Page of 690
Download Print This PagePrint Bookmark
   
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690
8200zl
ProCurve Switches
K.12.XX
www.procurve.com
Management and

Advertising

   Related Manuals for HP ProCurve

   Summary of Contents for HP ProCurve

  • Page 1

    Management and Configuration Guide 8200zl ProCurve Switches K.12.XX www.procurve.com...

  • Page 3

    ProCurve Series 8200zl Switches September 2007 K.12.xx Management and Configuration Guide...

  • Page 4

    ProCurve Switch 8212zl (J8715A) contained herein. Hewlett-Packard assumes no responsibility for the use or reliability of its software on equipment that is not furnished Trademark Credits by Hewlett-Packard. Microsoft, Windows, and Microsoft Windows NT are US registered trademarks of Microsoft Corporation.

  • Page 5: Table Of Contents, Getting Started

    Contents Product Documentation About Your Switch Manual Set ......xxiii Printed Publications........xxiii Electronic Publications .

  • Page 6: Table Of Contents, Advantages Of Using Procurve Manager, Using The Menu Interface

    ProCurve Manager Plus ........

  • Page 7: Table Of Contents, Using The Procurve Web Browser Interface, Starting A Web Browser

    Using ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+) ....... 5-5 Tasks for Your First ProCurve Web Browser Interface Session .

  • Page 8: Table Of Contents, Switch Memory And Configuration

    Status Reporting Features ........5-16 The Overview Window .

  • Page 9: Table Of Contents, Interface Access And System Information

    Multiple Configuration Files ........6-27 General Operation ......... . 6-28 Transitioning to Multiple Configuration Files .

  • Page 10: Table Of Contents, Configuring Ip Addressing, Time Protocols

    8 Configuring IP Addressing Contents ............8-1 Overview .

  • Page 11: Table Of Contents, Port Status And Configuration

    Configuring a Broadcast Limit on the Switch ....10-14 Configuring ProCurve Auto-MDIX ......10-15 Web: Viewing Port Status and Configuring Port Parameters .

  • Page 12: Table Of Contents

    Enabling UDLD ........10-26 Changing the Keepalive Interval .

  • Page 13: Table Of Contents, Port Traffic Controls

    Applying Security Features to PoE Configurations ... . . 11-23 Assigning Priority Policies to PoE Traffic ..... 11-24 Calculating the Maximum Load for a PoE Module .

  • Page 14: Table Of Contents

    Displaying the Current Rate-Limit Configuration ... . 13-6 Operating Notes for Rate-Limiting ......13-8 ICMP Rate-Limiting .

  • Page 15: Table Of Contents

    SNMP Management Features ....... . . 14-4 Configuring for SNMP version 1 and 2c Access to the Switch ..14-4 Configuring for SNMP Version 3 Access to the Switch .

  • Page 16: Table Of Contents

    Configuring SNMP Notification Support ....14-47 Configuring Per-Port Transmit and Receive Modes ..14-48 Configuring Basic LLDP Per-Port Advertisement Content .

  • Page 17: Table Of Contents

    Resetting the Management Module ......15-14 Hotswapping Management Modules ......15-15 Hotswapping Out the Active Management Module .

  • Page 18: Table Of Contents

    Using the Web Browser for Redundant Management ... 15-36 Identity Page ..........15-36 Overview Page .

  • Page 19: Table Of Contents

    CLI: Xmodem Download from a PC or UNIX Workstation to Primary or Secondary Flash ......A-17 Using USB to Transfer Files to and from the Switch .

  • Page 20: Table Of Contents

    B Monitoring and Analyzing Switch Operation Contents ........... . . B-1 Overview .

  • Page 21: Table Of Contents

    Remote Destinations ........B-27 Mirrored Traffic Sources ........B-27 Criteria for Selecting Traffic To Mirror .

  • Page 22: Table Of Contents

    Remote Mirroring Destination Using a Port Interface and Directional Mirroring Criteria ......B-66 Maximum Supported Frame Size .

  • Page 23: Table Of Contents

    Log Command ......... C-29 Show Logging .

  • Page 24: Table Of Contents

    Displaying Current Resource Usage ......E-3 When Insufficient Resources Are Available ....E-5 F Daylight Savings Time on ProCurve Switches Index...

  • Page 25: Product Documentation

    Electronic Publications The latest version of each of the publications listed below is available in PDF format on the ProCurve Web site, as described in the Note at the top of this page. Management and Configuration Guide—Describes how to configure, ■...

  • Page 26

    Software Feature Index For the software manual set supporting your ProCurve 8212zl switch model, this feature index indicates which manual to consult for information on a given software feature. Both Intelligent Edge and Premium Edge software features are available on the Procurve 8212zl switch.

  • Page 27

    Intelligent Edge Software Manual Features Management Advanced Multicast and Access Traffic Routing Security Configuration Management Guide Config File Console Access Copy Command CoS (Class of Service) Debug DHCP Configuration DHCP Option 82 DHCP Snooping DHCP/Bootp Operation Diagnostic Tools Downloading Software Dynamic ARP Protection Eavesdrop Protection Event Log...

  • Page 28

    MAC-based Authentication Management VLAN Meshing Monitoring and Analysis Multicast Filtering Multiple Configuration Files Network Management Applications (SNMP) OpenView Device Management Passwords and Password Clear Protection ProCurve Manager (PCM) Ping Port Configuration Port Monitoring Port Security Port Status Port Trunking (LACP) xxvi...

  • Page 29

    Intelligent Edge Software Manual Features Management Advanced Multicast and Access Traffic Routing Security Configuration Management Guide Port-Based Access Control (802.1X) Power over Ethernet (PoE) Protocol Filters Protocol VLANS Quality of Service (QoS) RADIUS Authentication and Accounting RADIUS-Based Configuration Rate-Limiting Redundant Management RMON 1,2,3,9 Routing Routing - IP Static...

  • Page 30

    Intelligent Edge Software Manual Features Management Advanced Multicast and Access Traffic Routing Security Configuration Management Guide Telnet Access TFTP Time Protocols (TimeP, SNTP) Traffic Mirroring Traffic/Security Filters Troubleshooting Uni-Directional Link Detection (UDLD) UDP Forwarder USB Device Support Virus Throttling (Connection-Rate Filtering) VLANs VLAN Mirroring (1 static VLAN) Voice VLAN...

  • Page 31: Contents

    Getting Started Contents Introduction ..........1-2 Conventions .

  • Page 32: Introduction, Conventions, Command Syntax Statements

    Getting Started Introduction Introduction This guide is intended for use with the ProCurve Switch 8212zl. It describes how to use the command line interface (CLI), Menu interface, and web browser to configure, manage, monitor, and troubleshoot switch operation. For an overview of other product documentation for the above switches, refer to “Product Documentation”...

  • Page 33: Command Prompts, Screen Simulations, Configuration And Operation Examples, Keys

    In the default configuration, your switch displays a CLI prompt similar to the following: ProCurve 8212zl# To simplify recognition, this guide uses ProCurve to represent command prompts for all models. For example: ProCurve# (You can use the hostname command to change the text in the CLI prompt.) Screen Simulations Displayed Text.

  • Page 34: Sources For More Information

    For the latest version of all ProCurve switch documentation, including Release Notes covering recently added features, visit the ProCurve Network­ ing web site at www.procurve.com, click on Technical support, and then click on Product Manuals (all). Software Release Notes—Release Notes are posted on the ProCurve ■...

  • Page 35

    Getting Started Sources for More Information Management and Configuration Guide—Use this guide for information ■ on topics such as: • various interfaces available on the switch • memory and configuration operation • interface access • IP addressing • time protocols •...

  • Page 36: Getting Documentation From The Web, Online Help, Menu Interface

    Click on Technical support. Click on Product manuals. Click on the product for which you want to view or download a manual. If you need further information on ProCurve switch technology, visit the ProCurve Networking web site at: www.procurve.com Online Help...

  • Page 37: Command Line Interface, Web Browser Interface

    Figure 1-4. Button for Web Browser Interface Online Help N o t e To access the online Help for the ProCurve web browser interface, you need either ProCurve Manager (version 1.5 or greater) installed on your network or an active connection to the World Wide Web. Otherwise, Online help for...

  • Page 38: Need Only A Quick Start?, Ip Addressing

    If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, ProCurve recommends that you use the Switch Setup screen to quickly configure IP addressing. To do so, do one of the following: Enter setup at the CLI Manager level prompt.

  • Page 39

    ProCurve Manager Plus ........

  • Page 40: Overview, Understanding Management Interfaces

    VLAN management. (ProCurve includes a copy of PCM+ in-box for a free 30-day trial.) This manual describes how to use the menu interface (Chapter 3), the CLI (Chapter 4), the web browser interface (Chapter 5), and how to use these interfaces to configure and monitor the switch.

  • Page 41: Advantages Of Using The Menu Interface

    Selecting a Management Interface Advantages of Using the Menu Interface To use ProCurve Manager or ProCurve Manager Plus, refer to the Getting Started Guide and the Administrator’s Guide, which are available electron­ ically with the software for these applications. For more information, visit the ProCurve Networking web site at www.procurve.com.

  • Page 42: Advantages Of Using The Cli, General Benefits, Information On Using The Cli

    Provides more security; configuration information and passwords are ■ not seen on the network. Advantages of Using the CLI Prompt for Operator Level ProCurve> Prompt for Manager Level ProCurve# Prompt for Global Configuration ProCurve(config)# Level Prompt for Context ProCurve(<context>)#...

  • Page 43: Advantages Of Using The Web Browser Interface

    Selecting a Management Interface Advantages of Using the Web Browser Interface To perform specific procedures (such as configuring IP addressing or ■ VLANs), use the Contents listing at the front of the manual to locate the information you need. ■ For monitoring and analyzing switch operation, refer to Appendix B.

  • Page 44

    Selecting a Management Interface Advantages of Using the Web Browser Interface Many features have all their fields in one screen so you can view all ■ values at once ■ More visual cues, using colors, status bars, device icons, and other graphical objects instead of relying solely on alphanumeric values Display of acceptable ranges of values available in configuration list ■...

  • Page 45: Or Procurve Manager Plus

    Advantages of Using ProCurve Manager or ProCurve Manager Plus You can operate ProCurve Manager and ProCurve Manager Plus (PCM and PCM+) from a PC on the network to monitor traffic, manage your hubs and switches, and proactively recommend network changes to increase network uptime and optimize performance.

  • Page 46

    Features and benefits of ProCurve Manager Plus: ■ • All of the Features of ProCurve Manager: Refer to the above listing. • In-Depth Traffic Analysis: An integrated, low-overhead traffic mon­ itor interface shows detailed information on traffic throughout the network.

  • Page 47: Web Browser Interfaces

    Updates can be scheduled easily across large groups of devices, all at user-specified times. • Investment Protection: The modular software architecture of ProCurve Manager Plus will allow ProCurve to offer network admin­ istrators add-on software solutions that complement their needs. Custom Login Banners for the Console and Web Browser Interfaces...

  • Page 48: Banner Operation With Telnet, Serial, Or Sshv2 Access, Banner Operation With Web Browser Access

    Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus N o t e The switch’s Web browser interface does not display the default banner. Banner Operation with Telnet, Serial, or SSHv2 Access When a system operator begins a login session, the switch displays the banner above the local password prompt or, if no password is configured, above the Press any key to continue prompt.

  • Page 49: Example Of Configuring And Displaying A Banner

    Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus Use show banner motd to display the current banner status. Syntax: banner motd < delimiter > no banner motd This command defines the single character used to termi­...

  • Page 50

    Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus Figure 2-6. Example of Configuring a Login Banner To view the current banner configuration, use either the show banner motd or show running command. ProCurve(config)# show banner motd...

  • Page 51

    Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus ProCurve(config)# show running Running configuration ; J9091A Configuration Editor; Created on release K.12.XX hostname “ProCurve” module 1 type J8702A module 2 type J8702A snmp-server community “notpublic” Unrestricted vlan 1 name “DEFAULT_VLAN”...

  • Page 52: Operating Notes

    Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus If someone uses a Web browser to log in to the switch interface, the following message appears: Figure 1. Example of Web Browser Interface Result of the Login Banner...

  • Page 53

    Using the Menu Interface Contents Overview ........... . . 3-2 Starting and Ending a Menu Session .

  • Page 54

    Reboot the switch For a detailed list of menu features, see the “Menu Features List” on page 3-14. Privilege Levels and Password Security. ProCurve strongly recom­ mends that you configure a Manager password to help prevent unauthorized access to your network. A Manager password grants full read-write access to the switch.

  • Page 55: Starting And Ending A Menu Session

    Using the Menu Interface Starting and Ending a Menu Session N o t e If the switch has neither a Manager nor an Operator password, anyone having access to the console interface can operate the console with full manager privileges. Also, if you configure only an Operator password, entering the Operator password enables full manager privileges.

  • Page 56: How To Start A Menu Interface Session

    If no password has been configured, the CLI prompt appears. Go to the next step. 4. When the CLI prompt appears, display the Menu interface by entering the menu command. For example: ProCurve# menu [Enter] results in the following display:...

  • Page 57: How To End A Menu Session And Exit From The Console:

    Using the Menu Interface Starting and Ending a Menu Session Figure 3-1. Example of the Main Menu with Manager Privileges For a description of Main Menu features, see “Main Menu Features” on page 3-7. N o t e To configure the switch to start with the menu interface instead of the CLI, go to the Manager level prompt in the CLI, enter the command, and in the setup...

  • Page 58

    Using the Menu Interface Starting and Ending a Menu Session Asterisk indicates a configuration change that requires a reboot to activate. Figure 3-2. Example Indication of a Configuration Change Requiring a Reboot 1. In the current session, if you have not made configuration changes that require a switch reboot to activate, return to the Main Menu and press (zero) to log out.

  • Page 59: Main Menu Features

    Using the Menu Interface Main Menu Features Main Menu Features Figure 3-3. The Main Menu View with Manager Privileges The Main Menu gives you access to these Menu interface features: ■ Status and Counters: Provides access to display screens showing switch information, port status and counters, and port and VLAN address tables.

  • Page 60

    Using the Menu Interface Main Menu Features Command Line (CLI): Selects the Command Line Interface at the same ■ level (Manager or Operator) that you are accessing in the Menu interface. (Refer to Chapter 4, “Using the Command Line Interface (CLI)”.) ■...

  • Page 61: Screen Structure And Navigation

    Using the Menu Interface Screen Structure and Navigation Screen Structure and Navigation Menu interface screens include these three elements: ■ Parameter fields and/or read-only information such as statistics Navigation and configuration actions, such as Save, Edit, and Cancel ■ ■ Help line to describe navigation options, individual parameters, and read- only data For example, in the following System Information screen:...

  • Page 62

    Using the Menu Interface Screen Structure and Navigation Table 3-1. How To Navigate in the Menu Interface Task: Actions: Execute an action Use either of the following methods: from the “Actions –>” • Use the arrow keys ([<], or [>]) to highlight the action you want list at the bottom of to execute, then press [Enter].

  • Page 63

    Using the Menu Interface Screen Structure and Navigation To get Help on individual parameter descriptions. In most screens there is a Help option in the Actions line. Whenever any of the items in the Actions line is highlighted, press , and a separate help screen is displayed. For example: Pressing [H] or highlighting Help and pressing [Enter] displays Help for the...

  • Page 64: Rebooting The Switch

    Using the Menu Interface Rebooting the Switch Rebooting the Switch Rebooting the switch from the menu interface ■ Terminates all current sessions and performs a reset of the operating system Activates any menu interface configuration changes that require a reboot ■...

  • Page 65

    Using the Menu Interface Rebooting the Switch Rebooting To Activate Configuration Changes. Configuration changes for most parameters in the menu interface become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the .

  • Page 66: Menu Features List

    Using the Menu Interface Menu Features List Menu Features List Status and Counters • General System Information • Switch Management Address Information • Port Status • Port Counters • Address Table • Port Address Table Switch Configuration • System Information •...

  • Page 67: Where To Go From Here

    Using the Menu Interface Where To Go From Here Where To Go From Here This chapter provides an overview of the menu interface and how to use it. The following table indicates where to turn for detailed information on how to use the individual features available through the menu interface.

  • Page 68

    Using the Menu Interface Where To Go From Here 3-16...

  • Page 69

    Using the Command Line Interface (CLI) Contents Overview ........... . . 4-2 Accessing the CLI .

  • Page 70: Accessing The Cli, Overview, Using The Cli

    Using the Command Line Interface (CLI) Overview Overview The CLI is a text-based command interface for configuring and monitoring the switch. The CLI gives you access to the switch’s full set of commands while providing the same password protection that is used in the web browser interface and the menu interface.

  • Page 71: Privilege Levels At Logon

    In the above case, you will enter the CLI at the level corresponding to the password you provide (operator or manager). If no passwords are set when you log onto the CLI, you will enter at the Manager level. For example: ProCurve# _...

  • Page 72: Privilege Level Operation, Operator Privileges

    Using the CLI C a u t i o n ProCurve strongly recommends that you configure a Manager password. If a Manager password is not configured, then the Manager level is not password- protected, and anyone having in-band or out-of-band access to the switch may be able to reach the Manager level and compromise switch and network security.

  • Page 73: Manager Privileges

    Manager prompt. For example: Enter config at the Manager prompt. ProCurve# config ProCurve(config)#_ The Global Config prompt. Context Configuration level: Provides all Operator and Manager priv­ ■ ileges, and enables you to make configuration changes in a specific context, such as one or more ports or a VLAN.

  • Page 74

    Using the CLI Table 4-1. Privilege Level Hierarchy Privilege Example of Prompt and Permitted Operations Level Operator Privilege Operator Level ProCurve> show < command > View status and configuration information. setup ping < argument > Perform connectivity tests. link-test < argument >...

  • Page 75: How To Move Between Levels

    Using the Command Line Interface (CLI) Using the CLI How To Move Between Levels Change in Levels Example of Prompt, Command, and Result Operator level > enable ProCurve Password:_ Manager level enable After you enter , the Password prompt appears. After you enter the...

  • Page 76: Listing Commands And Command Options, Listing Commands Available At Any Privilege Level

    Using the Command Line Interface (CLI) Using the CLI For example, if you use the menu interface to configure an IP address of “X” for VLAN 1 and later use the CLI to configure a different IP address of “Y” for VLAN 1, then “Y”...

  • Page 77

    [Tab] (with no spaces allowed). For example, at the Global Configuration level, if you press [Tab] immediately after typing “t”, the CLI displays the available command options that begin with “t”. For example: ProCurve(config)# t [Tab] tacacs-server telnet-server time timesync...

  • Page 78: Listing Command Options

    CLI completes the current word (if you have typed enough of the word for the CLI to distinguish it from other possibilities), including hyphenated exten­ sions. For example: ProCurve(config)# port- [Tab] ProCurve(config)# port-security _ Pressing after a completed command word lists the further options for [Tab] that command.

  • Page 79: Displaying Cli "help", Displaying Cli "help

    Using the Command Line Interface (CLI) Using the CLI Displaying CLI “Help” CLI Help provides two types of context-sensitive information: ■ Command list with a brief summary of each command’s purpose Detailed information on how to use individual commands ■ Displaying Command-List Help.

  • Page 80: Configuration Commands And The Context Configuration Modes

    For example, trying to list the help for the interface command while at the global configuration level produces this result: ProCurve# speed-duplex help Invalid input: speed-duplex Configuration Commands and the Context...

  • Page 81

    Port or Trunk-Group Context . Includes port- or trunk-specific com­ mands that apply only to the selected port(s) or trunk group, plus the global configuration, Manager, and Operator commands. The prompt for this mode includes the identity of the selected port(s): ProCurve(config)# interface c3-c6 ProCurve(eth-C5-C8)# ProCurve(config)# interface trk1 ProCurve(eth-Trk1)#...

  • Page 82

    Using the Command Line Interface (CLI) Using the CLI In the port context, the first block of commands in the “?” listing show the context-specific commands that will affect only ports C3-C6. The remaining commands in the listing are Manager, Operator, and context commands.

  • Page 83

    VLAN ID of the selected VLAN. For example, if you had already configured a VLAN with an ID of 100 in the switch: ProCurve(config)# vlan 100 Command executed at configuration level to enter VLAN 100 context. ProCurve(vlan-100)# Resulting prompt showing VLAN 100 context.

  • Page 84: Cli Control And Editing

    Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing Keystrokes Function [Ctrl] [A] Jumps to the first character of the command line. or [<] Moves the cursor back one character. [Ctrl] [B] [Ctrl] [C] Terminates a task and displays the command prompt. [Ctrl] [D] Deletes the character at the cursor.

  • Page 85

    Using ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+) ....... 5-5 Tasks for Your First ProCurve Web Browser Interface Session .

  • Page 86

    Command Prompt or changing the Web Agent Enabled parameter setting to No (page 7-4). For information on operating system, browser, and Java versions for the switches covered in this guide, go to the ProCurve Networking web site at www.procurve.com and: Click on: Technical support...

  • Page 87: General Features

    Using the ProCurve Web Browser Interface General Features General Features The web browser interface includes these features: Switch Identity and Status: • General system data • Software version • Redundant Management Module software version • IP address • Status Overview •...

  • Page 88: Interface Session With The Switch

    Location or Address field instead of the IP address. Using DNS names typically improves browser performance. Contact your network adminis­ trator to enquire about DNS names associated with your ProCurve switch. Type the IP address (or DNS name) of the switch in the browser Location or Address (URL) field and press .

  • Page 89: Procurve Manager Plus (pcm+)

    Using ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+) ProCurve Manager and ProCurve Manager Plus are designed for installation on a network management workstation. For this reason, the system require­ ments are different from the system requirements for accessing the switch’s web browser interface from a non-management PC or workstation.

  • Page 90

    Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Switch First time install alert Figure 5-1. Example of Status Overview Screen...

  • Page 91: Tasks For Your First Procurve Web Browser Interface Session, Viewing The "first Time Install" Window

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Tasks for Your First ProCurve Web Browser Interface Session The first time you access the web browser interface, there are three tasks you should perform: ■...

  • Page 92: In The Browser Interface

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session This window is the launching point for the basic configuration you need to perform to set web browser interface passwords for maintaining security and a fault detection policy, which determines the types of messages that the Alert Log displays.

  • Page 93

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Figure 5-3. The Device Passwords Window To set the passwords: 1. Access the Device Passwords screen by one of the following methods: • If the Alert Log includes a “First Time Install” event entry, double click on this event, then, in the resulting display, click on the secure access to the device link.

  • Page 94: Entering A User Name And Password, Using A User Name, If You Lose The Password

    Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Entering a User Name and Password Figure 5-4. Example of the Password Prompt in the Web Browser Interface The manager and operator passwords are used to control access to all switch interfaces.

  • Page 95: Online Help For The Web Browser Interface

    Context-sensitive help is provided for the screen you are on. N o t e To access the online Help for the ProCurve web browser interface, you need either ProCurve Manager (version 1.5 or greater) installed on your network or an active connection to the World Wide Web. Otherwise, Online help for the web browser interface will not be available.

  • Page 96: Support/mgmt Urls Feature

    Support tab. The default is the URL for the ProCurve Networking home page. – The URL of a PCM (ProCurve Network Manager) workstation or other server for the online Help files for this web browser interface. (The default setting accesses the switch’s browser-based Help on the ProCurve World Wide...

  • Page 97: Support Url, Help And The Management Server Url

    As an alternative, you can replace the ProCurve URL with the URL for a local site used for logging reports on network performance or other support activ­...

  • Page 98: Using The Pcm Server For Switch Web Help

    Figure 5-7. How To Access Web Browser Interface Online Help Using the PCM Server for Switch Web Help For ProCurve devices that support the “Web Help” feature, you can use the PCM server to host the switch help files for devices that do not have HTTP access to the ProCurve Support Web site.

  • Page 99

    Using the ProCurve Web Browser Interface Support/Mgmt URLs Feature 3. Add an entry, or edit the existing entry in the Discovery portion of the global properties (globalprops.prp) in PCM to redirect the switches to the help files on the PCM server. For example:...

  • Page 100: Status Reporting Features, The Overview Window

    Using the ProCurve Web Browser Interface Status Reporting Features Status Reporting Features Browser elements covered in this section include: The Overview window (below) ■ ■ Port utilization and status (page 5-17) ■ The Alert log (page 5-20) The Status bar (page 5-22) ■...

  • Page 101: The Port Utilization And Status Displays, Port Utilization

    Using the ProCurve Web Browser Interface Status Reporting Features Policy Management and Configuration. PCM can perform network-wide policy management and configuration of your switch. The Management Server URL field (page 5-13) shows the URL for the management station performing that function. For more information, refer to the documentation provided with the PCM software.

  • Page 102

    Using the ProCurve Web Browser Interface Status Reporting Features % Error Pkts Rx: All error packets received by the port. (This indicator ■ is a reddish color on many systems.) Although errors received on a port are not propagated to the rest of the network, a consistently high number of errors on a specific port may indicate a problem on the device or network segment connected to the indicated port.

  • Page 103: Port Status

    Using the ProCurve Web Browser Interface Status Reporting Features Figure 5-11. Display of Numerical Values for the Bar Port Status Port Status Indicators Legend Figure 5-12. The Port Status Indicators and Legend The Port Status indicators show a symbol for each port that indicates the general status of the port.

  • Page 104: The Alert Log, Sorting The Alert Log Entries

    Using the ProCurve Web Browser Interface Status Reporting Features The Alert Log The web browser interface Alert Log, shown in the lower half of the screen, shows a list of network occurrences, or alerts, that were detected by the switch. Typical alerts are Broadcast Storm, indicating an excessive number of broadcasts received on a port, and Problem Cable, indicating a faulty cable.

  • Page 105: Alert Types And Detailed Views

    Using the ProCurve Web Browser Interface Status Reporting Features Alert Types and Detailed Views As of June, 2007, the web browser interface generates the following alert types: • Auto Partition • High collision or drop rate • Backup Transition • Loss of Link •...

  • Page 106: The Status Bar

    Using the ProCurve Web Browser Interface Status Reporting Features Figure 5-14. Example of Alert Log Detail View The Status Bar The Status Bar appears in the upper left corner of the web browser interface window. Figure 5-15 shows an expanded view of the status bar.

  • Page 107

    Using the ProCurve Web Browser Interface Status Reporting Features The Status bar includes four objects: ■ Status Indicator. Indicates, by icon, the severity of the most critical alert in the current display of the Alert Log. This indicator can be one of four shapes and colors, as shown below.

  • Page 108: Setting Fault Detection Policy

    Using the ProCurve Web Browser Interface Status Reporting Features Setting Fault Detection Policy One of the powerful features in the web browser interface is the Fault Detection facility. For your switch, this feature controls the types of alerts reported to the Alert Log based on their level of severity.

  • Page 109

    Never. Disables the Alert Log and transmission of alerts (traps) to the ■ management server (in cases where a network management tool such as ProCurve Manager is in use). Use this option when you don’t want to use the Alert Log. The Fault Detection Window also contains three Change Control Buttons: Apply Changes.

  • Page 110

    Using the ProCurve Web Browser Interface Status Reporting Features 5-26...

  • Page 111

    Switch Memory and Configuration Contents Overview ........... . . 6-3 Configuration File Management .

  • Page 112

    Switch Memory and Configuration Contents Changing or Overriding the Reboot Configuration Policy ..6-32 Managing Startup-Config Files in the Switch ....6-34 Renaming an Existing Startup-Config File .

  • Page 113: Configuration File Management, Overview

    Switch Memory and Configuration Overview Overview This chapter describes: ■ How switch memory manages configuration changes How the CLI implements configuration changes ■ ■ How the menu interface and web browser interface implement configu­ ration changes ■ How the switch provides software options through primary/secondary flash images How to use the switch’s primary and secondary flash options, including ■...

  • Page 114

    This allows you to test the change without making it “permanent”. When you are satisfied that the change is satisfactory, you can make it permanent by executing the command. For example, write memory suppose you use the following command to disable port 5: ProCurve(config)# interface ethernet 5 disable...

  • Page 115

    ProCurve(config)# write memory If you use the CLI to make a configuration change and then change from the CLI to the Menu interface without first using write memory to save the change to the startup-config file, then the switch prompts you to save the change.

  • Page 116: Using The Cli To Implement Configuration Changes

    Switch Memory and Configuration Using the CLI To Implement Configuration Changes Using the CLI To Implement Configuration Changes The CLI offers these capabilities: Access to the full set of switch configuration features ■ ■ The option of testing configuration changes before making them perma­ nent How To Use the CLI To View the Current Configuration Files.

  • Page 117

    ProCurve(config)# interface e a5 speed-duplex auto-10 After you are satisfied that the link is operating properly, you can save the change to the switch’s permanent configuration (the startup-config file) by...

  • Page 118

    For example: Disables port 1 in the running configuration, which causes port 1 to block all traffic. ProCurve(config)# interface e 1 disable ProCurve(config)# boot Device will be rebooted, do you want to continue [y/n]? y Press [Y] to continue the rebooting process.

  • Page 119

    Syntax: erase startup-config For example: ProCurve(config)# erase startup-config Configuration will be deleted and device rebooted, continue [y/n]? Figure 6-3. Example of erase startup-config Command Press to replace the current configuration with the factory default config­...

  • Page 120: Configuration Changes, Menu: Implementing Configuration Changes

    Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Using the Menu and Web Browser Interfaces To Implement Configuration Changes The menu and web browser interfaces offer these advantages: Quick, easy menu or window access to a subset of switch configuration ■...

  • Page 121: Rebooting From The Menu Interface

    Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes To save and implement the changes for all parameters in this screen, press the [Enter] key, then press [S] (for Save). To cancel all changes, press the [Enter] key, then press [C] (for Cancel) Figure 6-4.

  • Page 122

    Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Optional Reboot Switch Command Figure 6-5. The Reboot Switch Option in the Main Menu Rebooting To Activate Configuration Changes. Configuration changes for most parameters become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the Maximum VLANs to support...

  • Page 123: Web: Implementing Configuration Changes

    Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Asterisk indicates a configuration change that requires a reboot in order to take effect. Reminder to reboot the switch to activate configuration changes. Figure 6-6. Indication of a Configuration Change Requiring a Reboot Web: Implementing Configuration Changes You can use the web browser interface to simultaneously save and implement...

  • Page 124: Using Primary And Secondary Flash Image Options, Displaying The Current Flash Image Data

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options Using Primary and Secondary Flash Image Options The switches covered in this guide feature two flash memory locations for storing switch software image files: ■ Primary Flash: The default storage for a switch software image. ■...

  • Page 125

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options For example, if the switch is using a software version of K.12.XX stored in Primary flash, show version produces the following: ProCurve(config)# show version Image stamp: /su/code/build/info(s01) Dec 01 2006 10:50:26 K.12.XX...

  • Page 126: Switch Software Downloads

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options 1. In this example show version indicates the switch has version K.12.02 in primary flash. 2. After the boot system command, show version indicates that version K.12.01 is in secondary flash.

  • Page 127: Local Switch Software Replacement And Removal

    If you want to remove an unwanted software version from flash, ProCurve recommends that you do so by overwriting it with the same software version that you are using to operate the switch, or with another acceptable software version.

  • Page 128

    Figure 6-10. Example Indicating Two Different Software Versions in Primary and Secondary Flash Execute the copy command as follows: ProCurve(config)# copy flash flash primary Erasing the Contents of Primary or Secondary Flash. This command deletes the software image file from the specified flash location.

  • Page 129: Operating Notes About Booting, Rebooting The Switch

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options The prompt shows which flash location will be erased. Figure 6-11. Example of Erase Flash Prompt Type y at the prompt to complete the flash erase. Use show flash to verify erasure of the selected software flash image The “...

  • Page 130: Boot And Reload Command Comparison

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options tures. For example, suppose you have just downloaded a software upgrade that includes new features that are not supported in the software you used to create the current startup-config file. In this case, the software simply assigns factory-default values to the parameters controlling the new features.

  • Page 131: Setting The Default Flash

    You can specify the default flash to boot from on the next boot by entering the boot set-default flash command. Syntax: boot set-default flash [primary |secondary] Upon booting, set the default flash for the next boot to primary or secondary. ProCurve(config)# boot set-default flash secondary ProCurve(config)# show flash Image Size(Bytes) Date Version...

  • Page 132: Booting From The Default Flash (primary Or Secondary)

    You can optionally select a configuration file from which to boot. ProCurve(config)# boot This management module will now reboot from primary image and will become the standby module! You will need to use the other management module's console interface.

  • Page 133: Booting From A Specified Flash

    : Primary The next boot is from primary Set to secondary flash ProCurve(config)# boot set-default flash secondary This command changes the location of the default boot. This command will change the default flash image to boot from secondary. Hereafter, 'reload' 'boot' commands will boot from secondary.

  • Page 134: Using Reload

    For example, if you change the number of VLANs the switch supports, you must reboot the switch in order to implement the change. The reload command prompts you to save or discard the configuration changes. ProCurve(config)# max-vlans 12 Command will take effect after saving configuration and reboot. ProCurve(config)# reload This command will cause a switchover to the other management module which may not be running the same software image and configurations.

  • Page 135

    To schedule a reload for the same time the following day: ProCurve# reload after 01:00:00 To schedule a reload for the same day at 12:05: ■ ProCurve# reload at 12:05 To schedule a reload on some future date: ■ ProCurve# reload at 12:05 01/01/2008 6-25...

  • Page 136

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options ProCurve(config)# reload after 04:14:00 Reload scheduled in 4 days, 14 hours, 0 minutes This command will cause a switchover at the scheduled time to the other management module which may not be running the same software image and configurations.

  • Page 137: Multiple Configuration Files

    Switch Memory and Configuration Multiple Configuration Files Multiple Configuration Files Action Page Listing and Displaying Startup-Config Files 6-31 Changing or Overriding the Reboot Configuration Policy 6-32 Managing Startup-Config Files Renaming Startup-Config Files 6-35 Copying Startup-Config Files 6-35 Erasing Startup-Config Files 6-36 Effect of Using the Clear + Reset Buttons 6-38...

  • Page 138: General Operation

    Switch Memory and Configuration Multiple Configuration Files Transitions from one software release to another can be performed while ■ maintaining a separate configuration for the different software release versions. ■ By setting a reboot policy using a known good configuration and then overriding the policy on a per-instance basis, you can test a new configu­...

  • Page 139

    Switch Memory and Configuration Multiple Configuration Files 2. Use the CLI to make configuration changes in the running-config file, and then execute write mem. The result is that the startup-config file used to reboot the switch is modified by the actions in step 2. Boot Command Primary Boot Path Active Startup-Config File:...

  • Page 140: Transitioning To Multiple Configuration Files

    Switch Memory and Configuration Multiple Configuration Files Transitioning to Multiple Configuration Files At the first reboot with a software release supporting multiple configuration, the switch: Assigns the filename oldConfig to the existing startup-config file (which is ■ stored in memory slot 1). Saves a copy of the existing startup-config file in memory slot 2 with the ■...

  • Page 141: Listing And Displaying Startup-config Files, Configuration Enabled

    Switch Memory and Configuration Multiple Configuration Files Listing and Displaying Startup-Config Files Command Page show config files Below show config < filename > 6-32 Viewing the Startup-Config File Status with Multiple Configuration Enabled Rebooting the switch automatically enables the multiple configuration fea­ ture.

  • Page 142: Displaying The Content Of A Specific Startup-config File, Changing Or Overriding The Reboot Configuration Policy

    Switch Memory and Configuration Multiple Configuration Files Displaying the Content of A Specific Startup-Config File With Multiple Configuration enabled, the switch can have up to three startup­ config files. Because the show config command always displays the content of the currently active startup-config file, the command extension shown below is needed to allow viewing the contents of any other startup-config files stored in the switch.

  • Page 143

    Switch Memory and Configuration Multiple Configuration Files Syntax: startup-default [ primary | secondary ] config < filename > Specifies a boot configuration policy option: [ primary | secondary ] config < filename >: Designates the startup-config file to use in a reboot with the software version stored in a specific flash location.

  • Page 144: Managing Startup-config Files In The Switch

    Switch Memory and Configuration Multiple Configuration Files ProCurve(config)# startup-default pri config minconfig ProCurve(config) # startup-default sec config newconfig. Overriding the Default Reboot Configuration Policy. This command provides a method for manually rebooting with a specific startup-config file other than the file specified in the default reboot configuration policy.

  • Page 145: Renaming An Existing Startup-config File, Creating A New Startup-config File

    Switch Memory and Configuration Multiple Configuration Files Renaming an Existing Startup-Config File Syntax: rename config < current-filename > < newname-str > This command changes the name of an existing startup­ config file. A file name can include up to 63, alphanumeric characters.

  • Page 146: Erasing A Startup-config File

    Switch Memory and Configuration Multiple Configuration Files For example, suppose both primary and secondary flash memory contain software release “A” and use a startup-config file named config1: Figure 6-22. Example of Using One Startup-Config File for Both Primary and Secondary Flash If you wanted to experiment with configuration changes to the software version in secondary flash, you could create and assign a separate startup­...

  • Page 147

    Switch Memory and Configuration Multiple Configuration Files In a redundant management system, this command erases the config or startup config file on both the active and the standby management modules as long as redundancy has not been disabled. If the standby management module is not in standby mode or has failed selftest, the config or startup config file is not erased.

  • Page 148: Switch To Its Default Configuration

    Switch Memory and Configuration Multiple Configuration Files Figure 6-24 illustrates using erase config < filename > to remove a startup-config file. Figure 6-24. Example of Erasing a Non-Active Startup-Config File With the same memory configuration as is shown in the bottom portion of figure 6-24, executing erase startup-config boots the switch from primary flash, resulting in a new file named minconfig in the same memory slot.

  • Page 149: Transferring Startup-config Files To Or From A Remote Server

    “TFTP: Copying a Configuration File to a Remote Host” on page A-26. For example, the following command copies a startup-config file named test­ 01 from the switch to a (UNIX) TFTP server at IP address 10.10.28.14: ProCurve(config)# copy config test-01 tftp 10.10.28.14 test-01.txt unix 6-39...

  • Page 150: Tftp: Copying A Configuration File From A Remote Host, Connected Host

    For example, the following command copies a startup-config file named test­ 01.txt from a (UNIX) TFTP server at IP address 10.10.28.14 to the first empty memory slot in the switch: ProCurve(config)# copy tftp config test-01 10.10.28.14 test-01.txt unix Xmodem: Copying a Configuration File to a Serially...

  • Page 151: Connected Host, Operating Notes For Multiple Configuration Files

    Switch Memory and Configuration Multiple Configuration Files Xmodem: Copying a Configuration from a Serially Connected Host Syntax: copy xmodem config < dest-file > < pc | unix > This is an addition to the copy xmodem command options. Use this command to download a configuration file from an Xmodem host to the switch.

  • Page 152

    Switch Memory and Configuration Multiple Configuration Files 6-42...

  • Page 153

    Interface Access and System Information Contents Overview ........... . . 7-2 Interface Access: Console/Serial Link, Web, and Inbound Telnet .

  • Page 154

    Chapter 3, “Using the Menu Interface” ■ Chapter 4, “Using the Command Line Interface (CLI)” Chapter 5, “Using the ProCurve Web Browser Interface” ■ Why Configure Interface Access and System Information? The inter­ face access features in the switch operate properly by default. However, you can modify or disable access features to suit your particular needs.

  • Page 155: Interface Access: Console/serial Link, Web, And Inbound Telnet

    Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access Features Feature Default Menu Inactivity Time 0 Minutes page 7-4 page 7-6 — (disabled) Inbound Telnet Access Enabled page 7-4 page 7-5...

  • Page 156: Menu: Modifying The Interface Access

    Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Menu: Modifying the Interface Access The menu interface enables you to modify these parameters: ■ Inactivity Timeout Inbound Telnet Enabled ■ Web Agent Enabled ■ To Access the Interface Access Parameters: From the Main Menu, Select...

  • Page 157: Cli: Modifying The Interface Access

    Console Control Options Figure 7-2. Listing of Show Console Command Reconfigure Inbound Telnet Access. In the default configuration, inbound Telnet access is enabled. Syntax: [no] telnet-server To disable inbound Telnet access: ProCurve(config)# no telnet-server To re-enable inbound Telnet access: ProCurve(config)# telnet-server...

  • Page 158

    Telnet to another device that has an IP address. Syntax: telnet < ip-address > For example: ProCurve # telnet 10.28.27.204 Reconfigure Web Browser Access. In the default configuration, web browser access is enabled. Syntax: [no] web-management...

  • Page 159

    Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet N o t e If you change the Baud Rate or Flow Control settings for the switch, you should make the corresponding changes in your console access device. Oth­ erwise, you may lose connectivity between the switch and your terminal emulator due to differences between the terminal and switch settings for these two parameters.

  • Page 160: Sessions

    Interface Access and System Information Denying Interface Access by Terminating Remote Management Sessions You can also execute a series of console commands and then save the configuration and boot the switch. For example: Configure individual parameters. Save the changes. Boot the switch.

  • Page 161

    Interface Access and System Information Denying Interface Access by Terminating Remote Management Sessions Session 2 is an active Telnet session. The kill 2 command terminates session 2. Figure 7-5. Example of Using the “Kill” Command To Terminate a Remote Session...

  • Page 162: System Information

    Configuring system information is optional, but recommended. System Name: Using a unique name helps you to identify individual devices where you are using an SNMP network management tool such as ProCurve Manager. System Contact and Location: This information is helpful for identifying the person administratively responsible for the switch and for identifying the locations of individual switches.

  • Page 163: Menu: Viewing And Configuring System Information

    Daylight Time Rule: Specifies the daylight savings time rule to apply for your location. The default is None. (For more on this topic, refer to Appendix D, “Daylight Savings Time on ProCurve Switches.) Time: Used in the CLI to specify the time of day, the date, and other system parameters.

  • Page 164: Cli: Viewing And Configuring System Information

    Interface Access and System Information System Information 2. Press (for Edit). The cursor moves to the System Name field. 3. Refer to the online help provided with this screen for further information on configuration options for these features. 4. When you have finished making changes to the above parameters, press (for Save) and return to the Main Menu.

  • Page 165

    Interface Access and System Information System Information Configure a System Name, Contact, and Location for the Switch. To help distinguish one switch from another, configure a plain-language identity for the switch. Syntax: hostname < name-string > snmp-server [contact <system-contact>] [location <system-location>] Each field allows up to 255 characters.

  • Page 166

    Interface Access and System Information System Information MENU ProCurve Switch 5406zl 24-Oct-2006 12:41:47 ===========================- TELNET - MANAGER MODE =========================== Switch Configuration - System Information System Name : Blue Switch System Contact : Bill_Smith System Location : + characters of the location are missing. It’s too long.

  • Page 167

    Syntax: mac-age-time < 60-999960 > (seconds) For example, to configure the age time to seven minutes: ProCurve(config)# mac-age-time 420 Configure the Time Zone and Daylight Time Rule. These commands: Set the time zone you want to use ■...

  • Page 168: Web: Configuring System Parameters

    Syntax: time [ hh:mm [ :ss ]] [ mm/dd/ [ yy ] yy ] For example, to set the switch to 9:45 a.m. on November 17, 2002: ProCurve(config)# time 9:45 11/17/02 N o t e Executing reload or boot resets the time and date to their default startup values.

  • Page 169

    Configuring IP Addressing Contents Overview ........... . . 8-2 IP Configuration .

  • Page 170: Ip Configuration, Overview

    Configuring IP Addressing Overview Overview You can configure IP addressing through all of the switch’s interfaces. You can also: ■ Easily edit a switch configuration file to allow downloading the file to multiple switches without overwriting each switch’s unique gateway and VLAN 1 IP addressing.

  • Page 171: Just Want A Quick Start With Ip Addressing?

    If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, ProCurve recommends that you use the Switch Setup screen to quickly configure IP addressing. To do so, do one of the following: Enter setup at the CLI Manager level prompt.

  • Page 172: Ip Addressing With Multiple Vlans

    Configuring IP Addressing IP Configuration For more on using the Switch Setup screen, refer to the Installation and Getting Started Guide you received with the switch. IP Addressing with Multiple VLANs In the factory-default configuration, the switch has one, permanent default VLAN (named DEFAULT_VLAN) that includes all ports on the switch.

  • Page 173: Menu: Configuring Ip Address, Gateway, And Time-to-live (ttl)

    Configuring IP Addressing IP Configuration Menu: Configuring IP Address, Gateway, and Time-To- Live (TTL) Do one of the following: To manually enter an IP address, subnet mask, set the IP Config parameter ■ to Manual and then manually enter the IP address and subnet mask values you want for the switch.

  • Page 174: Cli: Configuring Ip Address, Gateway, And Time-to-live (ttl)

    Configuring IP Addressing IP Configuration 3. If the switch needs to access a router, for example, to reach off-subnet destinations, select the Default Gateway field and enter the IP address of the gateway router. 4. If you need to change the packet Time-To-Live (TTL) setting, select Default TTL and type in a value between 2 and 255.

  • Page 175

    Configuring IP Addressing IP Configuration (You can also use the show management command to display the IP addressing and time server IP addressing configured on the switch. Refer to figure 9-6 on page 9-10.) For example, in the factory-default configuration (no IP addressing assigned), the switch’s IP addressing appears as: The Default IP Configuration...

  • Page 176

    ProCurve(config)# vlan 1 ip address 10.28.227.103/24 This example deletes an IP address configured in VLAN 1. ProCurve (config) no vlan 1 ip address 10.28.227.103/24 Configure Multiple IP Addresses on a VLAN (Multinetting). The fol­ lowing is supported: Up to 2000 IP addresses for the switch ■...

  • Page 177

    Configuring IP Addressing IP Configuration 1. Go to VLAN 20. 2. Configure two additional IP addresses on VLAN 3. Display IP addressing. Figure 8-4. Example of Configuring and Displaying a Multinetted VLAN If you then wanted to multinet the default VLAN, you would do the following: Figure 8-5.

  • Page 178: Web: Configuring Ip Addressing

    Syntax: ip default-gateway < ip-address > For example: ProCurve(config)# ip default-gateway 10.28.227.115 Note The switch uses the IP default gateway only while operating as a Layer 2 device. While routing is enabled on the switch, the IP default gateway is not used.

  • Page 179: How Ip Addressing Affects Switch Operation

    Console RS-232 port. You can use direct-connect console access to take advantage of features that do not depend on IP addressing. However, to realize the full capabilities ProCurve proactive networking offers through the switch, configure the switch with an IP address and subnet mask compatible with your network.

  • Page 180: Dhcp/bootp Operation

    Configuring IP Addressing IP Configuration DHCP/Bootp Operation Overview. DHCP/Bootp is used to provide configuration data from a DHCP or Bootp server to the switch. This data can be the IP address, subnet mask, default gateway, Timep Server address, and TFTP server address. If a TFTP server address is provided, this allows the switch to TFTP a previously saved configuration file from the TFTP server to the switch.

  • Page 181

    Configuring IP Addressing IP Configuration DHCP Operation. A significant difference between a DHCP configuration and a Bootp configuration is that an IP address assignment from a DHCP server is automatic. Depending on how the DHCP server is configured, the switch may receive an IP address that is temporarily leased. Periodically the switch may be required to renew its lease of the IP configuration.

  • Page 182: Network Preparations For Configuring Dhcp/bootp

    Configuring IP Addressing IP Configuration gw=10.66.77.1:\ lg=10.22.33.44:\ T144=”switch.cfg”:\ vm=rfc1048 where: 8212switch is a user-defined symbolic name to help you find the correct section of the bootptab file. If you have multiple switches that will be using Bootp to get their IP configuration, you should use a unique symbolic name for each switch.

  • Page 183: Loopback Interfaces, Introduction

    Configuring IP Addressing Loopback Interfaces N o t e Designating a primary VLAN other than the default VLAN affects the switch’s use of information received via DHCP/Bootp. For more on this topic, refer to the chapter describing VLANs in the Advanced Traffic Management Guide for your switch.

  • Page 184: Configuring A Loopback Interface

    Configuring IP Addressing Loopback Interfaces You can use a loopback interface to establish a Telnet session, ping the ■ switch, and access the switch through SNMP, SSH, and HTTP (web interface). ■ A loopback IP address can be used by routing protocols. For example, you can configure the loopback IP address as the router ID used to identify the switch in an OSPF area.

  • Page 185

    Configuring IP Addressing Loopback Interfaces ProCurve(config)# interface loopback 1 ProCurve (lo1)# ip address 10.1.1.1 Figure 8-6. Example of a Loopback Interface Configuration N o t e s ■ You can configure a loopback interface only from the CLI; you cannot configure a loopback interface from the web management or Menu inter­...

  • Page 186: Displaying Loopback Interface Configurations

    (TTL) and ARP age-out values, and VLAN IP configura­ tions. The following example displays the IP addresses configured for two user-defined loopback interfaces (lo1 and lo2). ProCurve> show ip Internet (IP) Service IP Routing : Enabled Default TTL : 64...

  • Page 187

    IP address, enter the show ip route command. The following example displays the configuration of the default loopback interface (lo0) and one user-defined loopback interface (lo2). ProCurve> show ip route IP Route Entries IP Routing : Enabled Default TTL : 64...

  • Page 188: Ip Preserve: Retaining Vlan-1 Ip Addressing Across Configuration File Downloads, Operating Rules For Ip Preserve

    Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads For the switches covered in this guide, IP Preserve enables you to copy a configuration file to multiple switches while retaining the individual IP address and subnet mask on VLAN 1 in each switch, and the Gateway IP address assigned to the switch.

  • Page 189: Enabling Ip Preserve

    Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads Enabling IP Preserve To set up IP Preserve, enter the ip preserve statement at the end of a configu­ ration file. (Note that you do not execute IP Preserve by entering a command from the CLI).

  • Page 190

    Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads ProCurve(config)# show run Running configuration: ; J9091A Configuration Editor; Created on release #K.12.30 hostname "ProCurve" module 1 type J8702A module 2 type J8705A trunk A11-A12 Trk1 Trunk ip default-gateway 10.10.10.115...

  • Page 191

    Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads ProCurve# show run Running configuration: ; J9091A Configuration Editor; Created on release #K.12.30 hostname "ProCurve" module 1 type J8702A module 2 type J8705A trunk A11-A12 Trk1 Trunk Because switch 4 (figure 8-10) ip default-gateway 10.10.10.115...

  • Page 192

    Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads 8-24...

  • Page 193

    Time Protocols Contents Overview ........... . . 9-2 TimeP Time Synchronization .

  • Page 194: Timep Time Synchronization, Overview, Sntp Time Synchronization

    Time Protocols Overview Overview This chapter describes: ■ SNTP Time Protocol Operation Timep Time Protocol Operation ■ Using time synchronization ensures a uniform time among interoperating devices. This helps you to manage and troubleshoot switch operation by attaching meaningful time data to event and error messages. The switch offers TimeP and SNTP (Simple Network Time Protocol) and a timesync command for changing the time protocol selection (or turning off time protocol operation).

  • Page 195: Protocol Operation, General Steps For Running A Time Protocol On The Switch:

    Time Protocols Selecting a Time Synchronization Protocol or Turning Off Time Protocol Operation ular server, it ignores time broadcasts from other SNTP servers unless the configurable Poll Interval expires three consecutive times without an update received from the first-detected server. N o t e To use Broadcast mode, the switch and the SNTP server must be in the same subnet.

  • Page 196: Disabling Time Synchronization, Sntp: Viewing, Selecting, And Configuring

    Time Protocols SNTP: Viewing, Selecting, and Configuring Disabling Time Synchronization You can use either of the following methods to disable time synchronization without changing the Timep or SNTP configuration: In the System Information screen of the Menu interface, set the Time ■...

  • Page 197: Menu: Viewing And Configuring Sntp

    Time Protocols SNTP: Viewing, Selecting, and Configuring Table 9-1. SNTP Parameters SNTP Parameter Operation Time Sync Used to select either SNTP, TIMEP, or None as the time synchronization method. Method SNTP Mode Disabled The Default. SNTP does not operate, even if specified by the Menu interface Time Sync Method parameter or the CLI timesync command.

  • Page 198

    Time Protocols SNTP: Viewing, Selecting, and Configuring Time Protocol Selection Parameter – TIMEP – SNTP – None Figure 9-1. The System Information Screen (Default Values) 2. Press [E] (for Edit). The cursor moves to the System Name field. 3. Use [v] to move the cursor to the Time Sync Method field. 4. Use the Space bar to select SNTP, then press [v] once to display and move to the SNTP Mode field.

  • Page 199

    SNTP server version running on the device you specified in the preceding step (step ii). If you are unsure which version to use, ProCurve recommends leaving this value at the default setting of and testing SNTP operation to determine whether any change is necessary.

  • Page 200: Cli: Viewing And Configuring Sntp, Viewing The Current Sntp Configuration

    Time Protocols SNTP: Viewing, Selecting, and Configuring CLI: Viewing and Configuring SNTP CLI Commands Described in this Section SNTP Command Page show sntp [no] timesync 9-10 and ff., 9-13 sntp broadcast 9-10 sntp unicast 9-11 sntp server 9-11 and ff. Protocol Version 9-13 poll-interval...

  • Page 201

    Time Protocols SNTP: Viewing, Selecting, and Configuring Figure 9-4. Example of SNTP Configuration When SNTP Is the Selected Time Synchronization Method In the factory-default configuration (where TimeP is the selected time synchronization method), show sntp still lists the SNTP configuration even though it is not currently in use.

  • Page 202: Configuring (enabling Or Disabling) The Sntp Mode

    Time Protocols SNTP: Viewing, Selecting, and Configuring Figure 9-6. Example of Display Showing IP Addressing for All Configured Time Servers and VLANs Configuring (Enabling or Disabling) the SNTP Mode Enabling the SNTP mode means to configure it for either broadcast or unicast mode.

  • Page 203

    Time Protocols SNTP: Viewing, Selecting, and Configuring Syntax: sntp broadcast Configures broadcast as the SNTP mode. For example, suppose: ■ Time synchronization is in the factory-default configuration (TimeP is the currently selected time synchronization method). You want to: ■ 1. View the current time synchronization. 2.

  • Page 204

    ProCurve(config)# timesync sntp Selects SNTP. ProCurve(config)# sntp unicast Activates SNTP in Unicast mode. ProCurve(config)# sntp server 10.28.227.141 Specifies the SNTP server and accepts the current SNTP server version (default: 3). In this example, the Poll Interval and the Protocol Version appear at their default settings.

  • Page 205

    720 seconds. (This parameter is separate from the poll inter­ val parameter used for Timep operation.) For example, to change the poll interval to 300 seconds: ProCurve(config)# sntp poll-interval 300 Disabling Time Synchronization Without Changing the SNTP Configuration. The recommended method for disabling time synchroniza­...

  • Page 206

    Time Protocols SNTP: Viewing, Selecting, and Configuring Figure 9-10. Example of SNTP with Time Sychronization Disabled Disabling the SNTP Mode. If you want to prevent SNTP from being used even if selected by timesync (or the Menu interface’s Time Sync Method param­ eter), configure the SNTP mode as disabled.

  • Page 207: Timep: Viewing, Selecting, And Configuring

    Time Protocols TimeP: Viewing, Selecting, and Configuring TimeP: Viewing, Selecting, and Configuring TimeP Feature Default Menu view the Timep time synchronization configuration page 9-16 page 9-18 — select Timep as the time synchronization method TIMEP page 9-14 pages 9-20 ff. —...

  • Page 208: Menu: Viewing And Configuring Timep

    Time Protocols TimeP: Viewing, Selecting, and Configuring Menu: Viewing and Configuring TimeP To View, Enable, and Modify the TimeP Protocol: 1. From the Main Menu, select: 2. Switch Configuration... 1. System Information Time Protocol Selection Parameter – TIMEP (the default) –...

  • Page 209

    Time Protocols TimeP: Viewing, Selecting, and Configuring Use the Space bar to select the Manual mode. • [>] i. Press to move the cursor to the Server Address field. ii. Enter the IP address of the TimeP server you want the switch to use for time synchronization.

  • Page 210: Cli: Viewing And Configuring Timep, Viewing The Current Timep Configuration

    Time Protocols TimeP: Viewing, Selecting, and Configuring CLI: Viewing and Configuring TimeP CLI Commands Described in this Section Command Page show timep 9-18 [no] timesync 9-20 ff., 9-23 ip timep dhcp 9-20 manual 9-21 server <ip-addr> 9-21 interval 9-22 no ip timep 9-23 This section describes how to use the CLI to view, enable, and configure TimeP parameters.

  • Page 211

    Time Protocols TimeP: Viewing, Selecting, and Configuring If SNTP is the selected time synchronization method, still lists the show timep TimeP configuration even though it is not currently in use: Even though, in this example, SNTP is the current time synchronization method, the switch maintains the TimeP configuration.

  • Page 212: Configuring (enabling Or Disabling) The Timep Mode

    Time Protocols TimeP: Viewing, Selecting, and Configuring Configuring (Enabling or Disabling) the TimeP Mode Enabling the TimeP mode means to configure it for either broadcast or unicast mode. Remember that to run TimeP as the switch’s time synchronization protocol, you must also select TimeP as the time synchronization method by using the CLI timesync command (or the Menu interface Time Sync Method parameter).

  • Page 213

    For example, to select TimeP and configure it for manual operation using a TimeP server address of 10.28.227.141 and the default poll interval (720 minutes, assuming the TimeP poll interval is already set to the default): ProCurve(config)# timesync timep Selects TimeP. ProCurve(config)# ip timep manual 10.28.227.141 Activates TimeP in Manual mode. 9-21...

  • Page 214

    1 to 9999 minutes. (This parameter is separate from the poll interval parameter used for SNTP operation.) Syntax: ip timep < dhcp | manual > interval < 1 - 9999 > For example, to change the poll interval to 60 minutes: ProCurve(config)# ip timep interval 60 9-22...

  • Page 215

    TimeP mode, and the factory-default polling DHCP interval. You would halt time synchronization with this command: ProCurve(config)# no timesync If you then viewed the TimeP configuration, you would see the following: Figure 9-18. Example of TimeP with Time Sychronization Disabled Disabling the TimeP Mode.

  • Page 216: Sntp Unicast Time Polling With Multiple Sntp Servers, Address Prioritization

    Time Protocols SNTP Unicast Time Polling with Multiple SNTP Servers SNTP Unicast Time Polling with Multiple SNTP Servers When running SNTP unicast time polling as the time synchronization method, the switch requests a time update from the server you configured with either the Server Address parameter in the menu interface, or the primary server in a list of up to three SNTP servers configured using the CLI.

  • Page 217: Displaying All Sntp Server Addresses Configured On The Switch, Adding And Deleting Sntp Server Addresses

    Time Protocols SNTP Unicast Time Polling with Multiple SNTP Servers Displaying All SNTP Server Addresses Configured on the Switch The System Information screen in the menu interface displays only one SNTP server address, even if the switch is configured for two or three servers. The CLI show management command displays all configured SNTP servers on the switch.

  • Page 218

    (Refer to “Address Prioritization” on page 9-24.) Syntax: no sntp server < ip-addr > For example, to delete the primary address in the above example (and automatically convert the secondary address to primary): ProCurve(config)# no sntp server 10.28.227.141 9-26...

  • Page 219: Configured, Sntp Messages In The Event Log

    Time Protocols SNTP Messages in the Event Log Menu: Operation with Multiple SNTP Server Addresses Configured When you use the Menu interface to configure an SNTP server IP address, the new address writes over the current primary address, if one is configured. If there are multiple addresses configured, the switch re-orders the addresses according to the criteria described under “Address Prioritization”...

  • Page 220

    Time Protocols SNTP Messages in the Event Log 9-28...

  • Page 221

    Configuring a Broadcast Limit on the Switch ....10-14 Configuring ProCurve Auto-MDIX ......10-15 Web: Viewing Port Status and Configuring Port Parameters .

  • Page 222: Viewing Port Status And Configuring Port Parameters, Overview

    10-6 page 10-11 page 10-18 10-1 on pages 10-3 thru 10-4 configuring ProCurve auto-mdix page 9-11 Note On Connecting If the switch either fails to show a link between an installed transceiver and Transceivers to another device, or demonstrates errors or other unexpected behavior on the...

  • Page 223

    • Auto-10: Allows the port to negotiate between half-duplex (HDx) and full-duplex (FDx) while keeping speed at 10 Mbps. Also negotiates flow control (enabled or disabled). ProCurve recommends Auto­ 10 for links between 10/100 auto-sensing ports connected with Cat 3 cabling. (Cat 5 cabling is required for 100 Mbps links.).

  • Page 224

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Status or Description Parameter — Continued From Previous Page — Gigabit Fiber-Optic Ports (Gigabit-SX, Gigabit-LX, and Gigabit-LH): • 1000FDx: 1000 Mbps (1 Gbps), Full Duplex only • Auto (default): The port operates at 1000FDx and auto-negotiates flow control with the device connected to the port.

  • Page 225: Menu: Port Configuration

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Menu: Port Configuration From the menu interface, you can view and change the port configuration. Using the Menu To View Port Configuration. The menu interface dis­ plays the configuration for ports and (if configured) any trunk groups. From the Main Menu, select: 1.

  • Page 226

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Using the Menu To Configure Ports. You can configure and view the port settings by using the menu. N o t e The menu interface uses the same screen for configuring both individual ports and port trunk groups.

  • Page 227: Cli: Viewing Port Status And Configuring Port Parameters, Viewing Port Status And Configuration

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters CLI: Viewing Port Status and Configuring Port Parameters From the CLI, you can configure and view all port parameter settings and view all port status indicators. Port Status and Configuration Commands show interfaces brief page 10-8 show interfaces config...

  • Page 228

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)# show interfaces brief Status and Counters - Port Status | Intrusion Flow Bcast Port Type | Alert Enabled Status Mode Mode Ctrl Limit ----- --------- + --------- ------- ------ ----------...

  • Page 229: Viewing Port Utilization Statistics, Viewing Transceiver Status

    Viewing Port Utilization Statistics Use the show interface port-utilization command to view a real-time rate display for all ports on the switch. The following shows a sample output from this command. ProCurve(config)# show interfaces port-utilization Status and Counters - Port Utilization Port Mode...

  • Page 230

    • Part number—Allows you to determine the manufacturer for a spec­ ified transceiver and revision number. For a non-ProCurve installed transceiver (see line 23 Figure 10-6), no ■ transceiver type, product number, or part information is displayed. In the Serial Number field, non-operational is displayed instead of a serial num­...

  • Page 231: Enabling Or Disabling Ports And Configuring Port Mode

    • Transceiver type not supported in this port. • Transceiver type not supported in this software version. • Not a ProCurve Transceiver. Please go to: www.hp.com/rnd/device_help/2_inform for more info. Enabling or Disabling Ports and Configuring Port Mode You can configure one or more of the following port parameters. Refer to table 10-1 on pages 10-3 through 10-4.

  • Page 232: Enabling Or Disabling Flow Control

    ProCurve(config)# int c8 enable These commands enable and configure port C8 from the config level: ProCurve(config)# int c8 speed-duplex 100-full ProCurve(config)# int c8 flow-control These commands select the port C8 ProCurve(config)# int c8 context level and then apply the...

  • Page 233

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Assuming that flow control is currently disabled on the switch, you would use these commands: Enables per-port flow control for ports A1 - A6. Figure 10-8. Example of Configuring Flow Control for a Series of Ports Disables per-port flow control on ports A5 and A6.

  • Page 234: Configuring A Broadcast Limit On The Switch

    Broadcast-Limit on switches covered in this guide is configured on a per-port basis. You must be at the port context level for this command to work, for example: ProCurve(config)#int B1 ProCurve(int B1)# broadcast-limit 1 Broadcast-Limit. Syntax: broadcast-limit <0-99> Enables or disables broadcast limiting for outbound broadcasts on a selected port on the switch.

  • Page 235: Configuring Procurve Auto-mdix

    ProCurve Auto-MDIX was developed for auto-negotiating devices, and was shared with the IEEE for the development of the IEEE 802.3ab standard. ProCurve Auto-MDIX and the IEEE 802.3ab Auto MDI/MID-X feature are completely compatible. Additionally, ProCurve Auto-MDIX supports opera­ tion in forced speed and duplex modes.

  • Page 236

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters For more information on MDI-X, refer to the appendix titled “Switch Ports and Network Cables” in the Installation and Getting Started Guide for your switch. Manual Override. If you require control over the MDI/MDI-X feature you can set the switch to either of two non-default modes: ■...

  • Page 237

    Port Status and Configuration Viewing Port Status and Configuring Port Parameters Syntax: show interfaces brief Where a port is linked to another device, this command lists the MDI mode the port is currently using. In the case of ports configured for Auto (auto-mdix), the MDI mode appears as either MDI or MDIX, depending upon which option the port has negotiated with the device on the other end of the link.

  • Page 238: Web: Viewing Port Status And Configuring Port Parameters, Using Friendly (optional) Port Names

    Port Status and Configuration Using Friendly (Optional) Port Names Web: Viewing Port Status and Configuring Port Parameters In the web browser interface: 1. Click on the Configuration tab. 2. Click on [Port Configuration]. 3. Select the ports you want to modify and click on [Modify Selected Ports]. 4. After you make the desired changes, click on [Apply Settings].

  • Page 239: Configuring Friendly Port Names

    Port Status and Configuration Using Friendly (Optional) Port Names The friendly port names you configure appear in the output of the show ■ name [ port-list ], show config, and show interface < port-number > commands. They do not appear in the output of other show commands or in Menu interface screens.

  • Page 240: Displaying Friendly Port Names With Other Port Data

    Port Status and Configuration Using Friendly (Optional) Port Names Configuring the Same Name for Multiple Ports. Suppose that you want to use ports A5 through A8 as a trunked link to a server used by a drafting group. In this case you might configure ports A5 through A8 with the name “Draft-Server:Trunk”.

  • Page 241

    Port Status and Configuration Using Friendly (Optional) Port Names Syntax: show name [ port-list ] Lists the friendly port name with its corresponding port number and port type. The show name command without a port list shows this data for all ports on the switch. For example: Ports Without “Friendly”...

  • Page 242

    Port Status and Configuration Using Friendly (Optional) Port Names Syntax: show interface < port-number > Includes the friendly port name with the port’s traffic statistics listing. For example, if you configure port A1 with the name “O’Connor_10.25.101.43”, the show interface output for this port appears similar to the following: Friendly Port Name Figure 10-17.

  • Page 243

    Port Status and Configuration Using Friendly (Optional) Port Names For example, if you configure port A1 with a friendly port name: This command sequence saves the friendly port name for port A1 in the startup­ config file. The name entered for port A2 is not saved because it was executed after write memory.

  • Page 244: Uni-directional Link Detection (udld), Uni-directional Link Detection (udld), Uni-directional Link Detection (udld)

    When UDLD is enabled on the trunk ports on each ProCurve switch, the switches detect the failed link, block the ports connected to the failed link, and use the remaining ports in the trunk group to forward the traffic.

  • Page 245: Configuring Udld

    When configuring UDLD, keep the following considerations in mind: ■ UDLD is configured on a per-port basis and must be enabled at both ends of the link. See the note below for a list of ProCurve switches that support UDLD. ■...

  • Page 246: Enabling Udld

    Enabling UDLD UDLD is enabled on a per port basis. For example, to enable UDLD on port a1, enter: ProCurve(config)#interface al link-keepalive To enable the feature on a trunk group, enter the appropriate port range. For example: ProCurve(config)#interface al-a4 link-keepalive...

  • Page 247: Changing The Keepalive Interval, Changing The Keepalive Retries, Configuring Udld For Tagged Ports

    The default implementation of UDLD sends the UDLD control packets untagged, even across tagged ports. If an untagged UDLD packet is received by a non-ProCurve switch, that switch may reject the packet. To avoid such an occurrence, you can configure ports to send out UDLD control packets that are tagged with a specified VLAN.

  • Page 248: Viewing Udld Information

    Port Status and Configuration Uni-Directional Link Detection (UDLD) N o t e s You must configure the same VLANs that will be used for UDLD on ■ all devices across the network; otherwise, the UDLD link cannot be maintained. If a VLAN ID is not specified, then UDLD control packets are sent out ■...

  • Page 249

    Port Status and Configuration Uni-Directional Link Detection (UDLD) To display summary information on all UDLD-enabled ports, enter the show link-keepalive command. For example: ProCurve(config)# show link-keepalive Total link-keepalive enabled ports: 4 Keepalive Retries: Keepalive Interval: 1 sec Port 1 is UDLD-enabled, and tagged for a specific VLAN.

  • Page 250

    To display detailed UDLD information for specific ports, enter the show link­ keepalive statistics command. For example: Ports 1 and 2 are UDLD-enabled and show the number of health check packets sent and received on each port. ProCurve(config)# show link-keepalive statistics Port: Current State: Neighbor MAC Addr: 0000a1-b1c1d1...

  • Page 251: Configuration Warnings And Event Log Messages

    Port Status and Configuration Uni-Directional Link Detection (UDLD) Configuration Warnings and Event Log Messages Warning Messages. The following table shows the warning messages that may be issued and their possible causes, when UDLD is configured for tagged ports. Table 10-3. Warning Messages caused by configuring UDLD for Tagged Ports CLI Command Example Warning Message Possible Problem...

  • Page 252

    Port Status and Configuration Uni-Directional Link Detection (UDLD) 10-32...

  • Page 253

    Power Over Ethernet (PoE) Operation Contents PoE Devices ..........11-3 Introduction to PoE .

  • Page 254: Table Of Contents

    Power Over Ethernet (PoE) Operation Contents Calculating the Maximum Load for a PoE Module ....11-25 When a Power Supply Fails ....... . . 11-26 PoE Operating Notes .

  • Page 255: Poe Devices

    Power Over Ethernet (PoE) Operation PoE Devices PoE Devices The ProCurve 8212zl switches are used as a Power Sourcing Equipment (PSE) device providing PoE power to the Powered Devices (PDs) through the ProCurve Switch zl 24-Port 10/100/1000 PoE module (J8702A), or the 20-port Gig-T plus 4 mini-GBIC PoE module (J8705A).

  • Page 256: Introduction To Poe

    LAN cabling. For more information about PoE technology, refer to the PoE Plan­ ning and Implementation Guide, which is available on the ProCurve Net­ working web site at www.procurve.com. (Click on technical support, then Product manuals (all)).

  • Page 257: Overview Of Operation

    Overview of Operation An 8212zl 24-port Gig-T PoE module (J8702A) is a PSE device that receives PoE power from either a ProCurve J8712A Power Supply or a ProCurve J8713A Power Supply and distributes this power to the PDs connected to the PoE module’s Gig-T ports.

  • Page 258: Related Publications

    ProCurve Networking web site at www.procurve.com. (Click on technical support, then Product manuals (all).) The latest version of any ProCurve product guide is always on the ProCurve Networking web site. Refer to “Getting Documentation From the Web” on page 1-6.

  • Page 259: General Poe Operation, Configuration Options

    Product manuals (all)). Configuration Options In the default configuration, all Gig-T ports on the PoE module in a ProCurve 82121zl switch are configured to support PoE operation. You can: Disable or re-enable per-port PoE operation on individual ports to ■...

  • Page 260: Pd Support

    Power Over Ethernet (PoE) Operation General PoE Operation Note The ports on a PoE module support standard networking links and PoE links. Thus, you can connect either a non-PoE device or a PD to a PoE-enabled port without reconfiguring the port. PD Support When you connect the first PD to a PoE port, the PoE module must have a minimum of 17 watts of PoE power available in order to detect and supply...

  • Page 261

    Power Over Ethernet (PoE) Operation General PoE Operation the lowest-priority port on the module loses PoE power and remains unpow­ ered until the module once again has 17 or more watts available. (For infor­ mation on power priority, refer to “Power Priority Operation” on page 11-10.) Disconnecting a PD from a PoE port causes the module to stop providing PoE power to that port and makes the power available to any other PoE ports that have PDs connected and waiting for power.

  • Page 262: Determining The Amount Of Poe Power Available, Poe Power, Power Priority Operation

    Power Over Ethernet (PoE) Operation General PoE Operation Determining the Amount of PoE Power Available PoE Power Table 11-1 shows the amount of PoE power available for powering PDs depending on the power supplies used. Table 11-1. PoE Power Available Source of Power PoE Power Available PoE Power Available for...

  • Page 263: How Is Power Allocation Prioritized?, How Is Power Allocation Prioritized

    Power Over Ethernet (PoE) Operation General PoE Operation to the ports that present a PD power demand. This causes the loss of power from one or more lower-priority ports to meet the power demand on other, higher-priority ports. This operation occurs regardless of the order in which PDs connect to the module’s PoE-enabled ports.

  • Page 264: Poe Priority With Two Or More Modules

    Critical In this example, the following CLI command sets ports C3-C17 to Critical: ProCurve(config)# interface c3-c17 power critical The Critical priority class always receives power. If there is not enough power to provision PDs on all of the ports configured for this class, then no power goes to ports configured for High and Low priority.

  • Page 265

    For example: All ports on module C are prioritized as Critical. ProCurve(config)# interface c1-c24 power critical All ports on module A are prioritized as Low. ProCurve(config)# interface a1-a24 power low There are 48 PDs attached to all ports of modules A and C (24 ports each module).

  • Page 266: Configuring Poe Operation, Changing The Poe Port Priority Level

    You can use one command to set the same priority level on PoE ports in multiple modules. For example, to configure the priority to High for ports c5-c10, C23-C24, D1-D10, and D12, you could use this command: ProCurve(config)# interface c5-c10,c23-c24,d1- d10,d12 power high 11-14...

  • Page 267: Disabling Or Re-enabling Poe Port Operation, Enabling Support For Pre-standard Devices

    You must disable ALL ports in the module for this to occur. Enabling Support for Pre-Standard Devices The ProCurve 8212zl switch also supports some pre-802.3af devices. For a list of the devices supported, refer to the FAQs for your switch model. Syntax: [no] power pre-std-detect Detects and powers pre-802.3af standard devices.

  • Page 268: Changing The Threshold For Generating A Power Notice

    In this case, executing the following command sets the global notification threshold to 70% of available PoE power. ProCurve(config)# power threshold 70 With this setting, if module B is allocated 100 watts of PoE power and is using 68 watts, and then another PD is connected to the module in slot B that uses 8 watts, the 70% threshold of 70 watts is exceeded.

  • Page 269: Configuring Optional Poe Port Identifiers

    PoE module in slot “A” to 75% and the threshold for the module in slot “B” to 68% by executing the following two commands: ProCurve(config)# power slot a threshold 75 ProCurve(config)# power slot b threshold 68 Note that the last threshold command affecting a given slot supersedes the previous threshold command affecting the same slot.

  • Page 270

    For example, to return port B2 in the above figure to a null setting, use this command: ProCurve(config)# setmib pethPsePortType.2.27 -D " " For more on displaying PoE configuration and status, refer to “Viewing PoE Configuration and Status” on page 11-19.

  • Page 271: Viewing Poe Configuration And Status, Displaying The Switch's Global Poe Power Status

    For example, in the default PoE configuration, when the switch is running with several ports supporting PD loads on the PoE module in slot A, show power-management displays data similar to the following: ProCurve(config)# show power-management Status and Counters - System Power Status Pre-standard Detect...

  • Page 272: Displaying An Overview Of Poe Status On All Ports

    Power Over Ethernet (PoE) Operation Viewing PoE Configuration and Status Displaying an Overview of PoE Status on All Ports Syntax: show power-management brief Displays the following port power status: • Port: Lists all PoE-capable ports on the switch. • Power Enable: Shows Yes for ports enabled to support PoE (the default) and No for ports on which PoE is disabled.

  • Page 273: Displaying The Poe Status On Specific Ports

    Power Over Ethernet (PoE) Operation Viewing PoE Configuration and Status Ports C1 through C4 are delivering power. The remaining ports are available to supply power, but currently do not detect a connected PD. Figure 11-3. Example of Show Power-Management Brief Output Displaying the PoE Status on Specific Ports Syntax: show power-management <...

  • Page 274

    Power Over Ethernet (PoE) Operation Viewing PoE Configuration and Status Syntax: show power-management < port-list > (Continued) Power Denied Cnt: Shows the number of times PDs requesting • power on the port have been denied due to insufficient power available. Each occurrence generates an Event Log message. Voltage: The total voltage, in dV, being delivered to PDs.

  • Page 275: Planning And Implementing A Poe Configuration, Assigning Poe Ports To Vlans

    Configuration This section provides an overview of some considerations for planning a PoE application. For additional information on this topic, refer to the ProCurve PoE Planning and Implementation Guide which is available on the ProCurve Networking web site at www.procurve.com. (Click on technical support, then Product manuals (all)).

  • Page 276: Assigning Priority Policies To Poe Traffic

    For more information on security options, refer to the latest edition of the Access Security Guide for your switch. (The ProCurve Networking web site offers the latest version of all ProCurve product publications. Refer to “Getting Documentation From the Web” on page 1-6.)

  • Page 277: Calculating The Maximum Load For A Poe Module

    Calculating the Maximum Load for a PoE Module The maximum power available for a PoE module depends on the type of power supplies used. ProCurve recommends that if you use more than one power supply, use the same type of power supplies in your PoE implementation, that...

  • Page 278: When A Power Supply Fails

    For additional information about planning your PoE configuration, refer to the PoE Planning and Implementation Guide, which is available from the ProCurve Networking web site at www.procurve.com. (Click on technical support, then Product manuals (all).) 11-26...

  • Page 279: Poe Operating Notes

    PoE device connected to port 1 on a PoE module installed in slot D: ProCurve(config)# no interface d1 power ProCurve(config)# interface d1 power Disabling all PoE ports in a module allows you to recover the 22 watts ■...

  • Page 280: Poe Event Log Messages, Informational" Poe Event-log Messages

    The switch has detected a PoE device connected to the indicated port. A module needs to have its PoE firmware updated and the Slot <slot-id> software update software begins the update process. On ProCurve 8212zl started on PoE controller switches the controller-id is always “1” <controller-id>...

  • Page 281: Warning" Poe Event-log Messages

    Power Over Ethernet (PoE) Operation PoE Operating Notes “Warning” PoE Event-Log Messages Message Meaning W < > < > chassis Message header, with severity, date, system time, and system module type. For more information on Event Log operation, including severity indicators, refer to “Using the Event Log To Identify Problem Sources”...

  • Page 282

    Power Over Ethernet (PoE) Operation PoE Operating Notes 11-30...

  • Page 283

    Port Trunking Contents Overview ........... . 12-2 Port Trunk Features and Operation .

  • Page 284

    Port Trunking Overview Overview This chapter describes creating and modifying port trunk groups. This includes non-protocol trunks and LACP (802.3ad) trunks. Port Status and Configuration Features Feature Default Menu viewing port trunks page 12-9 page 12-11 page 12-17 configuring a static trunk none page 12-9 page 12-15...

  • Page 285

    Port Trunking Overview Port Connections and Configuration: All port trunk links must be point- to-point connections between a switch and another switch, router, server, or workstation configured for port trunking. No intervening, non-trunking devices are allowed. It is important to note that ports on both ends of a port trunk group must have the same mode (speed and duplex) and flow control settings.

  • Page 286: Port Trunk Features And Operation, Trunk Configuration Methods

    LACP requires full-duplex (FDx) links of the same media type (10/100Base-T, 100FX, etc.) and the same speed, and enforces speed and duplex conformance across a trunk group. For most installations, ProCurve recommends that you leave the port Mode settings at Auto (the default). LACP also operates with Auto-10, Auto-100, and Auto-1000 (if negotiation selects FDx), and 10FDx, 100FDx, and 1000FDx settings.

  • Page 287

    LACP option to Active on the ports you want to use for the trunk. For example, the following command sets ports C1-C4 to LACP active: ProCurve(config) int c1-c4 lacp active Note that the preceding example works if the ports are not already operating in a trunk.

  • Page 288

    For more information, refer to “Trunk Group Operation Using LACP” on page 12-18. Trunk Provides manually configured, static-only trunking to: (non- • Most ProCurve switches and routing switches not running the 802.3ad LACP protocol. protocol) • Windows NT and HP-UX workstations and servers Use the Trunk option when: – The device to which you want to create a trunk link is using a non-802.3ad trunking protocol...

  • Page 289

    Port Configuration: The default port configuration is Auto, which enables a port to sense speed and negotiate duplex with an Auto-Enabled port on another device. ProCurve recommends that you use the Auto setting for all ports you plan to use for trunking.

  • Page 290

    Port Trunking Trunk Configuration Methods Spanning Tree: 802.1D (STP) and 802.1w (RSTP) Spanning Tree operate as a global setting on the switch (with one instance of Spanning Tree per switch). 802.1s (MSTP) Spanning Tree operates on a per-instance basis (with multiple instances allowed per switch).

  • Page 291: Menu: Viewing And Configuring A Static Trunk Group

    Port Trunking Menu: Viewing and Configuring a Static Trunk Group Menu: Viewing and Configuring a Static Trunk Group Important Configure port trunking before you connect the trunked links to another switch, routing switch, or server. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured.

  • Page 292

    Port Trunking Menu: Viewing and Configuring a Static Trunk Group • For proper trunk operation, all ports in a trunk must have the same media type and mode (such as 10/100TX set to 100FDx, or 100FX set to 100FDx). The flow control settings must also be the same for all ports in a given trunk.

  • Page 293: Cli: Viewing And Configuring Port Trunk Groups, Using The Cli To View Port Trunks

    Port Trunking CLI: Viewing and Configuring Port Trunk Groups 8. Connect the trunked ports on the switch to the corresponding ports on the opposite device. If you previously disabled any of the trunked ports on the switch, enable them now. (Refer to “Viewing Port Status and Configuring Port Parameters”...

  • Page 294

    Port Trunking CLI: Viewing and Configuring Port Trunk Groups Using a port list specifies, for switch ports in a static trunk group, only the ports you want to view. In this case, the command specifies ports A5 through A7. However, because port A6 is not in a static trunk group, it does not appear in the resulting listing: Port A5 appears with an example of a name that you can optionally assign using the Friendly Port Names feature.

  • Page 295

    Port Trunking CLI: Viewing and Configuring Port Trunk Groups Listing Static LACP and Dynamic LACP Trunk Data. Syntax: show lacp Lists data for only the LACP-configured ports.. In the following example, ports A1 and A2 have been previously configured for a static LACP trunk. (For more on the “Active” parameter, see table 12-5 on page 12-20.) Figure 12-8.

  • Page 296: Using The Cli To Configure A Static Or Dynamic Trunk Group

    Port Trunking CLI: Viewing and Configuring Port Trunk Groups “Up” Links Standby Link Figure 12-9. Example of a Dynamic LACP Trunk with One Standby Link Using the CLI To Configure a Static or Dynamic Trunk Group I m p o r t a n t Configure port trunking before you connect the trunked links between switches.

  • Page 297

    Removing a port from a trunk can create a loop and cause a broadcast storm. When you remove a port from a trunk where spanning tree is not in use, ProCurve recommends that you first disable the port or disconnect the link on that port.

  • Page 298

    < port-list >. This example uses ports C4 and C5 to enable a dynamic LACP trunk group. ProCurve(config)# interface c4-c5 lacp active Removing Ports from an Dynamic LACP Trunk Group. To remove a port from dynamic LACP trunk operation, you must turn off LACP on the port.

  • Page 299: Web: Viewing Existing Port Trunk Groups

    To help prevent a broadcast storm when you remove a port from a trunk where spanning tree is not in use, ProCurve recommends that you first disable the port or disconnect the link on that port.

  • Page 300: Trunk Group Operation Using Lacp

    LACP requires full-duplex (FDx) links of the same media type (10/100Base-T, 100FX, etc.) and the same speed, and enforces speed and duplex conformance across a trunk group. For most installations, ProCurve recommends that you leave the port Mode settings at Auto (the default). LACP also operates with Auto-10, Auto-100, and Auto-1000 (if negotiation selects FDx), and 10FDx, 100FDx, and 1000FDx settings.

  • Page 301

    Port Trunking Trunk Group Operation Using LACP Table 12-4. LACP Trunk Types LACP Port Trunk Operation Configuration 802.3ad-compliant Dynamic LACP This option automatically establishes an trunk group, with LACP for the port Type parameter and DynX for the port Group name, where X is an automatically assigned value from 1 to 36, depending on how many dynamic and static trunks are currently on the switch.

  • Page 302: Default Port Operation

    Table 12-5 lists the elements of per-port LACP operation. To display this data for a switch, execute the following command in the CLI: ProCurve> show lacp Table 12-5. LACP Port Status Data Status Name...

  • Page 303: Lacp Notes And Restrictions

    If you configure port security on a port on which LACP (active or passive) is configured, the switch removes the LACP configuration, displays a notice that LACP is disabled on the port(s), and enables 802.1X on that port. ProCurve(config)# aaa port-access authenticator b1 LACP has been disabled on 802.1x port(s). ProCurve(config)#...

  • Page 304

    LACP (active or passive) is configured, the switch removes the LACP configuration, displays a notice that LACP is disabled on the port(s), and enables port security on that port. For example: ProCurve(config)# port-security a17 learn-mode static address-limit 2 LACP has been disabled on secured port(s).

  • Page 305

    Status becomes “Up”). When the other port becomes active again, the replace­ ment port goes back to blocked (Port Status is “Blocked”). It can take a few seconds for the switch to discover the current status of the ports. ProCurve(eth-B1-B8)# show lacp LACP PORT...

  • Page 306

    Port Trunking Trunk Group Operation Using LACP If there are ports that you do not want on the default VLAN, ensure that ■ they cannot become dynamic LACP trunk members. Otherwise a traffic loop can unexpectedly occur. For example: VLAN-1 VLAN-1 VLAN-1 VLAN-1...

  • Page 307: Trunk Group Operation Using The "trunk" Option

    Port Trunking Trunk Group Operation Using the “Trunk” Option Dynamic/Static LACP Interoperation: A port configured for dynamic LACP can properly interoperate with a port configured for static (TrkX) LACP, but any ports configured as standby LACP links will be ignored. Trunk Group Operation Using the “Trunk”...

  • Page 308: How The Switch Lists Trunk Data, Outbound Traffic Distribution Across Trunked Links

    Port Trunking How the Switch Lists Trunk Data How the Switch Lists Trunk Data Static Trunk Group: Appears in the menu interface and the output from the CLI show trunk and show interfaces commands. Dynamic LACP Trunk Group: Appears in the output from the CLI show lacp command.

  • Page 309

    Port Trunking Outbound Traffic Distribution Across Trunked Links The load-balancing is done on a per communication basis. Otherwise, traffic is transmitted across the same path as shown in figure 12-13. That is, if Client A attached to Switch 1 sends five packets of data to Server A attached to Switch 2, the same link is used to send all five packets.

  • Page 310

    Port Trunking Outbound Traffic Distribution Across Trunked Links Table 12-6. Example of Link Assignments in a Trunk Group (SA/DA Distribution) Source: Destination: Link: Node A Node W Node B Node X Node C Node Y Node D Node Z Node A Node Y Node B Node W...

  • Page 311

    Port Traffic Controls Contents Overview ........... . 13-3 Rate-Limiting .

  • Page 312

    Port Traffic Controls Contents Configuring Jumbo Frame Operation ......13-28 Overview ..........13-28 Viewing the Current Jumbo Configuration .

  • Page 313

    Port Traffic Controls Overview Overview Feature Default Menu Rate-Limiting None 13-4 Guaranteed Minimum Per Queue (1-8 order): 13-18 Bandwidth 2%-3%-30%-10%-10%­ 10%-15%-20% Jumbo Packets Disabled 13-26 This chapter includes: ■ Rate-Limiting: Enables a port to limit the amount of bandwidth a user or device may utilize for traffic on the switch.

  • Page 314: Rate-limiting, All Traffic Rate-limiting

    Port Traffic Controls Rate-Limiting Rate-Limiting Feature Default Menu rate-limit all none page 13-5 show rate-limit all page 13-6 rate-limit icmp none page 13-12 show rate-limit icmp page 13-13 All Traffic Rate-Limiting Rate-limiting for all traffic operates on a per-port basis to allow only the specified bandwidth to be used for inbound or outbound traffic.

  • Page 315: Configuring Rate-limiting

    • Configuring a rate limit of 0 (zero) on a port blocks all traffic on that port. However, if this is the desired behavior on the port, ProCurve recommends using the < port-list > disable command instead of configuring a rate limit of 0.

  • Page 316: Displaying The Current Rate-limit Configuration

    For example, either of the following commands configures an inbound rate limit of 60% on ports A3 - A5: ProCurve (config)# int a3-a5 rate-limit all in percent 60 ProCurve (eth-A3-A5)# rate-limit all in percent 60...

  • Page 317

    (Note that configuration changes performed with the CLI, but not followed by a write mem command do not appear in the startup-config file.) ProCurve Switch 8212zl# show config Startup configuration: ; J8697A Configuration Editor; Created on release #K.12.XX hostname "ProCurve Switch 8212zl"...

  • Page 318: Operating Notes For Rate-limiting

    Port Traffic Controls Rate-Limiting Operating Notes for Rate-Limiting Rate-limiting operates on a per-port basis, regardless of traffic ■ priority. Rate-limiting is available on all types of ports (other than trunked ports) on the switches covered in this guide, and at all port speeds configurable for these devices.

  • Page 319

    Port Traffic Controls Rate-Limiting Traffic filters on rate-limited ports: Configuring a traffic filter on a ■ port does not prevent the switch from including filtered traffic in the bandwidth-use measurement for rate-limiting when it is configured on the same port. For example, ACLs, source-port filters, protocol filters, and multicast filters are all included in bandwidth usage calculations.

  • Page 320: Icmp Rate-limiting

    Port Traffic Controls Rate-Limiting ICMP Rate-Limiting In IP networks, ICMP (Internet Control Message Protocol) messages are generated in response to either inquiries or requests from routing and diag­ nostic functions. These messages are directed to the applications originating the inquiries. In unusual situations, if the messages are generated rapidly with the intent of overloading network circuits, they can threaten network avail­...

  • Page 321: Terminology, Guidelines For Configuring Icmp Rate-limiting

    Port Traffic Controls Rate-Limiting Terminology All-Traffic Rate-Limiting: Applies a rate-limit to all traffic (including ICMP traffic) on an interface. For details, see “Rate-Limiting” on page 13-4. ICMP Rate-Limiting: Applies a rate-limit to all inbound ICMP traffic received on an interface, but does not limit other types of inbound traffic. Spoofed Ping: An ICMP echo request packet intentionally generated with a valid source IP address and an invalid destination IP address.

  • Page 322: Configuring Icmp Rate-limiting, On The Same Interface

    For example, either of the following commands configures an inbound rate limit of 1% on ports A3 - A5, which are used as network edge ports: ProCurve(config)# int a3-a5 rate-limit icmp 1 ProCurve (eth-A3-A5)# rate-limit icmp 1 Using Both ICMP Rate-Limiting and All-Traffic Rate-Limiting on the Same Interface ICMP and all-traffic rate-limiting can be configured on the same interface.

  • Page 323: Displaying The Current Icmp Rate-limit Configuration

    Port Traffic Controls Rate-Limiting If at a given moment: ■ Inbound ICMP traffic on port “X” is using 1% of the port’s bandwidth, and ■ Inbound traffic of all types on port “X” demands 61% of the ports’s bandwidth, then all inbound traffic above 55% of the port’s bandwidth, including any additional ICMP traffic, will be dropped as long as all inbound traffic combined on the port demands 55% or more of the port’s bandwidth.

  • Page 324: Operating Notes For Icmp Rate-limiting

    Port Traffic Controls Rate-Limiting Operating Notes for ICMP Rate-Limiting ICMP rate-limiting operates on an interface (per-port) basis to allow, on average, the highest expected amount of legitimate, inbound ICMP traffic. ■ Interface support: ICMP rate-limiting is available on all types of ports (other than trunk ports or mesh ports), and at all port speeds configurable for the switch.

  • Page 325: Icmp Rate-limiting Trap And Event Log Messages

    Port Traffic Controls Rate-Limiting because the total traffic load requested to the outbound interface exceeds the interface’s bandwidth, and thus some requested traffic may be held off on inbound. ■ Monitoring (Mirroring) ICMP rate-limited interfaces: If monitoring is configured, packets dropped by ICMP rate-limiting on a monitored interface will still be forwarded to the designated monitor port.

  • Page 326

    A1 on a switch would use the following setmib command to reset the port to send a new message if the condition occurs again. ProCurve(config)# setmib hpicmpratelimitportalarm- flag.1 -i 1 Determining the Switch Port Number Used in ICMP Port Reset Commands: To enable excess ICMP traffic notification traps and Event Log messages, use the setmib command described on page 13-15.

  • Page 327

    Port Traffic Controls Rate-Limiting ProCurve# walkmib ifDescr ifDescr.1 = A1 ifDescr.2 = A2 ifDescr.3 = A3 Beginning and Ending of Port Number Listing for Slot A ifDescr.23 = A23 ifDescr.24 = A24 ifDescr.27 = B1 ifDescr.28 = B2 ifDescr.29 = B3...

  • Page 328: Guaranteed Minimum Bandwidth (gmb), Introduction, Terminology, Gmb Operation, Guaranteed Minimum Bandwidth (gmb)

    Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Guaranteed Minimum Bandwidth (GMB) Feature Default Menu bandwidth-min output Per-Queue: page 13-21 2%-3%-30%-10% 10%-10%-15%-20% show bandwidth output [ port-list ] page 13-24 Introduction Guaranteed Minimum Bandwidth (GMB) provides a method for ensuring that each of a given port’s outbound traffic priority queues has a specified mini­...

  • Page 329

    Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Table 13-1. Per-Port Outbound Priority Queues 802.1p Priority Settings in Tagged VLAN Outbound Priority Queue for a Given Port Packets* 1 (low) 2 (low) 0 (normal) 3 (normal) 4 (medium) 5 (medium) 6 (high) 7 (high) *The switch processes outbound traffic from an untagged port at the "0"...

  • Page 330: Impacts Of Qos Queue Configuration On Gmb Operation

    Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) N o t e For a given port, when the demand on one or more outbound queues exceeds the minimum bandwidth configured for those queues, the switch apportions unallocated bandwidth to these queues on a priority basis. As a result, speci­ fying a minimum bandwidth for a high-priority queue but not specifying a minimum for lower-priority queues can starve the lower-priority queues dur­...

  • Page 331: Outbound Traffic

    For any port or group of ports you can configure either the default minimum bandwidth settings for each outbound priority queue or a customized band­ width allocation. For most applications, ProCurve recommends configuring GMB with the same values on all ports on the switch so that the outbound traffic profile is consistent for all outbound traffic.

  • Page 332

    Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Syntax: [ no ] int < port-list > bandwidth-min output [ < queue1% > < queue2% > < queue3% > < queue4% > <queue5%> <queue6%> <queue7%> <queue8%>] For ports in < port-list >, specifies the minimum outbound bandwidth as a percent of the total bandwidth for each outbound queue.

  • Page 333

    Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Notes: Configuring 0% for a queue can result in that queue being starved if any higher queue becomes over­ subscribed and is then given all unused bandwidth. The switch applies the bandwidth calculation to the link speed the port is currently using.

  • Page 334: Configuration

    Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Either of the following commands configures ports A1 through A5 with bandwidth settings: ProCurve(config)#int a1-a5 bandwidth-min output 2 3 30 10 10 10 15 20 ProCurve(eth-A1-A5)#bandwidth-min output 2 3 30 10 10 10 15 20...

  • Page 335: Gmb Operating Notes

    Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) This is how the preceding listing of the GMB configuration would appear in the startup-config file. The outbound port priority queues 1 - 8 for ports A1-A5 are configured with the indicated Guaranteed Minimum Bandwidth percentages.

  • Page 336: Jumbo Frames, Terminology

    Port Traffic Controls Jumbo Frames Jumbo Frames Feature Default Menu display VLAN jumbo status — 13-29 — configure jumbo VLANs Disabled — 13-31 — The Maximum Transmission Unit (MTU) is the maximum size IP frame the switch can receive for Layer 2 frames inbound on a port. The switch drops any inbound frames larger than the MTU allowed on the port.

  • Page 337: Operating Rules

    Port Traffic Controls Jumbo Frames Operating Rules Required Port Speed: This feature allows inbound and outbound jumbo ■ frames on ports operating at speeds of 1 gigabit or higher. At lower port speeds, only standard (1522-byte or smaller) frames are allowed, regard­ less of the jumbo configuration.

  • Page 338: Configuring Jumbo Frame Operation, Overview

    Port Traffic Controls Jumbo Frames Configuring Jumbo Frame Operation Command Page show vlans 13-29 show vlans ports < port-list > 13-30 show vlans < vid > 13-31 jumbo 13-31 Overview 1. Determine the VLAN membership of the ports or trunks through which you want the switch to accept inbound jumbo traffic.

  • Page 339: Viewing The Current Jumbo Configuration

    Port Traffic Controls Jumbo Frames Viewing the Current Jumbo Configuration Syntax: show vlans Lists the static VLANs configured on the switch and includes a Jumbo column to indicate which VLANs are configured to support inbound jumbo traffic. All ports belonging to a jumbo-enabled VLAN can receive jumbo traffic.

  • Page 340

    Port Traffic Controls Jumbo Frames Indicates which static VLANs are configured to enable jumbo frames. Figure 13-9. Example of Listing the VLAN Memberships for a Range of Ports Syntax: show vlans < vid > This command shows port membership and jumbo configuration for the specified <...

  • Page 341: Enabling Or Disabling Jumbo Traffic On A Vlan, Operating Notes For Jumbo Traffic-handling

    Operating Notes for Jumbo Traffic-Handling ■ ProCurve does not recommend configuring a voice VLAN to accept jumbo frames. Voice VLAN frames are typically small, and allowing a voice VLAN to accept jumbo frame traffic can degrade the voice transmission perfor­...

  • Page 342

    Port Traffic Controls Jumbo Frames This same condition generates a Fault-Finder message in the Alert log of the switch’s web browser interface, and also increments the switch’s “Giant Rx” counter. ■ If you do not want all ports in a given VLAN to accept jumbo frames, you can consider creating one or more jumbo VLANs with a membership comprised of only the ports you want to receive jumbo traffic.

  • Page 343

    In this regard, if a mesh domain includes any ProCurve 1600M/2400M/2424M/4000M/8000M switches along with the switches covered in this guide configured to support jumbo traffic, only the switches covered in this guide will receive jumbo frames.

  • Page 344: Troubleshooting

    Port Traffic Controls Jumbo Frames Troubleshooting A VLAN is configured to allow jumbo frames, but one or more ports drops all inbound jumbo frames. The port may not be operating at 1 giga­ bit or higher. Regardless of a port’s configuration, if it is actually operating at a speed lower than 1 gigabit, it drops inbound jumbo frames.

  • Page 345

    Configuring for Network Management Applications Contents Using SNMP Tools To Manage the Switch ..... . 14-3 Overview ..........14-3 SNMP Management Features .

  • Page 346: Table Of Contents

    Configuring for Network Management Applications Contents LLDP (Link-Layer Discovery Protocol) ..... . . 14-33 Terminology ..........14-34 General LLDP Operation .

  • Page 347: Using Snmp Tools To Manage The Switch, Overview

    Overview You can manage the switch via SNMP from a network management station running an application such as ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+). For more on PCM and PCM+, visit the ProCurve Networking web site at: www.procurve.com Click on products index in the sidebar, then click on the appropriate link appearing under the Network Management heading.

  • Page 348: Snmp Management Features, Configuring For Snmp Version 1 And 2c Access To The Switch

    (RFC 1515), and others. The switch SNMP agent also uses certain variables that are included in a Hewlett-Packard proprietary MIB (Management Information Base) file. If you are using HP OpenView, you can ensure that it is using the latest version of the MIB file by downloading the file to the OpenView database.

  • Page 349: Configuring For Snmp Version 3 Access To The Switch

    C a u t i o n For ProCurve Manager (PCM) version 1.5 or earlier (or any TopTools version), deleting the “public” community disables some network management functions (such as traffic monitoring, SNMP trap generation, and threshold setting).

  • Page 350: Snmp Version 3 Commands

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Version 3 Commands SNMP version 3 (SNMPv3) adds some new commands to the CLI for configuring SNMPv3 functions. To enable SMNPv3 operation on the switch, use the snmpv3 enable command. An initial user entry will be generated with MD5 authentication and DES privacy.

  • Page 351: Enabling Snmpv3, Snmpv3 Users, Enabling Snmpv

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Enabling SNMPv3 The snmpv3 enable command allows the switch to: ■ Receive SNMPv3 messages. ■ Configure initial users. Restrict non-version 3 messages to “read only” (optional). ■ Figure 14-1 shows an example of how to use the snmpv3 enable command. N o t e : To create new users, most SNMPv3 management software requires an initial S N M P...

  • Page 352

    Add user Network Admin with ProCurve(config)# snmpv3 user NetworkAdmin no authentication or privacy. ProCurve(config)# snmpv3 user NetworkMgr auth md5 authpass priv privpass Privacy is enabled and the Add user Network Mgr with MD5 authentication is enabled and password is set to “privpass”.

  • Page 353

    This example displays information about the management stations configured on VLAN 1 to access the switch. ProCurve# configure terminal ProCurve(config)# vlan 1 ProCurve(vlan-1)# show snmpv3 user Status and Counters - SNMPv3 Global Configuration Information Auth. Protocol Privacy Protocol User Name...

  • Page 354

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Assigning Users to Groups. Then you must set the group access level for the user by assigning the user to a group. This is done with the snmpv3 group command.

  • Page 355: Group Access Levels, Snmpv3 Communities

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Group Access Levels The switch supports eight predefined group access levels. There are four levels for use with version 3 users and four are used for access by version 2c or version 1 management applications.

  • Page 356

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: [no] snmpv3 community This command maps or removes a mapping of a community name to a group access level. To remove a mapping you, only need to specify the index_name parameter.

  • Page 357: Communities

    C a u t i o n For ProCurve Manager (PCM) version 1.5 or earlier (or any TopTools version), deleting the “public” community disables some network management functions (such as traffic monitoring, SNMP trap generation, and threshold setting).

  • Page 358

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Note: This screen gives an overview of the SNMP communities that are currently Add and Edit options are configured. All fields in used to modify the SNMP this screen are read- options.

  • Page 359: Cli: Viewing And Configuring Snmp Community Names

    Figure 14-7. Example of the SNMP Community Listing with Two Communities To list the data for only one community, such as the “public” community, use the above command with the community name included. For example: ProCurve# show snmp-server public 14-15...

  • Page 360

    (Access to all MIB objects (read-only) except the CONFIG MIB.) ProCurve(config)# snmp-server community red-team manager unrestricted ProCurve(config)# snmp-server community blue-team operator restricted To eliminate a previously configured community named "gold-team": ProCurve(config) # no snmp-server community gold-team 14-16...

  • Page 361: Snmpv3 Notification And Traps

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMPv3 Notification and Traps The switches covered in this guide support the SNMPv3 notification process. They also support version 1 or version 2c traps. For more information on version 1 or version 2c traps, refer to “SNMPv1 and SNMPv2c Trap Features”...

  • Page 362

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch timeout < value > Specifies how long the switch waits for a response from the target before it retransmits the packet. (Default: 1500) Range: 0-2147483647 max-msg-size<size> Default:1472 Specifies the maximum number of bytes a message to this target can contain.

  • Page 363: Snmpv1 And Snmpv2c Trap Features

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch params value matches params name. Tag value matches taglist value. ver3 means you must select a security service level. Figure 14-8. Example of SNMP Notification and Trap Configuration SNMPv1 and SNMPv2c Trap Features Feature Default...

  • Page 364: Cli: Configuring And Displaying Trap Receivers

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch In the default configuration, there are no trap receivers configured, and the authentication trap feature is disabled. From the CLI you can configure up to ten SNMP trap receivers to receive SNMP traps from the switch. As an option, you can also configure the switch to send Event Log messages as traps.

  • Page 365

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Example of ProCurve(config)# show snmp-server Community SNMP Communities Name Data (See Community Name MIB View Write Access page 14-11.) ---------------- -------- ------------ public Operator Restricted blue-team Manager Unrestricted...

  • Page 366

    Send critical-level log messages. Debug Reserved for HP-internal use. For example, to configure a trap receiver in a community named "red-team" with an IP address of 10.28.227.130 to receive only "critical" log messages: ProCurve(config)# snmp-server trap-receiver red-team 10.28.227.130 critical 14-22...

  • Page 367: Using The Cli To Enable Authentication Traps

    For example: ProCurve(config)# snmp-server enable traps authentication Check the Event Log in the console interface to help determine why the authentication trap was sent. (Refer to “Using the Event Log To Identify Problem Sources”...

  • Page 368: And Traps

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch ProCurve(config)# show snmp-server SNMP Communities Community Name MIB View Write Access ---------------- -------- ----------- - public Manager Unrestricted Trap Receivers Link-Change Traps Enabled on Ports [All] : All...

  • Page 369

    For example, to use the destination IP address as the source IP address, enter this command: ProCurve(config)# snmp-server response-source dst-ip-of-request To configure the source IP address for a generated trap pdu, enter this command.

  • Page 370

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch IP-ADDR: The user-specified IP address that will be used as the source IP address in the generated trap. loopback <0-7>: The IP address configured for the specified loopback interface will be used as the source IP address in the generated trap pdu.

  • Page 371: Enabling And Configuring Snmp Inform, Operating Notes

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Operating Notes You must explicitly set snmp-server response-source if you wish to change ■ the default behavior. (rfc-1517) ■ This option is global and is applied to all interfaces that are sending SNMP responses or SNMP trap pdus.

  • Page 372: Advanced Management: Rmon

    Note that you can access the Ethernet statistics, Alarm, and Event groups from the ProCurve Manager network management software. For more on ProCurve Manager, visit the ProCurve Networking web site at www.procurve.com Click on products index, then look for the ProCurve Manager topic under the Network Manager bar. 14-28...

  • Page 373: Cli-configured Sflow With Multiple Instances, Terminology, Configuring Sflow

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch CLI-Configured sFlow with Multiple Instances In earlier software releases, sFlow was configured on the switch via SNMP using a single sFlow instance. Beginning with software release K.11.34, sFlow can also be configured via the CLI for up to three distinct sFlow instances: once enabled, an sFlow receiver/destination can be independently configured for full flow-sampling and counter-polling.

  • Page 374: Viewing Sflow Configuration And Status

    The show sflow agent command displays read-only switch agent information. The version information shows the sFlow version, MIB support and software versions; the agent address is typically the ip address of the first vlan config­ ured on the switch. ProCurve# show sflow agent Version 1.3;HP;K.12.XX Agent Address 10.0.10.228...

  • Page 375

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch The show sflow <instance> destination command includes information about the management-station’s destination address, receiver port, and owner. ProCurve# show sflow 2 destination Destination Instance sflow Enabled Datagrams Sent Destination Address 10.0.10.41...

  • Page 376

    Configuring for Network Management Applications Using SNMP Tools To Manage the Switch ProCurve# show sflow 2 sampling-polling A1-A4 Number denotes the sampling/polling instance to which the receiver is coupled. Port | Sampling Dropped Polling | Enabled Rate Header Samples Enabled...

  • Page 377: Lldp (link-layer Discovery Protocol), Lldp (link-layer Discovery Protocol)

    CDP as documented in this manual. For the latest information on your switch model, consult the Release Notes (available on the ProCurve Networking web site). If LLDP has not yet been implemented (or if you are running an older version of software), consult a previous version of the Management and Configuration Guide for device discovery details.

  • Page 378

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP-MED (LLDP Media Endpoint Discovery): Provides an extension to LLDP and is designed to support VoIP deployments. N o t e LLDP-MED is an extension for LLDP, and the switch requires that LLDP be enabled as a prerequisite to LLDP-MED operation.

  • Page 379

    PD (Powered Device): This is an IEEE 802.3af-compliant device that receives its power through a direct connection to a 10/100Base-TX PoE RJ-45 port in a ProCurve fixed-port or chassis-based switch. Examples of PDs include Voice-over-IP (VoIP) telephones, wireless access points, and remote video cameras.

  • Page 380: General Lldp Operation, Lldp-med, Packet Boundaries In A Network Topology

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) TLV (Type-Length-Value): A data unit that includes a data type field, a data unit length field (in bytes), and a field containing the actual data the unit is designed to carry (as an alphanumeric string, a bitmap, or a subgroup of information).

  • Page 381: Configuration Options

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Configuration Options Enable or Disable LLDP on the Switch. In the default configuration, LLDP is globally enabled on the switch. To prevent transmission or receipt of LLDP traffic, you can disable LLDP operation (page 14-37) Enable or Disable LLDP-MED.

  • Page 382

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) SNMP Notification. You can enable the switch to send a notification to any configured SNMP trap receiver(s) when the switch detects a remote LLDP data change on an LLDP-enabled port (page 14-47). Per-Port (Outbound) Data Options.

  • Page 383: Options For Reading Lldp Information Collected By The Switch, Lldp And Lldp-med Standards Compatibility

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Data Type Configuration Default Description Options The Packet Time-to-Live value is included in LLDP data packets. (Refer to “Changing the Time-to-Live for Transmitted Advertisements” on page 14-45.) Subelement of the Chassis ID TLV. Subelement of the Port ID TLV.

  • Page 384: Lldp Operating Rules

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) RFC 2737 (Entity MIB) ■ ■ RFC 2863 (Interfaces MIB) ■ ANSI/TIA-1057/D6 (LLDP-MED; refer to “LLDP-MED (Media-Endpoint- Discovery)” on page 14-52.) LLDP Operating Rules (For additional information specific to LLDP-MED operation, refer to “LLDP­ MED (Media-Endpoint-Discovery)”...

  • Page 385: Configuring Lldp Operation

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Spanning-Tree Blocking. Spanning tree does not prevent LLDP packet transmission or receipt on STP-blocked links. 802.1X Blocking. Ports blocked by 802.1X operation do not allow transmission or receipt of LLDP packets. Configuring LLDP Operation In the default configuration, LLDP is enabled and in both transmit and receive mode on all active ports.

  • Page 386: Viewing The Current Configuration

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Viewing the Current Configuration Displaying the Global LLDP, Port Admin, and SNMP Notification Status. This command displays the switch’s general LLDP configuration status, including some per-port information affecting advertisement traffic and trap notifications. Syntax show lldp config Displays the LLDP global configuration, LLDP port status, and SNMP notification status.

  • Page 387: Configuring Global Lldp Packet Controls

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying Port Configuration Details. This command displays the port- specific configuration, including. Syntax show lldp config < port-list > Displays the LLDP port-specific configuration for all ports in < port-list >, including which optional TLVs and any non-default IP address that are included in the port’s outbound advertisements.

  • Page 388

    (Default: Enabled) For example, to disable LLDP on the switch: ProCurve(config)# no lldp run Changing the Packet Transmission Interval. This interval controls how often active ports retransmit advertisements to their neighbors. Syntax lldp refresh-interval < 5 - 32768 >...

  • Page 389

    2, which would result in a Time-to- Live of 30 seconds. ProCurve(config)# lldp holdtime-multiplier 2 Changing the Delay Interval Between Advertisements Generated by Value or Status Changes to the LLDP MIB. The switch uses a delay- interval setting to delay transmitting successive advertisements resulting from these LLDP MIB changes.

  • Page 390

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax setmib lldpTxDelay.0 -i < 1 - 8192 > Uses setmib to change the minimum time (delay-interval) any LLDP port will delay advertising successive LLDP advertisements due to a change in LLDP MIB content. (Default: 2;...

  • Page 391: Configuring Snmp Notification Support

    (Default: 2 seconds; Range: 1 - 10 seconds) For example, the following command changes the reinitialization delay interval to five seconds: ProCurve(config)# setmib lldpreinitdelay.0 -i 5 Configuring SNMP Notification Support You can enable SNMP trap notification of LLDP data changes detected on advertisements received from neighbor devices, and control the interval between successive notifications of data changes on the same neighbor.

  • Page 392: Configuring Per-port Transmit And Receive Modes

    (Default: 5 seconds) For example, the following command limits change notification traps from a particular switch to one per minute. ProCurve(config)# setmib lldpnotificationinterval.0 -i 60 lldpNotificationInterval.0 = 60 Configuring Per-Port Transmit and Receive Modes These commands control advertisement traffic inbound and outbound on active ports.

  • Page 393: Configuring Basic Lldp Per-port Advertisement Content

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Configuring Basic LLDP Per-Port Advertisement Content In the default LLDP configuration, outbound advertisements from each port on the switch include both mandatory and optional data. Mandatory Data. An active LLDP port on the switch always includes the mandatory data in its outbound advertisements.

  • Page 394

    10.10.10.100 and you wanted port 3 to use this secondary address in LLDP advertisements, you would need to execute the following command: ProCurve(config)# lldp config 3 ipAddrEnable 10.10.10.100 Optional Data. You can configure an individual port or group of ports to exclude one or more of these data types from outbound LLDP advertisements.

  • Page 395: Advertisements

    For example, if you wanted to exclude the system name TLV from the outbound LLDP advertisements for all ports on a switch, you would use this command: ProCurve(config)# no lldp config 1-24 basicTlvEnable system_name If you later decided to reinstate the system name TLV on ports 1-5, you would...

  • Page 396: Lldp-med (media-endpoint-discovery), Lldp-med (media-endpoint-discovery)

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax: [ no ] lldp config < port-list > dot3TlvEnable macphy_config For outbound advertisements, this TLV includes the (local) switch port’s current speed and duplex settings, the range of speed and duplex settings the port supports, and the method required for reconfiguring the speed and duplex settings on the device (auto-negotiation during link initialization, or manual configuration).

  • Page 397

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Power over Ethernet (PoE) status and troubleshooting support via ■ SNMP support for IP telephony network troubleshooting of call quality ■ issues via SNMP This section describes how to configure and use LLDP-MED features in the switches to support VoIP network edge devices (Media Endpoint Devices) such as: ■...

  • Page 398

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) able to use the following network policy elements configured on the ■ client port • v oice VLAN ID • 802.1p (Layer 2) QoS • Diffserv codepoint (DSCP) (Layer 3) QoS discover and advertise device location data learned from the switch ■...

  • Page 399: Lldp-med Topology Change Notification

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Class 3 (Communication Devices): These devices are typically IP ■ phones or end-user devices that otherwise support IP media and offer all Class 1 and Class 2 features, plus location identification and emergency 911 capability, Layer 2 switch support, and device infor­...

  • Page 400

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax: lldp top-change-notify < port-list > Topology change notification, when enabled on an LLDP port, causes the switch to send an SNMP trap if it detects LLDP-MED endpoint connection or disconnection activity on the port, or an age-out of the LLDP-MED neighbor on the port.

  • Page 401: Lldp-med Fast Start Control, And Location Data

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP-MED Fast Start Control Syntax: lldp fast-start-count < 1 - 10 > An LLDP-MED device connecting to a switch port may use the data contained in the MED TLVs from the switch to configure itself.

  • Page 402

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) N o t e LLDP-MED operation requires the macphy_config TLV subelement—enabled by default—that is optional for IEEE 802.1AB LLDP operation. Refer to the dot3TlvEnable macphy_config command on page 14-52. Network Policy Advertisements. Network policy advertisements are intended for real-time voice and video applications, and include these TLV subelements: ■...

  • Page 403

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) N o t e s A codepoint must have an 802.1p priority before you can configure it for use in prioritizing packets by VLAN-ID. If a codepoint you want to use shows No Override in the Priority column of the DSCP policy table (display with show qos­...

  • Page 404

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) network-policy This TLV enables the switch port to advertise its configured network policies (voice VLAN, Layer 2 QoS, Layer 3 QoS), and allows LLDP-MED endpoint devices to auto-configure the voice network policy advertised by the switch.

  • Page 405: Configuring Location Data For Lldp-med Devices

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) PoE Advertisements. These advertisements inform an LLDP-MED endpoint of the power (PoE) configuration on switch ports. Similar advertisements from an LLDP-MED endpoint inform the switch of the endpoint’s power needs and provide information that can be used to identify power priority mismatches.

  • Page 406

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ELIN (Emergency Location Identification Number): an emergency ■ number typically assigned to MLTS (Multiline Telephone System Opera­ tors) in North America ■ coordinate-based location: attitude, longitude, and altitude informa­ tion (Requires configuration via an SNMP application.) Syntax: [ no ] lldp config <...

  • Page 407

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) — Continued— Type/Value Pairs ( CA-TYPE CA-VALUE ): This is a series of data pairs, each composed of a location data “type” specifier and the corresponding location data for that type. That is, the first value in a pair is expected to be the civic address “type”...

  • Page 408

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note: A switch port allows one instance of any given CA­ TYPE. For example, if a type/value pair of 6 Atlantic (to specify “Atlantic” as a street name) is configured on port A5 and later another type/value pair of 6 Pacific is configured on the same port, then Pacific replaces Atlantic in the civic address location configured for port A5.

  • Page 409

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Table 14-4. Some Location Codes Used in CA-TYPE Fields* Location Element Code Location Element Code national subdivision street number regional subdivision additional location data city or township unit or apartment city subdivision floor street room number...

  • Page 410: Displaying Advertisement Data

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Figure 14-20. Example of a Civic Address Configuration Displaying Advertisement Data Command Page show lldp info local-device below walkmib lldpXdot3LocPortOperMauType show lldp info remote-device 14-69 walkmib lldpXdot3RemPortAutoNegAdvertisedCap show lldp info stats 14-71 14-66...

  • Page 411

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying Switch Information Available for Outbound Advertisements These commands display the current switch information that will be used to populate outbound LLDP advertisements. Syntax show lldp info local-device [port-list] Without the [ port-list ] option, this command displays the global switch information and the per-port information currently available for populating outbound LLDP advertisements.

  • Page 412

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) The Management Address field displays only the LLDP-configurable IP addresses on the switch. (Only manually-configured IP addresses are LLDP-configurable.) If the switch has only an IP address from a DHCP or Bootp server, then the Management Address field is empty (because there are no LLDP­...

  • Page 413

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) information on displaying the currently configured port speed and duplex on an LLDP-MED endpoint, refer to “Displaying the Current Port Speed and Duplex Configuration on a Switch Port” on page 14-68. Syntax: show interfaces brief <...

  • Page 414

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Figure 14-23. Example of a Global Listing of Discovered Devices Indicates the policy configured on the telephone. A configuration mismatch occurs if the supporting port is configured differently. Figure 14-24. Example of an LLLDP-MED Listing of an Advertisement Received From an LLDP-MED (VoIP Telephone) Source 14-70...

  • Page 415: Displaying Lldp Statistics

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying LLDP Statistics LLDP statistics are available on both a global and a per-port levels. Rebooting the switch resets the LLDP statistics counters to zero. Disabling the transmit and/or receive capability on a port “freezes” the related port counters at their current values.

  • Page 416

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) — Continued — Per-Port LLDP Counters: NumFramesRecvd: Shows the total number of valid, inbound LLDP advertisements received from any neighbor(s) on < port- list >. Where multiple neighbors are connected to a port through a hub, this value is the total number of LLDP advertisements received from all sources.

  • Page 417: Lldp Operating Notes

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Counters showing frames sent on a port but no frames received on that port indicates an active link with a device that either has LLDP disabled on the link or is not LLDP- aware.

  • Page 418

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP Packet Forwarding: An 802.1D-compliant switch does not forward LLDP packets, regardless of whether LLDP is globally enabled or disabled on the switch. One IP Address Advertisement Per-Port: LLDP advertises only one IP address per-port, even if multiple IP addresses are configured by lldp config <...

  • Page 419: Lldp And Cdp Data Management, Lldp And Cdp Neighbor Data

    LLDP packets received from neighbor devices. CDP operation is limited to reading incoming CDP packets from neighbor devices. (ProCurve switches do not generate CDP packets.) LLDP and CDP Neighbor Data With both LLDP and (read-only) CDP enabled on a switch port, the port can read both LLDP and CDP advertisements, and stores the data from both types of advertisements in its neighbor database.

  • Page 420

    Neighbors database. N o t e Because ProCurve switches do not generate CDP packets, they are not represented in the CDP data collected by any neighbor devices running CDP. A switch with CDP disabled forwards the CDP packets it receives from other devices, but does not store the CDP information from these packets in its own MIB.

  • Page 421: Cdp Operation And Commands

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Protocol State Packet Inbound Data Management Inbound Packet Forwarding Generation CDP Enabled Store inbound CDP data. No forwarding of inbound CDP packets. CDP Disabled No storage of CDP data from Floods inbound CDP packets neighbor devices.

  • Page 422

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Command Page show cdp 14-78 show cdp neighbors [< port-list > detail] 14-79 [detail < port-list >] [no] cdp run 14-80 [no] cdp enable < port-list > 14-80 N o t e For details on how to use an SNMP utility to retrieve information from the switch’s CDP Neighbors table maintained in the switch’s MIB (Management Information Base), refer to the documentation provided with the particular...

  • Page 423

    Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Viewing the Switch’s Current CDP Neighbors Table. Devices are listed by the port on which they were detected. Syntax: show cdp neighbors Lists the neighboring CDP devices the switch detects, with a subset of the information collected from the device’s CDP packet.

  • Page 424

    Disabling CDP on a port causes it to drop inbound CDP packets without recording their data in the CDP Neighbors table. Syntax: [no] cdp enable < [e] port-list > For example, to disable CDP on port A1: ProCurve(config)# no cdp enable a1 14-80...

  • Page 425

    Redundancy (Switch 8212zl) Contents Overview ........... . 15-3 Terminology .

  • Page 426

    Redundancy (Switch 8212zl) Contents Turning Off Redundant Management ......15-21 Disabling Redundancy with Two Modules Present ... . . 15-21 Disabling Redundancy With Only One Module Present .

  • Page 427

    Redundancy (Switch 8212zl) Overview Overview Redundancy provides the ability to keep your switch operating by using dual management modules, one active module and one standby module. In the event of a failure, the currently active management module will switchover to the standby management module, which then becomes the active management module.

  • Page 428: How The Management Modules Interact

    Redundancy (Switch 8212zl) Overview Primary Image. The software version stored in primary flash on each management module. Secondary Image. The software version stored in secondary flash on each management module. Selftest. A test performed at boot to ensure the management module is functioning correctly.

  • Page 429: Using Redundant Management, Displaying Redundancy Status

    N o t e You should be at the global configuration level when executing these commands, that is, Procurve(config)# as shown in the examples. You can display the status of both the management and fabric redundant modules using this command:...

  • Page 430: Enabling Or Disabling Redundant Management

    ---------- Failovers Last Failover : Slot Module Description Status SW Version Boot Image ---- ---------------------------------------- -------- ---------- ---------- ProCurve J9092A Management Module 8200zl Active K.12.30 Primary ProCurve J9092A Management Module 8200zl Standby K.12.30 Primary ProCurve J9093A Fabric Module 8200zl Enabled...

  • Page 431

    N o t e ProCurve recommends that you leave redundancy enabled. If the active management module has a hardware failure, the standby module may take over and may have an old configuration since file synchronization has not occurred.

  • Page 432: Directing The Standby Module To Become Active

    Last Failover : Tue Mar 19 12:42:31 2007 Slot Module Description Status SW Version Boot Image ---- ---------------------------------------- -------- ----------- --------- ProCurve J9092A Management Module 8200zl Offline K.12.30 Primary ProCurve J9092A Management Module 8200zl Active K.12.30 Primary ProCurve J9093A Fabric Module 8200zl...

  • Page 433: Setting The Active Management Module For Next Boot

    Redundancy (Switch 8212zl) Using Redundant Management ProCurve(config)# redundancy switchover This management module will now reboot from primary image and will become the standby module! You will need to use the other management module's console interface. Do you want to continue [y/n]? y...

  • Page 434

    Slot Module Description Status SW Version Boot Image ---- ---------------------------------------- ------ ---------- ---------- ProCurve J9092A Management Module 8200zl Standby K.12.30 Primary ProCurve J9092A Management Module 8200zl Active K.12.30 Primary ProCurve J9093A Fabric Module 8200zl Enabled ProCurve J9093A Fabric Module 8200zl Enabled Figure 15-5.

  • Page 435

    : 0 Last Failover : Slot Module Description Status SW Version Boot Image ---- ---------------------------------------- -------- ----------- --------- ProCurve J9092A Management Module 8200zl Active K.12.30 Primary ProCurve J9092A Management Module 8200zl Offline K.12.30 Primary ProCurve J9093A Fabric Module 8200zl Enabled...

  • Page 436: Enabling And Disabling Fabric Modules

    Failovers : 0 Last Failover : Slot Module Description Status SW Version Boot Image ---- ---------------------------------------- -------- ---------- ---------- ProCurve J9092A Management Module 8200zl Active K.12.30 Primary ProCurve J9092A Management Module 8200zl Standby K.12.30 Primary ProCurve J9093A Fabric Module 8200zl...

  • Page 437: Management Module Switchover, Events That Cause A Switchover, When Switchover Will Not Occur

    N o t e You should be at the global configuration level when executing these commands, that is, Procurve(config)# as shown in the examples. When Switchover Will not Occur There are some events for which a switchover is not triggered: When a boot system command is executed ■...

  • Page 438: Consequences Of Switchover, Resetting The Management Module

    C a u t i o n ProCurve does not recommend using the MM Reset button to trigger a switchover. Files being copied over at the time of the reset will be aborted.

  • Page 439: Hotswapping Management Modules, Hotswapping Out The Active Management Module

    Redundancy (Switch 8212zl) Hotswapping Management Modules Hotswapping Management Modules Hotswapping Out the Active Management Module You can hotswap out the active management module and have switch operations taken over by the standby management module by following the correct shutdown procedure on the active module using the MM Shutdown button.

  • Page 440: When The Standby Module Is Not Available, Hotswapping In A Management Module, And Hotswapped Module

    Redundancy (Switch 8212zl) Hotswapping Management Modules When the Standby Module is not Available If you have disabled redundancy with the configuration level command no redundancy management-module, or the standby module failed selftest, the Dwn LED will not turn green to indicate it is OK to hotswap out the active management module.

  • Page 441: Downloading A New Software Version, File Synchronization After Downloading

    Redundancy (Switch 8212zl) Downloading a New Software Version The hotswapped management module goes into standby mode and is ready to take over in case of a switchover. Downloading a New Software Version File Synchronization after Downloading After downloading a new software version to either the primary or secondary flash of the active management module, the software version is immediately copied to the corresponding flash (primary or secondary) of the standby module unless the standby module failed selftest or redundancy was disabled...

  • Page 442: Mismatches After Downloading

    ProCurve(config)# redundancy switchover This causes a switchover to the management module that received the new software version, which becomes the active management module. This method incurs the least amount of network downtime for booting.

  • Page 443: When The Config Files Are Different, When Both Software Version And Config File Are Different

    Redundancy (Switch 8212zl) Downloading a New Software Version C a u t i o n If you have booted one module out of primary flash and one module out of secondary flash, and the secondary flash is running a prior software version because the latest version was never copied over from the primary flash, you will have an software version mismatch.

  • Page 444

    Failovers : 0 Last Failover : Slot Module Description Status SW Version Boot Image ---- ---------------------------------------- -------- ---------- ---------- ProCurve J9092A Management Module 8200zl Active K.12.30 Primary ProCurve J9092A Management Module 8200zl Standby K.12.30 Primary ProCurve J9093A Fabric Module 8200zl...

  • Page 445: Downloading A Software Version Serially If The Management Module Is Corrupted, Turning Off Redundant Management

    ProCurve(config)# no redundancy management-module After executing this command, the second management module will not boot into standby mode; it is off line and no longer receives configuration file changes from the active module.

  • Page 446: Disabling Redundancy With Only One Module Present

    Failovers : 0 Last Failover : Slot Module Description Status SW Version Boot Image ---- ---------------------------------------- -------- ---------- ---------- ProCurve J9092A Management Module 8200zl Offline K.12.XX Primary ProCurve J9092A Management Module 8200zl Active K.12.XX Primary ProCurve J9093A Fabric Module 8200zl...

  • Page 447: Displaying Management Information, Active Management Module Commands, Show Module

    ProCurve J9093A Fabric Module 8200zl 1234SSN Enabled ProCurve J9093A Fabric Module 8200zl 5678SSN Disabled ProCurve J8708A 4p 10G CX4 zl Module 333333333333 ProCurve J8702A 24p Gig-T zl Module 444444444444 ProCurve J8702A 24p Gig-T zl Module 555555555555 ProCurve J8702A 24p Gig-T zl Module SG710AT0ZZ Figure 15-13.

  • Page 448: Show Redundancy, Show Flash

    Failovers : 0 Last Failover : Slot Module Description Status SW Version Boot Image ---- ---------------------------------------- -------- ---------- ---------- ProCurve J9092A Management Module 8200zl Standby K.12.30 Primary ProCurve J9092A Management Module 8200zl Active K.12.30 Secondary ProCurve J9093A Fabric Module 8200zl...

  • Page 449: Show Version

    The output of the show version command when redundancy is enabled is shown in Figure 15-16. ProCurve(config)# show version Management Module 1: Standby Image stamp: /sw/code/build/btm(t2g) 5 2007 13:20:59 K.12.XX...

  • Page 450: Show Log, Standby Management Module Commands, Show Redundancy

    The show log command displays the status of the switch and its management modules. See “Logging Messages” on page 15-41. To show log messages in reverse chronological order (most recent messages displayed first), enter show log -r. ProCurve(config)# show logging Keys: W=Warning I=Information...

  • Page 451: Show Flash, Show Version

    Failovers Last Failover : Mon Sep 26 09:50:40 2005 Slot Module Description Status SW Version Boot Image ---- ---------------------------------------- -------- ---------- ---------- ProCurve J9092A Management Module 8200zl Active K.12.30 Secondary ProCurve J9092A Management Module 8200zl Standby K.12.30 Primary ProCurve J9093A Fabric Module 8200zl...

  • Page 452

    Redundancy (Switch 8212zl) Displaying Management Information booted from on the next boot. Unlike executing the show version command on an active management module, this only shows the running version of software on the standby management module. Standby Console> show version Image stamp: /sw/code/build/btm(t2g) Mar 21 2007 15:03:31...

  • Page 453: Existing Cli Commands Affected By Redundant Management, Boot Command

    Redundancy (Switch 8212zl) Existing CLI Commands Affected by Redundant Management Existing CLI Commands Affected by Redundant Management Several existing commands have changes related to redundant management. Boot Command In redundant management systems, the boot or boot active command causes a switchover to the standby management module as long as the standby module is in standby mode.

  • Page 454

    Redundancy (Switch 8212zl) Existing CLI Commands Affected by Redundant Management Command Action Boot active Boots the active management module. The switch starts to boot from the default flash image. You can select which image to boot from during the boot process itself. See Figure 15-22.

  • Page 455: Setting The Default Flash For Boot

    Redundancy (Switch 8212zl) Existing CLI Commands Affected by Redundant Management ProCurve(config)# boot set-default flash secondary This command changes the location of the default boot. This command will change the default flash image to boot from secondary image. Hereafter, ‘reload’ and ‘boot’ commands will boot from secondary image. Do you want...

  • Page 456: Reload Command

    Boot Rom Version: K.12.01 Default Boot : Primary ProCurve(config)# boot set-default flash secondary This command changes the location of the default boot. This command will change the default flash image to boot from secondary image. Hereafter, ‘reload’ and ‘boot’ commands will boot from secondary image.

  • Page 457

    Failovers Last Failover : Mon April 30 09:10:11 2007 Slot Module Description Status SW Version Boot Image ---- ---------------------------------------- -------- ---------- ---------- ProCurve J9092A Management Module 8200zl Active K.12.30 Primary ProCurve J9092A Management Module 8200zl Standby K.12.30 Primary Figure 15-25. Example of Reload Command with Redundancy Enabled...

  • Page 458: Additional Commands Affected By Redundant Management

    Redundancy (Switch 8212zl) Existing CLI Commands Affected by Redundant Management Additional Commands Affected by Redundant Management The other existing commands operate with redundant management as shown below. Command Action auto-tftp If a new image is downloaded using auto-tftp, the active management module downloads the new software version to both the active and standby modules.

  • Page 459

    Redundancy (Switch 8212zl) Existing CLI Commands Affected by Redundant Management Command Action fastboot When fastboot is enabled, this information is saved to the standby management module when the config files are sync’d. The fastboot value is used during the next boot on both modules. front-panel-security This command and its options only affects the active management module.

  • Page 460: Using The Web Browser For Redundant Management, Identity Page

    The web browser interface can be used to display information about the active and standby management modules. To learn more about using the web browser interface on your switch, see the chapter “Using the ProCurve Web Browser Interface” in this guide.

  • Page 461: Overview Page, Redundancy Status Page

    Redundancy (Switch 8212zl) Using the Web Browser for Redundant Management Overview Page To view status information about the management modules select the Status tab, and then the Overview button. The following information is shown: ■ Which module is the active module and which is the standby module Version of software running on each management module ■...

  • Page 462: Device View Page

    Redundancy (Switch 8212zl) Using the Web Browser for Redundant Management Figure 15-28.Redundancy Status Page Showing Information about the Active and Standby Modules Device View Page The Device View page displays a graphical representation of the switch. Select the Configuration tab and then the Device View button. The information displayed includes: ■...

  • Page 463

    Redundancy (Switch 8212zl) Using the Web Browser for Redundant Management Figure 15-29. Device View Showing Two Management Modules 15-39...

  • Page 464: Management Module Led Behavior, Active (actv) Led Behavior

    Redundancy (Switch 8212zl) Management Module LED Behavior Management Module LED Behavior Active (Actv) LED Behavior The Actv (Active) LED shows the LED behavior for various states on the active and standby management modules. See Table 15-2 for the available states and what they indicate.

  • Page 465: Logging Messages, Log File

    For more information on command options available with the show logging command, see “CLI: Listing Events” in the “Troubleshooting” chapter of this guide. An example of the log file listing is shown in Figure 15-31. ProCurve(config)# show logging Keys: W=Warning I=Information...

  • Page 466: Crash Files, Displaying Boot History

    Redundancy (Switch 8212zl) Logging Messages Crash Files Crash logs for all modules are always available on the active management module. The copy crash-log and copy crash-data commands can be used to copy the information to a file of your choice. Syntax: copy crash-log [<slot-id>...

  • Page 467

    Redundancy (Switch 8212zl) Logging Messages ProCurve(config)# show boot-history Mgmt Module 1 -- Saved Crash Information (most recent first): ============================================================= Mgmt Module 1 in Active Mode went down: 06/07/07 14:48:36 Operator warm reload from CONSOLE session. Mgmt Module 1 in Active Mode went down: 06/07/07 11:43:10 Operator cold reboot from CONSOLE session.

  • Page 468: Notes On How The Active Module Is Determined

    Redundancy (Switch 8212zl) Notes on How the Active Module is Determined Notes on How the Active Module is Determined Both management modules run selftest routines as the first step in determining which module becomes the active management module and which becomes the standby management module. The module that was last active in the chassis is given precedence and becomes the “active”...

  • Page 469: Diagram Of Decision Process, Redundancy (switch 8212zl), Redundancy (switch 8212zl)

    Redundancy (Switch 8212zl) Notes on How the Active Module is Determined Diagram of Decision Process Both management modules start to boot Both modules fail Switch fails to boot selftest Module passing selftest One module fails becomes active selftest Both modules Module last booted in One module booted were booted...

  • Page 470: Event Log Messages

    Redundancy (Switch 8212zl) Event Log Messages Event Log Messages System Message Severity Description Mgmt module [1 or 2] went down info The specified management module went down without saving crash information without saving the crash information. RMON_BOOT_NO_CRASH_RECORD Mgmt module [1 or 2] went down info The specified management module was rebooted.

  • Page 471

    Redundancy (Switch 8212zl) Event Log Messages System Message Severity Description Mgmt Module [1 or 2] - Failover warn A switchover occurred because of a hardware or occurred software failure or because the management module reset button was pressed. RMON_SYSTEM_MGMT_FAILOVER Mgmt Module [1 or 2] - User initiated info The user has initiated switchover using the switchover occurred...

  • Page 472

    Redundancy (Switch 8212zl) Event Log Messages 15-48...

  • Page 473

    File Transfers Contents Overview ........... . A-3 Downloading Switch Software .

  • Page 474

    File Transfers Contents Transferring Switch Configurations ......A-25 TFTP: Copying a Configuration File to a Remote Host ..A-26 TFTP: Copying a Configuration File from a Remote Host .

  • Page 475: Downloading Switch Software, Overview

    Downloading Switch Software ProCurve periodically provides switch software updates through the ProCurve Networking web site. For more information, refer to the support and warranty booklet shipped with the switch, or visit www.procurve.com and click on software updates. After you acquire a new software version, you can...

  • Page 476: General Software Download Rules, Using Tftp To Download Switch Software From A Server

    A software version for the switch has been stored on a TFTP server accessible to the switch. (The software file is typically available from the ProCurve Networking web site at www.procurve.com.) The switch is properly connected to your network and has already been ■...

  • Page 477: Menu: Tftp Download From A Server To Primary Flash

    File Transfers Downloading Switch Software Menu: TFTP Download from a Server to Primary Flash Note that the menu interface accesses only the primary flash. 1. In the console Main Menu, select Download OS to display the screen in figure A-1. (The term “OS”, or “operating system” refers to the switch software): Figure A-1.

  • Page 478

    File Transfers Downloading Switch Software A “progress” bar indicates the progress of the download. When the entire software file has been received, all activity on the switch halts and you will see Validating and writing system software to FLASH... 7. After the primary flash memory has been updated with the new software, you must reboot the switch to implement the newly downloaded software.

  • Page 479: Cli: Tftp Download From A Server To Flash

    File Transfers Downloading Switch Software To find more information on the cause of a download failure, examine the messages in the switch’s Event Log by executing the show log tftp command from the CLI. (For more on the Event Log, see “Using the Event Log To Identify Problem Sources”...

  • Page 480

    File Transfers Downloading Switch Software This message means that the image you Dynamic counter continually displays the want to upload will replace the image number of bytes transferred. currently in primary flash. Figure A-4. Example of the Command to Download an OS (Switch Software) 2. When the switch finishes downloading the software file from the server, it displays this progress message: Validating and Writing System Software to FLASH …...

  • Page 481: Using Secure Copy And Sftp

    As described earlier in this chapter you can use a TFTP client on the admin­ istrator workstation to update software images. This is a plain text mechanism and it connects to a standalone TFTP server or another ProCurve switch acting as a TFTP server to obtain the software image file(s). Using SCP and SFTP allows you to maintain your switches with greater security.

  • Page 482: How It Works, The Scp/sftp Process

    File Transfers Downloading Switch Software N o t e SFTP over SSH version 1 (SSH v1) is not supported. A request from either the client or the switch (or both) using SSH v1 generates an error message. The actual text of the error message differs, depending on the client software in use.

  • Page 483: Disable Tftp And Auto-tftp For Enhanced Security

    ProCurve(config)# ip ssh filetransfer Disable TFTP and Auto-TFTP for Enhanced Security Using the ip ssh filetransfer command to enable Secure FTP (SFTP) automati­...

  • Page 484

    File Transfers Downloading Switch Software Enables/Disables TFTP. Note: If SFTP is enabled, this field will be set to No. You cannot use this field to enable TFTP if SFTP is enabled. Attempting to do so produces an Inconsistent value message in the banner below the Actions line. Figure A-6.

  • Page 485: Command Options

    As a matter of policy, administrators should not enable the SSHv1-only or the SSHv1-or-v2 advertisement modes. SSHv1 is supported on only some legacy switches (such as the ProCurve Series 2500 switches). To confirm that SSH is enabled type in the command...

  • Page 486: Authentication, Scp/sftp Operating Notes

    File Transfers Downloading Switch Software Authentication Switch memory allows up to ten public keys. This means the authentication and encryption keys you use for your third-party client SCP/SFTP software can differ from the keys you use for the SSH session, even though both SCP and SFTP use a secure SSH tunnel.

  • Page 487

    File Transfers Downloading Switch Software All files have read-write permission. Several SFTP commands, such as ■ create or remove, are not allowed and return an error message. The switch displays the following files: +---cfg running-config startup-config +---log crash-data crash-data-a crash-data-b crash-data-c 8212zl only crash-data-d...

  • Page 488: Workstation, Menu: Xmodem Download To Primary Flash

    File Transfers Downloading Switch Software Using Xmodem to Download Switch Software From a PC or UNIX Workstation This procedure assumes that: The switch is connected via the Console RS-232 port to a PC operating as ■ a terminal. (Refer to the Installation and Getting Started Guide you received with the switch for information on connecting a PC as a terminal and running the switch console interface.) ■...

  • Page 489: Primary Or Secondary Flash

    File Transfers Downloading Switch Software 6. After the primary flash memory has been updated with the new software, you must reboot the switch to implement the newly downloaded software. Return to the Main Menu and press [6] (for Reboot Switch). You will then see the following prompt: Continue reboot of system? : No Press the space bar once to change No to Yes, then press...

  • Page 490: Using Usb To Transfer Files To And From The Switch

    (For more on these commands, see “Rebooting the Switch” on page 6-19.) To confirm that the software downloaded correctly: ProCurve> show system Check the Firmware revision line. It should show the software version that you downloaded in the preceding steps.

  • Page 491: Using Usb To Download Switch Software

    This procedure assumes that: A software version for the switch has been stored on a USB flash drive. ■ (The latest software file is typically available from the ProCurve Network­ ing web site at www.procurve.com.) ■ The USB device has been plugged into the switch’s USB port.

  • Page 492: Switch-to-switch Download

    File Transfers Downloading Switch Software For example, to copy a switch software file named k0800.swi from a USB device to primary flash: 1. Execute copy as shown below: This message means that the image you Dynamic counter continually displays the want to upload will replace the image number of bytes transferred.

  • Page 493: Menu: Switch-to-switch Download To Primary Flash

    File Transfers Downloading Switch Software Menu: Switch-to-Switch Download to Primary Flash Using the menu interface, you can download a switch software file from either the primary or secondary flash of one switch to the primary flash of another switch of the same series. 1. From the switch console Main Menu in the switch to receive the down­...

  • Page 494: Cli: Switch-to-switch Downloads

    File Transfers Downloading Switch Software CLI: Switch-To-Switch Downloads Where two switches in your network belong to the same series, you can download a software image between them by initiating a copy tftp command from the destination switch. The options for this CLI feature include: ■...

  • Page 495: Using Pcm+ To Update Switch Software, Copying Software Images

    Figure A-9. Switch-to-Switch, from Either Flash in Source to Either Flash in Destination Using PCM+ to Update Switch Software ProCurve Manager Plus includes a software update utility for updating on ProCurve switch products. For further information, refer to the Getting Started Guide and the Administrator’s Guide, provided electronically with the application.

  • Page 496: Tftp: Copying A Software Image To A Remote Host

    For example, to copy the primary flash to a TFTP server having an IP address of 10.28.227.105: ProCurve# copy flash tftp 10.28.227.105 k0800.swi where k0800.swi is the filename given to the flash image being copied. Xmodem: Copying a Software Image from the Switch to a...

  • Page 497: Transferring Switch Configurations

    For example, to copy the primary image to a USB flash drive: Insert a USB device into the switch’s USB port. Execute the following command: Procurve# copy flash usb k0800.swi where k0800.swi is the name given to the primary flash image that is copied from the switch to the USB device.

  • Page 498: Tftp: Copying A Configuration File To A Remote Host

    For example, to upload the current startup configuration to a file named sw8200 in the configs directory on drive “d” in a TFTP server having an IP address of 10.28.227.105: ProCurve# copy startup-config tftp 10.28.227.105 d:\configs\sw8200 TFTP: Copying a Configuration File from a Remote Host Syntax: copy tftp <...

  • Page 499: Connected Pc Or Unix Workstation

    File Transfers Transferring Switch Configurations Syntax: copy < startup-config | running-config > xmodem < pc | unix > copy config < filename > xmodem < pc | unix > Uses Xmodem to copy a designated configuration file from the switch to a PC or Unix workstation. For more on multiple configuration files, refer to “Multiple Configuration Files”...

  • Page 500: Usb: Copying A Configuration File To A Usb Device

    File Transfers Transferring Switch Configurations For example, to copy a configuration file from a PC serially connected to the switch: 1. Execute the following command: 2. After you see the above prompt, press [Enter] 3. Execute the terminal emulator commands to begin the file transfer. 4. When the download finishes, you must reboot the switch to implement the newly downloaded software.

  • Page 501: Usb: Copying A Configuration File From A Usb Device, Transferring Acl Command Files

    Transferring ACL Command Files Execute the following command: Procurve# copy startup-config usb procurve-config where procurve-config is the name given to the configuration file that is copied from the switch to the USB device. USB: Copying a Configuration File from a USB Device To use this method, the switch must be connected via the USB port to a USB flash drive on which is stored the configuration file you want to copy.

  • Page 502: Tftp: Uploading An Acl Command File From A Tftp Server

    2. Copied the file to a TFTP server at 18.38.124.16. Using a PC workstation, you then execute the following from the CLI to upload the file to the switch and implement the ACL commands it contains: ProCurve(config)# copy tftp command-file 18.38.124.16 vlan10_in.txt pc The switch displays this message:...

  • Page 503

    File Transfers Transferring ACL Command Files To continue with the upload, press the key. To abort the upload, press the key. Note that if the switch detects an illegal (non-ACL) command in the file, it bypasses the illegal command, displays a notice as shown in figure A­ 10, and continues to implement the remaining ACL commands in the file.

  • Page 504: Usb: Uploading An Acl Command File From A Usb Device

    Using a PC workstation, you then execute the following from the CLI to upload the file to the switch and implement the ACL commands it contains: ProCurve(config)# copy usb command-file vlan10_in.txt pc The switch displays this message: Running configuration may change, do you want to continue...

  • Page 505: Copying Diagnostic Data To A Remote Host, Usb Device, Pc Or Unix Workstation

    File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation You can use the CLI to copy the following types of switch data to a text file in a destination device: Command Output: Sends the output of a switch CLI command as a file on ■...

  • Page 506: Copying Event Log Output To A Destination Device

    File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation At this point, press [Enter] and start the Xmodem command sequence in your terminal emulator. Indicates the operation is finished. Figure A-11. Example of Sending Command Output to a File on an Attached PC N o t e The command you specify must be enclosed in double-quote marks.

  • Page 507

    File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation Syntax: copy crash-data <source> <destination> [<ip-addr> |< filename> | unix | pc] These commands copy the crash data content from a specified source to a specified destination. source: Specifies the source of the data, which can be tftp, xmodem, command, usb, or any of the following switch files: running configuration file...

  • Page 508: Copying Crash Log Data Content To A Destination Device

    File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation Figure A-13. Example of Copying Switch Crash Data Content to a PC Copying Crash Log Data Content to a Destination Device Syntax: copy crash-log <source> <destination> [<hostname> |< filename> | unix | pc] These commands copy the Crash Log content from a specified source to a specified destination.

  • Page 509

    File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation For example, to copy the Crash Log for slot C to a file in a PC connected to the switch: At this point, press [Enter] and start the Xmodem command sequence in your terminal emulator.

  • Page 510

    File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation A-38...

  • Page 511

    Monitoring and Analyzing Switch Operation Contents Overview ........... . B-4 Status and Counters Data .

  • Page 512

    Monitoring and Analyzing Switch Operation Contents Web Browser Interface Status Information ....B-23 Traffic Mirroring ..........B-24 Terminology .

  • Page 513

    Monitoring and Analyzing Switch Operation Contents Local Mirroring Destination ......B-62 Remote Mirroring Destination Using a VLAN Interface and an ACL for Mirroring Criteria .

  • Page 514

    Monitoring and Analyzing Switch Operation Overview Overview The switches covered in this guide have several built-in tools for monitoring, analyzing, and troubleshooting switch and network operation: ■ Status: Includes options for displaying general switch information, man­ agement address data, port status, port and trunk group statistics, MAC addresses detected on each port or VLAN, and STP, IGMP, and VLAN data (page B-5).

  • Page 515: Status And Counters Data

    Monitoring and Analyzing Switch Operation Status and Counters Data Status and Counters Data This section describes the status and counters screens available through the switch console interface and/or the web browser interface. N o t e You can access all console screens from the web browser interface via Telnet to the console.

  • Page 516: Menu Access To Status And Counters

    Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access To Status and Counters Beginning at the Main Menu, display the Status and Counters menu by select­ ing: 1. Status and Counters Figure B-1. The Status and Counters Menu Each of the above menu items accesses the read-only screens described on the following pages.

  • Page 517: General System Information, Menu Access, Cli Access

    Monitoring and Analyzing Switch Operation Status and Counters Data General System Information Menu Access From the console Main Menu, select: 1. Status and Counters 1. General System Information Figure B-2. Example of General Switch Information This screen dynamically indicates how individual switch resources are being used.

  • Page 518: Switch Management Address Information, Menu Access, Cli Access

    Monitoring and Analyzing Switch Operation Status and Counters Data Switch Management Address Information Menu Access From the Main Menu, select: 1 Status and Counters … 2. Switch Management Address Information Figure B-3. Example of Management Address Information with VLANs Configured This screen displays addresses that are important for management of the switch.

  • Page 519: Module Information, Menu: Displaying Port Status

    Monitoring and Analyzing Switch Operation Status and Counters Data Module Information Use this feature to determine which slots have modules installed and which type(s) of modules are installed. Menu: Displaying Port Status From the Main Menu, select: 1. Status and Counters … 3.

  • Page 520: Cli Access

    ProCurve J9093A Fabric Module 8200zl 1234SSN Enabled ProCurve J9093A Fabric Module 8200zl 5678SSN Disabled ProCurve J8708A 4p 10G CX4 zl Module 333333333333 ProCurve J8702A 24p Gig-T zl Module 444444444444 ProCurve J8702A 24p Gig-T zl Module 555555555555 ProCurve J8702A 24p Gig-T zl Module SG710AT0ZZ Figure B-5.

  • Page 521: Menu: Displaying Port Status, Port Status, Cli Access, Web Access

    Monitoring and Analyzing Switch Operation Status and Counters Data Port Status The web browser interface and the console interface show the same port status data. Menu: Displaying Port Status From the Main Menu, select: 1. Status and Counters … 4. Port Status Figure B-6.

  • Page 522: Viewing Port And Trunk Group Statistics And Flow Control Status

    Monitoring and Analyzing Switch Operation Status and Counters Data Viewing Port and Trunk Group Statistics and Flow Control Status Feature Default Menu viewing port and trunk statistics for all page B-13 page B-14 page B-14 ports, and flow control status viewing a detailed summary for a page B-13 page B-14...

  • Page 523: Menu Access To Port And Trunk Statistics

    Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to Port and Trunk Statistics To access this screen from the Main Menu, select: 1. Status and Counters … 4. Port Counters Figure B-7. Example of Port Counters on the Menu Interface To view details about the traffic on a particular port, use the [v] key to highlight that port number, then select Show Details.

  • Page 524: Cli Access To Port And Trunk Group Statistics

    Monitoring and Analyzing Switch Operation Status and Counters Data CLI Access To Port and Trunk Group Statistics To Display the Port Counter Summary Report. Syntax: show interfaces This command provides an overview of port activity for all ports on the switch. To Display a Detailed Traffic Summary for Specific Ports.

  • Page 525: Viewing The Switch's Mac Address Tables, Menu Access To The Mac Address Views And Searches

    Monitoring and Analyzing Switch Operation Status and Counters Data Viewing the Switch’s MAC Address Tables Feature Default Menu viewing MAC addresses on all page B-15 page B-18 — ports on a specific VLAN viewing MAC addresses on a page B-17 page B-18 —...

  • Page 526

    Monitoring and Analyzing Switch Operation Status and Counters Data Figure B-9. Example of the Address Table To page through the listing, use Next page and Prev page. Finding the Port Connection for a Specific Device on a VLAN. This feature uses a device’s MAC address that you enter to identify the port used by that device.

  • Page 527

    Monitoring and Analyzing Switch Operation Status and Counters Data Port-Level MAC Address Viewing and Searching. This feature displays and searches for MAC addresses on the specified port instead of for all ports on the switch. 1. From the Main Menu, select: 1.

  • Page 528: Cli Access For Mac Address Views And Searches

    To List All Learned MAC Addresses on a VLAN, with Their Port Numbers. This command lists the MAC addresses associated with the ports for a given VLAN. For example: ProCurve# show mac-address vlan 100 N o t e The switches covered in this guide operate with a multiple forwarding database architecture.

  • Page 529: Spanning Tree Protocol (mstp) Information, Cli Access To Mstp Data

    Monitoring and Analyzing Switch Operation Status and Counters Data Spanning Tree Protocol (MSTP) Information CLI Access to MSTP Data This option lists the MSTP configuration, root data, and per-port data (cost, priority, state, and designated bridge). Syntax: show spanning-tree This command displays the switch’s global and regional spanning-tree status, plus the per-port spanning-tree operation at the regional level.

  • Page 530: Internet Group Management Protocol (igmp) Status

    Monitoring and Analyzing Switch Operation Status and Counters Data Internet Group Management Protocol (IGMP) Status The switch uses the CLI to display the following IGMP status on a per-VLAN basis: Show Command Output show ip igmp Global command listing IGMP status for all VLANs configured in the switch: •...

  • Page 531: Vlan Information

    Monitoring and Analyzing Switch Operation Status and Counters Data VLAN Information The switch uses the CLI to display the following VLAN status: Show Command Output show vlan Lists: • Maximum number of VLANs to support • Existing VLANs • Status (static or dynamic) •...

  • Page 532

    Monitoring and Analyzing Switch Operation Status and Counters Data Listing the VLAN ID (VID) and Status for Specific Ports. Because ports A1 and A2 are not members of VLAN­ 44, it does not appear in this listing. Figure B-15. Example of VLAN Listing for Specific Ports Listing Individual VLAN Status.

  • Page 533: Web Browser Interface Status Information

    Alert Log, which informs you of any problems that may have occurred on the switch. For more information on this screen, refer to the chapter titled “Using the ProCurve Web Browser Interface”. Port Utilization Graphs...

  • Page 534: Traffic Mirroring

    A switch can be configured as the destination for: ■ • 32 remote mirroring sessions originating on other ProCurve switches running software release K.12.xx. This allows simultaneous mirroring sessions configured on multiple source switches to be directed to one or more exit ports on a given exit switch previously configured to support those sessions.

  • Page 535

    Monitoring and Analyzing Switch Operation Traffic Mirroring • 4 local mirroring sessions originating on the same switch as the mirrored traffic ■ A switch can be the originator (source) of four mirroring sessions, with each session mirroring traffic associated with a list composed of ports and/or static trunks, a mesh, or a VLAN interface.

  • Page 536

    Allowing a mirroring exit port connection to a net­ work can result in serious network performance problems, and is strongly discouraged by ProCurve Networking. Remote Exit Switch: The destination switch for mirrored traffic when the source and destination of mirrored traffic are on different switches. Also termed the Remote Destination Switch.

  • Page 537: Mirrored Traffic Destinations, Local Destinations, Remote Destinations, Mirrored Traffic Sources

    A remote mirrored traffic destination is a ProCurve switch configured to operate as the exit switch for mirrored traffic sessions originating on other ProCurve switches. As of July, 2007, switches capable of this operation include the following ProCurve switches: 3500yl...

  • Page 538: Criteria For Selecting Traffic To Mirror, Mirrored Traffic Operation And Options, Mirroring Sessions

    Each of the four mirroring sessions supported at a mirroring source can have either the same or a different destination. Destination options include an exit port on the source (local) switch and/or on one remote ProCurve switch configured to support remote mirroring. This offers the following benefits: Mirrored traffic belonging to each session can be directed to the same ■...

  • Page 539

    Monitoring and Analyzing Switch Operation Traffic Mirroring You can reduce the risk of oversubscribing a single exit port by directing ■ traffic from different session sources to different exit ports ■ You can segregate traffic by type, direction, or source. A given switch can operate as both a source and a destination for mirroring sessions.

  • Page 540: Endpoint Switches And Intermediate Devices, Updating From A Legacy Mirroring Configuration

    Endpoint Switches and Intermediate Devices The endpoint switches used for remote mirroring source and remote mirroring exit functions must be ProCurve switches that support the mirroring functions described in this chapter. However, because remote mirroring on your ProCurve switch uses IPv4 encapsulation of mirrored traffic to remote desti­...

  • Page 541: Using The Menu Or Web Interface To Configure Local Mirroring, Menu And Web Interface Limits

    Monitoring and Analyzing Switch Operation Traffic Mirroring N o t e s Booting from Software Versions Earlier than K.12.xx: If it is necessary to boot the switch from a legacy (pre-K.12.xx) software version after using version K.12.xx or greater to configure mirroring, remove mirroring from the configuration before booting with the earlier software.

  • Page 542: Configuration Steps

    Monitoring and Analyzing Switch Operation Traffic Mirroring Configuration Steps N o t e s If mirroring has already been enabled on the switch, the Menu screens will appear differently than shown in this section. From the Main Menu, Select: 2. Switch Configuration... 3.

  • Page 543

    Monitoring and Analyzing Switch Operation Traffic Mirroring Move the cursor to the Monitoring Port parameter, then use the Space bar to select the local exit port. Figure B-19. How To Select a Local Exit Port 5. Use the Space bar to select the port to use for sending mirrored traffic to a locally connected traffic analyzer or IDS.

  • Page 544

    Monitoring and Analyzing Switch Operation Traffic Mirroring 8. Use the down arrow key to move the cursor to the Action column for the individual port interfaces and position the cursor at a port, trunk, or mesh you want to mirror. Use the down arrow key to select the interface(s) whose traffic you want to mirror to the local exit port.

  • Page 545: Cli: Configuring Local And Remote Mirroring

    Using the CLI you can configure a mirroring session to an exit port on either the same switch as the source interface (local mirroring) or on another switch (remote mirroring). (The remote switch must be a ProCurve switch offering the full mirroring capabilities described in this chapter.)

  • Page 546: General Steps For Using The Cli To Configure Mirroring

    For this reason, ProCurve strongly recommends that you configure the exit switch for a remote mirroring session before configuring the source switch for that same session.

  • Page 547

    Monitoring and Analyzing Switch Operation Traffic Mirroring After completing step 5b, the switch begins mirroring traffic to the remote destination for the configured session. Local Mirroring (Mirroring Source and Destination on the Same Switch). 1. Determine the session identity and local destination port: •...

  • Page 548: Quick Reference To Local Mirroring Set-up

    Monitoring and Analyzing Switch Operation Traffic Mirroring Quick Reference to Local Mirroring Set-Up These commands configure or remove mirroring where the mirroring source and destination are on the same switch. For command syntax details, refer to the pages listed after each heading. For each mirroring Source Switch option: The mirror command identifies the destination for the mirroring session.

  • Page 549: Quick Reference To Remote Mirroring Set-up

    Monitoring and Analyzing Switch Operation Traffic Mirroring The no form of the command removes vlan < vid-# > mirroring source from the specified session, but leaves the session available for other assignments. N o t e If session 1 is already configured with a destination, you can execute [no] vlan <...

  • Page 550

    Monitoring and Analyzing Switch Operation Traffic Mirroring (On the destination switch, the mirrored traffic entry port for a given session and the exit port for that session must belong to the same VLAN.) To Configure or Remove a Mirroring Session on a Source Switch Defines a Remote Mirroring Session on a Source Switch (Page B-43): mirror <...

  • Page 551: Determine The Mirroring Session Identity And Destination, Configure The Remote Mirroring Session On Destination Switch

    Monitoring and Analyzing Switch Operation Traffic Mirroring N o t e If session 1 is already configured with a destination, you can execute [no] vlan < vid > monitor or [no] interface < port > monitor without mirroring criteria and a mirror session number.

  • Page 552

    Monitoring and Analyzing Switch Operation Traffic Mirroring before the source switch is configured to send mirrored traffic. This is done by configuring the destination switch with the values determined for remote mirroring in step 1, above. N o t e A switch operating as a destination for mirrored traffic sessions can support 32 different remote sessions (and 4 local sessions).

  • Page 553: Configure The Mirroring Session On The Source Switch

    Monitoring and Analyzing Switch Operation Traffic Mirroring Syntax: mirror endpoint ip < src-ip > < src-udp-port > < dst-ip > < port-# > no mirror endpoint ip < src-ip > < src-udp-port > < dst-ip > < src-udp-port > : Must exactly match the < src-udp-port > setting you will configure in the source switch for the re­...

  • Page 554

    For this reason, ProCurve strongly recommends that you configure the exit switch for a remote mirroring session, as described under “2. Configure the Remote Mirroring Session on Destination Switch”...

  • Page 555

    Monitoring and Analyzing Switch Operation Traffic Mirroring Syntax: [no] mirror < 1 - 4 > [name < name-str >] remote ip < src-ip > < src-udp-port > < dst-ip > This command is used on the source switch to uniquely associate the mirrored traffic from a specific mirroring session with a specific, remote exit switch.

  • Page 556

    Monitoring and Analyzing Switch Operation Traffic Mirroring Syntax: [no] mirror < 1 - 4 > [name < name-str >] remote ip < src-ip > < src-udp-port > < dst-ip > < src-udp-port > : This value associates the configured mirroring session with a UDP port number. Where multiple sessions have the same source IP address (<...

  • Page 557: Configure Mirroring Sources, Traffic Selection Options, Mirroring Source Limits

    Monitoring and Analyzing Switch Operation Traffic Mirroring 4. Configure Mirroring Sources This action configures a source switch with the criteria for selecting the traffic to mirror, and assigns the configured source criteria to a previously configured mirroring session. Traffic Selection Options The traffic criteria includes one option from each of the following two selec­...

  • Page 558: Using Interface Identity And Direction Of Movement To Select The Traffic To Mirror From A Source Switch

    Monitoring and Analyzing Switch Operation Traffic Mirroring Using Interface Identity and Direction of Movement To Select the Traffic To Mirror from a Source Switch Use the commands in this section to configure mirrored traffic selection for either local or remote mirroring. Options for the selection criteria includes: ■...

  • Page 559

    Monitoring and Analyzing Switch Operation Traffic Mirroring — Continued from Preceding Page— mirror < 1 - 4 | < name-str >: Assigns the traffic defined by the interface and direction to a session by number or (if configured) by name. (The session must have been previously configured.

  • Page 560

    Monitoring and Analyzing Switch Operation Traffic Mirroring VLAN Interface with Traffic Direction as the Selection Criteria. Use this command when the direction of traffic movement on a specific VLAN interface defines the criteria for mirroring traffic.: Syntax: vlan < vid-# > monitor all < in | out | both > mirror < 1 - 4 | name-str > [<...

  • Page 561: Using Acl Assignment And Traffic Direction To Select The Traffic To Mirror From A Source Switch

    Monitoring and Analyzing Switch Operation Traffic Mirroring — Continued from Preceding Page— [ name < name-str >] : Optional; uses a previously configured alphanumeric identifier to associate the traffic source with the mirroring session. The string can be used interchangeably with the mirroring session number when using this command to assign a mirroring source to a session.

  • Page 562

    Monitoring and Analyzing Switch Operation Traffic Mirroring N o t e s If a mirroring session is configured with a mirroring source that uses an ACL for traffic selection, then no other mirroring sources can be configured to use that session. Conversely, if a mirroring session is already configured with a mirroring source that does not use an ACL, then the session cannot accept an additional mirroring source that does use an ACL.

  • Page 563

    Monitoring and Analyzing Switch Operation Traffic Mirroring — Continued from Preceding Page— monitor ip access-group < acl-name > in: For the interface specified by < port/trunk/mesh >, selects the IP traffic to mirror based on the selection criteria specified in the named ACL.

  • Page 564

    Monitoring and Analyzing Switch Operation Traffic Mirroring ACL (Access Control List) Selection Criteria for Mirroring from a VLAN Interface. Syntax: vlan < vid-# > monitor ip access-group < acl-name > in mirror < 1 - 4 | name-str > [< 1 - 4 | name-str >] [< 1 - 4 | name-str >] [<...

  • Page 565

    Monitoring and Analyzing Switch Operation Traffic Mirroring — Continued from Previous Page— [ name < name-str >] : Optional; uses a previously configured alphanumeric identifier to associate the traffic source with the mirroring session. The string can be used interchangeably with the mirroring session number when using this command to assign a mirroring source to a session.

  • Page 566: Displaying The Mirroring Configuration, Displaying The Mirroring Configuration Summary

    Monitoring and Analyzing Switch Operation Traffic Mirroring Displaying the Mirroring Configuration Displaying the Mirroring Configuration Summary This command displays a summary of the current source and destination mirroring configured on the switch. Syntax: show monitor If a remote mirroring source is configured on the switch, then the following fields appear.

  • Page 567

    For example, the following summary shows three mirroring sources (one local and two remote) and one remote mirroring destination configured on the switch. Local and Remote Mirroring Sources: ProCurve# show monitor • Session 1 is performing local mirroring from an ACL source. • Session 2 is performing remote Network Monitoring mirroring using non-ACL sources.

  • Page 568: Displaying The Remote Endpoint Configuration

    For example, the following output indicates that a switch is configured as the endpoint (destination) for two remote mirroring sessions from the same source. ProCurve(config)# show monitor endpoint Remote Mirroring - Remote Endpoints Type UDP Source Addr...

  • Page 569: On A Source Switch

    Monitoring and Analyzing Switch Operation Traffic Mirroring Displaying a Mirroring Session Configuration on a Source Switch Syntax: show monitor < 1 - 4 | name < name-str > This command displays the current configuration of a selected, local or remote mirroring session on a source switch. Session: Displays the numeric ID of the selected session.

  • Page 570

    For example, if you configure remote mirroring session 2 as shown in figure B-22, show monitor 2 displays the session 2 configuration in figure B-23, below. ProCurve(config)# mirror 2 name test-10 remote ip 10.10.10.1 8010 10.10.30.2 Caution: Please configure destination switch first.

  • Page 571: Viewing Mirroring In The Current Configuration File

    Using the show run command, you can view the current mirroring configura­ tion on the switch. Source mirroring session entries begin with the mirror keyword and the mirroring sources are listed per-interface. For example: ProCurve(config)# show run Running configuration: ; J9091A Configuration Editor; Created on release #K.12.XX max-vlans 300 ip access-list extended "100"...

  • Page 572: Mirroring Configuration Examples, Local Mirroring Destination

    Traffic Mirroring Destination mirroring session entries begin with mirror endpoint. In the follow­ ing example, two sessions are using the same exit port: ProCurve(config)# show run Running configuration: ; J9091A Configuration Editor; Created on release #K.12.XX module 3 type J8694A Configured Destination Mirroring Sessions .

  • Page 573: And An Acl For Mirroring Criteria

    C24. ProCurve(config)# mirror 1 port c24 Caution: Please configure destination switch first. Do you want to continue [y/n]? y ProCurve(config)# interface a5,b17 monitor all in mirror 1 Reminder to configure mirroring Assigns mirrored inbound destination before configuring traffic from ports A5 and source.

  • Page 574

    Monitoring and Analyzing Switch Operation Traffic Mirroring mirrored traffic enters switch D, port A10 in this example, must be in the same VLAN as the configured exit port. Switch A VLAN 10 10.10.10.119 Switch C Server VLAN 10 10.10.30.153 10.10.10.1 VLAN 20 Switch B 10.10.20.1...

  • Page 575

    Monitoring and Analyzing Switch Operation Traffic Mirroring Mirror Session Destination Mirror Session Mirror Session Identity from Exit Port the Source Switch (Session IP Address 1 on Both Switches) Switch-D(config)# mirror endpoint 10.10.10.119 9300 10.10.30.2 port a15 Switch-D(config)# mirror endpoint 10.10.20.145 9300 10.10.30.2 port a15 Figure B-30.

  • Page 576: And Directional Mirroring Criteria

    Monitoring and Analyzing Switch Operation Traffic Mirroring Except for the differences in source VLAN and IP address, the configuration for switch B is the same as for switch 1 (figure B-31). Switch-B(config)# mirror 1 remote ip 10.10.20.145 9300 10.10.30.2 Caution: Please configure destination switch first. Do you want to continue [y/n]? y Switch-B(config)# access-list 100 permit tcp any host 10.10.30.153 eq telnet...

  • Page 577

    Monitoring and Analyzing Switch Operation Traffic Mirroring Switch A VLAN 10 Switch C 10.10.10.119 VLAN 10 10.10.10.1 Server VLAN 20 10.10.30.153 Switch B 10.10.20.1 VLAN 20 VLAN 30 Switch D 10.10.20.145 10.10.30.1 VLAN 30 Traffic 10.10.30.2 Analyzer 1 VLAN 40 10.10.40.1 Traffic Analyzer 2...

  • Page 578: Maximum Supported Frame Size, Enabling Jumbo Frames To Increase The Mirroring Path Mtu

    Monitoring and Analyzing Switch Operation Traffic Mirroring Mirror Session Mirror Session 2 Identity Destination Switch-A(config)# mirror 2 remote ip 10.10.10.119 9400 10.10.40.1 Caution: Please configure destination switch first. Do you want to continue [y/n]? y Switch-A(config)# interface c12 monitor all in mirror 2 Mirror Directional Criteria for Interface to...

  • Page 579: Untagged, Mirrored Traffic

    Monitoring and Analyzing Switch Operation Traffic Mirroring Table B-2. Maximum Frame Sizes for Mirroring Frame Type Maximum VLAN Frame Mirrored Frame Mirrored to Configuration Frame to Local Port Remote Port Size Data Data IPv4 Header Non-Jumbo 1518 1518 1464 (default config.) Jumbo on All VLANs 9216...

  • Page 580

    Monitoring and Analyzing Switch Operation Traffic Mirroring Tagged 10 Gbps VLAN link. Adds 4 bytes to each frame. 6200yl Router in the 8212zl Aggregator Mirror Path Remote 1Gbps Mirror Destination Untagged 1 Gbps VLAN Links Traffic 3500yl 3500yl Analyzer Mirror Source Mirror Source Due to VLAN tagging on the 10 Gbps link, untagged traffic from the mirror sources must...

  • Page 581

    Monitoring and Analyzing Switch Operation Traffic Mirroring Effect of IGMP on Mirroring: If both inbound and outbound mirroring ■ is operating when IGMP is enabled on any VLAN, two copies of mirrored IGMP frames may appear at the mirroring destination. ■...

  • Page 582: Troubleshooting Mirroring, Locating A Device

    A mirroring exit port should be connected only to a network analyzer, IDS, or other network edge device that has no connection to other network resources. Allowing a mirroring exit port connection to a network can result in serious network performance problems, and is strongly discouraged by ProCurve Networking. Locating a Device If you are trying to locate a particular switch you can enter the chassislocate command.

  • Page 583

    Turns the chassis Locate LED on for a selected number of minutes (default is 30 minutes). Turns the chassis Locate LED off. ProCurve(config)# chassislocate blink <1-1440> Blink the chassis locate led (default 30 minutes). Turn the chassis locate led off.

  • Page 584

    Monitoring and Analyzing Switch Operation Locating a Device B-74...

  • Page 585

    Troubleshooting Contents Overview ........... . C-4 Troubleshooting Approaches .

  • Page 586

    Troubleshooting Contents Show Logging ......... C-30 CLI: Clearing Event Log Entries .

  • Page 587

    Troubleshooting Contents Clear/Reset: Resetting to the Factory-Default Configuration . C-64 Restoring a Flash Image ........C-65...

  • Page 588

    N o t e ProCurve periodically places switch software updates on the ProCurve Net­ working web site. ProCurve recommends that you check this web site for software updates that may have fixed a problem you are experiencing. For information on support and warranty provisions, refer to the Support and...

  • Page 589: Troubleshooting Approaches

    Troubleshooting Approaches Troubleshooting Approaches Use these approaches to diagnose switch problems: ■ Check the ProCurve Networking web site for software updates that may have solved your problem: www.procurve.com ■ Check the switch LEDs for indications of proper switch operation: •...

  • Page 590: Browser Or Telnet Access Problems

    Troubleshooting Browser or Telnet Access Problems Browser or Telnet Access Problems Cannot access the web browser interface: Access may be disabled by the Web Agent Enabled parameter in the switch ■ console. Check the setting on this parameter by selecting: 2.

  • Page 591

    Troubleshooting Browser or Telnet Access Problems Cannot Telnet into the switch console from a station on the network: ■ Off subnet management stations can lose Telnet access if you enable routing without first configuring a static (default) route. That is, the switch uses the IP default gateway only while operating as a Layer 2 device.

  • Page 592: Unusual Network Activity, General Problems

    Unusual network activity is usually indicated by the LEDs on the front of the switch or measured with the switch console interface or with a network management tool such as ProCurve Manager. Refer to the Installation Guide you received with the switch for information on using LEDs to identify unusual network activity.

  • Page 593: Q Prioritization Problems, Acl Problems

    Troubleshooting Unusual Network Activity This can also happen, for example, if the server is first configured to issue IP addresses with an unlimited duration, then is subsequently configured to issue IP addresses that will expire after a limited duration. One solution is to configure “reservations”...

  • Page 594

    Troubleshooting Unusual Network Activity Indicates that routing is enabled; a require­ ment for ACL operation. (There is an exception. Refer to the Note, below.) Figure C-1. Indication that Routing Is Enabled Note If an ACL assigned to a VLAN includes an ACE referencing an IP address on the switch itself as a packet source or destination, the ACE screens traffic to or from this switch address regardless of whether IP routing is enabled.

  • Page 595

    Troubleshooting Unusual Network Activity Error (Invalid input) when entering an IP address. When using the “host” option in the command syntax, ensure that you are not including a mask in either dotted decimal or CIDR format. Using the “host” option implies a specific host device and therefore does not permit any mask entry.

  • Page 596

    Troubleshooting Unusual Network Activity that happens to include the switch’s IP address. For an example of this problem, refer to the section titled “General ACL Operating Notes” in the “Access Control Lists (ACLs)” chapter of the latest Access Security Guide for your switch. Routing Through a Gateway on the Switch Fails Configuring a “deny”...

  • Page 597: Igmp-related Problems

    Troubleshooting Unusual Network Activity To avoid inadvertently blocking the remote gateway for authorized traffic from another network (such as the 20 Net in this example): 1. Configure an ACE that specifically permits authorized traffic from the remote network. 2. Configure narrowly defined ACEs to block unwanted IP traffic that would otherwise use the gateway.

  • Page 598: Lacp-related Problems, Mesh-related Problems, Port-based Access Control (802.1x)-related Problems

    Removing a port from a trunk without first disabling the port can create a traffic loop that can slow down or halt your network. Before removing a port from a trunk, ProCurve recommends that you either disable the port or disconnect it from the LAN.

  • Page 599

    Troubleshooting Unusual Network Activity Verify that the switch has the correct IP address for each RADIUS server. ■ Ensure that the radius-server timeout period is long enough for network ■ conditions. The switch does not authenticate a client even though the RADIUS server is properly configured and providing a response to the authentication request.

  • Page 600

    Troubleshooting Unusual Network Activity Port A9 shows an “Open” status even though Access Control is set to Unauthorized (Force Auth). This is because the port-access authenticator has not yet been activated. Figure C-5. Authenticator Ports Remain “Open” Until Activated RADIUS server fails to respond to a request for service, even though the server’s IP address is correctly configured in the switch.

  • Page 601: Qos-related Problems, Radius-related Problems

    Troubleshooting Unusual Network Activity Also, ensure that the switch port used to access the RADIUS server is not blocked by an 802.1X configuration on that port. For example, show port- access authenticator < port-list > gives you the status for the specified ports. Also, ensure that other factors, such as port security or any 802.1X configura­...

  • Page 602: Spanning-tree Protocol (mstp) And Fast-uplink Problems

    Troubleshooting Unusual Network Activity Ensure that the radius-server timeout period is long enough for network ■ conditions. ■ Verify that the switch is using the same UDP port number as the server. RADIUS server fails to respond to a request for service, even though the server’s IP address is correctly configured in the switch.

  • Page 603: Ssh-related Problems

    Troubleshooting Unusual Network Activity Broadcast Storms Appearing in the Network. This can occur when there are physical loops (redundant links) in the topology.Where this exists, you should enable MSTP on all bridging devices in the topology in order for the loop to be detected. STP Blocks a Link in a VLAN Even Though There Are No Redundant Links in that VLAN.

  • Page 604

    Troubleshooting Unusual Network Activity Executing IP SSH does not enable SSH on the switch. The switch does not have a host key. Verify by executing show ip host-public-key. If you see the message ssh cannot be enabled until a host key is configured (use 'crypto' command).

  • Page 605: Tacacs-related Problems

    Troubleshooting Unusual Network Activity TACACS-Related Problems Event Log. When troubleshooting TACACS+ operation, check the switch’s Event Log for indications of problem areas. All Users Are Locked Out of Access to the Switch. If the switch is func­ tioning properly, but no username/password pairs result in console or Telnet access to the switch, the problem may be due to how the TACACS+ server and/or the switch are configured.

  • Page 606

    Troubleshooting Unusual Network Activity The encryption key configured in the server does not match the ■ encryption key configured in the switch (by using the tacacs-server key command). Verify the key in the server and compare it to the key configured in the switch.

  • Page 607: Timep, Sntp, Or Gateway Problems, Vlan-related Problems

    Troubleshooting Unusual Network Activity TimeP, SNTP, or Gateway Problems The Switch Cannot Find the Time Server or the Configured Gateway . TimeP, SNTP, and Gateway access are through the primary VLAN, which in the default configuration is the DEFAULT_VLAN. If the primary VLAN has been moved to another VLAN, it may be disabled or does not have ports assigned to it.

  • Page 608

    Troubleshooting Unusual Network Activity Link supporting VLAN_1 and VLAN_2 Switch “Y” Switch “X” Port Y- 7 Port X-3 VLAN Port Assignment VLAN Port Assignment Port VLAN_1 VLAN_2 Port VLAN_1 VLAN_2 Untagged Tagged Untagged Tagged Figure C-8. Example of Correct VLAN Port Assignments on a Link 1. If VLAN_1 (VID=1) is configured as “Untagged”...

  • Page 609: Fan Failure

    When two or more fans fail, a tow-minute timer starts. After two minutes, the switch is powered down and must be rebooted to restart it. This protects the switch from possible overheating. ProCurve recommends that you replace a failed fan tray assembly within one minute of removing it. C-25...

  • Page 610: Using The Event Log To Identify Problem Sources

    W (warning) indicates that a service has behaved unexpectedly. M (major) indicates that a severe switch error has occurred. (debug) reserved for ProCurve internal diagnostic information. Date is the date in mm/dd/yy format that the entry was placed in the log.

  • Page 611

    Troubleshooting Using the Event Log To Identify Problem Sources The Event Log will be erased if power to the switch is interrupted. (The Event Log is not erased by using the Reboot Switch command in the Main Menu.) Table C-1. Event Log System Modules Module Event Description...

  • Page 612: Menu: Entering And Navigating In The Event Log

    Troubleshooting Using the Event Log To Identify Problem Sources Module Event Description Module Event Description Transmission control tftp File transfer for new OS or config. Menu: Entering and Navigating in the Event Log From the Main Menu, select Event Log. Keys: W=Warning I=Information...

  • Page 613: Cli: Listing Events, Log Command

    Troubleshooting Using the Event Log To Identify Problem Sources CLI: Listing Events Log Command The log command displays log events, including those from previous boot cycles. You can use the command with different options to refine the output. Syntax: log [-a | -r | -m | -p | -i | -d | substring ...] Displays log events.

  • Page 614: Show Logging, Cli: Clearing Event Log Entries

    Troubleshooting Using the Event Log To Identify Problem Sources Show Logging The show logging command causes event log provides various options to display log messages including support of keyword searches. Syntax: show logging [-a, -r] [<search-text>] Uses the CLI to list: • Events recorded since the last boot of the switch • All events recorded • Event entries containing a specific keyword, either since...

  • Page 615: Cli: Turning Event Numbering On, Reducing Duplicate Event Log And Snmp Trap Messages

    Troubleshooting Using the Event Log To Identify Problem Sources CLI: Turning Event Numbering On Syntax: [no] log-number Turns event numbering on or off Reducing Duplicate Event Log and SNMP Trap Messages A recurring event can generate a series of duplicate Event Log messages and SNMP traps in a relatively short time.

  • Page 616

    Troubleshooting Using the Event Log To Identify Problem Sources Example of Log Message Throttling. For example, suppose that you con­ figure VLAN 100 on the switch to support PIM operation, but do not configure an IP address. If PIM attempted to use VLAN 100, the switch would generate the first instance of the following Event Log message and counter.

  • Page 617

    Troubleshooting Using the Event Log To Identify Problem Sources These two messages report separate events involving separate log throttle periods and separate counters. W 10/01/06 09:00:33 PIM:No IP address configured on VID 100 (1) W 10/01/06 09:00:33 PIM:No IP address configured on VID 205 (1) Figure C-13.

  • Page 618: Debug And Syslog Messaging Operation

    Troubleshooting Debug and Syslog Messaging Operation Debug and Syslog Messaging Operation The switch’s Event Log records switch-level progress, status, and warning messages. The Debug/System-Logging (Syslog) feature provides a method for recording messages you can use to help in debugging network-level problems, such as routing misconfigurations and other network protocol details.

  • Page 619: Debug Command Operation

    Series 2600 switches and the Switch 6108 (software release H.07.30 or ■ greater) For the latest feature information on ProCurve switches, visit the ProCurve Networking web site and check the latest release notes for the switch products you use. ■...

  • Page 620: Debug Types

    Troubleshooting Debug and Syslog Messaging Operation Except as noted below, rebooting the switch returns the debug destination and debug message types to their default settings (disabled). N o t e Using the logging < dest-ip-addr > command to configure a Syslog server address creates an exception to the above general operation.

  • Page 621

    Troubleshooting Debug and Syslog Messaging Operation — Continued from Preceding Page — event Configures the switch to send Event Log messages to the configured debug destination(s). Note: This has no effect on event notification messages the switch routinely sends to the Event Log itself. Also, this debug type is automatically enabled in these cases: • If there is currently no Syslog server address configured and you use logging <...

  • Page 622: Debug Destinations

    The session can be on any one terminal emula­ tion device with serial, Telnet, or SSH access to the CLI at the Manager level prompt (ProCurve#_ ). If more than one terminal device has a console session with the CLI, you can redirect the destination from the current device to another device.

  • Page 623: Syslog Operation

    Troubleshooting Debug and Syslog Messaging Operation Syslog Operation Syslog is a client-server logging tool that allows a client switch to send event notification messages to a networked device operating with Syslog server software. Messages sent to a Syslog server can be stored to a file for later debugging analysis.

  • Page 624: Viewing The Debug Configuration, Steps For Configuring Debug And Syslog Messaging

    — cron/at subsystem sys10 - sys14 — Reserved for system use local10 - local17 — Reserved for system use For a listing of applicable ProCurve switches, refer to the Note on page C-35. Viewing the Debug Configuration Syntax: show debug This command displays the currently configured debug log­...

  • Page 625

    3. Enable the debug types for which you want messages sent to the Syslog server(s) and/or the current session device: ProCurve# debug < acl | all | event | ip [ospf-opt]> Repeat this step if necessary to enable multiple debug types.

  • Page 626

    Troubleshooting Debug and Syslog Messaging Operation Example: Suppose that there are no Syslog servers configured on the switch (the default). Configuring one Syslog server enables debug logging to that server and also enables Event Log messages to be sent to the server. Displays the default debug configuration.

  • Page 627: Operating Notes For Debug And Syslog

    Troubleshooting Debug and Syslog Messaging Operation Configure a Syslog server IP. (Assumes no other Syslog server IP in configuration.) This is an active debug destination for any configured debug types. Display resulting configuration. Remove unwanted event message logging to debug destinations. Configure the debug types you want sent to the Syslog server and the...

  • Page 628

    Troubleshooting Debug and Syslog Messaging Operation Debug commands do not affect message output to the Event Log. ■ As a separate option, invoking debug with the event option causes the switch to send Event Log messages to whatever debug destination(s) you configure (session and/or logging), as well as to the Event Log.

  • Page 629: Diagnostic Tools, Port Auto-negotiation, Ping And Link Tests

    Troubleshooting Diagnostic Tools Diagnostic Tools Diagnostic Features Feature Default Menu Port Auto negotiation Ping Test — page C-48 page C-47 Link Test — page C-48 page C-47 Display Config File — page C-57 page C-58 Admin. and Troubleshooting — page C-60 —...

  • Page 630

    Troubleshooting Diagnostic Tools N o t e To respond to a Ping test or a Link test, the device you are trying to reach must be IEEE 802.3-compliant. Ping Test. This is a test of the path between the switch and another device on the same or another IP network that can respond to IP packets (ICMP Echo Requests).

  • Page 631: Web: Executing Ping Or Link Tests

    Troubleshooting Diagnostic Tools Web: Executing Ping or Link Tests 1. Click here. 2. Click here. 3. Select Ping Test (the default) or Link Test 4. For a Ping test, enter the IP address of the target device. For a Link test, enter the MAC address of the target device.

  • Page 632: Cli: Ping Or Link Tests

    Troubleshooting Diagnostic Tools Number of Packets to Send is the number of times you want the switch to attempt to test a connection. Timeout in Seconds is the number of seconds to allow per attempt to test a connection before determining that the current attempt has failed. To halt a Link or Ping test before it concludes, click on the Stop button.

  • Page 633

    Troubleshooting Diagnostic Tools Link Tests. You can issue single or multiple link tests with varying repeti­ tions and timeout periods. The defaults are: ■ Repetitions: 1 (1 - 999) Timeout: 5 seconds (1 - 256 seconds) ■ Syntax: link < mac-address > [repetitions < 1 - 999 >] [timeout < 1 - 256 >] [vlan <...

  • Page 634: Dns Resolver, Terminology, Basic Operation

    Troubleshooting Diagnostic Tools DNS Resolver The Domain Name System (DNS) resolver is designed for use in local network domains where it enables use of a host name or fully qualified domain name to perform ping and traceroute operations from the switch. Terminology Domain Suffix —...

  • Page 635

    DNS server. Example. Suppose the switch is configured with the domain suffix mygroup.procurve.net and the IP address for an accessible DNS server. If an operator wants to use the switch to ping a host using the DNS name “leader”...

  • Page 636: And Traceroute Commands

    DNS server configured on the switch, a traceroute command using the target’s fully qualified DNS name should succeed. Fully Qualified Host Name for ProCurve# traceroute remote-01.common.group.net the Target Host traceroute to 10.22.240.73 1 hop min, 30 hops max, 5 sec. timeout, 3 probes 1 10.28.229.3...

  • Page 637: Configuring A Dns Entry, Example Using Dns Names With Ping And Traceroute

    Troubleshooting Diagnostic Tools Configuring a DNS Entry The switch allows one DNS server entry, which includes the DNS server IP address and the chosen domain suffix. Configuring the entry enables the use of ping and traceroute with a target’s host name instead of the target’s IP address Syntax: [no] ip dns server-address <...

  • Page 638

    With the above already configured, the following commands enable ping and traceroute with the host name docserver to reach the document server at 10.28.229.219. ProCurve(config)# ip dns server-address 10.28.229.10 ProCurve(config)# ip dns domain-name pubs.outdoors.com Figure C-22. Configuring Switch “A” in FigureC-21 To Support DNS Resolution...

  • Page 639

    Troubleshooting Diagnostic Tools ProCurve# ping docservr 10.28.229.219 is alive, time = 1 ms ProCurve# traceroute docservr First-Hop Router (“B”) traceroute to 10.28.229.219 1 hop min, 30 hops max, 5 sec. timeout, 3 probes 1 10.28.192.2 1 ms 0 ms 0 ms 2 10.28.229.219...

  • Page 640: Viewing The Current Dns Configuration, Operating Notes

    The show ip command displays the current DNS configuration along with other IP configuration information. If the switch configuration currently includes a non-default (non-null) DNS entry, it will also appear in the show run command output. ProCurve# show ip Internet (IP) Service IP Routing : Disabled Default Gateway : 10.28.192.2...

  • Page 641: Displaying The Configuration File, Event Log Messages, Cli: Viewing The Configuration File

    Troubleshooting Diagnostic Tools Switch-Initiated DNS packets go out through the VLAN having the ■ best route to the DNS server, even if a Management VLAN has been configured. The traceroute command output shows only IP addresses. ■ ■ The DNS server address must be manually input. It is not be automat­ ically determined via DHCP.

  • Page 642: Web: Viewing The Configuration File, Listing Switch Configuration And Operation Details

    Troubleshooting Diagnostic Tools Syntax: write terminal Displays the running configuration. show config Displays the startup configuration. show running-config Displays the running-config file. Web: Viewing the Configuration File To display the running configuration, through the web browser interface: Click on the Diagnostics tab. Click on [Configuration Report] Use the right-side scroll bar to scroll through the configuration listing.

  • Page 643

    Output 3. Click [Start] to create and open the text file. 4. Execute show tech: ProCurve# show tech a. Each time the resulting listing halts and displays -- MORE --, press the Space bar to resume the listing. b. When the CLI prompt appears, the show tech listing is complete. At this point, click on Transfer | Capture Text | Stop in HyperTerminal to stop copying data into the text file created in the preceding steps.

  • Page 644: Cli Administrative And Troubleshooting Commands

    Troubleshooting Diagnostic Tools N o t e Remember to do the above step to stop HyperTerminal from copying into the text file. Otherwise, the text file remains open to receiving additional data from the HyperTerminal screen. To access the file, open it in Microsoft Word, Notepad, or a similar text editor.

  • Page 645: Traceroute Command

    Troubleshooting Diagnostic Tools kill Terminates all other active sessions. Traceroute Command The traceroute command enables you to trace the route from the switch to a host address. This command outputs information for each (router) hop between the switch and the destination address. Note that every time you execute traceroute, it uses the same default settings unless you specify otherwise for that instance of the command.

  • Page 646

    Troubleshooting Diagnostic Tools [probes < 1-5 > For the current instance of traceroute, changes the number of queries the switch sends for each hop in the route. For any instance of traceroute, if you want a probes value other than the default, you must specify that value.

  • Page 647

    Troubleshooting Diagnostic Tools Timeouts (indicated by one asterisk per probe, per hop; refer to figure ■ C-29, above.) Unreachable hosts ■ ■ Unreachable networks ■ Interference from firewalls Hosts configured to avoid responding ■ Executing traceroute where the route becomes blocked or otherwise fails results in an output marked by timeouts for all probes beyond the last detected hop.

  • Page 648: Restoring The Factory-default Configuration, Cli: Resetting To The Factory-default Configuration

    ■ Clear/Reset button combination N o t e ProCurve recommends that you save your configuration to a TFTP server before resetting the switch to its factory-default configuration. You can also save your configuration via Xmodem, to a directly connected PC.

  • Page 649: Restoring A Flash Image

    Troubleshooting Restoring a Flash Image Restoring a Flash Image The switch can lose its operating system if either the primary or secondary flash image location is empty or contains a corrupted OS file and an operator uses the erase flash command to erase a good OS image file from the opposite flash location.

  • Page 650

    Troubleshooting Restoring a Flash Image 4. Since the OS file is large, you can increase the speed of the download by changing the switch console and terminal emulator baud rates to a high speed. For example: Change the switch baud rate to 115,200 Bps. =>...

  • Page 651

    Troubleshooting Restoring a Flash Image Figure C-31. Example of Xmodem Download in Progress 8. When the download completes, the switch reboots from primary flash using the OS image you downloaded in the preceding steps, plus the most recent startup-config file. C-67...

  • Page 652

    Troubleshooting Restoring a Flash Image C-68...

  • Page 653

    MAC Address Management Contents Overview ........... . D-2 Determining MAC Addresses .

  • Page 654

    MAC Address Management Overview Overview The switch assigns MAC addresses in these areas: ■ For management functions, one Base MAC address is assigned to the default VLAN (VID = 1). (All VLANs on the switches covered in this guide use the same MAC address.) For internal switch operations: One MAC address per port (Refer to “CLI: ■...

  • Page 655: Determining Mac Addresses

    MAC Address Management Determining MAC Addresses Determining MAC Addresses MAC Address Viewing Methods Feature Default Menu view switch’s base (default vlan) MAC address — and the addressing for any added VLANs view port MAC addresses (hexadecimal format) n/a — — ■...

  • Page 656: Menu: Viewing The Switch's Mac Addresses

    MAC Address Management Determining MAC Addresses Menu: Viewing the Switch’s MAC Addresses The Management Address Information screen lists the MAC addresses for: ■ Base switch (default VLAN; VID = 1) Any additional VLANs configured on the switch. ■ Also, the Base MAC address appears on a label on the back of the switch. N o t e The Base MAC address is used by the first (default) VLAN in the switch.

  • Page 657: Cli: Viewing The Port And Vlan Mac Addresses

    ProCurve# walkmib ifPhysAddress (The above command is not case-sensitive.) For example, a ProCurve 8212zl switch with the following module configura­ tion shows MAC address assignments similar to those shown in figure D-2: a 4-port module in slot A, a 24-port module in slot C, and no modules in ■...

  • Page 658

    MAC Address Management Determining MAC Addresses ProCurve# walkmib ifphysaddress ifPhysAddress.1 - 4: Ports A1 - A4 in Slot A ifPhysAddress.1 = 00 12 79 88 b1 ff (Addresses 5 - 24 in slot A are unused.) ifPhysAddress.2 = 00 12 79 88 b1 fe ifPhysAddress.3 = 00 12 79 88 b1 fd...

  • Page 659: Viewing The Mac Addresses Of Connected Devices

    MAC Address Management Viewing the MAC Addresses of Connected Devices Viewing the MAC Addresses of Connected Devices Syntax: show mac-address Lists the MAC addresses of the devices the switch has detected, along with the number of the specific port on which each MAC address was detected.

  • Page 660

    MAC Address Management Viewing the MAC Addresses of Connected Devices D-8...

  • Page 661

    Monitoring Resources Contents Viewing Information on Resource Usage ..... . . E-2 Policy Enforcement Engine ........E-2 Displaying Current Resource Usage .

  • Page 662: Viewing Information On Resource Usage, Policy Enforcement Engine

    Monitoring Resources Viewing Information on Resource Usage Viewing Information on Resource Usage The switch allows you to view information about the current usage and availability of resources in the Policy Enforcement engine, including the following software features: ■ Access control lists (ACLs) ■...

  • Page 663: Displaying Current Resource Usage

    Monitoring Resources Viewing Information on Resource Usage Resource usage by the following features, which are configured globally or per-VLAN, applies across all slots with installed modules: ■ ACLs QoS configurations ■ Management VLAN configuration ■ ■ DHCP snooping ■ Dynamic ARP protection Remote-mirroring endpoint configuration ■...

  • Page 664

    IDM resources on ports 25-48, and ICMP rate-limiting usage of different resource levels on ports 1-24 and 25-48, and on slot A. The “IDM” column shows the rules used for RADIUS-based authentication with or without the IDM option. ProCurve# show access-list resources Resource usage in Policy Enforcement Engine Rules...

  • Page 665: When Insufficient Resources Are Available

    If virus throttling is enabled on a port and a large amount of IPv6 traffic goes through that port, the CPU resources may be used up. ProCurve recommends that you do not enable virus throttling on any port that may receive large amounts of IPv6 traffic.

  • Page 666

    Monitoring Resources When Insufficient Resources Are Available E-6...

  • Page 667

    • ProCurve AdvanceStack Routers ProCurve switches provide a way to automatically adjust the system clock for Daylight Savings Time (DST) changes. To use this feature you define the month and date to begin and to end the change from standard time. In addition to the value “none”...

  • Page 668

    Daylight Savings Time on ProCurve Switches Middle Europe and Portugal: • Begin DST at 2am the first Sunday on or after March 25th. • End DST at 2am the first Sunday on or after September 24th. Southern Hemisphere: • Begin DST at 2am the first Sunday on or after October 25th.

  • Page 669

    Daylight Savings Time on ProCurve Switches Before configuring a “User defined” Daylight Time Rule, it is important to understand how the switch treats the entries. The switch knows which dates are Sundays, and uses an algorithm to determine on which date to change the system clock, given the configured “Beginning day”...

  • Page 670

    Daylight Savings Time on ProCurve Switches F-4...

  • Page 671

    Index Symbols auto MDI/MDI-X port mode, display … 10-16 Auto-10 … 12-4, 12-7, 12-18 => prompt … C-65 autonegotiate … 14-53 auto-tftp … A-8 Numerics downloading image … A-8 redundant management … A-8 802.1X effect, LLDP … 14-74 LLDP blocked … 14-41 bandwidth displaying port utilization …...

  • Page 672

    changing priority level … 11-14 after first reboot … 6-30 changing threshold … 11-14 applications … 6-27 Clear + Reset button combination … 6-38 asterisk … 6-31 Clear button … 5-10 backupConfig … 6-28 restoring factory default configuration … C-64 change policy …...

  • Page 673

    ending a session … 3-5 DHCP snooping features … 2-3 resource usage … E-2 Main menu … 3-7 DHCP/Bootp differences … 8-13 navigation … 3-9, 3-10 DHCP/Bootp process … 8-12 operation … 3-10 DHCP/Bootp, LLDP … 14-49 starting a session … 3-4 diagnostics tools …...

  • Page 674

    resource usage … E-2 friendly port names dynamic port ACLs … E-2 See port names, friendly. edge ports … 13-4 gateway … 8-3, 8-5, 8-12 Emergency Location Id Number … 14-34, 14-62 routing fails … C-12 ending a console session … 3-5 gateway (IP) address …...

  • Page 675

    effect on port trunks … 13-14 TTL … 8-7, 8-10 effects of … 13-11 using for web browser interface … 5-4 event log messages … 13-15 web access … 8-10 interface support … 13-14 IP address monitoring/mirroring … 13-14 for SNMP management … 14-3 network application …...

  • Page 676

    advertisement, optional data … 14-50 advertisements, delay interval … 14-45 LACP CDP neighbor data … 14-75 802.1X, not allowed … 12-21 chassis ID … 14-49 active … 12-15 chassis type … 14-49 blocked ports … 12-23 clear statistics counters … 14-71 CLI access …...

  • Page 677

    packet boundaries … 14-36 displaying speed … 14-68 packet dropped … 14-36 ELIN … 14-62 packet time-to-live … 14-39 enable or disable … 14-37 packet-forwarding … 14-36, 14-74 endpoint support … 14-53 packets not forwarded … 14-35 fast start control … 14-57 per-port counters …...

  • Page 678

    manager password … 5-8, 5-10 duplicate frames, IGMP … B-71 Manual, IP address … 8-6 effect of STP state … B-70 MD5 authentication … 14-9 encapsulation … B-31 MDI/MDI-X configuration, display … 10-16 encryption … B-71 MDI/MDI-X operation … 10-15 endpoint …...

  • Page 679

    monitor, autoconfig session 1 … B-39, B-48, Web interface … B-29 B-50, B-53, B-54, B-71 Web limits … B-31 MTU … B-68, B-71 mirroring, entry port … B-25 operating notes … B-70 MLTS … 14-35 overload on destination … B-30 monitoring oversized frames …...

  • Page 680

    creating … 5-8 priority class, defined … 11-4 delete … 3-7, 5-10 priority policies … 11-24 if you lose the password … 5-10 priority, port … 11-8, 11-10 lost … 5-10 PSE, defined … 11-4 manager … 5-8 QoS classifiers … 11-24 operator …...

  • Page 681

    … 11-5 IGMP … 12-8 Procurve limit … 12-2 support URL … 5-13 limit, combined … 12-19 Procurve, HP, URL … 14-4 link requirements … 12-3 prompt, => … C-65 logical port … 12-8 PSAP … 14-35 media requirements … 12-7 PSE …...

  • Page 682

    rate display for ports … 10-9 redundancy active-management … 15-9 rate-limiting redundancy switchover … 15-8 caution … 13-4 reload … 6-4, 6-20, 15-32 configuration … 13-5, 13-12 remote intelligent mirroring displaying configuration … 13-6, 13-13 See mirroring. edge ports … 13-4 Remote mirroring effect of flow control …...

  • Page 683

    communities … 14-4, 14-5, 14-13, 14-14 Communities screen … 14-11 scheduled reboot … 6-25 configure … 14-4, 14-5 SCP/SFTP IP … 14-3 enabling … A-10 mirroring … B-30 session limit … A-14 notification, LLDP secure copy SNMP notification … 14-38 See SCP/SFTP public community …...

  • Page 684

    operating modes … 9-2 switch setup menu … 3-8 poll interval switch software See also TimeP copy from a USB device … A-18 selecting … 9-3 download using TFTP … A-4 show management … 9-9 download, failure indication … A-7 unicast mode …...

  • Page 685

    tftp receiver … 14-19 copying a configuration file … A-26 SNMP … 14-20 threshold setting … 14-5, 14-13 trap notification … 14-47 thresholds, SNMP … 14-19 trap receiver … 14-4, 14-5 time format … C-26 configuring … 14-19, 14-21 time protocol troubleshooting selecting …...

  • Page 686

    … 13-31 management … 5-13 management VLAN, resource usage … E-2 management server … 5-12, 5-13 management VLAN, SNMP block … 14-3 Procurve … 5-13, 14-4 mirroring … B-4, B-24 support … 5-12, 5-13 multinet … 8-3 USB multinetting …...

  • Page 687

    web browser interface copy command output … A-33 access parameters … 5-8 copy crash data … A-34 alert log … 5-20 copy crash log … A-36 alert log details … 5-21 copy event log output … A-34 bandwidth adjustment … 5-18 copying a configuration file …...

  • Page 688

    18 – Index...

  • Page 690

    Technical information in this document is subject to change without notice. © Copyright 2007 Hewlett-Packard Development Company, L.P. Reproduction, adaptation, or translation without prior written permission is prohibited except as allowed under the copyright laws. September 2007 Manual Part Number...

This manual also for:

Procurve 8200zl

Comments to this Manuals

Symbols: 0
Latest comments: