Page of 589
Download Print This PagePrint Bookmark

HP PROCURVE 6120 Management And Configuration Manual

Procurve series 6120 switches.
Hide thumbs
   
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589
ProCurve Series 6120 Switches
Management and Configuration Guide
August 2009

Advertising

   Related Manuals for HP PROCURVE 6120

   Summary of Contents for HP PROCURVE 6120

  • Page 1

    ProCurve Series 6120 Switches Management and Configuration Guide August 2009...

  • Page 2

    The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 4: Table Of Contents, Getting Started, Selecting A Management Interface

    Product Documentation About Your Switch Manual Set ......xxi Printed Publications......... . xxi Electronic Publications .

  • Page 5: Table Of Contents, Using The Menu Interface, Using The Command Line Interface (cli)

    Rebooting the Switch ........

  • Page 6: Table Of Contents, Using The Procurve Web Browser Interface

    Starting a Web Browser Interface Session with the Switch ......5-4 Using a Standalone Web Browser in a PC or UNIX Workstation .

  • Page 7: Table Of Contents, Switch Memory And Configuration

    Displaying the Current Flash Image Data ..... . 6-14 Switch Software Downloads ....... . . 6-16 Local Switch Software Replacement and Removal .

  • Page 8: Table Of Contents, Interface Access And System Information

    Using the Clear + Reset Button Combination To Reset the Switch to Its Default Configuration ......6-37 Transferring Startup-Config Files To or From a Remote Server .

  • Page 9: Table Of Contents, Configuring Ip Addressing, Time Protocols

    Web: Configuring IP Addressing ......8-10 How IP Addressing Affects Switch Operation ....8-11 IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads .

  • Page 10: Table Of Contents, Port Status And Configuration

    General Steps for Running a Time Protocol on the Switch: ..9-3 Disabling Time Synchronization ....... 9-3 SNTP: Viewing, Selecting, and Configuring .

  • Page 11: Table Of Contents, Port Trunking

    Configuring a Broadcast Limit on the Switch ....10-18 Configuring ProCurve Auto-MDIX ......10-19 Web: Viewing Port Status and Configuring Port Parameters .

  • Page 12: Table Of Contents, Port Traffic Controls

    Trunk Group Operation Using the “Trunk” Option ... . 11-26 How the Switch Lists Trunk Data ......11-27 Outbound Traffic Distribution Across Trunked Links .

  • Page 13: Table Of Contents

    Configuration Options ........13-40 Options for Reading LLDP Information Collected by the Switch . . 13-42 LLDP and LLDP-MED Standards Compatibility .

  • Page 14: Table Of Contents

    Overview ........... . A-3 Downloading Switch Software ....... . A-3 General Software Download Rules .

  • Page 15: Table Of Contents

    Switch-to-Switch Download ....... . A-22 Using PCM+ to Update Switch Software ..... . A-24 Copying Software Images .

  • Page 16: Table Of Contents

    Web Browser Access To View Port and Trunk Group Statistics B-13 Viewing the Switch’s MAC Address Tables ....B-14 Menu Access to the MAC Address Views and Searches ..B-14 CLI Access for MAC Address Views and Searches .

  • Page 17: Table Of Contents

    VLAN-Related Problems ........C-21 Using the Event Log for Troubleshooting Switch Problems ..C-24 Traffic Selection Options .

  • Page 18: Table Of Contents

    Event Log Entries ......... C-24 Menu: Displaying and Navigating in the Event Log .

  • Page 19: Table Of Contents

    Determining MAC Addresses ........D-3 Menu: Viewing the Switch’s MAC Addresses ....D-4 CLI: Viewing the Port and VLAN MAC Addresses .

  • Page 20: Table Of Contents

    Example ..........G-5 OOBM and Switch Applications ......G-6 Tasks .

  • Page 22: Product Documentation

    Product Documentation About Your Switch Manual Set N o t e For the latest version of switch documentation, please visit any of the follow- ing websites: www.procurve.com/manuals www.hp.com/go/bladesystem/documentation h18004.www1.hp.com/products/blades/components/c-class-tech-installing.html Printed Publications The publication listed below is printed and shipped with your switch. The latest version is also available in PDF format, as described in the Note at the top of this page.

  • Page 23

    Software Feature Index This feature index indicates which manual to consult for information on a given software feature. N o t e This Index does not cover IPv6 capable software features. For information on IPv6 protocol operations and features (such as DHCPv6, DNS for IPv6, and Ping6), refer to the IPv6 Configuration Guide.

  • Page 24

    Intelligent Edge Software Features Downloading Software Event Log Factory Default Settings Flow Control (802.3x) File Transfers Friendly Port Names GVRP Identity-Driven Management (IDM) IGMP Interface Access (Telnet, Console/Serial, Web) IP Addressing Jumbo Packets LACP LLDP LLDP-MED Loop Protection MAC Address Management MAC Lockdown MAC Lockout MAC-based Authentication...

  • Page 25

    Intelligent Edge Software Features Port Monitoring Port Security Port Status Port Trunking (LACP) Port-Based Access Control (802.1X) Protocol VLANS Quality of Service (QoS) RADIUS Authentication and Accounting RADIUS-Based Configuration RMON 1,2,3,9 Secure Copy SFTP SNMPv3 Software Downloads (SCP/SFTP, TFPT, Xmodem) Source-Port Filters Spanning Tree (STP, RSTP, MSTP) SSHv2 (Secure Shell) Encryption...

  • Page 26

    Intelligent Edge Software Features VLANs Web Authentication RADIUS Support Web-based Authentication Web UI Manual Management Advanced Multicast and Traffic Configuration Management Access Routing Security Guide...

  • Page 27: Contents

    IP Addressing ..........1-8 To Set Up and Install the Switch in Your Network ....1-8 Physical Installation .

  • Page 28: Introduction, Conventions, Command Syntax Statements

    Getting Started Introduction Introduction This guide is intended for use with the HP ProCurve 6120G/XG and 6120GX switches. It describes how to use the command line interface (CLI), Menu interface, and web browser to configure, manage, monitor, and troubleshoot switch opera- tion.

  • Page 29: Command Prompts, Screen Simulations, Configuration And Operation Examples, Keys

    Command Prompts In the default configuration, your switch displays a CLI prompt similar to the following examples: ProCurve 6120G/XG Blade Switch# ProCurve 6120XG Blade Switch# To simplify recognition, this guide uses ProCurve to represent command prompts. For example: ProCurve# (You can use the hostname command to change the text in the CLI prompt.) Screen Simulations Displayed Text.

  • Page 30: Sources For More Information

    “Software Feature Index” on page xiv. N o t e For the latest version of all HP ProCurve switch documentation referred to below, including Release Notes covering recently added features, visit any of the following web sites: www.procurve.com/manuals...

  • Page 31

    • file transfers, switch monitoring, troubleshooting, and MAC address management ■ Advanced Traffic Management Guide—Use this guide for information on topics such as: • VLANs: Static port-based and protocol VLANs, and dynamic GVRP VLANs • spanning-Tree: 802.1D (STP), 802.1w (RSTP), and 802.1s (MSTP) •...

  • Page 32: Getting Documentation From The Web, Online Help, Menu Interface

    Getting Started Sources for More Information Getting Documentation From the Web To obtain the latest versions of documentation and release notes for your switch, go to any of the following web sites: www.procurve.com/manuals www.hp.com/go/bladesystem/documentation h18004.www1.hp.com/products/blades/components/c-class-tech-installing.html Online Help Menu Interface If you need information on specific parameters in the menu interface, refer to the online help provided in the interface.

  • Page 33: Command Line Interface, Web Browser Interface

    Figure 1-3. Example of CLI Help Web Browser Interface If you need information on specific features in the HP ProCurve Web Browser Interface (hereafter referred to as the “web browser interface”), use the online Help. You can access the Help by clicking on the question mark button in the upper right corner of any of the web browser interface screens.

  • Page 34: Need Only A Quick Start?, Ip Addressing

    Need Only a Quick Start? IP Addressing If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, ProCurve recommends that you use the Switch Setup screen to quickly configure IP addressing. To do so, do one of the following: Enter setup at the CLI Manager level prompt.

  • Page 35

    Interpreting LED behavior. ■ For the latest version of the Installation and Getting Started Guide for your switch, refer to “Getting Documentation From the Web” on page 1-6. Getting Started To Set Up and Install the Switch in Your Network...

  • Page 36

    Selecting a Management Interface Contents Overview ........... . . 2-2 Understanding Physical Interfaces .

  • Page 37: Overview, Understanding Physical Interfaces

    Administrator (OA) provides out-of-band access. For detailed instructions on how to login to the OA, refer to the Installa- tion and Getting Stated Guide for the switch. See the HP BladeSystem Onboard Administrator User Guide for details on OA setup. For infor-...

  • Page 38: Understanding Management Interfaces

    VT-100/ANSI console built into the switch—2-5 Web browser interface --a switch interface offering status information ■ and a subset of switch commands through a standard web browser (such as Netscape Navigator or Microsoft Internet Explorer)—2-6 ■ ProCurve Manager (PCM)—a windows-based network management solution included in-box with all manageable ProCurve devices.

  • Page 39: Advantages Of Using The Menu Interface

    ■ Offers out-of-band access through the RS-232 connection and through the OA network to the switch, so network bottlenecks, crashes, lack of configured or correct IP address, and network downtime do not slow or prevent access Enables Telnet (in-band) access to the menu functionality.

  • Page 40: Advantages Of Using The Cli, General Benefits, Information On Using The Cli

    ProCurve(vlan-1)# Figure 2-2. Command Prompt Examples General Benefits ■ Provides access to the complete set of the switch configuration, perfor- mance, and diagnostic features. Offers out-of-band access through the RS-232 connection and through the ■ through the OA network, or Telnet (in-band) access.

  • Page 41: Advantages Of Using The Web Browser Interface

    Advantages of Using the Web Browser Interface Advantages of Using the Web Browser Interface Figure 2-3. Example of the Web Browser Interface Easy access to the switch from anywhere on the network ■ Familiar browser interface--locations of window objects consistent ■...

  • Page 42: Or Procurve Manager Plus

    Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus Advantages of Using ProCurve Manager or ProCurve Manager Plus You can operate ProCurve Manager and ProCurve Manager Plus (PCM and PCM+) from a PC on the network to monitor traffic, manage your hubs and switches, and proactively recommend network changes to increase network uptime and optimize performance.

  • Page 43

    Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus PCM and PCM+ enable greater control, uptime, and performance in your network: ■ Features and benefits of ProCurve Manager: • • • • • Features and benefits of ProCurve Manager Plus: ■...

  • Page 44: Web Browser Interfaces, Banner Operation With Telnet, Serial, Or Sshv2 Access

    Custom Login Banners for the Console and Web Browser Interfaces You can configure the switch to display a login banner of up to 3070 characters when an operator initiates a management session with the switch through any of the following methods: ■...

  • Page 45: Configuring And Displaying A Non-default Banner

    Following entry of the correct username/password information (or if no username/password is required), the switch then displays either the Registra- tion page or the switch’s home page. Note that if the banner feature is disabled or if the switch is using the factory-default banner shown in figure 2-5, then the banner page does not appear in the Web browser when an operator initiates a login session with the switch.

  • Page 46: Example Of Configuring And Displaying A Banner

    Advantages of Using ProCurve Manager or ProCurve Manager Plus Example of Configuring and Displaying a Banner Suppose a system operator wanted to configure the following banner message on her company’s switches: This is a private system maintained by the Allied Widget Corporation. Unauthorized use of this system can result in civil and criminal penalties! In this case, the operator will use the [Enter] key to create line breaks, blank...

  • Page 47

    "public" Unrestricted Figure 2-7. The Current Banner Appears in the Switch’s Running-Config File The next time someone logs onto the switch’s management CLI, the following appears: Figure 2-8. Example of CLI Result of the Login Banner Configuration 2-12 Editor;...

  • Page 48: Operating Notes

    Advantages of Using ProCurve Manager or ProCurve Manager Plus If someone uses a Web browser to log in to the switch interface, the following message appears: Figure 2-9. Example of Web Browser Interface Result of the Login Banner Configuration Operating Notes ■...

  • Page 49

    Rebooting the Switch ........

  • Page 50

    Event Log, and the Operator level in the CLI. After you configure passwords on the switch and log off of the interface, access to the menu interface (and the CLI and web browser interface) will require entry of either the Manager or Operator password.

  • Page 51: Starting And Ending A Menu Session

    Starting and Ending a Menu Session You can access the menu interface using any of the following: A direct serial connection to the switch’s console port, as described in the ■ installation and getting started guide you received with the switch ■...

  • Page 52: How To Start A Menu Interface Session

    Starting and Ending a Menu Session How To Start a Menu Interface Session In its factory default configuration, the switch console starts with the CLI prompt. To use the menu interface with Manager privileges, go to the Manager level prompt and enter the Use one of these methods to connect to the switch: •...

  • Page 53: How To End A Menu Session And Exit From The Console:

    For a description of Main Menu features, see “Main Menu Features” on page 3-7. N o t e To configure the switch to start with the menu interface instead of the CLI, go to the Manager level prompt in the CLI, enter the resulting display, change the mation, see the Installation and Getting Started Guide you received with the switch.

  • Page 54

    Telnet session. If you have made configuration changes that require a switch reboot— that is, if an asterisk (*) appears next to a configured item or next to Switch Configuration in the Main Menu: b. Press Rebooting the switch terminates the menu session, and, if you are using Telnet, disconnects the Telnet session.

  • Page 55: Main Menu Features

    The Main Menu gives you access to these Menu interface features: ■ Status and Counters: Provides access to display screens showing switch information, port status and counters, and port and VLAN address tables. (Refer to Appendix B, “Monitoring and Analyzing Switch Opera- tion”.) Switch Configuration: Provides access to configuration screens for ■...

  • Page 56

    (Refer to the Installation and Getting Started Guide for your switch.) Logout: Closes the Menu interface and console session, and disconnects ■ Telnet access to the switch. (See “How to End a Menu Session and Exit from the Console” on page 3-5.)

  • Page 57: Screen Structure And Navigation

    Screen Structure and Navigation Menu interface screens include these three elements: ■ Parameter fields and/or read-only information such as statistics Navigation and configuration actions, such as Save, Edit, and Cancel ■ ■ Help line to describe navigation options, individual parameters, and read- only data For example, in the following System Information screen: Screen title –...

  • Page 58

    (or flash) memory, and it is therefore not necessary to reboot the switch after making these changes. But if an asterisk appears next to any menu item you reconfigure, the switch will not activate or save the change for that item until you reboot the switch.

  • Page 59

    To get Help on individual parameter descriptions. In most screens there is a Help option in the Actions line. Whenever any of the items in the Actions line is highlighted, press For example: Highlight on any item in the Actions line indicates that the Actions line is active.

  • Page 60: Rebooting The Switch

    To Reboot the switch, use the Reboot Switch option in the Main Menu. (Note that Reboot Switch is not available if you log on in Operator mode; that is, if you enter an Operator password instead of a manager password at the password prompt.)

  • Page 61

    If you make configuration changes in the menu interface that require a reboot, the switch displays an asterisk (*) next to the menu item in which the change has been made. For example, if you change and save the value for the Maximum...

  • Page 62: Menu Features List

    • • • • • • Console Passwords Event Log Command Line (CLI) Reboot Switch Download OS (Download Switch Software) Run Setup Logout 3-14 General System Information Switch Management Address Information Port Status Port Counters Address Table Port Address Table...

  • Page 63: Where To Go From Here

    The following table indicates where to turn for detailed information on how to use the individual features available through the menu interface. Option: To use the Run Setup option To view and monitor switch status and counters To learn how to configure and use passwords and other security features...

  • Page 64

    Using the Command Line Interface (CLI) Contents Overview ........... . . 4-2 Accessing the CLI .

  • Page 65: Accessing The Cli, Overview, Using The Cli

    You can access the console out-of-band by directly connect- ing a terminal device to the switch, or in-band by using Telnet either from a terminal device or through the web browser interface.

  • Page 66: Privilege Levels At Logon

    Access Security Guide for your switch.) When you use the CLI to log on to the switch, and passwords are set, you will be prompted to enter a password. For example: Password Prompt Figure 4-1.

  • Page 67: Privilege Level Operation, Operator Privileges

    A “>” character delimits the Operator-level prompt. For example: ProCurve> _ When using enable to move to the Manager level, the switch prompts you for the Manager password if one has already been configured. 1. Operator Level 2.

  • Page 68: Manager Privileges

    Global Configuration level: Provides all Operator and Manager level privileges, and enables you to make configuration changes to any of the switch’s software features. The prompt for the Global Configuration level includes the system name and “(config)”. To select this level, enter the config command at the Manager prompt.

  • Page 69

    Operator and Manager commands. For a list of available commands, enter Execute context-specific configuration commands, such as a particular VLAN or switch port. This is useful for shortening the command strings you type, and for entering a series of commands for the same context. For a list of available commands, enter at the prompt.

  • Page 70: How To Move Between Levels

    ProCurve Moving Between the CLI and the Menu Interface. When moving between interfaces, the switch retains the current privilege level (Manager or Operator). That is, if you are at the Operator level in the menu and select the Command Line Interface (CLI) option from the Main Menu, the CLI prompt appears at the Operator level.

  • Page 71: Listing Commands And Command Options, Listing Commands Available At Any Privilege Level

    If you subsequently execute write memory in the CLI, then the switch also stores “Y” as the IP address for VLAN 1 in the startup-config file. (For more on the startup-config and running config files, see Chapter 6, “Switch Memory and Configuration”.)

  • Page 72

    Typing ? at the Manager level produces this listing: When - - MORE - - appears, use the Space bar or [Return] to list additional commands. Figure 4-4.Example of the Manager-Level Command Listing When - - MORE - - appears, there are more commands in the listing. To list the next screenfull of commands, press the Space bar.

  • Page 73: Listing Command Options

    Figure 4-5. Example of How To List the Options for a Specific Command 4-10 [Tab] after a completed command word lists the further options for [Tab] [Tab] This example displays the command options for configuring the switch’s console settings. , the [Tab] . For example, suppose you want...

  • Page 74: Displaying Cli "help", Displaying Cli "help

    Displaying CLI “Help” CLI Help provides two types of context-sensitive information: ■ Command list with a brief summary of each command’s purpose Detailed information on how to use individual commands ■ Displaying Command-List Help. Syntax: help For example, to list the Operator-Level commands with their purposes: Figure 4-6.

  • Page 75

    Using the Command Line Interface (CLI) Using the CLI Figure 4-7.Example of How To Display Help for a Specific Command Note that trying to list the help for an individual command from a privilege level that does not include that command results in an error message. For example, trying to list the help for the interface command while at the global configuration level produces this result: ProCurve# speed-duplex help...

  • Page 76: Configuration Commands And The Context Configuration Modes

    However, using a context mode enables you to execute context-specific commands faster, with shorter command strings. The switch offers interface (port or trunk group) and VLAN context configu- ration modes: Port or Trunk-Group Context. Includes port- or trunk-specific commands that apply only to the selected port(s) or trunk group, plus the global config- uration, Manager, and Operator commands.

  • Page 77

    Using the Command Line Interface (CLI) Using the CLI The remaining commands in the listing are Manager, Operator, and context commands. Figure 4-8. Context-Specific Commands Affecting Port Context 4-14 In the port context, the first block of commands in the “?” listing show the context-specific commands that will affect only ports C3-C6.

  • Page 78

    VLAN, plus Manager and Operator commands. The prompt for this mode includes the VLAN ID of the selected VLAN. For example, if you had already configured a VLAN with an ID of 100 in the switch: ProCurve(config)# vlan 100 Command executed at configuration level to enter VLAN 100 context.

  • Page 79: Cli Control And Editing, Executing A Prior Command—redo, Repeating Execution Of A Command

    Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing Executing a Prior Command—Redo The redo command executes a prior command in the history list. Syntax: redo [number | command-str] ProCurve(config)# show history ProCurve(config)# redo 2 IP ARP table IP Address ---------------...

  • Page 80

    Syntax: repeat [cmdlist] [count] [delay] For example: ProCurve(config)# repeat 1-4,7-8,10 count 2 delay 3 ProCurve(config)# show history show ver show ip show arp ProCurve(config)# repeat 1-2 IP ARP table IP Address MAC Address --------------- ----------------- ------- ---- 15.255.128.1 000000-000000 Internet (IP) Service IP Routing : Disabled Default Gateway : Default TTL...

  • Page 81: Using A Command Alias

    Using the Command Line Interface (CLI) CLI Control and Editing Using a Command Alias You can create a simple command alias to use in place of a command name and its options. Choose an alias name that is not an existing CLI command already.

  • Page 82

    ProCurve(config)# show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi Status and Counters - Custom Port Status Port Name Type ---- ---------- ---------- ----- --------- ------- ------- -------- Acco 100/1000T Huma 100/1000T Deve 100/1000T Lab1 100/1000T ProCurve(config)# alias sic “show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi”...

  • Page 83: Cli Shortcut Keystrokes

    Using the Command Line Interface (CLI) CLI Control and Editing ProCurve(config)# show alias Name -------------------- ------------------------------ show config show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi Figure 4-13. Example of Alias Commands and Their Configurations CLI Shortcut Keystrokes Keystrokes [Ctrl] [A] [Ctrl] [B]...

  • Page 84

    Starting a Web Browser Interface Session with the Switch ......5-4 Using a Standalone Web Browser in a PC or UNIX Workstation .

  • Page 85

    Overview Overview The ProCurve web browser interface built into the switch lets you easily access the switch from a browser-based PC on your network. This lets you do the following: ■ Optimize your network uptime by using the Alert Log and other diagnostic...

  • Page 86: General Features

    General Features The web browser interface includes these features: Switch Identity and Status: • General system data • Software version • IP address • Status Overview • Port utilization • Port counters • Port status • Alert log Switch Configuration: •...

  • Page 87: Interface Session With The Switch

    Contact your network administrator to enquire about DNS names associated with your ProCurve switch. Type the IP address (or DNS name) of the switch in the browser Location or Address (URL) field and press Directly connected to your network Connected through remote access to your network applets are enabled for your browser.

  • Page 88: Procurve Manager Plus (pcm+)

    ProCurve Manager and ProCurve Manager Plus are designed for installation on a network management workstation. For this reason, the system require- ments are different from the system requirements for accessing the switch’s web browser interface from a non-management PC or workstation. For PCM and PCM+ requirements, refer to the information provided with the software.

  • Page 89

    Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Switch First time install alert Figure 5-1. Example of Status Overview Screen...

  • Page 90: Tasks For Your First Procurve Web Browser Interface Session, Viewing The "first Time Install" Window

    Set access to the web browser interface online help Viewing the “First Time Install” Window When you access the switch’s web browser interface for the first time, the Alert log contains a “First Time Install” alert, as shown in figure 5-2. This gives...

  • Page 91: In The Browser Interface

    Guide for your switch. You may want to create both a username and a password to create access security for your switch. There are two levels of access to the interface that can be controlled by setting user names and passwords: ■...

  • Page 92

    Passwords you assign in the web browser interface will overwrite previous passwords assigned in either the web browser interface, the CLI, or the menu interface. That is, the most recently assigned passwords are the switch’s passwords, regardless of which interface was used to assign the string.

  • Page 93: Entering A User Name And Password, Using A User Name, If You Lose The Password

    The manager and operator passwords are used to control access to all switch interfaces. Once set, you will be prompted to supply the password every time you try to access the switch through any of its interfaces. The password you enter determines the capability you have during that session: ■...

  • Page 94: Online Help For The Web Browser Interface

    The Clear button is provided for your convenience, but its presence means that if you are concerned with the security of the switch configuration and operation, you should make sure the switch is installed in a secure location, such as a locked wiring closet. (For more information, refer to “Front Panel Security”...

  • Page 95: Support/mgmt Urls Feature

    ■ 3. Enter one of the following (or use the default setting): – The URL for the support information source you want the switch to access when you click on the web browser interface Support tab. The default is the URL for the ProCurve Networking home page.

  • Page 96: Support Url, Help And The Management Server Url

    For technical support, go to: www.hp.com/#Support. Help and the Management Server URL The Management Server URL field specifies the URL the switch uses to find online Help for the web browser interface. ■ If you install PCM (ProCurve Manager) in your network, the PCM manage- ment station acts as the web browser Help server for the switch and automatically inserts the necessary URL in this field.

  • Page 97: Using The Pcm Server For Switch Web Help

    Using the PCM Server for Switch Web Help For ProCurve devices that support the “Web Help” feature, you can use the PCM server to host the switch help files for devices that do not have HTTP access to the ProCurve Support Web site.

  • Page 98

    Add an entry, or edit the existing entry in the Discovery portion of the global properties (globalprops.prp) in PCM to redirect the switches to the help files on the PCM server. For example: Global { TempDir=data/temp Discovery{ DeviceHelpUrlRedirect=http://15.29.37.12.8040/rnd/device_help You will enter the IP address for your PCM server. 8040 is the standard port number to use.

  • Page 99: Status Reporting Features, The Overview Window

    Using the ProCurve Web Browser Interface Status Reporting Features Status Reporting Features Browser elements covered in this section include: The Overview window (below) ■ ■ Port utilization and status (page 5-17) ■ The Alert log (page 5-20) The Status bar (page 5-22) ■...

  • Page 100: The Port Utilization And Status Displays, Port Utilization

    The Port Utilization and Status Displays The Port Utilization and Status displays show an overview of the status of the switch and the amount of network activity on each port. The following figure shows a sample reading of the Port Utilization and Port Status.

  • Page 101

    Using the ProCurve Web Browser Interface Status Reporting Features % Error Pkts Rx: All error packets received by the port. (This indicator ■ is a reddish color on many systems.) Although errors received on a port are not propagated to the rest of the network, a consistently high number of errors on a specific port may indicate a problem on the device or network segment connected to the indicated port.

  • Page 102: Port Status

    Note that the Port Fault-Disabled symbol will be displayed in the legend only if one or more of the ports is in that status. See Appendix B, “Monitoring and Analyzing Switch Opera- tion” for more information.

  • Page 103: The Alert Log, Sorting The Alert Log Entries

    The web browser interface Alert Log, shown in the lower half of the screen, shows a list of network occurrences, or alerts, that were detected by the switch. Typical alerts are Broadcast Storm, indicating an excessive number of broadcasts received on a port, and Problem Cable, indicating a faulty cable. A full list of alerts is shown in the table on page 5-21.

  • Page 104: Alert Types And Detailed Views

    N o t e When troubleshooting the sources of alerts, it may be helpful to check the switch’s Port Status and Port Counter windows, or use the CLI or menu interface to view the switch’s Event Log. When you double click on an Alert Entry, the web browser interface displays a separate window showing information about the event.

  • Page 105: The Status Bar

    Using the ProCurve Web Browser Interface Status Reporting Features Figure 5-14. Example of Alert Log Detail View The Status Bar The Status Bar appears in the upper left corner of the web browser interface window. Figure 5-15 shows an expanded view of the status bar. Status Indicator Figure 5-15.

  • Page 106

    Yellow Warning Critical System Name. The name you can configure for the switch by using the ■ System Info window (under the Configuration tab), the hostname < ascii- string > command in the CLI, or the System Name field in the "System Information"...

  • Page 107: Setting Fault Detection Policy

    Setting Fault Detection Policy One of the powerful features in the web browser interface is the Fault Detection facility. For your switch, this feature controls the types of alerts reported to the Alert Log based on their level of severity.

  • Page 108

    Log Network Problems is High Sensitivity. The Fault Detection settings are: ■ High Sensitivity. This policy directs the switch to send all alerts to the Alert Log. This setting is most effective on networks that have none or few problems.

  • Page 109

    Displaying the Current Flash Image Data ..... . 6-14 Switch Software Downloads ....... . . 6-16 Local Switch Software Replacement and Removal .

  • Page 110: Table Of Contents

    Using the Clear + Reset Button Combination To Reset the Switch to Its Default Configuration ......6-37 TFTP: Copying a Configuration File to a Remote Host .

  • Page 111: Configuration File Management, Overview

    Running Config File: Exists in volatile memory and controls switch ■ operation. If no configuration changes have been made in the CLI since the switch was last booted, the running-config file is identical to the startup-config file. Switch Memory and Configuration...

  • Page 112

    ■ to preserve the most recently-saved configuration as the “permanent” configuration. Booting the switch replaces the current running-config file with a new run- ning-config file that is an exact copy of the current startup-config file. N o t e Any of the following actions boots the switch: •...

  • Page 113

    CLI to the Menu interface without first using write memory to save the change to the startup-config file, then the switch prompts you to save the change. For example, if you use the CLI to create VLAN 20, and then select the menu interface, VLAN 20 is configured in the running-config file, but not in the startup-config file.

  • Page 114: Using The Cli To Implement Configuration Changes

    How To Use the CLI To Reconfigure Switch Features. Use this proce- dure to permanently change the switch configuration (that is, to enter a change in the startup-config file). Use the appropriate CLI commands to reconfigure the desired switch parameters.

  • Page 115

    For example, the default port mode setting is uses Cat 3 wiring and you want to connect the switch to another autosensing device capable of 100 Mbps operation. Because 100 Mbps over Cat 3 wiring can introduce transmission problems, the recommended port mode is which allows the port to negotiate full- or half-duplex, but restricts speed to 10 Mbps.

  • Page 116

    If you use the CLI to change a parameter setting, and then execute the command without first executing the change, the switch prompts you to specify whether to save the changes in the current running-config file. For example: ProCurve(config)# interface e 1 disable...

  • Page 117

    (figure 6-6-2, above) to save the change to the startup-config file. That is, if you use the CLI to change a parameter setting, but then reboot the switch from either the CLI or the menu interface without first executing the...

  • Page 118: Configuration Changes, Menu: Implementing Configuration Changes

    Using the Menu and Web Browser Interfaces To Implement Configuration Changes The menu and web browser interfaces offer these advantages: Quick, easy menu or window access to a subset of switch configuration ■ features Viewing several related configuration parameters in the same screen, with ■...

  • Page 119: Rebooting From The Menu Interface

    To Reboot the switch, use the Reboot Switch option in the Main Menu. (Note that the Reboot Switch option is not available if you log on in Operator mode; that is, if you enter an Operator password instead of a manager password at the password prompt.)

  • Page 120

    Rebooting To Activate Configuration Changes. Configuration changes for most parameters become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the VLANs to support (To access these parameters, go to the Main menu and select 2. Switch Configuration, then 8.

  • Page 121: Web: Implementing Configuration Changes

    Web: Implementing Configuration Changes You can use the web browser interface to simultaneously save and implement a subset of switch configuration changes without having to reboot the switch. That is, when you save a configuration change (in most cases, by clicking on [Apply Changes] config file and the startup-config file.

  • Page 122: Using Primary And Secondary Flash Image Options, Displaying The Current Flash Image Data

    For example, you can copy a problem image into Secondary flash for later analysis and place another, proven image in Primary flash to run your system. The switch can use only one image at a time.

  • Page 123

    For example, if the switch is using a software version of K.12.XX stored in Primary flash, show version produces the following: ProCurve(config)# show version Image stamp: /sw/code/build/vern(t4br) Jul 27 2009 13:42:40 Z.14.04 1037 Boot Image: Primary Build Options: Watchdog: ENABLED Figure 6-7.

  • Page 124: Switch Software Downloads

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options switch from the opposite flash image and using show version again, you can determine the version(s) of switch software in both flash sources. For exam- ple: ProCurve(config)# show version 1.

  • Page 125: Local Switch Software Replacement And Removal

    In this case, the switch will not have a valid flash image in either flash location, but will continue running on a temporary...

  • Page 126

    RAM will be cleared and the switch will go down. To recover, refer to “Restoring a Flash Image” on page C-77 (in the “Troubleshooting”...

  • Page 127: Operating Notes About Booting, Rebooting The Switch

    First verify that a usable flash image exists in secondary flash. The most reliable way to ensure this is to reboot the switch from the flash image you want to retain. For example, if you are planning to erase the primary...

  • Page 128: Boot And Reload Command Comparison

    In this case, the software simply assigns factory-default values to the parameters controlling the new features. Simi- larly, If you create a startup-config file while using a version “Y” of the switch software, and then reboot the switch with an earlier software version “X” that does not include all of the features found in “Y”, the software simply ignores...

  • Page 129: Setting The Default Flash

    Do you want to continue [y/n]? Figure 6-13.Example of boot set-default Command with Default Flash Set to Secondary (with a Redundant Management Module Present) Switch Memory and Configuration Using Primary and Secondary Flash Image Options Included In Included In Reload...

  • Page 130: Booting From The Default Flash (primary Or Secondary), Booting From A Specified Flash

    Using Primary and Secondary Flash Image Options Booting from the Default Flash (Primary or Secondary) The boot command boots the switch from the flash image that you are currently booted on, or the flash image that was set either by the boot set- default command or by the last executed boot system flash <primary | secondary>...

  • Page 131: Using Reload

    <primary | secondary> command. Because reload bypasses some subsystem self-tests, the switch reboots faster than if you use either of the boot command options. Syntax: reload For example, if you change the number of VLANs the switch supports, you must reboot the switch in order to implement the change.

  • Page 132

    Syntax: [no] reload [after <[dd:]hh:]mm> | at <hh:mm[:ss]> [<mm/dd[/[yy]yy]>]] The scheduled reload feature removes the requirement to physically reboot the switch at inconvenient times (for example, at 1:00 in the morning). Instead, a reload at 1:00 mm/dd command can be executed (where mm/dd is the date the switch is scheduled to reboot).

  • Page 133: Multiple Configuration Files

    This method of operation means that you cannot preserve different startup- config files across a reboot without using remote storage. The switch allows up to three startup-config files with options for selecting which startup-config file to use for: A fixed reboot policy using a specific startup-config file for a specific boot ■...

  • Page 134: General Operation

    (if the software version supports the configured features). Boot Options. With multiple startup-config files in the switch you can spec- ify a policy for the switch to use upon reboot. The options include: Use the designated startup-config file with either or both reboot paths ■...

  • Page 135: Transitioning To Multiple Configuration Files

    Use the CLI to make configuration changes in the running-config file, and then execute write mem. The result is that the startup-config file used to reboot the switch is modified by the actions in step 2. Active Startup-Config File: backupConfig...

  • Page 136

    Assigns the workingConfig file as the active configuration and the default ■ configuration for all subsequent reboots using either primary or second- ary flash. Figure 6-19. Switch Memory Assignments After the First Reboot from Software In the above state, the switch always: Uses the workingConfig file to reboot ■...

  • Page 137: Listing And Displaying Startup-config Files, Configuration Enabled

    File” on page 6-33 for the command you can use to change existing startup-config filenames. In the default configuration, if the switch was shipped from the factory with software installed in both the primary and secondary boot paths, then one startup-config file named config1 is used for both paths and is stored in memory slot 1.

  • Page 138: Displaying The Content Of A Specific Startup-config File, Changing Or Overriding The Reboot Configuration Policy

    (primary or secondary) being used for the current reboot. For exam- ple, when you first download a software version that supports multiple configuration files and boot from the flash location of this version, the switch copies the existing startup-config file (named oldConfig) into memory slot 2, renames this file to workingConfig, and assigns workingConfig as: ■...

  • Page 139

    The operator wants to ensure that in case of a need to reboot by pressing the Reset button, or if a power failure occurs, the switch will automatically reboot with the minimal startup-config file in memory slot 1. Since a reboot due to...

  • Page 140: Managing Startup-config Files In The Switch

    This command boots the switch from the currently active flash image and startup-config file. Because reload bypasses some subsystem self-tests, the switch boots faster than if you use a boot command. Note: To identify the currently active startup-config file, use the show config files command.

  • Page 141: Renaming An Existing Startup-config File, Creating A New Startup-config File

    Creating a New Startup-Config File The switch allows up to three startup-config files. You can create a new startup-config file if there is an empty memory slot or if you want to replace one startup-config file with another.

  • Page 142

    With two such versions in place, you can easily reboot the switch with the correct startup-config file for either software version. • If the destination startup-config file already exists, it is overwritten by the content of the source startup-config file.

  • Page 143: Erasing A Startup-config File

    Figure 6-21. Example of Creating and Assigning a New Startup-Config File N o t e You can also generate a new startup-config file by booting the switch from a flash memory location from which you have erased the currently assigned startup-config file.

  • Page 144

    Thus, if the switch boots using a flash location that does not have an assigned startup-config, then the switch creates a new, default startup-config file and uses this file in the reboot.

  • Page 145: Switch To Its Default Configuration, Transferring Startup-config Files To Or From A Remote Server

    With the same memory configuration as is shown in the bottom portion of figure 6-22, executing erase startup-config boots the switch from primary flash, resulting in a new file named minconfig in the same memory slot. The new file contains the default configuration for the software version currently in pri- mary flash.

  • Page 146: Tftp: Copying A Configuration File To A Remote Host

    TFTP: Copying a Configuration File to a Remote Host Syntax: For example, the following command copies a startup-config file named test- 01 from the switch to a (UNIX) TFTP server at IP address 10.10.28.14: ProCurve(config)# copy config test-01 tftp 10.10.28.14 test-01.txt unix 6-38 copy config <...

  • Page 147: Tftp: Copying A Configuration File From A Remote Host

    Band Management” in this guide for more information on out-of-band management. Note: This command requires an empty memory slot in the switch. If there are no empty memory slots, the CLI displays the following message: Unable to copy configuration to "< filename >".

  • Page 148: Connected Host

    This is an addition to the copy < config > xmodem command options. Use this command to upload a configuration file from the switch to an Xmodem host. The oobm parameter specifies that the copy operation will go out from the out-of-band management interface. If this parameter is not specified, the copy operation goes out from the data interface.

  • Page 149: Operating Notes For Multiple Configuration Files, Cli Command, Automatic Configuration Update With Dhcp Option 66

    C a u t i o n This feature must use configuration files generated on the switch to function correctly. If you use configuration files that were not generated on the switch, and then enable this feature, the switch may reboot continuously.

  • Page 150: Possible Scenarios For Updating The Configuration File, Operating Notes

    Operating Notes Replacing the Existing Configuration File: After the DHCP client down- loads the configuration file, the switch compares the contents of that file with the existing configuration file. If the content is different, the new configuration file replaces the existing file and the switch reboots.

  • Page 151: Log Messages

    Global DHCP Parameters: Global parameters are processed only if received on the primary VLAN. Best Offer: The “Best Offer” is the best DHCP or BootP offer sent by the DHCP server in response to the DHCPREQUEST sent by the switch. The criteria for selecting the “Best Offer” are: •...

  • Page 152

    Interface Access and System Information Contents Overview ........... . . 7-2 Interface Access: Console/Serial Link, Web, and Inbound Telnet .

  • Page 153

    Use the CLI kill command to terminate a remote session ■ ■ View and modify switch system information For help on how to actually use the interfaces built into the switch, refer to: ■ Chapter 3, “Using the Menu Interface” ■...

  • Page 154: Interface Access: Console/serial Link, Web, And Inbound Telnet

    Access Security Guide for your switch. You can also simply block unauthorized access via the web browser interface or Telnet (as described in this section) and installing the switch in a locked environment.

  • Page 155: Menu: Modifying The Interface Access

    ■ Web Agent Enabled ■ To Access the Interface Access Parameters: From the Main Menu, Select... 2. Switch Configuration... Figure 7-1. The Default Interface Access Parameters Available in the Menu Interface Press Use the arrow keys ( change. Refer to the online help provided with this screen for further information on configuration options for these features.

  • Page 156: Cli: Modifying The Interface Access

    [no] web-management console Listing the Current Console/Serial Link Configuration. This com- mand lists the current interface access parameter settings. Syntax: show console This example shows the switch’s default console/serial configuration. Interface Access Enable/Disable Console Control Options Figure 7-2. Listing of Show Console Command Reconfigure Inbound Telnet Access.

  • Page 157

    Telnet to another device that has an IP address. Syntax: telnet <ipv4-addr | ipv6-addr | hostname | switch-num> [oobm] For example, if the host “Labswitch” is in the domain abc.com, you can enter the following command and the destination is resolved to “Lab-...

  • Page 158

    Interface Access: Console/Serial Link, Web, and Inbound Telnet ProCurve(config)# show telnet Telnet Activity -------------------------------------------------------- Session : ** Privilege: Manager From : Console ------------------------------------------------------- Session : ** Privilege: Manager From : 12.13.14.10 : 15.33.66.20 ------------------------------------------------------- Session : ** Privilege: Operator From : 2001:db7:5:0:203:4ff:fe0a:251 : 2001:db7:5:0:203:4ff1:fddd:12 Figure 7-3.

  • Page 159

    Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet To disable web browser access: ProCurve(config)# no web-management To re-enable web browser access: ProCurve(config)# web-management Reconfigure the Console/Serial Link Settings. You can reconfigure one or more console parameters with one console command. Syntax: console [terminal <...

  • Page 160

    N o t e If you change the Baud Rate or Flow Control settings for the switch, you should make the corresponding changes in your console access device. Oth- erwise, you may lose connectivity between the switch and your terminal emulator due to differences between the terminal and switch settings for these two parameters.

  • Page 161

    Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet You can also execute a series of console commands and then save the configuration and boot the switch. For example: Configure individual parameters. Save the changes. Boot the switch.

  • Page 162: Sessions

    Syntax: kill [< session-number >] For example, if you are using the switch’s serial port for a console session and want to terminate a currently active Telnet session, you would do the follow- ing: Figure 7-6.

  • Page 163: System Information

    MAC Age Time: The number of seconds a MAC address the switch has learned remains in the switch’s address table before being aged out (deleted).

  • Page 164: Menu: Viewing And Configuring System Information

    Menu: Viewing and Configuring System Information To access the system information parameters: From the Main Menu, Select... 2. Switch Configuration... Figure 7-7. The System Information Configuration Screen (Default Values) N o t e To help simplify administration, it is recommended that you configure System Name to a character string that is meaningful within your system.

  • Page 165: Cli: Viewing And Configuring System Information

    Listing the Current System Information. This command lists the current system information settings. Syntax: show system information This example shows the switch’s default console configuration. ProCurve# show system information Status and Counters - General System Information System Name System Contact...

  • Page 166

    Syntax: hostname < name-string > snmp-server [contact <system-contact>] [location <system-location>] Each field allows up to 255 characters. For example, to name the switch “Blue” with “Next-4474” as the system contact, and “North-Data-Room” as the location: Interface Access and System Information...

  • Page 167

    Interface Access and System Information System Information Figure 7-10. System Information Listing After Executing the Preceding Commands The menu interface will only display up to 47 characters although you can specify a name up to 255 characters in length. A message beginning with “+” displays if the name exceeds 47 characters.

  • Page 168

    MENU ProCurve Switch 6120 ===========================- TELNET - MANAGER MODE =========================== Switch Configuration - System Information System Name : Blue Switch System Contact : Bill_Smith System Location : + characters of the location are missing. It’s too long. Inactivity Timeout (min) [0] : 0...

  • Page 169

    Also, executing time without param- eters lists the switch’s time of day and date. Note that the CLI uses a 24-hour clock scheme; that is, hour (hh) values from 1 p.m. to midnight are input as 13 - 24, respectively.

  • Page 170: Web: Configuring System Parameters

    Click on [System Info] Enter the data you want in the displayed fields. Implement your new data by clicking on To access the web-based help provided for the switch, click on browser screen. Interface Access and System Information System Information...

  • Page 171

    Web: Configuring IP Addressing ......8-10 How IP Addressing Affects Switch Operation ....8-11 IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads .

  • Page 172: Ip Configuration, Overview

    However, to enable specific management access and control through your network, you will need IP addressing. Table 8-1 on page 8-11 shows the switch features that depend on IP addressing to operate. IP Configuration...

  • Page 173: Just Want A Quick Start With Ip Addressing?

    In most cases, the default setting (64) is adequate. Just Want a Quick Start with IP Addressing? If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, ProCurve recommends that you use the Switch Setup screen to quickly configure IP addressing.

  • Page 174: Ip Addressing With Multiple Vlans

    In the factory-default configuration, the switch has one, permanent default VLAN (named DEFAULT_VLAN) that includes all ports on the switch. Thus, when only the default VLAN exists in the switch, if you assign an IP address and subnet mask to the switch, you are actually assigning the IP addressing to the DEFAULT_VLAN.

  • Page 175: Menu: Configuring Ip Address, Gateway, And Time-to-live (ttl)

    To manually enter an IP address, subnet mask, set the IP Config parameter ■ to Manual and then manually enter the IP address and subnet mask values you want for the switch. To use DHCP or Bootp, use the menu interface to ensure that the IP Config ■...

  • Page 176: Cli: Configuring Ip Address, Gateway, And Time-to-live (ttl)

    Configuring IP Addressing IP Configuration If the switch needs to access a router, for example, to reach off-subnet destinations, select the Default Gateway field and enter the IP address of the gateway router. If you need to change the packet Time-To-Live (TTL) setting, select Default TTL and type in a value between 2 and 255.

  • Page 177

    ID of the VLAN for which you are configuring IP addressing or go to the context configuration level for that VLAN. (If you are not using VLANs on the switch—that is, if the only VLAN is the default VLAN—then the VLAN ID is always “1”.)

  • Page 178

    ProCurve (config) no vlan 1 ip address 10.28.227.103/24 Configure Multiple IP Addresses on a VLAN (Multinetting). The fol- lowing is supported: Up to 2000 IP addresses for the switch ■ Up to 32 IP addresses for the same VLAN ■...

  • Page 179

    1. Go to VLAN 20. 2. Configure two additional IP addresses on VLAN 3. Display IP addressing. Figure 8-4. Example of Configuring and Displaying a Multinetted VLAN If you then wanted to multinet the default VLAN, you would do the following: Figure 8-5.

  • Page 180: Web: Configuring Ip Addressing

    ProCurve(config)# ip default-gateway 10.28.227.115 Note The switch uses the IP default gateway only while operating as a Layer 2 device. While routing is enabled on the switch, the IP default gateway is not used. Thus, to avoid loss of Telnet access to off-subnet management stations, you should use the ip route command to configure a static (default) route before enabling routing.

  • Page 181: How Ip Addressing Affects Switch Operation

    How IP Addressing Affects Switch Operation Without an IP address and subnet mask compatible with your network, the switch can be managed only through a direct terminal device connection to the OA console connection or the USB serial console. You can use direct- connect console access to take advantage of features that do not depend on IP addressing.

  • Page 182: Dhcp/bootp Operation

    DHCP/Bootp Operation Overview. DHCP/Bootp is used to provide configuration data from a DHCP or Bootp server to the switch. This data can be the IP address, subnet mask, default gateway, Timep Server address, and TFTP server address. If a TFTP server address is provided, this allows the switch to TFTP a previously saved configuration file from the TFTP server to the switch.

  • Page 183

    Depending on how the DHCP server is configured, the switch may receive an IP address that is temporarily leased. Periodically the switch may be required to renew its lease of the IP configuration. Thus, the IP addressing provided by the server may be different each time the switch reboots or renews its configuration from the server.

  • Page 184: Network Preparations For Configuring Dhcp/bootp

    6120switch T144 N o t e The above Bootp table entry is a sample that will work for the switch when the appropriate addresses and file names are used. Network Preparations for Configuring DHCP/Bootp In its default configuration, the switch is configured for DHCP/Bootp opera- tion.

  • Page 185

    If the DHCP/Bootp reply provides information for downloading a config- ■ uration file, the switch uses TFTP to download the file from the designated source, then reboots itself. (This assumes that the switch or VLAN has connectivity to the TFTP file server specified in the reply, that the config- uration file is correctly named, and that the configuration file exists in the TFTP directory.)

  • Page 186: Ip Preserve: Retaining Vlan-1 Ip Addressing Across Configuration File Downloads, Operating Rules For Ip Preserve

    For the switches covered in this guide, IP Preserve enables you to copy a configuration file to multiple switches while retaining the individual IP address and subnet mask on VLAN 1 in each switch, and the Gateway IP address assigned to the switch. This enables you to distribute the same configuration file to multiple switches without overwriting their individual IP addresses.

  • Page 187: Enabling Ip Preserve

    Figure 8-7. Example of IP Preserve Operation with Multiple Series Switches If you apply the following configuration file to figure 8-7, switches 1 - 3 will retain their manually assigned IP addressing and switch 4 will be configured to acquire its IP addressing from a DHCP server.

  • Page 188

    Figure 8-8. Configuration File in TFTP Server, with DHCP/Bootp Specified as the IP Addressing Source If you apply this configuration file to figure 8-7, switches 1 - 3 will still retain their manually assigned IP addressing. However, switch 4 will be configured with the IP addressing included in the file.

  • Page 189

    IP addressing instructions are in the configuration file. ■ If the switch did not receive its most recent VLAN 1 IP addressing from a DHCP/Bootp server, it retains its current IP addressing when it downloads the configuration file.

  • Page 190

    Protocol Operation ..........9-3 General Steps for Running a Time Protocol on the Switch: ..9-3 Disabling Time Synchronization .

  • Page 191: Timep Time Synchronization, Overview, Sntp Time Synchronization

    TimeP, with the TimeP mode itself set to Disabled. TimeP Time Synchronization You can either manually assign the switch to use a TimeP server or use DHCP to assign the TimeP server. In either case, the switch can get its time synchro- nization updates from only one, designated Timep server.

  • Page 192: Protocol Operation, General Steps For Running A Time Protocol On The Switch:, Disabling Time Synchronization

    N o t e To use Broadcast mode, the switch and the SNTP server must be in the same subnet. Unicast Mode: The switch requests a time update from the config- ■ ured SNTP server. (You can configure one server using the menu interface, or up to three servers using the CLI sntp server command.)

  • Page 193: Sntp: Viewing, Selecting, And Configuring

    Time Protocols SNTP: Viewing, Selecting, and Configuring In the System Information screen of the Menu interface, set the Time ■ Synch Method parameter to None, then press [Enter], then [S] (for Save). In the Global config level of the CLI, execute no timesync. ■...

  • Page 194: Menu: Viewing And Configuring Sntp

    The Default. SNTP does not operate, even if specified by the Menu interface Time Sync Method parameter or the CLI timesync command. Unicast Directs the switch to poll a specific server for SNTP time synchronization. Requires at least one server address. Broadcast Directs the switch to acquire its time synchronization from data broadcast by any SNTP server to the network broadcast address.

  • Page 195

    Use the Space bar to select the Unicast mode, then do the following: [>] to move the cursor to the Server Address field. Press ii. Enter the IP address of the SNTP server you want the switch to use for time synchronization. Time Protocol Selection Parameter – TIMEP – SNTP...

  • Page 196

    Note: The Menu interface lists only the highest priority SNTP server, even if others are configured. To view all SNTP servers configured on the switch, use the CLI show management command. Refer to “SNTP Unicast Time Polling with Multiple SNTP Servers” on page 9-25.

  • Page 197: Cli: Viewing And Configuring Sntp, Viewing The Current Sntp Configuration

    Viewing the Current SNTP Configuration Syntax: show sntp For example, if you configured the switch with SNTP as the time synchronization method, then enabled SNTP in broadcast mode with the default poll interval, show sntp lists the following: Page 9-10 and ff.,...

  • Page 198

    ------------- ---------------- This command can help you to easily examine and compare the IP addressing on the switch. It lists the IP addresses for all time servers configured on the switch, plus the IP addresses and default gateway for all VLANs configured on the switch.

  • Page 199: Configuring (enabling Or Disabling) The Sntp Mode

    Configuring (Enabling or Disabling) the SNTP Mode Enabling the SNTP mode means to configure it for either broadcast or unicast mode. Remember that to run SNTP as the switch’s time synchronization protocol, you must also select SNTP as the time synchronization method by using the CLI timesync command (or the Menu interface Time Sync Method parameter).

  • Page 200

    SNTP. However, for Unicast operation, you must also specify the IP address of at least one SNTP server. The switch allows up to three unicast servers. You can use the Menu interface or the CLI to configure one server or to replace an existing Unicast server with another.

  • Page 201

    Time Protocols SNTP: Viewing, Selecting, and Configuring second or third server, you must use the CLI. For more on SNTP operation with multiple servers, refer to “SNTP Unicast Time Polling with Multiple SNTP Servers” on page 9-25. Syntax: timesync sntp Syntax: sntp unicast Syntax: sntp server <ip-addr>...

  • Page 202

    ProCurve(config)# sntp unicast ProCurve(config)# sntp server 10.28.227.141 ProCurve(config)# show sntp SNTP Configuration Time Sync Mode: Sntp SNTP Mode : Unicast Poll Interval (sec) [720] : 720 Priority SNTP Server Address -------- ------------------------------- 2001:db8::215:60ff:fe79:8980 10.255.5.24 fe80::123%vlan10 Figure 9-8. Example of Configuring SNTP for Unicast Operation If the SNTP server you specify uses SNTP version 4 or later, use the sntp server command to specify the correct version number.

  • Page 203

    Syntax: no timesync For example, suppose SNTP is running as the switch’s time synchronization protocol, with Broadcast as the SNTP mode and the factory-default polling interval. You would halt time synchronization with this command:...

  • Page 204

    SNTP mode as disabled. Syntax: no sntp For example, if the switch is running SNTP in Unicast mode with an SNTP server at 10.28.227.141 and a server version of 3 (the default), no sntp changes the SNTP configuration as shown below, and disables time synchronization on the switch.

  • Page 205: Timep: Viewing, Selecting, And Configuring

    IP address via DHCP. If the switch receives a server address, it polls the server for updates according to the Timep poll interval. If the switch does not receive a Timep server IP address, it cannot perform time synchronization updates.

  • Page 206: Menu: Viewing And Configuring Timep

    To View, Enable, and Modify the TimeP Protocol: From the Main Menu, select: 2. Switch Configuration... ==========================- CONSOLE - MANAGER MODE -========================== Switch Configuration - System Information System Name : ProCurve System Contact : System Location : Inactivity Timeout (min) [0] : 0...

  • Page 207: Cli: Viewing And Configuring Timep

    This section describes how to use the CLI to view, enable, and configure TimeP parameters. 9-18 ii. Enter the IP address of the TimeP server you want the switch to use for time synchronization. Note: This step replaces any previously configured TimeP server IP address.

  • Page 208: Viewing The Current Timep Configuration

    SNTP is not the selected time protocol. (If the TimeP Mode is set to Disabled or DHCP, then the Server field does not appear.) For example, if you configure the switch with TimeP as the time synchroniza- tion method, then enable TimeP in DHCP mode with the default poll interval,...

  • Page 209: Configuring (enabling Or Disabling) The Timep Mode

    9-20 This command can help you to easily examine and compare the IP addressing on the switch. It lists the IP addresses for all time servers configured on the switch, plus the IP addresses and default gateway for all VLANs configured on the switch.

  • Page 210

    Enabling TimeP in DHCP Mode. Because the switch provides a TimeP polling interval (default: 720 minutes), you need only these two commands for a minimal TimeP DHCP configuration: Syntax: timesync timep Syntax: ip timep dhcp For example, suppose: Time synchronization is configured for SNTP.

  • Page 211

    Enabling Timep in Manual Mode. Like DHCP mode, configuring TimeP for Manual mode enables TimeP. However, for manual operation, you must also specify the IP address of the TimeP server. (The switch allows only one TimeP server.) To enable the TimeP protocol: Syntax: timesync timep Syntax: ip timep manual <...

  • Page 212

    Figure 9-17. Example of Configuring Timep for Manual Operation Changing the TimeP Poll Interval. This command lets you specify how long the switch waits between time polling intervals. The default is 720 minutes and the range is 1 to 9999 minutes. (This parameter is separate from the poll interval parameter used for SNTP operation.)

  • Page 213

    Time Sync Method option.) Syntax: no ip timep For example, if the switch is running TimeP in DHCP mode, no ip timep changes the TimeP configuration as shown below, and disables time synchronization.

  • Page 214: Sntp Unicast Time Polling With Multiple Sntp Servers

    Server Address parameter in the menu interface, or the primary server in a list of up to three SNTP servers configured using the CLI. If the switch does not receive a response from the primary server after three consecutive polling intervals, the switch tries the next server (if any) in the list.

  • Page 215: Adding And Deleting Sntp Server Addresses, Configured, Sntp Messages In The Event Log

    SNTP Messages in the Event Log If an SNTP time change of more than three seconds occurs, the switch’s event log records the change. SNTP time changes of less than three seconds do not appear in the Event Log.

  • Page 216

    Enabling or Disabling Flow Control ......10-17 Configuring a Broadcast Limit on the Switch ....10-18 Configuring ProCurve Auto-MDIX .

  • Page 217

    Port Status and Configuration Contents Configuring UDLD ......... 10-32 Viewing UDLD Information .

  • Page 218: Viewing Port Status And Configuring Port Parameters, Overview

    Devices (mode) mismatch. ■ To check the mode setting for a port on the switch, use either the Port Status screen in the menu interface (page 10-6) or show interfaces brief in the CLI (page 10-8). To display information about the transceivers installed on a switch, enter the show tech receivers command in the CLI (page 10-14).

  • Page 219

    • Auto-MDIX (default): Senses speed and negotiates with the port at the other end of the link for port operation (MDI-X or MDI). To see what the switch negotiates for the Auto setting, use the CLI show interfaces brief command or the “3. Port Status” option under “1. Status and Counters” in the menu interface.

  • Page 220

    • Automdix: Configures the port for automatic detection of the cable type (straight-through or crossover). • MDI: Configures the port to connect to a switch, hub, or other MDI-X device with a straight-through cable. • MDIX: Configures the port to connect to a PC or other MDI device with a straight-through cable.

  • Page 221: Menu: Port Configuration

    (if configured) any trunk groups. From the Main Menu, select: 1. Status and Counters In this example, ports A7 and A8 have previously been configured as a trunk group. Figure 10-1. Example of a Switch Port Status Screen 10-6 4. Port Status...

  • Page 222

    When you have finished making changes to the above parameters, press [Enter], then press [S] (for Save). Viewing Port Status and Configuring Port Parameters 2. Port/Trunk Settings Switch Configuration - Port/Trunk Settings Enabled Mode ------------ | Yes...

  • Page 223: Cli: Viewing Port Status And Configuring Port Parameters, Viewing Port Status And Configuration

    Lists the current operating status for all ports on the switch. config: Lists a subset of configuration data for all ports on the switch; that is, for each port, the display shows whether the port is enabled, the operating mode, and whether it is configured for flow control.

  • Page 224

    ProCurve(config)# show interfaces brief Status and Counters - Port Status | Intrusion Port Type | Alert ----- --------- + --------- ------- ------ ---------- 100/1000T | No 100/1000T | No 100/1000T | No 100/1000T | No 100/1000T | No 100/1000T | No Figure 10-3.

  • Page 225: Customizing The Show Interfaces Command

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Syntax: show interfaces display For example: ProCurve# show interfaces display Dynamically updates Figure 10-5. Example of show interfaces display Command with Dynamically Updating Output Customizing the Show Interfaces Command You can create show commands displaying the information that you want to see in any order you want by using the custom option.

  • Page 226

    Syntax: show interfaces custom [port-list] column-list Select the information that you want to display. Parameters include: port name ■ type ■ ■ vlan ■ intrusion ■ enabled ■ status ■ speed ■ ■ flow Columns supported are: Parameter Column Displays port Port identifier type...

  • Page 227: Error Messages

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)# show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi Status and Counters - Custom Port Status Port Name Type ---- ---------- ---------- ----- --------- ------- ------- -------- Acco 100/1000T Huma...

  • Page 228: Command, Viewing Port Utilization Statistics

    Viewing Port Utilization Statistics Use the show interface port-utilization command to view a real-time rate display for all ports on the switch. The following shows a sample output from this command. ProCurve(config)# show interfaces port-utilization Status and Counters - Port Utilization...

  • Page 229: Viewing Transceiver Status

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Operating Notes: For each port on the switch, the command provides a real-time display ■ of the rate at which data is received (Rx) and transmitted (Tx) in terms...

  • Page 230: Enabling Or Disabling Ports And Configuring Port Mode

    • Not a ProCurve Transceiver. Please go to: www.hp.com/rnd/device_help/2_inform for more info. Enabling or Disabling Ports and Configuring Port Mode You can configure one or more of the following port parameters. Refer to table 10-1 on pages 10-4 through 10-5.

  • Page 231

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Note that in the above syntax you can substitute an “int” for “interface”; that is: int < port-list >. The 10/100 auto-negotiation feature allows a port to establish a link with a port at the other end at either 10 Mbps or 100 Mbps, using the highest mutual speed and duplex mode available.

  • Page 232: Enabling Or Disabling Flow Control

    Off in the show interfaces brief port listing, even if flow control is configured as enabled on the port in the switch. (Refer to Figure 10-3 on page 10-9.) Also, the port (speed-duplex) mode must be set to Auto (the default).

  • Page 233: Configuring A Broadcast Limit On The Switch

    Figure 10-11. Example Continued from Figure 10-10 Figure 10-12. Example Continued from Figure 10-11 Configuring a Broadcast Limit on the Switch Broadcast-Limit on switches covered in this guide is configured on a per-port basis. You must be at the port context level for this command to work, for...

  • Page 234: Configuring Procurve Auto-mdix

    For a one Gbps port this results in a broadcast traffic rate of ten Mbps. Configuring ProCurve Auto-MDIX Copper ports on the switch can automatically detect the type of cable config- uration (MDI or MDI-X) on a connected device and adjust to operate appro- priately.

  • Page 235

    10/100/1000-T xl module ports Using the above ports: ■ If you connect a copper port using a straight-through cable on a switch to a port on another switch or hub that uses MDI-X ports, the switch port automatically operates as an MDI port.

  • Page 236

    PC or other MDI device with a crossover cable, or to a switch, hub, or other MDI-X device with a straight- through cable. mdix is the manual mode setting that configures the port for...

  • Page 237: Web: Viewing Port Status And Configuring Port Parameters

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Figure 10-13. Example of Displaying the Current MDI Configuration Figure 10-14. Example of Displaying the Current MDI Operating Mode Web: Viewing Port Status and Configuring Port Parameters In the web browser interface: Click on the Configuration tab.

  • Page 238: Using Friendly (optional) Port Names, Configuring And Operating Rules For Friendly Port Names

    ■ Blank spaces within friendly port names are not allowed, and if used, cause an invalid input error. (The switch interprets a blank space as a name terminator.) In a port listing, not assigned indicates that the port does not have a name ■...

  • Page 239: Configuring Friendly Port Names

    Syntax: no interface < port-list > name Configuring a Single Port Name. Suppose that you have connected port A3 on the switch to Bill Smith’s workstation, and want to assign Bill’s name and workstation IP address (10.25.101.73) as a port name for port A3: Figure 10-15.

  • Page 240: Displaying Friendly Port Names With Other Port Data

    Configuring the Same Name for Multiple Ports. Suppose that you want to use ports A5 through A8 as a trunked link to a server used by a drafting group. In this case you might configure ports A5 through A8 with the name “Draft-Server:Trunk”.

  • Page 241

    Syntax: show name [ port-list ] For example: Figure 10-17. Example of Friendly Port Name Data for All Ports on the Switch Figure 10-18. Example of Friendly Port Name Data for Specific Ports on the Switch Including Friendly Port Names in Per-Port Statistics Listings. A friendly port name configured to a port is automatically included when you display the port’s statistics output.

  • Page 242

    Syntax: show interface < port-number > Includes the friendly port name with the port’s traffic statistics listing. For example, if you configure port A1 with the name “O’Connor_10.25.101.43”, the show interface output for this port appears similar to the following: Figure 10-19.

  • Page 243

    Port Status and Configuration Using Friendly (Optional) Port Names For example, if you configure port A1 with a friendly port name: ; 498358-B21 Configuration Editor; Created on release #Z.14.04 Figure 10-20. Example Listing of the Startup-Config File with a Friendly Port Name Configured (and Saved) 10-28 This command sequence saves the friendly port name...

  • Page 244: Been Inserted, Transceivers, Modules, Clearing The Module Configuration

    Been Inserted Transceivers Previously, a port had to be valid and verified for the switch to allow it to be configured. Transceivers are removable ports and considered invalid when not present in the switch, so they cannot be configured unless they are already in the switch.

  • Page 245

    (new or same) can be used in the slot. ■ This does not clear the configuration of a module still in use by the switch. 10-30 Allows removal of the module configuration in the configura- tion file after the module has been removed.

  • Page 246: Uni-directional Link Detection (udld), Uni-directional Link Detection (udld), Uni-directional Link Detection (udld)

    ProCurve switches remains undetected. As a result, each switch continue to send traffic on the ports connected to the failed link. When UDLD is enabled on the trunk ports on each ProCurve switch, the switches detect the failed link, block the ports connected to the failed link, and use the remaining ports in the trunk group to forward the traffic.

  • Page 247: Configuring Udld

    UDLD-enabled port. When a port is blocked by UDLD, the event is recorded in the switch log or via an SNMP trap (if configured); and other port blocking protocols, like spanning tree or meshing, will not use the bad link to load balance packets.

  • Page 248: Enabling Udld

    ProCurve(config)#interface al-a4 link-keepalive N o t e When at least one port is UDLD-enabled, the switch will forward out UDLD packets that arrive on non-UDLD-configured ports out of all other non-UDLD- configured ports in the same vlan. That is, UDLD control packets will “pass through”...

  • Page 249: Changing The Keepalive Interval, Changing The Keepalive Retries, Configuring Udld For Tagged Ports

    The default implementation of UDLD sends the UDLD control packets untagged, even across tagged ports. If an untagged UDLD packet is received by a non-ProCurve switch, that switch may reject the packet. To avoid such an occurrence, you can configure ports to send out UDLD control packets that are tagged with a specified VLAN.

  • Page 250: Viewing Udld Information

    Figure 10-22. Example of Show Link-Keepalive Command Displays all the ports that are enabled for link-keepalive. Displays detailed statistics for the UDLD-enabled ports on the switch. Clears UDLD statistics. This command clears the packets sent, packets received, and transitions counters in the show link- keepalive statistics display.

  • Page 251

    Port Status and Configuration Uni-Directional Link Detection (UDLD) To display detailed UDLD information for specific ports, enter the show link- keepalive statistics command. For example: ProCurve(config)# show link-keepalive statistics Port: Current State: Udld Packets Sent: Udld Packets Received: 1000 Port Blocking: Port: Current State: Udld Packets Sent:...

  • Page 252: Configuration Warnings And Event Log Messages

    VLAN configuration. Note: If you are configuring the switch via SNMP with the same problematic VLAN configuration choices, the above warning messages will also be logged in the switch’s event log. Event Log Messages. The following table shows the event log messages that may be generated once UDLD has been enabled on a port.

  • Page 253

    Trunk Group Operation Using the “Trunk” Option ... . 11-27 How the Switch Lists Trunk Data ......11-28 Outbound Traffic Distribution Across Trunked Links .

  • Page 254

    A trunk group is a set of up to eight ports configured as members of the same port trunk. Note that the ports in a trunk group do not have to be consecutive. For example: Switch 1: Ports c1 - c3, c5 - c7, and...

  • Page 255

    Port Security Restriction. Port security does not operate on a trunk group. If you configure port security on one or more ports that are later added to a trunk group, the switch resets the port security parameters for those ports to the factory-default configuration.

  • Page 256: Port Trunk Features And Operation, Trunk Configuration Methods

    Up to 60 trunk groups are supported on the switches covered in this guide. The actual maximum depends on the number of ports available on the switch and the number of links in each trunk. (Using the Link Aggregation Control Protocol—LACP—option, you can include standby trunked ports in addition...

  • Page 257

    Static Trunk: The switch uses the links you configure with the Port/Trunk Settings screen in the menu interface or the trunk command in the CLI to create a static port trunk. The switch offers two types of static trunks: LACP and Trunk.

  • Page 258

    – You are unsure which type of trunk to use, or the device to which you want to create a trunk link is using an unknown trunking protocol. – You want to use a monitor port on the switch to monitor traffic on a trunk. Refer to “Trunk Group Operation Using the “Trunk” Option” on page 11-26.

  • Page 259

    A trunk appears as a single port labeled (for a static trunk of type: LACP, Trunk) on various menu and CLI screens. For a listing of which screens show which trunk types, refer to “How the Switch Lists Trunk Data” on page 11-27.

  • Page 260

    IP Multicast Protocol (IGMP): A static trunk of any type appears in the IGMP configuration display, and you can configure IGMP for a static trunk in the same way that you would configure IGMP on a non-trunked port. (Note that the switch lists the trunk by name—such as Trk1—and does not list the individual ports in the trunk.) Also, creating a new trunk...

  • Page 261: Menu: Viewing And Configuring A Static Trunk Group

    Important Configure port trunking before you connect the trunked links to another switch, routing switch, or server. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured. Refer to “Enabling or Disabling Ports and Configuring Port Mode”...

  • Page 262

    Move the cursor to the Type column for the selected port and use the Space bar to select the trunk type: All ports in the same trunk group on the same switch must have the same Type (LACP or Trunk).

  • Page 263: Cli: Viewing And Configuring Port Trunk Groups, Using The Cli To View Port Trunks

    < port-list > lacp page 11-15 Using the CLI To View Port Trunks You can list the trunk type and group for all ports on the switch or for selected ports. You can also list LACP-only status information for LACP-configured ports.

  • Page 264

    Port Trunking CLI: Viewing and Configuring Port Trunk Groups Using a port list specifies, for switch ports in a static trunk group, only the ports you want to view. In this case, the command specifies ports A5 through A7. However, because port A6 is not in a static trunk group, it does not appear...

  • Page 265

    Port Trunking CLI: Viewing and Configuring Port Trunk Groups Listing Static LACP and Dynamic LACP Trunk Data. Syntax: show lacp Lists data for only the LACP-configured ports.. In the following example, ports A1 and A2 have been previously configured for a static LACP trunk. (For more on the “Active” parameter, see table 11-5 on page 11-21.) Figure 11-8.

  • Page 266: Using The Cli To Configure A Static Or Dynamic Trunk Group

    Configuring Port Mode” on page 10-15.) The table on page 11-5 describes the maximum number of trunk groups you can configure on the switch. An individual trunk can have up to eight links, with additional standby links if you’re using LACP. You can configure trunk...

  • Page 267

    Enabling a Dynamic LACP Trunk Group. In the default port configura- tion, all ports on the switch are set to disabled. To enable the switch to automatically form a trunk group that is dynamic on both ends of the link, the ports on one end of a set of links must be LACP Active.

  • Page 268

    Port Trunking CLI: Viewing and Configuring Port Trunk Groups Switch “A” with ports set to LACP passive. Switch “A” with ports set to LACP active. Figure 11-10. Example of Criteria for Automatically Forming a Dynamic LACP Trunk Syntax: interface < port-list > lacp active This example uses ports C4 and C5 to enable a dynamic LACP trunk group.

  • Page 269: Web: Viewing Existing Port Trunk Groups

    C a u t i o n Unless spanning tree is running on your network, removing a port from a trunk can result in a loop. To help prevent a broadcast storm when you remove a port from a trunk where spanning tree is not in use, ProCurve recommends that you first disable the port or disconnect the link on that port.

  • Page 270: Trunk Group Operation Using Lacp

    Port Trunking Trunk Group Operation Using LACP Trunk Group Operation Using LACP The switch can automatically configure a dynamic LACP trunk group or you can manually configure a static LACP trunk group. N o t e LACP requires full-duplex (FDx) links of the same media type (10/100Base-T, 100FX, etc.) and the same speed, and enforces speed and duplex conformance...

  • Page 271

    Displaying Dynamic LACP Trunk Data: To list the configuration and status for a dynamic LACP trunk, show lacp use the CLI Note: The dynamic trunk is automatically created by the switch, and is not listed in the static trunk listings available in the menu interface or in the CLI show trunk listing. 802.3ad-compliant...

  • Page 272

    (Refer to “VLANs and Dynamic LACP” on page 11-23.) • You want to use a monitor port on the switch to monitor an LACP trunk. The trunk operates if the trunk group on the opposite device is running one of the following trunking protocols: •...

  • Page 273: Default Port Operation

    LACP Partner Yes: LACP is enabled on both ends of the link. No: LACP is enabled on the switch, but either LACP is not enabled or the link has not been detected on the opposite device. Port Trunking...

  • Page 274: Lacp Notes And Restrictions

    ProCurve(config)# aaa port-access authenticator b1 LACP has been disabled on 802.1x port(s). ProCurve(config)# The switch will not allow you to configure LACP on a port on which port access (802.1X) is enabled. For example: ProCurve(config)# int b1 lacp passive Error configuring port < port-number >: LACP and 802.1x cannot be run together.

  • Page 275

    Trunk Group” on page 11-14.) VLANs and Dynamic LACP. A dynamic LACP trunk operates only in the default VLAN (unless you have enabled GVRP on the switch and use Forbid to prevent the ports from joining the default VLAN). If you want to use LACP for a trunk on a non-default VLAN and GVRP is ■...

  • Page 276

    Port Trunking Trunk Group Operation Using LACP ProCurve(eth-B1-B8)# show lacp PORT NUMB ---- Figure 11-11. Blocked Ports with LACP If there are ports that you do not want on the default VLAN, ensure that ■ they cannot become dynamic LACP trunk members. Otherwise a traffic loop can unexpectedly occur.

  • Page 277

    If a port is already a member of a static or dynamic LACP trunk, you cannot configure it to HDx. If a port is already set to HDx, the switch does not allow you to configure ■ it for a static or dynamic LACP trunk.

  • Page 278: Trunk Group Operation Using The "trunk" Option

    This method creates a trunk group that operates independently of specific trunking protocols and does not use a protocol exchange with the device on the other end of the trunk. With this choice, the switch simply uses the SA/DA method of distributing outbound traffic across the trunked ports without regard for how that traffic is handled by the device at the other end of the trunked links.

  • Page 279: How The Switch Lists Trunk Data, Outbound Traffic Distribution Across Trunked Links

    SA/DA (source address/destination address) causes the switch to distribute outbound traffic to the links within the trunk group on the basis of source/ destination address pairs. That is, the switch sends traffic from the same source address to the same destination address through the same trunked link,...

  • Page 280

    11-13. That is, if Client A attached to Switch 1 sends five packets of data to Server A attached to Switch 2, the same link is used to send all five packets. The SA/DA address pair for the traffic is the same.

  • Page 281

    Table 11-6. Example of Link Assignments in a Trunk Group (SA/DA Distribution) Source: Destination: Node A Node W Node B Node X Node C Node Y Node D Node Z Node A Node Y Node B Node W Because the amount of traffic coming from or going to various nodes in a network can vary widely, it is possible for one link in a trunk group to be fully utilized while other links in the same trunk have unused bandwidth capacity even if the assignments were evenly distributed across the links in a trunk.

  • Page 282

    Port Traffic Controls Contents Overview ........... . 12-2 Jumbo Frames .

  • Page 283: Jumbo Frames, Overview, Terminology

    The Maximum Transmission Unit (MTU) is the maximum size IP frame the switch can receive for Layer 2 frames inbound on a port. The switch drops any inbound frames larger than the MTU allowed on the port. On ports operating at 10 Mbps or 100 Mbps, the MTU is fixed at 1522 bytes.

  • Page 284: Operating Rules

    1 Gbps or higher can receive jumbo frames from external devices. If the switch is in a meshed domain, then all meshed ports (operating at 1 Gbps or higher) on the switch will accept jumbo traffic from other devices in the mesh.

  • Page 285: Configuring Jumbo Frame Operation, Overview

    For operation with GVRP enabled, refer to the GVRP topic under “Operating Rules”, above. Ensure that the ports through which you want the switch to receive jumbo frames are operating at least at gigabit speed. (Check the Mode field in the output for the show interfaces brief <...

  • Page 286: Viewing The Current Jumbo Configuration

    Viewing the Current Jumbo Configuration Syntax: show vlans Lists the static VLANs configured on the switch and includes a Jumbo column to indicate which VLANs are configured to support inbound jumbo traffic. All ports belonging to a jumbo-enabled VLAN can receive jumbo traffic. (For more information refer to “Configuring a Maximum Frame Size”...

  • Page 287

    Port Traffic Controls Jumbo Frames Figure 12-2. Example of Listing the VLAN Memberships for a Range of Ports Syntax: show vlans < vid > Figure 12-3. Example of Listing the Port Membership and Jumbo Status for a VLAN 12-6 This command shows port membership and jumbo configuration for the specified <...

  • Page 288: Enabling Or Disabling Jumbo Traffic On A Vlan, Configuring A Maximum Frame Size, Snmp Implementation

    [ no ] vlan < vid > jumbo Configures the specified VLAN to allow jumbo frames on all ports on the switch that belong to that VLAN. If the VLAN is not already configured on the switch, vlan < vid > jumbo also creates the VLAN.

  • Page 289: Displaying The Maximum Frame Size, Operating Notes For Maximum Frame Size

    This is the value of the global Jumbos IP MTU (or L3 MTU) supported by the switch. The default value is set to 9198 bytes (a value that is 18 bytes less than the largest possible maximum frame size of 9216 bytes). This object can only be used in switches which support max-frame-size and ip-mtu configuration.

  • Page 290: Operating Notes For Jumbo Traffic-handling

    VLAN can receive incoming frames of up to 1522 bytes in length. When the switch applies the jumbo MTU (9220 bytes) to a VLAN, all ports in that VLAN can receive incoming frames of up to 9220 bytes in length.

  • Page 291

    Port Traffic Controls Jumbo Frames If there are security concerns with grouping the ports as shown for VLAN 300, you can either use source-port filtering to block unwanted traffic paths or create separate jumbo VLANs, one for ports 6 and 7, and another for ports 12 and 13.

  • Page 292: Troubleshooting

    Event Log. The switches can transmit outbound jumbo traffic on any port, regardless of whether the port belongs to a jumbo VLAN. In this case, another port in the same VLAN on the switch may be jumbo- enabled through membership in a different, jumbo-enabled VLAN, and may be forwarding jumbo frames received on the jumbo VLAN to non-jumbo ports.

  • Page 293

    Contents Using SNMP Tools To Manage the Switch ..... . 13-3 Overview ..........13-3 SNMP Management Features .

  • Page 294: Table Of Contents

    Configuration Options ........13-40 Options for Reading LLDP Information Collected by the Switch . . 13-42 LLDP and LLDP-MED Standards Compatibility .

  • Page 295: Using Snmp Tools To Manage The Switch, Overview

    If you use the switch’s Authorized IP Managers and Management VLAN features, ensure that the SNMP management station and/or the choice of switch port used for SNMP access to the switch are compatible with the access controls enforced by these features. Otherwise, SNMP access to the switch will be blocked.

  • Page 296

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch VLAN feature, refer to the section titled “The Secure Management VLAN” in the “Static Virtual LANs (VLANs)” chapter of the Advanced Traffic Management Guide for your switch. 13-4...

  • Page 297: Snmp Management Features, Configuring For Snmp Version 1 And 2c Access To The Switch

    The switch SNMP agent also uses certain variables that are included in a Hewlett-Packard proprietary MIB (Management Information Base) file. If you are using HP OpenView, you can ensure that it is using the latest version of the MIB file by downloading the file to the OpenView database. To do so, go to the HP support web site at: www.hp.com/# Support...

  • Page 298: Configuring For Snmp Version 3 Access To The Switch

    User and community name may access the switch with the View and Access levels that have been set for that community. If you want to restrict access to one or more specific nodes, you can use the switch’s IP Authorized Manager feature.

  • Page 299: Snmp Version 3 Commands

    SNMP Version 3 Commands SNMP version 3 (SNMPv3) adds some new commands to the CLI for configuring SNMPv3 functions. To enable SMNPv3 operation on the switch, use the snmpv3 enable command. An initial user entry will be generated with MD5 authentication and DES privacy.

  • Page 300: Enabling Snmpv3, Snmpv3 Users, Enabling Snmpv

    SHA authentication and DES privacy. Figure 13-1. Example of SNMP version 3 Enable Command SNMPv3 Users To use SNMPv3 on the switch, you must configure the users that will be assigned to different groups. To configure SNMP users on the switch: 13-8...

  • Page 301

    If you add an SNMPv3 user without authentication and/or privacy to a group that requires either feature, the user will not be able to access the switch. Ensure that you add a user with the appropriate security level to an existing security group.

  • Page 302

    Syntax: [no] snmpv3 user <user_name> Listing Users. To display the management stations configured to access the switch with SNMPv3 and view the authentication and privacy protocols that each station uses, enter the show snmpv3 user command. Syntax: show snmpv3 user This example displays information about the management stations configured on VLAN 1 to access the switch.

  • Page 303

    Using SNMP Tools To Manage the Switch Add NetworkMgr to managerpriv group This command assigns or removes a user to a security group for access rights to the switch. To delete an entry, all of the following three parameters must be included in the command.

  • Page 304: Group Access Levels, Snmpv3 Communities

    N o t e All access groups and views are predefined on the switch. There is no method to modify or add groups or views to those that are pre-defined on the switch. SNMPv3 Communities SNMP commuities are supported by the switch to allow management applications that use version 2c or version 1 to access the switch.

  • Page 305

    Figure 13-4. Assigning a Community to a Group Access Level Configuring for Network Management Applications Using SNMP Tools To Manage the Switch This command maps or removes a mapping of a community name to a group access level. To remove a mapping you, only need to specify the index_name parameter.

  • Page 306: Communities

    SNMP communities, each with either an operator-level or a manager- level view, and either restricted or unrestricted write access. Using SNMP requires that the switch have an IP address and subnet mask compatible with your network. C a u t i o n For ProCurve Manager (PCM) version 1.5 or earlier (or any TopTools version),...

  • Page 307

    Actions line, then select the Help option (for Save). [Enter] , then Using SNMP Tools To Manage the Switch Add and Edit options are used to modify the SNMP options. See Figure 8-2. Type the value for this field.

  • Page 308: Cli: Viewing And Configuring Snmp Community Names

    — refer to “SNMP Notifications” on page 13-18). Syntax: show snmp-server [<community-string>] This example lists the data for all communities in a switch; that is, both the default “public” community name and another community named "blue-team" Default...

  • Page 309

    MIB view. If you do not specify restricted or unrestricted, the switch automatically assigns the community to restricted (read- only) access. The no form uses only the < community- name >...

  • Page 310: Snmp Notifications, Supported Notifications

    SNMPv2c informs ■ SNMPv3 notification process, including traps ■ This section describes how to configure a switch to send network security and link-change notifications to configured trap receivers. Supported Notifications By default, the following notifications are enabled on a switch: ■...

  • Page 311: General Steps For Configuring Snmp Notifications

    • “Configuring the Source IP Address for SNMP Notifications” on page 13-30 • “Displaying SNMP Notification Configuration” on page 13-32 Configuring for Network Management Applications Using SNMP Tools To Manage the Switch 13-19...

  • Page 312: Snmpv1 And Snmpv2c Traps, Configuring An Snmp Trap Receiver

    Trap receivers: A trap receiver is a management station to which the switch sends SNMP traps and (optionally) event log messages sent from the switch. From the CLI you can configure up to ten SNMP trap receivers to receive SNMP traps from the switch.

  • Page 313

    If you do not specify an event level, the switch uses • the default value (none) and sends no event log messages as traps.

  • Page 314: Enabling Snmpv2c Informs

    When an SNMP Manager receives an inform request, it can send an SNMP response back to the sending agent on the switch to let the agent know that the inform request reached its destination.

  • Page 315

    : Configured IP Ip Address : 10.10.10.10 Figure 13-8. Display of SNMPv2c Inform Configuration Configuring for Network Management Applications Unrestricted Community Events Sent Notify Type Retry Timeout guest Using SNMP Tools To Manage the Switch inform SNMPv2c Inform configuration 13-23...

  • Page 316: Configuring Snmpv3 Notifications

    Using SNMP Tools To Manage the Switch Configuring SNMPv3 Notifications The SNMPv3 notification process allows messages that are passed via SNMP between the switch and a network management station to be authenticated and encrypted. To configure SNMPv3 notifications, follow these steps: Enable SNMPv3 operation on the switch by entering the snmpv3 enable command (see “SNMP Version 3 Commands”...

  • Page 317

    Default: 0. [retries < value >] (Optional) Number of times a notification is retransmitted if no response is received. Range: 1-255. Default: 3. Configuring for Network Management Applications Using SNMP Tools To Manage the Switch 13-25...

  • Page 318

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: [no] snmpv3 targetaddress < ipv4-addr | ipv6-addr> < name > Create a configuration record for the target address with the snmpv3 params command. Syntax 13-26 [timeout < value >]...

  • Page 319: Managing Network Security Notifications

    Figure 13-9. Example of an SNMPv3 Notification Configuration Managing Network Security Notifications By default, a switch is enabled to send the SNMP notifications listed in “Supported Notifications” on page 13-18 when a network security event (for example, authentication failure) occurs. However, before security...

  • Page 320

    To determine the specific cause of a security event, check the event log in the console interface to see why a trap was sent. For more information, refer to “Using the Event Log for Troubleshooting Switch Problems” on page C-24. To display the current configuration for network security notifications, enter the show snmp-server traps command.

  • Page 321: Enabling Link-change Traps

    Figure 13-10. Display of Configured Network Security Notifications Enabling Link-Change Traps By default a switch is enabled to send a trap when the link state on a port changes from up to down (linkDown) or down to up (linkUp). To reconfigure the switch to send link-change traps to configured trap receivers, enter the snmp-server enable traps link-change command.

  • Page 322: Configuring The Source Ip Address For Snmp Notifications

    Using SNMP Tools To Manage the Switch Configuring the Source IP Address for SNMP Notifications The switch uses an interface IP address as the source IP address in IP headers when sending SNMP notifications (traps and informs) or responses to SNMP requests.

  • Page 323

    To configure the switch to use a specified source IP address in generated trap PDUs, enter the snmp-server trap-source command. Syntax: [no] snmp-server trap-source [<ipv4-addr >] N o t e s When you use the snmp-server response-source and snmp-server trap-source...

  • Page 324: Displaying Snmp Notification Configuration

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch ProCurve(config)# show snmp-server SNMP Communities Community Name ---------------- -------- ------------ public Trap Receivers Link-Change Traps Enabled on Ports [All] : All Excluded MIBs Snmp Response Pdu Source-IP Information...

  • Page 325

    In the following example, the show snmp-server command output shows that the switch has been configured to send SNMP traps and notifications to management stations that belong to the “public”, “red-team”, and “blue-team” communities. ProCurve(config)# show snmp-server SNMP Communities Community Name...

  • Page 326: Configuring Listening Mode

    The listening mode is set with parameters to the Syntax: snmp-server [listen <oobm | data | both>] 13-34 Enables or disables inbound SNMP access on a switch. Use the version of the command to disable inbound SNMP access.

  • Page 327: Advanced Management: Rmon

    History (of the supported Ethernet statistics) ■ Event The RMON agent automatically runs in the switch. Use the RMON management station on your network to enable or disable specific RMON traps and events. Note that you can access the Ethernet statistics, Alarm, and Event groups from the ProCurve Manager network management software.

  • Page 328: Lldp (link-layer Discovery Protocol), Lldp (link-layer Discovery Protocol)

    To standardize device discovery on all ProCurve switches, LLDP will be implemented while offering limited read-only support for CDP as documented in this manual. For the latest information on your switch model, consult the Release Notes (available on the ProCurve Networking web site). If LLDP has...

  • Page 329: Terminology

    LLDP and is designed to support VoIP deployments. N o t e LLDP-MED is an extension for LLDP, and the switch requires that LLDP be enabled as a prerequisite to LLDP-MED operation. An SNMP utility can progressively discover LLDP devices in a network by: Reading a given device’s Neighbors table (in the Management Information...

  • Page 330

    LLDP Neighbor: An LLDP device that is either directly connected to another LLDP device or connected to that device by another, non-LLDP Layer 2 device (such as a hub) Note that an 802.1D-compliant switch does not forward LLDP data packets even if it is not LLDP-aware.

  • Page 331: General Lldp Operation, Lldp-med, Packet Boundaries In A Network Topology

    (That is, some TLVs include multiple data points or subelements.) General LLDP Operation An LLDP packet contains data about the transmitting switch and port. The switch advertises itself to adjacent (neighbor) devices by transmitting LLDP data packets out all ports on which outbound LLDP is enabled, and reading LLDP advertisements from neighbor devices on ports that are inbound LLDP- enabled.

  • Page 332: Configuration Options

    ■ Disable (disable): This setting disables LLDP packet transmissions and reception on a port. In this state, the switch does not use the port for either learning about LLDP neighbors or informing LLDP neighbors of its pres- ence. 13-40...

  • Page 333

    SNMP Notification. You can enable the switch to send a notification to any configured SNMP trap receiver(s) when the switch detects a remote LLDP data change on an LLDP-enabled port (page 13-50). Per-Port (Outbound) Data Options. The following table lists the information the switch can include in the per-port, outbound LLDP packets it generates.

  • Page 334: Options For Reading Lldp Information Collected By The Switch, Lldp And Lldp-med Standards Compatibility

    Subelement of the Remote-Management-Address TLV. Subelement of the System Capability TLV. Populated with data captured internally by the switch. For more on these data types, refer to the IEEE P802.1AB Standard. Remote Management Address. The switch always includes an IP address in its LLDP advertisements.

  • Page 335: Lldp Operating Rules

    You can override the default operation by configuring the port to advertise any IP address that is manually configured on the switch, even if the port does not belong to the VLAN configured with the selected IP address (page 13-52).

  • Page 336: Configuring Lldp Operation, Viewing The Current Configuration

    In the default configuration, LLDP is enabled and in both transmit and receive mode on all active ports. The LLDP configuration includes global settings that apply to all active ports on the switch, and per-port settings that affect only the operation of the specified ports.

  • Page 337

    For example, show lldp config produces the following display when the switch is in the default LLDP configuration: Figure 13-13. Example of Viewing the General LLDP Configuration Configuring for Network Management Applications Displays the LLDP global configuration, LLDP port status, and SNMP notification status.

  • Page 338: Configuring Global Lldp Packet Controls

    The commands in this section configure the aspects of LLDP operation that apply the same to all ports in the switch. Enabling or Disabling LLDP Operation on the Switch. Enabling LLDP operation (the default) causes the switch to: Use active, LLDP-enabled ports to transmit LLDP packets describing itself ■...

  • Page 339

    ■ advertisements. Syntax [ no ] lldp run Enables or disables LLDP operation on the switch. The no form of the command, regardless of individual LLDP port configurations, prevents the switch from transmitting outbound LLDP advertisements, and causes the switch to drop all LLDP advertisements received from other devices.

  • Page 340

    For example, if the refresh-interval on the switch is 15 seconds and the holdtime-multiplier is at the default, the Time-to-Live for advertisements transmitted from the switch is 60 seconds (4 x 15). To reduce the Time-to-Live, you could lower the holdtime-interval to 2, which would result in a Time-to- Live of 30 seconds.

  • Page 341

    2; Range: 1 - 8192) Note: The LLDP refresh-interval (transmit interval) must be greater than or equal to (4 x delay-interval). The switch does not allow increasing the delay interval to a value that conflicts with this relationship. That is, the switch displays Inconsistent value if (4 x delay-interval) exceeds the current transmit interval, and the command fails.

  • Page 342: Configuring Snmp Notification Support

    SNMP trap receiver(s) if an LLDP data change is detected in an advertisement received on the port from an LLDP neighbor. (Default: Disabled) For information on configuring trap receivers in the switch, refer to “SNMP Notifications” on page 13-18.

  • Page 343: Configuring Per-port Transmit And Receive Modes

    Syntax setmib lldpnotificationinterval.0 -i < 1 - 3600 > Globally changes the interval between successive traps generated by the switch. If multiple traps are generated in the specified interval, only the first trap will be sent. The remaining traps will be suppressed. (A network management application can periodically check the switch MIB to detect any missed change notification traps.

  • Page 344: Configuring Basic Lldp Per-port Advertisement Content

    Replaces the default IP address for the port with an IP address you specify. This can be any IP address configured in a static VLAN on the switch, even if the port does not belong to the VLAN configured with the selected IP address.

  • Page 345

    LLDP advertisements. Note that optional data types, when enabled, are populated with data internal to the switch; that is, you cannot use LLDP commands to configure their actual content. ■...

  • Page 346: Advertisements

    Port speed and duplex advertisements are supported on the switches covered in this guide to inform an LLDP endpoint and the switch port of each other’s port speed and duplex configuration and capabilities. Configuration mismatches between a switch port and an LLDP endpoint can result in excessive collisions and voice quality degradation.

  • Page 347: Lldp-med (media-endpoint-discovery), Lldp-med (media-endpoint-discovery)

    LLDP-MED operation, this TLV is mandatory. As mentioned above, an SNMP network management application can be used to compare the port speed and duplex data configured in the switch and advertised by the LLDP endpoint. You can also use the CLI to display this information.

  • Page 348

    LLDP-MED Endpoint Support. LLDP-MED on the switches covered in this guide interoperates with directly connected IP telephony (endpoint) clients having these features and services: ■ able to autonegotiate speed and duplex configuration with the switch 13-56 LLDP-MED Class 1 Generic Endpoints Such As IP Call Control Devices...

  • Page 349

    ■ client port • • • discover and advertise device location data learned from the switch ■ support emergency call service (ECS—such as E911, 999, and 112) ■ advertise device information for the device data inventory collected ■...

  • Page 350: Lldp-med Topology Change Notification

    IP media and offer all Class 1 and Class 2 features, plus location identification and emergency 911 capability, Layer 2 switch support, and device infor- mation management. LLDP-MED Operational Support. The switches covered in this guide offer...

  • Page 351

    Configuring for Network Management Applications Topology change notification, when enabled on an LLDP port, causes the switch to send an SNMP trap if it detects LLDP- MED endpoint connection or disconnection activity on the port, or an age-out of the LLDP-MED neighbor on the port. The trap includes the following information: ■...

  • Page 352: Lldp-med Fast Start Control, And Location Data

    LLDP-MED Fast Start Control Syntax: Advertising Device Capability, Network Policy, PoE Status and Location Data The medTlvEnable option on the switch is enabled in the default configuration and supports the following LLDP-MED TLVs: LLDP-MED capabilities: This TLV enables the switch to determine: ■...

  • Page 353

    VLAN membership.) ■ If a given port does not belong to a voice VLAN, then the switch does not advertise the VLAN ID TLV through this port. Policy Elements. These policy elements may be statically configured on the switch or dynamically imposed during an authenticated session on the switch using a RADIUS server and 802.1X or MAC authentication.

  • Page 354

    • the device class (1, 2, or 3) for the connected endpoint This TLV also enables an LLDP-MED endpoint to discover what LLDP-MED TLVs the switch port cur- rently supports. (Default: enabled) Note: This TLV cannot be disabled unless the network_policy, poe, and location_id TLVs are already disabled.

  • Page 355: Configuring Location Data For Lldp-med Devices

    TLV is already enabled. Configuring Location Data for LLDP-MED Devices You can configure a switch port to advertise location data for the switch itself, the physical wall-jack location of the endpoint (recommended), or the location of a DHCP server supporting the switch and/or endpoint. You also have the option of configuring these different address types: ■...

  • Page 356

    [< CA-TYPE > < CA-VALUE >] . . . [< CA-TYPE > < CA-VALUE >] This command enables configuration of a physical address on a switch port, and allows up to 75 characters of address information. : A two-character country code, as defined by COUNTRY-STR ISO 3166.

  • Page 357

    3 endpoint device to an appropriate PSAP, the country code, device type, and type/value pairs configured on the switch port are included in the transmission. The “type” specifiers are used by the PSAP to identify and organize the location data components in an understandable format for response personnel to interpret.

  • Page 358

    Dynamic Host Configuration Protocol Option for Coordinate-based Location Configuration Information. N o t e Endpoint use of data from a medPortLocation TLV sent by the switch is device- dependent. Refer to the documentation provided with the endpoint device. 13-66 Note: A switch port allows one instance of any given CA- TYPE.

  • Page 359

    Example of a Location Configuration. Suppose a system operator wanted to configure the following information as the civic address for a telephone connected to her company’s network through port A2 of a switch at the following location: Description...

  • Page 360: Displaying Advertisement Data

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ProCurve(config)# lldp config d1 medportlocation civic-addr US 2 1 C ProCurve(config)# show lldp config d1 LLDP Port Configuration Detail Port : D1 AdminStatus [Tx_Rx] : disable NotificationEnabled [False] : False Med Topology Trap Enabled [False] : False Country Name What Ca-Type...

  • Page 361

    Displaying Switch Information Available for Outbound Advertisements These commands display the current switch information that will be used to populate outbound LLDP advertisements. Syntax show lldp info local-device [ port-list ] Without the [ port-list ] option, this command displays the global switch information and the per-port information currently available for populating outbound LLDP advertisements.

  • Page 362

    Figure 13-19. Example of the Default Per-Port Information Content for Ports 1 and 2 Displaying the Current Port Speed and Duplex Configuration on a Switch Port. Port speed and duplex information for a switch port and a connected LLDP-MED endpoint can be compared for configuration mismatches by using an SNMP application.

  • Page 363

    Discovering the same device on multiple ports indicates that the remote device may be connected to the switch in one of the following ways: – Through different VLANS using separate links. (This applies to switches that use the same MAC address for all configured VLANs.)

  • Page 364

    Figure 13-21. Example of an LLLDP-MED Listing of an Advertisement Received From an LLDP-MED (VoIP Telephone) Source 13-72 PortId PortDescr SysName | HP ProCurve Switch 282... 1 | HP ProCurve Switch 252... 9 | HP ProCurve Switch 282... 1 | Switch Fas...

  • Page 365: Displaying Lldp Statistics

    Displaying LLDP Statistics LLDP statistics are available on both a global and a per-port levels. Rebooting the switch resets the LLDP statistics counters to zero. Disabling the transmit and/or receive capability on a port “freezes” the related port counters at their current values.

  • Page 366

    This could be caused by a basic management TLV from a later LLDP version than the one currently running on the switch. TLVs Discarded: Shows the total number of LLDP TLVs discarded for any reason.

  • Page 367: Lldp Operating Notes

    Neighbor Maximum. The neighbors table in the switch supports as many neighbors as there are ports on the switch. The switch can support multiple neighbors connected through a hub on a given port, but if the switch neighbor maximum is reached, advertisements from additional neighbors on the same or other ports will not be stored in the neighbors table unless some existing neighbors time-out or are removed.

  • Page 368

    Neighbor Data Can Remain in the Neighbor Database After the Neighbor Is Disconnected. After disconnecting a neighbor LLDP device from the switch, the neighbor can continue to appear in the switch’s neighbor database for an extended period if the neighbor’s holdtime-multiplier is high;...

  • Page 369: Lldp And Cdp Data Management, Lldp And Cdp Neighbor Data

    (ProCurve switches do not generate CDP packets.) LLDP and CDP Neighbor Data With both LLDP and (read-only) CDP enabled on a switch port, the port can read both LLDP and CDP advertisements, and stores the data from both types of advertisements in its neighbor database.

  • Page 370

    Because ProCurve switches do not generate CDP packets, they are not represented in the CDP data collected by any neighbor devices running CDP. A switch with CDP disabled forwards the CDP packets it receives from other devices, but does not store the CDP information from these packets in its own MIB.

  • Page 371: Cdp Operation And Commands

    However, if the chassis and port ID information in the two types of advertisements is the same, the LLDP information overwrites the CDP data for the same neighbor device on the same port.

  • Page 372

    Information Base), refer to the documentation provided with the particular SNMP utility. Viewing the Switch’s Current CDP Configuration. CDP is shown as enabled/disabled both globally on the switch and on a per-port basis. Syntax: show cdp The following example shows the default CDP configuration.

  • Page 373

    CDP neighbors information Port Device ID ---- ----------------------------- +--------------------------- ----------- HP ProCurve Switch 2824(00... | Revision I.08.58 /sw/code... S HP ProCurve Switch 2524(00... | Revision F.05.17 /sw/code... S HP ProCurve Switch 2824(00... | Revision I.08.58 /sw/code... S Figure 13-26. Example of CDP Neighbors Table Listing Enabling CDP Operation.

  • Page 374

    Enabling or Disabling CDP Operation on Individual Ports. In the factory-default configuration, the switch has all ports enabled to receive CDP packets. Disabling CDP on a port causes it to drop inbound CDP packets without recording their data in the CDP Neighbors table.

  • Page 375

    Overview ........... . A-3 Downloading Switch Software ....... . A-3 General Software Download Rules .

  • Page 376

    File Transfers Contents Transferring Switch Configurations ......A-25 Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation ....A-29 TFTP: Copying a Configuration File to a Remote Host .

  • Page 377: Downloading Switch Software, Overview

    ProCurve periodically provides switch software updates through the Pro- Curve Networking web site. For more information, refer to the support and warranty booklet, or visit www.hp.com/#Support. After you acquire a new software version, you can use one of the following methods for downloading...

  • Page 378: General Software Download Rules, Using Tftp To Download Software From A Server

    In the unlikely event that the primary image is corrupted (which may occur if a download is interrupted by a power failure), the switch goes into boot ROM mode. In this case, use the boot ROM console to download a new image to primary flash.

  • Page 379: Menu: Tftp Download From A Server To Primary Flash

    Note that the menu interface accesses only the primary flash. In the console Main Menu, select Download OS to display the screen in figure A-1. (The term “OS”, or “operating system” refers to the switch software): ===========================-TELNET - MANAGER MODE -============================ Current Software revision : Z.14.04...

  • Page 380

    Downloading Switch Software A “progress” bar indicates the progress of the download. When the entire software file has been received, all activity on the switch halts and you will see Validating and writing system software to FLASH... After the primary flash memory has been updated with the new software, you must reboot the switch to implement the newly downloaded software.

  • Page 381: Cli: Tftp Download From A Server To Flash

    To find more information on the cause of a download failure, examine the messages in the switch’s Event Log by executing the show log tftp command from the CLI. Also: ■ For more on the Event Log, see “Using the Event Log for Troubleshooting Switch Problems”...

  • Page 382

    File Transfers Downloading Switch Software For example, to download a switch software file named k0800.swi from a TFTP server with the IP address of 10.28.227.103 to primary flash: Execute copy as shown below: Dynamic counter continually displays the number of bytes transferred.

  • Page 383: Enabling Tftp

    Enabling TFTP TFTP is enabled by default on the switch. If TFTP operation has been disabled, you can re-enable it by specifying TFTP client or server functionality with the tftp <client | server> command at the global configuration level.

  • Page 384

    Downloading Switch Software The no tftp <client | server> command does not disable auto-TFTP operation. To disable an auto-TFTP command configured on the switch, use the no auto- tftp command described on page A-11 to remove the command entry from the switch’s configuration.

  • Page 385: Using Auto-tftp

    (the default), enter ■ the boot or the reload command, or cycle the power to the switch. (To reset the boot image to primary flash, use boot set-default flash primary.) Syntax: auto-tftp <ip-addr >...

  • Page 386: Using Secure Copy And Sftp

    For some situations you may want to use a secure method to issue commands or copy files to the switch. By opening a secure, encrypted SSH session and enabling ip ssh file transfer, you can then use a third-party software application to take advantage of Secure Copy (SCP) and Secure ftp (SFTP).

  • Page 387: How It Works, The Scp/sftp Process

    SCP (secure copy) is an implementation of the BSD rcp (Berkeley UNIX remote copy) command tunneled through an SSH connection. SCP is used to copy files to and from the switch when security is required. SCP works with both SSH v1 and SSH v2. Be aware that the most third-party software application clients that support SCP use SSHv1.

  • Page 388: Disable Tftp And Auto-tftp For Enhanced Security

    Figure A-5. Example of Switch Configuration with SFTP Enabled If you enable SFTP, then later disable it, TFTP and auto-TFTP remain disabled unless they are explicitly re-enabled. Operating rules are: ■...

  • Page 389: Command Options

    To enable SFTP by using an SNMP management application, you must ■ first disable TFTP and, if configured, auto-TFTP on the switch. You can use either an SNMP application or the CLI to disable TFTP, but must use the CLI to disable auto-TFTP. The following two CLI commands disable TFTP and auto-TFTP on the switch.

  • Page 390: Authentication, Scp/sftp Operating Notes

    As a matter of policy, administrators should not enable the SSHv1-only or the SSHv1-or-v2 advertisement modes. SSHv1 is supported on only some legacy switches (such as the HP ProCurve 2500 switches). To confirm that SSH is enabled type in the command...

  • Page 391

    Files may only be uploaded or downloaded, accord- ing to the permissions mask. All of the necessary files the switch will need are already in place on the switch. You do not need to (nor can you create) new files.

  • Page 392: Troubleshooting Ssh, Sftp, And Scp Operations

    Once you have configured your switch to enable secure file transfers with SCP and SFTP, files can be copied to or from the switch in a secure (encrypted) environment and TFTP is no longer necessary. Troubleshooting SSH, SFTP, and SCP Operations You can verify secure file transfer operations by checking the switch’s event...

  • Page 393: Workstation

    Attempt to Start a Session During a Flash Write. If you attempt to start an SCP (or SFTP) session while a flash write is in progress, the switch will not allow the SCP or SFTP session to start. Depending on the client software in use, the following error message may appear on the client console: Received disconnect from 10.0.12.31: 2: Flash access...

  • Page 394: Menu: Xmodem Download To Primary Flash

    Click on the The download will then commence. It can take several minutes, depend- ing on the baud rate set in the switch and in your terminal emulator. After the primary flash memory has been updated with the new software, you must reboot the switch to implement the newly downloaded software.

  • Page 395: Primary Or Secondary Flash

    Downloads a software file to primary or secondary flash. If you do not specify the flash destination, the Xmodem download defaults to primary flash. For example, to download a switch software file named E0822.swi from a PC (running a terminal emulator program such as HyperTerminal) to primary flash: Execute the following command in the CLI: Execute the terminal emulator commands to begin the Xmodem transfer.

  • Page 396: Switch-to-switch Download, Menu: Switch-to-switch Download To Primary Flash

    Menu: Switch-to-Switch Download to Primary Flash Using the menu interface, you can download a switch software file from either the primary or secondary flash of one switch to the primary flash of another switch of the same series. From the switch console Main Menu in the switch to receive the down- load, select 7.

  • Page 397: Cli: Switch-to-switch Downloads

    If you do not specify either a primary or secondary flash location for the destination, the download automatically goes to primary flash. For example, to download a software file from primary flash in a switch with an IP address of 10.29.227.103 to the primary flash in the destination switch, you would execute the following command in the destination switch’s CLI:...

  • Page 398: Using Pcm+ To Update Switch Software

    Syntax: copy tftp flash < ip-addr > < /os/primary > | < /os/secondary > [ primary | For example, to download a software file from secondary flash in a switch with an IP address of 10.28.227.103 to the secondary flash in a destination switch, you would execute the following command in the destination switch’s...

  • Page 399: Copying Software Images, Tftp: Copying A Software Image To A Remote Host

    Xmodem: Copying a Software Image from the Switch to a USB Serial Console Connected PC or UNIX Workstation To use this method, the switch must be connected via the USB console to a PC or UNIX workstation. Syntax: copy flash xmodem < pc | unix >...

  • Page 400: Transferring Switch Configurations, Tftp: Copying A Configuration File To A Remote Host

    Use Xmodem to copy a configuration from a serially connected host to a config file A-28 Use Xmodem to copy a config file to a serially connected host Using the CLI commands described in this section, you can copy switch configurations to and from a switch.

  • Page 401: Tftp: Copying A Customized Command File To A Switch

    TFTP: Copying a Customized Command File to a Switch Using the copy tftp command with the show-tech option provides the ability to copy a customized command file to the switch. When the show tech custom command is executed, the commands in the custom file are executed instead of the hard-coded list of commands.

  • Page 402: Xmodem: Copying A Configuration File To A Usb Serial Console Connected Pc Or Unix Workstation

    Xmodem: Copying a Configuration File to a USB Serial Console Connected PC or UNIX Workstation To use this method, the switch must be connected via the USB serial console to a PC or UNIX workstation. You will need to: Determine a filename to use.

  • Page 403: Xmodem: Copying A Configuration File From A Serially Connected Pc Or Unix Workstation

    Xmodem: Copying a Configuration File from a Serially Connected PC or UNIX Workstation To use this method, the switch must be connected via the serial port to a PC or UNIX workstation on which is stored the configuration file you want to copy.

  • Page 404: Copying Diagnostic Data To A Remote Host, Usb Device, Pc Or Unix Workstation

    Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation You can use the CLI to copy the following types of switch data to a text file in a destination device: ■ Command Output: Sends the output of a switch CLI command as a file on the destination device.

  • Page 405: Copying Command Output To A Destination Device, Copying Event Log Output To A Destination Device

    Copying Event Log Output to a Destination Device Syntax: copy event-log tftp < ip-address > < filepath_filename > For example, to copy the event log to a PC connected to the switch: Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation filename >...

  • Page 406: Copying Crash Data Content To A Destination Device

    If you do not specify either, the command defaults to the management function’s data. Syntax: copy crash-data [master>] tftp <ip-address> <filename> For example, to copy the switch’s crash data to a file in a PC: At this point, press [Enter] and start the...

  • Page 407: Copying Crash Log Data Content To A Destination Device

    USB device, or to a serially connected PC or UNIX workstation. You can copy the management module (mm) switch information. If you do not specify either, the command defaults to the mm data. For example, to copy the Crash Log for slot C to a file in a PC connected to...

  • Page 408

    Task Monitor—Collecting Processor Data ..... B-8 Switch Management Address Information ..... . B-8 Port Status .

  • Page 409

    1. Determine the Mirroring Session and Destination ... . B-35 2. Configure a Mirroring Session on the Source Switch ..B-35 3.

  • Page 410

    Status | Overview screen of the web browser interface (page 5-20). ■ Configurable trap receivers: Uses SNMP to enable management sta- tions on your network to receive SNMP traps from the switch. (Refer to “SNMPv1 and SNMPv2c Traps” on page 13-20.) ■...

  • Page 411: Status And Counters Data

    N o t e You can access all console screens from the web browser interface via Telnet to the console. Telnet access to the switch is available in the Device View window under the Configuration tab. Status or Counters Type...

  • Page 412: Menu Access To Status And Counters

    Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access To Status and Counters Beginning at the Main Menu, display the Status and Counters menu by select- ing: 1. Status and Counters Figure B-1. The Status and Counters Menu Each of the above menu items accesses the read-only screens described on the following pages.

  • Page 413: General System Information, Menu Access

    Menu Access From the console Main Menu, select: 1. Status and Counters Figure B-2. Example of General Switch Information This screen dynamically indicates how individual switch resources are being used. Refer to the online Help for details. 1. General System Information...

  • Page 414: Cli Access To System Information

    CLI Access to System Information The show system command displays general system information about the switch. Syntax: show system [information | enclosure] ProCurve 6120 Blade Switch# show system Status and Counters - General System Information System Name : ProCurve 6120 Blade Switch...

  • Page 415: Task Monitor—collecting Processor Data, Switch Management Address Information, Menu Access

    Monitoring and Analyzing Switch Operation Status and Counters Data Task Monitor—Collecting Processor Data The task monitor feature allows you to enable or disable the collection of processor utilization data. The task-monitor cpu command is equivalent to the existing debug mode command “taskusage -d”. (The taskUsageShow command is available as well.)

  • Page 416: Cli Access

    GVRP operation.) Also, the switches covered in this guide use a multiple forwarding database. When using multiple VLANs and connecting a switch to a device that uses a single forwarding database, such as a Switch 4000M, there are cabling and tagged port VLAN requirements.

  • Page 417: Menu: Displaying Port Status, Port Status, Cli Access, Web Access

    Monitoring and Analyzing Switch Operation Status and Counters Data Port Status The web browser interface and the console interface show the same port status data. Menu: Displaying Port Status From the Main Menu, select: 1. Status and Counters … 4. Port Status Figure B-6.

  • Page 418: Viewing Port And Trunk Group Statistics And Flow Control Status

    These features enable you to determine the traffic patterns for each port since the last reboot or reset of the switch. You can display: A general report of traffic on all LAN ports and trunk groups in the switch, ■...

  • Page 419: Menu Access To Port And Trunk Statistics

    Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to Port and Trunk Statistics To access this screen from the Main Menu, select: 1. Status and Counters … Figure B-7. Example of Port Counters on the Menu Interface To view details about the traffic on a particular port, use the [v] key to highlight that port number, then select Show Details.

  • Page 420: Cli Access To Port And Trunk Group Statistics

    To refresh the counters for a specific port, click anywhere in the row for that port, then click on [Refresh]. N o t e To reset the port counters to zero, you must reboot the switch. Monitoring and Analyzing Switch Operation This command provides an overview of port activity for all ports on the switch.

  • Page 421: Viewing The Switch's Mac Address Tables, Menu Access To The Mac Address Views And Searches

    Menu Access to the MAC Address Views and Searches Per-VLAN MAC-Address Viewing and Searching. This feature lets you determine which switch port on a selected VLAN is being used to communi- cate with a specific device on the network. The per-VLAN listing includes: ■...

  • Page 422

    Enter MAC address: _ Type the MAC address you want to locate and press [Enter]. The address and port number are highlighted if found. If the switch does not find the MAC address on the currently selected VLAN, it leaves the MAC address listing empty.

  • Page 423

    Enter MAC address: _ Type the MAC address you want to locate and press [Enter]. The address is highlighted if found. If the switch does not find the address, it leaves the MAC address listing empty. Press [P] (for Prev page) to return to the previous per-port listing.

  • Page 424: Cli Access For Mac Address Views And Searches

    The switches covered in this guide operate with a multiple forwarding database architecture. To Find the Port On Which the Switch Learned a Specific MAC Address. For example, to find the port on which the switch learns a MAC address of 080009-21ae84: Monitoring and Analyzing Switch Operation show mac-address [ vlan <...

  • Page 425: Spanning Tree Protocol (mstp) Information, Cli Access To Mstp Data

    Syntax: show spanning-tree Figure B-12. Output from show spanning-tree Command B-18 This command displays the switch’s global and regional spanning-tree status, plus the per-port spanning-tree operation at the regional level. Note that values for the following parameters appear only for ports connected to active...

  • Page 426: Internet Group Management Protocol (igmp) Status

    Internet Group Management Protocol (IGMP) Status The switch uses the CLI to display the following IGMP status on a per-VLAN basis: Show Command Output show ip igmp Global command listing IGMP status for all VLANs configured in the switch: • VLAN ID (VID) and name •...

  • Page 427: Vlan Information

    A1 - A12DEFAULT_VLAN 1 A1, A2VLAN-33 33 A3, A4VLAN-44 44 The next three figures show how you could list data on the above VLANs. Listing the VLAN ID (VID) and Status for ALL VLANs in the Switch. B-20 Output Lists: •...

  • Page 428

    Figure B-14. Example of VLAN Listing for the Entire Switch Listing the VLAN ID (VID) and Status for Specific Ports. Because ports A1 and A2 are not members of VLAN- 44, it does not appear in this listing. Figure B-15. Example of VLAN Listing for Specific Ports Listing Individual VLAN Status.

  • Page 429: Web Browser Interface Status Information

    As the title implies, it provides an overview of the status of the switch, including summary graphs indicating the network utili- zation on each of the switch ports, symbolic port status indicators, and the Alert Log, which informs you of any problems that may have occurred on the switch.

  • Page 430: Traffic Mirroring

    ■ Traffic can be copied to a destination connected to the same switch as the mirroring source in a local mirroring session. Up to four local mirroring destinations are supported on a switch.

  • Page 431: Mirroring Terminology

    IDS is connected and that is not configured as a monitored interface. Up to four sessions can be assigned to the same exit port used for local mirroring. An exit port is configured on the local switch with the command: mirror eth-port < exit-port >...

  • Page 432

    Local Mirroring: The monitored (source) interface and exit port in a mirror- ing session are on the same switch. Monitored Interface: The interface (port or trunk) on the source switch on which the inbound and/or outbound traffic to be mirrored originates, configured with one of the interface monitor or vlan monitor commands (see “3.

  • Page 433: Mirrored Traffic Destinations, Local Destinations, Monitored Traffic Sources, Criteria For Selecting Mirrored Traffic, Mirroring Sessions

    Traffic Mirroring Mirrored Traffic Destinations Local Destinations A local mirrored traffic destination is a port on the same switch as the source of the traffic being mirrored. C a u t i o n Configuring a mirroring source switch with the destination and traffic selec- tion criteria for a given mirroring session causes the switch to immediately begin mirroring traffic to that destination.

  • Page 434: Mirroring Configuration

    (IPv4 or IPv6 traffic) Switch MAC source/ (global) destination address Configures only session 1, and only for local mirroring. Monitoring and Analyzing Switch Operation Traffic Direction CLI Config Menu and Web I/F Config Inbound only All traffic Outbound only...

  • Page 435: Endpoint Switches And Intermediate Devices

    Traffic Mirroring C o n f i g u r a t i o n Using the CLI, you can configure all mirroring options on a switch. N o t e s Using the Menu or Web interface, you can configure session 1 local mirroring for traffic in both directions on specified interfaces.

  • Page 436: Using The Menu Or Web Interface To Configure Local Mirroring, Menu And Web Interface Limits

    ■ The CLI (and SNMP) can be used to override any Menu or Web interface configuration of session 1. Monitoring and Analyzing Switch Operation Traffic Mirroring B-29...

  • Page 437: Configuration Steps

    Monitoring and Analyzing Switch Operation Traffic Mirroring Configuration Steps N o t e s If mirroring has already been enabled on the switch, the Menu screens will appear differently than shown in this section. From the Main Menu, select: 2. Switch Configuration...

  • Page 438

    Switch Configuration - Network Monitoring Port Monitoring Enabled [No] : Yes Monitoring Port : Monitor : Ports Port Type Action ---- --------- + ------- 1000X 1000X 1000X 1000X 1000X 1000X 1000X 1000X Actions-> Cancel Edit Select the port that will act as the Monitoring Port.

  • Page 439

    (for Save) to save your changes and exit from the screen. 10. Return to the Main Menu. B-32 Switch Configuration - Network Monitoring Port Use the down arrow key to select the interface(s) whose traffic you want to mirror to the local exit port.

  • Page 440: Cli: Configuring Local Mirroring, Local Mirroring Overview

    Operating Notes Using the CLI, you can configure a mirroring session for a destination device connected to an exit port on the same switch as the source interface (local mirroring). For an overview of the procedures for configuring a local mirroring session, refer to the following section: ■...

  • Page 441

    Enter the monitor command to assign one or more source interfaces to the session. After you complete step 4, the switch begins mirroring traffic to the configured exit port. The next two sections provide a quick reference to the configuration commands for a local mirroring session.

  • Page 442: Determine The Mirroring Session And Destination, Configure A Mirroring Session On The Source Switch

    3. Configure the Monitored Traffic in a Mirror Session This step configures one or more interfaces on a source switch with the traffic- selection criteria to use to select the traffic to mirror in a specified session configured in Step 3.

  • Page 443: Traffic Selection Options, Mirroring-source Restrictions, Selecting All Inbound/outbound Traffic To Mirror

    If you have already configured session 1 with a local destination (as described in “2. Configure a Mirroring Session on the Source Switch” on page B-35), you can enter the vlan < vid > monitor or interface < port > monitor command without...

  • Page 444

    This command assigns a mirroring source to a previously configured mirroring session on a source switch. It specifies the port and/or trunk source(s) to use, the direction of traffic to mirror, and the session identifier. The no form of the command removes a mirroring source assigned to the session, but does not remove the session itself.

  • Page 445: Displaying A Mirroring Configuration, Displaying The Mirroring Configuration Summary

    ProCurve# show monitor Network Monitoring Sessions Status -------- ----------- active not defined not defined not defined Figure B-21. Example of a Currently Configured Mirroring Summary on a Source Switch Syntax: show monitor B-38 Type Sources Policy ----- ------- ----- port If a remote mirroring source is configured on the switch, then the following fields appear.

  • Page 446

    Monitoring and Analyzing Switch Operation Traffic Mirroring Syntax: show monitor Policy: Indicates whether the source is using a classifier-based mirroring policy to select inbound IPv4 or IPv6 traffic for mirroring. B-39...

  • Page 447: Viewing Mirroring In The Current Configuration File

    Monitoring and Analyzing Switch Operation Traffic Mirroring Viewing Mirroring in the Current Configuration File Using the show run command, you can view the current mirroring configura- tion on the switch. Source mirroring session entries begin with the mirror keyword and the mirroring sources are listed per-interface.

  • Page 448: Mirroring Configuration Examples, Local Mirroring Using Traffic-direction Criteria

    “1” as the session number. (Any unused session number from 1 to 4 is valid.) Since the switch provides both the source and destination for the traffic to monitor, local mirroring can be configured. In this case, the command sequence is: Configure the local mirroring session.

  • Page 449: Maximum Supported Frame Size

    Mirroring does not truncate frames, and oversized mirroring frames will be dropped. If jumbo frames are enabled on the mirroring source switch, then the mirroring destination switch and all downstream devices connecting the source switch to the mirroring destination must be configured to support jumbo frames.

  • Page 450: Enabling Jumbo Frames To Increase Mirroring Path Mtu

    (The maximum transmission unit—MTU—on the switches covered by this manual is 9220 bytes for frames having an 802.1Q VLAN tag, and 9216 bytes for untagged frames.) For information on configuring the switch for jumbo frames, refer to “Configuring Jumbo Frame Operation” on page 12-4.

  • Page 451: Untagged, Mirrored Traffic

    VLAN tags, then the MTU for untagged, mirrored frames leaving the source switch is reduced below the values shown in table B-2. That is, if the MTU on the path to the destination is 1522 bytes, then untagged, mirrored frames leaving the source switch cannot exceed 1518 bytes.

  • Page 452

    If a frame exits from the switch on a mirrored port that is a tagged member of a VLAN, then the mirrored copy will also be tagged for the same reason.

  • Page 453

    ■ Switch Operation as Both Destination and Source: A switch config- ured as remote destination switch can also be configured to mirror traffic to one of its own ports (local mirroring). Monitor Command Note: If session 1 is already configured with a ■...

  • Page 454: Troubleshooting Mirroring

    On the destination switch for a given mirroring session, both the port on which the mirrored traffic enters the switch and the exit port must be members of the same VLAN. All links on the path from the source switch to the destination switch must be active.

  • Page 455

    VLAN-Related Problems ........C-21 Using the Event Log for Troubleshooting Switch Problems ..C-24 Event Log Entries .

  • Page 456

    Traceroute Command ........C-62 Viewing Switch Configuration and Operation ....C-66 CLI: Viewing the Startup or Running Configuration File .

  • Page 457

    Customizing show tech Command Output ....C-69 CLI: Viewing More Information on Switch Operation ... C-72 Pattern Matching When Using the Show Command .

  • Page 458

    Overview This appendix addresses performance-related network problems that can be caused by topology, switch configuration, and the effects of other devices or their configurations on switch operation. (For switch-specific information on hardware problems indicated by LED behavior, cabling requirements, and other potential hardware-related problems, refer to the Installation and Getting Started Guide you received with the switch.)

  • Page 459: Troubleshooting Approaches

    Troubleshooting Approaches Use these approaches to diagnose switch problems: ■ Check the HP support web site for software updates that may have solved your problem: www.hp.com/#support ■ Check the switch LEDs for indications of proper switch operation: • Each switch port has a Link LED that should light whenever an active network device is connected to the port.

  • Page 460

    For the downlink and ISL ports, troubleshooting can be done from the OA ■ Web interface. These ports are controlled from both the OA and the switch configuration. A port state is a combination of OA Enable/Disable state and the switch Enable/Disable state. The port is not Enabled until both...

  • Page 461: Browser Or Telnet Access Problems

    ■ If you are using DHCP to acquire the IP address for the switch, the IP address “lease time” may have expired so that the IP address has changed. For more information on how to “reserve” an IP address, refer to the documentation for the DHCP application that you are using.

  • Page 462

    Note: If DHCP/Bootp is used to configure the switch, refer to the Note, above. If you are using DHCP to acquire the IP address for the switch, the IP ■ address “lease time” may have expired so that the IP address has changed.

  • Page 463: Unusual Network Activity, General Problems

    Network activity that fails to meet accepted norms may indicate a hardware problem with one or more of the network components, possibly including the switch. Such problems can also be caused by a network loop or simply too much traffic for the network as it is currently designed and implemented.

  • Page 464: Q Prioritization Problems, Igmp-related Problems

    IP Multicast (IGMP) Traffic That Is Directed By IGMP Does Not Reach IGMP Hosts or a Multicast Router Connected to a Port. IGMP must be enabled on the switch and the affected port must be configured for “Auto” or “Forward” operation.

  • Page 465: Lacp-related Problems, Port-based Access Control (802.1x)-related Problems

    Filter Traffic. The IGMP feature does not operate if the switch or VLAN does not have an IP address configured manually or obtained through DHCP/Bootp. To verify whether an IP address is configured for the switch or VLAN, do either of the following: ■...

  • Page 466

    Telnet, or SSH). There can be several reasons for not receiving a response to an authentication request. Do the following: Use ping to ensure that the switch has access to the configured RADIUS ■ servers. Verify that the switch is using the correct encryption key (RADIUS secret ■...

  • Page 467

    (RADIUS secret key) the switch is using is correct for the server being contacted. If the switch has only a global key configured, then it either must match the server key or you must configure a server-specific key.

  • Page 468: Qos-related Problems

    Unusual Network Activity Figure C-2. Displaying Encryption Keys Also, ensure that the switch port used to access the RADIUS server is not blocked by an 802.1X configuration on that port. For example, show port- access authenticator < port-list > gives you the status for the specified ports.

  • Page 469: Radius-related Problems

    IP address is correctly configured in the switch. Use show radius to verify that the encryption key the switch is using is correct for the server being contacted. If the switch has only a global key configured, then it either must match the server key or you must configure a server-specific key.

  • Page 470: Spanning-tree Protocol (mstp) And Fast-uplink Problems

    Return the values (2 seconds and 20 seconds, respectively, on a switch). A “downlink” port is connected to a switch that is further away (in hop ■ count) from the root device than the switch port on which fast-uplink MSTP is configured.

  • Page 471: Ssh-related Problems

    (use 'crypto' command). then you need to generate an SSH key pair for the switch. To do so, execute crypto key generate.(Refer to “2. Generating the Switch’s Public and Private Key Pair”...

  • Page 472

    (CR). In this case, the switch interprets the next sequential key entry as simply a comment attached to the preceding key entry.

  • Page 473: Tacacs-related Problems

    Event Log. When troubleshooting TACACS+ operation, check the switch’s Event Log for indications of problem areas. All Users Are Locked Out of Access to the Switch. If the switch is func- tioning properly, but no username/password pairs result in console or Telnet access to the switch, the problem may be due to how the TACACS+ server and/or the switch are configured.

  • Page 474

    TACACS+ server application. System Allows Fewer Login Attempts than Specified in the Switch Configuration. Your TACACS+ server application may be configured to allow fewer login attempts than you have configured in the switch with the aaa authentication num-attempts command. C-20...

  • Page 475: Timep, Sntp, Or Gateway Problems, Vlan-related Problems

    “Tagged” or “Untagged”. A VLAN assigned to a port connecting two 802.1Q- compliant devices must be configured the same on both ports. For example, VLAN_1 and VLAN_2 use the same link between switch “X” and switch “Y”. Troubleshooting Unusual Network Activity...

  • Page 476

    Similarly, if VLAN_2 (VID=2) is configured as “Tagged on the link port on switch “A”, then it must also be configured as “Tagged” on the link port on switch “B”. Make sure that the VLAN ID (VID) is the same on both switches.

  • Page 477

    MAC Address “A”; VLAN 2 Figure C-5. Example of Duplicate MAC Address Troubleshooting Unusual Network Activity VLAN 1 Switch with 8212zl Switch Single (Multiple Forwarding Forwarding Database Database) VLAN 2 Problem: This switch detects continual moves of MAC address “A” between ports. C-23...

  • Page 478: Using The Event Log For Troubleshooting Switch Problems, Event Log Entries

    You can scroll through it to view any part of the log. N o t e The Event Log is erased if power to the switch is interrupted or if you enter the boot system command. The contents of the Event Log are not erased if you: Reboot the switch by choosing the Reboot Switch option from the menu ■...

  • Page 479

    802.1X-capable client (supplicant) has entered valid RADIUS user credentials addrmgr Address Table Manager: Manages MAC addresses that the switch has learned and are stored in the switch’s address table. auth Authorization: A connected client must receive authorization through web, AMC, RADIUS-based, TACACS+-based, or 802.1X authentication before it can send traffic to the switch.

  • Page 480

    Download operation for copying a software version or files to the switch. Direct Access Memory (DMA): Transmits and receives packets between the CPU and the switch. Not used for logging messages in software release K.13. fault Fault Detection facility, including response policy and the sensitivity level at which a network problem should generate an alert.

  • Page 481

    IP Address Manager: Programs IP routing information in switch hardware. Novell Netware protocol filtering: On the basis of protocol type, the switch can forward or drop traffic to a specific set of destination ports on the switch. Key Management System: Configures and maintains security...

  • Page 482

    SSH messages also include events from the Secure File Transfer Protocol (SFTP) feature. SFTP provides a secure alternative to TFTP for transferring sensitive information, such as switch configuration files, to and from the switch in an SSH session. Secure Socket Layer Version 3 (SSLv3), including Transport...

  • Page 483

    TACACS+ authentication: A central server is used to control access to the switches (and other TACACS-aware devices) in the network through a switch’s console port (local access) or Telnet (remote access). Transmission Control Protocol: A transport protocol that runs on IP and is used to set up connections.

  • Page 484

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Module vlan Static 802.1Q VLAN operations, including port-and protocol- based configurations that group users by logical function instead of physical location • A port -based VLAN creates a layer-2 broadcast domain comprised of member ports that bridge IPv4 traffic among themselves.

  • Page 485: Menu: Displaying And Navigating In The Event Log

    (Back, Next page, Prev page, or End) or the keys described in Tabletable C-1. Table C-1. Using the Event Log for Troubleshooting Switch Problems Log events on screen 690-704. Prev page...

  • Page 486: Cli: Displaying The Event Log, Cli: Clearing Event Log Entries

    Troubleshooting Using the Event Log for Troubleshooting Switch Problems CLI: Displaying the Event Log To display messages recorded in the event log from the CLI, enter the show logging command. Keyword searches are supported. Syntax: show logging [-a, -r] [<search-text>] Examples.

  • Page 487: Cli: Turning Event Numbering On, Event Log And Snmp Messages

    When the first instance of a particular event or condition generates a message, the switch initiates a log throttle period that applies to all recurrences of that event. If the logged event recurs during the log throttle period, the switch increments the counter initiated by the first instance of the event, but does not generate a new message.

  • Page 488: Log Throttle Periods, Example Of Log Throttling

    M (Major) Example of Log Throttling For example, suppose that you configure VLAN 100 on the switch to support PIM operation, but do not configure an IP address. If PIM attempted to use VLAN 100, the switch would generate the first instance of the following Event Log message and counter.

  • Page 489

    Event Log. However, if the event occurred again after the log throttle period expired, the switch would repeat the message (with an updated counter) and start a new log throttle period.

  • Page 490: Example Of Event Counter Operation

    Throttle Period *This value always comprises the first instance of the duplicate message in the current log throttle period plus all previous occurrences of the duplicate message occurring since the switch last rebooted. C-36 How the Duplicate Message Counter Increments...

  • Page 491: Debug/syslog Operation, Debug/syslog Messaging, Debug/syslog Destination Devices

    Debug/Syslog Operation While the Event Log records switch-level progress, status, and warning messages on the switch, the Debug/System Logging (Syslog) feature provides a way to record Event Log and debug messages on a remote device. For example, you can send messages about routing misconfigurations and other network protocol details to an external device, and later use them to debug network-level problems.

  • Page 492: Debug/syslog Configuration Commands

    < debug-type > command to a buffer in switch memory. See “Debug Destinations” on page C-47. Sends standard Event Log messages to configured debug destinations. (The same messages are also sent to the switch’s Event Log, regardless of whether you enable this option.) forwarding: Sends IPv4 forwarding messages to the debug destination(s).

  • Page 493: Configuring Debug/syslog Operation

    Using the Debug/Syslog feature, you can perform the following operations: ■ Configure the switch to send Event Log messages to one or more Syslog servers. In addition, you can configure the messages to be sent to the User log facility (default) or to another log facility on configured Syslog servers.

  • Page 494

    If you configure system-module and/or severity-level values to filter Event Log messages, when you finish troubleshooting, you may want to reset these values to their default settings so that the switch sends all Event Log messages to configured debug destinations (Syslog servers and/or CLI session).

  • Page 495: Displaying A Debug/syslog Configuration

    (for example, by entering the write memory command), the debug settings are saved after a system reboot (power cycle or reboot) and re-activated on the switch. As a result, after switch startup, one of the following situations may occur: ■...

  • Page 496

    When you configure a Syslog IP address with the logging command, by default, the switch enables debug messaging to the Syslog address and the user facility on the Syslog server, and sends Event Log messages of all severity levels from all system modules.

  • Page 497

    Blocking Event Log messages from being sent from the switch to the ■ Syslog server and a CLI session. To configure Syslog operation in these ways with the Debug/Syslog feature disabled on the switch, you would enter the commands shown in Figure C-6. Troubleshooting Debug/Syslog Operation C-43...

  • Page 498

    Severity=debug System module=all-pass Destinations Configure a Syslog server IP address. (No other Syslog servers are configured on the switch.) The server address serves as an active debug destination for any configured debug types.) Display the new debug configuration. (Default debug settings - facility, severity, system module, and debug types- are displayed.)

  • Page 499: Debug Command, Debug Messages

    Syntax: [no] debug < debug-type > Syntax: [no] debug < debug-type > (Continued) Configures the switch to send all debug message types to configured debug destination(s). (Default: Disabled - No debug messages are sent.)

  • Page 500

    — Information on flood messages. lsa-generation — New LSAs added to database. packet [ packet-type ] — All OSPF packet messages sent and received on the switch, where packet-type enables only the specified OSPF packet type. Valid values are: dd — Database descriptions hello —...

  • Page 501: Debug Destinations

    Enables Syslog logging to send the debug message types specified by the debug < debug-type > command to a buffer in switch memory. To view the debug messages stored in the switch buffer, enter the show debug buffer command. Troubleshooting...

  • Page 502: Logging Command

    Event Log messages that are sent, if you save these settings to the startup configuration file by entering the write memory command, these debug and logging settings are automatically re-activated after a switch reboot or power recycle. The debug settings and destinations configured in your previous troubleshooting session will then be applied to the current session, which may not be desirable.

  • Page 503: Configuring A Syslog Server

    Configuring a Syslog Server Syslog is a client-server logging tool that allows a client switch to send event notification messages to a networked device operating with Syslog server software. Messages sent to a Syslog server can be stored to a file for later debugging analysis.

  • Page 504

    If you use the “no” form of the command to delete the only remaining Syslog server address, debug destination logging is disabled on the switch, but the default Event debug type is not changed. Also, removing all configured Syslog destinations with the no logging command (or a specified Syslog server destination with the no logging <...

  • Page 505: Adding A Description For A Syslog Server

    (IPv4 only) configured for syslog using the CLI or SNMP. N o t e The HP enterprise MIB hpicfSyslog.mib allows the configuration and moni- toring of syslog for SNMP (RFC 3164 supported). To disable Syslog logging on the switch without deleting config- ured server addresses, enter the no debug destination logging command.

  • Page 506: Adding A Priority Description

    Troubleshooting Debug/Syslog Operation The CLI command is: Syntax: logging <ip-addr> control-descr <text_string>] ProCurve(config)# logging 10.10.10.2 control-descr syslog_one Figure C-9. Example of the Logging Command with a Control Description C a u t i o n Entering the no logging command removes ALL the syslog server addresses without a verification prompt.

  • Page 507: Sent To A Syslog Server

    Event Log messages are entered with one of the following severity levels (from highest to lowest): Major: A fatal error condition has occurred on the switch. Error: An error condition has occurred on the switch. Warning: A switch service has behaved unexpectedly.

  • Page 508: Messages Sent To A Syslog Server, Operating Notes For Debug And Syslog

    Syntax: [no] logging system-module < system-module > Operating Notes for Debug and Syslog Rebooting the Switch or pressing the Reset button resets the ■ Debug Configuration. Debug Option...

  • Page 509

    ■ All Syslog messages resulting from a debug operation have a “debug” severity level. If you configure the switch to send debug messages to a Syslog server, ensure that the server’s Syslog application is configured to accept the “debug” severity level. (The default configuration for some Syslog applications ignores the “debug”...

  • Page 510: Diagnostic Tools

    Diagnostic Tools Diagnostic Tools Diagnostic Features Feature Port Auto negotiation Ping test Link test Traceroute operation View switch configuration files View switch (show tech) operation View crash information and command history View system information and software version Useful commands in a...

  • Page 511: Port Auto-negotiation, Ping And Link Tests

    When a link LED does not light (indicating loss of link between two devices), the most common reason is a failure of port auto-negotiation between the connecting ports. If a link LED fails to light when you connect the switch to a port on another device, do the following: Ensure that the switch port and the port on the attached end-node are both set to Auto mode.

  • Page 512: Web: Executing Ping Or Link Tests

    Destination IP/MAC Address is the network address of the target, or destination, device to which you want to test a connection with the switch. An IP address is in the X.X.X.X format where X is a decimal number between 0 and 255. A MAC address is made up of 12 hexadecimal digits, for example, 0060b0-080400.

  • Page 513: Cli: Ping Test

    Number of Packets to Send is the number of times you want the switch to attempt to test a connection. Timeout in Seconds is the number of seconds to allow per attempt to test a connection before determining that the current attempt has failed.

  • Page 514: Link Tests

    Troubleshooting Diagnostic Tools Basic Ping Operation Ping with Repetitions Ping with Repetitions and Timeout Ping Failure Figure C-12. Examples of Ping Tests To halt a ping test before it concludes, press N o t e To use the ping (or traceroute) command with host names or fully qualified domain names, refer to “DNS Resolver”...

  • Page 515: Traceroute Command

    Test Fail Figure C-13. Example of Link Tests Traceroute Command The traceroute command enables you to trace the route from the switch to a host address. This command outputs information for each (router) hop between the switch and the destination address. Note that every time you execute traceroute, it uses the same default settings unless you specify otherwise for that instance of the command.

  • Page 516

    [timeout < 1-120 >] For the current instance of traceroute, changes the timeout period the switch waits for each probe of a hop in the route. For any instance of traceroute, if you want a timeout value other than the default, you must specify that value. (Default: 5 seconds) [probes <...

  • Page 517

    Troubleshooting Diagnostic Tools Intermediate router hops with the time taken for the switch to receive acknowledgement of each probe reaching each router. The asterisk indicates there was a timeout on the second probe to the third hop.

  • Page 518

    Troubleshooting Diagnostic Tools If A Network Condition Prevents Traceroute from Reaching the Destination. Common reasons for Traceroute failing to reach a destination include: Timeouts (indicated by one asterisk per probe, per hop; refer to Figure ■ C-15, above.) Unreachable hosts ■...

  • Page 519: Viewing Switch Configuration And Operation, Cli: Viewing The Startup Or Running Configuration File

    Use the right-side scroll bar to scroll through the configuration listing. CLI: Viewing a Summary of Switch Operational Data Syntax: show tech By default, the show tech command displays a single output of switch operat- ing and running-configuration data from several internal switch sources, including: Troubleshooting...

  • Page 520

    GVRP support Load balancing (trunk and LACP) ■ Figure C-17 shows sample output from the show tech command. ProCurve 6120 Blade Switch# show tech show system Status and Counters - General System Information System Name : ProCurve 6120 Blade Switch...

  • Page 521: Saving Show Tech Command Output To A Text File

    Saving show tech Command Output to a Text File When you enter the show tech command, a summary of switch operational data is sent to your terminal emulator. You can use your terminal emulator’s text capture features to save the show tech data to a text file for viewing, printing, or sending to an associate to diagnose a problem.

  • Page 522: Customizing Show Tech Command Output

    To access the file, open it in Microsoft Word, Notepad, or a similar text editor. Customizing show tech Command Output Use the copy show tech command to customize the detailed switch information displayed with the show tech command to suit your troubleshooting needs. To customize the information displayed with the show tech command: Determine the information that you want to gather to troubleshoot a problem in switch operation.

  • Page 523

    For more information on using copy tftp commands, refer to the “File Transfers” appendix. Syntax: copy <source> show- tech xmodem config < startup-config | config < filename > | command-file < filename.txt > < pc | unix > Troubleshooting Viewing Switch Configuration and Operation C-69...

  • Page 524

    Troubleshooting Viewing Switch Configuration and Operation Syntax: copy <source> show- tech C-70 Copies the contents of a configuration file from a serially connected PC or UNIX workstation to show tech command output, where: startup-config: Specifies the name of the startup configuration file on the connected device.

  • Page 525: Cli: Viewing More Information On Switch Operation

    Information” in the “Interface Access and System Information” chapter). show version Displays the software version currently running on the switch, and the flash image from which the switch booted (primary or secondary). For more information, see “Displaying Management Information” in the “Redundancy (Switch 8212zl)” chapter.

  • Page 526: Pattern Matching When Using The Show Command

    Troubleshooting Viewing Switch Configuration and Operation Pattern Matching When Using the Show Command The pattern matching option with the show command provides the ability to do searches for specific text. Selected portions of the output are displayed depending on the parameters chosen.

  • Page 527

    B21-B24 no ip address exit sequence 10 deny tcp 2001:db8:255::/48 2001:db8:125::/48 exit no autorun password manager ProCurve(config)# Figure C-21. Example of Pattern Matching with Exclude Option Troubleshooting Viewing Switch Configuration and Operation Displays all lines that don’t contain “ipv6”. C-73...

  • Page 528

    Troubleshooting Viewing Switch Configuration and Operation ProCurve(config)# show run | begin ipv6 ipv6 enable no untagged B21-B24 exit vlan 20 name "VLAN20" untagged B21-B24 ipv6 enable no ip address exit ipv6 access-list "EH-01" sequence 10 deny tcp 2001:db8:255::/48 2001:db8:125::/48 exit...

  • Page 529: Cli: Useful Commands For Troubleshooting Sessions

    To halt the command execution, press any key on the keyboard. For more information, see “Repeating Execution of a Command” in the “Using the Command Line Interface (CLI)” chapter. setup Displays the Switch Setup screen from the menu interface. Troubleshooting Viewing Switch Configuration and Operation C-75...

  • Page 530: Restoring The Factory-default Configuration, Cli: Resetting To The Factory-default Configuration

    Configuration As part of your troubleshooting process, it may become necessary to return the switch configuration to the factory default settings. This process momen- tarily interrupts the switch operation, clears any passwords, clears the console Event Log, resets the network counters to zero, performs a complete self test, and reboots the switch into its factory default configuration including deleting an IP address.

  • Page 531: Restoring A Flash Image

    When the Self Test LED begins to flash, release the Clear button. The switch will then complete its self test and begin operating with the configuration restored to the factory default settings. Restoring a Flash Image The switch can lose its operating system if either the primary or secondary...

  • Page 532

    Troubleshooting Restoring a Flash Image Make sure that the switch automatically boots into ROM first. Start the Console Download utility by typing do at the => prompt and pressing => do You will then see this prompt: At the above prompt: b.

  • Page 533: Dns Resolver, Terminology

    For example, in the evergreen.trees.org domain, if an IPv4 address of 10.10.100.27 is assigned a host name of accounts015 and another IP address of 10.10.100.33 is assigned a host name of sales021, then the switch configured with the domain suffix evergreen.trees.org and a DNS server that resolves addresses in that domain can use the host names to reach the devices with DNS-compatible commands.

  • Page 534: Basic Operation

    IP address for an accessible DNS server. If an operator wants to use the switch to ping a target host in this domain by using the DNS name “leader” (assigned by a DNS server to an IP address used in...

  • Page 535: Dns-compatible Commands

    Example. Suppose the switch is configured with the domain suffix mygroup.procurve.net and the IP address for an accessible DNS server in this same domain. This time, the operator wants to use the switch to trace the route to a host named “remote-01” in a different domain named common.group.net.

  • Page 536: Configuring A Dns Entry

    Configuring a DNS Entry The switch allows up to three DNS server entries (IP addresses for DNS servers). One domain suffix can also be configured to support resolution of DNS names in that domain by using a host name only. Including the domain suffix enables the use of DNS-compatible commands with a target’s host name...

  • Page 537: Example Using Dns Names With Ping And Traceroute

    DNS name with a DNS-compatible command: • If the DNS server IP address is configured on the switch, but the domain suffix is not configured (null) • The domain suffix configured on the switch is not the domain in which the target...

  • Page 538

    Troubleshooting DNS Resolver Configuring switch “A” with the domain name and the IP address of a DNS server for the domain enables the switch to use host names assigned to IP addresses in the domain to perform ping and traceroute actions on the devices in the domain.

  • Page 539: Viewing The Current Dns Configuration

    As mentioned under “Basic Operation” on page C-80, if the DNS entry config- ured in the switch does not include the domain suffix for the desired target, then you must use the target host’s fully qualified domain name with DNS- compatible commands.

  • Page 540

    The DNS server(s) and domain configured on the switch must be ■ accessible to the switch, but it is not necessary for any intermediate devices between the switch and the DNS server to be configured to support DNS operation.

  • Page 541: Event Log Messages

    DNS server not responding Unknown host < host-name > Meaning The switch does not have an IP address configured for the DNS server. The DNS server failed to respond or is unreachable. An incorrect server IP address can produce this result.

  • Page 542

    Determining MAC Addresses ........D-3 Menu: Viewing the Switch’s MAC Addresses ....D-4 CLI: Viewing the Port and VLAN MAC Addresses .

  • Page 543

    MAC addresses are assigned at the factory. The switch automatically implements these addresses for VLANs and ports as they are added to the switch. N o t e The switch’s base MAC address is also printed on a label affixed to the switch.

  • Page 544: Determining Mac Addresses

    N o t e The switch’s base MAC address is used for the default VLAN (VID = 1) that is always available on the switch. This is true for dynamic VLANs as well; the base MAC address is the same across all VLANs.

  • Page 545: Menu: Viewing The Switch's Mac Addresses

    Any additional VLANs configured on the switch. ■ Also, the Base MAC address appears on a label on the back of the switch. N o t e The Base MAC address is used by the first (default) VLAN in the switch. This is usually the VLAN named “DEFAULT_VLAN”...

  • Page 546: Cli: Viewing The Port And Vlan Mac Addresses

    This procedure displays the MAC addresses for all ports and existing VLANs in the switch, regardless of which VLAN you select. If the switch is at the CLI Operator level, use the enable command to enter the Manager level of the CLI.

  • Page 547

    = 00 12 79 88 a1 00 ifPhysAddress.4456 = Figure D-2. Example of Port MAC Address Assignments on a Switch ifPhysAddress.1 - 4: Ports A1 - A4 in Slot A (Addresses 5 - 24 in slot A are unused.) ifPhysAddress.49 - 72:Ports C1 - C24 in Slot C...

  • Page 548: Viewing The Mac Addresses Of Connected Devices

    VLAN, along with the number of the specific port on which each MAC address was detected. To list the MAC addresses of devices the switch has detected, use the show mac-address command. MAC Address Management...

  • Page 549

    Monitoring Resources Contents Viewing Information on Resource Usage ..... . . E-2 Policy Enforcement Engine ........E-2 When Insufficient Resources Are Available .

  • Page 550: Viewing Information On Resource Usage, Policy Enforcement Engine

    Monitoring Resources Viewing Information on Resource Usage Viewing Information on Resource Usage The switch allows you to view information about the current usage and availability of resources in the Policy Enforcement engine, including the following software features: ■ QoS through RADIUS authentication designated as “IDM”, with or without the optional identity-driven management (IDM) application ■...

  • Page 551: When Insufficient Resources Are Available

    The current feature configuration, RADIUS-authenticated client sessions, ■ and virus throttling instances continue to operate normally. ■ The switch generates an event log notice to say that current resources are fully subscribed. ■ Currently engaged resources must be released before any of the following actions are supported: •...

  • Page 552

    Daylight Savings Time on ProCurve Switches ProCurve switches provide a way to automatically adjust the system clock for Daylight Savings Time (DST) changes. To use this feature you define the month and date to begin and to end the change from standard time. In addition to the value “none”...

  • Page 553

    The menu interface screen looks like this (all month/ date entries are at their default values): ===========================- TELNET - MANAGER MODE -============================ System Name : ProCurve 6120 Blade Switch System Contact : System Location :...

  • Page 554

    Before configuring a “User defined” Daylight Time Rule, it is important to understand how the switch treats the entries. The switch knows which dates are Sundays, and uses an algorithm to determine on which date to change the system clock, given the configured “Beginning day” and “Ending day”: ■...

  • Page 555

    Example ..........G-5 OOBM and Switch Applications ......G-6 Tasks .

  • Page 556: Concepts

    Out-of-band ports have typically been serial console ports using DB-9 or specially wired 8-pin modular (RJ-style) connectors. The HP ProCurve 6120G/ XG and 6120XG switches have a networked out-of-band management port available to them through the dedicated networked management port in the C-class enclosure Onboard Administrator (OA) module.

  • Page 557

    Figure D-1. C-class enclosure OA Management port Out-of-band management (OOBM) operates on a “management plane” that is separate from the “data plane” used by data traffic on the switch and by in- band management traffic. That separation means that out-of-band manage- ment can continue to function even during periods of traffic congestion, equipment malfunction, or attacks on the network.

  • Page 558

    Network Out-of-Band Management (OOBM) Concepts Advantages allows centralized management Disadvantages can be affected by events on data network; does not show boot sequence In Band Networked Directly connected not affected by events on data network, shows boot sequence requires PC to directly connect to USB connector;...

  • Page 559: Example

    (essen- tially, a networked serial switch), allowing the network administrators to view the CLI activity of each switch at boot time and to control the switches through the console ports (as well as through the management ports).

  • Page 560: Oobm And Switch Applications

    Traceroute n/a = not applicable * = SNMP client refers to SNMP traps as they originate from the switch. ** = DNS has a limit of two servers — primary and secondary. Either can be configured to use the OOBM interface.

  • Page 561: Tasks, Oobm Configuration, Oobm Context

    Tasks OOBM Configuration OOBM context OOBM configuration commands can be issued from the global configuration context (config) or from a specific OOBM configuration context (oobm). To enter the OOBM configuration context from the general configuration con- text, use the oobm command. Syntax: oobm Enters the OOBM context from the general configuration context.

  • Page 562: Oobm Enable/disable

    Enables or disables networked out-of-band-management on the switch. OOBM is not compatible with either a management VLAN or stacking. If you attempt to enable OOBM when a management VLAN is enabled or when stacking is enabled, the command will be rejected and you will receive an error message.

  • Page 563: Oobm Port Enable/disable

    OOBM port enable/disable The OOBM interface command enables or disables the OOBM interface (the OOBM port, as opposed to the OOBM function). Syntax: From the OOBM context: interface [enable | disable] From the general configuration context: oobm interface [enable | disable] Enables or disables the networked OOBM interface (port).

  • Page 564: Oobm Ipv4 Address Configuration, Oobm Ipv4 Default Gateway Configuration

    From the general configuration context: [no] oobm ip address [dhcp-bootp | ip-address/mask-length] Configures an IPv4 address for the switch’s OOBM interface. You can configure an IPv4 address even when global OOBM is disabled; that address will become effective when OOBM is enabled.

  • Page 565: Oobm Show Commands, Show Oobm

    OOBM Show Commands commands for OOBM are similar to the analogous commands for show the data plane. Note that you must always include the the information for the OOBM interface, regardless of the context. For instance, even from the OOBM context the configuration for the data plane;...

  • Page 566: Show Oobm Ip Configuration, Show Oobm Arp Information

    Network Out-of-Band Management (OOBM) Tasks Show OOBM IP configuration Use show oobm ip to see the IP configuration of the OOBM interface. Syntax: show oobm ip Show OOBM ARP information Use show oobm arp to see the ARP table entries for the OOBM interface. Syntax: show oobm arp G-12 Summarizes the IP configuration of the OOBM interface.

  • Page 567: Application Server Commands

    Application Server Commands Application servers (as described in OOBM and Server Applications in the Concepts section above) have added a options to specify which interface(s) is(are) active. Default value is for all servers. both For example: Telnet: telnet-server [listen <oobm | data | both>] Management and Configuration Guide, page 7-6 SSH: ip ssh [listen <oobm | data | both>]...

  • Page 568

    Network Out-of-Band Management (OOBM) Tasks show servers ProCurve# show servers Server listen mode Server ----------------------------- Telnet Tftp Web-management Snmp G-14 command shows the listen mode of the servers. Listen mode both both both both both...

  • Page 569: Application Client Commands

    Application Client Commands CLI commands for client applications have added the you to specify that the outgoing request be issued from the OOBM interface. If you do not specify the oobm appropriate in-band data interface. Command syntax is: Telnet: telnet <ip-address> [oobm] Management and Configuration Guide, page 7-6 TFTP: copy tftp ...

  • Page 570

    Assume that the figure below describes how you want to set up your data center. Figure D-3. Example data center Assume that you are configuring the switch in the left-hand rack to commu- nicate on both the data and management networks. You might do the follow- ing: ■...

  • Page 571

    Switch 41# ping 10.1.131.51 10.1.131.51 is alive, time = 15 ms Switch 41# ping 10.255.255.42 The destination address is unreachable. Switch 41# ping source oobm 10.255.255.42 10.255.255.42 is alive, time = 2 ms Switch 41# Network Out-of-Band Management (OOBM) Set up IP address on data network.

  • Page 572

    Index Symbols => prompt … C-77 Numerics 802.1X effect, LLDP … 13-76 LLDP blocked … 13-44 802.1X access control authentication failure, SNMP notification … 13-27 SNMP notification of authentication failure … 13-27 access manager … 13-14 operator … 13-14 out-of-band … 2-4 address network manager …...

  • Page 573

    broadcast storm … 11-3, C-16 broadcast traffic IPX … 10-5, 10-19 RIP … 10-5, 10-19 browser interface See web browser interface. CDP … 13-77, 13-78, 13-79, 13-80, 13-82 Classifier mirroring configuration … B-27 Clear + Reset button combination … 6-37 Clear button …...

  • Page 574

    … 6-34 workingConfig … 6-26, 6-27 xmodem from host … 6-40 xmodem to host … 6-40 connection-rate filtering affect on switch resources … E-2 resource usage … E-2 console Actions line … 3-10, 3-11 configuring … 7-3 ending a session …...

  • Page 575

    720 seconds … 9-10 sntp server version, 3 … 9-12 Support/Mgmnt URL window … 5-12 system information features … 7-12 system name, switch product name … 7-12 task-monitor cpu, disabled … B-8 Telnet access, enabled … 7-3 terminal type, VT-100 … 7-3 TFTP, enabled …...

  • Page 576

    … 12-11 facility logging … C-38 factory default configuration restoring … 6-9, C-76 failure, switch software download … A-7 fastboot command … 6-23 fault detection policy … 5-8, 5-24 fault-tolerance … 11-4 fiber optics, monitoring links … 10-31 filter, source-port jumbo VLANs …...

  • Page 577

    Help for CLI … 1-7, 4-11 for menu interface … 1-6, 3-9, 3-11 for web browser interface … 1-7, 5-13 online, inoperable … 5-13 hop, router … 8-10 Auto-MDIX feature … 10-19 web browser interface … 2-6 resource usage … E-2 resources …...

  • Page 578

    … C-57 link, serial … 7-3 link-change traps … 13-18, 13-29 Link-Layer Discovery Protocol See LLDP. LLDP 802.1D-compliant switch … 13-75 802.1X blocking … 13-44 802.1X effect … 13-76 active port … 13-37 adjacent device … 13-37 advertisement … 13-37 advertisement content …...

  • Page 579

    … D-7 duplicate … C-16, C-22 learned … B-14 port … D-2, D-4 same MAC, multiple VLANs … D-6 switch … D-2 traffic selection in mirroring … B-26 VLAN … D-2, D-5 walkmib … D-5 MAC authentication SNMP notification …...

  • Page 580

    … 3-10 moving to or from the CLI … 4-7 See also console. mesh mirroring … B-23 HP proprietary … 13-5 listing … 13-5 standard … 13-5 mini-USB … 2-2 mirroring 802.1Q tag … B-45 caution, configure destination first …...

  • Page 581

    … 5-10 setting via web browser … 5-8 operator privileges … 4-4, 4-6 Option 66, DHCP … 6-41 version … A-23 See also switch software. OSPF debug command … C-46 out-of-band access … 2-4 packet debug messages … C-38 password …...

  • Page 582

    LACP not allowed … 11-22 troubleshooting … C-11 port-utilization and status displays … 10-13 power supply show settings … B-7 Power-Sourcing Equipment … 13-38 privilege levels … 4-3 ProCurve Auto-MDIX feature … 10-19 switch documentation … -xxi Index – 11...

  • Page 583

    … 13-6 starting web browser … 5-4 updating switch software … A-24 using Java-enabled browser … 5-5 ProCurve, HP, URL … 13-5 prompt, => … C-77 PSAP … 13-38 PSE … 13-38 Public Safety Answering Point … 13-38 public SNMP community …...

  • Page 584

    username and password … 5-8 web browser access, RADIUS … 5-8 Self Test LED behavior during factory default reset … C-77 serial number … B-6 setmib, delay interval … 13-48 setmib, reinit delay … 13-50 setup screen … 1-8 severity level event log …...

  • Page 585

    See also IP masks. support URL … 5-12 URL Window … 5-12 switch console See console. switch setup menu … 3-8 switch software copy from a USB device … A-22 14 – Index download using TFTP … A-4 download, failure indication … A-7 download, switch-to-switch …...

  • Page 586

    … A-9 enabling server functionality … A-9 switch-to-switch transfer … A-22 troubleshooting download failures … A-6 using to download switch software … A-4 threshold setting … 13-6, 13-14 thresholds, SNMP … 13-20 time format, events … C-25 time protocol selecting …...

  • Page 587

    … C-16 SSH … C-17 SSH, SFTP, and SCP Operations … A-18 switch software download … A-6 switch won’t reboot, shows => prompt … C-77 traceroute … C-79, C-81 unusual network activity … C-9 using CLI session … C-38 using debug and Syslog messaging using the event log …...

  • Page 588

    … 5-4 troubleshooting access problems … C-7 URL default … 5-13 URL, management server … 5-13 URL, support … 5-13 web site, HP … 13-5 write access … 13-14 write memory effect on menu interface … 3-13 redundant management … 6-7 Xmodem copy command output …...

  • Page 589

    © Copyright 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

This manual also for:

Procurve 6120g/xg, Procurve 6120xg

Comments to this Manuals

Symbols: 0
Latest comments: