HP 5120 SI Series Manuals

• 1

  Command Reference
• 3

  Table of Contents

12

AAA Configuration Commands

• 12

  General AAA Configuration Commands
  • 12

    Aaa Nas-ID Profile
  • 12

    Access-Limit Enable
  • 13

    Accounting Command
  • 14

    Accounting Default
  • 15

    Accounting Lan-Access
  • 15

    Accounting Login
  • 16

    Accounting Optional
  • 17

    Accounting Portal
  • 18

    Authentication Default
  • 19

    Authentication Lan-Access
  • 19

    Authentication Login
  • 20

    Authentication Portal
  • 21

    Authentication Super
  • 22

    Authorization Command
  • 23

    Authorization Default
  • 24

    Authorization Lan-Access
  • 25

    Authorization Login
  • 26

    Authorization Portal
  • 26

    Authorization-Attribute User-Profile
  • 27

    Cut Connection
  • 28

    Display Connection
  • 31

    Display Domain
  • 32

    Domain
  • 33

    Domain Default Enable
  • 34

    Idle-Cut Enable
  • 35

    Nas-ID Bind Vlan
  • 35

    Self-Service-Url Enable
  • 36

    State
• 37

  Local User Configuration Commands
  • 37

    Access-Limit
  • 38

    Authorization-Attribute (Local User View/User Group View)
  • 39

    Bind-Attribute
  • 40

    Display Local-User
  • 42

    Display User-Group
  • 43

    Expiration-Date (Local User View)
  • 44

    Group
  • 44

    Local-User
  • 45

    Password
  • 46

    Service-Type
  • 47

    State(Local User View)
  • 48

    User-Group
• 49

  RADIUS Configuration Commands
  • 49

    Accounting-On Enable
  • 50

    Attribute 25 Car
  • 50

    Data-Flow-Format (RADIUS Scheme View)
  • 51

    Display Radius Scheme
  • 54

    Display Radius Statistics
  • 57

    Display Stop-Accounting-Buffer
  • 58

    Key (RADIUS Scheme View)
  • 59

    Nas-Ip (RADIUS Scheme View)
  • 60

    Primary Accounting (RADIUS Scheme View)
  • 61

    Primary Authentication (RADIUS Scheme View)
  • 63

    Radius Client
  • 64

    Radius Nas-Ip
  • 65

    Radius Scheme
  • 66

    Radius Trap
  • 67

    Reset Radius Statistics
  • 67

    Reset Stop-Accounting-Buffer
  • 68

    Retry
  • 69

    Retry Realtime-Accounting
  • 70

    Retry Stop-Accounting (RADIUS Scheme View)
  • 70

    Secondary Accounting (RADIUS Scheme View)
  • 72

    Secondary Authentication (RADIUS Scheme View)
  • 74

    Security-Policy-Server
  • 75

    Server-Type
  • 76

    State Primary
  • 76

    State Secondary
  • 77

    Stop-Accounting-Buffer Enable (RADIUS Scheme View)
  • 78

    Timer Quiet (RADIUS Scheme View)
  • 79

    Timer Realtime-Accounting (RADIUS Scheme View)
  • 80

    Timer Response-Timeout (RADIUS Scheme View)
  • 80

    User-Name-Format (RADIUS Scheme View)
• 81

  HWTACACS Configuration Commands
  • 81

    Data-Flow-Format (HWTACACS Scheme View)
  • 82

    Display Hwtacacs
  • 85

    Display Stop-Accounting-Buffer
  • 85

    Hwtacacs Nas-Ip
  • 86

    Hwtacacs Scheme
  • 87

    Key (HWTACACS Scheme View)
  • 88

    Nas-Ip (HWTACACS Scheme View)
  • 89

    Primary Accounting (HWTACACS Scheme View)
  • 90

    Primary Authentication (HWTACACS Scheme View)
  • 91

    Primary Authorization
  • 92

    Reset Hwtacacs Statistics
  • 93

    Reset Stop-Accounting-Buffer
  • 93

    Retry Stop-Accounting (HWTACACS Scheme View)
  • 94

    Secondary Accounting (HWTACACS Scheme View)
  • 95

    Secondary Authentication (HWTACACS Scheme View)
  • 96

    Secondary Authorization
  • 98

    Stop-Accounting-Buffer Enable (HWTACACS Scheme View)
  • 98

    Timer Quiet (HWTACACS Scheme View)
  • 99

    Timer Realtime-Accounting (HWTACACS Scheme View)
  • 100

    Timer Response-Timeout (HWTACACS Scheme View)
  • 100

    User-Name-Format (HWTACACS Scheme View)

102

802.1X Configuration Commands

• 102

  Display Dot1X
• 105

  Dot1X
• 106

  Dot1X Authentication-Method
• 107

  Dot1X Auth-Fail Vlan
• 108

  Dot1X Critical Vlan
• 109

  Dot1X Critical Recovery-Action
• 110

  Dot1X Domain-Delimiter
• 111

  Dot1X Guest-Vlan
• 112

  Dot1X Handshake
• 113

  Dot1X Handshake Secure
• 113

  Dot1X Mandatory-Domain
• 114

  Dot1X Max-User
• 116

  Dot1X Multicast-Trigger
• 116

  Dot1X Port-Control
• 117

  Dot1X Port-Method
• 118

  Dot1X Quiet-Period
• 119

  Dot1X Re-Authenticate
• 120

  Dot1X Retry
• 121

  Dot1X Timer
• 122

  Dot1X Unicast-Trigger
• 123

  Reset Dot1X Statistics

124

EAD Fast Deployment Configuration Commands

• 124

  Dot1X Free-Ip
• 124

  Dot1X Timer Ead-Timeout
• 125

  Dot1X Url

127

MAC Authentication Configuration Commands

• 127

  Display Mac-Authentication
• 129

  Mac-Authentication
• 130

  Mac-Authentication Critical Vlan
• 131

  Mac-Authentication Domain
• 132

  Mac-Authentication Guest-Vlan
• 133

  Mac-Authentication Max-User
• 133

  Mac-Authentication Timer
• 134

  Mac-Authentication User-Name-Format
• 135

  Reset Mac-Authentication Statistics

137

Portal Configuration Commands

• 137

  Display Portal Acl
• 140

  Display Portal Connection Statistics
• 143

  Display Portal Free-Rule
• 145

  Display Portal Interface
• 146

  Display Portal Local-Server
• 147

  Display Portal Server
• 148

  Display Portal Server Statistics
• 150

  Display Portal Tcp-Cheat Statistics
• 152

  Display Portal User
• 153

  Portal Auth-Fail Vlan
• 154

  Portal Auth-Network
• 155

  Portal Delete-User
• 155

  Portal Domain
• 156

  Portal Free-Rule
• 157

  Portal Local-Server
• 158

  Portal Local-Server Enable
• 159

  Portal Local-Server Ip
• 160

  Portal Max-User
• 160

  Portal Move-Mode Auto
• 161

  Portal Nas-ID-Profile
• 162

  Portal Nas-Ip
• 162

  Portal Nas-Port-Type
• 163

  Portal Offline-Detect Interval
• 164

  Portal Redirect-Url
• 165

  Portal Server
• 166

  Portal Server Banner
• 166

  Portal Server Method
• 167

  Portal Server Server-Detect
• 169

  Portal Server User-Sync
• 170

  Portal Web-Proxy Port
• 171

  Reset Portal Connection Statistics
• 172

  Reset Portal Server Statistics
• 172

  Reset Portal Tcp-Cheat Statistics

173

Port Security Configuration Commands

• 173

  Display Port-Security
• 175

  Display Port-Security Mac-Address Block
• 177

  Display Port-Security Mac-Address Security
• 179

  Port-Security Authorization Ignore
• 180

  Port-Security Enable
• 180

  Port-Security Intrusion-Mode
• 181

  Port-Security Mac-Address Security
• 182

  Port-Security Max-Mac-Count
• 183

  Port-Security Ntk-Mode
• 184

  Port-Security Oui
• 184

  Port-Security Port-Mode
• 187

  Port-Security Timer Disableport
• 187

  Port-Security Trap

189

User Profile Configuration Commands

• 189

  Display User-Profile
• 190

  User-Profile Enable
• 190

  User-Profile

192

Password Control Configuration Commands

• 192

  Display Password-Control
• 193

  Display Password-Control Blacklist
• 194

  Password
• 195

  Password-Control Aging
• 196

  Password-Control Alert-Before-Expire
• 197

  Password-Control Authentication-Timeout
• 197

  Password-Control Complexity
• 198

  Password-Control Composition
• 199

  Password-Control { Aging | Composition | History | Length } Enable
• 200

  Password-Control Enable
• 201

  Password-Control Expired-User-Login
• 201

  Password-Control History
• 202

  Password-Control Length
• 203

  Password-Control Login Idle-Time
• 203

  Password-Control Login-Attempt
• 205

  Password-Control Password Update Interval
• 205

  Password-Control Super Aging
• 206

  Password-Control Super Composition
• 207

  Password-Control Super Length
• 207

  Reset Password-Control Blacklist
• 208

  Reset Password-Control History-Record

209

HABP Configuration Commands

• 209

  Display Habp
• 210

  Display Habp Table
• 210

  Display Habp Traffic
• 211

  Habp Client Vlan
• 212

  Habp Enable
• 212

  Habp Server Vlan
• 213

  Habp Timer

214

Public Key Configuration Commands

• 214

  Display Public-Key Local Public
• 216

  Display Public-Key Peer
• 217

  Peer-Public-Key End
• 217

  Public-Key-Code Begin
• 218

  Public-Key-Code End
• 219

  Public-Key Local Create
• 220

  Public-Key Local Destroy
• 220

  Public-Key Local Export Dsa
• 222

  Public-Key Local Export Rsa
• 223

  Public-Key Peer
• 223

  Public-Key Peer Import Sshkey

225

PKI Configuration Commands

• 225

  Attribute
• 226

  Ca Identifier
• 226

  Certificate Request Entity
• 227

  Certificate Request From
• 228

  Certificate Request Mode
• 228

  Certificate Request Polling
• 229

  Certificate Request Url
• 230

  Common-Name
• 230

  Country
• 231

  Crl Check
• 231

  Crl Update-Period
• 232

  Crl Url
• 233

  Display Pki Certificate
• 234

  Display Pki Certificate Access-Control-Policy
• 235

  Display Pki Certificate Attribute-Group
• 236

  Display Pki Crl Domain
• 238

  Fqdn
• 238

  Ip (PKI Entity View)
• 239

  Ldap-Server
• 240

  Locality
• 240

  Organization
• 241

  Organization-Unit
• 241

  Pki Certificate Access-Control-Policy
• 242

  Pki Certificate Attribute-Group
• 242

  Pki Delete-Certificate
• 243

  Pki Domain
• 243

  Pki Entity
• 244

  Pki Import-Certificate
• 245

  Pki Request-Certificate Domain
• 246

  Pki Retrieval-Certificate
• 246

  Pki Retrieval-Crl Domain
• 247

  Pki Validate-Certificate
• 247

  Root-Certificate Fingerprint
• 248

  Rule (PKI CERT ACP View)
• 249

  State

250

SSH2.0 Configuration Commands

• 250

  SSH2.0 Server Configuration Commands
  • 250

    Display Ssh Server
  • 251

    Display Ssh User-Information
  • 252

    Ssh Server Authentication-Retries
  • 253

    Ssh Server Authentication-Timeout
  • 254

    Ssh Server Compatible-Ssh1X
  • 254

    Ssh Server Enable
  • 255

    Ssh Server Rekey-Interval
  • 256

    Ssh User
• 257

  SSH2.0 Client Configuration Commands
  • 257

    Display Ssh Client Source
  • 258

    Display Ssh Server-Info
  • 259

    Ssh Client Authentication Server
  • 259

    Ssh Client First-Time
  • 260

    Ssh Client Ipv6 Source
  • 261

    Ssh Client Source
  • 261

    Ssh2
  • 263

    Ssh2 Ipv6

265

SFTP Configuration Commands

• 265

  SFTP Server Configuration Commands
  • 265

    Sftp Server Enable
  • 265

    Sftp Server Idle-Timeout
• 266

  SFTP Client Configuration Commands
  • 266

    Bye
  • 267

    Cdup
  • 267

    Delete
  • 268

    Dir
  • 269

    Display Sftp Client Source
  • 269

    Exit
  • 270

    Get
  • 270

    Help
  • 272

    Mkdir
  • 272

    Put
  • 273

    Pwd
  • 273

    Quit
  • 274

    Remove
  • 274

    Rename
  • 275

    Rmdir
  • 275

    Sftp
  • 276

    Sftp Client Ipv6 Source
  • 277

    Sftp Client Source
  • 278

    Sftp Ipv6

280

SCP Configuration Commands

• 280

  SCP Client Configuration Commands
  • 280

    Scp

282

SSL Configuration Commands

• 282

  Ciphersuite
• 283

  Client-Verify Enable
• 283

  Close-Mode Wait
• 284

  Display Ssl Client-Policy
• 285

  Display Ssl Server-Policy
• 286

  Handshake Timeout
• 287

  Pki-Domain
• 288

  Prefer-Cipher
• 288

  Server-Verify Enable
• 289

  Session
• 290

  Ssl Client-Policy
• 290

  Ssl Server-Policy
• 291

  Version

293

TCP Attack Protection Configuration Commands

• 293

  Display Tcp Status
• 294

  Tcp Anti-Naptha Enable
• 294

  Tcp State
• 295

  Tcp Syn-Cookie Enable
• 296

  Tcp Timer Check-State

297

IP Source Guard Configuration Commands

• 297

  Display Ip Check Source
• 298

  Display User-Bind
• 300

  Ip Check Source
• 300

  Ip Check Source Ipv6
• 301

  Ip Check Source Max-Entries
• 302

  User-Bind
• 303

  User-Bind Ipv6

304

ARP Attack Protection Configuration Commands

• 304

  ARP Packet Rate Limit Configuration Commands
  • 304

    Arp Rate-Limit
• 304

  Source MAC Address Based ARP Attack Detection Configuration Commands
  • 304

    Arp Anti-Attack Source-Mac
  • 305

    Arp Anti-Attack Source-Mac Aging-Time
  • 306

    Arp Anti-Attack Source-Mac Exclude-Mac
  • 306

    Arp Anti-Attack Source-Mac Threshold
  • 307

    Display Arp Anti-Attack Source-Mac
• 308

  ARP Packet Source MAC Address Consistency Check Configuration Commands
  • 308

    Arp Anti-Attack Valid-Check Enable
• 308

  ARP Active Acknowledgement Configuration Commands
  • 308

    Arp Anti-Attack Active-Ack Enable
• 309

  ARP Detection Configuration Commands
  • 309

    Arp Detection Enable
  • 310

    Arp Detection Trust
  • 310

    Arp Detection Validate
  • 311

    Arp Restricted-Forwarding Enable
  • 311

    Display Arp Detection
  • 312

    Display Arp Detection Statistics
  • 313

    Reset Arp Detection Statistics
• 314

  ARP Gateway Protection Configuration Commands
  • 314

    Arp Filter Source
• 314

  ARP Filtering Configuration Commands
  • 314

    Arp Filter Binding

316

ND Attack Defense Configuration Commands

• 316

  Source MAC Consistency Check Commands
  • 316

    Ipv6 Nd Mac-Check Enable
• 316

  ND Detection Configuration Commands
  • 316

    Display Ipv6 Nd Detection
  • 317

    Display Ipv6 Nd Detection Statistics
  • 318

    Ipv6 Nd Detection Enable
  • 319

    Ipv6 Nd Detection Trust
  • 319

    Reset Ipv6 Nd Detection Statistics

321

SAVI Configuration Commands

• 321

  Ipv6 Savi Dad-Delay
• 321

  Ipv6 Savi Dad-Preparedelay
• 322

  Ipv6 Savi Down-Delay
• 322

  Ipv6 Savi Strict

324

System-Guard Configuration Commands

• 324

  Display System-Guard
• 325

  System-Guard Aging Time
• 325

  System-Guard Control
• 326

  System-Guard Detect-Threshold
• 326

  System-Guard Enable
• 327

  System-Guard Rate-Limit

328

FIPS Configuration Commands

• 328

  Fips Mode Enable
• 328

  Display Fips Status
• 329

  Fips Self-Test

• 1

  Installation Guide
• 3

  Table of Contents

5

Preparing for Installation

• 5

  Safety Recommendations
• 6

  Examining the Installation Site
  • 6

    Temperature/Humidity
  • 6

    Cleanliness
  • 7

    Emi
  • 7

    Laser Safety
• 7

  Installation Tools
• 8

  Installation Accessories

10

Installing the Switch

• 10

  Installing the Switch in a 19-Inch Rack
  • 11

    Mounting Brackets and Mounting Positions
  • 11

    Attaching the Mounting Brackets to the Switch Chassis
  • 13

    Rack-Mounting the Switch
• 15

  Mounting the Switch On a Workbench
• 15

  Grounding the Switch
  • 15

    Grounding the Switch with a Grounding Strip
  • 17

    Grounding the Switch with a Grounding Conductor Buried in the Earth Ground
  • 18

    Grounding the Switch By Using the AC Power Cord
• 19

  Connecting the Power Cord
  • 19

    Connecting the AC Power Cord
  • 19

    Connecting the Switch to a -52 to -55 VDC Output RPS
• 20

  Verifying the Installation

21

Accessing the Switch for the First Time

• 21

  Setting Up the Configuration Environment
• 21

  Connecting the Console Cable
  • 21

    Console Cable
• 22

  Setting Terminal Parameters
• 22

  Powering On the Switch

23

Setting Up an IRF Fabric

• 23

  IRF Fabric Setup Flowchart
• 24

  Planning IRF Fabric Setup
  • 24

    Planning IRF Fabric Size and the Installation Site
  • 24

    Identifying the Master Switch and Planning IRF Member Ids
  • 25

    Planning IRF Topology and Connections
  • 26

    Identifying Physical IRF Ports On the Member Switches
  • 26

    Planning the Cabling Scheme
• 27

  Configuring Basic IRF Settings
• 27

  Connecting the Physical IRF Ports
• 27

  Accessing the IRF Fabric to Verify the Configuration

28

Maintenance and Troubleshooting

• 28

  Power Supply Failure
• 29

  Configuration Terminal Problems

30

Appendix A Chassis Views and Technical Specifications

• 30

  Chassis Views
  • 30

    5120 16G Si
  • 31

    5120 48G Si
  • 31

    5120 8G Poe+ (65W) SI
  • 32

    5120 8G Poe+ (180W) SI
  • 33

    5120 24G Poe+ (370W) SI
• 34

  Technical Specifications
  • 34

    Chassis Dimensions and Weights
  • 34

    Ports
• 34

  Environmental Specifications
• 34

  Power Specifications
  • 34

    Power Input Types
  • 35

    AC Input Voltage Specifications
  • 35

    RPS DC Input Voltage Specifications and RPS Compatibility
  • 35

    Power Consumption Specifications for Non-Poe Switches
  • 35

    Power Consumption Specifications for Poe Switches
• 35

  Cooling System

37

Appendix B Frus and Compatibility Matrixes

• 37

  SFP Transceiver Modules and SFP Stacking Kit

39

Appendix C Ports and Leds

• 39

  Ports
  • 39

    Console Port
  • 39

    10/100/1000Base-T Ethernet Port
  • 39

    SFP Port
• 39

  Leds
  • 40

    Power LED
  • 40

    RPS Status LED
  • 40

    Port Mode LED
  • 41

    10/100/1000Base-T Ethernet Port LED
  • 42

    1000Base-X SFP Port LED