HP ProCurve 6120G/XG Manuals

Manuals and User Guides for HP ProCurve 6120G/XG. We have 10 HP ProCurve 6120G/XG manuals available for free PDF download: Configuration Manual, Manual, Management And Configuration Manual, Management Manual, Installation And Getting Started Manual, Brochure & Specs, Frequently Asked Questions, Installation Instructions

HP ProCurve 6120G/XG Configuration Manual

HP ProCurve 6120G/XG Configuration Manual (662 pages)

ProCurve Series 6120 Blade Switches Management and Configuration Guide  
Brand: HP | Category: Server | Size: 4.76 MB
Table of contents
Table Of Contents5................................................................................................................................................................
Getting Started5................................................................................................................................................................
Selecting A Management Interface6................................................................................................................................................................
Using The Menu Interface6................................................................................................................................................................
Using The Command Line Interface (cli)7................................................................................................................................................................
Using The Procurve Web Browser Interface7................................................................................................................................................................
Switch Memory And Configuration8................................................................................................................................................................
Interface Access And System Information10................................................................................................................................................................
Time Protocols11................................................................................................................................................................
Port Trunking13................................................................................................................................................................
Product Documentation25................................................................................................................................................................
Contents31................................................................................................................................................................
Introduction32................................................................................................................................................................
Conventions32................................................................................................................................................................
Command Syntax Statements32................................................................................................................................................................
Command Prompts33................................................................................................................................................................
Screen Simulations33................................................................................................................................................................
Configuration And Operation Examples33................................................................................................................................................................
Keys33................................................................................................................................................................
Sources For More Information34................................................................................................................................................................
Getting Documentation From The Web36................................................................................................................................................................
Online Help36................................................................................................................................................................
Menu Interface36................................................................................................................................................................
Command Line Interface37................................................................................................................................................................
Web Browser Interface37................................................................................................................................................................
Need Only A Quick Start?38................................................................................................................................................................
Ip Addressing38................................................................................................................................................................
Need Only A Quick Start38................................................................................................................................................................
To Set Up And Install The Switch In Your Network39................................................................................................................................................................
Physical Installation39................................................................................................................................................................
Overview42................................................................................................................................................................
Understanding Physical Interfaces42................................................................................................................................................................
Understanding Management Interfaces43................................................................................................................................................................
Advantages Of Using The Menu Interface44................................................................................................................................................................
Advantages Of Using The Cli45................................................................................................................................................................
General Benefits45................................................................................................................................................................
Information On Using The Cli45................................................................................................................................................................
Advantages Of Using The Web Browser Interface46................................................................................................................................................................
Or Procurve Manager Plus47................................................................................................................................................................
Web Browser Interfaces48................................................................................................................................................................
Banner Operation With Telnet, Serial, Or Sshv2 Access49................................................................................................................................................................
Banner Operation With Web Browser Access49................................................................................................................................................................
Configuring And Displaying A Non-default Banner49................................................................................................................................................................
Example Of Configuring And Displaying A Banner50................................................................................................................................................................
Operating Notes53................................................................................................................................................................
Starting And Ending A Menu Session57................................................................................................................................................................
How To Start A Menu Interface Session58................................................................................................................................................................
How To End A Menu Session And Exit From The Console:59................................................................................................................................................................
How To End A Menu Session And Exit From The Console59................................................................................................................................................................
Main Menu Features61................................................................................................................................................................
Screen Structure And Navigation63................................................................................................................................................................
Rebooting The Switch66................................................................................................................................................................
Menu Features List68................................................................................................................................................................
Where To Go From Here69................................................................................................................................................................
Accessing The Cli72................................................................................................................................................................
Using The Cli72................................................................................................................................................................
Privilege Levels At Logon73................................................................................................................................................................
Privilege Level Operation74................................................................................................................................................................
Operator Privileges74................................................................................................................................................................
Manager Privileges75................................................................................................................................................................
How To Move Between Levels77................................................................................................................................................................
Listing Commands And Command Options78................................................................................................................................................................
Listing Commands Available At Any Privilege Level78................................................................................................................................................................
Listing Command Options80................................................................................................................................................................
Displaying Cli "help"81................................................................................................................................................................
Displaying Cli "help81................................................................................................................................................................
Configuration Commands And The Context Configuration Modes83................................................................................................................................................................
Cli Control And Editing86................................................................................................................................................................
Executing A Prior Command—redo86................................................................................................................................................................
Repeating Execution Of A Command86................................................................................................................................................................
Using A Command Alias88................................................................................................................................................................
Cli Shortcut Keystrokes90................................................................................................................................................................
General Features94................................................................................................................................................................
Interface Session With The Switch95................................................................................................................................................................
Using A Standalone Web Browser In A Pc Or Unix Workstation95................................................................................................................................................................
Procurve Manager Plus (pcm+)96................................................................................................................................................................
Tasks For Your First Procurve Web Browser Interface Session98................................................................................................................................................................
Viewing The "first Time Install" Window98................................................................................................................................................................
In The Browser Interface99................................................................................................................................................................
Entering A User Name And Password101................................................................................................................................................................
Using A User Name101................................................................................................................................................................
If You Lose The Password101................................................................................................................................................................
Online Help For The Web Browser Interface102................................................................................................................................................................
Support/mgmt Urls Feature103................................................................................................................................................................
Support Url104................................................................................................................................................................
Help And The Management Server Url104................................................................................................................................................................
Using The Pcm Server For Switch Web Help105................................................................................................................................................................
Status Reporting Features107................................................................................................................................................................
The Overview Window107................................................................................................................................................................
The Port Utilization And Status Displays108................................................................................................................................................................
Port Utilization108................................................................................................................................................................
Port Status110................................................................................................................................................................
The Alert Log111................................................................................................................................................................
Sorting The Alert Log Entries111................................................................................................................................................................
Alert Types And Detailed Views112................................................................................................................................................................
The Status Bar113................................................................................................................................................................
Setting Fault Detection Policy115................................................................................................................................................................
Configuration File Management119................................................................................................................................................................
Using The Cli To Implement Configuration Changes122................................................................................................................................................................
Configuration Changes126................................................................................................................................................................
Menu: Implementing Configuration Changes126................................................................................................................................................................
Rebooting From The Menu Interface127................................................................................................................................................................
Web: Implementing Configuration Changes129................................................................................................................................................................
Using Primary And Secondary Flash Image Options130................................................................................................................................................................
Displaying The Current Flash Image Data130................................................................................................................................................................
Switch Software Downloads132................................................................................................................................................................
Local Switch Software Replacement And Removal133................................................................................................................................................................
Operating Notes About Booting135................................................................................................................................................................
Boot And Reload Command Comparison136................................................................................................................................................................
Setting The Default Flash137................................................................................................................................................................
Booting From The Default Flash (primary Or Secondary)138................................................................................................................................................................
Booting From A Specified Flash138................................................................................................................................................................
Using Reload139................................................................................................................................................................
Multiple Configuration Files141................................................................................................................................................................
General Operation142................................................................................................................................................................
Transitioning To Multiple Configuration Files143................................................................................................................................................................
Listing And Displaying Startup-config Files145................................................................................................................................................................
Configuration Enabled145................................................................................................................................................................
Displaying The Content Of A Specific Startup-config File146................................................................................................................................................................
Changing Or Overriding The Reboot Configuration Policy146................................................................................................................................................................
Managing Startup-config Files In The Switch148................................................................................................................................................................
Renaming An Existing Startup-config File149................................................................................................................................................................
Creating A New Startup-config File149................................................................................................................................................................
Erasing A Startup-config File151................................................................................................................................................................
Switch To Its Default Configuration153................................................................................................................................................................
Transferring Startup-config Files To Or From A Remote Server153................................................................................................................................................................
Tftp: Copying A Configuration File To A Remote Host154................................................................................................................................................................
Tftp: Copying A Configuration File From A Remote Host155................................................................................................................................................................
Connected Host156................................................................................................................................................................
Operating Notes For Multiple Configuration Files157................................................................................................................................................................
Automatic Configuration Update With Dhcp Option 66157................................................................................................................................................................
Cli Command157................................................................................................................................................................
Automatic Configuration Update With Dhcp Option157................................................................................................................................................................
Possible Scenarios For Updating The Configuration File158................................................................................................................................................................
Log Messages159................................................................................................................................................................
Interface Access: Console/serial Link, Web, And Inbound Telnet163................................................................................................................................................................
Menu: Modifying The Interface Access164................................................................................................................................................................
Cli: Modifying The Interface Access165................................................................................................................................................................
Making Window Size Negotiation Available For A Telnet Session167................................................................................................................................................................
Sessions172................................................................................................................................................................
System Information173................................................................................................................................................................
Menu: Viewing And Configuring System Information174................................................................................................................................................................
Cli: Viewing And Configuring System Information175................................................................................................................................................................
Web: Configuring System Parameters180................................................................................................................................................................
Ip Configuration182................................................................................................................................................................
Just Want A Quick Start With Ip Addressing?183................................................................................................................................................................
Just Want A Quick Start With Ip Addressing183................................................................................................................................................................
Ip Addressing With Multiple Vlans184................................................................................................................................................................
Menu: Configuring Ip Address, Gateway, And Time-to-live (ttl)185................................................................................................................................................................
Cli: Configuring Ip Address, Gateway, And Time-to-live (ttl)186................................................................................................................................................................
Web: Configuring Ip Addressing190................................................................................................................................................................
How Ip Addressing Affects Switch Operation191................................................................................................................................................................
Dhcp/bootp Operation192................................................................................................................................................................
Network Preparations For Configuring Dhcp/bootp194................................................................................................................................................................
Ip Preserve: Retaining Vlan-1 Ip Addressing Across Configuration File Downloads196................................................................................................................................................................
Operating Rules For Ip Preserve196................................................................................................................................................................
Enabling Ip Preserve197................................................................................................................................................................
Configuring A Single Source Ip Address200................................................................................................................................................................
Specifying The Source Ip Address200................................................................................................................................................................
The Source Ip Selection Policy201................................................................................................................................................................
Displaying The Source Ip Interface Information204................................................................................................................................................................
Error Messages208................................................................................................................................................................
Timep Time Synchronization211................................................................................................................................................................
Sntp Time Synchronization211................................................................................................................................................................
Protocol Operation212................................................................................................................................................................
General Steps For Running A Time Protocol On The Switch:212................................................................................................................................................................
Disabling Time Synchronization212................................................................................................................................................................
Sntp: Viewing, Selecting, And Configuring213................................................................................................................................................................
Menu: Viewing And Configuring Sntp214................................................................................................................................................................
Cli: Viewing And Configuring Sntp217................................................................................................................................................................
Viewing The Current Sntp Configuration217................................................................................................................................................................
Configuring (enabling Or Disabling) The Sntp Mode219................................................................................................................................................................
Sntp Client Authentication225................................................................................................................................................................
Requirements225................................................................................................................................................................
Key-value227................................................................................................................................................................
Configuring A Trusted Key227................................................................................................................................................................
Associating A Key With An Sntp Server228................................................................................................................................................................
Enabling Sntp Client Authentication229................................................................................................................................................................
Configuring Unicast And Broadcast Mode229................................................................................................................................................................
Displaying Sntp Configuration Information230................................................................................................................................................................
Include-credentials Command232................................................................................................................................................................
Timep: Viewing, Selecting, And Configuring235................................................................................................................................................................
Menu: Viewing And Configuring Timep236................................................................................................................................................................
Cli: Viewing And Configuring Timep238................................................................................................................................................................
Viewing The Current Timep Configuration238................................................................................................................................................................
Configuring (enabling Or Disabling) The Timep Mode240................................................................................................................................................................
Sntp Unicast Time Polling With Multiple Sntp Servers245................................................................................................................................................................
Displaying All Sntp Server Addresses Configured On The Switch245................................................................................................................................................................
Adding And Deleting Sntp Server Addresses246................................................................................................................................................................
Configured246................................................................................................................................................................
Sntp Messages In The Event Log246................................................................................................................................................................
Viewing Port Status And Configuring Port Parameters249................................................................................................................................................................
Menu: Port Configuration252................................................................................................................................................................
Cli: Viewing Port Status And Configuring Port Parameters254................................................................................................................................................................
Viewing Port Status And Configuration254................................................................................................................................................................
Customizing The Show Interfaces Command256................................................................................................................................................................
Custom" Command259................................................................................................................................................................
Viewing Port Utilization Statistics259................................................................................................................................................................
Viewing Transceiver Status260................................................................................................................................................................
Enabling Or Disabling Ports And Configuring Port Mode261................................................................................................................................................................
Enabling Or Disabling Flow Control263................................................................................................................................................................
Configuring A Broadcast Limit On The Switch264................................................................................................................................................................
Configuring Procurve Auto-mdix265................................................................................................................................................................
Web: Viewing Port Status And Configuring Port Parameters268................................................................................................................................................................
Using Friendly (optional) Port Names269................................................................................................................................................................
Configuring And Operating Rules For Friendly Port Names269................................................................................................................................................................
Configuring Friendly Port Names270................................................................................................................................................................
Displaying Friendly Port Names With Other Port Data271................................................................................................................................................................
Been Inserted275................................................................................................................................................................
Transceivers275................................................................................................................................................................
Modules275................................................................................................................................................................
Clearing The Module Configuration275................................................................................................................................................................
Uni-directional Link Detection (udld)277................................................................................................................................................................
Configuring Udld278................................................................................................................................................................
Enabling Udld279................................................................................................................................................................
Changing The Keepalive Interval280................................................................................................................................................................
Changing The Keepalive Retries280................................................................................................................................................................
Configuring Udld For Tagged Ports280................................................................................................................................................................
Viewing Udld Information281................................................................................................................................................................
Configuration Warnings And Event Log Messages283................................................................................................................................................................
Uplink Failure Detection284................................................................................................................................................................
Terminology284................................................................................................................................................................
Guidelines285................................................................................................................................................................
Configuring Ufd286................................................................................................................................................................
Example Of Ufd Configuration286................................................................................................................................................................
Port Trunk Features And Operation292................................................................................................................................................................
Trunk Configuration Methods292................................................................................................................................................................
Menu: Viewing And Configuring A Static Trunk Group297................................................................................................................................................................
Cli: Viewing And Configuring Port Trunk Groups299................................................................................................................................................................
Using The Cli To View Port Trunks299................................................................................................................................................................
Using The Cli To Configure A Static Or Dynamic Trunk Group302................................................................................................................................................................
Web: Viewing Existing Port Trunk Groups305................................................................................................................................................................
Trunk Group Operation Using Lacp306................................................................................................................................................................
Default Port Operation309................................................................................................................................................................
Lacp Notes And Restrictions310................................................................................................................................................................
Trunk Group Operation Using The "trunk" Option314................................................................................................................................................................
How The Switch Lists Trunk Data315................................................................................................................................................................
Outbound Traffic Distribution Across Trunked Links315................................................................................................................................................................
Rate-limiting322................................................................................................................................................................
All Traffic Rate-limiting322................................................................................................................................................................
Configuring Rate-limiting322................................................................................................................................................................
Displaying The Current Rate-limit Configuration324................................................................................................................................................................
Operating Notes For Rate-limiting324................................................................................................................................................................
Guaranteed Minimum Bandwidth (gmb)328................................................................................................................................................................
Gmb Operation328................................................................................................................................................................
Impacts Of Qos Queue Configuration On Gmb Operation330................................................................................................................................................................
Outbound Traffic331................................................................................................................................................................
Configuration335................................................................................................................................................................
Gmb Operating Notes337................................................................................................................................................................
Jumbo Frames338................................................................................................................................................................
Operating Rules339................................................................................................................................................................
Configuring Jumbo Frame Operation340................................................................................................................................................................
Viewing The Current Jumbo Configuration341................................................................................................................................................................
Enabling Or Disabling Jumbo Traffic On A Vlan343................................................................................................................................................................
Configuring A Maximum Frame Size343................................................................................................................................................................
Snmp Implementation343................................................................................................................................................................
Displaying The Maximum Frame Size344................................................................................................................................................................
Operating Notes For Maximum Frame Size344................................................................................................................................................................
Operating Notes For Jumbo Traffic-handling345................................................................................................................................................................
Troubleshooting347................................................................................................................................................................
Hp 6120xg347................................................................................................................................................................
Using Snmp Tools To Manage The Switch352................................................................................................................................................................
Snmp Management Features354................................................................................................................................................................
Configuring For Snmp Version 1 And 2c Access To The Switch354................................................................................................................................................................
Configuring For Snmp Version 3 Access To The Switch355................................................................................................................................................................
Snmp Version 3 Commands356................................................................................................................................................................
Enabling Snmpv3357................................................................................................................................................................
Snmpv3 Users357................................................................................................................................................................
Enabling Snmpv357................................................................................................................................................................
Group Access Levels361................................................................................................................................................................
Snmpv3 Communities361................................................................................................................................................................
Communities363................................................................................................................................................................
Cli: Viewing And Configuring Snmp Community Names365................................................................................................................................................................
Snmp Notifications367................................................................................................................................................................
Supported Notifications367................................................................................................................................................................
General Steps For Configuring Snmp Notifications368................................................................................................................................................................
Snmpv1 And Snmpv2c Traps369................................................................................................................................................................
Configuring An Snmp Trap Receiver369................................................................................................................................................................
Enabling Snmpv2c Informs371................................................................................................................................................................
Configuring Snmpv3 Notifications373................................................................................................................................................................
Managing Network Security Notifications376................................................................................................................................................................
Enabling Link-change Traps378................................................................................................................................................................
Configuring The Source Ip Address For Snmp Notifications379................................................................................................................................................................
Displaying Snmp Notification Configuration381................................................................................................................................................................
Configuring Listening Mode383................................................................................................................................................................
Advanced Management: Rmon384................................................................................................................................................................
Cli-configured Sflow With Multiple Instances384................................................................................................................................................................
Configuring Sflow385................................................................................................................................................................
Viewing Sflow Configuration And Status385................................................................................................................................................................
Lldp (link-layer Discovery Protocol)388................................................................................................................................................................
General Lldp Operation391................................................................................................................................................................
Lldp-med391................................................................................................................................................................
Packet Boundaries In A Network Topology391................................................................................................................................................................
Configuration Options392................................................................................................................................................................
Options For Reading Lldp Information Collected By The Switch394................................................................................................................................................................
Lldp And Lldp-med Standards Compatibility394................................................................................................................................................................
Lldp Operating Rules395................................................................................................................................................................
Configuring Lldp Operation396................................................................................................................................................................
Viewing The Current Configuration396................................................................................................................................................................
Configuring Global Lldp Packet Controls398................................................................................................................................................................
Configuring Snmp Notification Support402................................................................................................................................................................
Configuring Per-port Transmit And Receive Modes403................................................................................................................................................................
Configuring Basic Lldp Per-port Advertisement Content404................................................................................................................................................................
Advertisements406................................................................................................................................................................
Port Vlan Id Tlv Support On Lldp407................................................................................................................................................................
Configuring The Vlan Id Tlv407................................................................................................................................................................
Displaying The Tlvs Advertised408................................................................................................................................................................
Snmp Support409................................................................................................................................................................
Lldp-med (media-endpoint-discovery)410................................................................................................................................................................
Lldp-med Topology Change Notification413................................................................................................................................................................
Lldp-med Fast Start Control414................................................................................................................................................................
And Location Data414................................................................................................................................................................
Configuring Location Data For Lldp-med Devices417................................................................................................................................................................
Displaying Advertisement Data422................................................................................................................................................................
Displaying Lldp Statistics427................................................................................................................................................................
Lldp Operating Notes429................................................................................................................................................................
Lldp And Cdp Data Management431................................................................................................................................................................
Lldp And Cdp Neighbor Data431................................................................................................................................................................
Cdp Operation And Commands433................................................................................................................................................................
Console Connected Pc Or Unix Workstation437................................................................................................................................................................
Connected Pc Or Unix Workstation437................................................................................................................................................................
Copying Command Output To A Destination Device438................................................................................................................................................................
Copying Event Log Output To A Destination Device438................................................................................................................................................................
Copying Crash Data Content To A Destination Device438................................................................................................................................................................
Copying Crash Log Data Content To A Destination Device438................................................................................................................................................................
Downloading Switch Software439................................................................................................................................................................
General Software Download Rules440................................................................................................................................................................
Using Tftp To Download Software From A Server440................................................................................................................................................................
Menu: Tftp Download From A Server To Primary Flash441................................................................................................................................................................
Cli: Tftp Download From A Server To Flash443................................................................................................................................................................
Enabling Tftp445................................................................................................................................................................
Using Auto-tftp447................................................................................................................................................................
Using Secure Copy And Sftp448................................................................................................................................................................
How It Works449................................................................................................................................................................
The Scp/sftp Process449................................................................................................................................................................
Disable Tftp And Auto-tftp For Enhanced Security450................................................................................................................................................................
Command Options451................................................................................................................................................................
Authentication452................................................................................................................................................................
Scp/sftp Operating Notes452................................................................................................................................................................
Troubleshooting Ssh, Sftp, And Scp Operations454................................................................................................................................................................
A Pc Or Unix Workstation455................................................................................................................................................................
Menu: Xmodem Download To Primary Flash456................................................................................................................................................................
Primary Or Secondary Flash457................................................................................................................................................................
Switch-to-switch Download458................................................................................................................................................................
Menu: Switch-to-switch Download To Primary Flash458................................................................................................................................................................
Cli: Switch-to-switch Downloads459................................................................................................................................................................
Using Pcm+ To Update Switch Software460................................................................................................................................................................
Tftp: Copying A Software Image To A Remote Host461................................................................................................................................................................
Xmodem: Copying A Software Image From The Switch To A Usb Serial Console Connected Pc Or Unix Workstation461................................................................................................................................................................
Copying Software Images461................................................................................................................................................................
Transferring Switch Configurations462................................................................................................................................................................
Tftp: Copying A Customized Command File To A Switch463................................................................................................................................................................
Status And Counters Data474................................................................................................................................................................
Menu Access To Status And Counters475................................................................................................................................................................
General System Information476................................................................................................................................................................
Menu Access476................................................................................................................................................................
Cli Access To System Information477................................................................................................................................................................
Task Monitor—collecting Processor Data478................................................................................................................................................................
Switch Management Address Information478................................................................................................................................................................
Cli Access479................................................................................................................................................................
Menu: Displaying Port Status480................................................................................................................................................................
Web Access480................................................................................................................................................................
Menu Access To Port And Trunk Statistics482................................................................................................................................................................
Cli Access To Port And Trunk Group Statistics483................................................................................................................................................................
Viewing The Switch's Mac Address Tables483................................................................................................................................................................
Menu Access To The Mac Address Views And Searches483................................................................................................................................................................
Cli Access For Mac Address Views And Searches486................................................................................................................................................................
Spanning Tree Protocol (mstp) Information488................................................................................................................................................................
Cli Access To Mstp Data488................................................................................................................................................................
Internet Group Management Protocol (igmp) Status489................................................................................................................................................................
Vlan Information490................................................................................................................................................................
Web Browser Interface Status Information492................................................................................................................................................................
Traffic Mirroring493................................................................................................................................................................
Mirroring Terminology494................................................................................................................................................................
Mirrored Traffic Destinations496................................................................................................................................................................
Local Destinations496................................................................................................................................................................
Monitored Traffic Sources496................................................................................................................................................................
Criteria For Selecting Mirrored Traffic496................................................................................................................................................................
Mirroring Sessions496................................................................................................................................................................
Mirroring Configuration497................................................................................................................................................................
Endpoint Switches And Intermediate Devices498................................................................................................................................................................
Using The Menu Or Web Interface To Configure Local Mirroring499................................................................................................................................................................
Menu And Web Interface Limits499................................................................................................................................................................
Configuration Steps500................................................................................................................................................................
Cli: Configuring Local Mirroring503................................................................................................................................................................
Local Mirroring Overview503................................................................................................................................................................
Determine The Mirroring Session And Destination505................................................................................................................................................................
Configure A Mirroring Session On The Source Switch505................................................................................................................................................................
Configure The Monitored Traffic In A Mirror Session505................................................................................................................................................................
Traffic Selection Options506................................................................................................................................................................
Mirroring-source Restrictions506................................................................................................................................................................
Selecting All Inbound/outbound Traffic To Mirror506................................................................................................................................................................
Displaying A Mirroring Configuration508................................................................................................................................................................
Displaying The Mirroring Configuration Summary508................................................................................................................................................................
Viewing Mirroring In The Current Configuration File510................................................................................................................................................................
Mirroring Configuration Examples511................................................................................................................................................................
Local Mirroring Using Traffic-direction Criteria511................................................................................................................................................................
Maximum Supported Frame Size512................................................................................................................................................................
Enabling Jumbo Frames To Increase Mirroring Path Mtu513................................................................................................................................................................
Untagged, Mirrored Traffic514................................................................................................................................................................
Troubleshooting Mirroring517................................................................................................................................................................
Troubleshooting Approaches523................................................................................................................................................................
Browser Or Telnet Access Problems525................................................................................................................................................................
Unusual Network Activity527................................................................................................................................................................
General Problems527................................................................................................................................................................
Q Prioritization Problems528................................................................................................................................................................
Igmp-related Problems528................................................................................................................................................................
Lacp-related Problems529................................................................................................................................................................
Port-based Access Control (802.1x)-related Problems529................................................................................................................................................................
Qos-related Problems532................................................................................................................................................................
Radius-related Problems533................................................................................................................................................................
Spanning-tree Protocol (mstp) And Fast-uplink Problems534................................................................................................................................................................
Ssh-related Problems535................................................................................................................................................................
Tacacs-related Problems537................................................................................................................................................................
Timep, Sntp, Or Gateway Problems539................................................................................................................................................................
Vlan-related Problems539................................................................................................................................................................
Using The Event Log For Troubleshooting Switch Problems542................................................................................................................................................................
Event Log Entries542................................................................................................................................................................
Menu: Displaying And Navigating In The Event Log549................................................................................................................................................................
Cli: Displaying The Event Log550................................................................................................................................................................
Cli: Clearing Event Log Entries550................................................................................................................................................................
Cli: Turning Event Numbering On551................................................................................................................................................................
Event Log And Snmp Messages551................................................................................................................................................................
Log Throttle Periods552................................................................................................................................................................
Example Of Log Throttling552................................................................................................................................................................
Example Of Event Counter Operation554................................................................................................................................................................
Debug/syslog Operation555................................................................................................................................................................
Debug/syslog Messaging555................................................................................................................................................................
Debug/syslog Destination Devices555................................................................................................................................................................
Debug/syslog Configuration Commands556................................................................................................................................................................
Configuring Debug/syslog Operation557................................................................................................................................................................
Displaying A Debug/syslog Configuration559................................................................................................................................................................
Debug Command562................................................................................................................................................................
Debug Messages562................................................................................................................................................................
Debug Destinations563................................................................................................................................................................
Logging Command565................................................................................................................................................................
Configuring A Syslog Server566................................................................................................................................................................
Adding A Description For A Syslog Server568................................................................................................................................................................
Adding A Priority Description569................................................................................................................................................................
Sent To A Syslog Server570................................................................................................................................................................
Messages Sent To A Syslog Server571................................................................................................................................................................
Operating Notes For Debug And Syslog571................................................................................................................................................................
Diagnostic Tools573................................................................................................................................................................
Port Auto-negotiation574................................................................................................................................................................
Ping And Link Tests574................................................................................................................................................................
Web: Executing Ping Or Link Tests575................................................................................................................................................................
Cli: Ping Test576................................................................................................................................................................
Link Tests577................................................................................................................................................................
Traceroute Command578................................................................................................................................................................
Viewing Switch Configuration And Operation582................................................................................................................................................................
Cli: Viewing The Startup Or Running Configuration File582................................................................................................................................................................
Web: Viewing The Configuration File582................................................................................................................................................................
Cli: Viewing A Summary Of Switch Operational Data582................................................................................................................................................................
Saving Show Tech Command Output To A Text File584................................................................................................................................................................
Customizing Show Tech Command Output585................................................................................................................................................................
Cli: Viewing More Information On Switch Operation588................................................................................................................................................................
Pattern Matching When Using The Show Command589................................................................................................................................................................
Cli: Useful Commands For Troubleshooting Sessions592................................................................................................................................................................
Restoring The Factory-default Configuration593................................................................................................................................................................
Cli: Resetting To The Factory-default Configuration593................................................................................................................................................................
Clear/reset: Resetting To The Factory-default Configuration593................................................................................................................................................................
Restoring A Flash Image594................................................................................................................................................................
Dns Resolver596................................................................................................................................................................
Basic Operation597................................................................................................................................................................
Dns-compatible Commands598................................................................................................................................................................
Configuring A Dns Entry599................................................................................................................................................................
Example Using Dns Names With Ping And Traceroute600................................................................................................................................................................
Viewing The Current Dns Configuration602................................................................................................................................................................
Event Log Messages604................................................................................................................................................................
Determining Mac Addresses607................................................................................................................................................................
Menu: Viewing The Switch's Mac Addresses608................................................................................................................................................................
Cli: Viewing The Port And Vlan Mac Addresses609................................................................................................................................................................
Viewing The Mac Addresses Of Connected Devices611................................................................................................................................................................
Viewing Information On Resource Usage614................................................................................................................................................................
Policy Enforcement Engine614................................................................................................................................................................
When Insufficient Resources Are Available615................................................................................................................................................................
Concepts622................................................................................................................................................................
Example625................................................................................................................................................................
Oobm And Switch Applications626................................................................................................................................................................
Tasks627................................................................................................................................................................
Oobm Configuration627................................................................................................................................................................
Oobm Context627................................................................................................................................................................
Oobm Enable/disable628................................................................................................................................................................
Oobm Port Enable/disable629................................................................................................................................................................
Oobm Ipv4 Address Configuration630................................................................................................................................................................
Oobm Ipv4 Default Gateway Configuration630................................................................................................................................................................
Oobm Show Commands631................................................................................................................................................................
Show Oobm631................................................................................................................................................................
Show Oobm Ip Configuration632................................................................................................................................................................
Show Oobm Arp Information632................................................................................................................................................................
Application Server Commands633................................................................................................................................................................
Application Client Commands635................................................................................................................................................................
General Procedure639................................................................................................................................................................

Advertising

HP ProCurve 6120G/XG Manual

HP ProCurve 6120G/XG Manual (606 pages)

HP ProCurve Series 6120 Blade Switches Access Security Guide  
Brand: HP | Category: Server | Size: 3.8 MB
Table of contents
Table Of Contents5................................................................................................................................................................
Security Overview5................................................................................................................................................................
Web And Mac Authentication7................................................................................................................................................................
For Switch Services10................................................................................................................................................................
Ipv4 Access Control Lists (acls)13................................................................................................................................................................
Configuring Advanced Threat Protection15................................................................................................................................................................
Configuring Port-based And17................................................................................................................................................................
User-based Access Control (802.1x)17................................................................................................................................................................
Configuring And Monitoring Port Security19................................................................................................................................................................
Using Authorized Ip Managers20................................................................................................................................................................
Product Documentation23................................................................................................................................................................
Contents29................................................................................................................................................................
Introduction30................................................................................................................................................................
About This Guide30................................................................................................................................................................
For More Information30................................................................................................................................................................
Access Security Features31................................................................................................................................................................
Network Security Features35................................................................................................................................................................
Getting Started With Access Security37................................................................................................................................................................
Physical Security37................................................................................................................................................................
Quick Start: Using The Management Interface Wizard38................................................................................................................................................................
Cli: Management Interface Wizard38................................................................................................................................................................
Web: Management Interface Wizard40................................................................................................................................................................
Snmp Security Guidelines43................................................................................................................................................................
Precedence Of Security Options45................................................................................................................................................................
Precedence Of Port-based Security Options45................................................................................................................................................................
Dynamic Configuration Arbiter45................................................................................................................................................................
Network Immunity Manager46................................................................................................................................................................
Arbitrating Client-specific Attributes47................................................................................................................................................................
Procurve Identity-driven Manager (idm)49................................................................................................................................................................
Overview53................................................................................................................................................................
Configuring Local Password Security56................................................................................................................................................................
Menu: Setting Passwords56................................................................................................................................................................
Cli: Setting Passwords And Usernames58................................................................................................................................................................
Web: Setting Passwords And Usernames59................................................................................................................................................................
Snmp: Setting Passwords And Usernames59................................................................................................................................................................
Saving Security Credentials In A Config File60................................................................................................................................................................
Benefits Of Saving Security Credentials60................................................................................................................................................................
Enabling The Storage And Display Of Security Credentials61................................................................................................................................................................
Security Settings That Can Be Saved61................................................................................................................................................................
Local Manager And Operator Passwords62................................................................................................................................................................
Password Command Options62................................................................................................................................................................
Snmp Security Credentials63................................................................................................................................................................
X Port-access Credentials64................................................................................................................................................................
Tacacs+ Encryption Key Authentication65................................................................................................................................................................
Radius Shared-secret Key Authentication65................................................................................................................................................................
Ssh Client Public-key Authentication66................................................................................................................................................................
Operating Notes69................................................................................................................................................................
Restrictions71................................................................................................................................................................
Front-panel Security73................................................................................................................................................................
When Security Is Important73................................................................................................................................................................
Front-panel Button Functions74................................................................................................................................................................
Clear Button75................................................................................................................................................................
Reset Button75................................................................................................................................................................
Restoring The Factory Default Configuration75................................................................................................................................................................
Configuring Front-panel Security77................................................................................................................................................................
Disabling The Clear Password Function Of The Clear Button79................................................................................................................................................................
Re-enabling The Clear Button And Setting Or Changing The "reset-on-clear" Operation80................................................................................................................................................................
Changing The Operation Of The Reset+clear Combination81................................................................................................................................................................
Password Recovery82................................................................................................................................................................
Disabling Or Re-enabling The Password Recovery Process82................................................................................................................................................................
Password Recovery Process84................................................................................................................................................................
Web Authentication87................................................................................................................................................................
Mac Authentication88................................................................................................................................................................
Concurrent Web And Mac Authentication88................................................................................................................................................................
Authorized And Unauthorized Client Vlans89................................................................................................................................................................
Radius-based Authentication90................................................................................................................................................................
Wireless Clients90................................................................................................................................................................
How Web And Mac Authentication Operate90................................................................................................................................................................
Web-based Authentication91................................................................................................................................................................
Mac-based Authentication93................................................................................................................................................................
Terminology95................................................................................................................................................................
Operating Rules And Notes96................................................................................................................................................................
Setup Procedure For Web/mac Authentication98................................................................................................................................................................
Before You Configure Web/mac Authentication98................................................................................................................................................................
Configuring The Radius Server To Support Mac Authentication101................................................................................................................................................................
Configuring The Switch To Access A Radius Server101................................................................................................................................................................
Configuring Web Authentication104................................................................................................................................................................
Configuration Commands For Web Authentication105................................................................................................................................................................
Show Commands For Web Authentication112................................................................................................................................................................
Customizing Web Authentication Html Files (optional)118................................................................................................................................................................
Implementing Customized Web-auth Pages118................................................................................................................................................................
Operating Notes And Guidelines118................................................................................................................................................................
Customizing Html Templates119................................................................................................................................................................
Customizable Html Templates120................................................................................................................................................................
Configuring Mac Authentication On The Switch134................................................................................................................................................................
Configuration Commands For Mac Authentication135................................................................................................................................................................
Configuring The Global Mac Authentication Password135................................................................................................................................................................
Configuring A Mac-based Address Format137................................................................................................................................................................
Show Commands For Mac-based Authentication139................................................................................................................................................................
Client Status146................................................................................................................................................................
Terminology Used In Tacacs Applications:149................................................................................................................................................................
Terminology Used In Tacacs Applications149................................................................................................................................................................
General System Requirements151................................................................................................................................................................
General Authentication Setup Procedure151................................................................................................................................................................
Configuring Tacacs+ On The Switch154................................................................................................................................................................
Before You Begin154................................................................................................................................................................
Cli Commands Described In This Section155................................................................................................................................................................
Viewing The Switch's Current Authentication Configuration155................................................................................................................................................................
Server Contact Configuration156................................................................................................................................................................
Configuring The Switch's Authentication Methods157................................................................................................................................................................
Using The Privilege-mode Option For Login157................................................................................................................................................................
Authentication Parameters158................................................................................................................................................................
Configuring The Tacacs+ Server For Single Login159................................................................................................................................................................
Configuring The Switch's Tacacs+ Server Access164................................................................................................................................................................
How Authentication Operates170................................................................................................................................................................
General Authentication Process Using A Tacacs+ Server170................................................................................................................................................................
Local Authentication Process172................................................................................................................................................................
Using The Encryption Key173................................................................................................................................................................
General Operation173................................................................................................................................................................
Encryption Options In The Switch173................................................................................................................................................................
Controlling Web Browser Interface Access When Using Tacacs+ Authentication174................................................................................................................................................................
Messages Related To Tacacs+ Operation175................................................................................................................................................................
Authentication Services179................................................................................................................................................................
Accounting Services180................................................................................................................................................................
Radius-administered Cos And Rate-limiting180................................................................................................................................................................
Radiuis-administered Commands Authorization180................................................................................................................................................................
Snmp Access To The Switch's Authentication Configuration Mib180................................................................................................................................................................
Switch Operating Rules For Radius182................................................................................................................................................................
General Radius Setup Procedure183................................................................................................................................................................
Configuring The Switch For Radius Authentication184................................................................................................................................................................
Outline Of The Steps For Configuring Radius Authentication185................................................................................................................................................................
You Want Radius To Protect186................................................................................................................................................................
Configure Authentication For The Access Methods186................................................................................................................................................................
Enable The (optional) Access Privilege Option189................................................................................................................................................................
Configure The Switch To Access A Radius Server190................................................................................................................................................................
Configure The Switch's Global Radius Parameters193................................................................................................................................................................
Using Multiple Radius Server Groups197................................................................................................................................................................
Commands197................................................................................................................................................................
Enhanced Commands198................................................................................................................................................................
Displaying The Radius Server Group Information200................................................................................................................................................................
Cached Reauthentication202................................................................................................................................................................
Timing Considerations203................................................................................................................................................................
Switch Authentication Features206................................................................................................................................................................
Changing And Viewing The Snmp Access Configuration207................................................................................................................................................................
Controlling Web Browser Interface Access210................................................................................................................................................................
Commands Authorization211................................................................................................................................................................
Enabling Authorization212................................................................................................................................................................
Displaying Authorization Information213................................................................................................................................................................
Configuring Commands Authorization On A Radius Server213................................................................................................................................................................
Using Vendor Specific Attributes (vsas)213................................................................................................................................................................
Example Configuration On Cisco Secure Acs For Ms Windows215................................................................................................................................................................
Example Configuration Using Freeradius217................................................................................................................................................................
Vlan Assignment In An Authentication Session219................................................................................................................................................................
Tagged And Untagged Vlan Attributes220................................................................................................................................................................
Additional Radius Attributes221................................................................................................................................................................
Configuring Radius Accounting223................................................................................................................................................................
Operating Rules For Radius Accounting225................................................................................................................................................................
Steps For Configuring Radius Accounting225................................................................................................................................................................
Sending Reports To The Radius Server228................................................................................................................................................................
Configure Accounting Types And The Controls For228................................................................................................................................................................
Interim Updating Options230................................................................................................................................................................
Viewing Radius Statistics232................................................................................................................................................................
General Radius Statistics232................................................................................................................................................................
Radius Authentication Statistics234................................................................................................................................................................
Radius Accounting Statistics235................................................................................................................................................................
Changing Radius-server Access Order236................................................................................................................................................................
Messages Related To Radius Operation239................................................................................................................................................................
Radius Server Configuration For Per-port Cos (802.1p Priority) And Rate-limiting244................................................................................................................................................................
Applied Rates For Radius-assigned Rate Limits245................................................................................................................................................................
Viewing The Currently Active Per-port Cos And Rate-limiting Configuration Specified By A Radius Server246................................................................................................................................................................
Configuring And Using Radius-assigned Access Control Lists249................................................................................................................................................................
Overview Of Radius-assigned, Dynamic Acls252................................................................................................................................................................
Static Acls253................................................................................................................................................................
Acl To A Switch Port254................................................................................................................................................................
General Acl Features, Planning, And Configuration255................................................................................................................................................................
The Packet-filtering Process256................................................................................................................................................................
Operating Rules For Radius-assigned Acls256................................................................................................................................................................
Configuring An Acl In A Radius Server257................................................................................................................................................................
Nas-filter-rule-options258................................................................................................................................................................
Configuring Ace Syntax In Radius Servers258................................................................................................................................................................
Example Using The Standard Attribute (92) In An Ipv4 Acl260................................................................................................................................................................
Freeradius Application261................................................................................................................................................................
Radius-assigned Acl263................................................................................................................................................................
Configuration Notes264................................................................................................................................................................
Acls264................................................................................................................................................................
On The Switch266................................................................................................................................................................
Icmp Type Numbers And Keywords268................................................................................................................................................................
Event Log Messages269................................................................................................................................................................
After Authenticating270................................................................................................................................................................
Monitoring Shared Resources270................................................................................................................................................................
Prerequisite For Using Ssh275................................................................................................................................................................
Public Key Formats275................................................................................................................................................................
For Switch And Client Authentication276................................................................................................................................................................
General Operating Rules And Notes278................................................................................................................................................................
Configuring The Switch For Ssh Operation279................................................................................................................................................................
Enable (manager) Password280................................................................................................................................................................
Generating The Switch's Public And Private Key Pair280................................................................................................................................................................
Configuring Key Lengths283................................................................................................................................................................
Providing The Switch's Public Key To Clients283................................................................................................................................................................
Client Contact Behavior285................................................................................................................................................................
Enabling Ssh On The Switch And Anticipating Ssh285................................................................................................................................................................
Configuring The Switch For Ssh Authentication290................................................................................................................................................................
Use An Ssh Client To Access The Switch294................................................................................................................................................................
Further Information On Ssh Client Public-key Authentication294................................................................................................................................................................
Messages Related To Ssh Operation300................................................................................................................................................................
Logging Messages301................................................................................................................................................................
Debug Logging302................................................................................................................................................................
Prerequisite For Using Ssl307................................................................................................................................................................
Authentication307................................................................................................................................................................
Configuring The Switch For Ssl Operation309................................................................................................................................................................
Enabling (manager) Password309................................................................................................................................................................
Generating The Switch's Server Host Certificate310................................................................................................................................................................
With The Cli311................................................................................................................................................................
Comments On Certificate Fields312................................................................................................................................................................
Interface314................................................................................................................................................................
Web Browser Interface317................................................................................................................................................................
Browser Contact Behavior319................................................................................................................................................................
Enabling Ssl On The Switch And Anticipating Ssl319................................................................................................................................................................
Using The Cli Interface To Enable Ssl321................................................................................................................................................................
Using The Web Browser Interface To Enable Ssl321................................................................................................................................................................
Common Errors In Ssl Setup323................................................................................................................................................................
Acl Applications328................................................................................................................................................................
Optional Network Management Applications328................................................................................................................................................................
Optional Pcm And Idm Applications329................................................................................................................................................................
General Application Options329................................................................................................................................................................
Types Of Ip Acls334................................................................................................................................................................
Acl Inbound Application Points334................................................................................................................................................................
Features Common To All Acls335................................................................................................................................................................
General Steps For Planning And Configuring Acls336................................................................................................................................................................
Acl Operation337................................................................................................................................................................
Planning An Acl Application341................................................................................................................................................................
Switch Resource Usage341................................................................................................................................................................
Prioritizing And Monitoring Acl And Qos, Feature Usage341................................................................................................................................................................
Acl Resource Usage And Monitoring341................................................................................................................................................................
Rule Usage342................................................................................................................................................................
Managing Acl Resource Consumption343................................................................................................................................................................
Oversubscribing Available Resources343................................................................................................................................................................
Troubleshooting A Shortage Of Resources343................................................................................................................................................................
Example Of Acl Resource Usage344................................................................................................................................................................
Viewing The Current Rule Usage344................................................................................................................................................................
Traffic Management And Improved Network Performance347................................................................................................................................................................
Security347................................................................................................................................................................
Guidelines For Planning The Structure Of An Acl348................................................................................................................................................................
Acl Configuration And Operating Rules349................................................................................................................................................................
How An Ace Uses A Mask To Screen Packets For Matches350................................................................................................................................................................
Masks And The Masks Used With Acls?351................................................................................................................................................................
Access Control Entry (ace)352................................................................................................................................................................
Configuring And Assigning An Acl357................................................................................................................................................................
General Steps For Implementing Acls357................................................................................................................................................................
Types Of Acls357................................................................................................................................................................
Acl Configuration Structure358................................................................................................................................................................
Standard Acl Structure359................................................................................................................................................................
Extended Acl Configuration Structure359................................................................................................................................................................
Acl Configuration Factors361................................................................................................................................................................
Acl Resource Consumption361................................................................................................................................................................
The Sequence Of Entries In An Acl Is Significant361................................................................................................................................................................
In Any Acl, There Will Always Be A Match362................................................................................................................................................................
Apply It To An Interface362................................................................................................................................................................
Using The Cli To Create An Acl363................................................................................................................................................................
General Ace Rules363................................................................................................................................................................
Using Cidr Notation To Enter The Acl Mask363................................................................................................................................................................
Configuring And Assigning A Numbered, Standard Acl364................................................................................................................................................................
Configuring And Assigning A Numbered, Extended Acl369................................................................................................................................................................
Configuring A Named Acl375................................................................................................................................................................
Enabling Or Disabling Acl Filtering On An Interface377................................................................................................................................................................
Deleting An Acl From The Switch378................................................................................................................................................................
Displaying Acl Data379................................................................................................................................................................
Display An Acl Summary379................................................................................................................................................................
Display The Content Of All Acls On The Switch380................................................................................................................................................................
Display The Acl Assignments For An Interface381................................................................................................................................................................
Displaying The Content Of A Specific Acl382................................................................................................................................................................
Displaying The Current Acl Resources384................................................................................................................................................................
Display All Acls And Their Assignments In The Switch Startup-config File And Running-config File385................................................................................................................................................................
Editing Acls And Creating An Acl Offline385................................................................................................................................................................
Using The Cli To Edit Acls385................................................................................................................................................................
General Editing Rules386................................................................................................................................................................
Deleting Any Ace From An Acl386................................................................................................................................................................
Working Offline To Create Or Edit An Acl388................................................................................................................................................................
Creating An Acl Offline389................................................................................................................................................................
Enable Acl "deny" Logging392................................................................................................................................................................
Requirements For Using Acl Logging392................................................................................................................................................................
Acl Logging Operation393................................................................................................................................................................
Enabling Acl Logging On The Switch393................................................................................................................................................................
Operating Notes For Acl Logging395................................................................................................................................................................
General Acl Operating Notes396................................................................................................................................................................
Dhcp Snooping402................................................................................................................................................................
Enabling Dhcp Snooping403................................................................................................................................................................
Enabling Dhcp Snooping On Vlans405................................................................................................................................................................
Configuring Dhcp Snooping Trusted Ports406................................................................................................................................................................
Configuring Authorized Server Addresses407................................................................................................................................................................
Using Dhcp Snooping With Option 82407................................................................................................................................................................
Using Dhcp Snooping With Option407................................................................................................................................................................
Changing The Remote-id From A Mac To An Ip Address409................................................................................................................................................................
Disabling The Mac Address Check409................................................................................................................................................................
The Dhcp Binding Database410................................................................................................................................................................
Operational Notes411................................................................................................................................................................
Log Messages412................................................................................................................................................................
Dynamic Arp Protection414................................................................................................................................................................
Enabling Dynamic Arp Protection416................................................................................................................................................................
Configuring Trusted Ports416................................................................................................................................................................
Adding An Ip-to-mac Binding To The Dhcp Database418................................................................................................................................................................
Configuring Additional Validation Checks On Arp Packets419................................................................................................................................................................
Verifying The Configuration Of Dynamic Arp Protection419................................................................................................................................................................
Displaying Arp Packet Statistics420................................................................................................................................................................
Monitoring Dynamic Arp Protection421................................................................................................................................................................
Dynamic Ip Lockdown421................................................................................................................................................................
Protection Against Ip Source Address Spoofing422................................................................................................................................................................
Prerequisite: Dhcp Snooping422................................................................................................................................................................
Filtering Ip And Mac Addresses Per-port And Per-vlan423................................................................................................................................................................
Enabling Dynamic Ip Lockdown424................................................................................................................................................................
Adding An Ip-to-mac Binding To The Dhcp Binding Database426................................................................................................................................................................
Potential Issues With Bindings426................................................................................................................................................................
Adding A Static Binding427................................................................................................................................................................
Verifying The Dynamic Ip Lockdown Configuration427................................................................................................................................................................
Displaying The Static Configuration Of Ip-to-mac Bindings428................................................................................................................................................................
Debugging Dynamic Ip Lockdown429................................................................................................................................................................
Using The Instrumentation Monitor431................................................................................................................................................................
Configuring Instrumentation Monitor433................................................................................................................................................................
Examples434................................................................................................................................................................
Viewing The Current Instrumentation Monitor Configuration435................................................................................................................................................................
Filter Limits438................................................................................................................................................................
Using Port Trunks With Filters438................................................................................................................................................................
Filter Types And Operation439................................................................................................................................................................
Source-port Filters440................................................................................................................................................................
Operating Rules For Source-port Filters440................................................................................................................................................................
Example441................................................................................................................................................................
Named Source-port Filters442................................................................................................................................................................
Operating Rules For Named Source-port Filters442................................................................................................................................................................
Defining And Configuring Named Source-port Filters443................................................................................................................................................................
Viewing A Named Source-port Filter444................................................................................................................................................................
Using Named Source-port Filters445................................................................................................................................................................
Configuring Traffic/security Filters451................................................................................................................................................................
Configuring A Source-port Traffic Filter452................................................................................................................................................................
Example Of Creating A Source-port Filter453................................................................................................................................................................
Configuring A Filter On A Port Trunk453................................................................................................................................................................
Editing A Source-port Filter454................................................................................................................................................................
Filter Indexing455................................................................................................................................................................
Displaying Traffic/security Filters456................................................................................................................................................................
Why Use Port-based Or User-based Access Control?460................................................................................................................................................................
General Features460................................................................................................................................................................
Why Use Port-based Or User-based Access Control460................................................................................................................................................................
User Authentication Methods461................................................................................................................................................................
X User-based Access Control461................................................................................................................................................................
X Port-based Access Control462................................................................................................................................................................
Alternative To Using A Radius Server463................................................................................................................................................................
Accounting463................................................................................................................................................................
General 802.1x Authenticator Operation466................................................................................................................................................................
Example Of The Authentication Process466................................................................................................................................................................
Vlan Membership Priority467................................................................................................................................................................
General Setup Procedure For 802.1x Access Control471................................................................................................................................................................
Do These Steps Before You Configure 802.1x Operation471................................................................................................................................................................
Overview: Configuring 802.1x Authentication On The Switch474................................................................................................................................................................
Configuring Switch Ports As 802.1x Authenticators475................................................................................................................................................................
Enable 802.1x Authentication On Selected Ports476................................................................................................................................................................
A. Enable The Selected Ports As Authenticators And Enable The (default) Port-based Authentication476................................................................................................................................................................
Port-based Authentication477................................................................................................................................................................
B. Specify User-based Authentication Or Return To477................................................................................................................................................................
Example: Configuring User-based 802.1x Authentication478................................................................................................................................................................
Example: Configuring Port-based 802.1x Authentication478................................................................................................................................................................
Reconfigure Settings For Port-access478................................................................................................................................................................
Configure The 802.1x Authentication Method481................................................................................................................................................................
Enter The Radius Host Ip Address(es)482................................................................................................................................................................
Enable 802.1x Authentication On The Switch482................................................................................................................................................................
Optional: Reset Authenticator Operation483................................................................................................................................................................
Optional: Configure 802.1x Controlled Directions483................................................................................................................................................................
Wake-on-lan Traffic484................................................................................................................................................................
Example: Configuring 802.1x Controlled Directions485................................................................................................................................................................
Unauthenticated Vlan Access (guest Vlan Access)485................................................................................................................................................................
Characteristics Of Mixed Port Access Mode486................................................................................................................................................................
Configuring Mixed Port Access Mode487................................................................................................................................................................
X Open Vlan Mode488................................................................................................................................................................
Vlan Membership Priorities489................................................................................................................................................................
Use Models For 802.1x Open Vlan Modes490................................................................................................................................................................
Unauthorized-client Vlans495................................................................................................................................................................
Setting Up And Configuring 802.1x Open Vlan Mode499................................................................................................................................................................
X Open Vlan Operating Notes503................................................................................................................................................................
Option For Authenticator Ports: Configure Port-security To Allow Only 802.1x-authenticated Devices504................................................................................................................................................................
Option For Authenticator Ports: Configure Port-security504................................................................................................................................................................
To Allow Only 802.1x-authenticated Devices504................................................................................................................................................................
Port-security505................................................................................................................................................................
Configuring Switch Ports To Operate As Supplicants For 802.1x Connections To Other Switches506................................................................................................................................................................
Supplicant Port Configuration508................................................................................................................................................................
Displaying 802.1x Configuration, Statistics, And Counters510................................................................................................................................................................
Show Commands For Port-access Authenticator510................................................................................................................................................................
Viewing 802.1x Open Vlan Mode Status519................................................................................................................................................................
Show Commands For Port-access Supplicant523................................................................................................................................................................
How Radius/802.1x Authentication Affects Vlan Operation524................................................................................................................................................................
Vlan Assignment On A Port525................................................................................................................................................................
Authentication Session527................................................................................................................................................................
In Authentication Sessions530................................................................................................................................................................
Messages Related To 802.1x Operation532................................................................................................................................................................
Port Security536................................................................................................................................................................
Basic Operation536................................................................................................................................................................
Eavesdrop Prevention537................................................................................................................................................................
Disabling Eavesdrop Prevention537................................................................................................................................................................
Feature Interactions When Eavesdrop Prevention Is Disabled538................................................................................................................................................................
Mib Support539................................................................................................................................................................
Blocking Unauthorized Traffic539................................................................................................................................................................
Trunk Group Exclusion540................................................................................................................................................................
Planning Port Security541................................................................................................................................................................
Port Security Command Options And Operation542................................................................................................................................................................
Port Security Display Options542................................................................................................................................................................
Configuring Port Security546................................................................................................................................................................
Retention Of Static Addresses551................................................................................................................................................................
Mac Lockdown556................................................................................................................................................................
Differences Between Mac Lockdown And Port Security558................................................................................................................................................................
Mac Lockdown Operating Notes559................................................................................................................................................................
Deploying Mac Lockdown560................................................................................................................................................................
Mac Lockout560................................................................................................................................................................
Port Security And Mac Lockout563................................................................................................................................................................
Web: Displaying And Configuring Port Security Features564................................................................................................................................................................
Reading Intrusion Alerts And Resetting Alert Flags564................................................................................................................................................................
Notice Of Security Violations564................................................................................................................................................................
How The Intrusion Log Operates565................................................................................................................................................................
Keeping The Intrusion Log Current By Resetting Alert Flags566................................................................................................................................................................
Resetting Alert Flags567................................................................................................................................................................
And Resetting Alert Flags568................................................................................................................................................................
Using The Event Log To Find Intrusion Alerts570................................................................................................................................................................
Alerts, And Resetting Alert Flags571................................................................................................................................................................
Operating Notes For Port Security572................................................................................................................................................................
Options577................................................................................................................................................................
Access Levels577................................................................................................................................................................
Defining Authorized Management Stations578................................................................................................................................................................
Overview Of Ip Mask Operation578................................................................................................................................................................
Menu: Viewing And Configuring Ip Authorized Managers579................................................................................................................................................................
Cli: Viewing And Configuring Authorized Ip Managers580................................................................................................................................................................
Listing The Switch's Current Authorized Ip Manager(s)580................................................................................................................................................................
Configuring Ip Authorized Managers For The Switch581................................................................................................................................................................
Web: Configuring Ip Authorized Managers583................................................................................................................................................................
Web Proxy Servers583................................................................................................................................................................
How To Eliminate The Web Proxy Server583................................................................................................................................................................
Web-based Help584................................................................................................................................................................
Building Ip Masks584................................................................................................................................................................
Configuring One Station Per Authorized Manager Ip Entry584................................................................................................................................................................
Configuring Multiple Stations Per Authorized Manager Ip Entry585................................................................................................................................................................
Additional Examples For Authorizing Multiple Stations587................................................................................................................................................................
HP ProCurve 6120G/XG Management And Configuration Manual

HP ProCurve 6120G/XG Management And Configuration Manual (589 pages)

ProCurve Series 6120 Switches  
Brand: HP | Category: Switch | Size: 3.47 MB
Table of contents
Table Of Contents4................................................................................................................................................................
Getting Started4................................................................................................................................................................
Selecting A Management Interface4................................................................................................................................................................
Using The Menu Interface5................................................................................................................................................................
Using The Command Line Interface (cli)5................................................................................................................................................................
Using The Procurve Web Browser Interface6................................................................................................................................................................
Switch Memory And Configuration7................................................................................................................................................................
Using The Menu And Web Browser Interfaces To Implement7................................................................................................................................................................
Interface Access And System Information8................................................................................................................................................................
Configuring Ip Addressing9................................................................................................................................................................
Time Protocols9................................................................................................................................................................
Port Status And Configuration10................................................................................................................................................................
Port Trunking11................................................................................................................................................................
Port Traffic Controls12................................................................................................................................................................
Product Documentation22................................................................................................................................................................
Contents27................................................................................................................................................................
Introduction28................................................................................................................................................................
Conventions28................................................................................................................................................................
Command Syntax Statements28................................................................................................................................................................
Command Prompts29................................................................................................................................................................
Screen Simulations29................................................................................................................................................................
Configuration And Operation Examples29................................................................................................................................................................
Keys29................................................................................................................................................................
Sources For More Information30................................................................................................................................................................
Getting Documentation From The Web32................................................................................................................................................................
Online Help32................................................................................................................................................................
Menu Interface32................................................................................................................................................................
Command Line Interface33................................................................................................................................................................
Web Browser Interface33................................................................................................................................................................
Need Only A Quick Start?34................................................................................................................................................................
Ip Addressing34................................................................................................................................................................
To Set Up And Install The Switch In Your Network34................................................................................................................................................................
Physical Installation34................................................................................................................................................................
Need Only A Quick Start34................................................................................................................................................................
Overview37................................................................................................................................................................
Understanding Physical Interfaces37................................................................................................................................................................
Understanding Management Interfaces38................................................................................................................................................................
Advantages Of Using The Menu Interface39................................................................................................................................................................
Advantages Of Using The Cli40................................................................................................................................................................
General Benefits40................................................................................................................................................................
Information On Using The Cli40................................................................................................................................................................
Advantages Of Using The Web Browser Interface41................................................................................................................................................................
Or Procurve Manager Plus42................................................................................................................................................................
Web Browser Interfaces44................................................................................................................................................................
Banner Operation With Telnet, Serial, Or Sshv2 Access44................................................................................................................................................................
Banner Operation With Web Browser Access44................................................................................................................................................................
Configuring And Displaying A Non-default Banner45................................................................................................................................................................
Example Of Configuring And Displaying A Banner46................................................................................................................................................................
Operating Notes48................................................................................................................................................................
Starting And Ending A Menu Session51................................................................................................................................................................
How To Start A Menu Interface Session52................................................................................................................................................................
How To End A Menu Session And Exit From The Console:53................................................................................................................................................................
How To End A Menu Session And Exit From The Console53................................................................................................................................................................
Main Menu Features55................................................................................................................................................................
Screen Structure And Navigation57................................................................................................................................................................
Rebooting The Switch60................................................................................................................................................................
Menu Features List62................................................................................................................................................................
Where To Go From Here63................................................................................................................................................................
Accessing The Cli65................................................................................................................................................................
Using The Cli65................................................................................................................................................................
Privilege Levels At Logon66................................................................................................................................................................
Privilege Level Operation67................................................................................................................................................................
Operator Privileges67................................................................................................................................................................
Manager Privileges68................................................................................................................................................................
How To Move Between Levels70................................................................................................................................................................
Listing Commands And Command Options71................................................................................................................................................................
Listing Commands Available At Any Privilege Level71................................................................................................................................................................
Listing Command Options73................................................................................................................................................................
Displaying Cli "help"74................................................................................................................................................................
Displaying Cli "help74................................................................................................................................................................
Configuration Commands And The Context Configuration Modes76................................................................................................................................................................
Cli Control And Editing79................................................................................................................................................................
Executing A Prior Command—redo79................................................................................................................................................................
Repeating Execution Of A Command79................................................................................................................................................................
Using A Command Alias81................................................................................................................................................................
Cli Shortcut Keystrokes83................................................................................................................................................................
General Features86................................................................................................................................................................
Interface Session With The Switch87................................................................................................................................................................
Using A Standalone Web Browser In A Pc Or Unix Workstation87................................................................................................................................................................
Procurve Manager Plus (pcm+)88................................................................................................................................................................
Tasks For Your First Procurve Web Browser Interface Session90................................................................................................................................................................
Viewing The "first Time Install" Window90................................................................................................................................................................
In The Browser Interface91................................................................................................................................................................
Entering A User Name And Password93................................................................................................................................................................
Using A User Name93................................................................................................................................................................
If You Lose The Password93................................................................................................................................................................
Online Help For The Web Browser Interface94................................................................................................................................................................
Support/mgmt Urls Feature95................................................................................................................................................................
Support Url96................................................................................................................................................................
Help And The Management Server Url96................................................................................................................................................................
Using The Pcm Server For Switch Web Help97................................................................................................................................................................
Status Reporting Features99................................................................................................................................................................
The Overview Window99................................................................................................................................................................
The Port Utilization And Status Displays100................................................................................................................................................................
Port Utilization100................................................................................................................................................................
Port Status102................................................................................................................................................................
The Alert Log103................................................................................................................................................................
Sorting The Alert Log Entries103................................................................................................................................................................
Alert Types And Detailed Views104................................................................................................................................................................
The Status Bar105................................................................................................................................................................
Setting Fault Detection Policy107................................................................................................................................................................
Configuration File Management111................................................................................................................................................................
Using The Cli To Implement Configuration Changes114................................................................................................................................................................
Configuration Changes118................................................................................................................................................................
Menu: Implementing Configuration Changes118................................................................................................................................................................
Rebooting From The Menu Interface119................................................................................................................................................................
Web: Implementing Configuration Changes121................................................................................................................................................................
Using Primary And Secondary Flash Image Options122................................................................................................................................................................
Displaying The Current Flash Image Data122................................................................................................................................................................
Switch Software Downloads124................................................................................................................................................................
Local Switch Software Replacement And Removal125................................................................................................................................................................
Operating Notes About Booting127................................................................................................................................................................
Boot And Reload Command Comparison128................................................................................................................................................................
Setting The Default Flash129................................................................................................................................................................
Booting From The Default Flash (primary Or Secondary)130................................................................................................................................................................
Booting From A Specified Flash130................................................................................................................................................................
Using Reload131................................................................................................................................................................
Multiple Configuration Files133................................................................................................................................................................
General Operation134................................................................................................................................................................
Transitioning To Multiple Configuration Files135................................................................................................................................................................
Listing And Displaying Startup-config Files137................................................................................................................................................................
Configuration Enabled137................................................................................................................................................................
Displaying The Content Of A Specific Startup-config File138................................................................................................................................................................
Changing Or Overriding The Reboot Configuration Policy138................................................................................................................................................................
Managing Startup-config Files In The Switch140................................................................................................................................................................
Renaming An Existing Startup-config File141................................................................................................................................................................
Creating A New Startup-config File141................................................................................................................................................................
Erasing A Startup-config File143................................................................................................................................................................
Switch To Its Default Configuration145................................................................................................................................................................
Transferring Startup-config Files To Or From A Remote Server145................................................................................................................................................................
Tftp: Copying A Configuration File To A Remote Host146................................................................................................................................................................
Tftp: Copying A Configuration File From A Remote Host147................................................................................................................................................................
Connected Host148................................................................................................................................................................
Operating Notes For Multiple Configuration Files149................................................................................................................................................................
Cli Command149................................................................................................................................................................
Automatic Configuration Update With Dhcp Option 66149................................................................................................................................................................
Automatic Configuration Update With Dhcp Option149................................................................................................................................................................
Possible Scenarios For Updating The Configuration File150................................................................................................................................................................
Log Messages151................................................................................................................................................................
Interface Access: Console/serial Link, Web, And Inbound Telnet154................................................................................................................................................................
Menu: Modifying The Interface Access155................................................................................................................................................................
Cli: Modifying The Interface Access156................................................................................................................................................................
Sessions162................................................................................................................................................................
System Information163................................................................................................................................................................
Menu: Viewing And Configuring System Information164................................................................................................................................................................
Cli: Viewing And Configuring System Information165................................................................................................................................................................
Web: Configuring System Parameters170................................................................................................................................................................
Ip Configuration172................................................................................................................................................................
Just Want A Quick Start With Ip Addressing?173................................................................................................................................................................
Just Want A Quick Start With Ip Addressing173................................................................................................................................................................
Ip Addressing With Multiple Vlans174................................................................................................................................................................
Menu: Configuring Ip Address, Gateway, And Time-to-live (ttl)175................................................................................................................................................................
Cli: Configuring Ip Address, Gateway, And Time-to-live (ttl)176................................................................................................................................................................
Web: Configuring Ip Addressing180................................................................................................................................................................
How Ip Addressing Affects Switch Operation181................................................................................................................................................................
Dhcp/bootp Operation182................................................................................................................................................................
Network Preparations For Configuring Dhcp/bootp184................................................................................................................................................................
Ip Preserve: Retaining Vlan-1 Ip Addressing Across Configuration File Downloads186................................................................................................................................................................
Operating Rules For Ip Preserve186................................................................................................................................................................
Enabling Ip Preserve187................................................................................................................................................................
Timep Time Synchronization191................................................................................................................................................................
Sntp Time Synchronization191................................................................................................................................................................
Protocol Operation192................................................................................................................................................................
General Steps For Running A Time Protocol On The Switch:192................................................................................................................................................................
Disabling Time Synchronization192................................................................................................................................................................
Sntp: Viewing, Selecting, And Configuring193................................................................................................................................................................
Menu: Viewing And Configuring Sntp194................................................................................................................................................................
Cli: Viewing And Configuring Sntp197................................................................................................................................................................
Viewing The Current Sntp Configuration197................................................................................................................................................................
Configuring (enabling Or Disabling) The Sntp Mode199................................................................................................................................................................
Timep: Viewing, Selecting, And Configuring205................................................................................................................................................................
Menu: Viewing And Configuring Timep206................................................................................................................................................................
Cli: Viewing And Configuring Timep207................................................................................................................................................................
Viewing The Current Timep Configuration208................................................................................................................................................................
Configuring (enabling Or Disabling) The Timep Mode209................................................................................................................................................................
Sntp Unicast Time Polling With Multiple Sntp Servers214................................................................................................................................................................
Displaying All Sntp Server Addresses Configured On The Switch214................................................................................................................................................................
Adding And Deleting Sntp Server Addresses215................................................................................................................................................................
Configured215................................................................................................................................................................
Sntp Messages In The Event Log215................................................................................................................................................................
Viewing Port Status And Configuring Port Parameters218................................................................................................................................................................
Menu: Port Configuration221................................................................................................................................................................
Cli: Viewing Port Status And Configuring Port Parameters223................................................................................................................................................................
Viewing Port Status And Configuration223................................................................................................................................................................
Customizing The Show Interfaces Command225................................................................................................................................................................
Error Messages227................................................................................................................................................................
Command228................................................................................................................................................................
Viewing Port Utilization Statistics228................................................................................................................................................................
Viewing Transceiver Status229................................................................................................................................................................
Enabling Or Disabling Ports And Configuring Port Mode230................................................................................................................................................................
Enabling Or Disabling Flow Control232................................................................................................................................................................
Configuring A Broadcast Limit On The Switch233................................................................................................................................................................
Configuring Procurve Auto-mdix234................................................................................................................................................................
Web: Viewing Port Status And Configuring Port Parameters237................................................................................................................................................................
Using Friendly (optional) Port Names238................................................................................................................................................................
Configuring And Operating Rules For Friendly Port Names238................................................................................................................................................................
Configuring Friendly Port Names239................................................................................................................................................................
Displaying Friendly Port Names With Other Port Data240................................................................................................................................................................
Been Inserted244................................................................................................................................................................
Transceivers244................................................................................................................................................................
Modules244................................................................................................................................................................
Clearing The Module Configuration244................................................................................................................................................................
Uni-directional Link Detection (udld)246................................................................................................................................................................
Configuring Udld247................................................................................................................................................................
Enabling Udld248................................................................................................................................................................
Changing The Keepalive Interval249................................................................................................................................................................
Changing The Keepalive Retries249................................................................................................................................................................
Configuring Udld For Tagged Ports249................................................................................................................................................................
Viewing Udld Information250................................................................................................................................................................
Configuration Warnings And Event Log Messages252................................................................................................................................................................
Port Trunk Features And Operation256................................................................................................................................................................
Trunk Configuration Methods256................................................................................................................................................................
Menu: Viewing And Configuring A Static Trunk Group261................................................................................................................................................................
Cli: Viewing And Configuring Port Trunk Groups263................................................................................................................................................................
Using The Cli To View Port Trunks263................................................................................................................................................................
Using The Cli To Configure A Static Or Dynamic Trunk Group266................................................................................................................................................................
Web: Viewing Existing Port Trunk Groups269................................................................................................................................................................
Trunk Group Operation Using Lacp270................................................................................................................................................................
Default Port Operation273................................................................................................................................................................
Lacp Notes And Restrictions274................................................................................................................................................................
Trunk Group Operation Using The "trunk" Option278................................................................................................................................................................
How The Switch Lists Trunk Data279................................................................................................................................................................
Outbound Traffic Distribution Across Trunked Links279................................................................................................................................................................
Jumbo Frames283................................................................................................................................................................
Terminology283................................................................................................................................................................
Operating Rules284................................................................................................................................................................
Configuring Jumbo Frame Operation285................................................................................................................................................................
Viewing The Current Jumbo Configuration286................................................................................................................................................................
Enabling Or Disabling Jumbo Traffic On A Vlan288................................................................................................................................................................
Configuring A Maximum Frame Size288................................................................................................................................................................
Snmp Implementation288................................................................................................................................................................
Displaying The Maximum Frame Size289................................................................................................................................................................
Operating Notes For Maximum Frame Size289................................................................................................................................................................
Operating Notes For Jumbo Traffic-handling290................................................................................................................................................................
Troubleshooting292................................................................................................................................................................
Using Snmp Tools To Manage The Switch295................................................................................................................................................................
Snmp Management Features297................................................................................................................................................................
Configuring For Snmp Version 1 And 2c Access To The Switch297................................................................................................................................................................
Configuring For Snmp Version 3 Access To The Switch298................................................................................................................................................................
Snmp Version 3 Commands299................................................................................................................................................................
Enabling Snmpv3300................................................................................................................................................................
Snmpv3 Users300................................................................................................................................................................
Enabling Snmpv300................................................................................................................................................................
Group Access Levels304................................................................................................................................................................
Snmpv3 Communities304................................................................................................................................................................
Communities306................................................................................................................................................................
Cli: Viewing And Configuring Snmp Community Names308................................................................................................................................................................
Snmp Notifications310................................................................................................................................................................
Supported Notifications310................................................................................................................................................................
General Steps For Configuring Snmp Notifications311................................................................................................................................................................
Snmpv1 And Snmpv2c Traps312................................................................................................................................................................
Configuring An Snmp Trap Receiver312................................................................................................................................................................
Enabling Snmpv2c Informs314................................................................................................................................................................
Configuring Snmpv3 Notifications316................................................................................................................................................................
Managing Network Security Notifications319................................................................................................................................................................
Enabling Link-change Traps321................................................................................................................................................................
Configuring The Source Ip Address For Snmp Notifications322................................................................................................................................................................
Displaying Snmp Notification Configuration324................................................................................................................................................................
Configuring Listening Mode326................................................................................................................................................................
Advanced Management: Rmon327................................................................................................................................................................
Lldp (link-layer Discovery Protocol)328................................................................................................................................................................
General Lldp Operation331................................................................................................................................................................
Lldp-med331................................................................................................................................................................
Packet Boundaries In A Network Topology331................................................................................................................................................................
Configuration Options332................................................................................................................................................................
Options For Reading Lldp Information Collected By The Switch334................................................................................................................................................................
Lldp And Lldp-med Standards Compatibility334................................................................................................................................................................
Lldp Operating Rules335................................................................................................................................................................
Configuring Lldp Operation336................................................................................................................................................................
Viewing The Current Configuration336................................................................................................................................................................
Configuring Global Lldp Packet Controls338................................................................................................................................................................
Configuring Snmp Notification Support342................................................................................................................................................................
Configuring Per-port Transmit And Receive Modes343................................................................................................................................................................
Configuring Basic Lldp Per-port Advertisement Content344................................................................................................................................................................
Advertisements346................................................................................................................................................................
Lldp-med (media-endpoint-discovery)347................................................................................................................................................................
Lldp-med Topology Change Notification350................................................................................................................................................................
Lldp-med Fast Start Control352................................................................................................................................................................
And Location Data352................................................................................................................................................................
Configuring Location Data For Lldp-med Devices355................................................................................................................................................................
Displaying Advertisement Data360................................................................................................................................................................
Displaying Lldp Statistics365................................................................................................................................................................
Lldp Operating Notes367................................................................................................................................................................
Lldp And Cdp Data Management369................................................................................................................................................................
Lldp And Cdp Neighbor Data369................................................................................................................................................................
Cdp Operation And Commands371................................................................................................................................................................
Downloading Switch Software377................................................................................................................................................................
General Software Download Rules378................................................................................................................................................................
Using Tftp To Download Software From A Server378................................................................................................................................................................
Menu: Tftp Download From A Server To Primary Flash379................................................................................................................................................................
Cli: Tftp Download From A Server To Flash381................................................................................................................................................................
Enabling Tftp383................................................................................................................................................................
Using Auto-tftp385................................................................................................................................................................
Using Secure Copy And Sftp386................................................................................................................................................................
How It Works387................................................................................................................................................................
The Scp/sftp Process387................................................................................................................................................................
Disable Tftp And Auto-tftp For Enhanced Security388................................................................................................................................................................
Command Options389................................................................................................................................................................
Authentication390................................................................................................................................................................
Scp/sftp Operating Notes390................................................................................................................................................................
Troubleshooting Ssh, Sftp, And Scp Operations392................................................................................................................................................................
Workstation393................................................................................................................................................................
Menu: Xmodem Download To Primary Flash394................................................................................................................................................................
Primary Or Secondary Flash395................................................................................................................................................................
Switch-to-switch Download396................................................................................................................................................................
Menu: Switch-to-switch Download To Primary Flash396................................................................................................................................................................
Cli: Switch-to-switch Downloads397................................................................................................................................................................
Using Pcm+ To Update Switch Software398................................................................................................................................................................
Copying Software Images399................................................................................................................................................................
Tftp: Copying A Software Image To A Remote Host399................................................................................................................................................................
Xmodem: Copying A Software Image From The Switch To A Usb Serial Console Connected Pc Or Unix Workstation399................................................................................................................................................................
Transferring Switch Configurations400................................................................................................................................................................
Tftp: Copying A Customized Command File To A Switch401................................................................................................................................................................
Xmodem: Copying A Configuration File To A Usb Serial Console Connected Pc Or Unix Workstation402................................................................................................................................................................
Xmodem: Copying A Configuration File From A Serially Connected Pc Or Unix Workstation403................................................................................................................................................................
Copying Diagnostic Data To A Remote Host, Usb Device, Pc Or Unix Workstation404................................................................................................................................................................
Copying Command Output To A Destination Device405................................................................................................................................................................
Copying Event Log Output To A Destination Device405................................................................................................................................................................
Copying Crash Data Content To A Destination Device406................................................................................................................................................................
Copying Crash Log Data Content To A Destination Device407................................................................................................................................................................
Status And Counters Data411................................................................................................................................................................
Menu Access To Status And Counters412................................................................................................................................................................
General System Information413................................................................................................................................................................
Menu Access413................................................................................................................................................................
Cli Access To System Information414................................................................................................................................................................
Task Monitor—collecting Processor Data415................................................................................................................................................................
Switch Management Address Information415................................................................................................................................................................
Cli Access416................................................................................................................................................................
Menu: Displaying Port Status417................................................................................................................................................................
Web Access417................................................................................................................................................................
Viewing Port And Trunk Group Statistics And Flow Control Status418................................................................................................................................................................
Menu Access To Port And Trunk Statistics419................................................................................................................................................................
Cli Access To Port And Trunk Group Statistics420................................................................................................................................................................
Web Browser Access To View Port And Trunk Group Statistics420................................................................................................................................................................
Viewing The Switch's Mac Address Tables421................................................................................................................................................................
Menu Access To The Mac Address Views And Searches421................................................................................................................................................................
Cli Access For Mac Address Views And Searches424................................................................................................................................................................
Spanning Tree Protocol (mstp) Information425................................................................................................................................................................
Cli Access To Mstp Data425................................................................................................................................................................
Internet Group Management Protocol (igmp) Status426................................................................................................................................................................
Vlan Information427................................................................................................................................................................
Web Browser Interface Status Information429................................................................................................................................................................
Traffic Mirroring430................................................................................................................................................................
Mirroring Terminology431................................................................................................................................................................
Mirrored Traffic Destinations433................................................................................................................................................................
Local Destinations433................................................................................................................................................................
Monitored Traffic Sources433................................................................................................................................................................
Criteria For Selecting Mirrored Traffic433................................................................................................................................................................
Mirroring Sessions433................................................................................................................................................................
Mirroring Configuration434................................................................................................................................................................
Endpoint Switches And Intermediate Devices435................................................................................................................................................................
Using The Menu Or Web Interface To Configure Local Mirroring436................................................................................................................................................................
Menu And Web Interface Limits436................................................................................................................................................................
Configuration Steps437................................................................................................................................................................
Cli: Configuring Local Mirroring440................................................................................................................................................................
Local Mirroring Overview440................................................................................................................................................................
Determine The Mirroring Session And Destination442................................................................................................................................................................
Configure A Mirroring Session On The Source Switch442................................................................................................................................................................
Configure The Monitored Traffic In A Mirror Session442................................................................................................................................................................
Traffic Selection Options443................................................................................................................................................................
Mirroring-source Restrictions443................................................................................................................................................................
Selecting All Inbound/outbound Traffic To Mirror443................................................................................................................................................................
Displaying A Mirroring Configuration445................................................................................................................................................................
Displaying The Mirroring Configuration Summary445................................................................................................................................................................
Viewing Mirroring In The Current Configuration File447................................................................................................................................................................
Mirroring Configuration Examples448................................................................................................................................................................
Local Mirroring Using Traffic-direction Criteria448................................................................................................................................................................
Maximum Supported Frame Size449................................................................................................................................................................
Enabling Jumbo Frames To Increase Mirroring Path Mtu450................................................................................................................................................................
Untagged, Mirrored Traffic451................................................................................................................................................................
Troubleshooting Mirroring454................................................................................................................................................................
Troubleshooting Approaches459................................................................................................................................................................
Browser Or Telnet Access Problems461................................................................................................................................................................
Unusual Network Activity463................................................................................................................................................................
General Problems463................................................................................................................................................................
Q Prioritization Problems464................................................................................................................................................................
Igmp-related Problems464................................................................................................................................................................
Lacp-related Problems465................................................................................................................................................................
Port-based Access Control (802.1x)-related Problems465................................................................................................................................................................
Qos-related Problems468................................................................................................................................................................
Radius-related Problems469................................................................................................................................................................
Spanning-tree Protocol (mstp) And Fast-uplink Problems470................................................................................................................................................................
Ssh-related Problems471................................................................................................................................................................
Tacacs-related Problems473................................................................................................................................................................
Timep, Sntp, Or Gateway Problems475................................................................................................................................................................
Vlan-related Problems475................................................................................................................................................................
Using The Event Log For Troubleshooting Switch Problems478................................................................................................................................................................
Event Log Entries478................................................................................................................................................................
Menu: Displaying And Navigating In The Event Log485................................................................................................................................................................
Cli: Displaying The Event Log486................................................................................................................................................................
Cli: Clearing Event Log Entries486................................................................................................................................................................
Cli: Turning Event Numbering On487................................................................................................................................................................
Event Log And Snmp Messages487................................................................................................................................................................
Log Throttle Periods488................................................................................................................................................................
Example Of Log Throttling488................................................................................................................................................................
Example Of Event Counter Operation490................................................................................................................................................................
Debug/syslog Operation491................................................................................................................................................................
Debug/syslog Messaging491................................................................................................................................................................
Debug/syslog Destination Devices491................................................................................................................................................................
Debug/syslog Configuration Commands492................................................................................................................................................................
Configuring Debug/syslog Operation493................................................................................................................................................................
Displaying A Debug/syslog Configuration495................................................................................................................................................................
Debug Command499................................................................................................................................................................
Debug Messages499................................................................................................................................................................
Debug Destinations501................................................................................................................................................................
Logging Command502................................................................................................................................................................
Configuring A Syslog Server503................................................................................................................................................................
Adding A Description For A Syslog Server505................................................................................................................................................................
Adding A Priority Description506................................................................................................................................................................
Sent To A Syslog Server507................................................................................................................................................................
Messages Sent To A Syslog Server508................................................................................................................................................................
Operating Notes For Debug And Syslog508................................................................................................................................................................
Diagnostic Tools510................................................................................................................................................................
Port Auto-negotiation511................................................................................................................................................................
Ping And Link Tests511................................................................................................................................................................
Web: Executing Ping Or Link Tests512................................................................................................................................................................
Cli: Ping Test513................................................................................................................................................................
Link Tests514................................................................................................................................................................
Traceroute Command515................................................................................................................................................................
Viewing Switch Configuration And Operation519................................................................................................................................................................
Cli: Viewing The Startup Or Running Configuration File519................................................................................................................................................................
Web: Viewing The Configuration File519................................................................................................................................................................
Cli: Viewing A Summary Of Switch Operational Data519................................................................................................................................................................
Saving Show Tech Command Output To A Text File521................................................................................................................................................................
Customizing Show Tech Command Output522................................................................................................................................................................
Cli: Viewing More Information On Switch Operation525................................................................................................................................................................
Pattern Matching When Using The Show Command526................................................................................................................................................................
Cli: Useful Commands For Troubleshooting Sessions529................................................................................................................................................................
Restoring The Factory-default Configuration530................................................................................................................................................................
Cli: Resetting To The Factory-default Configuration530................................................................................................................................................................
Clear/reset: Resetting To The Factory-default Configuration530................................................................................................................................................................
Restoring A Flash Image531................................................................................................................................................................
Dns Resolver533................................................................................................................................................................
Basic Operation534................................................................................................................................................................
Dns-compatible Commands535................................................................................................................................................................
Configuring A Dns Entry536................................................................................................................................................................
Example Using Dns Names With Ping And Traceroute537................................................................................................................................................................
Viewing The Current Dns Configuration539................................................................................................................................................................
Event Log Messages541................................................................................................................................................................
Determining Mac Addresses544................................................................................................................................................................
Menu: Viewing The Switch's Mac Addresses545................................................................................................................................................................
Cli: Viewing The Port And Vlan Mac Addresses546................................................................................................................................................................
Viewing The Mac Addresses Of Connected Devices548................................................................................................................................................................
Viewing Information On Resource Usage550................................................................................................................................................................
Policy Enforcement Engine550................................................................................................................................................................
When Insufficient Resources Are Available551................................................................................................................................................................
Concepts556................................................................................................................................................................
Example559................................................................................................................................................................
Oobm And Switch Applications560................................................................................................................................................................
Tasks561................................................................................................................................................................
Oobm Configuration561................................................................................................................................................................
Oobm Context561................................................................................................................................................................
Oobm Enable/disable562................................................................................................................................................................
Oobm Port Enable/disable563................................................................................................................................................................
Oobm Ipv4 Address Configuration564................................................................................................................................................................
Oobm Ipv4 Default Gateway Configuration564................................................................................................................................................................
Oobm Show Commands565................................................................................................................................................................
Show Oobm565................................................................................................................................................................
Show Oobm Ip Configuration566................................................................................................................................................................
Show Oobm Arp Information566................................................................................................................................................................
Application Server Commands567................................................................................................................................................................
Application Client Commands569................................................................................................................................................................

Advertising

HP ProCurve 6120G/XG Manual

HP ProCurve 6120G/XG Manual (469 pages)

HP ProCurve Series 6120 Blade Switches Access Security Guide  
Brand: HP | Category: Server | Size: 2.27 MB
Table of contents
Table Of Contents4................................................................................................................................................................
Security Overview4................................................................................................................................................................
Configuring Username And Password Security5................................................................................................................................................................
Web And Mac Authentication6................................................................................................................................................................
Tacacs+ Authentication7................................................................................................................................................................
Configuring Secure Shell (ssh)9................................................................................................................................................................
Configuring Secure Socket Layer (ssl)10................................................................................................................................................................
Configuring Advanced Threat Protection10................................................................................................................................................................
Traffic/security Filters And Monitors12................................................................................................................................................................
Configuring Port-based And12................................................................................................................................................................
User-based Access Control (802.1x)12................................................................................................................................................................
Configuring And Monitoring Port Security14................................................................................................................................................................
Using Authorized Ip Managers15................................................................................................................................................................
Product Documentation18................................................................................................................................................................
Contents23................................................................................................................................................................
Introduction24................................................................................................................................................................
About This Guide24................................................................................................................................................................
For More Information24................................................................................................................................................................
Access Security Features25................................................................................................................................................................
Network Security Features29................................................................................................................................................................
Getting Started With Access Security31................................................................................................................................................................
Physical Security31................................................................................................................................................................
Quick Start: Using The Management Interface Wizard32................................................................................................................................................................
Cli: Management Interface Wizard32................................................................................................................................................................
Web: Management Interface Wizard34................................................................................................................................................................
Snmp Security Guidelines37................................................................................................................................................................
Precedence Of Security Options39................................................................................................................................................................
Precedence Of Port-based Security Options39................................................................................................................................................................
Dynamic Configuration Arbiter39................................................................................................................................................................
Network Immunity Manager40................................................................................................................................................................
Arbitrating Client-specific Attributes41................................................................................................................................................................
Procurve Identity-driven Manager (idm)43................................................................................................................................................................
Overview46................................................................................................................................................................
Configuring Local Password Security49................................................................................................................................................................
Menu: Setting Passwords49................................................................................................................................................................
Cli: Setting Passwords And Usernames51................................................................................................................................................................
Web: Setting Passwords And Usernames52................................................................................................................................................................
Snmp: Setting Passwords And Usernames52................................................................................................................................................................
Saving Security Credentials In A Config File53................................................................................................................................................................
Benefits Of Saving Security Credentials53................................................................................................................................................................
Enabling The Storage And Display Of Security Credentials54................................................................................................................................................................
Security Settings That Can Be Saved54................................................................................................................................................................
Local Manager And Operator Passwords55................................................................................................................................................................
Password Command Options55................................................................................................................................................................
Snmp Security Credentials56................................................................................................................................................................
X Port-access Credentials57................................................................................................................................................................
Tacacs+ Encryption Key Authentication58................................................................................................................................................................
Radius Shared-secret Key Authentication58................................................................................................................................................................
Ssh Client Public-key Authentication59................................................................................................................................................................
Operating Notes62................................................................................................................................................................
Restrictions64................................................................................................................................................................
Front-panel Security66................................................................................................................................................................
When Security Is Important66................................................................................................................................................................
Front-panel Button Functions67................................................................................................................................................................
Clear Button68................................................................................................................................................................
Reset Button68................................................................................................................................................................
Restoring The Factory Default Configuration68................................................................................................................................................................
Configuring Front-panel Security70................................................................................................................................................................
Disabling The Clear Password Function Of The Clear Button72................................................................................................................................................................
Re-enabling The Clear Button And Setting Or Changing The "reset-on-clear" Operation73................................................................................................................................................................
Changing The Operation Of The Reset+clear Combination74................................................................................................................................................................
Password Recovery75................................................................................................................................................................
Disabling Or Re-enabling The Password Recovery Process75................................................................................................................................................................
Password Recovery Process77................................................................................................................................................................
Web Authentication80................................................................................................................................................................
Mac Authentication81................................................................................................................................................................
Concurrent Web And Mac Authentication81................................................................................................................................................................
Authorized And Unauthorized Client Vlans82................................................................................................................................................................
Radius-based Authentication83................................................................................................................................................................
Wireless Clients83................................................................................................................................................................
How Web And Mac Authentication Operate83................................................................................................................................................................
Web-based Authentication84................................................................................................................................................................
Mac-based Authentication86................................................................................................................................................................
Terminology88................................................................................................................................................................
Operating Rules And Notes89................................................................................................................................................................
Setup Procedure For Web/mac Authentication91................................................................................................................................................................
Before You Configure Web/mac Authentication91................................................................................................................................................................
Configuring The Radius Server To Support Mac Authentication93................................................................................................................................................................
Configuring The Switch To Access A Radius Server94................................................................................................................................................................
Configuring Web Authentication97................................................................................................................................................................
Configuration Commands For Web Authentication98................................................................................................................................................................
Show Commands For Web Authentication105................................................................................................................................................................
Customizing Web Authentication Html Files (optional)111................................................................................................................................................................
Implementing Customized Web-auth Pages111................................................................................................................................................................
Operating Notes And Guidelines111................................................................................................................................................................
Customizing Html Templates112................................................................................................................................................................
Customizable Html Templates113................................................................................................................................................................
Configuring Mac Authentication On The Switch127................................................................................................................................................................
Configuration Commands For Mac Authentication128................................................................................................................................................................
Show Commands For Mac-based Authentication131................................................................................................................................................................
Client Status137................................................................................................................................................................
Terminology Used In Tacacs Applications:140................................................................................................................................................................
Terminology Used In Tacacs Applications140................................................................................................................................................................
General System Requirements142................................................................................................................................................................
General Authentication Setup Procedure142................................................................................................................................................................
Configuring Tacacs+ On The Switch145................................................................................................................................................................
Before You Begin145................................................................................................................................................................
Cli Commands Described In This Section146................................................................................................................................................................
Viewing The Switch's Current Authentication Configuration146................................................................................................................................................................
Server Contact Configuration147................................................................................................................................................................
Configuring The Switch's Authentication Methods148................................................................................................................................................................
Using The Privilege-mode Option For Login148................................................................................................................................................................
Authentication Parameters149................................................................................................................................................................
Configuring The Tacacs+ Server For Single Login150................................................................................................................................................................
Configuring The Switch's Tacacs+ Server Access155................................................................................................................................................................
How Authentication Operates161................................................................................................................................................................
General Authentication Process Using A Tacacs+ Server161................................................................................................................................................................
Local Authentication Process163................................................................................................................................................................
Using The Encryption Key164................................................................................................................................................................
General Operation164................................................................................................................................................................
Encryption Options In The Switch164................................................................................................................................................................
Controlling Web Browser Interface Access When Using Tacacs+ Authentication165................................................................................................................................................................
Messages Related To Tacacs+ Operation166................................................................................................................................................................
Authentication Services170................................................................................................................................................................
Accounting Services171................................................................................................................................................................
Radius-administered Cos And Rate-limiting171................................................................................................................................................................
Radiuis-administered Commands Authorization171................................................................................................................................................................
Snmp Access To The Switch's Authentication Configuration Mib171................................................................................................................................................................
Switch Operating Rules For Radius173................................................................................................................................................................
General Radius Setup Procedure174................................................................................................................................................................
Configuring The Switch For Radius Authentication175................................................................................................................................................................
Outline Of The Steps For Configuring Radius Authentication176................................................................................................................................................................
You Want Radius To Protect177................................................................................................................................................................
Configure Authentication For The Access Methods177................................................................................................................................................................
Enable The (optional) Access Privilege Option180................................................................................................................................................................
Configure The Switch To Access A Radius Server181................................................................................................................................................................
Configure The Switch's Global Radius Parameters184................................................................................................................................................................
Switch Authentication Features188................................................................................................................................................................
Changing And Viewing The Snmp Access Configuration189................................................................................................................................................................
Controlling Web Browser Interface Access192................................................................................................................................................................
Commands Authorization193................................................................................................................................................................
Enabling Authorization194................................................................................................................................................................
Displaying Authorization Information195................................................................................................................................................................
Configuring Commands Authorization On A Radius Server195................................................................................................................................................................
Using Vendor Specific Attributes (vsas)195................................................................................................................................................................
Example Configuration On Cisco Secure Acs For Ms Windows197................................................................................................................................................................
Example Configuration Using Freeradius199................................................................................................................................................................
Vlan Assignment In An Authentication Session201................................................................................................................................................................
Tagged And Untagged Vlan Attributes202................................................................................................................................................................
Additional Radius Attributes203................................................................................................................................................................
Configuring Radius Accounting204................................................................................................................................................................
Operating Rules For Radius Accounting206................................................................................................................................................................
Steps For Configuring Radius Accounting206................................................................................................................................................................
Sending Reports To The Radius Server209................................................................................................................................................................
Configure Accounting Types And The Controls For209................................................................................................................................................................
Interim Updating Options211................................................................................................................................................................
Viewing Radius Statistics213................................................................................................................................................................
General Radius Statistics213................................................................................................................................................................
Radius Authentication Statistics215................................................................................................................................................................
Radius Accounting Statistics216................................................................................................................................................................
Changing Radius-server Access Order217................................................................................................................................................................
Messages Related To Radius Operation220................................................................................................................................................................
Prerequisite For Using Ssh225................................................................................................................................................................
Public Key Formats225................................................................................................................................................................
For Switch And Client Authentication226................................................................................................................................................................
General Operating Rules And Notes228................................................................................................................................................................
Configuring The Switch For Ssh Operation229................................................................................................................................................................
Enable (manager) Password230................................................................................................................................................................
Generating The Switch's Public And Private Key Pair230................................................................................................................................................................
Configuring Key Lengths233................................................................................................................................................................
Providing The Switch's Public Key To Clients233................................................................................................................................................................
Client Contact Behavior235................................................................................................................................................................
Enabling Ssh On The Switch And Anticipating Ssh235................................................................................................................................................................
Configuring The Switch For Ssh Authentication240................................................................................................................................................................
Use An Ssh Client To Access The Switch244................................................................................................................................................................
Further Information On Ssh Client Public-key Authentication244................................................................................................................................................................
Messages Related To Ssh Operation250................................................................................................................................................................
Logging Messages251................................................................................................................................................................
Debug Logging252................................................................................................................................................................
Prerequisite For Using Ssl257................................................................................................................................................................
Authentication257................................................................................................................................................................
Configuring The Switch For Ssl Operation259................................................................................................................................................................
Enabling (manager) Password259................................................................................................................................................................
Generating The Switch's Server Host Certificate260................................................................................................................................................................
With The Cli261................................................................................................................................................................
Comments On Certificate Fields262................................................................................................................................................................
Interface264................................................................................................................................................................
Web Browser Interface267................................................................................................................................................................
Browser Contact Behavior269................................................................................................................................................................
Enabling Ssl On The Switch And Anticipating Ssl269................................................................................................................................................................
Using The Cli Interface To Enable Ssl271................................................................................................................................................................
Using The Web Browser Interface To Enable Ssl271................................................................................................................................................................
Common Errors In Ssl Setup273................................................................................................................................................................
Dhcp Snooping277................................................................................................................................................................
Enabling Dhcp Snooping278................................................................................................................................................................
Enabling Dhcp Snooping On Vlans280................................................................................................................................................................
Configuring Dhcp Snooping Trusted Ports281................................................................................................................................................................
Configuring Authorized Server Addresses282................................................................................................................................................................
Using Dhcp Snooping With Option 82282................................................................................................................................................................
Using Dhcp Snooping With Option282................................................................................................................................................................
Changing The Remote-id From A Mac To An Ip Address284................................................................................................................................................................
Disabling The Mac Address Check284................................................................................................................................................................
The Dhcp Binding Database285................................................................................................................................................................
Operational Notes286................................................................................................................................................................
Log Messages287................................................................................................................................................................
Dynamic Arp Protection289................................................................................................................................................................
Enabling Dynamic Arp Protection291................................................................................................................................................................
Configuring Trusted Ports291................................................................................................................................................................
Adding An Ip-to-mac Binding To The Dhcp Database293................................................................................................................................................................
Configuring Additional Validation Checks On Arp Packets294................................................................................................................................................................
Verifying The Configuration Of Dynamic Arp Protection294................................................................................................................................................................
Displaying Arp Packet Statistics295................................................................................................................................................................
Monitoring Dynamic Arp Protection296................................................................................................................................................................
Dynamic Ip Lockdown296................................................................................................................................................................
Protection Against Ip Source Address Spoofing297................................................................................................................................................................
Prerequisite: Dhcp Snooping297................................................................................................................................................................
Filtering Ip And Mac Addresses Per-port And Per-vlan298................................................................................................................................................................
Enabling Dynamic Ip Lockdown299................................................................................................................................................................
Adding An Ip-to-mac Binding To The Dhcp Binding Database301................................................................................................................................................................
Potential Issues With Bindings301................................................................................................................................................................
Adding A Static Binding302................................................................................................................................................................
Verifying The Dynamic Ip Lockdown Configuration302................................................................................................................................................................
Displaying The Static Configuration Of Ip-to-mac Bindings303................................................................................................................................................................
Debugging Dynamic Ip Lockdown304................................................................................................................................................................
Using The Instrumentation Monitor306................................................................................................................................................................
Configuring Instrumentation Monitor308................................................................................................................................................................
Examples309................................................................................................................................................................
Viewing The Current Instrumentation Monitor Configuration310................................................................................................................................................................
Filter Limits312................................................................................................................................................................
Using Port Trunks With Filters312................................................................................................................................................................
Filter Types And Operation313................................................................................................................................................................
Source-port Filters314................................................................................................................................................................
Operating Rules For Source-port Filters314................................................................................................................................................................
Example315................................................................................................................................................................
Named Source-port Filters316................................................................................................................................................................
Operating Rules For Named Source-port Filters316................................................................................................................................................................
Defining And Configuring Named Source-port Filters317................................................................................................................................................................
Viewing A Named Source-port Filter318................................................................................................................................................................
Using Named Source-port Filters319................................................................................................................................................................
Configuring Traffic/security Filters325................................................................................................................................................................
Configuring A Source-port Traffic Filter326................................................................................................................................................................
Example Of Creating A Source-port Filter327................................................................................................................................................................
Configuring A Filter On A Port Trunk327................................................................................................................................................................
Editing A Source-port Filter328................................................................................................................................................................
Filter Indexing329................................................................................................................................................................
Displaying Traffic/security Filters330................................................................................................................................................................
Why Use Port-based Or User-based Access Control?333................................................................................................................................................................
General Features333................................................................................................................................................................
Why Use Port-based Or User-based Access Control333................................................................................................................................................................
User Authentication Methods334................................................................................................................................................................
X User-based Access Control334................................................................................................................................................................
X Port-based Access Control335................................................................................................................................................................
Alternative To Using A Radius Server336................................................................................................................................................................
Accounting336................................................................................................................................................................
General 802.1x Authenticator Operation339................................................................................................................................................................
Example Of The Authentication Process339................................................................................................................................................................
Vlan Membership Priority340................................................................................................................................................................
General Setup Procedure For 802.1x Access Control344................................................................................................................................................................
Do These Steps Before You Configure 802.1x Operation344................................................................................................................................................................
Overview: Configuring 802.1x Authentication On The Switch347................................................................................................................................................................
Configuring Switch Ports As 802.1x Authenticators348................................................................................................................................................................
Enable 802.1x Authentication On Selected Ports349................................................................................................................................................................
A. Enable The Selected Ports As Authenticators And Enable The (default) Port-based Authentication349................................................................................................................................................................
Example: Configuring User-based 802.1x Authentication351................................................................................................................................................................
Example: Configuring Port-based 802.1x Authentication351................................................................................................................................................................
Reconfigure Settings For Port-access351................................................................................................................................................................
Configure The 802.1x Authentication Method354................................................................................................................................................................
Enter The Radius Host Ip Address(es)355................................................................................................................................................................
Enable 802.1x Authentication On The Switch355................................................................................................................................................................
Optional: Reset Authenticator Operation356................................................................................................................................................................
Optional: Configure 802.1x Controlled Directions356................................................................................................................................................................
Wake-on-lan Traffic357................................................................................................................................................................
Example: Configuring 802.1x Controlled Directions358................................................................................................................................................................
X Open Vlan Mode359................................................................................................................................................................
Vlan Membership Priorities360................................................................................................................................................................
Use Models For 802.1x Open Vlan Modes361................................................................................................................................................................
Unauthorized-client Vlans366................................................................................................................................................................
Setting Up And Configuring 802.1x Open Vlan Mode370................................................................................................................................................................
X Open Vlan Operating Notes374................................................................................................................................................................
Option For Authenticator Ports: Configure Port-security To Allow Only 802.1x-authenticated Devices375................................................................................................................................................................
Option For Authenticator Ports: Configure Port-security375................................................................................................................................................................
To Allow Only 802.1x-authenticated Devices375................................................................................................................................................................
Port-security376................................................................................................................................................................
Connections To Other Switches377................................................................................................................................................................
Supplicant Port Configuration379................................................................................................................................................................
Displaying 802.1x Configuration, Statistics, And Counters381................................................................................................................................................................
Show Commands For Port-access Authenticator381................................................................................................................................................................
Viewing 802.1x Open Vlan Mode Status390................................................................................................................................................................
Show Commands For Port-access Supplicant394................................................................................................................................................................
How Radius/802.1x Authentication Affects Vlan Operation395................................................................................................................................................................
Vlan Assignment On A Port396................................................................................................................................................................
Authentication Session398................................................................................................................................................................
In Authentication Sessions401................................................................................................................................................................
Messages Related To 802.1x Operation403................................................................................................................................................................
Port Security407................................................................................................................................................................
Basic Operation407................................................................................................................................................................
Eavesdrop Protection408................................................................................................................................................................
Blocking Unauthorized Traffic408................................................................................................................................................................
Trunk Group Exclusion409................................................................................................................................................................
Planning Port Security410................................................................................................................................................................
Port Security Command Options And Operation411................................................................................................................................................................
Port Security Display Options411................................................................................................................................................................
Configuring Port Security415................................................................................................................................................................
Retention Of Static Addresses420................................................................................................................................................................
Mac Lockdown425................................................................................................................................................................
Differences Between Mac Lockdown And Port Security427................................................................................................................................................................
Mac Lockdown Operating Notes428................................................................................................................................................................
Deploying Mac Lockdown429................................................................................................................................................................
Mac Lockout429................................................................................................................................................................
Port Security And Mac Lockout432................................................................................................................................................................
Web: Displaying And Configuring Port Security Features433................................................................................................................................................................
Reading Intrusion Alerts And Resetting Alert Flags433................................................................................................................................................................
Notice Of Security Violations433................................................................................................................................................................
How The Intrusion Log Operates434................................................................................................................................................................
Keeping The Intrusion Log Current By Resetting Alert Flags435................................................................................................................................................................
Resetting Alert Flags436................................................................................................................................................................
And Resetting Alert Flags437................................................................................................................................................................
Using The Event Log To Find Intrusion Alerts439................................................................................................................................................................
Alerts, And Resetting Alert Flags440................................................................................................................................................................
Operating Notes For Port Security441................................................................................................................................................................
Options445................................................................................................................................................................
Access Levels445................................................................................................................................................................
Defining Authorized Management Stations446................................................................................................................................................................
Overview Of Ip Mask Operation446................................................................................................................................................................
Menu: Viewing And Configuring Ip Authorized Managers447................................................................................................................................................................
Cli: Viewing And Configuring Authorized Ip Managers448................................................................................................................................................................
Listing The Switch's Current Authorized Ip Manager(s)448................................................................................................................................................................
Configuring Ip Authorized Managers For The Switch449................................................................................................................................................................
Web: Configuring Ip Authorized Managers451................................................................................................................................................................
Web Proxy Servers451................................................................................................................................................................
How To Eliminate The Web Proxy Server451................................................................................................................................................................
Web-based Help452................................................................................................................................................................
Building Ip Masks452................................................................................................................................................................
Configuring One Station Per Authorized Manager Ip Entry452................................................................................................................................................................
Using A Web Proxy Server To Access The Web Browser Interface452................................................................................................................................................................
Configuring Multiple Stations Per Authorized Manager Ip Entry453................................................................................................................................................................
Additional Examples For Authorizing Multiple Stations455................................................................................................................................................................
HP ProCurve 6120G/XG Management Manual

HP ProCurve 6120G/XG Management Manual (222 pages)

HP ProCurve Series 6120 Blade Switches Advanced Traffic Management Guide  
Brand: HP | Category: Server | Size: 1.19 MB
Table of contents
Table Of Contents4................................................................................................................................................................
Multiple Instance Spanning-tree Operation7................................................................................................................................................................
Product Documentation10................................................................................................................................................................
Contents15................................................................................................................................................................
Introduction16................................................................................................................................................................
Conventions16................................................................................................................................................................
Command Syntax Statements16................................................................................................................................................................
Command Prompts16................................................................................................................................................................
Screen Simulations16................................................................................................................................................................
Keys17................................................................................................................................................................
Configuration And Operation Examples18................................................................................................................................................................
Sources For More Information19................................................................................................................................................................
Getting Documentation From The Web21................................................................................................................................................................
Online Help21................................................................................................................................................................
Menu Interface21................................................................................................................................................................
Need Only A Quick Start?22................................................................................................................................................................
Ip Addressing22................................................................................................................................................................
To Set Up And Install The Switch In Your Network22................................................................................................................................................................
Physical Installation22................................................................................................................................................................
Need Only A Quick Start22................................................................................................................................................................
Command Line Interface26................................................................................................................................................................
Web Browser Interface26................................................................................................................................................................
Overview26................................................................................................................................................................
General Vlan Operation27................................................................................................................................................................
Types Of Static Vlans Available In The Switch28................................................................................................................................................................
Port-based Vlans28................................................................................................................................................................
Protocol-based Vlans28................................................................................................................................................................
Designated Vlans28................................................................................................................................................................
Terminology29................................................................................................................................................................
Static Vlan Operation30................................................................................................................................................................
Vlan Environments31................................................................................................................................................................
Vlan Operation32................................................................................................................................................................
Overlapping (tagged) Vlans33................................................................................................................................................................
Per-port Static Vlan Configuration Options35................................................................................................................................................................
Vlan Operating Rules36................................................................................................................................................................
General Steps For Using Vlans39................................................................................................................................................................
Multiple Vlan Considerations40................................................................................................................................................................
Single Forwarding Database Operation40................................................................................................................................................................
Example Of An Unsupported Configuration And How To Correct It42................................................................................................................................................................
Multiple Forwarding Database Operation43................................................................................................................................................................
Configuring Vlans44................................................................................................................................................................
Menu: Configuring Port-based Vlan Parameters44................................................................................................................................................................
To Change Vlan Support Settings45................................................................................................................................................................
Adding Or Editing Vlan Names46................................................................................................................................................................
Adding Or Changing A Vlan Port Assignment48................................................................................................................................................................
Cli: Configuring Port-based And Protocol-based Vlan Parameters50................................................................................................................................................................
Web: Viewing And Configuring Vlan Parameters62................................................................................................................................................................
Q Vlan Tagging63................................................................................................................................................................
Special Vlan Types68................................................................................................................................................................
Vlan Support And The Default Vlan68................................................................................................................................................................
The Primary Vlan68................................................................................................................................................................
The Secure Management Vlan69................................................................................................................................................................
Preparation71................................................................................................................................................................
Configuration72................................................................................................................................................................
Using Dhcp To Obtain An Ip Address73................................................................................................................................................................
Deleting The Management Vlan76................................................................................................................................................................
Operating Notes For Management Vlans76................................................................................................................................................................
Voice Vlans77................................................................................................................................................................
Operating Rules For Voice Vlans77................................................................................................................................................................
Components Of Voice Vlan Operation78................................................................................................................................................................
Voice Vlan Access Security78................................................................................................................................................................
Effect Of Vlans On Other Switch Features78................................................................................................................................................................
Spanning Tree Operation With Vlans78................................................................................................................................................................
Ip Interfaces79................................................................................................................................................................
Vlan Mac Address79................................................................................................................................................................
Port Trunks79................................................................................................................................................................
Port Monitoring79................................................................................................................................................................
Jumbo Packet Support80................................................................................................................................................................
Vlan Restrictions80................................................................................................................................................................
General Operation84................................................................................................................................................................
Per-port Options For Handling Gvrp "unknown Vlans"87................................................................................................................................................................
Per-port Options For Handling Gvrp "unknown Vlans87................................................................................................................................................................
Per-port Options For Dynamic Vlan Advertising And Joining89................................................................................................................................................................
Gvrp And Vlan Access Control91................................................................................................................................................................
Advertisements And Dynamic Joins91................................................................................................................................................................
Port-leave From A Dynamic Vlan91................................................................................................................................................................
Planning For Gvrp Operation92................................................................................................................................................................
Configuring Gvrp On A Switch93................................................................................................................................................................
Menu: Viewing And Configuring Gvrp93................................................................................................................................................................
Cli: Viewing And Configuring Gvrp94................................................................................................................................................................
Web: Viewing And Configuring Gvrp98................................................................................................................................................................
Gvrp Operating Notes98................................................................................................................................................................
S Multiple Spanning Tree Protocol (mstp)105................................................................................................................................................................
Mstp Structure106................................................................................................................................................................
How Mstp Operates108................................................................................................................................................................
Mst Regions108................................................................................................................................................................
Common Spanning Tree (cst)110................................................................................................................................................................
Mstp Operation With 802.1q Vlans111................................................................................................................................................................
Operating Rules114................................................................................................................................................................
Mstp Compatibility With Rstp Or Stp115................................................................................................................................................................
Planning An Mstp Application116................................................................................................................................................................
Configuring Mstp116................................................................................................................................................................
Mstp Configuration Overview118................................................................................................................................................................
Configuring Mstp Operation Mode And Global Settings120................................................................................................................................................................
Configuring Mstp Per-port Parameters125................................................................................................................................................................
Configuring Per Port Parameters125................................................................................................................................................................
Configuring Bpdu Filtering129................................................................................................................................................................
Configuring Bpdu Protection130................................................................................................................................................................
Configuring Mst Instance Parameters134................................................................................................................................................................
Configuring Mst Instance Per-port Parameters136................................................................................................................................................................
Enabling Or Disabling Spanning Tree Operation139................................................................................................................................................................
Enabling An Entire Mst Region At Once Or Exchanging One Region Configuration For Another139................................................................................................................................................................
Mstp Vlan Configuration Enhancement141................................................................................................................................................................
Preconfiguring Vlans In An Mst Instance142................................................................................................................................................................
Configuring Mstp Instances With The Vlan Range Option143................................................................................................................................................................
Operating Notes For The Vlan Configuration Enhancement145................................................................................................................................................................
How To Save Your Current Configuration146................................................................................................................................................................
Displaying Mstp Statistics And Configuration148................................................................................................................................................................
Displaying Global Mstp Status149................................................................................................................................................................
Displaying Detailed Port Information151................................................................................................................................................................
Displaying Status For A Specific Mst Instance152................................................................................................................................................................
Displaying The Mstp Configuration153................................................................................................................................................................
Troubleshooting An Mstp Configuration157................................................................................................................................................................
Displaying The Change History Of Root Bridges157................................................................................................................................................................
Displaying Debug Counters For All Mst Instances160................................................................................................................................................................
Displaying Debug Counters For One Mst Instance161................................................................................................................................................................
Displaying Debug Counters For Ports In An Mst Instance163................................................................................................................................................................
Field Descriptions In Mstp Debug Command Output165................................................................................................................................................................
Troubleshooting Mstp Operation168................................................................................................................................................................
Loop Protection169................................................................................................................................................................
Configuring Loop Protection170................................................................................................................................................................
Viewing Loop Protection Status171................................................................................................................................................................
Quality Of Service (qos): Managing Bandwidth More Effectively172................................................................................................................................................................
Classifiers For Prioritizing Outbound Packets181................................................................................................................................................................
Packet Classifiers And Evaluation Order181................................................................................................................................................................
Preparation For Configuring Qos182................................................................................................................................................................
Preserving 802.1p Priority182................................................................................................................................................................
Steps For Configuring Qos On The Switch182................................................................................................................................................................
Viewing The Qos Configuration184................................................................................................................................................................
No Override184................................................................................................................................................................
Quality Of Service For Outbound Traffic185................................................................................................................................................................
Qos Ip Type-of-service (tos) Policy And Priority186................................................................................................................................................................
Of The Tos Precedence Bits187................................................................................................................................................................
Basis Of Incoming Dscp188................................................................................................................................................................
Assigning A Dscp Policy On The Basis Of The Dscp In Ipv4 Packets Received From Upstream Devices192................................................................................................................................................................
Details Of Qos Ip Type-of-service195................................................................................................................................................................
Qos Source-port Priority198................................................................................................................................................................
Assigning A Priority Based On Source-port198................................................................................................................................................................
Assigning A Dscp Policy Based On The Source-port200................................................................................................................................................................
Differentiated Services Codepoint (dscp) Mapping204................................................................................................................................................................
Default Priority Settings For Selected Codepoints205................................................................................................................................................................
Quickly Listing Non-default Codepoint Settings205................................................................................................................................................................
Startup Configuration206................................................................................................................................................................
Notes On Changing A Priority Setting207................................................................................................................................................................
Error Messages Caused By Dscp Policy Changes207................................................................................................................................................................
Example Of Changing The Priority Setting On A Policy When One Or More Classifiers Are Currently Using The Policy208................................................................................................................................................................
Qos Queue Configuration211................................................................................................................................................................
Qos Operating Notes And Restrictions212................................................................................................................................................................
Ip Multicast (igmp) Interaction With Qos214................................................................................................................................................................
HP ProCurve 6120G/XG Installation And Getting Started Manual

HP ProCurve 6120G/XG Installation And Getting Started Manual (62 pages)

HP ProCurve Series 6120 Blade Switches Installation and Getting Started Guide  
Brand: HP | Category: Server | Size: 3.46 MB
Table of contents
Table Of Contents5................................................................................................................................................................
Introducing The Switch9................................................................................................................................................................
Hp Procurve 6120g/xg Blade Switch9................................................................................................................................................................
Hp Procurve 6120xg Blade Switch12................................................................................................................................................................
Dual-personality Ports14................................................................................................................................................................
Pre-installation Planning16................................................................................................................................................................
Hardware Setup Overview16................................................................................................................................................................
Switch Installation17................................................................................................................................................................
Installation Guidelines17................................................................................................................................................................
Installing The Blade Switch Into The Enclosure17................................................................................................................................................................
Accessing The Blade Switch From The Hp Bladesystem17................................................................................................................................................................
Onboard Administrator19................................................................................................................................................................
Optional) Connect A Console To The Switch19................................................................................................................................................................
Direct Console Access20................................................................................................................................................................
Accessing The Blade Switch From The Ethernet Interface (in Band)21................................................................................................................................................................
Installing Or Removing Sfp (mini-gbic), Sfp+ Or Xfp Transceivers21................................................................................................................................................................
Installing A Mini-gbic, Sfp+ Or Xfp Transceiver22................................................................................................................................................................
Removing A Mini-gbic22................................................................................................................................................................
Example Topologies23................................................................................................................................................................
Getting Started With Switch Configuration26................................................................................................................................................................
Recommended Minimal Configuration26................................................................................................................................................................
Using The Console Setup Screen27................................................................................................................................................................
Where To Go From Here28................................................................................................................................................................
To Recover From A Lost Manager Password28................................................................................................................................................................
Using The Ip Address For Remote Switch Management29................................................................................................................................................................
Starting A Telnet Session29................................................................................................................................................................
Starting A Web Browser Session29................................................................................................................................................................
Troubleshooting30................................................................................................................................................................
Basic Troubleshooting Tips31................................................................................................................................................................
Diagnosing The 6120g/xg With The Leds33................................................................................................................................................................
Diagnostic Tips33................................................................................................................................................................
Diagnosing The 6120xg With The Leds35................................................................................................................................................................
Proactive Networking37................................................................................................................................................................
Hardware Diagnostic Tests37................................................................................................................................................................
Testing The Switch By Resetting It37................................................................................................................................................................
Checking The Switch Leds37................................................................................................................................................................
Checking Console Messages38................................................................................................................................................................
Testing Twisted-pair Cabling38................................................................................................................................................................
Testing Switch-to-device Network Communications38................................................................................................................................................................
Testing End-to-end Network Communications38................................................................................................................................................................
Restoring The Factory Default Configuration39................................................................................................................................................................
Switch System Maintenance Switch40................................................................................................................................................................
Restoring Factory Firmware41................................................................................................................................................................
Downloading New Switch Software42................................................................................................................................................................
Hp Customer Support Services42................................................................................................................................................................
Before Calling Support43................................................................................................................................................................
Hp Contact Information43................................................................................................................................................................
Specifications44................................................................................................................................................................
Physical44................................................................................................................................................................
Environmental44................................................................................................................................................................
Connectors44................................................................................................................................................................
Safety44................................................................................................................................................................
Lasers45................................................................................................................................................................
Cabling And Technology Information46................................................................................................................................................................
Cabling Specifications46................................................................................................................................................................
Technology Distance Specifications47................................................................................................................................................................
Mode Conditioning Patch Cord47................................................................................................................................................................
Installing The Patch Cord47................................................................................................................................................................
Twisted-pair Cable/connector Pin-outs48................................................................................................................................................................
Mbps Or 100 Mbps Network Connections50................................................................................................................................................................
Cable Diagram50................................................................................................................................................................
Pin Assignments50................................................................................................................................................................
Mbps Or 100 Mbps Network Connection50................................................................................................................................................................
Crossover Twisted-pair Cable For50................................................................................................................................................................
Mbps Network Connections51................................................................................................................................................................
Straight-through Twisted-pair Cable For51................................................................................................................................................................
Safety And Emc Regulatory Statements52................................................................................................................................................................
Safety Information52................................................................................................................................................................
Safety Information (japan)57................................................................................................................................................................
Safety Information (china)58................................................................................................................................................................
Emc Regulatory Statements58................................................................................................................................................................
U.s.a60................................................................................................................................................................
European Community60................................................................................................................................................................
China Regulatory Statements61................................................................................................................................................................
HP ProCurve 6120G/XG Brochure & Specs

HP ProCurve 6120G/XG Brochure & Specs (17 pages)

Blade Switch  
Brand: HP | Category: Switch | Size: 0.54 MB
Table of contents
Standard Features4................................................................................................................................................................
Service And Support6................................................................................................................................................................
Technical Specifications12................................................................................................................................................................
HP ProCurve 6120G/XG Frequently Asked Questions

HP ProCurve 6120G/XG Frequently Asked Questions (4 pages)

ISS Technology Update Index  
Brand: HP | Category: Server | Size: 0.08 MB
HP ProCurve 6120G/XG Installation Instructions

HP ProCurve 6120G/XG Installation Instructions (4 pages)

HP ProCurve 6120G/XG: Install Guide  
Brand: HP | Category: Switch | Size: 0.82 MB
Table of contents
Installation Instructions1................................................................................................................................................................
Kit Contents1................................................................................................................................................................
Additional Information1................................................................................................................................................................
Installation Guidelines1................................................................................................................................................................
Firmware Requirements2................................................................................................................................................................
Front Panel2................................................................................................................................................................
Technical Support4................................................................................................................................................................
HP ProCurve 6120G/XG Installation Instructions

HP ProCurve 6120G/XG Installation Instructions (4 pages)

HP ProCurve 6120XG Blade Switch Installation Instructions  
Brand: HP | Category: Server | Size: 0.84 MB
Table of contents
Kit Contents1................................................................................................................................................................
Hp Procurve 6120xg Blade Switch1................................................................................................................................................................
Additional Information1................................................................................................................................................................
Installation Guidelines1................................................................................................................................................................
Front Panel2................................................................................................................................................................
Technical Support4................................................................................................................................................................

Share and save

Advertising