes a prior command in the history list. Syntax: redo [number | command-str] ProCurve(config)# show history ProCurve(config)# redo 2 IP ARP table IP Address ---------------...
  • Page 77 Syntax: repeat [cmdlist] [count] [delay] For example: ProCurve(config)# repeat 1-4,7-8,10 count 2 delay 3 ProCurve(config)# show history show ver show ip show arp ProCurve(config)# repeat 1-2 IP ARP table IP Address MAC Address --------------- ----------------- ------- ---- 15.255.128.1 000000-000000 Internet (IP) Service Default Gateway : Default TTL : 64...
  • Page 78: Using A Command Alias

    Using the Command Line Interface (CLI) CLI Control and Editing Using a Command Alias You can create a simple command alias to use in place of a command name and its options. Choose an alias name that is not an existing CLI command already.
  • Page 79 ProCurve(config)# show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi Status and Counters - Custom Port Status Port Name Type ---- ---------- ---------- ----- --------- ------- ------- -------- Acco 10/100T Huma 10/100T Deve 10/100T Lab1 10/100T ProCurve(config)# alias sic “show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi”...
  • Page 80 Using the Command Line Interface (CLI) CLI Control and Editing ProCurve(config)# show alias Name -------------------- ------------------------------ show config show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi Figure 4-13. Example of Alias Commands and Their Configurations 4-20 Command...
  • Page 81: Cli Editing Shortcuts

    CLI Editing Shortcuts Keystrokes Function [Ctrl] [A] Jumps to the first character of the command line. or [<] Moves the cursor back one character. [Ctrl] [B] [Ctrl] [C] Terminates a task and displays the command prompt. [Ctrl] [D] Deletes the character at the cursor. [Ctrl] [E] Jumps to the end of the current command line.
  • Page 82 Using the Command Line Interface (CLI) CLI Editing Shortcuts 4-22...
  • Page 83: Contents

    Starting a Web Browser Interface Session with the Switch ......5-4 Using a Standalone Web Browser in a PC or UNIX Workstation .
  • Page 84: Overview

    Overview The ProCurve web browser interface built into the switch lets you easily access the switch from a browser-based PC on your network. This lets you do the following: Optimize your network uptime by using the Alert Log and other diagnostic ■...
  • Page 85: General Features

    General Features The web browser interface includes these features: Switch Identity and Status: • General system data • Software version • IP address • Status Overview • Port utilization • Port counters • Port status • Alert log Switch Configuration: •...
  • Page 86: Interface Session With The Switch

    1. Ensure that the Java information on this topic, refer to your browser’s online Help. 2. Use the web browser to access the switch. If your network includes a Domain Name Server (DNS), your switch’s IP address may have a name associated with it (for example, switch8212) that you can type in the Location or Address field instead of the IP address.
  • Page 87: Procurve Manager Plus (Pcm+)

    ProCurve Manager and ProCurve Manager Plus are designed for installation on a network management workstation. For this reason, the system require­ ments are different from the system requirements for accessing the switch’s web browser interface from a non-management PC or workstation. For PCM and PCM+ requirements, refer to the information provided with the software.
  • Page 88 Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Switch First time install alert Figure 5-1. Example of Status Overview Screen...
  • Page 89: Tasks For Your First Procurve Web Browser Interface Session

    Set access to the web browser interface online help Viewing the “First Time Install” Window When you access the switch’s web browser interface for the first time, the Alert log contains a “First Time Install” alert, as shown in figure 5-2. This gives...
  • Page 90: In The Browser Interface

    Guide for your switch. You may want to create both a username and a password to create access security for your switch. There are two levels of access to the interface that can be controlled by setting user names and passwords: ■...
  • Page 91 Passwords you assign in the web browser interface will overwrite previous passwords assigned in either the web browser interface, the CLI, or the menu interface. That is, the most recently assigned passwords are the switch’s passwords, regardless of which interface was used to assign the string.
  • Page 92: Entering A User Name And Password

    The manager and operator passwords are used to control access to all switch interfaces. Once set, you will be prompted to supply the password every time you try to access the switch through any of its interfaces. The password you enter determines the capability you have during that session: ■...
  • Page 93: Online Help For The Web Browser Interface

    Tasks for Your First ProCurve Web Browser Interface Session The Clear button is provided for your convenience, but its presence means that if you are concerned with the security of the switch configuration and operation, you should make sure the switch is installed in a secure location, such as a locked wiring closet.
  • Page 94: Support/Mgmt Urls Feature

    ■ 3. Enter one of the following (or use the default setting): – The URL for the support information source you want the switch to access when you click on the web browser interface Support tab. The default is the URL for the ProCurve Networking home page.
  • Page 95: Support Url

    Support URL This is the site the switch accesses when you click on the Support tab on the web browser interface. The default URL is: www.procurve.com which is the World Wide Web site for ProCurve networking products. Click on technical support on that page to get support information regarding your switch, including white papers, software updates, and more.
  • Page 96: Using The Pcm Server For Switch Web Help

    Using the PCM Server for Switch Web Help For ProCurve devices that support the “Web Help” feature, you can use the PCM server to host the switch help files for devices that do not have HTTP access to the ProCurve Support Web site.
  • Page 97 3. Add an entry, or edit the existing entry in the Discovery portion of the global properties (globalprops.prp) in PCM to redirect the switches to the help files on the PCM server. For example: Global { TempDir=data/temp Discovery{ ..DeviceHelpUrlRedirect=http://15.29.37.12.8040/rnd/device_help You will enter the IP address for your PCM server.
  • Page 98: Status Reporting Features

    Figure 5-8. The Status Overview Window Policy Management and Configuration. PCM can perform network-wide policy management and configuration of your switch. The Management Server URL field (page 5-13) shows the URL for the management station performing that function. For more information, refer to the documentation provided with the PCM software.
  • Page 99: The Port Utilization And Status Displays

    The Port Utilization and Status Displays The Port Utilization and Status displays show an overview of the status of the switch and the amount of network activity on each port. The following figure shows a sample reading of the Port Utilization and Port Status.
  • Page 100 Using the ProCurve Web Browser Interface Status Reporting Features Maximum Activity Indicator: As the bars in the graph area change ■ height to reflect the level of network activity on the corresponding port, they leave an outline to identify the maximum activity level that has been observed on the port.
  • Page 101: Port Status

    Note that the Port Fault-Disabled symbol will be displayed in the legend only if one or more of the ports is in that status. See Appendix B, “Monitoring and Analyzing Switch Opera­ tion” for more information.
  • Page 102: The Alert Log

    The web browser interface Alert Log, shown in the lower half of the screen, shows a list of network occurrences, or alerts, that were detected by the switch. Typical alerts are Broadcast Storm, indicating an excessive number of broadcasts received on a port, and Problem Cable, indicating a faulty cable. A full list of alerts is shown in the table on page 5-21.
  • Page 103: Alert Types And Detailed Views

    N o t e When troubleshooting the sources of alerts, it may be helpful to check the switch’s Port Status and Port Counter windows, or use the CLI or menu interface to view the switch’s Event Log. When you double click on an Alert Entry, the web browser interface displays a separate window showing information about the event.
  • Page 104 Using the ProCurve Web Browser Interface Status Reporting Features Figure 5-14. Example of Alert Log Detail View 5-22...
  • Page 105: Setting Fault Detection Policy

    Setting Fault Detection Policy One of the powerful features in the web browser interface is the Fault Detection facility. For your switch, this feature controls the types of alerts reported to the Alert Log based on their level of severity.
  • Page 106 Log Network Problems is High Sensitivity. The Fault Detection settings are: ■ High Sensitivity. This policy directs the switch to send all alerts to the Alert Log. This setting is most effective on networks that have none or few problems.
  • Page 107: Contents

    Displaying the Current Flash Image Data ..... . 6-13 Switch Software Downloads ....... . . 6-15 Local Switch Software Replacement and Removal .
  • Page 108 Using the Clear + Reset Button Combination To Reset the Switch to Its Default Configuration ......6-34 TFTP: Copying a Configuration File to a Remote Host .
  • Page 109: Configuration File Management

    How the menu interface and web browser interface implement configu­ ration changes ■ How the switch provides software options through primary/secondary flash images How to use the switch’s primary and secondary flash options, including ■ displaying flash information, booting or restarting the switch, and other topics Configuration File Management The switch maintains two configuration files, the running-config file and the startup-config file.
  • Page 110 Running Config File: Exists in volatile memory and controls switch ■ operation. If no configuration changes have been made in the CLI since the switch was last booted, the running-config file is identical to the startup-config file. ■ Startup-config File: Exists in flash (non-volatile) memory and is used to preserve the most recently-saved configuration as the “permanent”...
  • Page 111 CLI to the Menu interface without first using write memory to save the change to the startup-config file, then the switch prompts you to save the change. For example, if you use the CLI to create VLAN 20, and then select the menu interface, VLAN 20 is configured in the running-config file, but not in the startup-config file.
  • Page 112: Using The Cli To Implement Configuration Changes

    How To Use the CLI To Reconfigure Switch Features. Use this proce­ dure to permanently change the switch configuration (that is, to enter a change in the startup-config file). 1. Use the appropriate CLI commands to reconfigure the desired switch parameters.
  • Page 113 For example, the default port mode setting is uses Cat 3 wiring and you want to connect the switch to another autosensing device capable of 100 Mbps operation. Because 100 Mbps over Cat 3 wiring...
  • Page 114 (figure 6-6-2, above) to save the change to the startup-config file. That is, if you use the CLI to change a parameter setting, but then reboot the switch from either the CLI or the menu interface without first executing the...
  • Page 115: Configuration Changes

    Using the Menu and Web Browser Interfaces To Implement Configuration Changes The menu and web browser interfaces offer these advantages: Quick, easy menu or window access to a subset of switch configuration ■ features ■ Viewing several related configuration parameters in the same screen, with...
  • Page 116: Menu: Implementing Configuration Changes

    (even if you execute a Save operation in the menu interface). If you then execute a switch boot command in the menu interface, 6-10 in the Menu Interface...
  • Page 117: Rebooting From The Menu Interface

    To Reboot the switch, use the Reboot Switch option in the Main Menu. (Note that the Reboot Switch option is not available if you log on in Operator mode; that is, if you enter an Operator password instead of a manager password at the password prompt.)
  • Page 118: Web: Implementing Configuration Changes

    Web: Implementing Configuration Changes You can use the web browser interface to simultaneously save and implement a subset of switch configuration changes without having to reboot the switch. That is, when you save a configuration change (in most cases, by clicking on [Apply Changes] config file and the startup-config file.
  • Page 119: Using Primary And Secondary Flash Image Options

    For example, you can copy a problem image into Secondary flash for later analysis and place another, proven image in Primary flash to run your system. The switch can use only one image at a time.
  • Page 120 Switch Memory and Configuration Using Primary and Secondary Flash Image Options For example, if the switch is using a software version of S.14.XX stored in Primary flash, show version produces the following: ProCurve(config)# show version Image stamp: Boot Image: Figure 6-7.
  • Page 121: Switch Software Downloads

    In the unlikely event that the primary image is corrupted, as a result of an interruption, the switch will reboot from secondary Using Primary and Secondary Flash Image Options /sw/code/build/info(s02) Sept 01 2008 14.03.06...
  • Page 122: Local Switch Software Replacement And Removal

    In this case, the switch will not have a valid flash image in either flash location, but will continue running on a temporary flash image in RAM.
  • Page 123 No Undo! (secondary or primary). If the switch has only one flash image loaded (in either primary or secondary flash) and you erase that image, then the switch does not have a software image stored in flash.
  • Page 124: Operating Notes About Booting

    [primary | secondary] or boot set-default flash [primary | secondary] command. Both the boot command and the reload command will reboot based on how these options have been selected. Boot Attempts from an Empty Flash Location. In this case, the switch aborts the attempt and displays Image does not exist Operation aborted.
  • Page 125: Boot And Reload Command Comparison

    Simi­ larly, If you create a startup-config file while using a version “Y” of the switch software, and then reboot the switch with an earlier software version “X” that does not include all of the features found in “Y”, the software simply ignores the parameters for any features that it does not support.
  • Page 126: Setting The Default Flash

    Syntax: Booting from the Default Flash (Primary or Secondary) The boot command boots the switch from the flash image that you are currently booted on, or the flash image that was set either by the boot set- default command or by the last executed boot system flash <primary | secondary>...
  • Page 127: Using Reload

    <primary | secondary> command. Because reload bypasses some subsystem self-tests, the switch reboots faster than if you use either of the boot command options. Syntax: reload For example, if you change the number of VLANs the switch supports, you must reboot the switch in order to implement the change.
  • Page 128 Using Primary and Secondary Flash Image Options Scheduled Reload. Additional parameters have been added to the reload command to allow for a scheduled reboot of the switch via the CLI. Syntax: [no] reload [after <[dd:]hh:]mm> | at <hh:mm[:ss]> [<mm/dd[/[yy]yy]>]] The scheduled reload feature removes the requirement to physically reboot the switch at inconvenient times (for example, at 1:00 in the morning).
  • Page 129: Multiple Configuration Files

    Copying Startup-Config Files to or from a Remote Server This method of operation means that you cannot preserve different startup­ config files across a reboot without using remote storage. The switch allows up to three startup-config files with options for selecting which startup-config file to use for: ■...
  • Page 130: General Operation

    (if the software version supports the configured features). Boot Options. With multiple startup-config files in the switch you can spec­ ify a policy for the switch to use upon reboot. The options include: Use the designated startup-config file with either or both reboot paths ■...
  • Page 131 2. Use the CLI to make configuration changes in the running-config file, and then execute write mem. The result is that the startup-config file used to reboot the switch is modified by the actions in step 2. Active Startup-Config File:...
  • Page 132: Transitioning To Multiple Configuration Files

    Assigns the workingConfig file as the active configuration and the default ■ configuration for all subsequent reboots using either primary or second­ ary flash. Figure 6-16. Switch Memory Assignments After the First Reboot from Software In the above state, the switch always: Uses the workingConfig file to reboot ■...
  • Page 133: Listing And Displaying Startup-Config Files

    Syntax: show config files This command displays the available startup-config files on the switch and the current use of each file. id: Identifies the memory slot for each startup-config file available on the switch. act: An asterisk ( corresponding startup-config file is currently in use.
  • Page 134: Displaying The Content Of A Specific Startup-Config File

    (primary or secondary) being used for the current reboot. For exam­ ple, when you first download a software version that supports multiple configuration files and boot from the flash location of this version, the switch copies the existing startup-config file (named oldConfig) into memory slot 2, renames this file to workingConfig, and assigns workingConfig as: ■...
  • Page 135 The operator wants to ensure that in case of a need to reboot by pressing the Reset button, or if a power failure occurs, the switch will automatically reboot with the minimal startup-config file in memory slot 1. Since a reboot due to...
  • Page 136: Managing Startup-Config Files In The Switch

    This command boots the switch from the currently active flash image and startup-config file. Because reload bypasses some subsystem self-tests, the switch boots faster than if you use a boot command. Note: To identify the currently active startup-config file, use the show config files command.
  • Page 137: Renaming An Existing Startup-Config File

    (“ “ or ‘ ‘). (File names are not case-sensitive.) Creating a New Startup-Config File The switch allows up to three startup-config files. You can create a new startup-config file if there is an empty memory slot or if you want to replace one startup-config file with another.
  • Page 138: Erasing A Startup-Config File

    Figure 6-18. Example of Creating and Assigning a New Startup-Config File N o t e You can also generate a new startup-config file by booting the switch from a flash memory location from which you have erased the currently assigned startup-config file.
  • Page 139 Thus, if the switch boots using a flash location that does not have an assigned startup-config, then the switch creates a new, default startup-config file and uses this file in the reboot.
  • Page 140: Switch To Its Default Configuration

    Figure 6-19. Example of Erasing a Non-Active Startup-Config File With the same memory configuration as is shown in the bottom portion of figure 6-19, executing erase startup-config boots the switch from primary flash, resulting in a new file named minconfig in the same memory slot. The new file contains the default configuration for the software version currently in pri­...
  • Page 141: Transferring Startup-Config Files To Or From A Remote Server

    TFTP: Copying a Configuration File to a Remote Host Syntax: For example, the following command copies a startup-config file named test­ 01 from the switch to a (UNIX) TFTP server at IP address 10.10.28.14: ProCurve(config)# copy config test-01 tftp 10.10.28.14 test-01.txt unix Pressing Clear + Reset: –...
  • Page 142: Tftp: Copying A Configuration File From A Remote Host

    TFTP server to the switch. Note: This command requires an empty memory slot in the switch. If there are no empty memory slots, the CLI displays the following message: Unable to copy configuration to "< filename >".
  • Page 143: Connected Host

    C a u t i o n This feature must use configuration files generated on the switch to function correctly. If you use configuration files that were not generated on the switch, and then enable this feature, the switch may reboot continuously.
  • Page 144: Cli Command

    Switch Memory and Configuration Automatic Configuration Update with DHCP Option 66 CLI Command The command to enable the configuration update using Option 66 is: Syntax: [no] dhcp config-file-update ProCurve(config)# dhcp config-file-update Figure 6-21. Example of Enabling Configuration File Update Using Option 66...
  • Page 145: Log Messages

    Operating Notes Replacing the Existing Configuration File: After the DHCP client down­ loads the configuration file, the switch compares the contents of that file with the existing configuration file. If the content is different, the new configuration file replaces the existing file and the switch reboots.
  • Page 146 Switch Memory and Configuration Automatic Configuration Update with DHCP Option 66 6-40...
  • Page 147: Contents

    Interface Access and System Information Contents Overview ........... . . 7-2 Interface Access: Console/Serial Link, Web, and Inbound Telnet .
  • Page 148: Overview

    Use the CLI kill command to terminate a remote session ■ ■ View and modify switch system information For help on how to actually use the interfaces built into the switch, refer to: Chapter 3, “Using the Menu Interface” ■ Chapter 4, “Using the Command Line Interface (CLI)”...
  • Page 149: Interface Access: Console/Serial Link, Web, And Inbound Telnet

    Access Security Guide for your switch. You can also simply block unauthorized access via the web browser interface or Telnet (as described in this section) and installing the switch in a locked environment.
  • Page 150: Menu: Modifying The Interface Access

    Web Agent Enabled ■ To Access the Interface Access Parameters: From the Main Menu, Select... 2. Switch Configuration... Figure 7-1. The Default Interface Access Parameters Available in the Menu Interface Press 1. System Information (for Edit). The cursor moves to the System Name field.
  • Page 151: Cli: Modifying The Interface Access

    [no] web-management console Listing the Current Console/Serial Link Configuration. This command lists the current interface access parameter settings. Syntax: show console This example shows the switch’s default console/serial configuration. Interface Access Enable/Disable Console Control Options Figure 7-2. Listing of Show Console Command Reconfigure Inbound Telnet Access.
  • Page 152 Initiates an outbound telnet session to another network device. The destination can be specified as: • IPv4 address • IPv6 address • H ostname • Stack number of a member switch (1-16) if the switch is a commander in a stack and stacking is enabled...
  • Page 153 Interface Access: Console/Serial Link, Web, and Inbound Telnet ProCurve(config)# show telnet Telnet Activity -------------------------------------------------------- Session : ** Privilege: Manager From : Console ------------------------------------------------------- Session : ** Privilege: Manager From : 12.13.14.10 : 15.33.66.20 ------------------------------------------------------- Session : ** Privilege: Operator From : 2001:db7:5:0:203:4ff:fe0a:251 : 2001:db7:5:0:203:4ff1:fddd:12 Figure 7-3.
  • Page 154 Syntax: console N o t e If you change the Baud Rate or Flow Control settings for the switch, you should make the corresponding changes in your console access device. Other­ wise, you may lose connectivity between the switch and your terminal emulator due to differences between the terminal and switch settings for these two parameters.
  • Page 155: Sessions

    Syntax: kill [< session-number >] For example, if you are using the switch’s serial port for a console session and want to terminate a currently active Telnet session, you would do the following:...
  • Page 156 Interface Access and System Information Denying Interface Access by Terminating Remote Management Sessions Figure 7-6. Example of Using the “Kill” Command To Terminate a Remote Session 7-10 Session 2 is an active Session 2 is an active Telnet session. Telnet session. The kill 2 command terminates session 2.
  • Page 157: System Information

    MAC Age Time: The number of seconds a MAC address the switch has learned remains in the switch’s address table before being aged out (deleted).
  • Page 158: Menu: Viewing And Configuring System Information

    Menu: Viewing and Configuring System Information To access the system information parameters: From the Main Menu, Select... 2. Switch Configuration... Figure 7-7. The System Information Configuration Screen (Default Values) N o t e To help simplify administration, it is recommended that you configure System Name to a character string that is meaningful within your system.
  • Page 159: Cli: Viewing And Configuring System Information

    Listing the Current System Information. This command lists the current system information settings. Syntax: show system information This example shows the switch’s default console configuration. ProCurve# show system information Status and Counters - General System Information System Name : ProCurve...
  • Page 160 Syntax: hostname < name-string > Each field allows up to 255 characters. For example, to name the switch “Blue” with “Ext-4474” as the system contact, and “North-Data-Room” as the location: ProCurve(config)# hostname Blue Blue(config)# snmp-server contact Ext-4474 location North-Data-Room...
  • Page 161 MENU ProCurve-Switch-2520 ===========================- TELNET - MANAGER MODE =========================== Switch Configuration - System Information System Name : Green System Contact : Ext-4475 System Location : + characters of the location are missing. It’s too long. Inactivity Timeout (min) [0] : 0...
  • Page 162 Also, executing time without parameters lists the switch’s time of day and date. Note that the CLI uses a 24­ hour clock scheme; that is, hour (hh) values from 1 p.m. to midnight are input as 13 - 24, respectively.
  • Page 163: Web: Configuring System Parameters

    Click on the Configuration tab. Click on Enter the data you want in the displayed fields. Implement your new data by clicking on To access the web-based help provided for the switch, click on browser screen. Interface Access and System Information [System Info]...
  • Page 164 Interface Access and System Information System Information 7-18...
  • Page 165: Contents

    Web: Configuring IP Addressing ......8-10 How IP Addressing Affects Switch Operation ....8-11 IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads .
  • Page 166: Ip Configuration

    However, to enable specific management access and control through your network, you will need IP addressing. Table 8-1 on page 8-11 shows the switch features that depend on IP addressing to operate. IP Configuration...
  • Page 167: Just Want A Quick Start With Ip Addressing

    In most cases, the default setting (64) is adequate. Just Want a Quick Start with IP Addressing? If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, ProCurve recommends that you use the Switch Setup screen to quickly configure IP addressing.
  • Page 168: Ip Addressing With Multiple Vlans

    In the factory-default configuration, the switch has one, permanent default VLAN (named DEFAULT_VLAN) that includes all ports on the switch. Thus, when only the default VLAN exists in the switch, if you assign an IP address and subnet mask to the switch, you are actually assigning the IP addressing to the DEFAULT_VLAN.
  • Page 169: Menu: Configuring Ip Address, Gateway, And Time-To-Live (Ttl)

    To manually enter an IP address, subnet mask, set the IP Config parameter ■ to Manual and then manually enter the IP address and subnet mask values you want for the switch. To use DHCP or Bootp, use the menu interface to ensure that the IP Config ■...
  • Page 170: Cli: Configuring Ip Address, Gateway, And Time-To-Live (Ttl)

    Configuring IP Addressing IP Configuration 3. If the switch needs to access a router, for example, to reach off-subnet destinations, select the Default Gateway field and enter the IP address of the gateway router. 4. If you need to change the packet Time-To-Live (TTL) setting, select Default TTL and type in a value between 2 and 255.
  • Page 171 ID of the VLAN for which you are configuring IP addressing or go to the context configuration level for that VLAN. (If you are not using VLANs on the switch—that is, if the only VLAN is the default VLAN—then the VLAN ID is always “1”.)
  • Page 172 ProCurve (config) no vlan 1 ip address 10.28.227.103/24 Configure Multiple IP Addresses on a VLAN (Multinetting). The fol­ lowing is supported: Up to 2048 IP addresses for the switch ■ Up to 32 IP addresses for the same VLAN ■...
  • Page 173 1. Go to VLAN 20. 2. Configure two additional IP addresses on VLAN 3. Display IP addressing. Figure 8-4. Example of Configuring and Displaying a Multinetted VLAN If you then wanted to multinet the default VLAN, you would do the following: Figure 8-5.
  • Page 174: Web: Configuring Ip Addressing

    Configure the Optional Default Gateway. Using the Global configura­ tion level, you can manually assign one default gateway to the switch. (The switch does not allow IP addressing received from a DHCP or Bootp server to replace a manually configured default gateway.)
  • Page 175: How Ip Addressing Affects Switch Operation

    How IP Addressing Affects Switch Operation Without an IP address and subnet mask compatible with your network, the switch can be managed only through a direct terminal device connection to the Console RS-232 port. You can use direct-connect console access to take advantage of features that do not depend on IP addressing.
  • Page 176: Dhcp/Bootp Operation

    DHCP/Bootp Operation Overview. DHCP/Bootp is used to provide configuration data from a DHCP or Bootp server to the switch. This data can be the IP address, subnet mask, default gateway, Timep Server address, and TFTP server address. If a TFTP server address is provided, this allows the switch to TFTP a previously saved configuration file from the TFTP server to the switch.
  • Page 177 Depending on how the DHCP server is configured, the switch may receive an IP address that is temporarily leased. Periodically the switch may be required to renew its lease of the IP configuration. Thus, the IP addressing provided by the server may be different each time the switch reboots or renews its configuration from the server.
  • Page 178: Network Preparations For Configuring Dhcp/Bootp

    2520switch is a user-defined symbolic name to help you find the correct section of the T144 N o t e The above Bootp table entry is a sample that will work for the switch when the appropriate addresses and file names are used. Network Preparations for Configuring DHCP/Bootp In its default configuration, the switch is configured for DHCP/Bootp opera­...
  • Page 179 If the DHCP/Bootp reply provides information for downloading a config­ ■ uration file, the switch uses TFTP to download the file from the designated source, then reboots itself. (This assumes that the switch or VLAN has connectivity to the TFTP file server specified in the reply, that the config­...
  • Page 180: Ip Preserve: Retaining Vlan-1 Ip Addressing Across Configuration File Downloads

    For the switches covered in this guide, IP Preserve enables you to copy a configuration file to multiple switches while retaining the individual IP address and subnet mask on VLAN 1 in each switch, and the Gateway IP address assigned to the switch. This enables you to distribute the same configuration file to multiple switches without overwriting their individual IP addresses.
  • Page 181 Figure 8-7. Example of IP Preserve Operation with Multiple Series Switches If you apply the following configuration file to figure 8-7, switches 1 - 3 will retain their manually assigned IP addressing and switch 4 will be configured to acquire its IP addressing from a DHCP server.
  • Page 182 Figure 8-8. Configuration File in TFTP Server, with DHCP/Bootp Specified as the IP Addressing Source If you apply this configuration file to figure 8-7, switches 1 - 3 will still retain their manually assigned IP addressing. However, switch 4 will be configured with the IP addressing included in the file.
  • Page 183 IP addressing instructions are in the configuration file. ■ If the switch did not receive its most recent VLAN 1 IP addressing from a DHCP/Bootp server, it retains its current IP addressing when it downloads the configuration file.
  • Page 184 Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads 8-20...
  • Page 185: Contents

    Protocol Operation ..........9-3 General Steps for Running a Time Protocol on the Switch: ..9-3 Disabling Time Synchronization .
  • Page 186: Timep Time Synchronization

    TimeP, with the TimeP mode itself set to Disabled. TimeP Time Synchronization You can either manually assign the switch to use a TimeP server or use DHCP to assign the TimeP server. In either case, the switch can get its time synchro­...
  • Page 187: Protocol Operation

    N o t e To use Broadcast mode, the switch and the SNTP server must be in the same subnet. Unicast Mode: The switch requests a time update from the config­ ■ ured SNTP server. (You can configure one server using the menu interface, or up to three servers using the CLI sntp server command.)
  • Page 188: Sntp: Viewing, Selecting, And Configuring

    Time Protocols SNTP: Viewing, Selecting, and Configuring In the System Information screen of the Menu interface, set the Time ■ Synch Method parameter to None, then press [Enter], then [S] (for Save). In the Global config level of the CLI, execute no timesync. ■...
  • Page 189: Menu: Viewing And Configuring Sntp

    The Default. SNTP does not operate, even if specified by the Menu interface Time Sync Method parameter or the CLI timesync command. Unicast Directs the switch to poll a specific server for SNTP time synchronization. Requires at least one server address. Broadcast Directs the switch to acquire its time synchronization from data broadcast by any SNTP server to the network broadcast address.
  • Page 190 Use the Space bar to select the Unicast mode, then do the following: [>] to move the cursor to the Server Address field. i. Press ii. Enter the IP address of the SNTP server you want the switch to use for time synchronization. Time Protocol Selection Parameter – TIMEP – SNTP...
  • Page 191 Note: The Menu interface lists only the highest priority SNTP server, even if others are configured. To view all SNTP servers configured on the switch, use the CLI show management command. Refer to “SNTP Unicast Time Polling with Multiple SNTP Servers” on page 9-25.
  • Page 192: Cli: Viewing And Configuring Sntp

    Viewing the Current SNTP Configuration Syntax: show sntp For example, if you configured the switch with SNTP as the time synchronization method, then enabled SNTP in broadcast mode with the default poll interval, show sntp lists the following: Page 9-10 and ff.,...
  • Page 193 SNTP configuration. This command can help you to easily examine and compare the IP addressing on the switch. It lists the IP addresses for all time servers configured on the switch, plus the IP addresses and default gateway for all VLANs configured on the switch.
  • Page 194: Configuring (Enabling Or Disabling) The Sntp Mode

    Configuring (Enabling or Disabling) the SNTP Mode Enabling the SNTP mode means to configure it for either broadcast or unicast mode. Remember that to run SNTP as the switch’s time synchronization protocol, you must also select SNTP as the time synchronization method by using the CLI timesync command (or the Menu interface Time Sync Method parameter).
  • Page 195 Note: The Protocol Version parameter will also appear in show sntp listings if the IP address of an SNTP server (used in Unicast mode) is configured in the switch. However, the protocol version is used only when SNTP is configured for Unicast operation.
  • Page 196 IPv4 or IPv6 address and priority (1 - 3) of at least one SNTP server. The switch allows up to three unicast servers. You can use the Menu interface or the CLI to configure one IPv4 server address or to replace an existing IPv4 Unicast server address with another.
  • Page 197 ProCurve(config)# show sntp SNTP Configuration Time Sync Mode: Sntp SNTP Mode : Unicast Poll Interval (sec) [720] : 720 Priority SNTP Server Address -------- ---------------------------------------------- ---------------- 2001:db8::215:60ff:fe79:8980 10.28.227.141 fe80::123%vlan10 Figure 9-8. Example of Configuring SNTP for Unicast Operation If the SNTP server you specify uses SNTP version 4 or later, use the sntp server command to specify the correct version number.
  • Page 198 Syntax: no timesync For example, suppose SNTP is running as the switch’s time synchronization protocol, with Broadcast as the SNTP mode and the factory-default polling interval. You would halt time synchronization with this command:...
  • Page 199 SNTP mode as disabled. Syntax: no sntp For example, if the switch is running SNTP in Unicast mode with an SNTP servers as shown in figure 9-9, no sntp changes the SNTP configuration as shown below, and disables time synchronization on the switch.
  • Page 200: Timep: Viewing, Selecting, And Configuring

    IP address via DHCP. If the switch receives a server address, it polls the server for updates according to the Timep poll interval. If the switch does not receive a Timep server IP address, it cannot perform time synchronization updates.
  • Page 201: Menu: Viewing And Configuring Timep

    To View, Enable, and Modify the TimeP Protocol: 1. From the Main Menu, select: 2. Switch Configuration... ==========================- CONSOLE - MANAGER MODE -========================== Switch Configuration - System Information System Name : ProCurve System Contact : System Location : Inactivity Timeout (min) [0] : 0...
  • Page 202: Cli: Viewing And Configuring Timep

    This section describes how to use the CLI to view, enable, and configure TimeP parameters. 9-18 ii. Enter the IP address of the TimeP server you want the switch to use for time synchronization. Note: This step replaces any previously configured TimeP server IP address.
  • Page 203: Viewing The Current Timep Configuration

    TimeP, SNTP, and VLAN IP addresses configured on the switch. Syntax: show timep For example, if you configure the switch with TimeP as the time synchroniza­ tion method, then enable TimeP in DHCP mode with the default poll interval, show timep lists the following: Figure 9-13.
  • Page 204: Configuring (Enabling Or Disabling) The Timep Mode

    Configuring (Enabling or Disabling) the TimeP Mode Enabling the TimeP mode means to configure it for either broadcast or unicast mode. Remember that to run TimeP as the switch’s time synchronization protocol, you must also select TimeP as the time synchronization method by using the CLI timesync command (or the Menu interface Time Sync Method parameter).
  • Page 205 Enabling TimeP in DHCP Mode. Because the switch provides a TimeP polling interval (default: 720 minutes), you need only these two commands for a minimal TimeP DHCP configuration: Syntax: timesync timep Syntax: ip timep dhcp For example, suppose: Time synchronization is configured for SNTP.
  • Page 206 Enabling Timep in Manual Mode. Like DHCP mode, configuring TimeP for Manual mode enables TimeP. However, for manual operation, you must also specify the IP address of the TimeP server. (The switch allows only one TimeP server.) To enable the TimeP protocol: Syntax: timesync timep Syntax: ip timep manual <...
  • Page 207 Figure 9-18. Example of TimeP with Time Sychronization Disabled Disabling the TimeP Mode. Disabling the TimeP mode means to configure it as disabled. (Disabling TimeP prevents the switch from using it as the time synchronization protocol, even if it is the selected Time Sync Method option.)
  • Page 208 Time Protocols TimeP: Viewing, Selecting, and Configuring For example, if the switch is running TimeP in DHCP mode, no ip timep changes the TimeP configuration as shown below, and disables time synchronization. Figure 9-19. Example of Disabling Time Synchronization by Disabling the TimeP Mode...
  • Page 209: Sntp Unicast Time Polling With Multiple Sntp Servers

    Server Address parameter in the menu interface, or the primary server in a list of up to three SNTP servers configured using the CLI. If the switch does not receive a response from the primary server after three consecutive polling intervals, the switch tries the next server (if any) in the list.
  • Page 210: Adding And Deleting Sntp Server Addresses

    SNTP Messages in the Event Log If an SNTP time change of more than three seconds occurs, the switch’s event log records the change. SNTP time changes of less than three seconds do not appear in the Event Log.
  • Page 211: Contents

    Enabling or Disabling Flow Control ......10-17 Configuring a Broadcast Limit on the Switch ....10-19 Configuring ProCurve Auto-MDIX .
  • Page 212 Port Status and Configuration Contents Configuring Transceivers and Modules That Haven’t Been Inserted ..........10-28 10-2 Transceivers .
  • Page 213: Viewing Port Status And Configuring Port Parameters

    Devices (mode) mismatch. ■ To check the mode setting for a port on the switch, use either the Port Status screen in the menu interface (page 10-4) or show interfaces brief in the CLI (page 10-8). To display information about the transceivers installed on a switch, enter the show tech transceivers command in the CLI (page 10-15).
  • Page 214: Menu: Port Status And Configuration

    Use up/down arrow keys to scroll to other entries, left/right arrow keys to change action selection, and <Enter> to execute action. Figure 10-1. Example of a Switch Port Status Screen Port Type The port Type field represents the IEEE or other industry protocol in operation on that port.
  • Page 215: Status Of Ports

    With the port mode set to Auto (the default) and flow control on (enabled), the switch negotiates flow control on the indicated port. If the port mode is not set to Auto, or if flow control is off (disabled) on the port, then flow control is not used.
  • Page 216: Modes

    Senses speed and negotiates with the port at the other end of the link for port operation (MDI-X or MDI). To see what the switch negotiates for the Auto setting, use the CLI show interfaces brief command or the menu commands “1.
  • Page 217: Configuring Ports

    For information on port trunk groups, refer to Chapter 12, “Port Trunking” . From the Main Menu, Select: 2. Switch Configuration... An example of the Menu display is shown below. Viewing Port Status and Configuring Port Parameters...
  • Page 218: Cli: Viewing Port Status And Configuring Port Parameters

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters ==========================- CONSOLE - MANAGER MODE -============================ Switch Configuration - Port/Trunk Settings Port Type Enabled ---- --------- + ------- 10/100TX | Yes 10/100TX | Yes 10/100TX | Yes 10/100TX | Yes...
  • Page 219: Viewing Port Status And Configuration

    Lists the current operating status for all ports on the switch. config: Lists a subset of configuration data for all ports on the switch; that is, for each port, the display shows whether the port is enabled, the operating mode, and whether it is configured for flow control.
  • Page 220 Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)# show interfaces config Port Settings Port Type | Enabled Mode ----- --------- + ------- ------------ --------- ---- 10/100TX | Yes 10/100TX | Yes 10/100TX | Yes 10/100TX | Yes 10/100TX | Yes 10/100TX...
  • Page 221: Customizing The Show Interfaces Command

    Status and Counters - Port Counters Port Total Bytes Total Frames ----- -------------- -------------- 1,121,436,946 1,078,679,873 Actions-> Back Show details Return to previous screen. Use up/down arrow keys to scroll to other entries, left/right arrow keys to change action selection, and <Enter> to execute action. Figure 10-5.
  • Page 222 Port Status and Configuration Viewing Port Status and Configuring Port Parameters Parameter Column port type status speed mode flow name vlanid enabled intrusion bcast ProCurve(config)# show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi Status and Counters - Custom Port Status Port Name Type ---- ---------- ---------- ----- --------- ------- ------- --------...
  • Page 223: Error Messages

    N o t e Each field has an fixed minimum width to be displayed. If you specify a field width smaller than the minimum width, the information is displayed at the minimum width. For example, if the minimum width for the Name field is 4 characters and you specify Name:2, the Name field displays 4 characters.
  • Page 224: Viewing Port Utilization Statistics

    Viewing Port Status and Configuring Port Parameters Viewing Port Utilization Statistics Use the show interface port-utilization command to view a real-time rate display for all ports on the switch. The following shows a sample output from this command. ProCurve(config)# show interfaces port-utilization...
  • Page 225 ■ transceiver: • Unsupported Transceiver. (SelfTest Err#060) Check: www.hp.com/rnd/device_help/2_inform for more info. • This switch only supports revision B and above transceivers. Check: www.hp.com/rnd/device_help/ 2_inform for more info. • Self test failure. • Transceiver type not supported in this port.
  • Page 226: Enabling/Disabling Ports & Configuring Port Mode

    10-16 version. www.hp.com/rnd/device_help/2_inform for more info. [< disable | enable >] Disables or enables the port for network traffic. Does not use the no form of the command. (Default: enable.) [speed-duplex <...
  • Page 227: Enabling/Disabling Flow Control

    Off in the show interfaces brief port listing, even if flow control is configured as enabled on the port in the switch. (Refer to Figure 10-3 on page 10-9.) Also, the port (speed-duplex) mode must be set to Auto (the default).
  • Page 228 Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)# int 5-6 flow-control ProCurve(config)# show int brief Status and Counters - Port Status | Intrusion Port Type | Alert ----- --------- + --------- ------- ------ ---------- ----- ----- ------ 10/100TX | No 10/100TX...
  • Page 229: Configuring A Broadcast Limit On The Switch

    For a one Gbps port this results in a broadcast traffic rate of ten Mbps. Configuring ProCurve Auto-MDIX Copper ports on the switch can automatically detect the type of cable config­ uration (MDI or MDI-X) on a connected device and adjust to operate appro­...
  • Page 230 10/100/1000-T module ports Using the above ports: ■ If you connect a copper port using a straight-through cable on a switch to a port on another switch or hub that uses MDI-X ports, the switch port automatically operates as an MDI port.
  • Page 231 PC or other MDI device with a crossover cable, or to a switch, hub, or other MDI-X device with a straight- through cable. mdix is the manual mode setting that configures the port for...
  • Page 232: Web: Viewing Port Status And Configuring Port Parameters

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)# show interfaces config Port Settings Port ------- --------- + ------- ------------ --------- ---- Figure 10-12. Example of Displaying the Current MDI Configuration ProCurve(config)# show int brief Status and Counters - Port Status | Intrusion Port Type...
  • Page 233: Using Friendly (Optional) Port Names

    ■ ters. ■ Blank spaces within friendly port names are not allowed, and if used, cause an invalid input error. (The switch interprets a blank space as a name terminator.) Port Status and Configuration Using Friendly (Optional) Port Names Default...
  • Page 234: Configuring Friendly Port Names

    Syntax: no interface < port-list > name Configuring a Single Port Name. Suppose that you have connected port A3 on the switch to Bill Smith’s workstation, and want to assign Bill’s name and workstation IP address (10.25.101.73) as a port name for port A3: Figure 10-14.
  • Page 235: Displaying Friendly Port Names With Other Port Data

    Configuring the Same Name for Multiple Ports. Suppose that you want to use ports A5 through A8 as a trunked link to a server used by a drafting group. In this case you might configure ports A5 through A8 with the name “Draft-Server:Trunk”.
  • Page 236 Syntax: show name [ port-list ] For example: Figure 10-16. Example of Friendly Port Name Data for All Ports on the Switch Figure 10-17. Example of Friendly Port Name Data for Specific Ports on the Switch Including Friendly Port Names in Per-Port Statistics Listings. A friendly port name configured to a port is automatically included when you display the port’s statistics output.
  • Page 237 Syntax: show interface < port-number > For example, if you configure port 5 with the name “O’Connor_10.25.101.43”, the show interface output for this port appears similar to the following: ProCurve(config)# show int 5 Status and Counters - Port Counters for port 5 Name : O’Connor@10.25.101.43 Name...
  • Page 238: Been Inserted

    Been Inserted Transceivers Previously, a port had to be valid and verified for the switch to allow it to be configured. Transceivers are removable ports and considered invalid when not present in the switch, so they cannot be configured unless they are already in the switch.
  • Page 239: Power Over Ethernet (Poe) Operation

    Viewing PoE Configuration and Status ..... . . 11-15 Displaying the Switch’s Global PoE Power Status ....11-15 Displaying an Overview of PoE Status on All Ports .
  • Page 240: Contents

    Power Over Ethernet (PoE) Operation Contents Planning and Implementing a PoE Configuration ....11-20 Assigning PoE Ports to VLANs ......11-20 Applying Security Features to PoE Configurations .
  • Page 241: Configuration Options

    PoE-enabled port without reconfiguring the port. Configuration Options In the default configuration, all 10/100Base-TX ports on the HP ProCurve 2520 switches and 10/100/1000Base-TX ports on the 2520G switches support PoE operation. Using the commands described in this chapter, you can: ■...
  • Page 242: Related Publications

    This chapter introduces general PoE operation, PoE configuration and monitoring commands, and event log messages related to PoE operation on the HP ProCurve Series 2520 and 2520G switches. The following two manuals provide further information: For information on installation, refer to the HP ProCurve Series 2520 ■...
  • Page 243: Poe Operation

    PD connections. Thus, while 17 watts must be available for the switch to begin supplying power to a port with a PD connected, 17 watts per port is not continually required if the connected PD requires less power.
  • Page 244: Power Priority Operation

    Power Over Ethernet (PoE) Operation PoE Operation Note Depending on power demands, lower-priority ports on a switch with high PoE power demand may occasionally lose power due to the demands of higher- priority ports. (Refer to “Power Priority Operation” for further details.)
  • Page 245: Configuring Poe Operation

    (non-standard) IP phones. Note When the switch is in legacy detection mode, the detection signature range is expanded beyond the IEEE specification. This allows non-compliant devices to be powered.
  • Page 246 ProCurve(config)# power pre-std-detect PoE for pre-802.3af-standard powered devices can be enabled or disabled only from the switch's CLI. This feature cannot be enabled or disabled through either the switch's menu or web browser interfaces. Executing the show power-over-ethernet command lists the system power...
  • Page 247: Configuring The Poe Port Priority Level

    Syntax: interface < port-list > power-over-ethernet [ critical | high | low ] Table 11-1 provides examples of how PoE priority settings impact operation. Table 11-1. Example of PoE Priority Operation on the HP ProCurve 2520-24-PoE Priority Configuration Command and Resulting Operation...
  • Page 248: Controlling Poe Allocation

    Power Over Ethernet (PoE) Operation Configuring PoE Operation Priority Configuration Command and Resulting Operation Setting Low This priority class receives power only if all PDs on ports with High and Critical priority settings are receiving power. If there is enough power to provision PDs on only some Low priority ports, then power is allocated to the ports in ascending order, beginning with the lowest-numbered port in the class until all available power is in use.
  • Page 249: Manually Configuring Poe Power Levels

    Table 11-1. Power Classes and Their Values Power Class Value Depends on cable type and PoE architecture. Maximum power level output of 15.4 watts at the PSE. This is the default class; if there isn’t enough information about the load for a specific classification, the PSE classifies the load as class 0 (zero).
  • Page 250 Power Over Ethernet (PoE) Operation Configuring PoE Operation ProCurve(config)# show power-over-ethernet 6 Status and Counters - Port Power Status for port 6 Power Enable : Yes Priority : low AllocateBy : value Detection Status : Delivering Over Current Cnt Power Denied Cnt Voltage : 49.1 V Power...
  • Page 251: Changing The Threshold For Generating A Power Notice

    Changing the Threshold for Generating a Power Notice By default, PoE support is enabled on the switch’s 10/100Base-TX ports, with the power priority set to Low and the power threshold set to 80 (%). The following commands allow you to adjust these settings.
  • Page 252: Cycling Power On A Port

    Cycling Power on a Port Simply disabling a PoE port does not affect power delivery through that port. To cycle the power on a PD receiving power from a PoE port on the switch, disable, then re-enable the power to that port.
  • Page 253: Poe/Poe+ Allocation Using Lldp Information

    PoE. When LLDP is enabled, the information about the power usage of the PD is available and the switch can then comply with or ignore this information. You can configure PoE on each port according to the PD (IP phone, wireless device, etc.) specified in the LLDP field.
  • Page 254: Displaying The Switch's Global Poe Power Status

    Viewing PoE Configuration and Status Displaying the Switch’s Global PoE Power Status Syntax: show power-over-ethernet For example, in the default PoE configuration, when the switch is running with several ports supporting PD loads, show power-over-ethernet displays data similar to the following: 11-16 Displays the switch’s global PoE power status, including:...
  • Page 255: Displaying/Overview Poe Status On All Ports

    – Disabled: PoE support is disabled on the port. To re-enable, refer to “Configuring PoE Operation” on page 11-6. – Fault: The switch detects a problem with the connected PD. • Power Class: Shows the 802.3af power class of the PD detected on the indicated port (as configured by the user on the PD device).
  • Page 256 Power Over Ethernet (PoE) Operation Viewing PoE Configuration and Status For example, show power-over-ethernet brief displays this output: ProCurve(config)# show power-over-ethernet brief Status and Counters - Port Power Status | Power LLDP Port | Enable Detect ----- + ------- -------- --------- ----- ---- ----------- ----------- ------ | Yes disabled critical | Yes...
  • Page 257: Displaying The Poe Status On Specific Ports

    PoE support, refer to “Configuring PoE Operation” on page 11-6. – Fault: The switch detects a problem with the connected PD. • Over Current Cnt: Shows the number of times a connected PD has attempted to draw more than 15.4 watts. Each occurrence generates an Event Log message.
  • Page 258 Power Over Ethernet (PoE) Operation Viewing PoE Configuration and Status For example, if you wanted to view the PoE status of port 5, you would use show power-over-ethernet 5 to display the data: ProCurve(config)# show power-over-ethernet 5 Status and Counters - Port Power Status for port 5 Power Enable : Yes Priority...
  • Page 259: Planning And Implementing A Poe Configuration

    Planning and Implementing a PoE Configuration This section provides an overview of some considerations for planning a PoE application. For additional information, refer to the HP ProCurve PoE Planning and Implementation Guide. Assigning PoE Ports to VLANs If your network includes VLANs, you may want to assign various PoE­...
  • Page 260: Poe Event Log Messages

    PoE Event Log Messages PoE Event Log Messages PoE operation generates these Event Log messages. You can also configure the switch to send these messages to a configured debug destination (terminal device or Syslog server). I 1MM/DD/YY HH:MM:SS chassis: Ext Power Supply connected, supplying < actual-power > W of <...
  • Page 261 < 1 - 99 > command. (Note that the switch also generates an SNMP trap for this event.) Port <...
  • Page 262 Port < port-# > PD Other Fault indication. Port < port-# > PD Over Current indication. 11-24 The switch no longer detects a device on < port-# >. The device may have been disconnected, powered down, or stopped functioning. There is a problem with the PD connected to the port.
  • Page 263: Contents

    Trunk Group Operation Using the “Trunk” Option ... . 12-26 How the Switch Lists Trunk Data ......12-27 Outbound Traffic Distribution Across Trunked Links .
  • Page 264: Overview

    A trunk group is a set of up to eight ports configured as members of the same port trunk. Note that the ports in a trunk group do not have to be consecutive. For example: Switch 1: Ports c1 - c3, c5 - c7, and...
  • Page 265 Port Security Restriction. Port security does not operate on a trunk group. If you configure port security on one or more ports that are later added to a trunk group, the switch resets the port security parameters for those ports to the factory-default configuration.
  • Page 266: Port Trunk Features And Operation

    Up to 24 trunk groups are supported on the switches covered in this guide. The actual maximum depends on the number of ports available on the switch and the number of links in each trunk. (Using the Link Aggregation Control Protocol—LACP—option, you can include standby trunked ports in addition...
  • Page 267 Static Trunk: The switch uses the links you configure with the Port/Trunk Settings screen in the menu interface or the trunk command in the CLI to create a static port trunk. The switch offers two types of static trunks: LACP and Trunk.
  • Page 268 – You are unsure which type of trunk to use, or the device to which you want to create a trunk link is using an unknown trunking protocol. – You want to use a monitor port on the switch to monitor traffic on a trunk. Refer to “Trunk Group Operation Using the “Trunk” Option” on page 12-26.
  • Page 269 A trunk appears as a single port labeled (for a static trunk of type: LACP, Trunk) on various menu and CLI screens. For a listing of which screens show which trunk types, refer to “How the Switch Lists Trunk Data” on page 12-27.
  • Page 270 IP Multicast Protocol (IGMP): A static trunk of any type appears in the IGMP configuration display, and you can configure IGMP for a static trunk in the same way that you would configure IGMP on a non-trunked port. (Note that the switch lists the trunk by name—such as Trk1—and does not list the individual ports in the trunk.) Also, creating a new trunk...
  • Page 271: Menu: Viewing And Configuring A Static Trunk Group

    Important Configure port trunking before you connect the trunked links to another switch, routing switch, or server. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured. Refer to “Enabling or Disabling Ports and Configuring Port Mode”...
  • Page 272 6. Move the cursor to the Type column for the selected port and use the Space bar to select the trunk type: All ports in the same trunk group on the same switch must have the same Type (LACP or Trunk).
  • Page 273: Cli: Viewing And Configuring Port Trunk Groups

    < port-list > lacp page 12-15 Using the CLI To View Port Trunks You can list the trunk type and group for all ports on the switch or for selected ports. You can also list LACP-only status information for LACP-configured ports.
  • Page 274 Port Trunking CLI: Viewing and Configuring Port Trunk Groups Using a port list specifies, for switch ports in a static trunk group, only the ports you want to view. In this case, the command specifies ports A5 through A7. However, because port A6 is not in a static trunk group, it does not appear...
  • Page 275 Port Trunking CLI: Viewing and Configuring Port Trunk Groups Listing Static LACP and Dynamic LACP Trunk Data. Syntax: show lacp Lists data for only the LACP-configured ports.. In the following example, ports A1 and A2 have been previously configured for a static LACP trunk. (For more on the “Active” parameter, see table 12-5 on page 12-21.) Figure 12-8.
  • Page 276: Using The Cli To Configure A Static Or Dynamic Trunk Group

    Configuring Port Mode” on page 10-16.) The table on page 12-5 describes the maximum number of trunk groups you can configure on the switch. An individual trunk can have up to eight links, with additional standby links if you’re using LACP. You can configure trunk...
  • Page 277 Enabling a Dynamic LACP Trunk Group. In the default port configura­ tion, all ports on the switch are set to disabled. To enable the switch to automatically form a trunk group that is dynamic on both ends of the link, the ports on one end of a set of links must be LACP Active.
  • Page 278 Port Trunking CLI: Viewing and Configuring Port Trunk Groups Switch “A” with ports set to LACP passive. Switch “A” with ports set to LACP active. Figure 12-10. Example of Criteria for Automatically Forming a Dynamic LACP Trunk Syntax: interface < port-list > lacp active This example uses ports C4 and C5 to enable a dynamic LACP trunk group.
  • Page 279: Web: Viewing Existing Port Trunk Groups

    C a u t i o n Unless spanning tree is running on your network, removing a port from a trunk can result in a loop. To help prevent a broadcast storm when you remove a port from a trunk where spanning tree is not in use, ProCurve recommends that you first disable the port or disconnect the link on that port.
  • Page 280: Trunk Group Operation Using Lacp

    Port Trunking Trunk Group Operation Using LACP Trunk Group Operation Using LACP The switch can automatically configure a dynamic LACP trunk group or you can manually configure a static LACP trunk group. N o t e LACP requires full-duplex (FDx) links of the same media type (10/100Base-T, 100FX, etc.) and the same speed, and enforces speed and duplex conformance...
  • Page 281 Displaying Dynamic LACP Trunk Data: To list the configuration and status for a dynamic LACP trunk, show lacp use the CLI Note: The dynamic trunk is automatically created by the switch, and is not listed in the static trunk listings available in the menu interface or in the CLI show trunk listing. 802.3ad-compliant...
  • Page 282 (Refer to “VLANs and Dynamic LACP” on page 12-23.) • You want to use a monitor port on the switch to monitor an LACP trunk. The trunk operates if the trunk group on the opposite device is running one of the following trunking protocols: • Active LACP...
  • Page 283: Default Port Operation

    (brief) trunk negotiation or a configuration error such as differing port speeds on the same link or trying to connect the switch to more trunks than it can support. (See the table on page 12-5.) Note: Some older devices are limited to four ports in a trunk. When eight LACP-enabled ports are connected to one of these older devices, four ports connect, but the other four ports are blocked.
  • Page 284: Lacp Notes And Restrictions

    Meaning LACP Partner Yes: LACP is enabled on both ends of the link. No: LACP is enabled on the switch, but either LACP is not enabled or the link has not been detected on the opposite device. LACP Status Success: LACP is enabled on the port, detects and synchronizes with a device on the other end of the link, and can move traffic across the link.
  • Page 285 The switch will not allow you to configure LACP on a port on which port security is enabled. For example: ProCurve(config)# int a17 lacp passive Error configuring port A17: LACP and port security cannot be run together. ProCurve(config)# To restore LACP to the port, you must remove port security and re-enable LACP active or passive.
  • Page 286 Status becomes “Up”). When the other port becomes active again, the replace­ ment port goes back to blocked (Port Status is “Blocked”). It can take a few seconds for the switch to discover the current status of the ports. ProCurve(eth-1-8)# show lacp...
  • Page 287 If a port is already a member of a static or dynamic LACP trunk, you cannot configure it to HDx. If a port is already set to HDx, the switch does not allow you to configure ■ it for a static or dynamic LACP trunk.
  • Page 288: Trunk Group Operation Using The "Trunk" Option

    This method creates a trunk group that operates independently of specific trunking protocols and does not use a protocol exchange with the device on the other end of the trunk. With this choice, the switch simply uses the SA/DA method of distributing outbound traffic across the trunked ports without regard for how that traffic is handled by the device at the other end of the trunked links.
  • Page 289: How The Switch Lists Trunk Data

    SA/DA (source address/destination address) causes the switch to distribute outbound traffic to the links within the trunk group on the basis of source/ destination address pairs. That is, the switch sends traffic from the same source address to the same destination address through the same trunked link, and may also send traffic from the same source address to a different desti­...
  • Page 290 12-13. That is, if Client A attached to Switch 1 sends five packets of data to Server A attached to Switch 2, the same link is used to send all five packets. The SA/DA address pair for the traffic is the same.
  • Page 291 Table 12-6. Example of Link Assignments in a Trunk Group (SA/DA Distribution) Source: Destination: Node A Node W Node B Node X Node C Node Y Node D Node Z Node A Node Y Node B Node W Because the amount of traffic coming from or going to various nodes in a network can vary widely, it is possible for one link in a trunk group to be fully utilized while other links in the same trunk have unused bandwidth capacity even if the assignments were evenly distributed across the links in a trunk.
  • Page 292 Port Trunking Outbound Traffic Distribution Across Trunked Links 12-30...
  • Page 293: Contents

    Contents Using SNMP Tools To Manage the Switch ..... . 13-3 Overview ..........13-3 SNMP Management Features .
  • Page 294 Configuration Options ........13-38 Options for Reading LLDP Information Collected by the Switch . . 13-40 LLDP and LLDP-MED Standards Compatibility .
  • Page 295: Using Snmp Tools To Manage The Switch

    If you use the switch’s Authorized IP Managers and Management VLAN features, ensure that the SNMP management station and/or the choice of switch port used for SNMP access to the switch are compatible with the access controls enforced by these features. Otherwise, SNMP access to the switch will be blocked.
  • Page 296: Snmp Management Features

    The switch SNMP agent also uses certain variables that are included in a Hewlett-Packard proprietary MIB (Management Information Base) file. If you are using HP OpenView, you can ensure that it is using the latest version of the MIB file by downloading the file to the OpenView database. To do so, go...
  • Page 297: Configuring For Snmp Version 3 Access To The Switch

    User and community name may access the switch with the View and Access levels that have been set for that community. If you want to restrict access to one or more specific nodes, you can use the switch’s IP Authorized Manager feature.
  • Page 298: Snmp Version 3 Commands

    SNMP Version 3 Commands SNMP version 3 (SNMPv3) adds some new commands to the CLI for configuring SNMPv3 functions. To enable SMNPv3 operation on the switch, use the snmpv3 enable command. An initial user entry will be generated with MD5 authentication and DES privacy.
  • Page 299: Enabling Snmpv3

    Figure 13-1. Example of SNMP version 3 Enable Command SNMPv3 Users To use SNMPv3 on the switch, you must configure the users that will be assigned to different groups. To configure SNMP users on the switch: Configuring for Network Management Applications...
  • Page 300 If you add an SNMPv3 user without authentication and/or privacy to a group that requires either feature, the user will not be able to access the switch. Ensure that you add a user with the appropriate security level to an existing security group.
  • Page 301 AES-172, AES-256, and 3-DES are not supported. Listing Users. To display the management stations configured to access the switch with SNMPv3 and view the authentication and privacy protocols that each station uses, enter the show snmpv3 user command. Syntax: show snmpv3 user This example displays information about the management stations configured on VLAN 1 to access the switch.
  • Page 302 13-10 Add NetworkMgr to managerpriv group This command assigns or removes a user to a security group for access rights to the switch. To delete an entry, all of the following three parameters must be included in the command. group <group_name>...
  • Page 303: Group Access Levels

    N o t e All access groups and views are predefined on the switch. There is no method to modify or add groups or views to those that are pre-defined on the switch. SNMPv3 Communities SNMP commuities are supported by the switch to allow management applications that use version 2c or version 1 to access the switch.
  • Page 304 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: [no] snmpv3 community Figure 13-5 shows the assigning of the Operator community on MgrStation1 to the CommunityOperatorReadWrite group. Any other Operator only has an access level of CommunityOperatorReadOnly...
  • Page 305: Communities

    SNMP communities, each with either an operator-level or a manager- level view, and either restricted or unrestricted write access. Using SNMP requires that the switch have an IP address and subnet mask compatible with your network. C a u t i o n For ProCurve Manager (PCM) version 1.5 or earlier (or any TopTools version),...
  • Page 306 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Note: This screen gives an overview of the SNMP communities that are currently configured. All fields in this screen are read- only. Figure 13-6. The SNMP Communities Screen (Default Values)
  • Page 307: Cli: Viewing And Configuring Snmp Community Names

    — refer to “SNMP Notifications” on page 13-17). Syntax: show snmp-server [<community-string>] This example lists the data for all communities in a switch; that is, both the default “public” community name and another community named "blue-team" Default...
  • Page 308 MIB view. If you do not specify restricted or unrestricted, the switch automatically assigns the community to restricted (read­ only) access. The no form uses only the < community- name >...
  • Page 309: Snmp Notifications

    SNMPv2c informs ■ SNMPv3 notification process, including traps ■ This section describes how to configure a switch to send network security and link-change notifications to configured trap receivers. Supported Notifications By default, the following notifications are enabled on a switch: ■...
  • Page 310: General Steps For Configuring Snmp Notifications

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Advance Traffic Management Guide: ■ • • Access Security Guide: ■ • • General Steps for Configuring SNMP Notifications To configure SNMP notifications, follow these general steps: 1. Determine the versions of SNMP notifications that you want to use in your network.
  • Page 311: Snmpv1 And Snmpv2C Traps

    Trap receivers: A trap receiver is a management station to which the switch sends SNMP traps and (optionally) event log messages sent from the switch. From the CLI you can configure up to ten SNMP trap receivers to receive SNMP traps from the switch.
  • Page 312 If you do not specify an event level, the switch uses • the default value (none) and sends no event log messages as traps.
  • Page 313: Enabling Snmpv2C Informs

    When an SNMP Manager receives an inform request, it can send an SNMP response back to the sending agent on the switch to let the agent know that the inform request reached its destination.
  • Page 314 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch N o t e The retries and timeout values are not used to send trap requests. To verify the configuration of SNMPv2c informs, enter the show snmp-server command:...
  • Page 315: Configuring Snmpv3 Notifications

    To configure SNMPv3 notifications, follow these steps: 1. Enable SNMPv3 operation on the switch by entering the snmpv3 enable command (see “SNMP Version 3 Commands” on page 13-6). When SNMPv3 is enabled, the switch supports: •...
  • Page 316 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch 5. Configure the target address of the SNMPv3 management station to which SNMPv3 informs and traps are sent by entering the snmpv3 targetaddress command. Syntax: [no] snmpv3 targetaddress < ipv4-addr | ipv6-addr> < name >...
  • Page 317 If you configure the message processing value as ver3 and the security model as ver3, you must also configure a security services level (noauth, auth, or priv). Configuring for Network Management Applications Using SNMP Tools To Manage the Switch 13-25...
  • Page 318: Managing Network Security Notifications

    Figure 13-10. Example of an SNMPv3 Notification Configuration Managing Network Security Notifications By default, a switch is enabled to send the SNMP notifications listed in “Supported Notifications” on page 13-17 when a network security event (for example, authentication failure) occurs. However, before security...
  • Page 319 To determine the specific cause of a security event, check the event log in the console interface to see why a trap was sent. For more information, refer to “Using the Event Log for Troubleshooting Switch Problems” on page C-22. To display the current configuration for network security notifications, enter the show snmp-server traps command.
  • Page 320: Enabling Link-Change Traps

    Figure 13-11. Display of Configured Network Security Notifications Enabling Link-Change Traps By default a switch is enabled to send a trap when the link state on a port changes from up to down (linkDown) or down to up (linkUp). To reconfigure the switch to send link-change traps to configured trap receivers, enter the snmp-server enable traps link-change command.
  • Page 321: Configuring The Source Ip Address For Snmp Notifications

    Configuring the Source IP Address for SNMP Notifications The switch uses an interface IP address as the source IP address in IP headers when sending SNMP notifications (traps and informs) or responses to SNMP requests. For multi-netted interfaces, the source IP address is the IP address of the outbound interface of the SNMP reply, which may differ from the destination IP address in the IP header of the received request.
  • Page 322 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch To configure the switch to use a specified source IP address in generated trap PDUs, enter the snmp-server trap-source command. Syntax: [no] snmp-server trap-source [<ipv4-addr >] N o t e s...
  • Page 323: Displaying Snmp Notification Configuration

    Displays the currently configured notification settings for versions SNMPv1 and SNMPv2c traps, including SNMP communities, trap receivers, link-change traps, and network security notifications. Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Unrestricted dstIpOfRequest: The destination IP address of the interface on which...
  • Page 324 Using SNMP Tools To Manage the Switch In the following example, the show snmp-server command output shows that the switch has been configured to send SNMP traps and notifications to management stations that belong to the “public”, “red-team”, and “blue-team”...
  • Page 325: Advanced Management: Rmon

    History (of the supported Ethernet statistics) ■ Event The RMON agent automatically runs in the switch. Use the RMON management station on your network to enable or disable specific RMON traps and events. Note that you can access the Ethernet statistics, Alarm, and Event groups from the ProCurve Manager network management software.
  • Page 326: Lldp (Link-Layer Discovery Protocol)

    To standardize device discovery on all ProCurve switches, LLDP will be implemented while offering limited read-only support for CDP as documented in this manual. For the latest information on your switch model, consult the Release Notes (available on the ProCurve Networking web site). If LLDP has...
  • Page 327: Terminology

    LLDP and is designed to support VoIP deployments. N o t e LLDP-MED is an extension for LLDP, and the switch requires that LLDP be enabled as a prerequisite to LLDP-MED operation. An SNMP utility can progressively discover LLDP devices in a network by: 1. Reading a given device’s Neighbors table (in the Management Information...
  • Page 328 LLDP Neighbor: An LLDP device that is either directly connected to another LLDP device or connected to that device by another, non-LLDP Layer 2 device (such as a hub) Note that an 802.1D-compliant switch does not forward LLDP data packets even if it is not LLDP-aware.
  • Page 329: General Lldp Operation

    (That is, some TLVs include multiple data points or subelements.) General LLDP Operation An LLDP packet contains data about the transmitting switch and port. The switch advertises itself to adjacent (neighbor) devices by transmitting LLDP data packets out all ports on which outbound LLDP is enabled, and reading LLDP advertisements from neighbor devices on ports that are inbound LLDP- enabled.