HP ProCurve 6120XG Manuals

Manuals and User Guides for HP ProCurve 6120XG. We have 9 HP ProCurve 6120XG manuals available for free PDF download: Configuration Manual, Manual, Management And Configuration Manual, Management Manual, Installation And Getting Started Manual, Frequently Asked Questions, Installation Instructions

HP ProCurve 6120XG Configuration Manual

HP ProCurve 6120XG Configuration Manual (662 pages)

ProCurve Series 6120 Blade Switches Management and Configuration Guide  
Brand: HP | Category: Server | Size: 4.76 MB
Table of contents
Table Of Contents5................................................................................................................................................................
Getting Started5................................................................................................................................................................
Selecting A Management Interface6................................................................................................................................................................
Using The Menu Interface6................................................................................................................................................................
Using The Command Line Interface (cli)7................................................................................................................................................................
Using The Procurve Web Browser Interface7................................................................................................................................................................
Switch Memory And Configuration8................................................................................................................................................................
Interface Access And System Information10................................................................................................................................................................
Time Protocols11................................................................................................................................................................
Port Trunking13................................................................................................................................................................
Product Documentation25................................................................................................................................................................
Contents31................................................................................................................................................................
Introduction32................................................................................................................................................................
Conventions32................................................................................................................................................................
Command Syntax Statements32................................................................................................................................................................
Command Prompts33................................................................................................................................................................
Screen Simulations33................................................................................................................................................................
Configuration And Operation Examples33................................................................................................................................................................
Keys33................................................................................................................................................................
Sources For More Information34................................................................................................................................................................
Getting Documentation From The Web36................................................................................................................................................................
Online Help36................................................................................................................................................................
Menu Interface36................................................................................................................................................................
Command Line Interface37................................................................................................................................................................
Web Browser Interface37................................................................................................................................................................
Need Only A Quick Start?38................................................................................................................................................................
Ip Addressing38................................................................................................................................................................
Need Only A Quick Start38................................................................................................................................................................
To Set Up And Install The Switch In Your Network39................................................................................................................................................................
Physical Installation39................................................................................................................................................................
Overview42................................................................................................................................................................
Understanding Physical Interfaces42................................................................................................................................................................
Understanding Management Interfaces43................................................................................................................................................................
Advantages Of Using The Menu Interface44................................................................................................................................................................
Advantages Of Using The Cli45................................................................................................................................................................
General Benefits45................................................................................................................................................................
Information On Using The Cli45................................................................................................................................................................
Advantages Of Using The Web Browser Interface46................................................................................................................................................................
Or Procurve Manager Plus47................................................................................................................................................................
Web Browser Interfaces48................................................................................................................................................................
Banner Operation With Telnet, Serial, Or Sshv2 Access49................................................................................................................................................................
Banner Operation With Web Browser Access49................................................................................................................................................................
Configuring And Displaying A Non-default Banner49................................................................................................................................................................
Example Of Configuring And Displaying A Banner50................................................................................................................................................................
Operating Notes53................................................................................................................................................................
Starting And Ending A Menu Session57................................................................................................................................................................
How To Start A Menu Interface Session58................................................................................................................................................................
How To End A Menu Session And Exit From The Console:59................................................................................................................................................................
How To End A Menu Session And Exit From The Console59................................................................................................................................................................
Main Menu Features61................................................................................................................................................................
Screen Structure And Navigation63................................................................................................................................................................
Rebooting The Switch66................................................................................................................................................................
Menu Features List68................................................................................................................................................................
Where To Go From Here69................................................................................................................................................................
Accessing The Cli72................................................................................................................................................................
Using The Cli72................................................................................................................................................................
Privilege Levels At Logon73................................................................................................................................................................
Privilege Level Operation74................................................................................................................................................................
Operator Privileges74................................................................................................................................................................
Manager Privileges75................................................................................................................................................................
How To Move Between Levels77................................................................................................................................................................
Listing Commands And Command Options78................................................................................................................................................................
Listing Commands Available At Any Privilege Level78................................................................................................................................................................
Listing Command Options80................................................................................................................................................................
Displaying Cli "help"81................................................................................................................................................................
Displaying Cli "help81................................................................................................................................................................
Configuration Commands And The Context Configuration Modes83................................................................................................................................................................
Cli Control And Editing86................................................................................................................................................................
Executing A Prior Command—redo86................................................................................................................................................................
Repeating Execution Of A Command86................................................................................................................................................................
Using A Command Alias88................................................................................................................................................................
Cli Shortcut Keystrokes90................................................................................................................................................................
General Features94................................................................................................................................................................
Interface Session With The Switch95................................................................................................................................................................
Using A Standalone Web Browser In A Pc Or Unix Workstation95................................................................................................................................................................
Procurve Manager Plus (pcm+)96................................................................................................................................................................
Tasks For Your First Procurve Web Browser Interface Session98................................................................................................................................................................
Viewing The "first Time Install" Window98................................................................................................................................................................
In The Browser Interface99................................................................................................................................................................
Entering A User Name And Password101................................................................................................................................................................
Using A User Name101................................................................................................................................................................
If You Lose The Password101................................................................................................................................................................
Online Help For The Web Browser Interface102................................................................................................................................................................
Support/mgmt Urls Feature103................................................................................................................................................................
Support Url104................................................................................................................................................................
Help And The Management Server Url104................................................................................................................................................................
Using The Pcm Server For Switch Web Help105................................................................................................................................................................
Status Reporting Features107................................................................................................................................................................
The Overview Window107................................................................................................................................................................
The Port Utilization And Status Displays108................................................................................................................................................................
Port Utilization108................................................................................................................................................................
Port Status110................................................................................................................................................................
The Alert Log111................................................................................................................................................................
Sorting The Alert Log Entries111................................................................................................................................................................
Alert Types And Detailed Views112................................................................................................................................................................
The Status Bar113................................................................................................................................................................
Setting Fault Detection Policy115................................................................................................................................................................
Configuration File Management119................................................................................................................................................................
Using The Cli To Implement Configuration Changes122................................................................................................................................................................
Configuration Changes126................................................................................................................................................................
Menu: Implementing Configuration Changes126................................................................................................................................................................
Rebooting From The Menu Interface127................................................................................................................................................................
Web: Implementing Configuration Changes129................................................................................................................................................................
Using Primary And Secondary Flash Image Options130................................................................................................................................................................
Displaying The Current Flash Image Data130................................................................................................................................................................
Switch Software Downloads132................................................................................................................................................................
Local Switch Software Replacement And Removal133................................................................................................................................................................
Operating Notes About Booting135................................................................................................................................................................
Boot And Reload Command Comparison136................................................................................................................................................................
Setting The Default Flash137................................................................................................................................................................
Booting From The Default Flash (primary Or Secondary)138................................................................................................................................................................
Booting From A Specified Flash138................................................................................................................................................................
Using Reload139................................................................................................................................................................
Multiple Configuration Files141................................................................................................................................................................
General Operation142................................................................................................................................................................
Transitioning To Multiple Configuration Files143................................................................................................................................................................
Listing And Displaying Startup-config Files145................................................................................................................................................................
Configuration Enabled145................................................................................................................................................................
Displaying The Content Of A Specific Startup-config File146................................................................................................................................................................
Changing Or Overriding The Reboot Configuration Policy146................................................................................................................................................................
Managing Startup-config Files In The Switch148................................................................................................................................................................
Renaming An Existing Startup-config File149................................................................................................................................................................
Creating A New Startup-config File149................................................................................................................................................................
Erasing A Startup-config File151................................................................................................................................................................
Switch To Its Default Configuration153................................................................................................................................................................
Transferring Startup-config Files To Or From A Remote Server153................................................................................................................................................................
Tftp: Copying A Configuration File To A Remote Host154................................................................................................................................................................
Tftp: Copying A Configuration File From A Remote Host155................................................................................................................................................................
Connected Host156................................................................................................................................................................
Operating Notes For Multiple Configuration Files157................................................................................................................................................................
Automatic Configuration Update With Dhcp Option 66157................................................................................................................................................................
Cli Command157................................................................................................................................................................
Automatic Configuration Update With Dhcp Option157................................................................................................................................................................
Possible Scenarios For Updating The Configuration File158................................................................................................................................................................
Log Messages159................................................................................................................................................................
Interface Access: Console/serial Link, Web, And Inbound Telnet163................................................................................................................................................................
Menu: Modifying The Interface Access164................................................................................................................................................................
Cli: Modifying The Interface Access165................................................................................................................................................................
Making Window Size Negotiation Available For A Telnet Session167................................................................................................................................................................
Sessions172................................................................................................................................................................
System Information173................................................................................................................................................................
Menu: Viewing And Configuring System Information174................................................................................................................................................................
Cli: Viewing And Configuring System Information175................................................................................................................................................................
Web: Configuring System Parameters180................................................................................................................................................................
Ip Configuration182................................................................................................................................................................
Just Want A Quick Start With Ip Addressing?183................................................................................................................................................................
Just Want A Quick Start With Ip Addressing183................................................................................................................................................................
Ip Addressing With Multiple Vlans184................................................................................................................................................................
Menu: Configuring Ip Address, Gateway, And Time-to-live (ttl)185................................................................................................................................................................
Cli: Configuring Ip Address, Gateway, And Time-to-live (ttl)186................................................................................................................................................................
Web: Configuring Ip Addressing190................................................................................................................................................................
How Ip Addressing Affects Switch Operation191................................................................................................................................................................
Dhcp/bootp Operation192................................................................................................................................................................
Network Preparations For Configuring Dhcp/bootp194................................................................................................................................................................
Ip Preserve: Retaining Vlan-1 Ip Addressing Across Configuration File Downloads196................................................................................................................................................................
Operating Rules For Ip Preserve196................................................................................................................................................................
Enabling Ip Preserve197................................................................................................................................................................
Configuring A Single Source Ip Address200................................................................................................................................................................
Specifying The Source Ip Address200................................................................................................................................................................
The Source Ip Selection Policy201................................................................................................................................................................
Displaying The Source Ip Interface Information204................................................................................................................................................................
Error Messages208................................................................................................................................................................
Timep Time Synchronization211................................................................................................................................................................
Sntp Time Synchronization211................................................................................................................................................................
Protocol Operation212................................................................................................................................................................
General Steps For Running A Time Protocol On The Switch:212................................................................................................................................................................
Disabling Time Synchronization212................................................................................................................................................................
Sntp: Viewing, Selecting, And Configuring213................................................................................................................................................................
Menu: Viewing And Configuring Sntp214................................................................................................................................................................
Cli: Viewing And Configuring Sntp217................................................................................................................................................................
Viewing The Current Sntp Configuration217................................................................................................................................................................
Configuring (enabling Or Disabling) The Sntp Mode219................................................................................................................................................................
Sntp Client Authentication225................................................................................................................................................................
Requirements225................................................................................................................................................................
Key-value227................................................................................................................................................................
Configuring A Trusted Key227................................................................................................................................................................
Associating A Key With An Sntp Server228................................................................................................................................................................
Enabling Sntp Client Authentication229................................................................................................................................................................
Configuring Unicast And Broadcast Mode229................................................................................................................................................................
Displaying Sntp Configuration Information230................................................................................................................................................................
Include-credentials Command232................................................................................................................................................................
Timep: Viewing, Selecting, And Configuring235................................................................................................................................................................
Menu: Viewing And Configuring Timep236................................................................................................................................................................
Cli: Viewing And Configuring Timep238................................................................................................................................................................
Viewing The Current Timep Configuration238................................................................................................................................................................
Configuring (enabling Or Disabling) The Timep Mode240................................................................................................................................................................
Sntp Unicast Time Polling With Multiple Sntp Servers245................................................................................................................................................................
Displaying All Sntp Server Addresses Configured On The Switch245................................................................................................................................................................
Adding And Deleting Sntp Server Addresses246................................................................................................................................................................
Configured246................................................................................................................................................................
Sntp Messages In The Event Log246................................................................................................................................................................
Viewing Port Status And Configuring Port Parameters249................................................................................................................................................................
Menu: Port Configuration252................................................................................................................................................................
Cli: Viewing Port Status And Configuring Port Parameters254................................................................................................................................................................
Viewing Port Status And Configuration254................................................................................................................................................................
Customizing The Show Interfaces Command256................................................................................................................................................................
Custom" Command259................................................................................................................................................................
Viewing Port Utilization Statistics259................................................................................................................................................................
Viewing Transceiver Status260................................................................................................................................................................
Enabling Or Disabling Ports And Configuring Port Mode261................................................................................................................................................................
Enabling Or Disabling Flow Control263................................................................................................................................................................
Configuring A Broadcast Limit On The Switch264................................................................................................................................................................
Configuring Procurve Auto-mdix265................................................................................................................................................................
Web: Viewing Port Status And Configuring Port Parameters268................................................................................................................................................................
Using Friendly (optional) Port Names269................................................................................................................................................................
Configuring And Operating Rules For Friendly Port Names269................................................................................................................................................................
Configuring Friendly Port Names270................................................................................................................................................................
Displaying Friendly Port Names With Other Port Data271................................................................................................................................................................
Been Inserted275................................................................................................................................................................
Transceivers275................................................................................................................................................................
Modules275................................................................................................................................................................
Clearing The Module Configuration275................................................................................................................................................................
Uni-directional Link Detection (udld)277................................................................................................................................................................
Configuring Udld278................................................................................................................................................................
Enabling Udld279................................................................................................................................................................
Changing The Keepalive Interval280................................................................................................................................................................
Changing The Keepalive Retries280................................................................................................................................................................
Configuring Udld For Tagged Ports280................................................................................................................................................................
Viewing Udld Information281................................................................................................................................................................
Configuration Warnings And Event Log Messages283................................................................................................................................................................
Uplink Failure Detection284................................................................................................................................................................
Terminology284................................................................................................................................................................
Guidelines285................................................................................................................................................................
Configuring Ufd286................................................................................................................................................................
Example Of Ufd Configuration286................................................................................................................................................................
Port Trunk Features And Operation292................................................................................................................................................................
Trunk Configuration Methods292................................................................................................................................................................
Menu: Viewing And Configuring A Static Trunk Group297................................................................................................................................................................
Cli: Viewing And Configuring Port Trunk Groups299................................................................................................................................................................
Using The Cli To View Port Trunks299................................................................................................................................................................
Using The Cli To Configure A Static Or Dynamic Trunk Group302................................................................................................................................................................
Web: Viewing Existing Port Trunk Groups305................................................................................................................................................................
Trunk Group Operation Using Lacp306................................................................................................................................................................
Default Port Operation309................................................................................................................................................................
Lacp Notes And Restrictions310................................................................................................................................................................
Trunk Group Operation Using The "trunk" Option314................................................................................................................................................................
How The Switch Lists Trunk Data315................................................................................................................................................................
Outbound Traffic Distribution Across Trunked Links315................................................................................................................................................................
Rate-limiting322................................................................................................................................................................
All Traffic Rate-limiting322................................................................................................................................................................
Configuring Rate-limiting322................................................................................................................................................................
Displaying The Current Rate-limit Configuration324................................................................................................................................................................
Operating Notes For Rate-limiting324................................................................................................................................................................
Guaranteed Minimum Bandwidth (gmb)328................................................................................................................................................................
Gmb Operation328................................................................................................................................................................
Impacts Of Qos Queue Configuration On Gmb Operation330................................................................................................................................................................
Outbound Traffic331................................................................................................................................................................
Configuration335................................................................................................................................................................
Gmb Operating Notes337................................................................................................................................................................
Jumbo Frames338................................................................................................................................................................
Operating Rules339................................................................................................................................................................
Configuring Jumbo Frame Operation340................................................................................................................................................................
Viewing The Current Jumbo Configuration341................................................................................................................................................................
Enabling Or Disabling Jumbo Traffic On A Vlan343................................................................................................................................................................
Configuring A Maximum Frame Size343................................................................................................................................................................
Snmp Implementation343................................................................................................................................................................
Displaying The Maximum Frame Size344................................................................................................................................................................
Operating Notes For Maximum Frame Size344................................................................................................................................................................
Operating Notes For Jumbo Traffic-handling345................................................................................................................................................................
Troubleshooting347................................................................................................................................................................
Hp 6120xg347................................................................................................................................................................
Using Snmp Tools To Manage The Switch352................................................................................................................................................................
Snmp Management Features354................................................................................................................................................................
Configuring For Snmp Version 1 And 2c Access To The Switch354................................................................................................................................................................
Configuring For Snmp Version 3 Access To The Switch355................................................................................................................................................................
Snmp Version 3 Commands356................................................................................................................................................................
Enabling Snmpv3357................................................................................................................................................................
Snmpv3 Users357................................................................................................................................................................
Enabling Snmpv357................................................................................................................................................................
Group Access Levels361................................................................................................................................................................
Snmpv3 Communities361................................................................................................................................................................
Communities363................................................................................................................................................................
Cli: Viewing And Configuring Snmp Community Names365................................................................................................................................................................
Snmp Notifications367................................................................................................................................................................
Supported Notifications367................................................................................................................................................................
General Steps For Configuring Snmp Notifications368................................................................................................................................................................
Snmpv1 And Snmpv2c Traps369................................................................................................................................................................
Configuring An Snmp Trap Receiver369................................................................................................................................................................
Enabling Snmpv2c Informs371................................................................................................................................................................
Configuring Snmpv3 Notifications373................................................................................................................................................................
Managing Network Security Notifications376................................................................................................................................................................
Enabling Link-change Traps378................................................................................................................................................................
Configuring The Source Ip Address For Snmp Notifications379................................................................................................................................................................
Displaying Snmp Notification Configuration381................................................................................................................................................................
Configuring Listening Mode383................................................................................................................................................................
Advanced Management: Rmon384................................................................................................................................................................
Cli-configured Sflow With Multiple Instances384................................................................................................................................................................
Configuring Sflow385................................................................................................................................................................
Viewing Sflow Configuration And Status385................................................................................................................................................................
Lldp (link-layer Discovery Protocol)388................................................................................................................................................................
General Lldp Operation391................................................................................................................................................................
Lldp-med391................................................................................................................................................................
Packet Boundaries In A Network Topology391................................................................................................................................................................
Configuration Options392................................................................................................................................................................
Options For Reading Lldp Information Collected By The Switch394................................................................................................................................................................
Lldp And Lldp-med Standards Compatibility394................................................................................................................................................................
Lldp Operating Rules395................................................................................................................................................................
Configuring Lldp Operation396................................................................................................................................................................
Viewing The Current Configuration396................................................................................................................................................................
Configuring Global Lldp Packet Controls398................................................................................................................................................................
Configuring Snmp Notification Support402................................................................................................................................................................
Configuring Per-port Transmit And Receive Modes403................................................................................................................................................................
Configuring Basic Lldp Per-port Advertisement Content404................................................................................................................................................................
Advertisements406................................................................................................................................................................
Port Vlan Id Tlv Support On Lldp407................................................................................................................................................................
Configuring The Vlan Id Tlv407................................................................................................................................................................
Displaying The Tlvs Advertised408................................................................................................................................................................
Snmp Support409................................................................................................................................................................
Lldp-med (media-endpoint-discovery)410................................................................................................................................................................
Lldp-med Topology Change Notification413................................................................................................................................................................
Lldp-med Fast Start Control414................................................................................................................................................................
And Location Data414................................................................................................................................................................
Configuring Location Data For Lldp-med Devices417................................................................................................................................................................
Displaying Advertisement Data422................................................................................................................................................................
Displaying Lldp Statistics427................................................................................................................................................................
Lldp Operating Notes429................................................................................................................................................................
Lldp And Cdp Data Management431................................................................................................................................................................
Lldp And Cdp Neighbor Data431................................................................................................................................................................
Cdp Operation And Commands433................................................................................................................................................................
Console Connected Pc Or Unix Workstation437................................................................................................................................................................
Connected Pc Or Unix Workstation437................................................................................................................................................................
Copying Command Output To A Destination Device438................................................................................................................................................................
Copying Event Log Output To A Destination Device438................................................................................................................................................................
Copying Crash Data Content To A Destination Device438................................................................................................................................................................
Copying Crash Log Data Content To A Destination Device438................................................................................................................................................................
Downloading Switch Software439................................................................................................................................................................
General Software Download Rules440................................................................................................................................................................
Using Tftp To Download Software From A Server440................................................................................................................................................................
Menu: Tftp Download From A Server To Primary Flash441................................................................................................................................................................
Cli: Tftp Download From A Server To Flash443................................................................................................................................................................
Enabling Tftp445................................................................................................................................................................
Using Auto-tftp447................................................................................................................................................................
Using Secure Copy And Sftp448................................................................................................................................................................
How It Works449................................................................................................................................................................
The Scp/sftp Process449................................................................................................................................................................
Disable Tftp And Auto-tftp For Enhanced Security450................................................................................................................................................................
Command Options451................................................................................................................................................................
Authentication452................................................................................................................................................................
Scp/sftp Operating Notes452................................................................................................................................................................
Troubleshooting Ssh, Sftp, And Scp Operations454................................................................................................................................................................
A Pc Or Unix Workstation455................................................................................................................................................................
Menu: Xmodem Download To Primary Flash456................................................................................................................................................................
Primary Or Secondary Flash457................................................................................................................................................................
Switch-to-switch Download458................................................................................................................................................................
Menu: Switch-to-switch Download To Primary Flash458................................................................................................................................................................
Cli: Switch-to-switch Downloads459................................................................................................................................................................
Using Pcm+ To Update Switch Software460................................................................................................................................................................
Tftp: Copying A Software Image To A Remote Host461................................................................................................................................................................
Xmodem: Copying A Software Image From The Switch To A Usb Serial Console Connected Pc Or Unix Workstation461................................................................................................................................................................
Copying Software Images461................................................................................................................................................................
Transferring Switch Configurations462................................................................................................................................................................
Tftp: Copying A Customized Command File To A Switch463................................................................................................................................................................
Status And Counters Data474................................................................................................................................................................
Menu Access To Status And Counters475................................................................................................................................................................
General System Information476................................................................................................................................................................
Menu Access476................................................................................................................................................................
Cli Access To System Information477................................................................................................................................................................
Task Monitor—collecting Processor Data478................................................................................................................................................................
Switch Management Address Information478................................................................................................................................................................
Cli Access479................................................................................................................................................................
Menu: Displaying Port Status480................................................................................................................................................................
Web Access480................................................................................................................................................................
Menu Access To Port And Trunk Statistics482................................................................................................................................................................
Cli Access To Port And Trunk Group Statistics483................................................................................................................................................................
Viewing The Switch's Mac Address Tables483................................................................................................................................................................
Menu Access To The Mac Address Views And Searches483................................................................................................................................................................
Cli Access For Mac Address Views And Searches486................................................................................................................................................................
Spanning Tree Protocol (mstp) Information488................................................................................................................................................................
Cli Access To Mstp Data488................................................................................................................................................................
Internet Group Management Protocol (igmp) Status489................................................................................................................................................................
Vlan Information490................................................................................................................................................................
Web Browser Interface Status Information492................................................................................................................................................................
Traffic Mirroring493................................................................................................................................................................
Mirroring Terminology494................................................................................................................................................................
Mirrored Traffic Destinations496................................................................................................................................................................
Local Destinations496................................................................................................................................................................
Monitored Traffic Sources496................................................................................................................................................................
Criteria For Selecting Mirrored Traffic496................................................................................................................................................................
Mirroring Sessions496................................................................................................................................................................
Mirroring Configuration497................................................................................................................................................................
Endpoint Switches And Intermediate Devices498................................................................................................................................................................
Using The Menu Or Web Interface To Configure Local Mirroring499................................................................................................................................................................
Menu And Web Interface Limits499................................................................................................................................................................
Configuration Steps500................................................................................................................................................................
Cli: Configuring Local Mirroring503................................................................................................................................................................
Local Mirroring Overview503................................................................................................................................................................
Determine The Mirroring Session And Destination505................................................................................................................................................................
Configure A Mirroring Session On The Source Switch505................................................................................................................................................................
Configure The Monitored Traffic In A Mirror Session505................................................................................................................................................................
Traffic Selection Options506................................................................................................................................................................
Mirroring-source Restrictions506................................................................................................................................................................
Selecting All Inbound/outbound Traffic To Mirror506................................................................................................................................................................
Displaying A Mirroring Configuration508................................................................................................................................................................
Displaying The Mirroring Configuration Summary508................................................................................................................................................................
Viewing Mirroring In The Current Configuration File510................................................................................................................................................................
Mirroring Configuration Examples511................................................................................................................................................................
Local Mirroring Using Traffic-direction Criteria511................................................................................................................................................................
Maximum Supported Frame Size512................................................................................................................................................................
Enabling Jumbo Frames To Increase Mirroring Path Mtu513................................................................................................................................................................
Untagged, Mirrored Traffic514................................................................................................................................................................
Troubleshooting Mirroring517................................................................................................................................................................
Troubleshooting Approaches523................................................................................................................................................................
Browser Or Telnet Access Problems525................................................................................................................................................................
Unusual Network Activity527................................................................................................................................................................
General Problems527................................................................................................................................................................
Q Prioritization Problems528................................................................................................................................................................
Igmp-related Problems528................................................................................................................................................................
Lacp-related Problems529................................................................................................................................................................
Port-based Access Control (802.1x)-related Problems529................................................................................................................................................................
Qos-related Problems532................................................................................................................................................................
Radius-related Problems533................................................................................................................................................................
Spanning-tree Protocol (mstp) And Fast-uplink Problems534................................................................................................................................................................
Ssh-related Problems535................................................................................................................................................................
Tacacs-related Problems537................................................................................................................................................................
Timep, Sntp, Or Gateway Problems539................................................................................................................................................................
Vlan-related Problems539................................................................................................................................................................
Using The Event Log For Troubleshooting Switch Problems542................................................................................................................................................................
Event Log Entries542................................................................................................................................................................
Menu: Displaying And Navigating In The Event Log549................................................................................................................................................................
Cli: Displaying The Event Log550................................................................................................................................................................
Cli: Clearing Event Log Entries550................................................................................................................................................................
Cli: Turning Event Numbering On551................................................................................................................................................................
Event Log And Snmp Messages551................................................................................................................................................................
Log Throttle Periods552................................................................................................................................................................
Example Of Log Throttling552................................................................................................................................................................
Example Of Event Counter Operation554................................................................................................................................................................
Debug/syslog Operation555................................................................................................................................................................
Debug/syslog Messaging555................................................................................................................................................................
Debug/syslog Destination Devices555................................................................................................................................................................
Debug/syslog Configuration Commands556................................................................................................................................................................
Configuring Debug/syslog Operation557................................................................................................................................................................
Displaying A Debug/syslog Configuration559................................................................................................................................................................
Debug Command562................................................................................................................................................................
Debug Messages562................................................................................................................................................................
Debug Destinations563................................................................................................................................................................
Logging Command565................................................................................................................................................................
Configuring A Syslog Server566................................................................................................................................................................
Adding A Description For A Syslog Server568................................................................................................................................................................
Adding A Priority Description569................................................................................................................................................................
Sent To A Syslog Server570................................................................................................................................................................
Messages Sent To A Syslog Server571................................................................................................................................................................
Operating Notes For Debug And Syslog571................................................................................................................................................................
Diagnostic Tools573................................................................................................................................................................
Port Auto-negotiation574................................................................................................................................................................
Ping And Link Tests574................................................................................................................................................................
Web: Executing Ping Or Link Tests575................................................................................................................................................................
Cli: Ping Test576................................................................................................................................................................
Link Tests577................................................................................................................................................................
Traceroute Command578................................................................................................................................................................
Viewing Switch Configuration And Operation582................................................................................................................................................................
Cli: Viewing The Startup Or Running Configuration File582................................................................................................................................................................
Web: Viewing The Configuration File582................................................................................................................................................................
Cli: Viewing A Summary Of Switch Operational Data582................................................................................................................................................................
Saving Show Tech Command Output To A Text File584................................................................................................................................................................
Customizing Show Tech Command Output585................................................................................................................................................................
Cli: Viewing More Information On Switch Operation588................................................................................................................................................................
Pattern Matching When Using The Show Command589................................................................................................................................................................
Cli: Useful Commands For Troubleshooting Sessions592................................................................................................................................................................
Restoring The Factory-default Configuration593................................................................................................................................................................
Cli: Resetting To The Factory-default Configuration593................................................................................................................................................................
Clear/reset: Resetting To The Factory-default Configuration593................................................................................................................................................................
Restoring A Flash Image594................................................................................................................................................................
Dns Resolver596................................................................................................................................................................
Basic Operation597................................................................................................................................................................
Dns-compatible Commands598................................................................................................................................................................
Configuring A Dns Entry599................................................................................................................................................................
Example Using Dns Names With Ping And Traceroute600................................................................................................................................................................
Viewing The Current Dns Configuration602................................................................................................................................................................
Event Log Messages604................................................................................................................................................................
Determining Mac Addresses607................................................................................................................................................................
Menu: Viewing The Switch's Mac Addresses608................................................................................................................................................................
Cli: Viewing The Port And Vlan Mac Addresses609................................................................................................................................................................
Viewing The Mac Addresses Of Connected Devices611................................................................................................................................................................
Viewing Information On Resource Usage614................................................................................................................................................................
Policy Enforcement Engine614................................................................................................................................................................
When Insufficient Resources Are Available615................................................................................................................................................................
Concepts622................................................................................................................................................................
Example625................................................................................................................................................................
Oobm And Switch Applications626................................................................................................................................................................
Tasks627................................................................................................................................................................
Oobm Configuration627................................................................................................................................................................
Oobm Context627................................................................................................................................................................
Oobm Enable/disable628................................................................................................................................................................
Oobm Port Enable/disable629................................................................................................................................................................
Oobm Ipv4 Address Configuration630................................................................................................................................................................
Oobm Ipv4 Default Gateway Configuration630................................................................................................................................................................
Oobm Show Commands631................................................................................................................................................................
Show Oobm631................................................................................................................................................................
Show Oobm Ip Configuration632................................................................................................................................................................
Show Oobm Arp Information632................................................................................................................................................................
Application Server Commands633................................................................................................................................................................
Application Client Commands635................................................................................................................................................................
General Procedure639................................................................................................................................................................

Advertising

HP ProCurve 6120XG Manual

HP ProCurve 6120XG Manual (606 pages)

HP ProCurve Series 6120 Blade Switches Access Security Guide  
Brand: HP | Category: Server | Size: 3.8 MB
Table of contents
Table Of Contents5................................................................................................................................................................
Security Overview5................................................................................................................................................................
Web And Mac Authentication7................................................................................................................................................................
For Switch Services10................................................................................................................................................................
Ipv4 Access Control Lists (acls)13................................................................................................................................................................
Configuring Advanced Threat Protection15................................................................................................................................................................
Configuring Port-based And17................................................................................................................................................................
User-based Access Control (802.1x)17................................................................................................................................................................
Configuring And Monitoring Port Security19................................................................................................................................................................
Using Authorized Ip Managers20................................................................................................................................................................
Product Documentation23................................................................................................................................................................
Contents29................................................................................................................................................................
Introduction30................................................................................................................................................................
About This Guide30................................................................................................................................................................
For More Information30................................................................................................................................................................
Access Security Features31................................................................................................................................................................
Network Security Features35................................................................................................................................................................
Getting Started With Access Security37................................................................................................................................................................
Physical Security37................................................................................................................................................................
Quick Start: Using The Management Interface Wizard38................................................................................................................................................................
Cli: Management Interface Wizard38................................................................................................................................................................
Web: Management Interface Wizard40................................................................................................................................................................
Snmp Security Guidelines43................................................................................................................................................................
Precedence Of Security Options45................................................................................................................................................................
Precedence Of Port-based Security Options45................................................................................................................................................................
Dynamic Configuration Arbiter45................................................................................................................................................................
Network Immunity Manager46................................................................................................................................................................
Arbitrating Client-specific Attributes47................................................................................................................................................................
Procurve Identity-driven Manager (idm)49................................................................................................................................................................
Overview53................................................................................................................................................................
Configuring Local Password Security56................................................................................................................................................................
Menu: Setting Passwords56................................................................................................................................................................
Cli: Setting Passwords And Usernames58................................................................................................................................................................
Web: Setting Passwords And Usernames59................................................................................................................................................................
Snmp: Setting Passwords And Usernames59................................................................................................................................................................
Saving Security Credentials In A Config File60................................................................................................................................................................
Benefits Of Saving Security Credentials60................................................................................................................................................................
Enabling The Storage And Display Of Security Credentials61................................................................................................................................................................
Security Settings That Can Be Saved61................................................................................................................................................................
Local Manager And Operator Passwords62................................................................................................................................................................
Password Command Options62................................................................................................................................................................
Snmp Security Credentials63................................................................................................................................................................
X Port-access Credentials64................................................................................................................................................................
Tacacs+ Encryption Key Authentication65................................................................................................................................................................
Radius Shared-secret Key Authentication65................................................................................................................................................................
Ssh Client Public-key Authentication66................................................................................................................................................................
Operating Notes69................................................................................................................................................................
Restrictions71................................................................................................................................................................
Front-panel Security73................................................................................................................................................................
When Security Is Important73................................................................................................................................................................
Front-panel Button Functions74................................................................................................................................................................
Clear Button75................................................................................................................................................................
Reset Button75................................................................................................................................................................
Restoring The Factory Default Configuration75................................................................................................................................................................
Configuring Front-panel Security77................................................................................................................................................................
Disabling The Clear Password Function Of The Clear Button79................................................................................................................................................................
Re-enabling The Clear Button And Setting Or Changing The "reset-on-clear" Operation80................................................................................................................................................................
Changing The Operation Of The Reset+clear Combination81................................................................................................................................................................
Password Recovery82................................................................................................................................................................
Disabling Or Re-enabling The Password Recovery Process82................................................................................................................................................................
Password Recovery Process84................................................................................................................................................................
Web Authentication87................................................................................................................................................................
Mac Authentication88................................................................................................................................................................
Concurrent Web And Mac Authentication88................................................................................................................................................................
Authorized And Unauthorized Client Vlans89................................................................................................................................................................
Radius-based Authentication90................................................................................................................................................................
Wireless Clients90................................................................................................................................................................
How Web And Mac Authentication Operate90................................................................................................................................................................
Web-based Authentication91................................................................................................................................................................
Mac-based Authentication93................................................................................................................................................................
Terminology95................................................................................................................................................................
Operating Rules And Notes96................................................................................................................................................................
Setup Procedure For Web/mac Authentication98................................................................................................................................................................
Before You Configure Web/mac Authentication98................................................................................................................................................................
Configuring The Radius Server To Support Mac Authentication101................................................................................................................................................................
Configuring The Switch To Access A Radius Server101................................................................................................................................................................
Configuring Web Authentication104................................................................................................................................................................
Configuration Commands For Web Authentication105................................................................................................................................................................
Show Commands For Web Authentication112................................................................................................................................................................
Customizing Web Authentication Html Files (optional)118................................................................................................................................................................
Implementing Customized Web-auth Pages118................................................................................................................................................................
Operating Notes And Guidelines118................................................................................................................................................................
Customizing Html Templates119................................................................................................................................................................
Customizable Html Templates120................................................................................................................................................................
Configuring Mac Authentication On The Switch134................................................................................................................................................................
Configuration Commands For Mac Authentication135................................................................................................................................................................
Configuring The Global Mac Authentication Password135................................................................................................................................................................
Configuring A Mac-based Address Format137................................................................................................................................................................
Show Commands For Mac-based Authentication139................................................................................................................................................................
Client Status146................................................................................................................................................................
Terminology Used In Tacacs Applications:149................................................................................................................................................................
Terminology Used In Tacacs Applications149................................................................................................................................................................
General System Requirements151................................................................................................................................................................
General Authentication Setup Procedure151................................................................................................................................................................
Configuring Tacacs+ On The Switch154................................................................................................................................................................
Before You Begin154................................................................................................................................................................
Cli Commands Described In This Section155................................................................................................................................................................
Viewing The Switch's Current Authentication Configuration155................................................................................................................................................................
Server Contact Configuration156................................................................................................................................................................
Configuring The Switch's Authentication Methods157................................................................................................................................................................
Using The Privilege-mode Option For Login157................................................................................................................................................................
Authentication Parameters158................................................................................................................................................................
Configuring The Tacacs+ Server For Single Login159................................................................................................................................................................
Configuring The Switch's Tacacs+ Server Access164................................................................................................................................................................
How Authentication Operates170................................................................................................................................................................
General Authentication Process Using A Tacacs+ Server170................................................................................................................................................................
Local Authentication Process172................................................................................................................................................................
Using The Encryption Key173................................................................................................................................................................
General Operation173................................................................................................................................................................
Encryption Options In The Switch173................................................................................................................................................................
Controlling Web Browser Interface Access When Using Tacacs+ Authentication174................................................................................................................................................................
Messages Related To Tacacs+ Operation175................................................................................................................................................................
Authentication Services179................................................................................................................................................................
Accounting Services180................................................................................................................................................................
Radius-administered Cos And Rate-limiting180................................................................................................................................................................
Radiuis-administered Commands Authorization180................................................................................................................................................................
Snmp Access To The Switch's Authentication Configuration Mib180................................................................................................................................................................
Switch Operating Rules For Radius182................................................................................................................................................................
General Radius Setup Procedure183................................................................................................................................................................
Configuring The Switch For Radius Authentication184................................................................................................................................................................
Outline Of The Steps For Configuring Radius Authentication185................................................................................................................................................................
You Want Radius To Protect186................................................................................................................................................................
Configure Authentication For The Access Methods186................................................................................................................................................................
Enable The (optional) Access Privilege Option189................................................................................................................................................................
Configure The Switch To Access A Radius Server190................................................................................................................................................................
Configure The Switch's Global Radius Parameters193................................................................................................................................................................
Using Multiple Radius Server Groups197................................................................................................................................................................
Commands197................................................................................................................................................................
Enhanced Commands198................................................................................................................................................................
Displaying The Radius Server Group Information200................................................................................................................................................................
Cached Reauthentication202................................................................................................................................................................
Timing Considerations203................................................................................................................................................................
Switch Authentication Features206................................................................................................................................................................
Changing And Viewing The Snmp Access Configuration207................................................................................................................................................................
Controlling Web Browser Interface Access210................................................................................................................................................................
Commands Authorization211................................................................................................................................................................
Enabling Authorization212................................................................................................................................................................
Displaying Authorization Information213................................................................................................................................................................
Configuring Commands Authorization On A Radius Server213................................................................................................................................................................
Using Vendor Specific Attributes (vsas)213................................................................................................................................................................
Example Configuration On Cisco Secure Acs For Ms Windows215................................................................................................................................................................
Example Configuration Using Freeradius217................................................................................................................................................................
Vlan Assignment In An Authentication Session219................................................................................................................................................................
Tagged And Untagged Vlan Attributes220................................................................................................................................................................
Additional Radius Attributes221................................................................................................................................................................
Configuring Radius Accounting223................................................................................................................................................................
Operating Rules For Radius Accounting225................................................................................................................................................................
Steps For Configuring Radius Accounting225................................................................................................................................................................
Sending Reports To The Radius Server228................................................................................................................................................................
Configure Accounting Types And The Controls For228................................................................................................................................................................
Interim Updating Options230................................................................................................................................................................
Viewing Radius Statistics232................................................................................................................................................................
General Radius Statistics232................................................................................................................................................................
Radius Authentication Statistics234................................................................................................................................................................
Radius Accounting Statistics235................................................................................................................................................................
Changing Radius-server Access Order236................................................................................................................................................................
Messages Related To Radius Operation239................................................................................................................................................................
Radius Server Configuration For Per-port Cos (802.1p Priority) And Rate-limiting244................................................................................................................................................................
Applied Rates For Radius-assigned Rate Limits245................................................................................................................................................................
Viewing The Currently Active Per-port Cos And Rate-limiting Configuration Specified By A Radius Server246................................................................................................................................................................
Configuring And Using Radius-assigned Access Control Lists249................................................................................................................................................................
Overview Of Radius-assigned, Dynamic Acls252................................................................................................................................................................
Static Acls253................................................................................................................................................................
Acl To A Switch Port254................................................................................................................................................................
General Acl Features, Planning, And Configuration255................................................................................................................................................................
The Packet-filtering Process256................................................................................................................................................................
Operating Rules For Radius-assigned Acls256................................................................................................................................................................
Configuring An Acl In A Radius Server257................................................................................................................................................................
Nas-filter-rule-options258................................................................................................................................................................
Configuring Ace Syntax In Radius Servers258................................................................................................................................................................
Example Using The Standard Attribute (92) In An Ipv4 Acl260................................................................................................................................................................
Freeradius Application261................................................................................................................................................................
Radius-assigned Acl263................................................................................................................................................................
Configuration Notes264................................................................................................................................................................
Acls264................................................................................................................................................................
On The Switch266................................................................................................................................................................
Icmp Type Numbers And Keywords268................................................................................................................................................................
Event Log Messages269................................................................................................................................................................
After Authenticating270................................................................................................................................................................
Monitoring Shared Resources270................................................................................................................................................................
Prerequisite For Using Ssh275................................................................................................................................................................
Public Key Formats275................................................................................................................................................................
For Switch And Client Authentication276................................................................................................................................................................
General Operating Rules And Notes278................................................................................................................................................................
Configuring The Switch For Ssh Operation279................................................................................................................................................................
Enable (manager) Password280................................................................................................................................................................
Generating The Switch's Public And Private Key Pair280................................................................................................................................................................
Configuring Key Lengths283................................................................................................................................................................
Providing The Switch's Public Key To Clients283................................................................................................................................................................
Client Contact Behavior285................................................................................................................................................................
Enabling Ssh On The Switch And Anticipating Ssh285................................................................................................................................................................
Configuring The Switch For Ssh Authentication290................................................................................................................................................................
Use An Ssh Client To Access The Switch294................................................................................................................................................................
Further Information On Ssh Client Public-key Authentication294................................................................................................................................................................
Messages Related To Ssh Operation300................................................................................................................................................................
Logging Messages301................................................................................................................................................................
Debug Logging302................................................................................................................................................................
Prerequisite For Using Ssl307................................................................................................................................................................
Authentication307................................................................................................................................................................
Configuring The Switch For Ssl Operation309................................................................................................................................................................
Enabling (manager) Password309................................................................................................................................................................
Generating The Switch's Server Host Certificate310................................................................................................................................................................
With The Cli311................................................................................................................................................................
Comments On Certificate Fields312................................................................................................................................................................
Interface314................................................................................................................................................................
Web Browser Interface317................................................................................................................................................................
Browser Contact Behavior319................................................................................................................................................................
Enabling Ssl On The Switch And Anticipating Ssl319................................................................................................................................................................
Using The Cli Interface To Enable Ssl321................................................................................................................................................................
Using The Web Browser Interface To Enable Ssl321................................................................................................................................................................
Common Errors In Ssl Setup323................................................................................................................................................................
Acl Applications328................................................................................................................................................................
Optional Network Management Applications328................................................................................................................................................................
Optional Pcm And Idm Applications329................................................................................................................................................................
General Application Options329................................................................................................................................................................
Types Of Ip Acls334................................................................................................................................................................
Acl Inbound Application Points334................................................................................................................................................................
Features Common To All Acls335................................................................................................................................................................
General Steps For Planning And Configuring Acls336................................................................................................................................................................
Acl Operation337................................................................................................................................................................
Planning An Acl Application341................................................................................................................................................................
Switch Resource Usage341................................................................................................................................................................
Prioritizing And Monitoring Acl And Qos, Feature Usage341................................................................................................................................................................
Acl Resource Usage And Monitoring341................................................................................................................................................................
Rule Usage342................................................................................................................................................................
Managing Acl Resource Consumption343................................................................................................................................................................
Oversubscribing Available Resources343................................................................................................................................................................
Troubleshooting A Shortage Of Resources343................................................................................................................................................................
Example Of Acl Resource Usage344................................................................................................................................................................
Viewing The Current Rule Usage344................................................................................................................................................................
Traffic Management And Improved Network Performance347................................................................................................................................................................
Security347................................................................................................................................................................
Guidelines For Planning The Structure Of An Acl348................................................................................................................................................................
Acl Configuration And Operating Rules349................................................................................................................................................................
How An Ace Uses A Mask To Screen Packets For Matches350................................................................................................................................................................
Masks And The Masks Used With Acls?351................................................................................................................................................................
Access Control Entry (ace)352................................................................................................................................................................
Configuring And Assigning An Acl357................................................................................................................................................................
General Steps For Implementing Acls357................................................................................................................................................................
Types Of Acls357................................................................................................................................................................
Acl Configuration Structure358................................................................................................................................................................
Standard Acl Structure359................................................................................................................................................................
Extended Acl Configuration Structure359................................................................................................................................................................
Acl Configuration Factors361................................................................................................................................................................
Acl Resource Consumption361................................................................................................................................................................
The Sequence Of Entries In An Acl Is Significant361................................................................................................................................................................
In Any Acl, There Will Always Be A Match362................................................................................................................................................................
Apply It To An Interface362................................................................................................................................................................
Using The Cli To Create An Acl363................................................................................................................................................................
General Ace Rules363................................................................................................................................................................
Using Cidr Notation To Enter The Acl Mask363................................................................................................................................................................
Configuring And Assigning A Numbered, Standard Acl364................................................................................................................................................................
Configuring And Assigning A Numbered, Extended Acl369................................................................................................................................................................
Configuring A Named Acl375................................................................................................................................................................
Enabling Or Disabling Acl Filtering On An Interface377................................................................................................................................................................
Deleting An Acl From The Switch378................................................................................................................................................................
Displaying Acl Data379................................................................................................................................................................
Display An Acl Summary379................................................................................................................................................................
Display The Content Of All Acls On The Switch380................................................................................................................................................................
Display The Acl Assignments For An Interface381................................................................................................................................................................
Displaying The Content Of A Specific Acl382................................................................................................................................................................
Displaying The Current Acl Resources384................................................................................................................................................................
Display All Acls And Their Assignments In The Switch Startup-config File And Running-config File385................................................................................................................................................................
Editing Acls And Creating An Acl Offline385................................................................................................................................................................
Using The Cli To Edit Acls385................................................................................................................................................................
General Editing Rules386................................................................................................................................................................
Deleting Any Ace From An Acl386................................................................................................................................................................
Working Offline To Create Or Edit An Acl388................................................................................................................................................................
Creating An Acl Offline389................................................................................................................................................................
Enable Acl "deny" Logging392................................................................................................................................................................
Requirements For Using Acl Logging392................................................................................................................................................................
Acl Logging Operation393................................................................................................................................................................
Enabling Acl Logging On The Switch393................................................................................................................................................................
Operating Notes For Acl Logging395................................................................................................................................................................
General Acl Operating Notes396................................................................................................................................................................
Dhcp Snooping402................................................................................................................................................................
Enabling Dhcp Snooping403................................................................................................................................................................
Enabling Dhcp Snooping On Vlans405................................................................................................................................................................
Configuring Dhcp Snooping Trusted Ports406................................................................................................................................................................
Configuring Authorized Server Addresses407................................................................................................................................................................
Using Dhcp Snooping With Option 82407................................................................................................................................................................
Using Dhcp Snooping With Option407................................................................................................................................................................
Changing The Remote-id From A Mac To An Ip Address409................................................................................................................................................................
Disabling The Mac Address Check409................................................................................................................................................................
The Dhcp Binding Database410................................................................................................................................................................
Operational Notes411................................................................................................................................................................
Log Messages412................................................................................................................................................................
Dynamic Arp Protection414................................................................................................................................................................
Enabling Dynamic Arp Protection416................................................................................................................................................................
Configuring Trusted Ports416................................................................................................................................................................
Adding An Ip-to-mac Binding To The Dhcp Database418................................................................................................................................................................
Configuring Additional Validation Checks On Arp Packets419................................................................................................................................................................
Verifying The Configuration Of Dynamic Arp Protection419................................................................................................................................................................
Displaying Arp Packet Statistics420................................................................................................................................................................
Monitoring Dynamic Arp Protection421................................................................................................................................................................
Dynamic Ip Lockdown421................................................................................................................................................................
Protection Against Ip Source Address Spoofing422................................................................................................................................................................
Prerequisite: Dhcp Snooping422................................................................................................................................................................
Filtering Ip And Mac Addresses Per-port And Per-vlan423................................................................................................................................................................
Enabling Dynamic Ip Lockdown424................................................................................................................................................................
Adding An Ip-to-mac Binding To The Dhcp Binding Database426................................................................................................................................................................
Potential Issues With Bindings426................................................................................................................................................................
Adding A Static Binding427................................................................................................................................................................
Verifying The Dynamic Ip Lockdown Configuration427................................................................................................................................................................
Displaying The Static Configuration Of Ip-to-mac Bindings428................................................................................................................................................................
Debugging Dynamic Ip Lockdown429................................................................................................................................................................
Using The Instrumentation Monitor431................................................................................................................................................................
Configuring Instrumentation Monitor433................................................................................................................................................................
Examples434................................................................................................................................................................
Viewing The Current Instrumentation Monitor Configuration435................................................................................................................................................................
Filter Limits438................................................................................................................................................................
Using Port Trunks With Filters438................................................................................................................................................................
Filter Types And Operation439................................................................................................................................................................
Source-port Filters440................................................................................................................................................................
Operating Rules For Source-port Filters440................................................................................................................................................................
Example441................................................................................................................................................................
Named Source-port Filters442................................................................................................................................................................
Operating Rules For Named Source-port Filters442................................................................................................................................................................
Defining And Configuring Named Source-port Filters443................................................................................................................................................................
Viewing A Named Source-port Filter444................................................................................................................................................................
Using Named Source-port Filters445................................................................................................................................................................
Configuring Traffic/security Filters451................................................................................................................................................................
Configuring A Source-port Traffic Filter452................................................................................................................................................................
Example Of Creating A Source-port Filter453................................................................................................................................................................
Configuring A Filter On A Port Trunk453................................................................................................................................................................
Editing A Source-port Filter454................................................................................................................................................................
Filter Indexing455................................................................................................................................................................
Displaying Traffic/security Filters456................................................................................................................................................................
Why Use Port-based Or User-based Access Control?460................................................................................................................................................................
General Features460................................................................................................................................................................
Why Use Port-based Or User-based Access Control460................................................................................................................................................................
User Authentication Methods461................................................................................................................................................................
X User-based Access Control461................................................................................................................................................................
X Port-based Access Control462................................................................................................................................................................
Alternative To Using A Radius Server463................................................................................................................................................................
Accounting463................................................................................................................................................................
General 802.1x Authenticator Operation466................................................................................................................................................................
Example Of The Authentication Process466................................................................................................................................................................
Vlan Membership Priority467................................................................................................................................................................
General Setup Procedure For 802.1x Access Control471................................................................................................................................................................
Do These Steps Before You Configure 802.1x Operation471................................................................................................................................................................
Overview: Configuring 802.1x Authentication On The Switch474................................................................................................................................................................
Configuring Switch Ports As 802.1x Authenticators475................................................................................................................................................................
Enable 802.1x Authentication On Selected Ports476................................................................................................................................................................
A. Enable The Selected Ports As Authenticators And Enable The (default) Port-based Authentication476................................................................................................................................................................
Port-based Authentication477................................................................................................................................................................
B. Specify User-based Authentication Or Return To477................................................................................................................................................................
Example: Configuring User-based 802.1x Authentication478................................................................................................................................................................
Example: Configuring Port-based 802.1x Authentication478................................................................................................................................................................
Reconfigure Settings For Port-access478................................................................................................................................................................
Configure The 802.1x Authentication Method481................................................................................................................................................................
Enter The Radius Host Ip Address(es)482................................................................................................................................................................
Enable 802.1x Authentication On The Switch482................................................................................................................................................................
Optional: Reset Authenticator Operation483................................................................................................................................................................
Optional: Configure 802.1x Controlled Directions483................................................................................................................................................................
Wake-on-lan Traffic484................................................................................................................................................................
Example: Configuring 802.1x Controlled Directions485................................................................................................................................................................
Unauthenticated Vlan Access (guest Vlan Access)485................................................................................................................................................................
Characteristics Of Mixed Port Access Mode486................................................................................................................................................................
Configuring Mixed Port Access Mode487................................................................................................................................................................
X Open Vlan Mode488................................................................................................................................................................
Vlan Membership Priorities489................................................................................................................................................................
Use Models For 802.1x Open Vlan Modes490................................................................................................................................................................
Unauthorized-client Vlans495................................................................................................................................................................
Setting Up And Configuring 802.1x Open Vlan Mode499................................................................................................................................................................
X Open Vlan Operating Notes503................................................................................................................................................................
Option For Authenticator Ports: Configure Port-security To Allow Only 802.1x-authenticated Devices504................................................................................................................................................................
Option For Authenticator Ports: Configure Port-security504................................................................................................................................................................
To Allow Only 802.1x-authenticated Devices504................................................................................................................................................................
Port-security505................................................................................................................................................................
Configuring Switch Ports To Operate As Supplicants For 802.1x Connections To Other Switches506................................................................................................................................................................
Supplicant Port Configuration508................................................................................................................................................................
Displaying 802.1x Configuration, Statistics, And Counters510................................................................................................................................................................
Show Commands For Port-access Authenticator510................................................................................................................................................................
Viewing 802.1x Open Vlan Mode Status519................................................................................................................................................................
Show Commands For Port-access Supplicant523................................................................................................................................................................
How Radius/802.1x Authentication Affects Vlan Operation524................................................................................................................................................................
Vlan Assignment On A Port525................................................................................................................................................................
Authentication Session527................................................................................................................................................................
In Authentication Sessions530................................................................................................................................................................
Messages Related To 802.1x Operation532................................................................................................................................................................
Port Security536................................................................................................................................................................
Basic Operation536................................................................................................................................................................
Eavesdrop Prevention537................................................................................................................................................................
Disabling Eavesdrop Prevention537................................................................................................................................................................
Feature Interactions When Eavesdrop Prevention Is Disabled538................................................................................................................................................................
Mib Support539................................................................................................................................................................
Blocking Unauthorized Traffic539................................................................................................................................................................
Trunk Group Exclusion540................................................................................................................................................................
Planning Port Security541................................................................................................................................................................
Port Security Command Options And Operation542................................................................................................................................................................
Port Security Display Options542................................................................................................................................................................
Configuring Port Security546................................................................................................................................................................
Retention Of Static Addresses551................................................................................................................................................................
Mac Lockdown556................................................................................................................................................................
Differences Between Mac Lockdown And Port Security558................................................................................................................................................................
Mac Lockdown Operating Notes559................................................................................................................................................................
Deploying Mac Lockdown560................................................................................................................................................................
Mac Lockout560................................................................................................................................................................
Port Security And Mac Lockout563................................................................................................................................................................
Web: Displaying And Configuring Port Security Features564................................................................................................................................................................
Reading Intrusion Alerts And Resetting Alert Flags564................................................................................................................................................................
Notice Of Security Violations564................................................................................................................................................................
How The Intrusion Log Operates565................................................................................................................................................................
Keeping The Intrusion Log Current By Resetting Alert Flags566................................................................................................................................................................
Resetting Alert Flags567................................................................................................................................................................
And Resetting Alert Flags568................................................................................................................................................................
Using The Event Log To Find Intrusion Alerts570................................................................................................................................................................
Alerts, And Resetting Alert Flags571................................................................................................................................................................
Operating Notes For Port Security572................................................................................................................................................................
Options577................................................................................................................................................................
Access Levels577................................................................................................................................................................
Defining Authorized Management Stations578................................................................................................................................................................
Overview Of Ip Mask Operation578................................................................................................................................................................
Menu: Viewing And Configuring Ip Authorized Managers579................................................................................................................................................................
Cli: Viewing And Configuring Authorized Ip Managers580................................................................................................................................................................
Listing The Switch's Current Authorized Ip Manager(s)580................................................................................................................................................................
Configuring Ip Authorized Managers For The Switch581................................................................................................................................................................
Web: Configuring Ip Authorized Managers583................................................................................................................................................................
Web Proxy Servers583................................................................................................................................................................
How To Eliminate The Web Proxy Server583................................................................................................................................................................
Web-based Help584................................................................................................................................................................
Building Ip Masks584................................................................................................................................................................
Configuring One Station Per Authorized Manager Ip Entry584................................................................................................................................................................
Configuring Multiple Stations Per Authorized Manager Ip Entry585................................................................................................................................................................
Additional Examples For Authorizing Multiple Stations587................................................................................................................................................................
HP ProCurve 6120XG Management And Configuration Manual

HP ProCurve 6120XG Management And Configuration Manual (589 pages)

ProCurve Series 6120 Switches  
Brand: HP | Category: Switch | Size: 3.47 MB
Table of contents
Table Of Contents4................................................................................................................................................................
Getting Started4................................................................................................................................................................
Selecting A Management Interface4................................................................................................................................................................
Using The Menu Interface5................................................................................................................................................................
Using The Command Line Interface (cli)5................................................................................................................................................................
Using The Procurve Web Browser Interface6................................................................................................................................................................
Switch Memory And Configuration7................................................................................................................................................................
Using The Menu And Web Browser Interfaces To Implement7................................................................................................................................................................
Interface Access And System Information8................................................................................................................................................................
Configuring Ip Addressing9................................................................................................................................................................
Time Protocols9................................................................................................................................................................
Port Status And Configuration10................................................................................................................................................................
Port Trunking11................................................................................................................................................................
Port Traffic Controls12................................................................................................................................................................
Product Documentation22................................................................................................................................................................
Contents27................................................................................................................................................................
Introduction28................................................................................................................................................................
Conventions28................................................................................................................................................................
Command Syntax Statements28................................................................................................................................................................
Command Prompts29................................................................................................................................................................
Screen Simulations29................................................................................................................................................................
Configuration And Operation Examples29................................................................................................................................................................
Keys29................................................................................................................................................................
Sources For More Information30................................................................................................................................................................
Getting Documentation From The Web32................................................................................................................................................................
Online Help32................................................................................................................................................................
Menu Interface32................................................................................................................................................................
Command Line Interface33................................................................................................................................................................
Web Browser Interface33................................................................................................................................................................
Need Only A Quick Start?34................................................................................................................................................................
Ip Addressing34................................................................................................................................................................
To Set Up And Install The Switch In Your Network34................................................................................................................................................................
Physical Installation34................................................................................................................................................................
Need Only A Quick Start34................................................................................................................................................................
Overview37................................................................................................................................................................
Understanding Physical Interfaces37................................................................................................................................................................
Understanding Management Interfaces38................................................................................................................................................................
Advantages Of Using The Menu Interface39................................................................................................................................................................
Advantages Of Using The Cli40................................................................................................................................................................
General Benefits40................................................................................................................................................................
Information On Using The Cli40................................................................................................................................................................
Advantages Of Using The Web Browser Interface41................................................................................................................................................................
Or Procurve Manager Plus42................................................................................................................................................................
Web Browser Interfaces44................................................................................................................................................................
Banner Operation With Telnet, Serial, Or Sshv2 Access44................................................................................................................................................................
Banner Operation With Web Browser Access44................................................................................................................................................................
Configuring And Displaying A Non-default Banner45................................................................................................................................................................
Example Of Configuring And Displaying A Banner46................................................................................................................................................................
Operating Notes48................................................................................................................................................................
Starting And Ending A Menu Session51................................................................................................................................................................
How To Start A Menu Interface Session52................................................................................................................................................................
How To End A Menu Session And Exit From The Console:53................................................................................................................................................................
How To End A Menu Session And Exit From The Console53................................................................................................................................................................
Main Menu Features55................................................................................................................................................................
Screen Structure And Navigation57................................................................................................................................................................
Rebooting The Switch60................................................................................................................................................................
Menu Features List62................................................................................................................................................................
Where To Go From Here63................................................................................................................................................................
Accessing The Cli65................................................................................................................................................................
Using The Cli65................................................................................................................................................................
Privilege Levels At Logon66................................................................................................................................................................
Privilege Level Operation67................................................................................................................................................................
Operator Privileges67................................................................................................................................................................
Manager Privileges68................................................................................................................................................................
How To Move Between Levels70................................................................................................................................................................
Listing Commands And Command Options71................................................................................................................................................................
Listing Commands Available At Any Privilege Level71................................................................................................................................................................
Listing Command Options73................................................................................................................................................................
Displaying Cli "help"74................................................................................................................................................................
Displaying Cli "help74................................................................................................................................................................
Configuration Commands And The Context Configuration Modes76................................................................................................................................................................
Cli Control And Editing79................................................................................................................................................................
Executing A Prior Command—redo79................................................................................................................................................................
Repeating Execution Of A Command79................................................................................................................................................................
Using A Command Alias81................................................................................................................................................................
Cli Shortcut Keystrokes83................................................................................................................................................................
General Features86................................................................................................................................................................
Interface Session With The Switch87................................................................................................................................................................
Using A Standalone Web Browser In A Pc Or Unix Workstation87................................................................................................................................................................
Procurve Manager Plus (pcm+)88................................................................................................................................................................
Tasks For Your First Procurve Web Browser Interface Session90................................................................................................................................................................
Viewing The "first Time Install" Window90................................................................................................................................................................
In The Browser Interface91................................................................................................................................................................
Entering A User Name And Password93................................................................................................................................................................
Using A User Name93................................................................................................................................................................
If You Lose The Password93................................................................................................................................................................
Online Help For The Web Browser Interface94................................................................................................................................................................
Support/mgmt Urls Feature95................................................................................................................................................................
Support Url96................................................................................................................................................................
Help And The Management Server Url96................................................................................................................................................................
Using The Pcm Server For Switch Web Help97................................................................................................................................................................
Status Reporting Features99................................................................................................................................................................
The Overview Window99................................................................................................................................................................
The Port Utilization And Status Displays100................................................................................................................................................................
Port Utilization100................................................................................................................................................................
Port Status102................................................................................................................................................................
The Alert Log103................................................................................................................................................................
Sorting The Alert Log Entries103................................................................................................................................................................
Alert Types And Detailed Views104................................................................................................................................................................
The Status Bar105................................................................................................................................................................
Setting Fault Detection Policy107................................................................................................................................................................
Configuration File Management111................................................................................................................................................................
Using The Cli To Implement Configuration Changes114................................................................................................................................................................
Configuration Changes118................................................................................................................................................................
Menu: Implementing Configuration Changes118................................................................................................................................................................
Rebooting From The Menu Interface119................................................................................................................................................................
Web: Implementing Configuration Changes121................................................................................................................................................................
Using Primary And Secondary Flash Image Options122................................................................................................................................................................
Displaying The Current Flash Image Data122................................................................................................................................................................
Switch Software Downloads124................................................................................................................................................................
Local Switch Software Replacement And Removal125................................................................................................................................................................
Operating Notes About Booting127................................................................................................................................................................
Boot And Reload Command Comparison128................................................................................................................................................................
Setting The Default Flash129................................................................................................................................................................
Booting From The Default Flash (primary Or Secondary)130................................................................................................................................................................
Booting From A Specified Flash130................................................................................................................................................................
Using Reload131................................................................................................................................................................
Multiple Configuration Files133................................................................................................................................................................
General Operation134................................................................................................................................................................
Transitioning To Multiple Configuration Files135................................................................................................................................................................
Listing And Displaying Startup-config Files137................................................................................................................................................................
Configuration Enabled137................................................................................................................................................................
Displaying The Content Of A Specific Startup-config File138................................................................................................................................................................
Changing Or Overriding The Reboot Configuration Policy138................................................................................................................................................................
Managing Startup-config Files In The Switch140................................................................................................................................................................
Renaming An Existing Startup-config File141................................................................................................................................................................
Creating A New Startup-config File141................................................................................................................................................................
Erasing A Startup-config File143................................................................................................................................................................
Switch To Its Default Configuration145................................................................................................................................................................
Transferring Startup-config Files To Or From A Remote Server145................................................................................................................................................................
Tftp: Copying A Configuration File To A Remote Host146................................................................................................................................................................
Tftp: Copying A Configuration File From A Remote Host147................................................................................................................................................................
Connected Host148................................................................................................................................................................
Operating Notes For Multiple Configuration Files149................................................................................................................................................................
Cli Command149................................................................................................................................................................
Automatic Configuration Update With Dhcp Option 66149................................................................................................................................................................
Automatic Configuration Update With Dhcp Option149................................................................................................................................................................
Possible Scenarios For Updating The Configuration File150................................................................................................................................................................
Log Messages151................................................................................................................................................................
Interface Access: Console/serial Link, Web, And Inbound Telnet154................................................................................................................................................................
Menu: Modifying The Interface Access155................................................................................................................................................................
Cli: Modifying The Interface Access156................................................................................................................................................................
Sessions162................................................................................................................................................................
System Information163................................................................................................................................................................
Menu: Viewing And Configuring System Information164................................................................................................................................................................
Cli: Viewing And Configuring System Information165................................................................................................................................................................
Web: Configuring System Parameters170................................................................................................................................................................
Ip Configuration172................................................................................................................................................................
Just Want A Quick Start With Ip Addressing?173................................................................................................................................................................
Just Want A Quick Start With Ip Addressing173................................................................................................................................................................
Ip Addressing With Multiple Vlans174................................................................................................................................................................
Menu: Configuring Ip Address, Gateway, And Time-to-live (ttl)175................................................................................................................................................................
Cli: Configuring Ip Address, Gateway, And Time-to-live (ttl)176................................................................................................................................................................
Web: Configuring Ip Addressing180................................................................................................................................................................
How Ip Addressing Affects Switch Operation181................................................................................................................................................................
Dhcp/bootp Operation182................................................................................................................................................................
Network Preparations For Configuring Dhcp/bootp184................................................................................................................................................................
Ip Preserve: Retaining Vlan-1 Ip Addressing Across Configuration File Downloads186................................................................................................................................................................
Operating Rules For Ip Preserve186................................................................................................................................................................
Enabling Ip Preserve187................................................................................................................................................................
Timep Time Synchronization191................................................................................................................................................................
Sntp Time Synchronization191................................................................................................................................................................
Protocol Operation192................................................................................................................................................................
General Steps For Running A Time Protocol On The Switch:192................................................................................................................................................................
Disabling Time Synchronization192................................................................................................................................................................
Sntp: Viewing, Selecting, And Configuring193................................................................................................................................................................
Menu: Viewing And Configuring Sntp194................................................................................................................................................................
Cli: Viewing And Configuring Sntp197................................................................................................................................................................
Viewing The Current Sntp Configuration197................................................................................................................................................................
Configuring (enabling Or Disabling) The Sntp Mode199................................................................................................................................................................
Timep: Viewing, Selecting, And Configuring205................................................................................................................................................................
Menu: Viewing And Configuring Timep206................................................................................................................................................................
Cli: Viewing And Configuring Timep207................................................................................................................................................................
Viewing The Current Timep Configuration208................................................................................................................................................................
Configuring (enabling Or Disabling) The Timep Mode209................................................................................................................................................................
Sntp Unicast Time Polling With Multiple Sntp Servers214................................................................................................................................................................
Displaying All Sntp Server Addresses Configured On The Switch214................................................................................................................................................................
Adding And Deleting Sntp Server Addresses215................................................................................................................................................................
Configured215................................................................................................................................................................
Sntp Messages In The Event Log215................................................................................................................................................................
Viewing Port Status And Configuring Port Parameters218................................................................................................................................................................
Menu: Port Configuration221................................................................................................................................................................
Cli: Viewing Port Status And Configuring Port Parameters223................................................................................................................................................................
Viewing Port Status And Configuration223................................................................................................................................................................
Customizing The Show Interfaces Command225................................................................................................................................................................
Error Messages227................................................................................................................................................................
Command228................................................................................................................................................................
Viewing Port Utilization Statistics228................................................................................................................................................................
Viewing Transceiver Status229................................................................................................................................................................
Enabling Or Disabling Ports And Configuring Port Mode230................................................................................................................................................................
Enabling Or Disabling Flow Control232................................................................................................................................................................
Configuring A Broadcast Limit On The Switch233................................................................................................................................................................
Configuring Procurve Auto-mdix234................................................................................................................................................................
Web: Viewing Port Status And Configuring Port Parameters237................................................................................................................................................................
Using Friendly (optional) Port Names238................................................................................................................................................................
Configuring And Operating Rules For Friendly Port Names238................................................................................................................................................................
Configuring Friendly Port Names239................................................................................................................................................................
Displaying Friendly Port Names With Other Port Data240................................................................................................................................................................
Been Inserted244................................................................................................................................................................
Transceivers244................................................................................................................................................................
Modules244................................................................................................................................................................
Clearing The Module Configuration244................................................................................................................................................................
Uni-directional Link Detection (udld)246................................................................................................................................................................
Configuring Udld247................................................................................................................................................................
Enabling Udld248................................................................................................................................................................
Changing The Keepalive Interval249................................................................................................................................................................
Changing The Keepalive Retries249................................................................................................................................................................
Configuring Udld For Tagged Ports249................................................................................................................................................................
Viewing Udld Information250................................................................................................................................................................
Configuration Warnings And Event Log Messages252................................................................................................................................................................
Port Trunk Features And Operation256................................................................................................................................................................
Trunk Configuration Methods256................................................................................................................................................................
Menu: Viewing And Configuring A Static Trunk Group261................................................................................................................................................................
Cli: Viewing And Configuring Port Trunk Groups263................................................................................................................................................................
Using The Cli To View Port Trunks263................................................................................................................................................................
Using The Cli To Configure A Static Or Dynamic Trunk Group266................................................................................................................................................................
Web: Viewing Existing Port Trunk Groups269................................................................................................................................................................
Trunk Group Operation Using Lacp270................................................................................................................................................................
Default Port Operation273................................................................................................................................................................
Lacp Notes And Restrictions274................................................................................................................................................................
Trunk Group Operation Using The "trunk" Option278................................................................................................................................................................
How The Switch Lists Trunk Data279................................................................................................................................................................
Outbound Traffic Distribution Across Trunked Links279................................................................................................................................................................
Jumbo Frames283................................................................................................................................................................
Terminology283................................................................................................................................................................
Operating Rules284................................................................................................................................................................
Configuring Jumbo Frame Operation285................................................................................................................................................................
Viewing The Current Jumbo Configuration286................................................................................................................................................................
Enabling Or Disabling Jumbo Traffic On A Vlan288................................................................................................................................................................
Configuring A Maximum Frame Size288................................................................................................................................................................
Snmp Implementation288................................................................................................................................................................
Displaying The Maximum Frame Size289................................................................................................................................................................
Operating Notes For Maximum Frame Size289................................................................................................................................................................
Operating Notes For Jumbo Traffic-handling290................................................................................................................................................................
Troubleshooting292................................................................................................................................................................
Using Snmp Tools To Manage The Switch295................................................................................................................................................................
Snmp Management Features297................................................................................................................................................................
Configuring For Snmp Version 1 And 2c Access To The Switch297................................................................................................................................................................
Configuring For Snmp Version 3 Access To The Switch298................................................................................................................................................................
Snmp Version 3 Commands299................................................................................................................................................................
Enabling Snmpv3300................................................................................................................................................................
Snmpv3 Users300................................................................................................................................................................
Enabling Snmpv300................................................................................................................................................................
Group Access Levels304................................................................................................................................................................
Snmpv3 Communities304................................................................................................................................................................
Communities306................................................................................................................................................................
Cli: Viewing And Configuring Snmp Community Names308................................................................................................................................................................
Snmp Notifications310................................................................................................................................................................
Supported Notifications310................................................................................................................................................................
General Steps For Configuring Snmp Notifications311................................................................................................................................................................
Snmpv1 And Snmpv2c Traps312................................................................................................................................................................
Configuring An Snmp Trap Receiver312................................................................................................................................................................
Enabling Snmpv2c Informs314................................................................................................................................................................
Configuring Snmpv3 Notifications316................................................................................................................................................................
Managing Network Security Notifications319................................................................................................................................................................
Enabling Link-change Traps321................................................................................................................................................................
Configuring The Source Ip Address For Snmp Notifications322................................................................................................................................................................
Displaying Snmp Notification Configuration324................................................................................................................................................................
Configuring Listening Mode326................................................................................................................................................................
Advanced Management: Rmon327................................................................................................................................................................
Lldp (link-layer Discovery Protocol)328................................................................................................................................................................
General Lldp Operation331................................................................................................................................................................
Lldp-med331................................................................................................................................................................
Packet Boundaries In A Network Topology331................................................................................................................................................................
Configuration Options332................................................................................................................................................................
Options For Reading Lldp Information Collected By The Switch334................................................................................................................................................................
Lldp And Lldp-med Standards Compatibility334................................................................................................................................................................
Lldp Operating Rules335................................................................................................................................................................
Configuring Lldp Operation336................................................................................................................................................................
Viewing The Current Configuration336................................................................................................................................................................
Configuring Global Lldp Packet Controls338................................................................................................................................................................
Configuring Snmp Notification Support342................................................................................................................................................................
Configuring Per-port Transmit And Receive Modes343................................................................................................................................................................
Configuring Basic Lldp Per-port Advertisement Content344................................................................................................................................................................
Advertisements346................................................................................................................................................................
Lldp-med (media-endpoint-discovery)347................................................................................................................................................................
Lldp-med Topology Change Notification350................................................................................................................................................................
Lldp-med Fast Start Control352................................................................................................................................................................
And Location Data352................................................................................................................................................................
Configuring Location Data For Lldp-med Devices355................................................................................................................................................................
Displaying Advertisement Data360................................................................................................................................................................
Displaying Lldp Statistics365................................................................................................................................................................
Lldp Operating Notes367................................................................................................................................................................
Lldp And Cdp Data Management369................................................................................................................................................................
Lldp And Cdp Neighbor Data369................................................................................................................................................................
Cdp Operation And Commands371................................................................................................................................................................
Downloading Switch Software377................................................................................................................................................................
General Software Download Rules378................................................................................................................................................................
Using Tftp To Download Software From A Server378................................................................................................................................................................
Menu: Tftp Download From A Server To Primary Flash379................................................................................................................................................................
Cli: Tftp Download From A Server To Flash381................................................................................................................................................................
Enabling Tftp383................................................................................................................................................................
Using Auto-tftp385................................................................................................................................................................
Using Secure Copy And Sftp386................................................................................................................................................................
How It Works387................................................................................................................................................................
The Scp/sftp Process387................................................................................................................................................................
Disable Tftp And Auto-tftp For Enhanced Security388................................................................................................................................................................
Command Options389................................................................................................................................................................
Authentication390................................................................................................................................................................
Scp/sftp Operating Notes390................................................................................................................................................................
Troubleshooting Ssh, Sftp, And Scp Operations392................................................................................................................................................................
Workstation393................................................................................................................................................................
Menu: Xmodem Download To Primary Flash394................................................................................................................................................................
Primary Or Secondary Flash395................................................................................................................................................................
Switch-to-switch Download396................................................................................................................................................................
Menu: Switch-to-switch Download To Primary Flash396................................................................................................................................................................
Cli: Switch-to-switch Downloads397................................................................................................................................................................
Using Pcm+ To Update Switch Software398................................................................................................................................................................
Copying Software Images399................................................................................................................................................................
Tftp: Copying A Software Image To A Remote Host399................................................................................................................................................................
Xmodem: Copying A Software Image From The Switch To A Usb Serial Console Connected Pc Or Unix Workstation399................................................................................................................................................................
Transferring Switch Configurations400................................................................................................................................................................
Tftp: Copying A Customized Command File To A Switch401................................................................................................................................................................
Xmodem: Copying A Configuration File To A Usb Serial Console Connected Pc Or Unix Workstation402................................................................................................................................................................
Xmodem: Copying A Configuration File From A Serially Connected Pc Or Unix Workstation403................................................................................................................................................................
Copying Diagnostic Data To A Remote Host, Usb Device, Pc Or Unix Workstation404................................................................................................................................................................
Copying Command Output To A Destination Device405................................................................................................................................................................
Copying Event Log Output To A Destination Device405................................................................................................................................................................
Copying Crash Data Content To A Destination Device406................................................................................................................................................................
Copying Crash Log Data Content To A Destination Device407................................................................................................................................................................
Status And Counters Data411................................................................................................................................................................
Menu Access To Status And Counters412................................................................................................................................................................
General System Information413................................................................................................................................................................
Menu Access413................................................................................................................................................................
Cli Access To System Information414................................................................................................................................................................
Task Monitor—collecting Processor Data415................................................................................................................................................................
Switch Management Address Information415................................................................................................................................................................
Cli Access416................................................................................................................................................................
Menu: Displaying Port Status417................................................................................................................................................................
Web Access417................................................................................................................................................................
Viewing Port And Trunk Group Statistics And Flow Control Status418................................................................................................................................................................
Menu Access To Port And Trunk Statistics419................................................................................................................................................................
Cli Access To Port And Trunk Group Statistics420................................................................................................................................................................
Web Browser Access To View Port And Trunk Group Statistics420................................................................................................................................................................
Viewing The Switch's Mac Address Tables421................................................................................................................................................................
Menu Access To The Mac Address Views And Searches421................................................................................................................................................................
Cli Access For Mac Address Views And Searches424................................................................................................................................................................
Spanning Tree Protocol (mstp) Information425................................................................................................................................................................
Cli Access To Mstp Data425................................................................................................................................................................
Internet Group Management Protocol (igmp) Status426................................................................................................................................................................
Vlan Information427................................................................................................................................................................
Web Browser Interface Status Information429................................................................................................................................................................
Traffic Mirroring430................................................................................................................................................................
Mirroring Terminology431................................................................................................................................................................
Mirrored Traffic Destinations433................................................................................................................................................................
Local Destinations433................................................................................................................................................................
Monitored Traffic Sources433................................................................................................................................................................
Criteria For Selecting Mirrored Traffic433................................................................................................................................................................
Mirroring Sessions433................................................................................................................................................................
Mirroring Configuration434................................................................................................................................................................
Endpoint Switches And Intermediate Devices435................................................................................................................................................................
Using The Menu Or Web Interface To Configure Local Mirroring436................................................................................................................................................................
Menu And Web Interface Limits436................................................................................................................................................................
Configuration Steps437................................................................................................................................................................
Cli: Configuring Local Mirroring440................................................................................................................................................................
Local Mirroring Overview440................................................................................................................................................................
Determine The Mirroring Session And Destination442................................................................................................................................................................
Configure A Mirroring Session On The Source Switch442................................................................................................................................................................
Configure The Monitored Traffic In A Mirror Session442................................................................................................................................................................
Traffic Selection Options443................................................................................................................................................................
Mirroring-source Restrictions443................................................................................................................................................................
Selecting All Inbound/outbound Traffic To Mirror443................................................................................................................................................................
Displaying A Mirroring Configuration445................................................................................................................................................................
Displaying The Mirroring Configuration Summary445................................................................................................................................................................
Viewing Mirroring In The Current Configuration File447................................................................................................................................................................
Mirroring Configuration Examples448................................................................................................................................................................
Local Mirroring Using Traffic-direction Criteria448................................................................................................................................................................
Maximum Supported Frame Size449................................................................................................................................................................
Enabling Jumbo Frames To Increase Mirroring Path Mtu450................................................................................................................................................................
Untagged, Mirrored Traffic451................................................................................................................................................................
Troubleshooting Mirroring454................................................................................................................................................................
Troubleshooting Approaches459................................................................................................................................................................
Browser Or Telnet Access Problems461................................................................................................................................................................
Unusual Network Activity463................................................................................................................................................................
General Problems463................................................................................................................................................................
Q Prioritization Problems464................................................................................................................................................................
Igmp-related Problems464................................................................................................................................................................
Lacp-related Problems465................................................................................................................................................................
Port-based Access Control (802.1x)-related Problems465................................................................................................................................................................
Qos-related Problems468................................................................................................................................................................
Radius-related Problems469................................................................................................................................................................
Spanning-tree Protocol (mstp) And Fast-uplink Problems470................................................................................................................................................................
Ssh-related Problems471................................................................................................................................................................
Tacacs-related Problems473................................................................................................................................................................
Timep, Sntp, Or Gateway Problems475................................................................................................................................................................
Vlan-related Problems475................................................................................................................................................................
Using The Event Log For Troubleshooting Switch Problems478................................................................................................................................................................
Event Log Entries478................................................................................................................................................................
Menu: Displaying And Navigating In The Event Log485................................................................................................................................................................
Cli: Displaying The Event Log486................................................................................................................................................................
Cli: Clearing Event Log Entries486................................................................................................................................................................
Cli: Turning Event Numbering On487................................................................................................................................................................
Event Log And Snmp Messages487................................................................................................................................................................
Log Throttle Periods488................................................................................................................................................................
Example Of Log Throttling488................................................................................................................................................................
Example Of Event Counter Operation490................................................................................................................................................................
Debug/syslog Operation491................................................................................................................................................................
Debug/syslog Messaging491................................................................................................................................................................
Debug/syslog Destination Devices491................................................................................................................................................................
Debug/syslog Configuration Commands492................................................................................................................................................................
Configuring Debug/syslog Operation493................................................................................................................................................................
Displaying A Debug/syslog Configuration495................................................................................................................................................................
Debug Command499................................................................................................................................................................
Debug Messages499................................................................................................................................................................
Debug Destinations501................................................................................................................................................................
Logging Command502................................................................................................................................................................
Configuring A Syslog Server503................................................................................................................................................................
Adding A Description For A Syslog Server505................................................................................................................................................................
Adding A Priority Description506................................................................................................................................................................
Sent To A Syslog Server507................................................................................................................................................................
Messages Sent To A Syslog Server508................................................................................................................................................................
Operating Notes For Debug And Syslog508................................................................................................................................................................
Diagnostic Tools510................................................................................................................................................................
Port Auto-negotiation511................................................................................................................................................................
Ping And Link Tests511................................................................................................................................................................
Web: Executing Ping Or Link Tests512................................................................................................................................................................
Cli: Ping Test513................................................................................................................................................................
Link Tests514................................................................................................................................................................
Traceroute Command515................................................................................................................................................................
Viewing Switch Configuration And Operation519................................................................................................................................................................
Cli: Viewing The Startup Or Running Configuration File519................................................................................................................................................................
Web: Viewing The Configuration File519................................................................................................................................................................
Cli: Viewing A Summary Of Switch Operational Data519................................................................................................................................................................
Saving Show Tech Command Output To A Text File521................................................................................................................................................................
Customizing Show Tech Command Output522................................................................................................................................................................
Cli: Viewing More Information On Switch Operation525................................................................................................................................................................
Pattern Matching When Using The Show Command526................................................................................................................................................................
Cli: Useful Commands For Troubleshooting Sessions529................................................................................................................................................................
Restoring The Factory-default Configuration530................................................................................................................................................................
Cli: Resetting To The Factory-default Configuration530................................................................................................................................................................
Clear/reset: Resetting To The Factory-default Configuration530................................................................................................................................................................
Restoring A Flash Image531................................................................................................................................................................
Dns Resolver533................................................................................................................................................................
Basic Operation534................................................................................................................................................................
Dns-compatible Commands535................................................................................................................................................................
Configuring A Dns Entry536................................................................................................................................................................
Example Using Dns Names With Ping And Traceroute537................................................................................................................................................................
Viewing The Current Dns Configuration539................................................................................................................................................................
Event Log Messages541................................................................................................................................................................
Determining Mac Addresses544................................................................................................................................................................
Menu: Viewing The Switch's Mac Addresses545................................................................................................................................................................
Cli: Viewing The Port And Vlan Mac Addresses546................................................................................................................................................................
Viewing The Mac Addresses Of Connected Devices548................................................................................................................................................................
Viewing Information On Resource Usage550................................................................................................................................................................
Policy Enforcement Engine550................................................................................................................................................................
When Insufficient Resources Are Available551................................................................................................................................................................
Concepts556................................................................................................................................................................
Example559................................................................................................................................................................
Oobm And Switch Applications560................................................................................................................................................................
Tasks561................................................................................................................................................................
Oobm Configuration561................................................................................................................................................................
Oobm Context561................................................................................................................................................................
Oobm Enable/disable562................................................................................................................................................................
Oobm Port Enable/disable563................................................................................................................................................................
Oobm Ipv4 Address Configuration564................................................................................................................................................................
Oobm Ipv4 Default Gateway Configuration564................................................................................................................................................................
Oobm Show Commands565................................................................................................................................................................
Show Oobm565................................................................................................................................................................
Show Oobm Ip Configuration566................................................................................................................................................................
Show Oobm Arp Information566................................................................................................................................................................
Application Server Commands567................................................................................................................................................................
Application Client Commands569................................................................................................................................................................

Advertising

HP ProCurve 6120XG Manual

HP ProCurve 6120XG Manual (469 pages)

HP ProCurve Series 6120 Blade Switches Access Security Guide  
Brand: HP | Category: Server | Size: 2.27 MB
Table of contents
Table Of Contents4................................................................................................................................................................
Security Overview4................................................................................................................................................................
Configuring Username And Password Security5................................................................................................................................................................
Web And Mac Authentication6................................................................................................................................................................
Tacacs+ Authentication7................................................................................................................................................................
Configuring Secure Shell (ssh)9................................................................................................................................................................
Configuring Secure Socket Layer (ssl)10................................................................................................................................................................
Configuring Advanced Threat Protection10................................................................................................................................................................
Traffic/security Filters And Monitors12................................................................................................................................................................
Configuring Port-based And12................................................................................................................................................................
User-based Access Control (802.1x)12................................................................................................................................................................
Configuring And Monitoring Port Security14................................................................................................................................................................
Using Authorized Ip Managers15................................................................................................................................................................
Product Documentation18................................................................................................................................................................
Contents23................................................................................................................................................................
Introduction24................................................................................................................................................................
About This Guide24................................................................................................................................................................
For More Information24................................................................................................................................................................
Access Security Features25................................................................................................................................................................
Network Security Features29................................................................................................................................................................
Getting Started With Access Security31................................................................................................................................................................
Physical Security31................................................................................................................................................................
Quick Start: Using The Management Interface Wizard32................................................................................................................................................................
Cli: Management Interface Wizard32................................................................................................................................................................
Web: Management Interface Wizard34................................................................................................................................................................
Snmp Security Guidelines37................................................................................................................................................................
Precedence Of Security Options39................................................................................................................................................................
Precedence Of Port-based Security Options39................................................................................................................................................................
Dynamic Configuration Arbiter39................................................................................................................................................................
Network Immunity Manager40................................................................................................................................................................
Arbitrating Client-specific Attributes41................................................................................................................................................................
Procurve Identity-driven Manager (idm)43................................................................................................................................................................
Overview46................................................................................................................................................................
Configuring Local Password Security49................................................................................................................................................................
Menu: Setting Passwords49................................................................................................................................................................
Cli: Setting Passwords And Usernames51................................................................................................................................................................
Web: Setting Passwords And Usernames52................................................................................................................................................................
Snmp: Setting Passwords And Usernames52................................................................................................................................................................
Saving Security Credentials In A Config File53................................................................................................................................................................
Benefits Of Saving Security Credentials53................................................................................................................................................................
Enabling The Storage And Display Of Security Credentials54................................................................................................................................................................
Security Settings That Can Be Saved54................................................................................................................................................................
Local Manager And Operator Passwords55................................................................................................................................................................
Password Command Options55................................................................................................................................................................
Snmp Security Credentials56................................................................................................................................................................
X Port-access Credentials57................................................................................................................................................................
Tacacs+ Encryption Key Authentication58................................................................................................................................................................
Radius Shared-secret Key Authentication58................................................................................................................................................................
Ssh Client Public-key Authentication59................................................................................................................................................................
Operating Notes62................................................................................................................................................................
Restrictions64................................................................................................................................................................
Front-panel Security66................................................................................................................................................................
When Security Is Important66................................................................................................................................................................
Front-panel Button Functions67................................................................................................................................................................
Clear Button68................................................................................................................................................................
Reset Button68................................................................................................................................................................
Restoring The Factory Default Configuration68................................................................................................................................................................
Configuring Front-panel Security70................................................................................................................................................................
Disabling The Clear Password Function Of The Clear Button72................................................................................................................................................................
Re-enabling The Clear Button And Setting Or Changing The "reset-on-clear" Operation73................................................................................................................................................................
Changing The Operation Of The Reset+clear Combination74................................................................................................................................................................
Password Recovery75................................................................................................................................................................
Disabling Or Re-enabling The Password Recovery Process75................................................................................................................................................................
Password Recovery Process77................................................................................................................................................................
Web Authentication80................................................................................................................................................................
Mac Authentication81................................................................................................................................................................
Concurrent Web And Mac Authentication81................................................................................................................................................................
Authorized And Unauthorized Client Vlans82................................................................................................................................................................
Radius-based Authentication83................................................................................................................................................................
Wireless Clients83................................................................................................................................................................
How Web And Mac Authentication Operate83................................................................................................................................................................
Web-based Authentication84................................................................................................................................................................
Mac-based Authentication86................................................................................................................................................................
Terminology88................................................................................................................................................................
Operating Rules And Notes89................................................................................................................................................................
Setup Procedure For Web/mac Authentication91................................................................................................................................................................
Before You Configure Web/mac Authentication91................................................................................................................................................................
Configuring The Radius Server To Support Mac Authentication93................................................................................................................................................................
Configuring The Switch To Access A Radius Server94................................................................................................................................................................
Configuring Web Authentication97................................................................................................................................................................
Configuration Commands For Web Authentication98................................................................................................................................................................
Show Commands For Web Authentication105................................................................................................................................................................
Customizing Web Authentication Html Files (optional)111................................................................................................................................................................
Implementing Customized Web-auth Pages111................................................................................................................................................................
Operating Notes And Guidelines111................................................................................................................................................................
Customizing Html Templates112................................................................................................................................................................
Customizable Html Templates113................................................................................................................................................................
Configuring Mac Authentication On The Switch127................................................................................................................................................................
Configuration Commands For Mac Authentication128................................................................................................................................................................
Show Commands For Mac-based Authentication131................................................................................................................................................................
Client Status137................................................................................................................................................................
Terminology Used In Tacacs Applications:140................................................................................................................................................................
Terminology Used In Tacacs Applications140................................................................................................................................................................
General System Requirements142................................................................................................................................................................
General Authentication Setup Procedure142................................................................................................................................................................
Configuring Tacacs+ On The Switch145................................................................................................................................................................
Before You Begin145................................................................................................................................................................
Cli Commands Described In This Section146................................................................................................................................................................
Viewing The Switch's Current Authentication Configuration146................................................................................................................................................................
Server Contact Configuration147................................................................................................................................................................
Configuring The Switch's Authentication Methods148................................................................................................................................................................
Using The Privilege-mode Option For Login148................................................................................................................................................................
Authentication Parameters149................................................................................................................................................................
Configuring The Tacacs+ Server For Single Login150................................................................................................................................................................
Configuring The Switch's Tacacs+ Server Access155................................................................................................................................................................
How Authentication Operates161................................................................................................................................................................
General Authentication Process Using A Tacacs+ Server161................................................................................................................................................................
Local Authentication Process163................................................................................................................................................................
Using The Encryption Key164................................................................................................................................................................
General Operation164................................................................................................................................................................
Encryption Options In The Switch164................................................................................................................................................................
Controlling Web Browser Interface Access When Using Tacacs+ Authentication165................................................................................................................................................................
Messages Related To Tacacs+ Operation166................................................................................................................................................................
Authentication Services170................................................................................................................................................................
Accounting Services171................................................................................................................................................................
Radius-administered Cos And Rate-limiting171................................................................................................................................................................
Radiuis-administered Commands Authorization171................................................................................................................................................................
Snmp Access To The Switch's Authentication Configuration Mib171................................................................................................................................................................
Switch Operating Rules For Radius173................................................................................................................................................................
General Radius Setup Procedure174................................................................................................................................................................
Configuring The Switch For Radius Authentication175................................................................................................................................................................
Outline Of The Steps For Configuring Radius Authentication176................................................................................................................................................................
You Want Radius To Protect177................................................................................................................................................................
Configure Authentication For The Access Methods177................................................................................................................................................................
Enable The (optional) Access Privilege Option180................................................................................................................................................................
Configure The Switch To Access A Radius Server181................................................................................................................................................................
Configure The Switch's Global Radius Parameters184................................................................................................................................................................
Switch Authentication Features188................................................................................................................................................................
Changing And Viewing The Snmp Access Configuration189................................................................................................................................................................
Controlling Web Browser Interface Access192................................................................................................................................................................
Commands Authorization193................................................................................................................................................................
Enabling Authorization194................................................................................................................................................................
Displaying Authorization Information195................................................................................................................................................................
Configuring Commands Authorization On A Radius Server195................................................................................................................................................................
Using Vendor Specific Attributes (vsas)195................................................................................................................................................................
Example Configuration On Cisco Secure Acs For Ms Windows197................................................................................................................................................................
Example Configuration Using Freeradius199................................................................................................................................................................
Vlan Assignment In An Authentication Session201................................................................................................................................................................
Tagged And Untagged Vlan Attributes202................................................................................................................................................................
Additional Radius Attributes203................................................................................................................................................................
Configuring Radius Accounting204................................................................................................................................................................
Operating Rules For Radius Accounting206................................................................................................................................................................
Steps For Configuring Radius Accounting206................................................................................................................................................................
Sending Reports To The Radius Server209................................................................................................................................................................
Configure Accounting Types And The Controls For209................................................................................................................................................................
Interim Updating Options211................................................................................................................................................................
Viewing Radius Statistics213................................................................................................................................................................
General Radius Statistics213................................................................................................................................................................
Radius Authentication Statistics215................................................................................................................................................................
Radius Accounting Statistics216................................................................................................................................................................
Changing Radius-server Access Order217................................................................................................................................................................
Messages Related To Radius Operation220................................................................................................................................................................
Prerequisite For Using Ssh225................................................................................................................................................................
Public Key Formats225................................................................................................................................................................
For Switch And Client Authentication226................................................................................................................................................................
General Operating Rules And Notes228................................................................................................................................................................
Configuring The Switch For Ssh Operation229................................................................................................................................................................
Enable (manager) Password230................................................................................................................................................................
Generating The Switch's Public And Private Key Pair230................................................................................................................................................................
Configuring Key Lengths233................................................................................................................................................................
Providing The Switch's Public Key To Clients233................................................................................................................................................................
Client Contact Behavior235................................................................................................................................................................
Enabling Ssh On The Switch And Anticipating Ssh235................................................................................................................................................................
Configuring The Switch For Ssh Authentication240................................................................................................................................................................
Use An Ssh Client To Access The Switch244................................................................................................................................................................
Further Information On Ssh Client Public-key Authentication244................................................................................................................................................................
Messages Related To Ssh Operation250................................................................................................................................................................
Logging Messages251................................................................................................................................................................
Debug Logging252................................................................................................................................................................
Prerequisite For Using Ssl257................................................................................................................................................................
Authentication257................................................................................................................................................................
Configuring The Switch For Ssl Operation259................................................................................................................................................................
Enabling (manager) Password259................................................................................................................................................................
Generating The Switch's Server Host Certificate260................................................................................................................................................................
With The Cli261................................................................................................................................................................
Comments On Certificate Fields262................................................................................................................................................................
Interface264................................................................................................................................................................
Web Browser Interface267................................................................................................................................................................
Browser Contact Behavior269................................................................................................................................................................
Enabling Ssl On The Switch And Anticipating Ssl269................................................................................................................................................................
Using The Cli Interface To Enable Ssl271................................................................................................................................................................
Using The Web Browser Interface To Enable Ssl271................................................................................................................................................................
Common Errors In Ssl Setup273................................................................................................................................................................
Dhcp Snooping277................................................................................................................................................................
Enabling Dhcp Snooping278................................................................................................................................................................
Enabling Dhcp Snooping On Vlans280................................................................................................................................................................
Configuring Dhcp Snooping Trusted Ports281................................................................................................................................................................
Configuring Authorized Server Addresses282................................................................................................................................................................
Using Dhcp Snooping With Option 82282................................................................................................................................................................
Using Dhcp Snooping With Option282................................................................................................................................................................
Changing The Remote-id From A Mac To An Ip Address284................................................................................................................................................................
Disabling The Mac Address Check284................................................................................................................................................................
The Dhcp Binding Database285................................................................................................................................................................
Operational Notes286................................................................................................................................................................
Log Messages287................................................................................................................................................................
Dynamic Arp Protection289................................................................................................................................................................
Enabling Dynamic Arp Protection291................................................................................................................................................................
Configuring Trusted Ports291................................................................................................................................................................
Adding An Ip-to-mac Binding To The Dhcp Database293................................................................................................................................................................
Configuring Additional Validation Checks On Arp Packets294................................................................................................................................................................
Verifying The Configuration Of Dynamic Arp Protection294................................................................................................................................................................
Displaying Arp Packet Statistics295................................................................................................................................................................
Monitoring Dynamic Arp Protection296................................................................................................................................................................
Dynamic Ip Lockdown296................................................................................................................................................................
Protection Against Ip Source Address Spoofing297................................................................................................................................................................
Prerequisite: Dhcp Snooping297................................................................................................................................................................
Filtering Ip And Mac Addresses Per-port And Per-vlan298................................................................................................................................................................
Enabling Dynamic Ip Lockdown299................................................................................................................................................................
Adding An Ip-to-mac Binding To The Dhcp Binding Database301................................................................................................................................................................
Potential Issues With Bindings301................................................................................................................................................................
Adding A Static Binding302................................................................................................................................................................
Verifying The Dynamic Ip Lockdown Configuration302................................................................................................................................................................
Displaying The Static Configuration Of Ip-to-mac Bindings303................................................................................................................................................................
Debugging Dynamic Ip Lockdown304................................................................................................................................................................
Using The Instrumentation Monitor306................................................................................................................................................................
Configuring Instrumentation Monitor308................................................................................................................................................................
Examples309................................................................................................................................................................
Viewing The Current Instrumentation Monitor Configuration310................................................................................................................................................................
Filter Limits312................................................................................................................................................................
Using Port Trunks With Filters312................................................................................................................................................................
Filter Types And Operation313................................................................................................................................................................
Source-port Filters314................................................................................................................................................................
Operating Rules For Source-port Filters314................................................................................................................................................................
Example315................................................................................................................................................................
Named Source-port Filters316................................................................................................................................................................
Operating Rules For Named Source-port Filters316................................................................................................................................................................
Defining And Configuring Named Source-port Filters317................................................................................................................................................................
Viewing A Named Source-port Filter318................................................................................................................................................................
Using Named Source-port Filters319................................................................................................................................................................
Configuring Traffic/security Filters325................................................................................................................................................................
Configuring A Source-port Traffic Filter326................................................................................................................................................................
Example Of Creating A Source-port Filter327................................................................................................................................................................
Configuring A Filter On A Port Trunk327................................................................................................................................................................
Editing A Source-port Filter328................................................................................................................................................................
Filter Indexing329................................................................................................................................................................
Displaying Traffic/security Filters330................................................................................................................................................................
Why Use Port-based Or User-based Access Control?333................................................................................................................................................................
General Features333................................................................................................................................................................
Why Use Port-based Or User-based Access Control333................................................................................................................................................................
User Authentication Methods334................................................................................................................................................................
X User-based Access Control334................................................................................................................................................................
X Port-based Access Control335................................................................................................................................................................
Alternative To Using A Radius Server336................................................................................................................................................................
Accounting336................................................................................................................................................................
General 802.1x Authenticator Operation339................................................................................................................................................................
Example Of The Authentication Process339................................................................................................................................................................
Vlan Membership Priority340................................................................................................................................................................
General Setup Procedure For 802.1x Access Control344................................................................................................................................................................
Do These Steps Before You Configure 802.1x Operation344................................................................................................................................................................
Overview: Configuring 802.1x Authentication On The Switch347................................................................................................................................................................
Configuring Switch Ports As 802.1x Authenticators348................................................................................................................................................................
Enable 802.1x Authentication On Selected Ports349................................................................................................................................................................
A. Enable The Selected Ports As Authenticators And Enable The (default) Port-based Authentication349................................................................................................................................................................
Example: Configuring User-based 802.1x Authentication351................................................................................................................................................................
Example: Configuring Port-based 802.1x Authentication351................................................................................................................................................................
Reconfigure Settings For Port-access351................................................................................................................................................................
Configure The 802.1x Authentication Method354................................................................................................................................................................
Enter The Radius Host Ip Address(es)355................................................................................................................................................................
Enable 802.1x Authentication On The Switch355................................................................................................................................................................
Optional: Reset Authenticator Operation356................................................................................................................................................................
Optional: Configure 802.1x Controlled Directions356................................................................................................................................................................
Wake-on-lan Traffic357................................................................................................................................................................
Example: Configuring 802.1x Controlled Directions358................................................................................................................................................................
X Open Vlan Mode359................................................................................................................................................................
Vlan Membership Priorities360................................................................................................................................................................
Use Models For 802.1x Open Vlan Modes361................................................................................................................................................................
Unauthorized-client Vlans366................................................................................................................................................................
Setting Up And Configuring 802.1x Open Vlan Mode370................................................................................................................................................................
X Open Vlan Operating Notes374................................................................................................................................................................
Option For Authenticator Ports: Configure Port-security To Allow Only 802.1x-authenticated Devices375................................................................................................................................................................
Option For Authenticator Ports: Configure Port-security375................................................................................................................................................................
To Allow Only 802.1x-authenticated Devices375................................................................................................................................................................
Port-security376................................................................................................................................................................
Connections To Other Switches377................................................................................................................................................................
Supplicant Port Configuration379................................................................................................................................................................
Displaying 802.1x Configuration, Statistics, And Counters381................................................................................................................................................................
Show Commands For Port-access Authenticator381................................................................................................................................................................
Viewing 802.1x Open Vlan Mode Status390................................................................................................................................................................
Show Commands For Port-access Supplicant394................................................................................................................................................................
How Radius/802.1x Authentication Affects Vlan Operation395................................................................................................................................................................
Vlan Assignment On A Port396................................................................................................................................................................
Authentication Session398................................................................................................................................................................
In Authentication Sessions401................................................................................................................................................................
Messages Related To 802.1x Operation403................................................................................................................................................................
Port Security407................................................................................................................................................................
Basic Operation407................................................................................................................................................................
Eavesdrop Protection408................................................................................................................................................................
Blocking Unauthorized Traffic408................................................................................................................................................................
Trunk Group Exclusion409................................................................................................................................................................
Planning Port Security410................................................................................................................................................................
Port Security Command Options And Operation411................................................................................................................................................................
Port Security Display Options411................................................................................................................................................................
Configuring Port Security415................................................................................................................................................................
Retention Of Static Addresses420................................................................................................................................................................
Mac Lockdown425................................................................................................................................................................
Differences Between Mac Lockdown And Port Security427................................................................................................................................................................
Mac Lockdown Operating Notes428................................................................................................................................................................
Deploying Mac Lockdown429................................................................................................................................................................
Mac Lockout429................................................................................................................................................................
Port Security And Mac Lockout432................................................................................................................................................................
Web: Displaying And Configuring Port Security Features433................................................................................................................................................................
Reading Intrusion Alerts And Resetting Alert Flags433................................................................................................................................................................
Notice Of Security Violations433................................................................................................................................................................
How The Intrusion Log Operates434................................................................................................................................................................
Keeping The Intrusion Log Current By Resetting Alert Flags435................................................................................................................................................................
Resetting Alert Flags436................................................................................................................................................................
And Resetting Alert Flags437................................................................................................................................................................
Using The Event Log To Find Intrusion Alerts439................................................................................................................................................................
Alerts, And Resetting Alert Flags440................................................................................................................................................................
Operating Notes For Port Security441................................................................................................................................................................
Options445................................................................................................................................................................
Access Levels445................................................................................................................................................................
Defining Authorized Management Stations446................................................................................................................................................................
Overview Of Ip Mask Operation446................................................................................................................................................................
Menu: Viewing And Configuring Ip Authorized Managers447................................................................................................................................................................
Cli: Viewing And Configuring Authorized Ip Managers448................................................................................................................................................................
Listing The Switch's Current Authorized Ip Manager(s)448................................................................................................................................................................
Configuring Ip Authorized Managers For The Switch449................................................................................................................................................................
Web: Configuring Ip Authorized Managers451................................................................................................................................................................
Web Proxy Servers451................................................................................................................................................................
How To Eliminate The Web Proxy Server451................................................................................................................................................................
Web-based Help452................................................................................................................................................................
Building Ip Masks452................................................................................................................................................................
Configuring One Station Per Authorized Manager Ip Entry452................................................................................................................................................................
Using A Web Proxy Server To Access The Web Browser Interface452................................................................................................................................................................
Configuring Multiple Stations Per Authorized Manager Ip Entry453................................................................................................................................................................
Additional Examples For Authorizing Multiple Stations455................................................................................................................................................................
HP ProCurve 6120XG Management Manual

HP ProCurve 6120XG Management Manual (222 pages)

HP ProCurve Series 6120 Blade Switches Advanced Traffic Management Guide  
Brand: HP | Category: Server | Size: 1.19 MB
Table of contents
Table Of Contents4................................................................................................................................................................
Multiple Instance Spanning-tree Operation7................................................................................................................................................................
Product Documentation10................................................................................................................................................................
Contents15................................................................................................................................................................
Introduction16................................................................................................................................................................
Conventions16................................................................................................................................................................
Command Syntax Statements16................................................................................................................................................................
Command Prompts16................................................................................................................................................................
Screen Simulations16................................................................................................................................................................
Keys17................................................................................................................................................................
Configuration And Operation Examples18................................................................................................................................................................
Sources For More Information19................................................................................................................................................................
Getting Documentation From The Web21................................................................................................................................................................
Online Help21................................................................................................................................................................
Menu Interface21................................................................................................................................................................
Need Only A Quick Start?22................................................................................................................................................................
Ip Addressing22................................................................................................................................................................
To Set Up And Install The Switch In Your Network22................................................................................................................................................................
Physical Installation22................................................................................................................................................................
Need Only A Quick Start22................................................................................................................................................................
Command Line Interface26................................................................................................................................................................
Web Browser Interface26................................................................................................................................................................
Overview26................................................................................................................................................................
General Vlan Operation27................................................................................................................................................................
Types Of Static Vlans Available In The Switch28................................................................................................................................................................
Port-based Vlans28................................................................................................................................................................
Protocol-based Vlans28................................................................................................................................................................
Designated Vlans28................................................................................................................................................................
Terminology29................................................................................................................................................................
Static Vlan Operation30................................................................................................................................................................
Vlan Environments31................................................................................................................................................................
Vlan Operation32................................................................................................................................................................
Overlapping (tagged) Vlans33................................................................................................................................................................
Per-port Static Vlan Configuration Options35................................................................................................................................................................
Vlan Operating Rules36................................................................................................................................................................
General Steps For Using Vlans39................................................................................................................................................................
Multiple Vlan Considerations40................................................................................................................................................................
Single Forwarding Database Operation40................................................................................................................................................................
Example Of An Unsupported Configuration And How To Correct It42................................................................................................................................................................
Multiple Forwarding Database Operation43................................................................................................................................................................
Configuring Vlans44................................................................................................................................................................
Menu: Configuring Port-based Vlan Parameters44................................................................................................................................................................
To Change Vlan Support Settings45................................................................................................................................................................
Adding Or Editing Vlan Names46................................................................................................................................................................
Adding Or Changing A Vlan Port Assignment48................................................................................................................................................................
Cli: Configuring Port-based And Protocol-based Vlan Parameters50................................................................................................................................................................
Web: Viewing And Configuring Vlan Parameters62................................................................................................................................................................
Q Vlan Tagging63................................................................................................................................................................
Special Vlan Types68................................................................................................................................................................
Vlan Support And The Default Vlan68................................................................................................................................................................
The Primary Vlan68................................................................................................................................................................
The Secure Management Vlan69................................................................................................................................................................
Preparation71................................................................................................................................................................
Configuration72................................................................................................................................................................
Using Dhcp To Obtain An Ip Address73................................................................................................................................................................
Deleting The Management Vlan76................................................................................................................................................................
Operating Notes For Management Vlans76................................................................................................................................................................
Voice Vlans77................................................................................................................................................................
Operating Rules For Voice Vlans77................................................................................................................................................................
Components Of Voice Vlan Operation78................................................................................................................................................................
Voice Vlan Access Security78................................................................................................................................................................
Effect Of Vlans On Other Switch Features78................................................................................................................................................................
Spanning Tree Operation With Vlans78................................................................................................................................................................
Ip Interfaces79................................................................................................................................................................
Vlan Mac Address79................................................................................................................................................................
Port Trunks79................................................................................................................................................................
Port Monitoring79................................................................................................................................................................
Jumbo Packet Support80................................................................................................................................................................
Vlan Restrictions80................................................................................................................................................................
General Operation84................................................................................................................................................................
Per-port Options For Handling Gvrp "unknown Vlans"87................................................................................................................................................................
Per-port Options For Handling Gvrp "unknown Vlans87................................................................................................................................................................
Per-port Options For Dynamic Vlan Advertising And Joining89................................................................................................................................................................
Gvrp And Vlan Access Control91................................................................................................................................................................
Advertisements And Dynamic Joins91................................................................................................................................................................
Port-leave From A Dynamic Vlan91................................................................................................................................................................
Planning For Gvrp Operation92................................................................................................................................................................
Configuring Gvrp On A Switch93................................................................................................................................................................
Menu: Viewing And Configuring Gvrp93................................................................................................................................................................
Cli: Viewing And Configuring Gvrp94................................................................................................................................................................
Web: Viewing And Configuring Gvrp98................................................................................................................................................................
Gvrp Operating Notes98................................................................................................................................................................
S Multiple Spanning Tree Protocol (mstp)105................................................................................................................................................................
Mstp Structure106................................................................................................................................................................
How Mstp Operates108................................................................................................................................................................
Mst Regions108................................................................................................................................................................
Common Spanning Tree (cst)110................................................................................................................................................................
Mstp Operation With 802.1q Vlans111................................................................................................................................................................
Operating Rules114................................................................................................................................................................
Mstp Compatibility With Rstp Or Stp115................................................................................................................................................................
Planning An Mstp Application116................................................................................................................................................................
Configuring Mstp116................................................................................................................................................................
Mstp Configuration Overview118................................................................................................................................................................
Configuring Mstp Operation Mode And Global Settings120................................................................................................................................................................
Configuring Mstp Per-port Parameters125................................................................................................................................................................
Configuring Per Port Parameters125................................................................................................................................................................
Configuring Bpdu Filtering129................................................................................................................................................................
Configuring Bpdu Protection130................................................................................................................................................................
Configuring Mst Instance Parameters134................................................................................................................................................................
Configuring Mst Instance Per-port Parameters136................................................................................................................................................................
Enabling Or Disabling Spanning Tree Operation139................................................................................................................................................................
Enabling An Entire Mst Region At Once Or Exchanging One Region Configuration For Another139................................................................................................................................................................
Mstp Vlan Configuration Enhancement141................................................................................................................................................................
Preconfiguring Vlans In An Mst Instance142................................................................................................................................................................
Configuring Mstp Instances With The Vlan Range Option143................................................................................................................................................................
Operating Notes For The Vlan Configuration Enhancement145................................................................................................................................................................
How To Save Your Current Configuration146................................................................................................................................................................
Displaying Mstp Statistics And Configuration148................................................................................................................................................................
Displaying Global Mstp Status149................................................................................................................................................................
Displaying Detailed Port Information151................................................................................................................................................................
Displaying Status For A Specific Mst Instance152................................................................................................................................................................
Displaying The Mstp Configuration153................................................................................................................................................................
Troubleshooting An Mstp Configuration157................................................................................................................................................................
Displaying The Change History Of Root Bridges157................................................................................................................................................................
Displaying Debug Counters For All Mst Instances160................................................................................................................................................................
Displaying Debug Counters For One Mst Instance161................................................................................................................................................................
Displaying Debug Counters For Ports In An Mst Instance163................................................................................................................................................................
Field Descriptions In Mstp Debug Command Output165................................................................................................................................................................
Troubleshooting Mstp Operation168................................................................................................................................................................
Loop Protection169................................................................................................................................................................
Configuring Loop Protection170................................................................................................................................................................
Viewing Loop Protection Status171................................................................................................................................................................
Quality Of Service (qos): Managing Bandwidth More Effectively172................................................................................................................................................................
Classifiers For Prioritizing Outbound Packets181................................................................................................................................................................
Packet Classifiers And Evaluation Order181................................................................................................................................................................
Preparation For Configuring Qos182................................................................................................................................................................
Preserving 802.1p Priority182................................................................................................................................................................
Steps For Configuring Qos On The Switch182................................................................................................................................................................
Viewing The Qos Configuration184................................................................................................................................................................
No Override184................................................................................................................................................................
Quality Of Service For Outbound Traffic185................................................................................................................................................................
Qos Ip Type-of-service (tos) Policy And Priority186................................................................................................................................................................
Of The Tos Precedence Bits187................................................................................................................................................................
Basis Of Incoming Dscp188................................................................................................................................................................
Assigning A Dscp Policy On The Basis Of The Dscp In Ipv4 Packets Received From Upstream Devices192................................................................................................................................................................
Details Of Qos Ip Type-of-service195................................................................................................................................................................
Qos Source-port Priority198................................................................................................................................................................
Assigning A Priority Based On Source-port198................................................................................................................................................................
Assigning A Dscp Policy Based On The Source-port200................................................................................................................................................................
Differentiated Services Codepoint (dscp) Mapping204................................................................................................................................................................
Default Priority Settings For Selected Codepoints205................................................................................................................................................................
Quickly Listing Non-default Codepoint Settings205................................................................................................................................................................
Startup Configuration206................................................................................................................................................................
Notes On Changing A Priority Setting207................................................................................................................................................................
Error Messages Caused By Dscp Policy Changes207................................................................................................................................................................
Example Of Changing The Priority Setting On A Policy When One Or More Classifiers Are Currently Using The Policy208................................................................................................................................................................
Qos Queue Configuration211................................................................................................................................................................
Qos Operating Notes And Restrictions212................................................................................................................................................................
Ip Multicast (igmp) Interaction With Qos214................................................................................................................................................................
HP ProCurve 6120XG Installation And Getting Started Manual

HP ProCurve 6120XG Installation And Getting Started Manual (62 pages)

HP ProCurve Series 6120 Blade Switches Installation and Getting Started Guide  
Brand: HP | Category: Server | Size: 3.46 MB
Table of contents
Table Of Contents5................................................................................................................................................................
Introducing The Switch9................................................................................................................................................................
Hp Procurve 6120g/xg Blade Switch9................................................................................................................................................................
Hp Procurve 6120xg Blade Switch12................................................................................................................................................................
Dual-personality Ports14................................................................................................................................................................
Pre-installation Planning16................................................................................................................................................................
Hardware Setup Overview16................................................................................................................................................................
Switch Installation17................................................................................................................................................................
Installation Guidelines17................................................................................................................................................................
Installing The Blade Switch Into The Enclosure17................................................................................................................................................................
Accessing The Blade Switch From The Hp Bladesystem17................................................................................................................................................................
Onboard Administrator19................................................................................................................................................................
Optional) Connect A Console To The Switch19................................................................................................................................................................
Direct Console Access20................................................................................................................................................................
Accessing The Blade Switch From The Ethernet Interface (in Band)21................................................................................................................................................................
Installing Or Removing Sfp (mini-gbic), Sfp+ Or Xfp Transceivers21................................................................................................................................................................
Installing A Mini-gbic, Sfp+ Or Xfp Transceiver22................................................................................................................................................................
Removing A Mini-gbic22................................................................................................................................................................
Example Topologies23................................................................................................................................................................
Getting Started With Switch Configuration26................................................................................................................................................................
Recommended Minimal Configuration26................................................................................................................................................................
Using The Console Setup Screen27................................................................................................................................................................
Where To Go From Here28................................................................................................................................................................
To Recover From A Lost Manager Password28................................................................................................................................................................
Using The Ip Address For Remote Switch Management29................................................................................................................................................................
Starting A Telnet Session29................................................................................................................................................................
Starting A Web Browser Session29................................................................................................................................................................
Troubleshooting30................................................................................................................................................................
Basic Troubleshooting Tips31................................................................................................................................................................
Diagnosing The 6120g/xg With The Leds33................................................................................................................................................................
Diagnostic Tips33................................................................................................................................................................
Diagnosing The 6120xg With The Leds35................................................................................................................................................................
Proactive Networking37................................................................................................................................................................
Hardware Diagnostic Tests37................................................................................................................................................................
Testing The Switch By Resetting It37................................................................................................................................................................
Checking The Switch Leds37................................................................................................................................................................
Checking Console Messages38................................................................................................................................................................
Testing Twisted-pair Cabling38................................................................................................................................................................
Testing Switch-to-device Network Communications38................................................................................................................................................................
Testing End-to-end Network Communications38................................................................................................................................................................
Restoring The Factory Default Configuration39................................................................................................................................................................
Switch System Maintenance Switch40................................................................................................................................................................
Restoring Factory Firmware41................................................................................................................................................................
Downloading New Switch Software42................................................................................................................................................................
Hp Customer Support Services42................................................................................................................................................................
Before Calling Support43................................................................................................................................................................
Hp Contact Information43................................................................................................................................................................
Specifications44................................................................................................................................................................
Physical44................................................................................................................................................................
Environmental44................................................................................................................................................................
Connectors44................................................................................................................................................................
Safety44................................................................................................................................................................
Lasers45................................................................................................................................................................
Cabling And Technology Information46................................................................................................................................................................
Cabling Specifications46................................................................................................................................................................
Technology Distance Specifications47................................................................................................................................................................
Mode Conditioning Patch Cord47................................................................................................................................................................
Installing The Patch Cord47................................................................................................................................................................
Twisted-pair Cable/connector Pin-outs48................................................................................................................................................................
Mbps Or 100 Mbps Network Connections50................................................................................................................................................................
Cable Diagram50................................................................................................................................................................
Pin Assignments50................................................................................................................................................................
Mbps Or 100 Mbps Network Connection50................................................................................................................................................................
Crossover Twisted-pair Cable For50................................................................................................................................................................
Mbps Network Connections51................................................................................................................................................................
Straight-through Twisted-pair Cable For51................................................................................................................................................................
Safety And Emc Regulatory Statements52................................................................................................................................................................
Safety Information52................................................................................................................................................................
Safety Information (japan)57................................................................................................................................................................
Safety Information (china)58................................................................................................................................................................
Emc Regulatory Statements58................................................................................................................................................................
U.s.a60................................................................................................................................................................
European Community60................................................................................................................................................................
China Regulatory Statements61................................................................................................................................................................
HP ProCurve 6120XG Frequently Asked Questions

HP ProCurve 6120XG Frequently Asked Questions (4 pages)

ISS Technology Update Index  
Brand: HP | Category: Server | Size: 0.08 MB
HP ProCurve 6120XG Installation Instructions

HP ProCurve 6120XG Installation Instructions (4 pages)

HP ProCurve 6120G/XG: Install Guide  
Brand: HP | Category: Switch | Size: 0.82 MB
Table of contents
Installation Instructions1................................................................................................................................................................
Kit Contents1................................................................................................................................................................
Additional Information1................................................................................................................................................................
Installation Guidelines1................................................................................................................................................................
Firmware Requirements2................................................................................................................................................................
Front Panel2................................................................................................................................................................
Technical Support4................................................................................................................................................................
HP ProCurve 6120XG Installation Instructions

HP ProCurve 6120XG Installation Instructions (4 pages)

HP ProCurve 6120XG Blade Switch Installation Instructions  
Brand: HP | Category: Server | Size: 0.84 MB
Table of contents
Kit Contents1................................................................................................................................................................
Hp Procurve 6120xg Blade Switch1................................................................................................................................................................
Additional Information1................................................................................................................................................................
Installation Guidelines1................................................................................................................................................................
Front Panel2................................................................................................................................................................
Technical Support4................................................................................................................................................................

Share and save

Advertising