Page of 483
Download Print This PagePrint Bookmark
   
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483
management and
configuration guide
hp procurve
switch 4108gl
www.hp.com/go/hpprocurve

Advertising

   Summary of Contents for HP 4108GL

  • Page 1

    4108gl www.hp.com/go/hpprocurve...

  • Page 3

    HP Procurve Switch 4108GL Software Release G.01.xx or Later Management and Configuration Guide...

  • Page 4

    Publication Number 5969-2378 May 2001 Applicable Product HP Procurve Switch 4108GL (J4865A) Trademark Credits Microsoft, Windows, Windows 95, and Microsoft Windows NT are registered trademarks of Microsoft Corporation. Internet Explorer is a trademark of Microsoft Corporation. Ethernet is a registered trademark of Xerox Corporation.

  • Page 5: Just Want A Quick Start

    Documentation This guide describes how to use the command line interface (CLI), menu interface, and web browser interface for the HP Procurve Switch 4108GL— also referred to as the Switch 4108GL. If you need information on specific parameters in the menu interface, refer to the online help provided in the interface.

  • Page 6: To Set Up And Install The Switch In Your Network

    Preface To Set Up and Install the Switch in Your Network Use the HP Procurve Switch 4108GL Installation and Getting Started Guide (shipped with the switch) to guide you in the following: Physically installing the switch in your network Quickly assigning an IP address and subnet mask, set a Manager pass-...

  • Page 7: Table Of Contents, Using The Menu Interface, Using The Command Line Interface (cli)

    Rebooting the Switch ........

  • Page 8: Table Of Contents, Using The Hp Web Browser Interface

    Web Browser Interface Requirements ......4-4 Starting an HP Web Browser Interface Session with the Switch . . 4-5 Using a Standalone Web Browser in a PC or UNIX Workstation .

  • Page 9: Table Of Contents, Switch Memory And Configuration, Interface Access And System Information, Configuring Ip Addressing

    Rebooting the Switch ........

  • Page 10: Table Of Contents, Time Protocols

    Web: Configuring IP Addressing ....... 7-9 How IP Addressing Affects Switch Operation ....7-9 Globally Assigned IP Network Addresses .

  • Page 11: Table Of Contents

    General Authentication Setup Procedure ..... . 9-11 Configuring TACACS+ on the Switch ......9-14 How Authentication Operates .

  • Page 12: Table Of Contents

    Incoming CDP Packets ........12-15 Configuring CDP on the Switch ......12-18 Viewing the Switch’s Current CDP Configuration .

  • Page 13: Table Of Contents, Port-based Virtual Lans (vlans) And Gvrp

    Configuring CDP Operation ....... . . 12-21 Effect of Spanning Tree (STP) On CDP Packet Transmission ..12-23 How the Switch Selects the IP Address To Include in Outbound CDP Packets 12-24 CDP Neighbor Data and MIB Objects .

  • Page 14: Table Of Contents

    Planning for GVRP Operation ....... 14-37 Configuring GVRP On a Switch ......14-37 GVRP Operating Notes .

  • Page 15: Table Of Contents, Monitoring And Analyzing Switch Operation

    General System Information ....... . . 17-5 Switch Management Address Information ..... . 17-6 Module Information .

  • Page 16: Table Of Contents

    Using Xmodem to Download an OS Image From a PC or UNIX Workstation Switch-to-Switch Download ....... . . A-9 Using the HP TopTools for Hubs &...

  • Page 17: Table Of Contents

    Selecting a Management Interface Contents Overview ............1-2 Understanding Management Interfaces .

  • Page 18: Overview, Understanding Management Interfaces

    Advantages of using each interface Understanding Management Interfaces Management interfaces enable you to reconfigure the switch and to monitor switch status and performance. The HP Switch 4108GL offers the following interfaces: Menu interface—a menu-driven interface offering a subset of switch commands through the built-in VT-100/ANSI console—page 1-3...

  • Page 19: Advantages Of Using The Menu Interface

    • Software downloads Offers out-of-band access (through the RS-232 connection) to the switch, so network bottlenecks, crashes, lack of configured or correct IP address, and network downtime do not slow or prevent access Enables Telnet (in-band) access to the menu functionality.

  • Page 20: Advantages Of Using The Cli

    Advantages of Using the CLI Advantages of Using the CLI Figure 1-2. Example of The Command Prompt Provides access to the complete set of the switch configuration, perfor- mance, and diagnostic features. Offers out-of-band access (through the RS-232 connection) or Telnet (in- band) access.

  • Page 21: Advantages Of Using The Hp Web Browser Interface

    Advantages of Using the HP Web Browser Interface Figure 1-3. Example of the HP Web Browser Interface Easy access to the switch from anywhere on the network Familiar browser interface--locations of window objects consistent with commonly used browsers, uses mouse clicking for navigation, no...

  • Page 22: Advantages Of Using Hp Toptools For Hubs & Switches

    Selecting a Management Interface Advantages of Using HP TopTools for Hubs & Switches Advantages of Using HP TopTools for Hubs & Switches You can operate HP TopTools from a PC on the network to monitor traffic, manage your hubs and switches, and proactively recommend network changes to increase network uptime and optimize performance.

  • Page 23

    Advantages of Using HP TopTools for Hubs & Switches • Notifies you when HP hubs use “self-healing” features to fix or limit common network problems. • Provides a list of discovered devices, with device type, connectivity status, the number of new or open alerts for each device, and the type of management for each device.

  • Page 24

    Selecting a Management Interface Advantages of Using HP TopTools for Hubs & Switches...

  • Page 25: Contents

    Rebooting the Switch ........

  • Page 26

    Event Log, and the Operator level in the CLI. After you configure passwords on the switch and log off of the interface, access to the menu interface (and the CLI and web browser interface) will require entry of either the Manager or Operator password.

  • Page 27: Starting And Ending A Menu Session

    Starting and Ending a Menu Session You can access the menu interface using any of the following: A direct serial connection to the switch’s console port, as described in the installation guide you received with the switch A Telnet connection to the switch console from a networked PC or the switch’s web browser interface.

  • Page 28: How To Start A Menu Interface Session

    • A PC terminal emulator or terminal • Telnet (You can also use the stack Commander if the switch is a stack member. See Chapter 13, “HP Procurve Stack Management”). Do one of the following: • If you are using Telnet, go to step 3.

  • Page 29: How To End A Menu Session And Exit From The Console:

    For a description of Main Menu features, see “Main Menu Features” on page 2-7. N o t e To configure the switch to start with the menu interface instead of the CLI, go to the Manager level prompt in the CLI, enter the command, and in the...

  • Page 30

    Telnet session. If you have made configuration changes that require a switch reboot— that is, if an asterisk (*) appears next to a configured item or next to Switch Configuration in the Main Menu: Return to the Main Menu.

  • Page 31: Main Menu Features

    The Main Menu gives you access to these Menu interface features: Status and Counters: Provides access to display screens showing switch information, port status and counters, port and VLAN address tables, and spanning tree information. (See Chapter 17, “Monitoring and Analyzing Switch Operation”.)

  • Page 32

    16 switches in the same subnet (broadcast domain). See Chapter 13, “HP Procurve Stack Management”. Logout: Closes the Menu interface and console session, and disconnects Telnet access to the switch. (See “How to End a Menu Session and Exit from the Console” on page 2-5.)

  • Page 33: Screen Structure And Navigation

    Screen Structure and Navigation Menu interface screens include these three elements: Parameter fields and/or read-only information such as statistics Navigation and configuration actions, such as Save, Edit, and Cancel Help line to describe navigation options, individual parameters, and read- only data For example, in the following System Information screen: Screen title –...

  • Page 34

    (or flash) memory, and it is therefore not necessary to reboot the switch after making these changes. But if an asterisk appears next to any menu item you reconfigure, the switch will not activate or save the change for that item until you reboot the switch.

  • Page 35

    To get Help on individual parameter descriptions. In most screens there is a Help option in the Actions line. Whenever any of the items in the Actions line is highlighted, press [H], and a separate help screen is displayed. For example: Highlight on any item in the Actions line indicates that the...

  • Page 36: Rebooting The Switch

    To Reboot the switch, use the Reboot Switch option in the Main Menu. (Note that the Reboot Switch option is not available if you log on in Operator mode; that is, if you enter an Operator password instead of a manager password at the password prompt.)

  • Page 37

    If you make configuration changes in the menu interface that require a reboot, the switch displays an asterisk (*) next to the menu item in which the change has been made. For example, if you change and save the value for the...

  • Page 38: Menu Features List

    Using the Menu Interface Menu Features List Menu Features List Status and Counters • General System Information • Switch Management Address Information • Port Status • Port Counters • Address Table • Port Address Table • Spanning Tree Information Switch Configuration •...

  • Page 39: Where To Go From Here

    Option To use the Run Setup option To use the Procurve Stack Manager To view and monitor switch status and counters To learn how to configure and use passwords To learn how to use the Event Log...

  • Page 40

    Using the Menu Interface Where To Go From Here 2-16...

  • Page 41: Chapter Contents

    Using the Command Line Interface (CLI) Chapter Contents Overview ............3-2 Accessing the CLI .

  • Page 42: Accessing The Cli, Overview, Using The Cli

    Overview The CLI is a text-based command interface for configuring and monitoring the switch. The CLI gives you access to the switch’s full set of commands while providing the same password protection that is used in the web browser interface and the menu interface.

  • Page 43: Privilege Levels At Logon

    CLI levels. (For more on setting passwords, see page 9-3.) When you use the CLI to log on to the switch, and passwords are set, you will be prompted to enter a password. For example: Password Prompt Figure 3-1.

  • Page 44: Privilege Level Operation, Operator Privileges

    A ">" character delimits the Operator-level prompt. For example: When using enable to move to the Manager level, the switch prompts you for the Manager password if one has already been configured.

  • Page 45: Manager Privileges

    Global Configuration level: Provides all Operator and Manager level privileges, and enables you to make configuration changes to any of the switch’s software features. The prompt for the Global Configuration level includes the system name and " config command at the Manager prompt. For example: (Enter config at the Manager prompt.)

  • Page 46

    Execute context-specific configuration commands, such as a particular VLAN or switch port. This is useful for shortening the command strings you type, and for entering a series of commands for the same context. For a list of available commands, enter at the prompt.

  • Page 47: How To Move Between Levels

    —or— Moving Between the CLI and the Menu Interface. When moving between interfaces, the switch retains the current privilege level (Manager or Operator). That is, if you are at the Operator level in the menu and select the Command Line Interface (CLI) option from the Main Menu, the CLI prompt appears at the Operator level.

  • Page 48: Listing Commands And Command Options, Listing Commands Available At Any Privilege Level

    (If you subsequently execute write memory in the CLI, then the switch also stores "Y" as the IP address for VLAN 1 in the startup-config file. (For more on the startup-config and running config files, see Chapter 5X, “Switch Memory and Configuration”.)

  • Page 49

    Typing ? at the Manager level produces this listing: When - - MORE - - appears, use the Space bar or [Return] to list additional commands. Figure 3-4. Example of the Manager-Level Command Listing When - - MORE - - appears, there are more commands in the listing. To list the next screenfull of commands, press the Space bar.

  • Page 50: Command Option Displays

    Using the Command Line Interface (CLI) Using the CLI As mentioned above, if you type part of a command word and press [Tab], the CLI completes the current word (if you have typed enough of the word for the CLI to distinguish it from other possibilities), including hyphenated exten- sions.

  • Page 51: Displaying Cli "help", Displaying Cli "help

    Help summaries for both the Operator and Manager levels, and so on. help Syntax: For example, to list the Operator-Level commands with their purposes: Using the Command Line Interface (CLI) Using the CLI This example displays the command options for configuring port C5 on the switch. 3-11...

  • Page 52

    Using the Command Line Interface (CLI) Using the CLI Figure 3-7. Example of Context-Sensitive Command-List Help Displaying Help for an Individual Command. You can display Help for any command that is available at the current context level by entering enough of the command string to identify the command, along with help.

  • Page 53: Configuration Commands And The Context Configuration Modes

    However, using a context mode enables you to execute context-specific commands faster, with shorter command strings. The Switch 4108GL offers interface (port or trunk group) and VLAN context configuration modes: Port or Trunk-Group Context . Includes port- or trunk-specific commands that apply only to the selected port(s) or trunk group, plus the global configuration, Manager, and Operator commands.

  • Page 54

    Using the Command Line Interface (CLI) Using the CLI The remaining commands in the listing are Manager, Operator, and context commands. Figure 3-10. Context-Specific Commands Affecting Port Context 3-14 Lists the commands you can use in the port or static trunk context, plus the Manager, Operator, and context commands you can execute...

  • Page 55

    VLAN, plus Manager and Operator commands. The prompt for this mode includes the VLAN ID of the selected VLAN. For example, if you had already configured a VLAN with an ID of 100 in the switch: In the VLAN...

  • Page 56: Cli Control And Editing

    Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing Keystrokes [Ctrl] [A] [Ctrl] [B] or [<] [Ctrl] [C] [Ctrl] [D] [Ctrl] [E] [Ctrl] [F] or [>] [Ctrl] [K] [Ctrl] [L] or [Ctrl] [R] [Ctrl] [N] or [v] [Ctrl] [P] or [^] [Ctrl] [U] or [Ctrl] [X] [Ctrl] [W]...

  • Page 57

    Web Browser Interface Requirements ......4-4 Starting an HP Web Browser Interface Session with the Switch ..4-5 Using a Standalone Web Browser in a PC or UNIX Workstation .

  • Page 58

    Using the HP Web Browser Interface Overview Overview The HP web browser interface built into the switch lets you easily access the switch from a browser-based PC on your network. This lets you do the following: Optimize your network uptime by using the Alert Log and other diagnostic...

  • Page 59: General Features

    General Features The Switch 4108GL include these web browser interface features: Switch Configuration: • Ports • VLANs and Primary VLAN • Fault detection • Port monitoring (mirroring) • System information • Enable/Disable Multicast Filtering (IGMP) and Spanning Tree • •...

  • Page 60: Web Browser Interface Requirements

    • Microsoft® Internet Explorer 4.x UNIX: Netscape Navigator 4.5 or later Microsoft Windows® 95 and Windows NT Standard UNIX® OS For the HP ProCurve Switch 4108GL, use HP J2569R or later. Recommended 120 MHz Pentium 120 MHz 32 Mbytes 1,024 x 768...

  • Page 61: Starting An Hp Web Browser Interface Session With The Switch

    This procedure assumes that you have a supported web browser (page 4-4) installed on your PC or workstation, and that an IP address has been config- ured on the switch. (For more on assigning an IP address, refer to "IP Configuration" on page 7-3.) Make sure the Java applets are enabled for your browser.

  • Page 62: Using Hp Toptools For Hubs & Switches

    Using the HP Web Browser Interface Starting an HP Web Browser Interface Session with the Switch Type the IP address (or DNS name) of the switch in the browser Location or Address field and press [Enter]. (It is not necessary to include http://.)

  • Page 63

    Figure 4-1. Example of Status Overview Screen N o t e The above screen appears somewhat different if the switch is configured as a stack Commander. For an example, see figure 1-3 on page 1-5. Starting an HP Web Browser Interface Session with the Switch...

  • Page 64: Tasks For Your First Hp Web Browser Interface Session, Viewing The "first Time Install" Window

    Set access to the web browser interface online help Viewing the “First Time Install” Window When you access the switch’s web browser interface for the first time, the Alert log contains a “First Time Install” alert, as shown in figure 4-2. This gives...

  • Page 65: Creating Usernames And Passwords In The Browser Interface

    Interface You may want to create both a username and password to create access security for your switch. There are two levels of access to the interface that can be controlled by setting user names and passwords: Operator. An Operator-level user name and password allows read-only access to most of the web browser interface, but prevents access to the Security window.

  • Page 66

    Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Figure 4-3. The Device Passwords Window To set the passwords: Access the Device Passwords screen by one of the following methods: • If the Alert Log includes a “First Time Install” event entry, double click on this event, then, in the resulting display, click on the secure access to the device link.

  • Page 67: Using The Passwords, Using The User Names

    The manager and operator passwords are used to control access to all switch interfaces. Once set, you will be prompted to supply the password every time you try to access the switch through any of its interfaces. The password you enter determines the capability you have during that session:...

  • Page 68: Online Help For The Hp Web Browser Interface, If You Lose A Password

    If You Lose a Password If you lose the passwords, you can clear them by pressing the Clear button on the front of the switch. This action deletes all password and user name protection from all of the switch’s interfaces.

  • Page 69: Support/mgmt Urls Feature

    HP TopTools for Hubs & Switches. 3. Enter URLs for: - the support information source you want the switch to access when you click on the web browser interface Support tab – the default is HP’s ProCurve network products World Wide Web...

  • Page 70: Support Url, Help And The Management Server Url

    Using the HP Web Browser Interface Support/Mgmt URLs Feature Support URL This is the site that the switch accesses when you click on the Support tab on the web browser interface. The default URL is: http://www.hp.com/go/procurve which is the World Wide Web site for Hewlett-Packard’s networking products.

  • Page 71

    Policy Management and Configuration. HP Top Tools for Hubs & Switches can perform network-wide policy management and configuration of your switch. The Management Server URL field identifies the management station that is performing that function. For more information, refer to the documentation provided on the HP TopTools for Hubs &...

  • Page 72: Status Reporting Features, The Overview Window

    Using the HP Web Browser Interface Status Reporting Features Status Reporting Features Browser elements covered in this section include: The Overview window (below) Port utilization and status (page 4-17) The Alert log (page 4-20) The Status bar (page 4-23) The Overview Window The Overview Window is the home screen for any entry into the web browser interface.The following figure identifies the various parts of the screen.

  • Page 73: The Port Utilization And Status Displays, Port Utilization

    The Port Utilization and Status Displays The Port Utilization and Status displays show an overview of the status of the switch and the amount of network activity on each port. The following figure shows a sample reading of the Port Utilization and Port Status.

  • Page 74

    Using the HP Web Browser Interface Status Reporting Features Maximum Activity Indicator: As the bars in the graph area change height to reflect the level of network activity on the corresponding port, they leave an outline to identify the maximum activity level that has been observed on the port.

  • Page 75

    Note that the Port Fault-Disabled symbol will be displayed in the legend only if one or more of the ports is in that status. See chapter 7, “Monitoring and Analyzing Switch Operation” for more information.

  • Page 76: The Alert Log, Sorting The Alert Log Entries

    The web browser interface Alert Log, shown in the lower half of the screen, shows a list of network occurrences, or alerts, that were detected by the switch. Typical alerts are Broadcast Storm, indicating an excessive number of broadcasts received on a port, and Problem Cable, indicating a faulty cable. A full list of alerts is shown in the table on page 4-21.

  • Page 77: Alert Types

    Table 4-2. Alert String Alert Description First Time Install Important installation information for your switch. Too many undersized/ A device connected to this port is transmitting packets shorter than 64 bytes or longer than giant packets 1518 bytes (longer than 1522 bytes if tagged), with valid CRCs (unlike runts, which have invalid CRCs).

  • Page 78: Viewing Detail Views Of Alert Log Entries

    Status Reporting Features N o t e When troubleshooting the sources of alerts, it may be helpful to check the switch’s Port Status and Port Counter windows and the Event Log in the console interface. Viewing Detail Views of Alert Log Entries By double clicking on Alert Entries, the web browser interface displays a Detail View or separate window detailing information about the events.

  • Page 79: The Status Bar

    Normal Activity Yellow Warning Critical System Name. The name you have configured for the switch by using Identity screen, system name command, or the switch console System Information screen. Most Critical Alert Description. A brief description of the earliest, unacknowledged alert with the current highest severity in the Alert Log, appearing in the right portion of the Status Bar.

  • Page 80: Setting Fault Detection Policy

    Using the HP Web Browser Interface Status Reporting Features Product Name. The product name of the switch to which you are connected in the current web browser interface session. Setting Fault Detection Policy One of the powerful features in the web browser interface is the Fault Detection facility.

  • Page 81

    High Sensitivity. This policy directs the switch to send all alerts to the Alert Log. This setting is most effective on networks that have none or few problems. Medium Sensitivity. This policy directs the switch to send alerts related to network problems to the Alert Log. If you want to be notified of problems which cause a noticeable slowdown on the network, use this setting.

  • Page 82

    Using the HP Web Browser Interface Status Reporting Features 4-26...

  • Page 83

    Rebooting the Switch ........

  • Page 84: Overview Of Configuration File Management, Overview

    How the switch provides OS (operating system) options through primary/ secondary flash image options How to use the switch’s primary and secondary flash options, including displaying flash information, booting or restarting the switch, and other topics Overview of Configuration File...

  • Page 85

    Running Config File: Exists in volatile memory and controls switch operation. If no configuration changes have been made in the CLI since the switch was last booted, the running-config file is identical to the startup-config file. Startup-config File: Exists in flash (non-volatile) memory and is used to preserve the most recently-saved configuration as the "permanent"...

  • Page 86: Using The Cli To Implement Configuration Changes

    5: The above command disables port 5 in the running-config file, but not in the startup-config file. Port 5 remains disabled only until the switch reboots. If you want port 5 to remain disabled through the next reboot, use to save the current running-config file to the startup-config file in flash memory.

  • Page 87

    Syntax: For example, the default port mode setting is uses Cat 3 wiring and you want to connect the switch to another autosensing device capable of 100 Mbps operation. Because 100 Mbps over Cat 3 wiring can introduce transmission problems, the recommended port mode is which allows the port to negotiate full- or half-duplex, but restricts speed to 10 Mbps.

  • Page 88

    (figure 5-2, above) to save the change to the startup-config file. That is, if you use the CLI to change a parameter setting, but then reboot the switch write memory Disables port 1 in the running configuration, which causes port 1 to block all traffic.

  • Page 89: Configuration Changes

    Syntax: For example: Press [Y] to replace the current configuration with the factory default config- uration and reboot the switch. Press [N] to retain the current configuration and prevent a reboot. Using the Menu and Web Browser Interfaces To Implement Configuration...

  • Page 90: Using The Menu Interface To Implement Configuration Changes

    Changes You can use the menu interface to simultaneously save and implement a subset of switch configuration changes without having to reboot the switch. That is, when you save a configuration change in the menu interface, you simulta- neously change both the running-config file and the startup-config file.

  • Page 91: Rebooting From The Menu Interface

    To Reboot the switch, use the Reboot Switch option in the Main Menu. (Note that the Reboot Switch option is not available if you log on in Operator mode; that is, if you enter an Operator password instead of a manager password at the password prompt.)

  • Page 92

    Rebooting To Activate Configuration Changes. Configuration changes for most parameters become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the VLANs to support (To access these parameters, go to the Main menu and select 2. Switch Configuration, then 8.

  • Page 93: Changes, Using Primary And Secondary Flash Image Options

    [Apply Changes] or [Apply Settings] in the web browser interface. Using Primary and Secondary Flash Image Options The Switch 4108GL features two flash memory locations for storing system image (operating system, or OS) files: Switch Memory and Configuration Using Primary and Secondary Flash Image Options...

  • Page 94: Displaying The Current Flash Image Data

    Syntax: For example, if the switch is using an OS version of G.01.01 stored in Primary flash, show version produces the following: 5-12 show version...

  • Page 95

    Thus, if the switch booted from primary flash, you will see the version number of the OS image stored in primary flash, and if the switch booted from secondary flash, you will see the version number of the OS version stored in secondary flash.

  • Page 96: Os Downloads

    G.01.03 is in secondary flash. Figure 5-8. Determining the OS Version in Primary and Secondary Flash OS Downloads The following table shows the switch’s options for downloading an OS to flash and booting the switch from flash Table 5-1. Action...

  • Page 97: Local Os Replacement And Removal

    OS image in either primary or secondary flash, the temporary flash image in RAM will be cleared and the switch will go down. To recover, see “Restoring a Flash Image” on page 18-25 (in the Troubleshoot- ing chapter).

  • Page 98

    OS file in the other flash image location (secondary or primary). If the switch has only one flash image loaded (in either primary or secondary flash) and you erase that image, then the switch does not have an OS stored in flash.

  • Page 99

    Figure 5-11. Example of Show Flash Listing After Erasing Primary Flash Rebooting the Switch The switch offers reboot options through the the options inherrent in a dual-flash image system. Generally, using boot provides more comprehensive self-testing; using reload gives you a faster reboot time.

  • Page 100

    Syntax: For example, to reboot the switch from secondary flash when there are no pending configuration changes in the running-config file: Figure 5-13. Example of Boot Command with Primary/Secondary Flash Option In the above example, typing either a reboot operation.

  • Page 101: Operating Notes

    Using Primary and Secondary Flash Image Options Booting from the Current OS Version. Reload reboots the switch from the flash image on which the switch is currently running, and saves to the startup-config file any configuration changes currently in the running-config file.

  • Page 102

    Switch Memory and Configuration Using Primary and Secondary Flash Image Options while using a version "Y" of the OS, and then reboot the switch with an earlier OS version "X" that does not include all of the features found in "Y", the OS simply ignores the parameters for any features that it does not support.

  • Page 103

    Interface Access and System Information Chapter Contents Overview ............6-2 Interface Access: Console/Serial Link, Web, and Inbound Telnet .

  • Page 104

    Overview This chapter describes how to view and modify the configuration for switch interface access and switch system information . For help on how to actually use the interfaces built into the switch, refer to: Chapter 2, “Using the Menu Interface”...

  • Page 105: Interface Access: Console/serial Link, Web, And Inbound Telnet

    IP authorized managers. However if unauthorized access to the switch through in-band means (Telnet or the web browser interface), then you can disallow in-band access (as described in this section) and install the switch in a locked environment. Interface Access and System Information...

  • Page 106: Menu: Modifying The Interface Access

    Web Agent Enabled To Access the Interface Access Parameters: From the Main Menu, Select... 2. Switch Configuration... 1. System Information Figure 6-1. The Default Interface Access Parameters Available in the Menu Interface Press [E] (for Edit). The cursor moves to the System Name field.

  • Page 107: Cli: Modifying The Interface Access

    [no] web-management console Listing the Current Console/Serial Link Configuration. This com- mand lists the current interface access parameter settings. Syntax: This example shows the switch’s default console/serial configuration. Interface Access Enable/Disable Console Control Options Figure 6-2. Listing of Show Console Command Reconfigure Inbound Telnet Access.

  • Page 108

    Syntax: N o t e If you change the Baud Rate or Flow Control settings for the switch, you should make the corresponding changes in your console access device. Oth- erwise, you may lose connectivity between the switch and your terminal emulator due to differences between the terminal and switch settings for these two parameters.

  • Page 109

    Figure 6-4. Example of Executing a Series of Console Commands Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet The switch implements the Event Log change immediately. The switch implements write memory the other console changes after executing...

  • Page 110: System Information

    MAC Age Interval: The number of seconds a MAC address the switch has learned remains in the switch’s address table before being aged out (deleted).

  • Page 111: Menu: Viewing And Configuring System Information

    Menu: Viewing and Configuring System Information To access the system information parameters: From the Main Menu, Select... 2. Switch Configuration... 1. System Information Figure 6-5. The System Information Configuration Screen (Default Values) N o t e To help simplify administration, it is recommended that you configure System Name to a character string that is meaningful within your system.

  • Page 112: Cli: Viewing And Configuring System Information

    Listing the Current System Information. This command lists the current system information settings. Syntax: This example shows the switch’s default console configuration. Figure 6-6. Example of CLI System Information Listing 6-10 below below below page 6-12...

  • Page 113

    [contact <system contact>] [location <system location>] Note that no blank spaces are allowed in the variables for these commands. For example, to name the switch “Blue” with “Ext-4474” as the system contact, and “North-Data-Room” as the location: Figure 6-7. System Information Listing After Executing the Preceding Commands...

  • Page 114

    Also, executing time without param- eters lists the switch’s time of day and date. Note that the CLI uses a 24-hour clock scheme; that is, hour (hh) values from 1 p.m. to midnight are input as 13 - 24, respectively.

  • Page 115: Web: Configuring System Parameters

    Enter the data you want in the displayed fields. Implement your new data by clicking on [Apply Changes]. To access the web-based help provided for the switch, click on [?] in the web browser screen. Interface Access and System Information...

  • Page 116

    Interface Access and System Information System Information 6-14...

  • Page 117

    Web: Configuring IP Addressing ....... 7-9 How IP Addressing Affects Switch Operation ....7-9 DHCP/Bootp Operation .

  • Page 118

    Why Configure IP Addressing? In its factory default configuration, the switch operates as a multiport learning bridge with network connectivity provided by the ports on the switch. However, to enable specific management access and control through your network, you will need IP addressing. (See...

  • Page 119: Ip Configuration

    VLANs. The gateway value is the IP address of the next-hop gateway node for the switch, which is used if the requested destina- tion address is not on a local subnet/VLAN. If the switch does not have a manually-configured default gateway and DHCP/Bootp is configured on the primary VLAN, then the default gateway value provided by the DHCP or Bootp server will be used.

  • Page 120: Just Want A Quick Start?, Ip Addressing With Multiple Vlans

    IP Configuration Just Want a Quick Start? If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, HP recommends that you use the Switch Setup screen to quickly configure IP addressing. To do so, do one of the following: Enter setup at the CLI Manager level prompt.

  • Page 121: Ip Addressing In A Stacking Environment, Menu: Configuring Ip Address, Gateway, And Time-to-live (ttl)

    If you change the IP address through either Telnet access or the web browser interface, the connection to the switch will be lost. You can reconnect by either restarting Telnet with the new IP address or entering the new address as the URL in your web browser.

  • Page 122

    Figure 5-1. Example of the IP Service Configuration Screen without Multiple VLANs Configured Press [E] (for Edit). If the switch needs to access a router, for example, to reach off-subnet destinations, select the Default Gateway field and enter the IP address of the gateway router.

  • Page 123: Timep

    Viewing the Current IP Configuration. The following command displays the IP addressing for each VLAN configured in the switch. If only the DEFAULT_VLAN exists, then its IP configuration applies to all ports in the switch. Where multiple VLANs are configured, the IP addressing is listed per VLAN.

  • Page 124

    ID of the VLAN for which you are configuring IP addressing or go to the context configuration level for that VLAN. (If you are not using VLANs on the switch—that is, if the only VLAN is the default VLAN—then the VLAN ID is always “1”.) N o t e The default IP address setting for the DEFAULT_VLAN is DHCP/Bootp.

  • Page 125: Web: Configuring Ip Addressing, How Ip Addressing Affects Switch Operation

    Configure Time-To-Live (TTL). Use this command at the Global config prompt to set the time that a packet outbound from the switch can exist on the network. The default setting is 64 seconds. Syntax: ip ttl <number-of-seconds> In the CLI, you can execute this command only from the global configuration level.

  • Page 126: Dhcp/bootp Operation

    N o t e The Switch 4108GL is compatible with both DHCP and Bootp servers. The DHCP/Bootp Process. Whenever the IP Config parameter in the switch or in an individual VLAN in the switch is configured to DHCP/Bootp (the...

  • Page 127

    If the switch is initially configured for DHCP/Bootp operation (the default), or if it is rebooted with this configuration, it immediately begins sending request packets on the network. If the switch does not receive a reply to its DHCP/Bootp requests, it continues to periodically send request packets, but with decreasing frequency.

  • Page 128

    If you have multiple switches that will be using Bootp to get their IP configuration, you should use a unique symbolic name for each switch. is the “hardware type”. For the Switch 4108GL, set this to ether (for Ethernet). This tag must precede the ha tag.

  • Page 129: Network Preparations For Configuring Dhcp/bootp

    T144 N o t e The above Bootp table entry is a sample that will work for the Switch 4108GL when the appropriate addresses and file names are used. Network Preparations for Configuring DHCP/Bootp In its default configuration, the switch is configured for DHCP/Bootp opera- tion.

  • Page 130: Globally Assigned Ip Network Addresses

    Configuring IP Addressing IP Configuration Globally Assigned IP Network Addresses If you intend to connect your network to other networks that use globally administered IP addresses, Hewlett-Packard strongly recommends that you use IP addresses that have a network address assigned to you. There is a formal process for assigning unique IP addresses to networks worldwide.

  • Page 131

    Protocol Operation ..........8-3 General Steps for Running a Time Protocol on the Switch: ..8-3 Disabling Time Synchronization .

  • Page 132: Timep Time Synchronization, Overview, Sntp Time Synchronization

    TimeP, with the TimeP mode itself set to TimeP Time Synchronization You can either manually assign the switch to use a TimeP server or use DHCP to assign the TimeP server. In either case, the switch can get its time synchro- nization updates from only one, designated Timep server.

  • Page 133: Time Protocol Operation, General Steps For Running A Time Protocol On The Switch:

    Poll Interval an update received from the first-detected server. N o t e To use Broadcast mode, the switch and the SNTP server must be in the same subnet. Unicast Mode: The switch requests a time update from the config- ured SNTP server.

  • Page 134: Disabling Time Synchronization, Sntp: Viewing, Selecting, And Configuring

    SNTP: Viewing, Selecting, and Configuring Note that simply selecting a time synchronization protocol does not enable that protocol on the switch unless you also enable the protocol itself (step 2, above). For example, in the factory-default configuration, TimeP is the selected time synchronization method.

  • Page 135: Menu: Viewing And Configuring Sntp

    The Default. SNTP does not operate, even if specified by the Menu interface Time Sync Method parameter or the CLI timesync command. Unicast Directs the switch to poll a specific server for SNTP time synchronization. Requires at least one server address. Broadcast Directs the switch to acquire its time synchronization from data broadcast by any SNTP server to the network broadcast address.

  • Page 136

    Time Protocols SNTP: Viewing, Selecting, and Configuring Figure 8-4. The System Information Screen (Default Values) Press [E] (for Use [v] to move the cursor to the Use the Space bar to select to the Do one of the following: • Use the Space bar to select the move the cursor to the Broadcast mode details, see "SNTP Operating Modes"...

  • Page 137

    Enter the IP address of the SNTP server you want the switch to use for time synchronization. Note: This step replaces any previously configured server IP address. If you will be using backup SNTP servers (requires use of the CLI), then “SNTP Unicast Time Polling with Multiple SNTP Servers”...

  • Page 138: Cli: Viewing And Configuring Sntp

    None) and the SNTP configuration, even if SNTP is not the selected time protocol. Syntax: For example, if you configured the switch with SNTP as the time synchroni- zation method, then enabled SNTP in broadcast mode with the default poll interval, show sntp Figure 8-5.

  • Page 139

    Configuring (Enabling or Disabling) the SNTP Mode Enabling the SNTP mode means to configure it for either broadcast or unicast mode. Remember that to run SNTP as the switch’s time synchronization protocol, you must also select SNTP as the time synchronization method by...

  • Page 140

    SNTP. However, for Unicast operation, you must also specify the IP address of at least one SNTP server. The switch allows up to three unicast servers. You can use the Menu interface or the CLI to configure one server or to replace an existing Unicast server with another.

  • Page 141

    For example, to select SNTP and configure it with unicast mode and an SNTP server at 10.28.227.141 with the default server version (3) and default poll interval (720 seconds): server and accepts the current SNTP server version (default: 3) Figure 8-8. Example of Configuring SNTP for Unicast Operation If the SNTP server you specify uses SNTP version 4 or later, use the sntp server command to specify the correct version number.

  • Page 142

    Syntax: tion to Disabled For example, if the switch is running SNTP in Unicast mode with an SNTP server at 10.28.227.141 and a server version of 3 (the default), the SNTP configuration as shown below, and disables time synchronization on the switch.

  • Page 143: Timep: Viewing, Selecting, And Configuring

    Figure 8-11. Example of Disabling Time Synchronization by Disabling the SNTP Mode TimeP: Viewing, Selecting, and Configuring TimeP Feature view the Timep time synchronization configuration select Timep as the time syncronization method disable time synchronization enable the Timep mode DHCP manual none/disabled change the SNTP poll interval...

  • Page 144: Menu: Viewing And Configuring Timep

    IP address via DHCP. If the switch receives a server address, it polls the server for updates according to the Timep poll interval. If the switch does not receive a Timep server IP address, it cannot perform time synchronization updates.

  • Page 145

    Use the Space bar to select the the cursor to the • Use the Space bar to select the ii. Enter the IP address of the TimeP server you want the switch to TimeP: Viewing, Selecting, and Configuring Time Protocol Selection Parameter – TIMEP (the default) –...

  • Page 146: Cli: Viewing And Configuring Timep

    Time Protocols TimeP: Viewing, Selecting, and Configuring iii. Press [>] to move the cursor to the In the Poll Interval. Press [Enter] to return to the Actions line, then [S] (for time protocol configuration in both the startup-config and running-config files.

  • Page 147

    For example, if you configure the switch with TimeP as the time synchroniza- tion method, then enable TimeP in DHCP mode with the default poll interval, show timep Figure 8-13. Example of TimeP Configuration When TimeP Is the Selected Time...

  • Page 148

    Enabling Timep in Manual Mode. Like DHCP mode, configuring TimeP for Manual mode enables TimeP. However, for manual operation, you must also specify the IP address of the TimeP server. (The switch allows only one TimeP server.) To enable the TimeP protocol: Syntax:timesync timepSelects Timep.

  • Page 149

    Figure 8-16. Example of Configuring Timep for Manual Operation Changing the TimeP Poll Interval. This command lets you specify how long the switch waits between time polling intervals. The default is 720 minutes and the range is 1 to 9999 minutes. (This parameter is separate from the poll interval parameter used for SNTP operation.)

  • Page 150: Sntp Unicast Time Polling With Multiple Sntp Servers

    Server Address parameter in the menu interface, or the primary server in a list of up to three SNTP servers configured using the CLI. If the switch does not receive a response from the primary server after three consecutive polling intervals, the switch tries the next server (if any) in the list.

  • Page 151: Address Prioritization, Adding And Deleting Sntp Server Addresses

    If you use the CLI to configure multiple SNTP servers, the switch prioritizes them according to the decimal values of their IP addresses. That is, the switch compares the decimal value of the octets in the addresses and orders them...

  • Page 152

    Figure 8-19. Example of SNTP Server Address Prioritization N o t e If there are already three SNTP server addresses configured on the switch, and you want to use the CLI to replace one of the existing addresses with a new one, you must delete the unwanted address before you configure the new one.

  • Page 153: Sntp Messages In The Event Log, Menu Interface Operation With Multiple Sntp Server Addresses Configured

    Same Tertiary (This address still has the highest decimal value.) SNTP Messages in the Event Log If an SNTP time change of more than three seconds occurs, the switch’s event log records the change. SNTP time changes of less than three seconds do not appear in the Event Log.

  • Page 154

    Time Protocols SNTP Messages in the Event Log 8-24...

  • Page 155

    General Authentication Setup Procedure ..... . 9-11 Configuring TACACS+ on the Switch ......9-14 Before You Begin .

  • Page 156

    Tacacs+ Authentication Uses an authentication application on a central server to allow or deny access to a Switch 4108GL. You can use local passwords and TACACS+ together with Authorized IP Managers (chapter 10) to provide a more comprehensive security fabric than if you use only one or two of these options.

  • Page 157: Configuring Username And Password Security

    If TACACS+ is not configured or the TACACS+ server is not accessi- ble, the switch uses local user-name/password protection (step 1, below). If the switch has an Authorized IP Managers list (see chapter 10) , the management station must be included in this list. •...

  • Page 158

    Access to the Status and Counters menu, the Event Log, and the CLI*, but no Configuration capabilities. On the Operator level, the configuration menus, Download OS, and Reboot Switch options in the Main Menu are not available.

  • Page 159: Menu: Configuring Passwords

    Using Passwords and TACACS+ To Protect Against Unauthorized Access If the switch has a password for both the Manager and Operator levels, and neither is entered correctly during a logon attempt, access to the console will be denied. If the switch has neither a Manager nor an Operator password, anyone having access to the console interface can operate the console with full manager privileges.

  • Page 160: Cli: Setting Manager And Operator Passwords

    Password): This procedure deletes all usernames (if configured) and pass- words (Manager and Operator). If you have physical access to the switch, press and hold the Clear button (on the front of the switch) for a minimum of one second to clear all password protection, then enter new passwords as described earlier in this chapter.

  • Page 161: Web: Configuring User-names And Passwords

    To remove user-name and password protection, leave the fields blank. Implement the user-names and passwords by clicking on [Apply Changes]. To access the web-based help provided for the switch, click on [?] in the web browser screen. Configuring Username and Password Security •...

  • Page 162

    TACACS+ server(s) disabled TACACS+ authentication enables you to use a central server to allow or deny access to the Switch 4108GL (and other TACACS-aware devices) in your network. This means that you can use a central database to create multiple unique username/password sets with associated privilege levels for use by individuals who have reason to access the switch from either the switch’s...

  • Page 163: Terminology Used In Tacacs Applications:, Terminology Used In Tacacs Applications

    N o t e s R e g a rd i n g S o f t w a r e R e l e a se G .0 1 . xx Software release G.01.xx for the Switch 4108GL enables TACACS+ authenti- cation, which allows or denies access to a Switch 4108GL on the basis of correct username/password pairs managed by the TACACS+ server, and to specify the privilege level to allow if access is granted.

  • Page 164: General System Requirements

    (For more on local authentication, see the password and username information in the Configuration and Management Guide on the Documentation CD-ROM shipped with your Switch 4108GL. • TACACS+ Authentication: This method enables you to use a...

  • Page 165: General Authentication Setup Procedure

    While recovery is simple, it may pose an inconvenience that can be avoided.To prevent an unintentional lockout on a Switch 4108GL, use a procedure that configures and tests TACACS+ protection for one access type (for example, Telnet access), while keeping the other access type (console, in this case) open in case the Telnet access fails due to a configuration problem.

  • Page 166

    N o t e o n P r i v il e g e L e v e ls When a TACACS+ server authenticates an access request from a switch, it includes a privilege level code for the switch to use in determining which privilege level to grant to the terminal requesting access. The switch interprets a privilege level code of "15"...

  • Page 167

    TACACS+ authentication only for telnet login access and telnet enable access. At this stage, do not configure TACACS+ authenti- cation for console access to the switch, as you may need to use the console for access if the configuration for the Telnet method needs debugging.

  • Page 168: Configuring Tacacs+ On The Switch, Before You Begin, Viewing The Switch's Current Authentication Configuration

    <ip addr> timeout <1 ..255> Viewing the Switch’s Current Authentication Configuration This command lists the number of login attempts the switch allows in a single login session, and the primary/secondary access methods configured for each type of access. Syntax:...

  • Page 169

    TACACS+ servers the switch can contact. Syntax: For example, if the switch was configured for a first-choice and two backup TACACS+ server addresses, the default timeout period, and paris-1 for a (global) encryption key, show tacacs would produce a listing similar to the...

  • Page 170: Configuring The Switch's Authentication Methods

    Configuring the Switch’s Authentication Methods The aaa authentication command configures the access control for console port and Telnet access to the switch. That is, for both access methods, aaa authentication specifies whether to use a TACACS+ server or the switch’s local authentication, or (for some secondary scenarios) no authentication (meaning that if the primary method fails, authentication is denied).

  • Page 171

    Telnet Login Primary as Local and Telnet Enable Primary as Tacacs, when you A c c e s s attempt to Telnet to the switch, you will be prompted for a local password. If you enter the switch’s local Manager password (or, if there is no local Manager...

  • Page 172

    Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security For example, here is a set of access options and the corresponding commands to configure them: Console Login (Operator, or Read-Only) Access: Primary using TACACS+ server.

  • Page 173: Configuring The Switch's Tacacs+ Server Access

    If the switch sends an authentication request, but does not receive a response within the period specified by the timeout value, the switch resends the request to the next server in its Server IP Addr list, if any. If the switch still fails to receive a response from any...

  • Page 174

    K e ys authentication. If you configure a global encryption key, the switch uses it only with servers for which you have not also configured a server-specific key. Thus, a global key is more useful where the TACACS+ servers you are using all have an identical key, and server-specific keys are necessary where different TACACS+ servers have different keys.

  • Page 175

    Use show tacacs to view the current IP address list. If the first-choice TACACS+ server fails to respond to a request, the switch tries the second address, if any, in the show tacacs list. If the second address also fails, then the switch tries the third address, if any.

  • Page 176

    5 sec Specifies how long the switch waits for a TACACS+ server to respond to an authentication request. If the switch does not detect a response within the timeout period, it initiates a new request to the next TACACS+ server in the list. If all TACACS+ servers in the list fail to respond within the timeout period, the switch uses either local authentication (if configured) or denies access (if none configured for local authentication).

  • Page 177

    Configuring an Encryption Key. Use an encryption key in the switch if the switch will be requesting authentication from a TACACS+ server that also uses an encryption key. (If the server expects a key, but the switch either does not provide one, or provides an incorrect key, then the authentication attempt will fail.) Use a global encryption key if the same key applies to all TACACS+...

  • Page 178: How Authentication Operates, General Authentication Process Using A Tacacs+ Server

    TACACS+ Authentication for Central Control of Switch Access Security Configuring the Timeout Period. The timeout period specifies how long the switch waits for a response to an authentication request from a TACACS+ server before either sending a new authentication request to the next server in the switch’s Server IP Address list or using the local authentication option.

  • Page 179: Local Authentication Process

    After the server receives the username input, the requesting terminal receives a password prompt from the server via the switch. When the requesting terminal responds to the prompt with a password, the switch forwards it to the TACACS+ server and one of the following actions occurs: •...

  • Page 180: Using The Encryption Key

    "secret") helps to prevent unauthorized intruders on the network from reading username and password information in TACACS+ packets moving between the switch and a TACACS+ server. At the TACACS+ server, a key may include both of the following: Global key: A general key assignment in the TACACS+ server appli- cation that applies to all TACACS-aware devices for which an indi- vidual key has not been configured.

  • Page 181: Encryption Options In The Switch

    Thus, on the TACACS+ server side, you have a choice as to how to implement a key. On the switch side, it is necessary only to enter the key parameter so that it exactly matches its counterpart in the server. For information on how to configure a general or individual key in the TACACS+ server, refer to the documentation you received with the application.

  • Page 182: Messages

    CLI Message Meaning Connecting to Tacacs server The switch is attempting to contact the TACACS+ server identified in the switch’s server Connecting to secondary The switch was not able to contact the first-choice TACACS+ server, and is now Tacacs server attempting to contact the next (secondary) TACACS+ server identified in the switch’s...

  • Page 183: Troubleshooting Tacacs+ Operation, Operating Notes

    TACACS+ Authentication for Central Control of Switch Access Security Operating Notes If you configure Authorized IP Managers on the switch, it is not necessary to include any devices used as TACACS+ servers in the authorized manager list. That is, authentication traffic between a TACACS+ server and the switch is not subject to Authorized IP Manager controls configured on the switch.

  • Page 184

    Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security 9-30...

  • Page 185

    Listing the Switch’s Current Authorized IP Manager(s) ..10-8 Configuring IP Authorized Managers for the Switch ..10-9 Web: Configuring IP Authorized Managers ....10-10 Building IP Masks .

  • Page 186

    • If the station is not authorized, the switch denies access. • If the switch has no Authorized IP Manager list, then the switch uses TACACS+ authentication, if configured and available (step 2, below). 10-2 Telnet The switch’s web browser interface...

  • Page 187

    • If incorrect passwords are entered, the switch denies access. • If a manager password is not configured, the switch allows manager- level (read/write) access. The preceding information outlines general access security. To understand the options offered by each security feature, refer to the following.

  • Page 188: Using Authorized Ip Managers

    Building IP Masks Operating and Troubleshooting Notes This feature enables you to enhance security on the switch by using IP addresses to authorize which stations (PCs or workstations) can access the switch. Also, when configured in the switch, Authorized IP Managers take precedence over TACACS+ and local user-name/password pairs as indicated in table 10-1, "Management Access Security Features"...

  • Page 189: Access Levels, Defining Authorized Management Stations, Overview Of Ip Mask Operation

    Authorized Manager IP value, specify an IP Mask, and select either Manager or Operator for the Access Level. The IP Mask determines how the Authorized Manager IP value is used to allow or deny access to the switch by a manage- ment station.

  • Page 190

    N o t e The IP Mask is a method for recognizing whether a given IP address is authorized for management access to the switch. This mask serves a different purpose than IP subnet masks and is applied in a different manner.

  • Page 191: Menu: Viewing And Configuring Ip Authorized Managers

    Menu: Viewing and Configuring IP Authorized Managers From the console Main Menu, select: 2. Switch Configuration . . . 7. IP Authorized Managers Figure 10-1. Example of How To Add an Authorized Manager Entry 2. Enter an Authorized Manager IP address here.

  • Page 192: Cli: Viewing And Configuring Authorized Ip Managers, Listing The Switch's Current Authorized Ip Manager(s)

    <ip-address> mask <mask-bits> <operator | manager> Listing the Switch’s Current Authorized IP Manager(s) Use the show ip authorized-managers command to list IP stations authorized to access the switch. For example: Figure 10-3. Example of the Show IP Authorized-Manager Display...

  • Page 193: Configuring Ip Authorized Managers For The Switch

    Similarly, the next command authorizes manager-level access for any station having an IP address of 10.28.227.101 through 103: If you omit the mask when adding a new authorized manager, the switch automatically uses 255.255.255.255 for the mask. If you do not specify either Manager or Operator access, the switch automatically assigns the Manager access.

  • Page 194: Web: Configuring Ip Authorized Managers, Building Ip Masks

    For web-based help on how to use the web browser interface screen, click on the [?] button provided on the web browser screen. Building IP Masks The IP Mask parameter controls how the switch uses an Authorized Manager IP value to recognize the IP addresses of authorized manager stations on your network.

  • Page 195: Configuring Multiple Stations Per Authorized Manager Ip Entry

    The mask determines whether the IP address of a station on the network meets the criteria you specify. That is, for a given Authorized Manager entry, the switch applies the IP mask to the IP address you specify to determine a range of authorized IP addresses for management access. As described above, that...

  • Page 196

    (0) in the 4th octet of the mask allows any value between 0 and 255 in that octet of the corresponding IP address. This mask allows switch access to any device having an IP address of 10.28.227.xxx, where xxx is any value from 0 to 255.

  • Page 197: Operating And Troubleshooting Notes, Additional Examples For Authorizing Multiple Stations

    Even if you need proxy server access enabled in order to use other applications, you can still eliminate proxy service for web access to the switch. To do so, add the IP address or DNS name of the switch to the non-proxy, or “Exceptions” list in the web browser interface you are using on the authorized station.

  • Page 198

    Using Authorized IP Managers for Increased Management Security Using Authorized IP Managers 10-14...

  • Page 199

    Trunk Operation Using the “FEC” Option ..... 11-29 How the Switch Lists Trunk Data ......11-29 Outbound Traffic Distribution Across Trunked Links .

  • Page 200: Viewing Port Status And Configuring Port Parameters, Overview

    F i x e d - mismatch. To check the speed and duplex setting on the Switch 4108GL, use C o n f i g u r a t i o n...

  • Page 201

    IEEE 802.3u “Auto Negotiation” standard for 100Base-T networks. If the other device does not comply with the 802.3u standard, or is not set to Auto, then the port configuration on the switch must be manually set to match the port configuration on the other device.

  • Page 202

    With the port mode set to Auto (the default) and Flow Control enabled, the switch negotiates Flow Control on the indicated port. If the port mode is not set to Auto, or if Flow Control is disabled on the port, then Flow Control is not used.

  • Page 203: Menu: Viewing Port Status And Configuring Port Parameters

    For information on port trunk groups, see “Port Trunking” on page 11-10. From the Main Menu, Select: 2. Switch Configuration... 2. Port/Trunk Settings Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters...

  • Page 204: Cli: Viewing Port Status And Configuring Port Parameters

    Lists the full status and configuration for all ports on the switch. show interface config: Lists a subset of the data shown by the show interfaces command (above); that is, only the enabled/disabled, mode, and flow control status for all ports on the switch. 11-6 below page 11-7...

  • Page 205

    Optimizing Port Usage Through Traffic Control and Port Trunking show interfaces brief Syntax: show interface config The next two figures list examples of the output of the above two commands for the same port configuration. Figure 11-3. Example of a Show Interface Command Listing Figure 11-4.

  • Page 206

    Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Using the CLI To Configure Ports. You can configure one or more of the following port parameters. For details on each option, see Table 11-1 on page 11-3.

  • Page 207: Web: Viewing Port Status And Configuring Port Parameters

    <0 . . 99> Syntax: For example, to configure a broadcast limit of 20% for all ports on the switch: Web: Viewing Port Status and Configuring Port Parameters In the web browser interface: Click on the Configuration tab.

  • Page 208: Port Trunking

    A trunk group is a set of up to four ports configured as members of the same port trunk. Note that the ports in a trunk group do not have to be consecutive. For example: Switch 1: Ports c1 - c4 configured as a port trunk group.

  • Page 209: Switch 4108gl Port Trunk Features And Operation

    Port Connections and Configuration: All port trunk links must be point- to-point connections between the Switch 4108GL and another switch, router, server, or workstation configured for port trunking. No intervening, non- trunking devices are allowed. It is important to note that ports on both ends of a port trunk group must have the same mode (speed and duplex) and flow control settings.

  • Page 210: Trunk Configuration Methods

    Static Trunk: The switch uses the links you configure with the Port/Trunk Settings screen in the menu interface or the trunk command in the CLI to create a static port trunk. The switch offers three types of static trunks: LACP, Trunk, and FEC.

  • Page 211

    – You are unsure which type of trunk to use, or the device to which you want to create a trunk link is using an unknown trunking protocol. – You want to use a monitor port on the switch to monitor traffic on a trunk. See “Trunk Group Operation Using the “Trunk” Option” on page 11-28.

  • Page 212

    Media: All ports on both ends of a trunk group must have the same media type and mode (speed and duplex). The switch blocks any trunked links that do not conform to this rule. (For the Switch 4108GL, HP recommends leaving the port Mode...

  • Page 213

    IP Multicast Protocol (IGMP): A static trunk of any type appears in the IGMP configuration display, and you can configure IGMP for a static trunk in the same way that you would configure IGMP on a non-trunked port. (Note that the switch lists the trunk by name—such as Trk1—and does not list the individual ports in the trunk.) Also, creating a new trunk...

  • Page 214: Menu: Viewing And Configuring A Static Trunk Group

    I m p o r t a n t Configure port trunking before you connect the trunked links to another switch, routing switch, or server. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured.

  • Page 215

    Trunk (the default type if you do not specify a type) – FEC (Fast EtherChannel All ports in the same trunk group on the same switch must have the same Type (LACP, Trunk, or FEC). When you are finished assigning ports to the trunk group, press [Enter], then [S] (for Save) and return to the Main Menu.

  • Page 216: Using The Cli To View Port Trunks

    Using the CLI To View Port Trunks You can list the trunk type and group for all ports on the switch or for selected ports. You can also list LACP-only status information for LACP-configured ports. Listing Static Trunk Type and Group for All Ports or Selected Ports.

  • Page 217

    Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking This example uses a port list to specify only the switch ports an administrator wants to view: Figure 11-8. Example of a Show Trunk Listing for Specific Ports The show trunk command in this example does not include a port list, and thus shows static trunk group information for all switch ports.

  • Page 218

    Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking In the following example, ports C1 and C2 have been previously configured for a static LACP trunk. (For more on “Active”, see table 11-7 on page 11-27.) Figure 11-10. Example of a Show LACP Listing Dynamic LACP Standby Links.

  • Page 219: Using The Cli To Configure A Static Or Dynamic Trunk Group

    See “Using the CLI To Configure Ports” on page 11-8.) On the Switch 4108GL you can configure up to six port trunk groups having up to four links each (with additional standby links if you’re using LACP). You...

  • Page 220

    Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking HP4108(config)# no trunk c4-c5 11-22...

  • Page 221

    Enabling a Dynamic LACP Trunk Group. In the default port configura- tion, all ports on the switch are set to LACP passive. However, to enable the switch to automatically form a trunk group that is dynamic on both ends of the link, the ports on one end of a set of links must be LACP active.

  • Page 222: Web: Viewing Existing Port Trunk Groups

    Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Removing Ports from a Dynamic LACP Trunk Group. To remove a port from dynamic LACP trunk operation, you must turn off LACP on the port. (On a port in an operating, dynamic LACP trunk, you cannot change between LACP dynamic and LACP passive without first removing LACP operation from the port.) C a u t i o n...

  • Page 223: Trunk Group Operation Using Lacp

    Trunk Display Method show lacp show trunk Port/Trunk Settings screen in menu interface In most cases, trunks configured for LACP on the Switch 4108GL operate as described in table 11-6: Optimizing Port Usage Through Traffic Control and Port Trunking Static LACP Trunk command Included in listing.

  • Page 224

    Displaying Dynamic LACP Trunk Data: To list the configuration and status for a dynamic LACP trunk, show lacp use the CLI Note: The dynamic trunk is automatically created by the switch, and is not listed in the static trunk listings available in the menu interface or in the CLI show trunk listing. Static LACP...

  • Page 225: Default Port Operation

    Standby port, if available, to replace the failed port. LACP Partner Yes: LACP is enabled on both ends of the link. No: LACP is enabled on the Switch 4108GL, but either LACP is not enabled or the link has not been detected on the opposite device. LACP Status Success: LACP is enabled on the port, detects and synchronizes with a device on the other end of the link, and can move traffic across the link.

  • Page 226: Trunk Group Operation Using The "trunk" Option, Lacp Notes And Restrictions

    If a port is already a member of a static or dynamic LACP trunk, you cannot configure it to HDx. If a port is already set to HDx, the switch does not allow you to configure it for a static or dynamic LACP trunk.

  • Page 227: Trunk Operation Using The "fec" Option, How The Switch Lists Trunk Data

    Optimizing Port Usage Through Traffic Control and Port Trunking regard for how that traffic is handled by the device at the other end of the trunked links. Similarly, the switch handles incoming traffic from the trunked links as if it were from a trunked source.

  • Page 228: Outbound Traffic Distribution Across Trunked Links

    Likewise, the switch distributes traffic for the same destination address but from different source addresses through different links.

  • Page 229

    Optimizing Port Usage Through Traffic Control and Port Trunking Switch Switch Figure 11-13. Example of Port-Trunked Network Table 11-8. Example of Link Assignments in a Trunk Group (SA/DA Distribution) Source: Destination: Node A Node W Node B Node X Node C...

  • Page 230

    Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking 11-32...

  • Page 231

    Incoming CDP Packets ........12-15 Configuring CDP on the Switch ......12-18 CLI: Viewing and Configuring CDP .

  • Page 232: Snmp Management Features, Overview

    To implement SNMP management, you must either configure the switch with an appropriate IP address or, if you are using DHCP/Bootp to configure the switch, ensure that the DHCP or Bootp process provides the IP address. If multiple VLANs are configured, each VLAN interface should have its own IP address.

  • Page 233

    • HP Entity MIB (entity.mib) The switch SNMP agent also uses certain variables that are included in a Hewlett-Packard proprietary MIB file you can add to the SNMP database in your network management tool. You can copy the MIB file from the HP Procurve World Wide Web site: http://www.hp.com/go/procurve...

  • Page 234: Configuring For Snmp Access To The Switch

    View and Access levels that have been set for that community. If you want to restrict access to one or more specific nodes, you can use the switch’s IP Authorized Manager feature.

  • Page 235: Snmp Communities, Menu: Viewing And Configuring Snmp Communities

    SNMP communities, each with either an operator-level or a manager- level view, and either restricted or unrestricted write access. Using SNMP requires that the switch have an IP address and subnet mask compatible with your network. C a u t i o n Deleting or changing the community named “public”...

  • Page 236: Cli: Viewing And Configuring Community Names

    Configuring for Network Management Applications Overview Note: This screen gives an overview of the SNMP communities that are currently configured. All fields in this screen are read- only. Figure 12-1. The SNMP Communities Screen (Default Values) Press [A] (for Add) to display the following screen: If you are adding a community, the fields in this screen...

  • Page 237

    — see “Trap Receivers and Authentication Traps” on page 12-8). Syntax: This example lists the data for all communities in a switch; that is, both the default "public" community name and another community named "red-team" Default Community and...

  • Page 238: Trap Receivers And Authentication Traps

    (trap receiver) snmp-server enable (authentication trap) A trap receiver is a management station designated by the switch to receive SNMP traps sent from the switch. An authentication trap is a specialized SNMP trap sent to trap receivers when an unauthorized management station tries to access the switch.

  • Page 239: Cli: Configuring And Displaying Trap Receivers

    N o t e Fixed or "Well-Known" Traps: The Switch 4108GL automatically sends fixed traps (such as "coldStart", "warmStart", "linkDown", and "linkUp") to trap receivers using a public community name. These traps cannot be redirected to other communities. Thus, if you change or delete the default public com- munity name, these traps will be lost.

  • Page 240

    Configuring for Network Management Applications Overview In the next example, the show snmp-server command shows that the switch has been previously configured to send SNMP traps to management stations belonging to the “public”, “red-team”, and “blue-team” communities. Example of Community Name Data (See page 12-5.)

  • Page 241: Advanced Management: Rmon, Using The Cli To Enable Authentication Traps

    If this feature is enabled, an authentication trap is sent to the configured trap receiver(s) if a management station attempts an unauthorized access of the switch. Check the event log in the console interface to help determine why the authentication trap was sent. (Refer to “Using the Event Log To Identify Problem Sources”...

  • Page 242: Introduction

    CDP area of the device’s MIB. N o t e To take advantage of CDP in Switch 4108GL, you should have a working knowledge of SNMP operation and an SNMP utility capable of polling the switches for CDP data. HP’s implementation of CDP places specific data into the switch’s Management Information Base (MIB).

  • Page 243: Cdp Terminology, General Cdp Operation

    CDP Neighbors tables to learn about additional CDP devices, and so on This section describes CDP operation in a Switch 4108GL. For information on how to use an SNMP utility to retrieve the CDP information from the switch’s CDP Neighbors table (in the switch’s MIB), refer to the documentation provided with the particular SNMP utility.

  • Page 244: Outgoing Packets

    Figure 12-5. Example of How the Switch Stores Data on Neighbor CDP Devices Outgoing Packets A Switch 4108GL running CDP periodically transmits a one-hop CDP packet out each of its ports. This packet contains data describing the switch and, if the one-hop destination is another device running CDP, the receiving device stores the sending device’s data in a CDP Neighbors table.

  • Page 245: Incoming Cdp Packets

    Figure 12-6. Example of Outgoing CDP Packet Operation Incoming CDP Packets When a CDP-enabled Switch 4108GL receives a CDP packet from another CDP device, it enters that device’s data in the CDP Neighbors table, along with the port number where the data was received (and does not forward the packet).

  • Page 246

    Configuring for Network Management Applications neighbor pairs are as follows: A/1, A/2, A/3, A/B, B/C. Note that "C" and "E" are not neighbors because the intervening CDP-disabled switch "D" does not forward CDP packets; i.e. is not transparent to CDP traffic. (For the same reason, switch "E"...

  • Page 247

    The CDP Neighbor table for switches "A" and "B" would appear similar to these: Switch A: Switch B: (Note that no CDP devices appear on port B5, which is connected to a device on which CDP is present, but disabled.) Figure 12-8.

  • Page 248: Configuring Cdp On The Switch, Cli: Viewing And Configuring Cdp

    (For the same reason, switch "E" does not have any CDP neighbors.) Figure 12-7 (page 12-16) illustrates how multiple CDP neighbors can appear on a single port. In this case, switch "A" has three CDP neighbors on port 1 because the intervening devices are not CDP-capable and simply forward CDP neighbors data out all ports (except the port on which the data was received).

  • Page 249: Viewing The Switch's Current Cdp Configuration, Table

    Viewing the Switch’s Current CDP Configuration This command lists the switch’s global and per-port CDP configuration. (In the factory default configuration, the switch runs CDP on all ports with a hold time of 180 seconds and a transmit interval of 60 seconds.)

  • Page 250: Clearing (resetting) The Cdp Neighbors Table, Clearing Cdp Neighbors Table

    099a05-09df11 Figure 12-11. Example of CDP-Enabled Devices in a Topology for the Listing in Figure 12-10 Clearing (Resetting) the CDP Neighbors Table This command removes any records of CDP neighbor devices from the switch’ s CDP MIB objects. Syntax: If you execute receives a CDP packet from any neighbor device, the displayed table appears empty.

  • Page 251: Configuring Cdp Operation

    Disabling CDP operation clears the switch’s CDP Neighbors table, prevents the switch from transmitting outbound CDP packets to advertise itself to neighboring CDP devices, and causes the switch to drop inbound CDP packets from other devices without entering the data in the CDP Neighbors table.

  • Page 252

    "A" on port B5 of switch "B".) neighbors Syntax: For example, to disable CDP on port A1 of a Switch 4108GL: Changing the Transmission Interval for Outbound CDP Packets. The default interval the switch uses to transmit CDP packets describing itself to other, neighbor devices is 60 seconds.

  • Page 253: Effect Of Spanning Tree (stp) On Cdp Packet Transmission

    However, the port still receives CDP packets if the device on the other end of the link has CDP enabled. Thus, for example, if switch "A" has two ports linked to switch "B" (which is a CDP neighbor and also the STP root device) and STP blocks traffic on one port and forwards traffic on the other: CDP Packets from Switch "A"...

  • Page 254

    A switch with CDP enabled uses the following prioritized criteria to determine which IP address to include in its outbound CDP packets: If only one VLAN on theport has an IP address, the switch uses that IP address. If the Primary VLAN on the port has an IP address, the switch uses the Primary VLAN IP address.

  • Page 255: Cdp Neighbor Data And Mib Objects

    | 10.28.227.103 Thus, CDP switch "X" detects CDP switch "Y" on port A1 and shows 10.28.227.103 in its CDP table entry because in CDP switch "Y" the Primary VLAN does not have an IP address and the Blue_VLAN has a lower VID than the Red_VLAN.

  • Page 256

    In HP Procurve switches, this is the value configured for the System Name parameter. Included in the Device Name entry. On the Switch 4108GL (the receiving device), the number of the port through which the CDP packet arrived. On the source (neighbor) device, the number of the port through which the CDP packet was sent.

  • Page 257

    CDP Version Data. The Switch 4108GL use CDP-V1, but do not include IP prefix information, which is a router function; not a switch application.

  • Page 258

    CDP packets as if the hub itself were transparent to CDP. Such hubs will appear in the switch’s CDP Neighbor table and will also maintain a CDP neighbor table similar to that for switches. For more information, refer to the documentation provided for the specific hub.

  • Page 259

    Using the Menu Interface To View and Configure a Commander Switch ........13-14 Using the Menu To Manage a Candidate Switch .

  • Page 260

    HP Procurve Stack Management Chapter Contents Transmission Interval ........13-46 Stacking Operation with Multiple VLANs Configured .

  • Page 261

    This chapter describes how to use your network to stack switches without the need for any specialized cabling—page 13-4. For general information on how to use the switch’s built-in interfaces, see: Chapter 2, “Using the Menu Interface” Chapter 3, “Using the Command Line Interface (CLI)”...

  • Page 262: Hp Procurve Stack Management

    Auto-Join “push” a candidate into a stack configure a switch to be a commander n/a “push” a member into another stack remove a member from a stack “pull” a candidate into a stack “pull”...

  • Page 263: Which Devices Support Stacking?, Which Devices Support Stacking

    Add switches to your network without having to first perform IP addressing tasks. Which Devices Support Stacking? As of May, 2001, the following HP devices support stacking: HP Procurve Switch 4108GL HP Procurve Switch 2512 HP Procurve Switch 2524 HP Procurve Switch 8000M* *Requires software release C.08.03 or later, which is included with the 8000M,...

  • Page 264: Components Of Hp Procurve Stack Management, General Stacking Operation

    A switch that has been manually configured as the controlling device for a stack. When this occurs, the switch’s stacking configuration appears as Commander. Candidate A switch that is ready to join (become a Member of) a stack through either automatic or manual methods. A switch configured as a Candidate is not in a stack. Member A switch that has joined a stack and is accessible from the stack Commander.

  • Page 265: Operating Rules For Stacking, General Rules

    Figure 13-2. Example of Stacking with One Commander Controlling Access to Wiring Closet Switches Interface Options. You can configure stacking through the switch’s menu interface, CLI, or the web browser interface. For information on how to use the web browser interface to configure stacking, see the online Help for the web browser interface.

  • Page 266: Specific Rules

    HP Procurve Stack Management There is no limit on the number of stacks in the same IP subnet (broadcast domain), however a switch can belong to only one stack. If multiple VLANs are configured, stacking uses only the primary VLAN on any switch. In the factory-default configuration, the DEFAULT_VLAN is the primary VLAN.

  • Page 267

    Candidate IP Addr: Optional. Configuring an IP address allows access via Telnet or web browser interface while the switch is not a stack member. In the factory default configu- ration the switch auto- matically acquires an IP address if your network includes DHCP service.

  • Page 268: Overview Of Configuring And Bringing Up A Stack

    VLAN in each switch (which, in the default configuration, is the default VLAN). If the primary VLAN is tagged, then each switch in the stack must use the same VLAN ID (VID) for the primary VLAN. (See “Which VLAN Is Primary?”...

  • Page 269

    (Prevent automatic joining of switches you don’t want in the stack) Prevent a switch from being a Candidate N/A The Commander’s Manager and Operator passwords propagate to the candidate when it joins the stack. The easiest way to automatically create a stack is to: Configure a switch as a Commander.

  • Page 270

    13-31 through 13-43 for the CLI. Determine the naming conventions for the stack. You will need a stack name. Also, to help distinguish one switch from another in the stack, you can configure a unique system name for each switch. Otherwise, the system name for a switch appearing in the Stacking Status screen appears as the stack name plus an automatically assigned switch number.

  • Page 271

    For automatically or manually pulling Candidate switches into a stack, you can leave such switches in their default stacking configuration. If you need to access Candidate switches through your network before they join the stack, assign IP addresses to these devices. Otherwise, IP addressing is optional for Candidates and Members.

  • Page 272

    Configure Stacking Using the Menu Interface To View and Configure a Commander Switch Configure an IP address and subnet mask on the Commander switch. (See Chapter 7, “Configuring IP Addressing”.) Display the Stacking Menu by selecting Figure 13-5. The Default Stacking Menu...

  • Page 273

    Save ) to save your configuration changes and return to the Stacking menu. Your Commander switch should now be ready to automatically or manually acquire Member switches from the list of discovered Candidates, depending on your configuration choices. HP Procurve Stack Management...

  • Page 274: Using The Menu To Manage A Candidate Switch

    Disable stacking on the Candidate so that it operates as a standalone switch In its default stacking configuration, a Candidate switch can either automati- cally join a stack or be manually added ("pulled") into a stack by a Commander, depending on the Commander’s Candidate’s configuration options:...

  • Page 275

    Auto Join Transmission Interval 60 Seconds Using the Menu To “Push” a Switch Into a Stack, Modify the Switch’s Configuration, or Disable Stacking on the Switch. Use Telnet or the web browser interface to access the Candidate if it has an IP address. Other- wise, use a direct connection from a terminal device to the switch’s console...

  • Page 276: Using The Commander To Manage The Stack

    HP Procurve Stack Management HP Procurve Stack Management Do one of the following: • To disable stacking on the Candidate, use the Space bar to select Note: Using the menu interface to disable stacking on a Candidate removes the Candidate from all stacking menus. •...

  • Page 277

    Auto Grab in the Commander is set to Auto Join in the Candidate is set to Note: When a switch leaves a stack and returns to Candidate status, its Auto Join parameter resets to stack from which it has just departed.

  • Page 278

    HP Procurve Stack Management Figure 13-10. Example of Candidate List in Stack Management Screen Either accept the displayed switch number or enter another available number. (The range is 0 - 15, with 0 reserved for the Commander.) Use the downarrow key to move the cursor to the MAC Address field, then type the MAC address of the desired Candidate from the Candidate list in the lower part of the screen.

  • Page 279

    Figure 13-11. Example of Stack Management Screen After New Member Added Using the Commander’s Menu To Move a Member From One Stack to Another. Where two or more stacks exist in the same subnet (broadcast domain), you can easily move a Member of one stack to another stack if the destination stack is not full.

  • Page 280

    Press [A] (for any available candidates. (See figure 13-10 on page 13-20.) Note that you will not see the switch you want to add because it is a Member of another stack and not a Candidate.) Either accept the displayed switch number or enter another available number.

  • Page 281

    When you use the Commander to remove a switch from a stack, the switch rejoins the Candidate pool for your IP subnet (broadcast domain), with...

  • Page 282

    HP Procurve Stack Management HP Procurve Stack Management 4. Stack Management You will then see the Stack Management screen: Figure 13-13. Example of Stack Management Screen with Stack Members Listed Use the downarrow key to select the Member you want to remove from the stack.

  • Page 283

    ) to display the console interface for the selected Member. For example, if you selected switch number 1 (system name: 13-16 and then pressed [X], you would see the Main Menu for the switch named Coral Sea. HP Procurve Stack Management HP Procurve Stack Management For status descriptions, see the table on page 13-48.

  • Page 284

    Commander to a Member of another stack. When moving a member, the procedure simply pulls a Member out of one stack and pushes it into another. From the Main Menu of the switch you want to move, select 9. Stacking To determine the MAC address of the destination Commander, select 2.

  • Page 285: Monitoring Stack Status

    Press [S] (for Save). Monitoring Stack Status Using the stacking options in the menu interface for any switch in a stack, you can view stacking data for that switch or for all stacks in the subnet (broadcast domain). (If you are using VLANs in your stack environment, see "Stacking Operation with a Tagged VLAN"...

  • Page 286

    Using Any Stacked Switch To View the Status for All Switches with Stacking Enabled. This procedure displays the general status of all switches in the IP subnet (broadcast domain) that have stacking enabled. Go to the console Main Menu for any switch configured for stacking and select: 9. Stacking ...

  • Page 287

    Viewing Member Status. This procedure displays the Member’s stacking information plus the Commander’s status, IP address, and MAC address. To display the status for a Member: Go to the console Main Menu of the Commander switch and select 9. Stacking ... 5. Stack Access...

  • Page 288

    Use Telnet (if the Candidate has a valid IP address for your network) or a direct serial port connection to access the menu interface Main Menu for the Candidate switch and select 9. Stacking ... 1. Stacking Status (This Switch) You will then see the Candidate’s Stacking Status screen:...

  • Page 289: Using The Cli To View Stack Status And Configure Stacking

    “No” form eliminates named stack and returns Commander and stack Members to Candidate status with Auto Join set to No. “No” form prevents the switch from being discovered as a stacking-capable switch. Default: Switch Configured as a Candidate...

  • Page 290

    Manager password. telnet <1..15> Commander: Uses the SN (switch number— assigned by the stack Commander) to access the console interface (menu interface or CLI) of a stack member. To view the list of SN assignments for a stack, execute the show stack command in the Used In: Commander Only Commander’s CLI.

  • Page 291: Using The Cli To View Stack Status

    Syntax: show stack [candidates | view | all] Viewing the Status of an Individual Switch. The following example illustrates how to use the CLI in a to display the stack status for that switch. In this case, the switch is in the default stacking configuration.

  • Page 292

    Viewing the Status of all Stack-Enabled Switches Discovered in the IP Subnet. The next example lists all the stack-configured switches discovered in the IP subnet. Because the Switch 4108GL on which the show stack all command was executed is a candidate, it is included in the “Others” category.

  • Page 293: Using The Cli To Configure A Commander Switch

    Using the CLI To Configure a Commander Switch You can configure any stacking-enabled switch to be a Commander as long as the intended stack name does not already exist on the broadcast domain. (When you configure a Commander, you automatically create a corresponding stack.)

  • Page 294

    Suppose, for example, that a HP4108 named “Bering Sea” is a Member of a stack named “Big_Waters”. To use the switch’s CLI to convert it from a stack Member to the Commander of a new stack named “Lakes”, you would use the following...

  • Page 295: Adding To A Stack Or Moving Switches Between Stacks

    Removes the Member from the “Big_Waters” stack. Converts the former Member to the Com- mander of the new “Lakes” stack. Figure 13-27. Example of Using a Member’s CLI To Convert the Member to the Commander of a New Stack Adding to a Stack or Moving Switches Between Stacks You can add switches to a stack by adding discovered Candidates or by moving switches from other stacks that may exist in the same subnet.

  • Page 296

    Using the Commander’s CLI To Manually Add a Candidate to the Stack. To manually add a candidate, you will use: A switch number (SN) to assign to the new member. Member SNs range from 1 to 15. To see which SNs are already assigned to Members, use show stack view.

  • Page 297

    The show stack view command then lists the Member added by the above command: SN (Switch Number) 2 is the new Member added by the stack member command. Figure 13-30. Example Showing the Stack After Adding a New Member Using Auto Join on a Candidate.

  • Page 298

    Use Telnet (if the Candidate has an IP address valid for your network) or a direct serial port connection to access the CLI for the Candidate switch. For example, suppose that a Candidate named “North Sea” with Auto Join off and a valid IP address of 10.28.227.104 is running on a network.

  • Page 299

    You could then use Using a Member CLI To “Push” the Member into Another Stack. You can use the Member’s CLI to “push” a Switch 4108GL stack Member into a destination stack if you know the MAC address of the destination Commander.

  • Page 300: Using The Cli To Remove A Member From A Stack

    For example, suppose you have a Switch 4108GL operating as the Commander for a temporary stack named “Test”. When it is time to eliminate the temporary “Test” stack and convert the Switch 4108GL into a member of an existing stack named “Big_Waters”, you would execute the following commands in the CLI of the Switch 4108GL: Figure 13-33.

  • Page 301

    Commander for the Stack to Which the“North Sea” Switch Belongs Figure 13-35. Example of How To Identify the Commander’s MAC Address from a Member Switch HP Procurve Stack Management HP Procurve Stack Management is the “North Sea” Member’s MAC address...

  • Page 302

    To find the switch number for the Member you want to access, execute the show stack view you wanted to configure a port trunk on the switch named “North Sea” in the stack named “Big_Waters”. Do do so you would go to the CLI for the “Big_Waters”...

  • Page 303: Snmp Community Operation In A Stack

    <MIB variable> 10.31.29.100 blue@sw1 Note that because the gray community is only on switch 3, you could not use the Commander IP address for gray community access from the management station. Instead, you would access switch 3 directly using the switch’s own IP address.

  • Page 304: Using The Cli To Disable Or Re-enable Stacking, Transmission Interval

    Using the CLI To Disable or Re-Enable Stacking In the default configuration, stacking is enabled on the Procurve Switch 4108GL. You can use the CLI to disable stacking on these switches at any time. Disabling stacking has the following effects:...

  • Page 305: Web: Viewing And Configuring Stacking

    If the switch is a Commander, use the [Stack Closeup] and [Stack Management] buttons for viewing and using stack features. To access the web-based Help provided for the switch, click on [?] in the web browser screen. HP Procurve Stack Management...

  • Page 306: Status Messages

    Stacking screens and listings display these status messages: Message Condition Candidate Auto-join Indicates a switch configured with Stack State set to Candidate, Auto Join set to Yes (the default), and no Manager password. Candidate Candidate cannot automatically join the stack because one or both of the following conditions apply: •...

  • Page 307

    VLAN Tagging Information ....... . . 14-23 Effect of VLANs on Other Switch Features ....14-27 Spanning Tree Protocol Operation with VLANs .

  • Page 308: Table Of Contents

    Contents Configuring GVRP On a Switch ......14-37 Menu: Viewing and Configuring GVRP ....14-37 CLI: Viewing and Configuring GVRP .

  • Page 309

    Port-Based VLANs — Page 14-4: GVRP — Page 14-30: For general information on how to use the switch’s built-in interfaces, see: Chapter 2, “Using the Menu Interface” Chapter 3, “Using the Command Line Interface (CLI)” Chapter 4, “Using the HP Web Browser Interface Chapter 5, “Switch Memory and Configuration”...

  • Page 310: Port-based Virtual Lans (static Vlans), Port-based Virtual Lans (static Vlans), Port-based Virtual Lans (static Vlans)

    LAN segments according to their need for common resources. By default, the Switch 4108GL is 802.1Q VLAN enabled and allow up to 30 port- based VLANs (default: 8). For information on GVRP, see “GVRP” on page 14-30.

  • Page 311

    Router Figure 14-1. Example of Routing Between VLANs via an External Router Overlapping (Tagged) VLANs. A port on the Switch 4108GL can be a mem- ber of more than one VLAN if the device to which they are connected complies with the 802.1Q VLAN standard.

  • Page 312

    Figure 14-2. Example of Overlapping VLANs Using the Same Server Similarly, using 802.1Q-compliant switches, you can connect multiple VLANs through a single switch-to-switch link. Figure 14-3. Example of Connecting Multiple VLANs Through the Same Link Introducing Tagged VLAN Technology into Networks Running Legacy (Untagged) VLANs.

  • Page 313: Overview Of Using Vlans, Vlan Support And The Default Vlan, Which Vlan Is Primary

    VLANs and moving ports from the default VLAN to the new VLANs. (The switch supports up to 30 VLANs.) You can change the name of the default VLAN, but you cannot change the default VLAN’s VID (which is always “1”).

  • Page 314: Per-port Static Vlan Configuration Options

    DHCP or Bootp on different VLANs do not result in conflicting configuration values for the switch. The primary VLAN is the VLAN the switch uses to run and manage these features and data. In the factory-default configuration, the switch designates the default VLAN (DEFAULT_VLAN) as the primary VLAN.

  • Page 315

    Untagged Allows VLAN connection to a device that is configured for an untagged VLAN instead of a tagged VLAN. The switch allows no more than one untagged VLAN assignment per port. : Appears when the switch is not GVRP-enabled; prevents the port from - or - joining that VLAN.

  • Page 316: General Steps For Using Vlans, Notes On Using Vlans

    Any ports not specifically assigned to another VLAN will remain assigned to the DEFAULT_VLAN. To delete a VLAN from the switch, you must first remove from that VLAN any ports assigned to it. Changing the number of VLANs supported on the switch requires a reboot.

  • Page 317: Menu: Configuring Vlan Parameters, To Change Vlan Support Settings

    In the factory default state, support is enabled for up to eight VLANs. (You can change the switch VLAN configuration to support up to 30 VLANs.) Also, all ports on the switch belong to the default VLAN (DEFAULT_VLAN) and are in the same broadcast/multicast domain.

  • Page 318

    If you need more VLANs later, you can increase this number, but a switch reboot will be required at that time. Press [Enter] and then [S] to save the VLAN support configuration and return to the VLAN Menu screen.

  • Page 319: Adding Or Editing Vlan Names

    VLAN. (The switch reserves “1” for the default VLAN.) Remember that a VLAN must have the same VID in every switch in which you configure that same VLAN. (GVRP dynamically extends VLANs with correct VID numbering to other switches.

  • Page 320: Adding Or Changing A Vlan Port Assignment

    (Ports not specifically assigned to a VLAN are automat- ically in the default VLAN.) From the Main Menu select: 2. Switch Configuration 8. VLAN Menu . . . You will then see a VLAN Port Assignment screen similar to the following:...

  • Page 321

    Untagged, or Forbid). N o t e For GVRP Operation: If you enable GVRP on the switch, “No” converts to “Auto”, which allows the VLAN to dynamically join an advertised VLAN that has the same VID. See “Per-Port Options for Dynamic VLAN Advertising and Joining”...

  • Page 322: Cli: Configuring Vlan Parameters

    Return to the Main menu. CLI: Configuring VLAN Parameters In the factory default state, all ports on the switch belong to the default VLAN (DEFAULT_VLAN) and are in the same broadcast/multicast domain. (The default VLAN is also the default primary VLAN—see “Which VLAN Is Pri- mary?”...

  • Page 323

    14-21 (Available if GVRP enabled.) Displaying the Switch’s VLAN Configuration. The next command lists the VLANs currently running in the switch, with VID, VLAN name, and VLAN status. Dynamic VLANs appear only if the switch is running with GVRP enabled and one or more ports has dynamically joined an advertised VLAN.

  • Page 324

    Figure 14-13. Example of “Show VLAN” for a Specific Static VLAN Show VLAN lists this data when GVRP is enabled and at least one port on the switch has dynamically joined the designated VLAN. Figure 14-14. Example of “Show VLAN” for a Specific Dynamic VLAN 14-18 show vlan <vlan-id>...

  • Page 325

    Changing the Number of VLANs Allowed on the Switch. By default, the switch allows a maximum of 8 VLANs. You can specify any value from 1 to 30. (If GVRP is enabled, this setting includes any dynamic VLANs on the switch.) As part of implementing a new value, you must execute a write...

  • Page 326

    VLAN with that VID does not already exist, and places you in that VLAN’s context level. If you do not use the name option, the switch uses “VLAN” and the new VID to automatically name the VLAN. If the VLAN already exists, the switch places you in the context level for that VLAN.

  • Page 327

    VLAN. Syntax: For example, suppose a dynamic VLAN with a VID of 125 exists on the switch. The following command converts the VLAN to a static VLAN. Configuring Static VLAN Name and Per-Port Settings. The vlan <vlan- id>...

  • Page 328: Web: Viewing And Configuring Vlan Parameters

    Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) (For information on dynamic VLAN and GVRP operation, see “GVRP” on page 14-30.) For example, suppose you have a VLAN named VLAN100 with a VID of 100, and all ports are set to No for this VLAN. To change the VLAN name to “Blue_Team”...

  • Page 329: Vlan Tagging Information

    (VLAN ID, or VID) assigned to a VLAN at the time that you configure the VLAN name in the switch. In the Switch 4108GL the tag can be any number from 1 to 4094 that is not already assigned to a VLAN. When you subsequently assign a port to a given VLAN, you must implement the VLAN tag (VID) if the port will carry traffic for more than one VLAN.

  • Page 330

    Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) Figure 14-17. Example of Tagged and Untagged VLAN Port Assignments In switch X: • VLANs assigned to ports X1 - X6 can all be untagged because there is only one VLAN assignment per port. Red VLAN traffic will go out only the Red ports;...

  • Page 331

    VLAN must be given the same VID in every device in which it is configured. That is, if the Red VLAN has a VID of 10 in switch X, then 10 must also be used for the Red VID in switch Y.

  • Page 332

    VLAN assigned per port. Port X1 has multiple VLANs assigned, which means that one VLAN assigned to this port can be untagged and any others must be tagged. The same applies to ports X2, Y1, and Y5. Switch X Port Red VLAN...

  • Page 333: Effect Of Vlans On Other Switch Features, Spanning Tree Protocol Operation With Vlans, Ip Interfaces

    Effect of VLANs on Other Switch Features Spanning Tree Protocol Operation with VLANs Because the Switch 4108GL follows the 802.1Q VLAN recommendation to use single-instance spanning tree, STP operates across all ports on the switch (regardless of VLAN assignments) instead of on a per-VLAN basis. This means that if redundant physical links exist between the switch and another 802.1Q...

  • Page 334: Vlan Mac Addresses, Port Trunks, Port Monitoring

    Port-Based Virtual LANs (Static VLANs) VLAN MAC Addresses The switch has one unique MAC address for each of its VLAN interfaces. You can send an 802.2 test packet to this MAC address to verify connectivity to the switch. Likewise, you can assign an IP address to the VLAN interface, and when you Ping that address, ARP will resolve the IP address to this MAC address.

  • Page 335: Vlan Restrictions

    (The “Untagged” designation enables VLAN oper- ation with non 802.1Q-compliant devices.) An external router must be used to communicate between tagged VLANs on the switch. Before you can delete a VLAN, you must first re-assign all ports in the VLAN to another VLAN.

  • Page 336: Gvrp

    GVRP uses “GVRP Bridge Protocol Data Units” (“GVRP BPDUs”) to “adver- tise” static VLANs. In this manual, a GVRP BPDU is termed an advertisement. GVRP enables the Switch 4108GL to dynamically create 802.1Q-compliant VLANs on links with other devices running GVRP. This enables the switch to automatically create VLAN links between GVRP-aware devices.

  • Page 337: General Operation

    (external source) on that specific port. Operating Note: When a GVRP-aware port on a switch learns a VID through GVRP from another device, the switch begins advertising that VID out all of its ports except the port on which the VID was learned.

  • Page 338

    If there is not already a static VLAN with the advertised VID on the receiving port, then dynamically create the VLAN and become a member. If the switch already has a static VLAN assignment with the same VID as in the advertisement, and the port is configured to Auto for that VLAN, then the port will dynamically join the VLAN and begin moving that VLAN’s traffic.

  • Page 339: Per-port Options For Handling Gvrp "unknown Vlans", Per-port Options For Handling Gvrp "unknown Vlans

    “Unknown VLAN” on port 5 in switch “C”. Conversely, if VLAN 22 was statically configured on switch C, but port 5 was not a member, port 5 would become a member when advertisements for VLAN 22 were received from switch “A”.

  • Page 340

    Prevents the port from dynamically joining a VLAN that is not statically configured on that port. The port will still forward advertisements that were received by the switch on other ports. Block should typically be used on ports in unsecure networks, where there is exposure to “attacks”, such as ports where intruders can connect.

  • Page 341: Per-port Options For Dynamic Vlan Advertising And Joining, Options For Dynamic Vlan Advertising/joining

    Each port of a Switch 4108GL must be a Tagged or Untagged member of at least one VLAN. Thus, any port configured for GVRP to Learn or Block will generate and forward advertisements for static VLAN(s) configured on the switch and also for dynamic VLANs the switch learns on other ports.

  • Page 342: Gvrp And Vlan Access Control, Port-leave From A Dynamic Vlan

    GVRP and VLAN Access Control When you enable GVRP on a switch, the default GVRP parameter settings allow all of the switch’s ports to transmit and receive dynamic VLAN adver- tisements (GVRP advertisements) and to dynamically join VLANs. The two preceding sections describe the per-port features you can use to control and limit VLAN propagation.

  • Page 343: Planning For Gvrp Operation, Configuring Gvrp On A Switch, Menu: Viewing And Configuring Gvrp

    “Unknown VLAN” parameter (Learn, Block, or Disable) for each port. Configure the static VLANs on the switch(es) where they are needed, along with the per-VLAN parameters (Tagged, Untagged, Auto, and Forbid— see table 14-3 on page 14-35) on each port.

  • Page 344

    Port-Based Virtual LANs (VLANs) and GVRP GVRP 2. Switch Configuration . . . 8. VLAN Menu . . . Figure 14-23. The VLAN Support Screen (Default Configuration) Do the following to enable GVRP and display the Unknown VLAN fields: Press [E] (for Edit).

  • Page 345: Cli: Viewing And Configuring Gvrp

    14-40 unknown-vlans page 14-40 Displaying the Switch’s Current GVRP Configuration. This command shows whether GVRP is disabled, along with the current settings for the maximum number of VLANs and the current Primary VLAN. (For more on the last two parameters, see “Port-Based Virtual LANs (Static VLANs)” on page 14-4.)

  • Page 346

    This example disables GVRP operation on the switch: Enabling and Disabling GVRP On Individual Ports. When GVRP is enabled on the switch, use the unknown-vlans command to change the Unknown VLAN field for one or more ports. You can use this command at either the Manager level or the interface context level for the desired port(s).

  • Page 347

    Syntax: For example, in the following illustration, switch “B” has one static VLAN (the default VLAN), with GVRP enabled and port 1 configured to Learn for Unknown VLANs. Switch “A” has GVRP enabled and has three static VLANs: the default VLAN, VLAN-222, and VLAN-333.

  • Page 348: Gvrp Operating Notes, Web: Viewing And Configuring Gvrp

    For example, to convert dynamic VLAN 333 (from the previous example) to a static VLAN: When you convert a dynamic VLAN to a static VLAN, all ports on the switch are assigned to the VLAN in Auto mode. Web: Viewing and Configuring GVRP To view, enable, disable, or reconfigure GVRP: Click on the Configuration tab.

  • Page 349

    VLAN configuration. Within the same broadcast domain, a dynamic VLAN can pass through a device that is not GVRP-aware. This is because a hub or a switch that is not GVRP-ware will flood the GVRP (multicast) advertisement packets out all ports.

  • Page 350

    Port-Based Virtual LANs (VLANs) and GVRP GVRP 14-44...

  • Page 351

    Querier Operation ......... 15-18 The Switch Excludes Well-Known or Reserved Multicast Addresses from IP Multicast Filtering .

  • Page 352

    IGMP controls. For general information on how to use the switch’s built-in interfaces, see: Chapter 2, “Using the Menu Interface” Chapter 3, “Using the Command Line Interface (CLI)”...

  • Page 353: General Operation And Features

    Enabling IGMP allows detection of IGMP queries and report packets in order to manage IP multicast traffic through the switch. If no other querier is detected, the switch will then also function as the querier. (If you need to disable the querier feature, you can do so through the IGMP configuration MIB.

  • Page 354: Igmp Terms

    Multimedia Traffic Control with IP Multicast (IGMP) General Operation and Features N o t e IGMP configuration on the Switch 4108GL operates at the VLAN context level. If you are not using VLANs, then configure IGMP in VLAN 1 (the default VLAN) context.

  • Page 355: Igmp Operating Features, Basic Operation

    With the CLI, you can configure these additional options: Forward with High Priority. Disabling this parameter (the default) causes the switch or VLAN to process IP multicast traffic, along with other traffic, in the order received (usually, normal priority). Enabling this parameter causes the switch or VLAN to give a higher priority to IP multicast traffic than to other traffic.

  • Page 356: Cli: Configuring And Displaying Igmp

    224.0.0.0 to 239.255.255.255. Also, incoming IGMP packets intended for reserved, or “well-known” multicast addresses automatically flood through all ports (except the port on which the packets entered the switch). For more on this topic, see “The Switch Excludes Well-Known or Reserved Multicast Addresses from IP Multicast Filtering”...

  • Page 357

    Viewing the Current IGMP Configuration. This command lists the IGMP configuration for all VLANs configured on the switch or for a specific VLAN. show ip igmp config Syntax: show ip igmp vlan <vid> config (For IGMP operating status, see “Internet Group Management Protocol (IGMP) Status”...

  • Page 358

    N o t e If you disable IGMP on a VLAN and then later re-enable IGMP on that VLAN, the switch restores the last-saved IGMP configuration for that VLAN. For more on how switch memory operates, see Chapter 5, “Switch Memory and Config- uration”.

  • Page 359

    Configuring Per-Port IGMP Packet Control. Use this command in the VLAN context to specify how each port should handle IGMP traffic. Syntax: vlan <vid> ip igmp [auto <port-list> | blocked <port-list> | forward <port-list>] Default: auto For example, suppose you wanted to configure IGMP as follows for VLAN 1 on the 100/1000T ports on a module in slot 1: Ports A1-A2 auto...

  • Page 360: Web: Enabling Or Disabling Igmp

    Default: Web: Enabling or Disabling IGMP In the web browser interface you can enable or disable IGMP on a per-VLAN basis. To configure other IGMP features, telnet to the switch console and use the CLI. To Enable or Disable IGMP Click on the Configuration tab.

  • Page 361: How Igmp Operates

    An IP multicast packet includes the multicast group (address) to which the packet belongs. When an IGMP client connected to a switch port needs to receive multicast traffic from a specific group, it joins the group by sending an IGMP report (join request) to the network.

  • Page 362: Operation With Or Without Ip Addressing

    This can be significant in a network with a large number of VLANs. The limitation on IGMP without IP addressing is that the switch cannot become Querier on any VLANs for which it has no IP address— so the network administrator must ensure that another IGMP device will act as Querier.

  • Page 363: Automatic Fast-leave Igmp

    Automatic Fast-Leave IGMP IGMP Operation Presents a "Delayed Leave" Problem. Where multiple IGMP clients are connected to the same port on an IGMP device (switch or router), if only one IGMP client joins a given multicast group, then later sends...

  • Page 364: Forced Fast-leave Igmp

    Multimedia Traffic Control with IP Multicast (IGMP) How IGMP Operates In the next figure, automatic Fast-Leave operates on the switch ports for IGMP clients "3A" and "5B", but not on the switch port for IGMP clients "7A" and 7B, Server "7C", and printer "7D". Fast-Leave IGMP...

  • Page 365: Configuration Options For Forced Fast-leave, Listing The Forced Fast-leave Configuration

    Leave state N o t e o n V L A N In the HP Procurve Switch 4108GL, the walkmib and setmib commands use an internal N u m b e r s : VLAN number (and not the VLAN ID, or VID) to display or change many per-vlan features, such as the Forced Fast-Leave state.

  • Page 366

    The resulting display lists the Forced Fast-Leave state for all ports in the switch, by VLAN. (A port belonging to more than one VLAN will be listed once for each VLAN, and if multiple VLANs are not configured, all ports will be listed as members of the default VLAN.) The following command...

  • Page 367: Configuring Per-port Forced Fast-leave Igmp

    Figure 15-5. Example Listing the Forced Fast-Leave State for a Single Port on the Default VLAN Configuring Per-Port Forced Fast-Leave IGMP In the factory-default configuration, Forced Fast-Leave is disabled for all ports on the switch. To enable (or disable) this feature on individual ports, use the switch’s command, as shown below. setmib Configuring Per-Port Forced Fast-Leave IGMP on Ports.

  • Page 368: Querier Operation

    DEFAULT_VLAN), then subsequently detects queries transmitted from another device on the same VLAN, the switch ceases to operate as the Querier for that VLAN. If this occurs, the switch Event Log lists a pair of messages similar to these: 15-18 Verifies Forced Fast-Leave enabled.

  • Page 369: From Ip Multicast Filtering, The Switch Excludes Well-known Or Reserved Multicast Addresses From Ip

    In the above scenario, if the other device ceases to operate as a Querier on the default VLAN, then the switch detects this change and can become the Querier as long as it is not pre-empted by some other IGMP Querier on the VLAN. In...

  • Page 370

    This operation applies to the HP Procurve Switch 1600M, 2400M, 2424M, 4000M, and 8000M, but not to the Series 2500 switches and the Switch 4108GL (which do not have static traffic/security filters).

  • Page 371

    Spanning Tree Protocol (STP) Chapter Contents Overview ........... . . 16-2 Menu: Configuring STP .

  • Page 372

    Configuration”. N o t e You should enable STP in any switch that is part of a redundant physical link (loop topology). (It is recommended that you enable STP on all switches belonging to a loop topology.) This topic is covered in more detail under “How STP Operates”...

  • Page 373

    As recommended in the IEEE 802.1Q VLAN standard, the Switch 4108GL uses single-instance STP. (As a result, the switch generates untagged Bridge Protocol Data Units—BPDUs.) This implementation creates a single spanning tree to make sure there are no network loops associated with any of the connections to the switch, regardless of whether multiple VLANs are config- ured on the switch.

  • Page 374: Menu: Configuring Stp

    Menu: Configuring STP Menu: Configuring STP From the Main Menu, select: 2. Switch Configuration . . . 4. Spanning Tree Operation Press [E] (for Press the Space bar to select Yes . (Yes in this field means to enable STP.) Read-Only Fields Figure 16-1.

  • Page 375: Cli: Configuring Stp

    See “Spanning Tree Protocol (STP) Information” on page 17-17 Viewing the Current STP Configuration. Regardless of whether STP is disabled (the default), this command lists the switch’s full STP configuration, including general settings and port settings. show spanning-tree configuration...

  • Page 376

    Figure 16-2. Example of the Default STP Configuration Listing Enabling or Disabling STP. Enabling STP implements the spanning-tree protocol for all physical ports on the switch, regardless of whether multiple VLANs are configured. Disabling STP removes protection against redundant loops that can significantly slow or halt a network.

  • Page 377

    *forward-delay 15 seconds 4 - 30 *The switch uses its own maximum-age, hello-time, and forward-delay settings only if it is operating as the root device. If another device is operating as the root device, then the switch uses the other device’s settings for these parameters.

  • Page 378

    For example, the following configures ports C5 and C6 to a path cost of priority of 16-8 Default Range Function 1 - 65535 Assigns an individual port cost that the switch uses 10/100Tx: to determine which ports are the forwarding ports. 100 Fx: Gigabit: 0 - 255 Used by STP to determine the port(s) to use for forwarding.

  • Page 379: Web: Enabling Or Disabling Stp, How Stp Operates

    Web: Enabling or Disabling STP In the web browser interface you can enable or disable STP on the switch. To configure other STP features, telnet to the switch console and use the CLI. To enable or disable STP on the switch: Click on the Configuration tab Click on [Device Features].

  • Page 380: Stp Fast Mode

    STP state, the server access will fail. To provide support for this end node behavior, the Switch 4108GL offers a configuration mode, called “Fast Mode”, that causes the switch port to skip the standard STP start-up sequence and put the port directly into the “Forwarding”...

  • Page 381

    If you encounter end nodes that repeatedly indicate server access failure when attempting to bring up their network connection, and you have enabled STP on the switch, try changing the configuration of the switch ports associated with those end nodes to STP Fast Mode.

  • Page 382: Stp Operation With 802.1q Vlans

    BPDUs). This means that if redundant physical links exist in separate VLANs, spanning tree will block all but one of those links. However, if you need to use STP on the Switch 4108GL in a VLAN environment with redundant physical links, you can prevent blocked redun- dant links by using a port trunk.

  • Page 383

    Spanning Tree Protocol (STP) How STP Operates 16-13...

  • Page 384

    Spanning Tree Protocol (STP) How STP Operates 16-14...

  • Page 385

    General System Information ....... . . 17-5 Switch Management Address Information ..... . 17-6 Module Information .

  • Page 386

    Monitoring and Analyzing Switch Operation Overview Overview The Switch 4108GL has several built-in tools for monitoring, analyzing, and troubleshooting switch and network operation: Status: Includes options for displaying general switch information, man- agement address data, port status, port and trunk group statistics, MAC addresses detected on each port or VLAN, and STP, IGMP, and VLAN data (page 17-3).

  • Page 387: Status And Counters Data

    N o t e You can access all console screens from the web browser interface via Telnet to the console. Telnet access to the switch is available in the Device View window under the Configuration tab. Status or Counters Type...

  • Page 388: Menu Access To Status And Counters

    Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access To Status and Counters Beginning at the Main Menu, display the Status and Counters menu by select- ing: 1. Status and Counters Figure 17-1. The Status and Counters Menu Each of the above menu items accesses the read-only screens described on the following pages.

  • Page 389: General System Information

    From the console Main Menu, select: 1. Status and Counters 1. General System Information Figure 17-2. Example of General Switch Information This screen dynamically indicates how individual switch resources are being used. See the online Help for details. CLI Access show system-information...

  • Page 390: Switch Management Address Information

    Figure 17-3. Example of Management Address Information with VLANs Configured This screen displays addresses that are important for management of the switch. If multiple VLANs are not configured, this screen displays a single IP address for the entire switch. See the online Help for details.

  • Page 391: Module Information

    Monitoring and Analyzing Switch Operation Status and Counters Data Module Information Use this feature to determine which slots have modules installed and which type(s) of modules are installed. Menu: Displaying Port Status From the Main Menu, select: 1. Status and Counters . . .

  • Page 392: Port Status

    Monitoring and Analyzing Switch Operation Status and Counters Data Port Status The web browser interface and the console interface show the same port status data. Menu: Displaying Port Status From the Main Menu, select: 1. Status and Counters . . .

  • Page 393: Viewing Port And Trunk Group Statistics And Flow Control Status

    These features enable you to determine the traffic patterns for each port since the last reboot or reset of the switch. You can display: A general report of traffic on all LAN ports and trunk groups in the switch, along with the per-port flow control status (On or Off).

  • Page 394: Menu Access To Port And Trunk Statistics

    Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to Port and Trunk Statistics To access this screen from the Main Menu, select: 1. Status and Counters . . . 4. Port Counters Figure 17-6. Example of Port Counters on the Menu Interface To view details about the traffic on a particular port, use the [v] key to highlight that port number, then select Show Details.

  • Page 395

    CLI Access To Port and Trunk Group Statistics To Display the Port Counter Summary Report. This command provides an overview of port activity for all ports on the switch. show interfaces Syntax: To Display a Detailed Traffic Summary for Specific Ports. This com- mand provides traffic details for the port(s) you specify.

  • Page 396: Viewing The Switch's Mac Address Tables

    MAC addresses on a specific port searching for a MAC address These features help you to view: The MAC addresses that the switch has learned from network devices attached to the switch The port on which each MAC address was learned 17-12...

  • Page 397

    Menu Access to the MAC Address Views and Searches Per-VLAN MAC-Address Viewing and Searching. This feature lets you determine which switch port on a selected VLAN is being used to communi- cate with a specific device on the network. The per-VLAN listing includes:...

  • Page 398

    Type the MAC address you want to locate and press [Enter]. The address and port number are highlighted if found. If the switch does not find the MAC address on the currently selected VLAN, it leaves the MAC address listing empty.

  • Page 399: Cli Access For Mac Address Views And Searches

    Press [S] (for Search), to display the following prompt: Type the MAC address you want to locate and press [Enter]. The address is highlighted if found. If the switch does not find the address, it leaves the MAC address listing empty.

  • Page 400

    Numbers. This command lists the MAC addresses associated with the ports for a given VLAN. For example: N o t e The Switch 4108GL has a Single Forwarding Database architecture. This means the switches have only a single MAC address table, and not a separate MAC address table per VLAN.

  • Page 401: Spanning Tree Protocol (stp) Information

    1. Status and Counters . . . 8. Spanning Tree Information STP must be enabled on the switch to display the following data: Figure 17-11.Example of Spanning Tree Information Use this screen to determine current switch-level STP parameter settings and statistics.

  • Page 402: Cli Access To Stp Data

    Monitoring and Analyzing Switch Operation Status and Counters Data Figure 17-12.Example of STP Port Information CLI Access to STP Data This option lists the STP configuration, root data, and per-port data (cost, priority, state, and designated bridge). Syntax: 17-18 show spanning-tree...

  • Page 403: Internet Group Management Protocol (igmp) Status

    Internet Group Management Protocol (IGMP) Status The switch uses the CLI to display the following IGMP status on a per-VLAN basis: Show Command Output show ip igmp Global command listing IGMP status for all VLANs configured in the switch: • VLAN ID (VID) and name •...

  • Page 404: Vlan Information

    1, 2 3, 4 The next three figures show how you could list data on the above VLANs. Listing the VLAN ID (VID) and Status for ALL VLANs in the Switch. Figure 17-14.Example of VLAN Listing for the Entire Switch 17-20...

  • Page 405

    VLAN- 44, it does not appear in this listing. Figure 17-15.Example of VLAN Listing for Specific Ports Listing Individual VLAN Status. Figure 17-16.Example of Port Listing for an Individual VLAN Monitoring and Analyzing Switch Operation Status and Counters Data 17-21...

  • Page 406: Web Browser Interface Status Information

    As the title implies, it provides an overview of the status of the switch, including summary graphs indicating the network utili- zation on each of the switch ports, symbolic port status indicators, and the Alert Log, which informs you of any problems that may have occurred on the switch.

  • Page 407: Port Monitoring Features

    You can designate a port for monitoring incoming traffic of one or more other ports on the switch. The switch monitors the network activity by copying all traffic inbound on the specified ports to the designated monitoring port, to which a network analyzer can be attached.

  • Page 408: Menu: Configuring Port Monitoring

    Monitoring and Analyzing Switch Operation Port Monitoring Features Menu: Configuring Port Monitoring This procedure describes configuring the switch for monitoring when moni- toring is disabled. (If monitoring has already been enabled, the screens will appear differently than shown in this procedure.) From the Console Main Menu, Select: 2.

  • Page 409: Cli: Configuring Port Monitoring

    Move the cursor to the Monitoring Port parameter. Inbound Port Monitoring (Only) on the Switch 4108 Figure 17-19. How To Select a Monitoring Port Use the Space bar to select the port to use for monitoring. Use the downarrow key to move the cursor to the Action column for the individual ports and position the cursor at a port you want to monitor.

  • Page 410

    Syntax: For example, if you assign port A6 as the monitoring port and configure the switch to monitor ports A1 - A3, show monitor displays the following: Figure 17-20.Example of Monitored Port Listing Configuring the Monitor Port. This command assigns or removes a mon- itoring port, and must be executed from the global configuration level.

  • Page 411: Web: Configuring Port Monitoring

    To monitor one or more ports. Click on the radio button for Monitor Selected Ports. b. Select the port(s) to monitor. Click on [Apply Changes]. Monitoring and Analyzing Switch Operation Port Monitoring Features From the global config level, selects ports for monitoring sources.

  • Page 412

    Monitoring and Analyzing Switch Operation Port Monitoring Features To remove port monitoring: Click on the Monitoring Off radio button. Click on [Apply Changes]. For web-based Help on how to use the web browser interface screen, click on the [?] button provided on the web browser screen.

  • Page 413

    Troubleshooting Contents Overview ........... . . 18-2 Troubleshooting Approaches .

  • Page 414

    Overview This chapter addresses performance-related network problems that can be caused by topology, switch configuration, and the effects of other devices or their configurations on switch operation. (For switch-specific information on hardware problems indicated by LED behavior, cabling requirements, and other potential hardware-related problems, refer to the installation guide you received with the switch.)

  • Page 415: Troubleshooting Approaches

    Diagnostic tools (Link test, Ping test, configuration file browser) For help in isolating problems, use the easy-to-access switch console built into the switch or Telnet to the switch console. See chapter 4, “Using the Switch Console Interface” for operating information. These tools are available through the switch console •...

  • Page 416: Browser Or Telnet Access Problems

    DHCP/Bootp server configuration to verify correct IP addressing. If you are using DHCP to acquire the IP address for the switch, the IP address “lease time” may have expired so that the IP address has changed. For more information on how to “reserve” an IP address, refer to the documentation for the DHCP application that you are using.

  • Page 417

    Note: If DHCP/Bootp is used to configure the switch, see the Note, above. If you are using DHCP to acquire the IP address for the switch, the IP address “lease time” may have expired so that the IP address has changed.

  • Page 418: Unusual Network Activity, General Problems

    Network activity that fails to meet accepted norms may indicate a hardware problem with one or more of the network components, possibly including the switch. Such problems can also be caused by a network loop or simply too much traffic for the network as it is currently designed and implemented.

  • Page 419: Troubleshooting Cdp Operation

    IP address that has been duplicated somewhere on the network. The Switch Has Been Configured for DHCP/Bootp Operation, But Has Not Received a DHCP or Bootp Reply. When the switch is first config- ured for DHCP/Bootp operation, or if it is rebooted with this configuration, it immediately begins sending request packets on the network.

  • Page 420: Igmp-related Problems

    Filter Traffic. The IGMP feature does not operate if the switch or VLAN does not have an IP address configured manually or obtained through DHCP/Bootp. To verify whether an IP address is configured for the switch or VLAN, do either of the following: Try Using the Web Browser Interface: If you can access the web browser interface, then an IP address is configured.

  • Page 421: Problems Related To Spanning-tree Protocol (stp), Stacking-related Problems, Tacacs-related Problems

    STP Blocks a Link in a VLAN Even Though There Are No Redundant Links in that VLAN. In 802.1Q-compliant switches such as the Switch 4108GL, STP blocks redundant physical links even if they are in separate VLANs. A solution is to use only one, multiple-VLAN (tagged) link between the devices.

  • Page 422

    Disconnect the switch from network access to any TACACS+ servers and then log in to the switch using either Telnet or direct console port access. Because the switch cannot access a TACACS+ server, it will default to local authentication. You can then use the switch’s local Operator or Manager username/password pair to log on.

  • Page 423: Timep, Sntp, Or Gateway Problems, Vlan-related Problems

    System Allows Fewer Login Attempts than Specified in the Switch Configuration. Your TACACS+ server application may be configured to allow fewer login attempts than you have configured in the switch with the aaa authentication num-attempts command. TimeP, SNTP, or Gateway Problems The Switch Cannot Find the Time Server or the Configured Gateway .

  • Page 424

    Similarly, if VLAN_2 (VID=2) is configured as “Tagged on the link port on switch “A”, then it must also be configured as “Tagged” on the link port on switch “B”. Make sure that the VLAN ID (VID) is the same on both switches.

  • Page 425

    One symptom is that a duplicate MAC address appears in the Port Address Table of one port, and then later appears on another port. While the Switch 4108GL has multiple forwarding databases, and thus does not have this problem, some switches with a single forwarding...

  • Page 426

    Disconnect the switch from network access to any TACACS+ servers and then log in to the switch using either Telnet or direct console port access. Because the switch cannot access a TACACS+ server, it will default to local authentication. You can then use the switch’s local Operator or Manager username/password pair to log on.

  • Page 427

    TACACS+ server application. System Allows Fewer Login Attempts than Specified in the Switch Configuration. Your TACACS+ server application may be configured to allow fewer login attempts than you have configured in the switch with the aaa authentication num-attempts command. Troubleshooting...

  • Page 428: Using The Event Log To Identify Problem Sources

    The event log window contains 14 log entry lines and can be positioned to any location in the log. The event log will be erased if power to the switch is interrupted. (The event log is not erased by using the Reboot Switch command in the Main Menu.) 18-16...

  • Page 429: Menu: Entering And Navigating In The Event Log

    Table 18-1. Event Log System Modules Module Event Description addrMgr Address table chassis switch hardware bootp bootp addressing console Console interface dhcp DHCP addressing download file transfer Find, Fix, and Inform -- available in the console event log and web browser...

  • Page 430: Cli:

    Table 18-2. Event Log Control Keys CLI: Using the CLI, you can list Events recorded since the last boot of the switch All events recorded Event entries containing a specific keyword, either since the last boot or all events recorded...

  • Page 431: Diagnostic Tools, Port Auto-negotiation, Ping And Link Tests

    When a link LED does not light (indicating loss of link between two devices), the most common reason is a failure of port auto-negotiation between the connecting ports. If a link LED fails to light when you connect the switch to a port on another device, do the following: Ensure that the switch port and the port on the attached end-node are both set to Auto mode.

  • Page 432

    To respond to a Ping test or a Link test, the device you are trying to reach must be IEEE 802.3-compliant. Ping Test. This is a test of the path between the switch and another device on the same or another IP network that can respond to IP packets (ICMP Echo Requests).

  • Page 433: Web: Executing Ping Or Link Tests

    Destination IP/MAC Address is the network address of the target, or destination, device to which you want to test a connection with the switch. An IP address is in the X.X.X.X format where X is a decimal number between 0 and 255. A MAC address is made up of 12 hexadecimal digits, for example, 0060b0-080400.

  • Page 434: Cli: Ping Or Link Tests

    Troubleshooting Diagnostic Tools Number of Packets to Send is the number of times you want the switch to attempt to test a connection. Timeout in Seconds is the number of seconds to allow per attempt to test a connection before determining that the current attempt has failed.

  • Page 435

    Link Tests. You can issue single or multiple link tests with varying repititions and timeout periods. The defaults are: Repetitions: 1 (1 - 999) Timeout: 5 seconds (1 - 256 seconds) Syntax: Basic Link Test Link Test with Repetitions Link Test with Repetitions and Timeout Link Test Over a...

  • Page 436: Displaying The Configuration File, Cli: Viewing The Configuration File, Web: Viewing The Configuration File

    Diagnostic Tools Displaying the Configuration File The complete switch configuration is contained in a file that you can browse from either the web browser interface or the CLI. It may be useful in some troubleshooting scenarios to view the switch configuration.

  • Page 437: Cli Administrative And Troubleshooting Commands

    CLI Administrative and Troubleshooting Commands These commands provide information or perform actions that you may find helpful in troubleshooting operating problems with the switch. N o t e For more on the CLI, refer to chapter 3, "Using the Command Line Reference (CLI).

  • Page 438: Restoring The Factory-default Configuration, Cli: Resetting To The Factory-default Configuration

    Continue to press the Clear button while releasing the Reset button. When the Self Test LED begins to flash, release the Clear button. The switch will then complete its self test and begin operating with the configuration restored to the factory default settings.

  • Page 439: Restoring A Flash Image

    Restoring a Flash Image The switch can lose its operating system if either the primary or secondary flash image location is empty or contains a corrupted OS file and an operator uses the erase flash command to erase a good OS image file from the opposite flash location.

  • Page 440

    Restoring a Flash Image Since the OS file is larage, you can increase the speed of the download by changing the switch console and terminal emulator baud rates to a high speed. For example: Change the switch baud rate to 115,200 Bps.

  • Page 441

    Figure 18-7. Example of Xmodem Download in Progress When the download completes, the switch reboots from primary flash using the OS image you downloaded in the preceding steps, plus the most recent startup-config file. Troubleshooting Restoring a Flash Image 18-29...

  • Page 442

    Troubleshooting Restoring a Flash Image 18-30...

  • Page 443

    Primary or Secondary Flash ......A-8 Switch-to-Switch Download ....... . . A-9 Menu: Switch-to-Switch Download to Primary Flash .

  • Page 444: Downloading An Operating System (os), Overview, General Os Download Rules

    HP periodically provides switch operating system (OS) updates through the HP Procurve website (http://www.hp.com/go/hpprocurve). For more informa- tion, see the support and warranty booklet shipped with the switch. After you acquire a new OS file, you can use one of the following methods for down-...

  • Page 445: Using Tftp To Download An Os Image From A Server

    Using TFTP To Download an OS Image from a Server This procedure assumes that: An OS file for the switch has been stored on a TFTP server accessible to the switch. (The OS file is typically available from the HP Procurve website at http://www.hp.com/go/hpprocurve.)

  • Page 446

    File Transfers Downloading an Operating System (OS) Menu: TFTP Download from a Server to Primary Flash Note that the menu interface accesses only the primary flash. In the console Main Menu, select Download OS to display this screen: Figure A-1. Example of the Download OS Screen (Default Values) Press [E] (for Edit).

  • Page 447

    A “progress” bar indicates the progress of the download. When the entire OS file has been received, all activity on the switch halts and you will see Validating and writing system software to FLASH... After the primary flash memory has been updated with the new operating system, you must reboot the switch to implement the newly downloaded OS.

  • Page 448

    UNIX Workstation This procedure assumes that: The switch is connected via the Console RS-232 port to a PC operating as a terminal. (Refer to the Installation and Getting Started Guide you received with the switch for information on connecting a PC as a terminal and running the switch console interface.)

  • Page 449

    Click on the [Send] button. The download will then commence. It can take several minutes, depend- ing on the baud rate set in the switch and in your terminal emulator. After the primary flash memory has been updated with the new operating system, you must reboot the switch to implement the newly downloaded OS.

  • Page 450

    <primary | secondary> Reboots from the selected -or- reload (For more on these commands, see “Rebooting the Switch” on page 5-17.) To confirm that the operating system downloaded correctly: Check the Firmware revision line. It should show the OS version that you downloaded in the preceding steps.

  • Page 451: Switch-to-switch Download

    7. Download OS screen. Ensure that the Method parameter is set to TFTP (the default). In the TFTP Server field, enter the IP address of the remote Switch 4108GL containing the OS you want to download. For the Remote File Name, enter one of the following: •...

  • Page 452

    If you do not specify either a primary or secondary flash location for the destination, the download automatically goes to primary flash. For example, to download an OS file from primary flash in a Switch 4108GL with an IP address of 10.28.227.103 to the primary flash in the destination switch, you would execute the following command in the destination switch’s...

  • Page 453: Using The Hp Toptools For Hubs & Switches Utility

    If you do not specify either a primary or secondary flash location for the destination, the download automatically goes to primary flash. For example, to download an OS file from secondary flash in a Switch 4108GL with an IP address of 10.28.227.103 to the secondary flash in the destination switch, you would execute the following command in the destination switch’s...

  • Page 454: Troubleshooting Tftp Downloads

    Figure A-6. Example of Message for Download Failure To find more information on the cause of a download failure, examine the messages in the switch’s Event Log by executing this CLI command: (For more on the Event Log, see “Using the Event Log To Identify Problem Sources”...

  • Page 455: Transferring Switch Configurations

    N o t e If an error occurs in which normal switch operation cannot be restored, the switch automatically reboots itself. In this case, an appropriate message is displayed after the switch reboots.

  • Page 456

    10.28.227.105: Xmodem: Copying a Configuration File from the Switch to a Serially Connected PC or Unix Workstation. To use this method, the switch must be connected via the serial port to a PC or Unix workstation to which you want to copy the configuration file.

  • Page 457

    Xmodem: Copying a Configuration File from a Serially Connected PC or Unix Workstation. To use this method, the switch must be connected via the serial port to a PC or Unix workstation on which is stored the configuration file you want to copy. To complete the copying, you will need to know the name of the file to copy and the drive and directory location of the file.

  • Page 458

    Copying Diagnostic Data to a Remote Host, PC, or Unix Workstation You can use the CLI to copy the following types of switch data to a text file in a management device: Command Output: Sends the output of a switch CLI command as a file on the destination device.

  • Page 459: Copying Event Log Output To A Destination Device

    This command uses TFTP or Xmodem to copy the Event Log content to a PC or UNIX workstation on the network. Syntax: For example, to copy the event log to a PC connected to the switch: At this point, press [Enter] and start the...

  • Page 460: Copying Crash Log Data Content To A Destination Device

    This command uses TFTP or Xmodem to copy the Crash Log content to a PC or UNIX workstation on the network. You can copy individual slot information or the master switch information. If you do not specify either, the command defaults to the master data.

  • Page 461

    Determining MAC Addresses ........B-2 Menu: Viewing the Switch’s MAC Addresses ..... B-3 CLI: Viewing the Port and VLAN MAC Addresses .

  • Page 462: Determining Mac Addresses

    MAC address assigned to any non-default VLAN you have configured on the switch. N o t e The switch’s base MAC address is used for the default VLAN (VID = 1) that is always available on the switch. Use the CLI to view the switch’s port MAC addresses in hexadecimal format.

  • Page 463: Menu: Viewing The Switch's Mac Addresses

    The Base MAC address is used by the first (default) VLAN in the switch. This is usually the VLAN named “DEFAULT_VLAN” unless the name has been changed (by using the VLAN Names screen). On the Switch 4108GL, the VID (VLAN identification number) for the default VLAN is always "1", and cannot be changed.

  • Page 464: Cli: Viewing The Port And Vlan Mac Addresses

    MAC address assignments for individual ports can sometimes be useful when diagnosing switch operation. The switch allots 24 MAC addresses per slot. For a given slot, if a three-port module is installed, then the switch uses the first three MAC addresses in the allotment for slot 1, and the remaining 21 MAC addresses are unused.

  • Page 465

    Figure B-2. Example of Port MAC Address Assignments MAC Address Management Determining MAC Addresses ifPhysAddress.1 - 6: Ports A1 - A6 in Slot 1 (Addresses 7 - 24 in slot 1 and 25 - 48 in slot 2 are unused.) ifPhysAddress.49 - 51: Ports C1 - C3 in Slot 3 (Addresses 52 - 72 in slot 3 are unused.)

  • Page 466

    MAC Address Management Determining MAC Addresses...

  • Page 467

    This information applies to the following HP Procurve switches: • 2512 • 2524 • 4108GL HP Procurve switches provide a way to automatically adjust the system clock for Daylight Savings Time (DST) changes. To use this feature you define the month and date to begin and to end the change from standard time.

  • Page 468

    Daylight Savings Time on HP Procurve Switches Middle Europe and Portugal: • Begin DST at 2am the first Sunday on or after March 25th. • End DST at 2am the first Sunday on or after September 24th. Southern Hemisphere: • Begin DST at 2am the first Sunday on or after October 25th.

  • Page 469

    Before configuring a "User defined" Daylight Time Rule, it is important to understand how the switch treats the entries. The switch knows which dates are Sundays, and uses an algorithm to determine on which date to change the system clock, given the configured "Beginning day" and "Ending day": If the configured day is a Sunday, the time changes at 2am on that day.

  • Page 471

    Index Symbols => prompt … 18-27 Numerics 802.1Q VLAN standard … 16-3 802.3u auto negotiation standard … 11-3 A.09.70 router release … 14-29 aaa authentication … 9-14 access manager … 12-5 operator … 12-5 access levels, authorized IP managers … 10-5 Actions line …...

  • Page 472

    configuration, viewing … 12-19 effect of spanning tree … 12-23 general operation … 12-13 hold time … 12-23 IP address in outbound packet … 12-24 mib objects … 12-25 neighbor … 12-13 neighbor data … 12-25 neighbor maximum … 12-27 neighbor table …...

  • Page 473

    … 14-43 non-GVRP device … 14-43 operating notes … 14-42 port control options … 14-36 port-leave from dynamic … 14-36 reboot, switch … 14-36 recommended tagging … 14-36 standard … 14-30 tagged, dynamic VLAN … 14-31 unknown VLAN … 14-36 unknown VLAN, options …...

  • Page 474

    Help … 2-11, 4-14 Help line, about … 2-9 Help line, location on screens … 2-9 help, online inoperable … 4-14 HP ProCurve support URL … 4-14 HP proprietary MIB … 12-3 HP Router 440 … 14-29 HP Router 470 … 14-29 HP Router 480 …...

  • Page 475

    … 12-5 operator password … 4-9, 4-11, 9-4–9-6 version … A-5, A-7, A-10 OS download failure indication … A-12 switch-to-switch download … A-9 troubleshooting … A-12 using TFTP … A-3 out-of-band … 1-3 password … 4-9, 4-11 browser/console access … 9-4 case-sensitive …...

  • Page 476

    if you lose the password … 4-12, 9-6 incorrect … 9-5 length … 9-5 lost … 4-12 manager … 4-9 operator … 4-9 set … 2-7 setting … 4-10, 9-5 using to access browser and console … 4-11 path cost … 16-10 ping test …...

  • Page 477

    See IGMP reset … 2-12, 5-9 Reset button restoring factory default configuration … 18-26 reset port counters … 17-9 resetting the switch factory default reset … 18-26 restricted access … 12-5 restricted write access … 12-5 See MIB RFC 1213 … 12-3 RFC 1493 …...

  • Page 478

    URL … 4-14 URL … 4-13 URL Window … 4-13 switch console See console switch setup menu … 2-8 switch-to-switch download … A-9 system configuration screen … 6-8 System Name parameter … 6-9 TACACS aaa parameters … 9-16 authentication …...

  • Page 479

    OS download … A-12 ping and link tests … 18-19 restoring factory default configuration … 18-26 switch won’t reboot, shows => prompt … 18-27 unusual network activity … 18-6 using the event log … 18-16 web browser access problems … 18-4...

  • Page 480

    See GVRP spanning tree operation … 16-12 stacking, primary VLAN … 14-8 static … 14-4, 14-8, 14-11, 14-16 support enable/disable … 2-8 switch capacity … 14-4 tagged … 14-5 tagging … 14-23, 14-25 tagging broadcast, multicast, and unicast traffic … 18-11 unknown VLAN …...

  • Page 481

    write memory, effect on menu interface … 2-13 Xmodem OS download … A-6 Index – 11...

  • Page 483

    Technical information in this document is subject to change without notice. ©Copyright Hewlett-Packard Company 2001. All right reserved. Reproduction, adaptation, or translation without prior written permission is prohibited except as allowed under the copyright laws. Product of U.S.A. April 2001 Manual Part Number 5969-2378 *5969-2378*...

Comments to this Manuals

Symbols: 0
Latest comments: