HP ProCurve 1600M Management And Configuration Manual Download Page 170

Page: 170 / 690

Configuring IP Addressing

Overview

You can configure IP addressing through all of the switch’s interfaces. You can
also:

Easily edit a switch configuration file to allow downloading the file to
multiple switches without overwriting each switch’s unique gateway and
VLAN 1 IP addressing.

■

Assign up to 32 IP addresses to a VLAN (multinetting).

Why Configure IP Addressing?

In its factory default configuration, the

switch operates as a multiport learning bridge with network connectivity
provided by the ports on the switch. However, to enable specific management
access and control through your network, you will need IP addressing. Table
8-1 on page 8-11 shows the switch features that depend on IP addressing to
operate.

IP Configuration

IP Configuration Features

IP Address and Subnet Mask

Multiple IP Addresses on a VLAN

Default Gateway Address

Packet Time-To-Live (TTL)

IP Address and Subnet Mask.

Configuring the switch with an IP address

expands your ability to manage the switch and use its features. By default, the
switch is configured to automatically receive IP addressing on the default
VLAN from a DHCP/Bootp server that has been configured correctly with
information to support the switch. (Refer to “DHCP/Bootp Operation” on page
8-12 for information on setting up automatic configuration from a server.)
However, if you are not using a DHCP/Bootp server to configure IP addressing,

8-2

Summary of Contents for ProCurve 1600M

Page 1: ...Management and Configuration Guide 8200zl ProCurve Switches K 12 XX www procurve com ...

Page 2: ......

Page 3: ...ProCurve Series 8200zl Switches September 2007 K 12 xx Management and Configuration Guide ...

Page 4: ...ANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE Hewlett Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing performance or use of this material The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services Nothing herein should ...

Page 5: ...2 Command Prompts 1 3 Screen Simulations 1 3 Configuration and Operation Examples 1 3 Keys 1 3 Sources for More Information 1 4 Getting Documentation From the Web 1 6 Online Help 1 6 Menu Interface 1 6 Command Line Interface 1 7 Web Browser Interface 1 7 Need Only a Quick Start 1 8 IP Addressing 1 8 To Set Up and Install the Switch in Your Network 1 8 Physical Installation 1 8 2 Selecting a Manage...

Page 6: ...Access 2 10 Banner Operation with Web Browser Access 2 10 Configuring and Displaying a Non Default Banner 2 10 Example of Configuring and Displaying a Banner 2 11 Operating Notes 2 14 3 Using the Menu Interface Contents 3 1 Overview 3 2 Starting and Ending a Menu Session 3 3 How To Start a Menu Interface Session 3 4 How To End a Menu Session and Exit from the Console 3 5 Main Menu Features 3 7 Scr...

Page 7: ...g a Web Browser Using ProCurve Manager PCM or Security Creating Usernames and Passwords Overview 5 2 General Features 5 3 Interface Session with the Switch 5 4 Using a Standalone Web Browser in a PC or UNIX Workstation 5 4 ProCurve Manager Plus PCM 5 5 Tasks for Your First ProCurve Web Browser Interface Session 5 7 Viewing the First Time Install Window 5 7 in the Browser Interface 5 8 Entering a U...

Page 8: ...ment Configuration Changes 6 6 Configuration Changes 6 10 Menu Implementing Configuration Changes 6 10 Using Save and Cancel in the Menu Interface 6 10 Rebooting from the Menu Interface 6 11 Web Implementing Configuration Changes 6 13 Using Primary and Secondary Flash Image Options 6 14 Displaying the Current Flash Image Data 6 14 Switch Software Downloads 6 16 Local Switch Software Replacement an...

Page 9: ...rtup Config File 6 35 Erasing a Startup Config File 6 36 Switch to Its Default Configuration 6 38 Transferring Startup Config Files To or From a Remote Server 6 39 TFTP Copying a Configuration File to a Remote Host 6 39 TFTP Copying a Configuration File from a Remote Host 6 40 Connected Host 6 40 Connected Host 6 41 Operating Notes for Multiple Configuration Files 6 41 7 Interface Access and Syste...

Page 10: ...5 Configuring a Loopback Interface 8 16 Displaying Loopback Interface Configurations 8 18 IP Preserve Retaining VLAN 1 IP Addressing Across Configuration File Downloads 8 20 Operating Rules for IP Preserve 8 20 Enabling IP Preserve 8 21 9 Time Protocols Contents 9 1 Overview 9 2 TimeP Time Synchronization 9 2 SNTP Time Synchronization 9 2 Selecting a Time Synchronization Protocol or Turning Off Ti...

Page 11: ...on Contents 10 1 Overview 10 2 Viewing Port Status and Configuring Port Parameters 10 2 Menu Port Configuration 10 5 CLI Viewing Port Status and Configuring Port Parameters 10 7 Viewing Port Status and Configuration 10 7 Viewing Port Utilization Statistics 10 9 Viewing Transceiver Status 10 9 Enabling or Disabling Ports and Configuring Port Mode 10 11 Enabling or Disabling Flow Control 10 12 Confi...

Page 12: ... Operation 11 10 When Is Power Allocation Prioritized 11 10 How Is Power Allocation Prioritized 11 11 PoE Priority With Two or More Modules 11 12 Configuring PoE Operation 11 14 Changing the PoE Port Priority Level 11 14 Disabling or Re Enabling PoE Port Operation 11 15 Enabling Support for Pre Standard Devices 11 15 Changing the Threshold for Generating a Power Notice 11 16 Configuring Optional P...

Page 13: ...Menu Viewing and Configuring a Static Trunk Group 12 9 CLI Viewing and Configuring Port Trunk Groups 12 11 Using the CLI To View Port Trunks 12 11 Using the CLI To Configure a Static or Dynamic Trunk Group 12 14 Web Viewing Existing Port Trunk Groups 12 17 Trunk Group Operation Using LACP 12 18 Default Port Operation 12 20 LACP Notes and Restrictions 12 21 Trunk Group Operation Using the Trunk Opt...

Page 14: ...te Limiting 13 14 ICMP Rate Limiting Trap and Event Log Messages 13 15 Guaranteed Minimum Bandwidth GMB 13 18 Introduction 13 18 Terminology 13 18 GMB Operation 13 18 Impacts of QoS Queue Configuration on GMB Operation 13 20 Outbound Traffic 13 21 Configuration 13 24 GMB Operating Notes 13 25 Jumbo Frames 13 26 Terminology 13 26 Operating Rules 13 27 Configuring Jumbo Frame Operation 13 28 Overvie...

Page 15: ... Traps 14 23 Configuring the Source IP Address for SNMP Requests and Traps 14 24 Operating Notes 14 27 Enabling and Configuring SNMP Inform 14 27 Advanced Management RMON 14 28 CLI Configured sFlow with Multiple Instances 14 29 Terminology 14 29 Configuring sFlow 14 29 Viewing sFlow Configuration and Status 14 30 LLDP Link Layer Discovery Protocol 14 33 Terminology 14 34 General LLDP Operation 14 ...

Page 16: ...formation Available for Outbound Advertisements 14 67 Displaying LLDP Statistics 14 71 LLDP Operating Notes 14 73 LLDP and CDP Data Management 14 75 LLDP and CDP Neighbor Data 14 75 CDP Operation and Commands 14 77 Redundancy Switch 8212zl Contents 15 1 Overview 15 3 Terminology 15 3 How the Management Modules Interact 15 4 Using Redundant Management 15 5 Displaying Redundancy Status 15 5 Enabling...

Page 17: ...ile are Different 15 19 Downloading a Software Version Serially if the Management Module is Corrupted 15 21 Turning Off Redundant Management 15 21 Disabling Redundancy with Two Modules Present 15 21 Disabling Redundancy With Only One Module Present 15 22 Displaying Management Information 15 23 Active Management Module Commands 15 23 Show Module 15 23 Show Redundancy 15 24 Show Flash 15 24 Show Ver...

Page 18: ...ages 15 46 A File Transfers Contents A 1 Overview A 3 Downloading Switch Software A 3 General Software Download Rules A 4 Using TFTP To Download Switch Software from a Server A 4 Menu TFTP Download from a Server to Primary Flash A 5 CLI TFTP Download from a Server to Flash A 7 Using Secure Copy and SFTP A 9 How It Works A 10 The SCP SFTP Process A 10 Disable TFTP and Auto TFTP for Enhanced Securit...

Page 19: ...B Copying a Software Image to a USB Device A 24 Transferring Switch Configurations A 25 TFTP Copying a Configuration File to a Remote Host A 26 TFTP Copying a Configuration File from a Remote Host A 26 Connected PC or UNIX Workstation A 26 Connected PC or UNIX Workstation A 27 USB Copying a Configuration File to a USB Device A 28 USB Copying a Configuration File from a USB Device A 29 Transferring...

Page 20: ...up Statistics and Flow Control Status B 12 Menu Access to Port and Trunk Statistics B 13 CLI Access To Port and Trunk Group Statistics B 14 Web Browser Access To View Port and Trunk Group Statistics B 14 Viewing the Switch s MAC Address Tables B 15 Menu Access to the MAC Address Views and Searches B 15 CLI Access for MAC Address Views and Searches B 18 Spanning Tree Protocol MSTP Information B 19 ...

Page 21: ... B 41 2 Configure the Remote Mirroring Session on Destination Switch B 41 3 Configure the Mirroring Session on the Source Switch B 43 4 Configure Mirroring Sources B 47 Using Interface Identity and Direction of Movement Using ACL Assignment and Traffic Direction Displaying a Mirroring Session Configuration Remote Mirroring Destination Using a VLAN Interface Traffic Selection Options B 47 Mirroring...

Page 22: ...s Problems C 6 Unusual Network Activity C 8 General Problems C 8 802 1Q Prioritization Problems C 9 ACL Problems C 9 IGMP Related Problems C 13 LACP Related Problems C 14 Mesh Related Problems C 14 Port Based Access Control 802 1X Related Problems C 14 QoS Related Problems C 17 Radius Related Problems C 17 Spanning Tree Protocol MSTP and Fast Uplink Problems C 18 SSH Related Problems C 19 TACACS R...

Page 23: ...egotiation C 45 Ping and Link Tests C 45 Web Executing Ping or Link Tests C 47 CLI Ping or Link Tests C 48 DNS Resolver C 50 Terminology C 50 Basic Operation C 50 Configuring and Using DNS Resolution with Ping and Traceroute Commands C 52 Configuring a DNS Entry C 53 Example Using DNS Names with Ping and Traceroute C 53 Viewing the Current DNS Configuration C 56 Operating Notes C 56 Event Log Mess...

Page 24: ...1 Overview D 2 Determining MAC Addresses D 3 Menu Viewing the Switch s MAC Addresses D 4 CLI Viewing the Port and VLAN MAC Addresses D 5 Viewing the MAC Addresses of Connected Devices D 7 E Monitoring Resources Contents E 1 Viewing Information on Resource Usage E 2 Policy Enforcement Engine E 2 Displaying Current Resource Usage E 3 When Insufficient Resources Are Available E 5 F Daylight Savings T...

Page 25: ... Guide Explains how to prepare for and perform the physical installation and connect the switch to your network Electronic Publications The latest version of each of the publications listed below is available in PDF format on the ProCurve Web site as described in the Note at the top of this page Management and Configuration Guide Describes how to configure manage and monitor basic switch operation...

Page 26: ...ement and Configuration Advanced Traffic Management Multicast and Routing Access Security Guide OSPF PIM DM Dense Mode PIM SM Sparse Mode VRRP X X X X Intelligent Edge Software Features Manual Management and Configuration Advanced Traffic Management Multicast and Routing Access Security Guide 802 1Q VLAN Tagging 802 1X Port Based Priority 802 1X Multiple Authenticated Clients Per Port ACLs X X X X...

Page 27: ...iguration DHCP Option 82 X X X X DHCP Snooping DHCP Bootp Operation Diagnostic Tools Downloading Software X X X X Dynamic ARP Protection Eavesdrop Protection Event Log Factory Default Settings X X X X Flow Control 802 3x File Management File Transfers Friendly Port Names X X X X Guaranteed Minimum Bandwidth GMB GVRP Identity Driven Management IDM IGMP X X X X Interface Access Telnet Console Serial...

Page 28: ...ess Management MAC Lockdown MAC Lockout MAC based Authentication X X X X Management VLAN Meshing Monitoring and Analysis Multicast Filtering X X X X Multiple Configuration Files Network Management Applications SNMP OpenView Device Management Passwords and Password Clear Protection X X X X ProCurve Manager PCM Ping Port Configuration Port Monitoring X X X X Port Security Port Status Port Trunking L...

Page 29: ...uality of Service QoS X X X X RADIUS Authentication and Accounting RADIUS Based Configuration Rate Limiting Redundant Management X X X X RIP RMON 1 2 3 9 Routing Routing IP Static X X X X Secure Copy sFlow SFTP SNMPv3 X X X X Software Downloads SCP SFTP TFPT Xmodem Source Port Filters Spanning Tree STP RSTP MSTP SSHv2 Secure Shell Encryption X X X X SSL Secure Socket Layer Syslog System Informatio...

Page 30: ...FTP Time Protocols TimeP SNTP Traffic Mirroring X X X X Traffic Security Filters Troubleshooting Uni Directional Link Detection UDLD UDP Forwarder X X X X USB Device Support Virus Throttling Connection Rate Filtering VLANs VLAN Mirroring 1 static VLAN X X X X Voice VLAN Web Authentication RADIUS Support Web based Authentication Web UI X X X X Xmodem X xxviii ...

Page 31: ...nfiguration and Operation Examples 1 3 Keys 1 3 Sources for More Information 1 4 Getting Documentation From the Web 1 6 Online Help 1 6 Menu Interface 1 6 Command Line Interface 1 7 Web Browser Interface 1 7 Need Only a Quick Start 1 8 IP Addressing 1 8 To Set Up and Install the Switch in Your Network 1 8 Physical Installation 1 8 1 1 ...

Page 32: ...yed information Command Syntax Statements Syntax ip default gateway ip addr routing Syntax show interfaces port list Vertical bars separate alternative mutually exclusive elements Square brackets indicate optional elements Braces enclose required elements Braces within square brackets indicate a required element within an optional choice Boldface indicates use of a CLI command part of a CLI comman...

Page 33: ...show version Image stamp sw code build info March 1 2007 13 43 13 K 12 01 139 ProCurve Figure 1 1 Example of a Figure Showing a Simulated Screen In some cases brief command output sequences appear without figure iden tification For example ProCurve config clear public key ProCurve config show ip client public key show_client_public_key cannot stat keyfile Configuration and Operation Examples Unles...

Page 34: ...agement including downloading software to the switch software fixes addressed in current and previous releases To view and download a copy of the latest software release notes for your switch refer to Getting Documentation From the Web on page 1 6 Product Notes and Software Update Information The printed Read Me First shipped with your switch provides software update information product notes and ...

Page 35: ... Use this guide for information on topics such as VLANs Static port based and protocol VLANs and dynamic GVRP VLANs spanning Tree 802 1D STP 802 1w RSTP and 802 1s MSTP meshing Quality of Service QoS Access Control Lists ACLs Multicast and Routing Guide Usethisguideforinformationtopicssuch as IGMP PIM SM and DM IP routing VRRP Access Security Guide Use this guide for information on topics such as ...

Page 36: ...n the product for which you want to view or download a manual If you need further information on ProCurve switch technology visit the ProCurve Networking web site at www procurve com Online Help Menu Interface If you need information on specific parameters in the menu interface refer to the online help provided in the interface For example Online Help for Menu Figure 1 2 Online Help for Menu Inter...

Page 37: ...the web browser interface use the online Help You can access the Help by clicking on the question mark button in the upper right corner of any of the web browser interface screens The Help Button Figure 1 4 Button for Web Browser Interface Online Help Not e To access the online Help for the ProCurve web browser interface you need either ProCurve Manager version 1 5 or greater installed on your net...

Page 38: ... the Installation and Getting Started Guide you received with the switch To Set Up and Install the Switch in Your Network Physical Installation Use the ProCurve Installation and Getting Started Guide shipped with the switch for the following Notes cautions and warnings related to installing and using the switch and its related modules Instructions for physically installing the switch in your netwo...

Page 39: ...Menu Interface 2 3 Advantages of Using the CLI 2 4 General Benefits 2 4 Information on Using the CLI 2 4 Advantages of Using the Web Browser Interface 2 5 or ProCurve Manager Plus 2 7 Web Browser Interfaces 2 9 Banner Operation with Telnet Serial or SSHv2 Access 2 10 Banner Operation with Web Browser Access 2 10 Configuring and Displaying a Non Default Banner 2 10 Example of Configuring and Displa...

Page 40: ...avigator or Microsoft Internet Explorer 2 5 ProCurve Manager PCM a windows based network management solution included in box with all manageable ProCurve devices Features include automatic device discovery network status summary topology and mapping and device management ProCurve Manager Plus PCM a complete windows based network management solution that provides both the basic features offered wit...

Page 41: ...ovides quick easy management access to a menu driven subset of switch configuration and performance features IP addressing System information VLANs and GVRP Local passwords Port Security SNMP communities Port and Static Trunk Group Time protocols Spanning Tree The menu interface also provides access for Setup screen Switch and port statistic and counter displays Event Log display Reboots Switch an...

Page 42: ...xt Prompt for Context Configuration Levels For example ProCurve eth 1 5 ProCurve vlan 1 ProCurve pim ProCurve rip Figure 2 2 Command Prompt Examples General Benefits Provides access to the complete set of the switch configuration perfor mance and diagnostic features Offers out of band access through the RS 232 connection or Telnet in band access Enables quick detailed system configuration and mana...

Page 43: ...analyzing switch operation refer to Appendix B For information on individual CLI commands refer to the Index or to the online Help provided in the CLI interface Advantages of Using the Web Browser Interface Figure 2 3 Example of the Web Browser Interface Easy access to the switch from anywhere on the network Familiar browser interface locations of window objects consistent with commonly used brows...

Page 44: ...tures have all their fields in one screen so you can view all values at once More visual cues using colors status bars device icons and other graphical objects instead of relying solely on alphanumeric values Display of acceptable ranges of values available in configuration list boxes 2 6 ...

Page 45: ...e ProCurve Manager and ProCurve Manager Plus PCM and PCM from a PC on the network to monitor traffic manage your hubs and switches and proactively recommend network changes to increase network uptime and optimize performance Easy to install and use PCM and PCM are the answers to your management challenges Figure 2 4 Example of the Home Page for ProCurve Manager Plus 2 7 ...

Page 46: ...tatus and can be viewed at multiple levels physical view subnet view or VLAN view Device Management Many device focused tasks can be performed directly by the software or the user can access web browser and command line interfaces with the click of a button to manage individ ual devices from inside the tool Features and benefits of ProCurve Manager Plus All of the Features of ProCurve Manager Refe...

Page 47: ...n The modular software architecture of ProCurve Manager Plus will allow ProCurve to offer network admin istrators add on software solutions that complement their needs Custom Login Banners for the Console and Web Browser Interfaces You can configure the switch to display a login banner of up to 320 characters when an operator initiates a management session with the switch through any of the follow...

Page 48: ...pears in a dedicated banner window with a link to the Web agent home page Clicking on To Home Page clearsthebannerwindowandpromptstheuserforapassword ifconfigured Following entry of the correct username password information or if no username password is required the switch then displays either the Registra tion page or the switch s home page Note that if the banner feature is disabled or if the sw...

Page 49: ...s not been terminated by a CR LF However terminating a line in a banner by entering a CR LF prevents any further editing of that line To edit a line in a banner entry after terminating the line with a CR LF requires entering the delimiter described above and then re configuring new banner text The banner text string must terminate with the character defined by banner motd delimiter Note In redunda...

Page 50: ... banner configuration use either the show banner motd or show running command ProCurve config show banner motd Banner Information Banner status Enabled Configured Banner This is a private system maintained by the Allied Widget Corporation Unauthorized use of this system can result in civil and criminal penalties Figure 2 7 Example of show banner motd Output 2 12 ...

Page 51: ...24 B1 B24 configuration ip address dhcp bootp exit banner motd This is a private system maintained by the Allied Widget Corporation Unauthorized use of this system can result in civil and criminal penalties spanning tree Figure 2 8 The Current Banner Appears in the Switch s Running Config File The next time someone logs onto the switch s management CLI the following appears The login screen displa...

Page 52: ...tch is reset to its factory default configuration The switch supports one banner at any time Configuring a new banner replaces any former banner configured on the switch If the switch is configured with ssh version 1 or ssh version 1 or 2 configuring the banner sets the SSH configuration to ssh version 2 and displays the following message in the CLI Warning SSH version has been set to v2 If a bann...

Page 53: ...Ending a Menu Session 3 3 How To Start a Menu Interface Session 3 4 How To End a Menu Session and Exit from the Console 3 5 Main Menu Features 3 7 Screen Structure and Navigation 3 9 Rebooting the Switch 3 12 Menu Features List 3 14 Where To Go From Here 3 15 3 1 ...

Page 54: ...rs IP addressing VLANs Virtual LANs and GVRP Time protocol Ports Trunk groups View status counters and Event Log information Update switch software Reboot the switch For a detailed list of menu features see the Menu Features List on page 3 14 Privilege Levels and Password Security ProCurve strongly recom mends that you configure a Manager password to help prevent unauthorized access to your networ...

Page 55: ...ation change made through any switch interface overwrites earlier changes made through any other interface The Menu Interface and the CLI Command Line Interface both use the switch console To enter the menu from the CLI use the menu command To enter the CLI from the Menu interface select Command Line CLI option Starting and Ending a Menu Session You can access the menu interface using any of the f...

Page 56: ...ulator or a terminal press Enter one or more times until a prompt appears 3 When the switch screen appears do one of the following If a password has been configured the password prompt appears Password _ Type the Manager password and press Enter Entering the Manager password gives you manager level access to the switch Entering the Operator password gives you operator level access to the switch Re...

Page 57: ...enu For more infor mation see the Installation and Getting Started Guide you received with the switch How To End a Menu Session and Exit from the Console The method for ending a menu session and exiting from the console depends on whether during the session you made any changes to the switch configu ration that require a switch reboot to activate Most changes via the menu interface need only a Sav...

Page 58: ...inal program turn off the terminal or quit the Telnet session 2 If you have made configuration changes that require a switch reboot thatis if anasterisk appearsnexttoaconfigureditemornexttoSwitch Configuration in the Main Menu a Return to the Main Menu b Press 6 to select Reboot Switch and follow the instructions on the reboot screen Rebooting the switch terminates the menu session and if you are ...

Page 59: ... the front of this manual For a listing of features and parameters configurable through the menu interface see the Menu Fea tures List on page 3 14 For an index of the features covered in the software manuals for your switch refer to the Software Feature Index on page xxiv Console Passwords Provides access to the screen used to set or change Manager level and Operator level passwords and to delete...

Page 60: ...is required to activate a change in the VLAN Support parameter See Rebooting from the Menu Interface on page 6 11 Download OS Enables you to download a new switch software version to the switch See Appendix A File Transfers Run Setup Displays the Switch Setup screen for quickly configuring basic switch parameters such as IP addressing default gateway logon default interface and others Refer to the...

Page 61: ...nstructions Actions line Screentitle identifies the location within the menu structure Figure 3 4 Elements of the Screen Structure Forms Design The configuration screens in particular operate similarly to a number of PC applications that use forms for data entry When you first enter these screens you see the current configuration for the item you have selected To change the configuration the basic...

Page 62: ...other parameter value return to step 3 6 If you are finished editing parameters in the displayed screen press Enter to return to the Actions line and do one of the following Tosaveandactivateconfigurationchanges press S forthe Save action This saves the changes in the startup configuration and also implements the change in the currently running configuration See Chapter 6 Switch Memory and Configu...

Page 63: ...t of the screen Highlightonanyitemin the Actions line indicates that the Actions line is active The Help line provides a brief descriptor of the highlighted Action item or parameter Figure 3 5 Example Showing How To Display Help To get Help on the actions or data fields in each screen Use the arrow keys or v to select an action or data field The help line under the Actions items describes the curr...

Page 64: ...require a reboot Resets statistical counters to zero Note that statistical counters can be reset to zero without rebooting the switch To Reboot the switch use the Reboot Switch option in the Main Menu Note that Reboot Switch is not available if you log on in Operator mode that is if you enter an Operator password instead of a manager password at the password prompt Reboot Switch option Figure 3 6 ...

Page 65: ...alue for the Maximum VLANs to support parameter an asterisk appears next to the VLAN Support entry in the VLAN Menu screen and also next to the Switch Configuration entry in the Main Menu Reminder to reboot the switch to activate configuration changes Asterisk indicates a configuration change that requires a reboot in order to take effect Figure 3 7 Indication of a Configuration Change Requiring a...

Page 66: ...ormation Port Status Port Counters Address Table Port Address Table Switch Configuration System Information Port Trunk Settings Network Monitoring Port IP Configuration SNMP Community Names IP authorized Managers VLAN Menu Console Passwords Event Log Command Line CLI Reboot Switch Download OS Download Switch Software Run Setup Logout 3 14 ...

Page 67: ... Switch counters Operation To learn how to configure and use Refer to the Access Security Guide for your passwords and other security features switch To learn how to use the Event Log Using the Event Log To Identify Problem Sources on page C 26 To learn how the CLI operates Chapter 4 Using the Command Line Interface CLI To download switch software Appendix A File Transfers For a description of how...

Page 68: ...Using the Menu Interface Where To Go From Here 3 16 ...

Page 69: ...Level Operation 4 4 Operator Privileges 4 4 Manager Privileges 4 5 How To Move Between Levels 4 7 Listing Commands and Command Options 4 8 Listing Commands Available at Any Privilege Level 4 8 Listing Command Options 4 10 Displaying CLI Help 4 11 Configuration Commands and the Context Configuration Modes 4 12 CLI Control and Editing 4 16 4 1 ...

Page 70: ...tch s factory default state is the default interface when you start a console session You can access the console out of band by directly connect ing a terminal device to the switch or in band by using Telnet either from a terminal device or through the web browser interface Also if you are using the menu interface you can access the CLI by selecting the Command Line CLI option in the Main Menu Usi...

Page 71: ...guration Privilege Levels at Logon Privilege levels control the type of access to the CLI To implement this control you must set at least a Manager password Without a Manager password configured anyone having serial port Telnet or web browser access to the switch can reach all CLI levels For more on setting passwords refertothechapteronusernames andpasswordsintheAccess Security Guide for your swit...

Page 72: ...mended that you protect the switch from physical access by unauthorized persons If you are concerned about switch security and operation you should install the switch in a secure location such as a locked wiring closet Privilege Level Operation 2 Manager Level 3 Global Configuration Operator Privileges Manager Privileges 1 Operator Level 4 Context Configuration Level Figure 4 2 Access Sequence for...

Page 73: ...ges and enables you to make configuration changes to any of the switch s software features The prompt for the Global Configuration level includes the system name and config To select this level enter the config command at the Manager prompt For example ProCurve config Enter config at the Manager prompt ProCurve config _ The Global Config prompt Context Configuration level Provides all Operator and...

Page 74: ...ion same as logout Manager Privilege ManagerLevel ProCurve Perform system level actions such as system control monitoring and diagnostic commands plusanyoftheOperator levelcommands Foralist of available commands enter at the prompt Global ProCurve config Execute configuration commands plus all Configuration Operator and Manager commands For a list of Level available commands enter at the prompt Co...

Page 75: ... ProCurve config ProCurve config vlan 10 ProCurve vlan 10 ProCurve vlan 10 interface e 3 ProCurve int 3 The CLI accepts e as the abbreviated form of ethernet ProCurve int 3 exit ProCurve config exit ProCurve exit ProCurve ProCurve int 3 end ProCurve or ProCurve config end ProCurve Moving Between the CLI and the Menu Interface When moving between interfaces the switch retains the current privilege ...

Page 76: ...s At any privilege level you can List all of the commands available at that level List the options for a specific command Listing Commands Available at Any Privilege Level At a given privilege level you can list and execute the commands that level offers plus all of the commands available at preceding levels For example at the Operator level you can list and execute only the Operator level com man...

Page 77: ...e Global Configuration level or the Context Configuration level produces similar results Use Tab To Search for or Complete a Command Word You can use Tab to help you find CLI commands or to quickly complete the current word in a command To do so type one or more consecutive characters in a command and then press Tab with no spaces allowed For example at the Global Configuration level if you press ...

Page 78: ...based priority tcp portSet TCP port based priority device priorityConfigure device based priority dscp mapDefine mapping between a DSCP Differentiated Services Codepoint value and 802 1p priority type of serviceConfigure the Type of Service method the device uses to prioritize IP traffic Listing Command Options You can use the CLI to remind you of the options available for a command by entering co...

Page 79: ... is at the Operator level executing help displays the Help summaries only for Operator Level commands At the Manager level executing help displays the Help summaries for both the Operator and Manager levels and so on For example to list the Operator Level commands with their purposes Figure 4 6 Example of Context Sensitive Command List Help Displaying Help for an Individual Command Syntax command ...

Page 80: ...ge For example trying to list the help for the interface command while at the global configuration level produces this result ProCurve speed duplex help Invalid input speed duplex Configuration Commands and the Context Configuration Modes You can execute any configuration command in the global configuration mode or in selected context modes However using a context mode enables you to execute conte...

Page 81: ... this mode includes the identity of the selected port s ProCurve config interface c3 c6 ProCurve eth C5 C8 ProCurve config interface trk1 ProCurve eth Trk1 Commands executed at configuration level for entering port and trk1 static trunk group contexts and resulting prompts showing port or static trunk contexts ProCurve eth C5 C8 ProCurve eth Trk1 ProCurve eth C5 C8 ProCurve eth C5 C8 Lists the com...

Page 82: ...context the first block of commands in the listing show the context specific commands that will affect only ports C3 C6 The remaining commands in the listing are Manager Operator and context commands Figure 4 8 Context Specific Commands Affecting Port Context 4 14 ...

Page 83: ...ig vlan 100 Command executed at configuration level to enter VLAN 100 context ProCurve vlan 100 Resulting prompt showing VLAN 100 context ProCurve vlan 100 Lists commands you can use in the VLAN context plus Manager Operator and context commands you can execute at this level In the VLAN context the first block of commands in the listing show the commandsthat will affect only vlan 100 The remaining...

Page 84: ...es from the cursor to the end of the command line Ctrl L or Ctrl R Repeats current command line on a new line Ctrl N or v Enters the next command line in the history buffer Ctrl P or Enters the previous command line in the history buffer Ctrl U or Ctrl X Deletes from the cursor to the beginning of the command line Ctrl W Deletes the last word typed Esc B Moves the cursor backward one word Esc D De...

Page 85: ...ll Window 5 7 in the Browser Interface 5 8 Entering a User Name and Password 5 10 Using a User Name 5 10 If You Lose the Password 5 10 Online Help for the Web Browser Interface 5 11 Support Mgmt URLs Feature 5 12 Support URL 5 13 Help and the Management Server URL 5 13 Using the PCM Server for Switch Web Help 5 14 Status Reporting Features 5 16 The Overview Window 5 16 The Port Utilization and Sta...

Page 86: ...lecting the fault detection configuration for the Alert Log operation page 5 24 Getting access to online help for the web browser interface page 5 11 Description of the web browser interface Overview window and tabs page 5 16 Port Utilization and Status displays page 5 17 Alert Log and Alert types page 5 20 Setting the Fault Detection Policy page 5 24 Not e You can disable access to the web browse...

Page 87: ... Redundancy Status Alert log Switch Configuration Device view Port configuration VLAN configuration Fault detection Quality of service QoS Port monitoring mirroring System information IP configuration Support and management server URLs Device features Spanning Tree On Off VLAN selection and IGMP Switch Security User names and passwords Authorized Addresses Intrusion Log SSL RADIUS authentication R...

Page 88: ...r workstation For more on assigning an IP address refer to IP Configuration on page 8 2 1 Ensure that the JavaTM applets are enabled for your browser For more information on this topic refer to your browser s online Help 2 Use the web browser to access the switch If your network includes a Domain Name Server DNS your switch s IP address may have a name associated with it for example switch8212 tha...

Page 89: ...ation The networked device you want to access has been assigned an IP address and optionally a DNS name and has been discovered by PCM or PCM For more on assigning an IP address refer to IP Configuration on page 8 2 To establish a web browser session with PCM or PCM running do the following on the network management station 1 Make sure the JavaTM applets are enabled for your web browser If they ar...

Page 90: ...Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Switch First time install alert Figure 5 1 Example of Status Overview Screen 5 6 ...

Page 91: ...ime Install Window When you access the switch s web browser interface for the first time the Alert log contains a First Time Install alert as shown in figure 5 2 This gives you information about first time installations and provides an immediate opportunity to set passwords for security and to specify a Fault Detection policy which determines the types of messages that will be displayed in the Ale...

Page 92: ... on page 5 24 You can also access the password screen by clicking on the Configuration tab and then the Fault Detection key Security Creating Usernames and Passwords in the Browser Interface Not e On the switches covered in this guide you can also configure RADIUS authen tication for web browser interface access For more information refer to the chapter titled RADIUS Authentication and Accounting ...

Page 93: ...2 Click in the appropriate box in the Device Passwords window and enter user names and passwords You will be required to repeat the password strings in the confirmation boxes Both the user names and passwords can be up to 16 printable ASCII characters 3 Click on Apply Changes to activate the user names and passwords Not e Passwords you assign in the web browser interface will overwrite previous pa...

Page 94: ...es you full read write troubleshooting capabilities Entering the operator password gives you read and limited trouble shooting capabilities Using a User Name If you also set user names in the web browser interface screen you must supply the correct user name for web browser interface access If a user name has not been set then leave the User Name field in the password window blank Note that the Co...

Page 95: ...our switch Online Help for the Web Browser Interface Online Help is available for the web browser interface You can use it by clicking on the question mark button in the upper right corner of any of the web browser interface screens The Help Button Figure 5 5 The Help Button Context sensitive help is provided for the screen you are on Not e To access the online Help for the ProCurve web browser in...

Page 96: ...urce you want the switch to access when you click on the web browser interface Support tab The default is the URL for the ProCurve Networking home page TheURLofaPCM ProCurveNetworkManager workstationorotherserver for the online Help files for this web browser interface The default setting accesses the switch s browser based Help on the ProCurve World Wide Web site Note that if you install PCM in y...

Page 97: ...agement Server URL field specifies the URL the switch uses to find online Help for the web browser interface If you install PCM ProCurve Manager in your network the PCM manage ment station acts as the web browser Help server for the switch and automatically inserts the necessary URL in this field For more on the option see Using the PCM Server for Switch Web Help on page 5 14 In the default config...

Page 98: ...lp Using the PCM Server for Switch Web Help For ProCurve devices that support the Web Help feature you can use the PCM server to host the switch help files for devices that do not have HTTP access to the ProCurve Support Web site 1 Go to the ProCurve Support web site to get the Device Help files www hp com rnd device_help 2 Copy the Web help files to the PCM server under C program files hewlett pa...

Page 99: ...ter the IP address for your PCM server 8040 is the standard port number to use 4 Restart the Discovery process for the change to be applied Not e Changing the Discovery s Global properties file will redirect the Device Help URL for all devices If you just want to change the Device Help URL for a particular device then go to the Configuration tab on the Web UI for that device and select the Support...

Page 100: ... page 5 20 The Status bar page 5 22 The Overview Window The Overview Window is the home screen for any entry into the web browser interface The following figure identifies the various parts of the screen Alert Log Control Bar Port Utiliza tion Graphs page 5 17 Alert Log page 5 20 Port Status Indicators page 5 19 Button Bar Tab Bar Status Bar page 5 22 Active Tab Active Button Figure 5 8 The Status...

Page 101: ...a breakdown of the packet types that have been detected unicast packets non unicast packets and error packets The Legend identifies traffic types and their associated colors on the bar graph Unicast Rx All Tx This is all unicast traffic received and all transmitted traffic of any type This indicator a blue color on many systems can signify either transmitted or received traffic Non Unicast Pkts Rx...

Page 102: ...consistently higher than 40 on any port click on the Port Counters button to get a detailed set of counters for the port To change the amount of bandwidth the Port Utilization bar graph shows Clickonthebandwidthdisplaycontrolbuttonintheupperleftcorner of the graph The button shows the current scale setting such as 40 In the resulting menu select the bandwidth scale you want the graph to show 3 10 ...

Page 103: ...t is enabled but is not connected to an active network device A cable may not be connected to the port or the device at the other end may be powered off or inoperable or the cable or connected device could be faulty Port Disabled the port has been configured as disabled through the web browser interface the switch console or SNMP network manage ment Port Fault Disabled a fault condition has occurr...

Page 104: ... Date Time The date and time the event was received by the web browser interface This value is shown in the format DD MM YY HH MM SS AM PM for example 16 Sep 99 7 58 44 AM Description A short narrative statement that describes the event For example Excessive CRC Alignment errors on port 8 Sorting the Alert Log Entries The alerts are sorted by default by the Date Time field with the most recent ale...

Page 105: ...Not e When troubleshooting the sources of alerts it may be helpful to check the switch s Port Status and Port Counter windows or use the CLI or menu interface to view the switch s Event Log When you double click on an Alert Entry the web browser interface displays a separate window showing information about the event This view includes a description of the problem and a possible solution It also p...

Page 106: ...ple of Alert Log Detail View The Status Bar The Status Bar appears in the upper left corner of the web browser interface window Figure 5 15 shows an expanded view of the status bar Status Indicator Most Critical Alert Description Product Name Figure 5 15 Example of the Status Bar 5 22 ...

Page 107: ...e The name you can configure for the switch by using the System Info window under the Configuration tab the hostname ascii string command in the CLI or the System Name field in the System Information screen in the System Info screen of the menu interface Most Critical Alert Description A brief description of the earliest unacknowledged alert with the current highest severity in the Alert Log appea...

Page 108: ...ure controls the types of alerts reported to the Alert Log based on their level of severity Set this policy in the Fault Detection window figure 5 16 Figure 5 16 The Fault Detection Window The Fault Detection screen contains a list box for setting fault detection and response policy and enables you to set the sensitivity level at which a network problem should generate an alert and send it to the ...

Page 109: ... severe alerts to the Alert Log This policy is most effective on a network where there are normally a lot of problems and you want to be informed of only the most severe ones Never Disables the Alert Log and transmission of alerts traps to the management server in cases where a network management tool such as ProCurve Manager is in use Use this option when you don t want to use the Alert Log The F...

Page 110: ...Using the ProCurve Web Browser Interface Status Reporting Features 5 26 ...

Page 111: ...imary and Secondary Flash Image Options 6 14 Displaying the Current Flash Image Data 6 14 Switch Software Downloads 6 16 Local Switch Software Replacement and Removal 6 17 Rebooting the Switch 6 19 Operating Notes about Booting 6 19 Boot and Reload Command Comparison 6 20 Setting the Default Flash 6 21 Booting from the Default Flash Primary or Secondary 6 22 Booting from a Specified Flash 6 23 Usi...

Page 112: ...Config Files in the Switch 6 34 Renaming an Existing Startup Config File 6 35 Creating a New Startup Config File 6 35 Erasing a Startup Config File 6 36 Switch to Its Default Configuration 6 38 Transferring Startup Config Files To or From a Remote Server 6 39 TFTP Copying a Configuration File to a Remote Host 6 39 TFTP Copying a Configuration File from a Remote Host 6 40 Connected Host 6 40 Connec...

Page 113: ...nfig File Controls switch operation When the switch boots the contents of this file are erased and replaced by the contents of the startup config file Flash Non Volatile Memory Startup Config File Preserves the most recently saved configuration through any subsequent reboot CLI configuration changes are written to this file To use the CLI to save the latest version of this file to the startup conf...

Page 114: ...ntly reboots for any reason it will resume operation using the new configuration insteadof theconfigurationpreviously defined in the startup config file There are three ways to save a new configuration In the CLI Use the write memory command This overwrites the current startup config file with the contents of the current running config file In the menu interface Use the Save command This overwrite...

Page 115: ...n select the menu interface VLAN 20 is configured in the running config file but not in the startup config file In this case you will see ProCurve config vlan 20 ProCurve config menu Do you want to save current configuration y n If you type Y the switch overwrites the startup config file with the running config file and your configuration change s will be preserved across reboots If you type N you...

Page 116: ...sting of the current running config file show config status Compares the startup config file to the running config file and lists one of the following results If the two configurations are the same you will see Running configuration is the same as the startup configuration If the two configurations are different you will see Running configuration has been changed and needs to be saved Not e Show c...

Page 117: ...e next reboot or failover is set to boot from a different software image These config changes may be incompatible or not used after a reboot or failover For example the default port mode setting is auto Suppose that your network uses Cat 3 wiring and you want to connect the switch to another autosensing device capable of 100 Mbps operation Because 100 Mbps over Cat 3 wiring can introduce transmiss...

Page 118: ...nges in the current running config file For example ProCurve config interface e 1 disable Disablesport1intherunningconfiguration whichcausesport1toblockalltraffic ProCurve config boot Device will be rebooted do you want to continue y n y Do you want to save current configuration y n Press Y to continue the rebooting process You will then see this prompt Figure 6 2 Boot Prompt for an Unsaved Config...

Page 119: ...CLI the new value will appear in the menu interface display for that parameter However as indicated above unless you also make a configuration change in the menu interface only the write memory command in the CLI will actually save the change to the startup config file How To Reset the startup config and running config Files to the Factory Default Configuration This command reboots the switch repl...

Page 120: ...switch configuration changes without having to reboot the switch That is when you save a configuration change in the menu interface you simultaneously change both the running config file and the startup config file Not e The only exception to this operation are two VLAN related parameter changes that require a reboot described under Rebooting To Activate Configuration Changes on page 6 12 Using Sa...

Page 121: ... switch boot command in the menu interface the switch discards the configuration changes made while using the CLI To ensure that changes made while using the CLI are saved execute writememory in the CLI before rebooting the switch Rebooting from the Menu Interface Terminates the current session and performs a reset of the operating system Activates any configuration changes that require a reboot R...

Page 122: ... a change in the Maximum VLANs to support parameter To access these parameters go to the Main menu and select 2 Switch Configuration then 8 VLAN Menu then 1 VLAN Support If configuration changes requiring a reboot have been made the switch displays an asterisk next to the menu item in which the change has been made For example if you change and save parameter values for the Maximum VLANs to suppor...

Page 123: ...eb browser interface to simultaneously save and implement a subset of switch configuration changes without having to reboot the switch That is when you save a configuration change in most cases by clicking on Apply Changes or Apply Settings you simultaneously change both the running config file and the startup config file Not e If you reconfigure a parameter in the CLI and then go to the browser i...

Page 124: ... proven image in Primary flash to run your system The switch can use only one image at a time The following tasks involve primary secondary flash options Displaying the current flash image data and determining which switch software versions are available Switch software downloads Replacing and removing erasing a local switch software version System booting Displaying the Current Flash Image Data U...

Page 125: ...running on the version stored in the secondary flash image ProCurve config show flash Image Size Bytes Date Version Build Primary Image 7493854 03 21 07 K 12 29 1617 Secondary Image 7463821 03 23 07 K 12 30 1700 Boot Rom Version K 12 30 Default Boot Primary Will boot from primary flash on the next boot Figure 6 8 Example Showing Different Flash Image Versions Determining Which Flash Image Versions...

Page 126: ...r SNMP Download to Primary Yes Yes Yes Yes Download to Secondary No Yes No Yes Boot from Primary Yes Yes Yes Yes Boot from Secondary No Yes No Yes The different software download options involve different copy commands plus xmodem usb and tftp These topics are covered in Appendix A File Transfers Download Interruptions In most cases if a power failure or other cause interrupts a flash image downlo...

Page 127: ...e from primary to secondary or the reverse the switch overwrites the file in the destination location with a copy of the file from the source location This means you do not have to erase the current image at the destination location before copying in a new image C a u t i o n Verify that there is an acceptable software version in the source flash location from which you are going to copy Use the s...

Page 128: ...efore using this command in one flash image location primary or second ary ensure that you have a valid software file in the other flash image location secondary orprimary Ifthe switchhasonly oneflashimage loaded ineither primary or secondary flash and you erase that image then the switch does not have a software image stored in flash In this case if you do not reboot or power cycle the switch you...

Page 129: ...booting the Switch Operating Notes about Booting Default Boot Source The switch reboots from primary flash by default unless you specify the secondary flash by entering either the boot system flash primary secondary or boot set default flash primary secondary command Both the boot command and the reload command will reboot based on how these options have been selected Boot Attempts from an Empty F...

Page 130: ...mmediate reboot is executed The reload at and reload after command information is not saved across reboots If the switch is rebooted before a scheduledreloadcommand isexecuted thecommandiseffectivelycancelled When entering a reload at or reload after command a prompt will appear to confirm the command before it can be processed by the switch For the reload at command if mm dd yy are left blank the...

Page 131: ...t parameters seepage6 25fordetails Setting the Default Flash You can specify the default flash to boot from on the next boot by entering the boot set default flash command Syntax boot set default flash primary secondary Upon booting set the default flash for the next boot to primary or secondary ProCurve config boot set default flash secondary ProCurve config show flash Image Size Bytes Date Versi...

Page 132: ...e standby management module Note This is changed from always booting from primary flash You are prompted with a message which will indicate the flash being booted from system Boots the switch You can specify the flash image to boot from When using redundant management boots both the active and standby management modules config You can optionally select a configuration file from which to boot ProCu...

Page 133: ...her management module s console interface Do you want to continue y n n Figure 6 15 Example of Boot Command Booting from a Different Flash than the Current Flash with Redundant Management Module Present Booting from a Specified Flash This version of the boot command gives you the option of specifying whether to reboot from primary or secondary flash and is the required command for rebooting from s...

Page 134: ... or secondary or the flash image that was set either by the boot set default command or by the last executed boot system flash primary secondary command Because reload bypasses some subsystem self tests the switch reboots faster than if you use either of the boot command options If you are using redundant management and redundancy is enabled the switch will failover to the other management module ...

Page 135: ...passed at Schedules a warm reboot of the switch at a given time The no form of the command removes a pending reboot request For more details and examples see below The scheduled reload feature removes the requirement to physically reboot the switch at inconvenient times for example at 1 00 inthe morning Instead a reload at 1 00 mm dd command can be executed where mm dd is the date the switch is sc...

Page 136: ...0 Reload scheduled in 4 days 14 hours 0 minutes This command will cause a switchover at the scheduled time to the other management module which may not be running the same software image and configurations Do you want to continue y n Figure 6 18 An Example of the reload Command with a Redundant Management System 6 26 ...

Page 137: ...tions for selecting which startup config file to use for A fixed reboot policy using a specific startup config file for a specific boot path primary or secondary flash Overriding the current reboot policy on a per instance basis Boot Command Secondary Boot Path Primary Boot Path Startup Config Options File 1 File 2 File 3 Running Config Figure 6 19 Optional Reboot Process While you can still use r...

Page 138: ...ny of the memory slots if the software version supports the configured features Boot Options With multiple startup config files in the switch you can spec ify a policy for the switch to use upon reboot The options include Use the designated startup config file with either or both reboot paths primary or secondary flash Override the current reboot policy for one reboot instance by specifying a boot...

Page 139: ...anges to Source Startup Config File Figure 6 20 Example of Reboot Process and Making Changes to the Startup Config File Creating an Alternate Startup Config File There are two methods for creating a new configuration file Copy an existing startup config file to a new filename then reboot the switch make the desired changes to the running config file then execute write memory Refer to figure 6 6 20...

Page 140: ...workingConfig Assigns the workingConfig file as the active configuration and the default configuration for all subsequent reboots using either primary or second ary flash Figure 6 21 Switch Memory Assignments After the First Reboot from Software Supporting Multiple Configuration In the above state the switch always Uses the workingConfig file to reboot The commands described later in this section ...

Page 141: ...config file is currently in use pri An asterisk in this column indicates that the corresponding startup config file is currently assigned to the primary boot path sec An asterisk in this column indicates that the corresponding startup config file is currently assigned to the secondary boot path name Shows the filename for each listed startup config file in the switch Refer to Renaming an Existing ...

Page 142: ...tem flash primary secondary config filename 6 34 You can boot the switch using any available startup config file Changing the Reboot Configuration Policy For a given reboot the switch automatically reboots from the startup config file assigned to the flash location primary or secondary being used for the current reboot For exam ple when you first download a software version that supports multiple ...

Page 143: ... single reboot instance use the boot system flash command with the options described under Overriding the Default Reboot Configuration Policy on page 6 34 For example suppose Software release A is stored in primary flash and a later software release is stored in secondary flash The system operator is using memory slot 1 for a reliable minimal configuration named minconfig for the software version ...

Page 144: ...t instance only This command overrides the current reboot policy Using Reload To Reboot From the Current Flash Image and Startup Config File Syntax reload This command boots the switch from the currently active flash image and startup config file Because reload bypasses some subsystem self tests the switch boots faster than if you use a boot command Note To identify the currently active startup co...

Page 145: ...isting startup config file in one memory slot to a new startup config file in another empty memory slot This enables you to use a sepa rate configuration file to experiment with configuration changes while preserving the source file unchanged It also simplifies a transition from one software version to another by enabling you to preserve the startup config file for the earlier software version whi...

Page 146: ...ands copy the config1 startup config file to config2 and then make config2 the default startup config file for booting from secondary flash Figure 6 23 Example of Creating and Assigning a New Startup Config File Not e You can also generate a new startup config file by booting the switch from a flash memory location from which you have erased the currently assigned startup config file Refer to Eras...

Page 147: ...le erasing the file does not remove the flash assignment from the memory slot for that file Thus if the switch boots using a flash location that does not have an assigned startup config then the switch creates a new default startup config file and uses this file in the reboot This new startup config file contains only the default configuration for the software version used in the reboot Executing ...

Page 148: ... Reset Button Combination To Reset the Switch to Its Default Configuration The Clear Reset button combination described in the Installation and Getting Started Guide produces these results That is when you press the Clear Reset button combination the switch Overwrites the content of the startup config file currently in memory slot 1 with the default configuration for the software version in primar...

Page 149: ...addr remote file pc unix below copy config src file xmodem pc unix 6 40 copy xmodem config dest file pc unix 6 41 TFTP Copying a Configuration File to a Remote Host Syntax copy config src file tftp ip addr remote file pc unix This is an addition to the copy tftp command options Use this command to upload a configuration file from the switch to a TFTP server For more on using TFTP to copy a file to...

Page 150: ...fer to TFTP Copying a Configuration File from a Remote Host on page A 26 For example the following command copies a startup config file named test 01 txt from a UNIX TFTP server at IP address 10 10 28 14 to the first empty memory slot in the switch ProCurve config copy tftp config test 01 10 10 28 14 test 01 txt unix Xmodem Copying a Configuration File to a Serially Connected Host Syntax copy conf...

Page 151: ...nd options Use this command to download a configuration file from an Xmodem host to the switch For more on using Xmodem to copy a file from a serially connected host refer to Xmodem Copying a Configuration File from a Serially Connected PC or UNIX Workstation on page A 27 Operating Notes for Multiple Configuration Files SFTP SCP The configuration files are available for sftp scp transfer as cfg fi...

Page 152: ...Switch Memory and Configuration Multiple Configuration Files 6 42 ...

Page 153: ...7 3 Menu Modifying the Interface Access 7 4 CLI Modifying the Interface Access 7 5 Denying Interface Access by Terminating Remote Management Sessions 7 8 System Information 7 10 Menu Viewing and Configuring System Information 7 11 CLI Viewing and Configuring System Information 7 12 Web Configuring System Parameters 7 16 7 1 ...

Page 154: ...ng the Menu Interface Chapter 4 Using the Command Line Interface CLI Chapter 5 Using the ProCurve Web Browser Interface Why Configure Interface Access and System Information The inter face access features in the switch operate properly by default However you can modify or disable access features to suit your particular needs Similarly you can choose to leave the system information parameters at th...

Page 155: ...led page 7 4 page 7 6 Terminal type VT 100 page 7 6 Event Log event types to list All page 7 6 Displayed Events Baud Rate Speed Sense page 7 6 Flow Control XON XOFF page 7 6 In most cases the default configuration is acceptable for standard operation Not e Basic switch security is through passwords You can gain additional security by using the security features described in the Access Security Gui...

Page 156: ...enu Select 2 Switch Configuration 1 System Information Interface Access Parameters Figure 7 1 The Default Interface Access Parameters Available in the Menu Interface 2 Press E for Edit The cursor moves to the System Name field 3 Use the arrow keys v to move to the parameters you want to change Refer to the online help provided with this screen for further information on configuration options for t...

Page 157: ... mand lists the current interface access parameter settings Syntax show console This example shows the switch s default console serial configuration Interface Access Enable Disable Console Control Options Event Log Event Types To List Figure 7 2 Listing of Show Console Command Reconfigure Inbound Telnet Access In the default configuration inbound Telnet access is enabled Syntax no telnet server To...

Page 158: ... web browser access is enabled Syntax no web management To disable web browser access ProCurve config no web management To re enable web browser access ProCurve config web management Reconfigure the Console Serial Link Settings You can reconfigure one or more console parameters with one console command Syntax console terminal vt100 ansi none screen refresh 1 3 5 10 20 30 45 60 baud rate speed sens...

Page 159: ...memory and then execute boot before the new console configuration will take effect For example to use one command to configure the switch with the following VT100 operation 19 200 baud No flow control 10 minute inactivity time Critical log events you would use the following command sequence TheswitchimplementstheEventLogchangeimmediately Theswitchimplements the other console changes after executin...

Page 160: ...cessbyTerminating Remote Management Sessions The switch supports up to five management sessions You can use show ip ssh to list the current management sessions and kill to terminate a currently running remote session Kill does not terminate a Console session on the serial port either through a direct connection or via a modem It does not affect the console on the standby module Syntax kill session...

Page 161: ...cess and System Information Denying Interface Access by Terminating Remote Management Sessions The kill 2 command terminates session 2 Session 2 is an active Telnet session Figure 7 5 Example of Using the Kill Command To Terminate a Remote Session 7 9 ...

Page 162: ...al but recommended System Name Using a unique name helps you to identify individual devices where you are using an SNMP network management tool such as ProCurve Manager System Contact and Location This information is helpful for identifying the person administratively responsible for the switch and for identifying the locations of individual switches MAC Age Time The number of seconds a MAC addres...

Page 163: ...or your location The default is None For more on this topic refer to Appendix D Daylight Savings Time on ProCurve Switches Time Used in the CLI to specify the time of day the date and other system parameters Menu Viewing and Configuring System Information To access the system information parameters 1 From the Main Menu Select 2 Switch Configuration 1 System Information System Information Figure 7 ...

Page 164: ...d return to the Main Menu CLI Viewing and Configuring System Information System Information Commands Used in This Section show system information below hostname below snmp server below contact location mac age time page 7 15 time timezone page 7 15 daylight time rule page 7 15 date page 7 16 time Listing the Current System Information Thiscommandliststhecurrent system information settings Syntax s...

Page 165: ...th Next 4474 as the system contact and North Data Room as the location New hostname contact and location data from previous commands Additional System Information Figure 7 8 System Information Listing After Executing the Preceding Commands The menu interface will only display up to 47 characters although you can specify a name up to 255 characters in length A message beginning with displays if the...

Page 166: ...00 Inbound Telnet Enabled Yes Yes Web Agent Enabled Yes Yes Time Sync Method None TIMEP TimeP Mode Disabled Disabled Tftp enable Yes Yes Time Zone 0 0 Daylight Time Rule None None Actions Cancel Edit Save Help Cancel changes and return to previous screen Use arrow keys to change action selection and Enter to execute action Figure 7 9 Menu Screen Showing System Information The Web Browser interface...

Page 167: ...r example to configure the age time to seven minutes ProCurve config mac age time 420 Configure the Time Zone and Daylight Time Rule These commands Set the time zone you want to use Define the daylight time rule for keeping the correct time when daylight saving time shifts occur Syntax time timezone 720 840 time daylight time rule none alaska continental us and canada middle europe and portugal so...

Page 168: ... 1 p m to midnight are input as 13 24 respectively Syntax time hh mm ss mm dd yy yy For example to set the switch to 9 45 a m on November 17 2002 ProCurve config time 9 45 11 17 02 Not e Executing reloadorboot resets the time and date to their default startup values Web Configuring System Parameters In the web browser interface you can enter the following system information System Name System Loca...

Page 169: ...e To Live TTL 8 6 Web Configuring IP Addressing 8 10 How IP Addressing Affects Switch Operation 8 11 DHCP Bootp Operation 8 12 Network Preparations for Configuring DHCP Bootp 8 14 Loopback Interfaces 8 15 Introduction 8 15 Configuring a Loopback Interface 8 16 Displaying Loopback Interface Configurations 8 18 IP Preserve Retaining VLAN 1 IP Addressing Across Configuration File Downloads 8 20 Opera...

Page 170: ...depend on IP addressing to operate IP Configuration IP Configuration Features Feature Default Menu CLI Web IP Address and Subnet Mask DHCP Bootp page 8 5 page 8 6 page 8 10 Multiple IP Addresses on a VLAN n a page 8 8 Default Gateway Address none page 8 5 page 8 6 page 8 10 Packet Time To Live TTL 64 seconds page 8 5 page 8 6 Time Server Timep DHCP page 8 5 page 8 6 IP Address and Subnet Mask Conf...

Page 171: ... default gateway and DHCP Bootp is configured on the primary VLAN then the default gateway value provided by the DHCP or Bootp server will be used If the switch has a manually configured default gateway then the switch uses his gateway even if a different gateway is received via DHCPor Bootp onthe primary VLAN This is also true for manually configured TimeP SNTP and Time To Live TTL In the default...

Page 172: ...arning the default gateway address The switch can also learn other settings from a DHCP or Bootp server such as packet Time To Live TTL and Timep or SNMP settings Other VLANs can also use DHCP or BootP to acquire IP addressing However the switch s gateway TTL and TimeP or SNTP values which are applied globally and not per VLAN will be acquired through the primary VLAN only unless manually set by u...

Page 173: ...ddressing 1 From the Main Menu Select 2 Switch Configuration 5 IP Configuration Not e s If multiple VLANs are configured a screen showing all VLANs appears instead of the following screen The Menu interface displays the IP address for any VLAN If you use the CLI to configure the IP address on a VLAN use the CLI show ip command to list them Refer to Viewing the Current IP Configuration on page 8 6 ...

Page 174: ...e Tab key to move to the other IP configuration fields 6 Select the IP Address field and enter the IP address for the switch 7 Select the Subnet Mask field and enter the subnet mask for the IP address 8 Press Enter then S for Save CLI Configuring IP Address Gateway and Time To Live TTL IP Commands Used in This Section Page show ip 8 6 ip address mask length 8 7 8 8 ip address mask bits 8 7 8 8 ip ...

Page 175: ...sing With multiple VLANs and some other features configured show ip provides additional information A Switch with IP Addressing and VLANs Configured Figure 8 3 Example of Show IP Listing with Non Default IP Addressing Configured Configure an IP Address and Subnet Mask The following command includes both the IP address and the subnet mask You must either include the ID of the VLAN for which you are...

Page 176: ...ddress configured in VLAN 1 ProCurve config no vlan 1 ip address 10 28 227 103 24 Configure Multiple IP Addresses on a VLAN Multinetting The fol lowing is supported Up to 2000 IP addresses for the switch Up to 32 IP addresses for the same VLAN Up to 512 IP VLANs that is VLANs on which you can configure IP addresses Each IP address on a VLAN must be for a separate subnet whether on the same VLAN or...

Page 177: ...ing a Multinetted VLAN If you then wanted to multinet the default VLAN you would do the following Figure 8 5 Example of Multinetting on the Default VLAN Not e The Internet IP Service screen in the Menu interface figure 8 1 on page 8 5 displays the first IP address for each VLAN You must use the CLI show ip command to display the full IP address listing for multinetted VLANs 8 9 ...

Page 178: ...P default gateway is not used Thus to avoid loss of Telnet access to off subnet management stations you should use the ip route command to configure a static default route before enabling routing For more information refer to the chapter titled IP Routing Features in the Multicast and Routing Guide for your switch Configure Time To Live TTL The maximum number of routers hops through which a packet...

Page 179: ...ce DHCP or Bootp support for automatic IP address configuration and DHCP support for automatic Timep server IP address configuration Multiple Spanning Tree Protocol Port settings and port trunking Switch meshing Console based status and counters information for monitoring switch operation and diagnosing problems through the CLI or menu interface VLANs and GVRP Serial downloads of software updates ...

Page 180: ...viously configured IP address and subnet mask for the switch The switch also receives an IP Gateway address if the server has been config ured to provide one In the case of Bootp the server must first be configuredwithanentrythathastheswitch sMACaddress Todetermine the switch s MAC address refer to Appendix D MAC Address Manage ment The switch properly handles replies from either type of server If...

Page 181: ...ocumenta tion provided with the DHCP server Bootp Operation When a Bootp server receives a request it searches its Bootp database for a record entry that matches the MAC address in the Bootp request from the switch If a match is found the configuration data in the associated database record is returned to the switch For many Unix systems the Bootp database is contained in the etc bootptab file In ...

Page 182: ...figuration file T144 is the vendor specific tag identifying the configuration file to download vm is a required entry that specifies the Bootp report format Use rfc1048 for the switches covered in this guide Not e The above Bootp table entry is a sample that will work for the switch when the appropriate addresses and file names are used Network Preparations for Configuring DHCP Bootp In its defaul...

Page 183: ...ion file exists in the TFTP directory Loopback Interfaces This section describes how to configure and use user defined loopback inter faces on the switch Introduction By default each switch has an internal loopback interface lo0 with the IP address 127 0 0 1 This IP address is used only for internal traffic transmitted within the switch and is not used in packet headers in egress traffic sent to n...

Page 184: ... interface goes down OSPF can no longer ping the switch using the router ID even if other interfaces are operational For more information about how to configure a loopback IP address to participate in an OSPF broadcast area refer to the section titled Optional Assigning Loopback Addresses to an Area in the Multicast and Routing Guide Configuring a Loopback Interface To configure a loopback interfa...

Page 185: ... switch This means that the address cannot be used by a VLAN interface or another loopback interface For example if you configure a VLAN with IP address 172 16 100 8 24 you cannot configure a loopback interface with IP address 172 16 100 8 In the same way if you configure a loopback interface lo1 with IP address 172 16 101 8 you cannot configure another loopback interface lo2 with IP address 172 1...

Page 186: ...2 ProCurve show ip Internet IP Service IP Routing Enabled Default TTL 64 ARP Age 20 VLAN IP Config IP Address Subnet Mask Proxy ARP DEFAULT_VLAN Manual 10 0 8 121 255 255 0 0 No VLAN2 Manual 192 168 12 1 255 255 255 0 No VLAN3 Disabled Loopback Addresses Loopback IP Config IP Address Subnet Mask lo1 Manual 172 16 110 2 255 255 255 255 lo2 Manual 172 16 112 2 255 255 255 255 lo2 Manual 172 16 114 1...

Page 187: ...the default loopback interface lo0 and one user defined loopback interface lo2 ProCurve show ip route IP Route Entries IP Routing Enabled Default TTL 64 ARP Age 20 Destination Gateway VLAN Type Metric Dist 10 0 0 0 16 DEFAULT_VLAN 1 connected 1 0 127 0 0 0 8 reject static 0 0 127 0 0 1 32 lo0 connected 1 0 172 16 10 121 32 lo2 static 1 0 172 16 100 0 24 10 0 8 11 1 ospf 1 1 172 16 102 0 24 VLAN2 2...

Page 188: ...P address subnet mask and IP gateway address when the switch downloads the file and reboots The switch adopts all other configuration parameters in the configuration file into the startup config file If the switch s current IP addressing for VLAN 1 is from a DHCP server IP Preserve is suspended In this case whatever IP addressing the config uration file specifies is implemented when the switch dow...

Page 189: ...ider figure 8 10 Switch 4 VLAN 1 DHCP Switch 3 VLAN 1 10 31 22 103 Switch 1 VLAN 1 10 31 22 101 DHCP Server Switch 2 VLAN 1 10 31 22 102 config IP Address Switches 1 through 3 copy and implement the config txt file from the TFTP server figure 8 11 but retain their current IP Switch 4 also copies and implements the config txt file from the TFTP server figure 8 11 but acquires new IP addressing from...

Page 190: ...was not acquired through DHCP Bootp ip address dhcp bootp Switch 4 ignores IP Preserve and implements the exit DHCP Bootp addressing and IP Gateway specified in spanning tree Trk1 priority 4 password manager this file because its last IP addressing was acquired from a DHCP Bootp server password operator ip default gateway 10 10 10 115 snmp server community public Unrestricted Figure 8 11 Configura...

Page 191: ...5 255 255 0 tagged A4 A6 no untagged A2 A3 exit vlan 2 name VLAN2 untagged A2 A3 no ip address exit spanning tree Trk1 priority 4 password manager password operator Figure 8 12 Configuration File in TFTP Server with Dedicated IP Addressing Instead of DHCP Bootp To summarize the IP Preserve effect on IP addressing If the switch received its most recent VLAN 1 IP addressing from a DHCP Bootp server ...

Page 192: ...Configuring IP Addressing IP Preserve Retaining VLAN 1 IP Addressing Across Configuration File Downloads 8 24 ...

Page 193: ...urrent SNTP Configuration 9 8 Configuring Enabling or Disabling the SNTP Mode 9 10 TimeP Viewing Selecting and Configuring 9 15 Menu Viewing and Configuring TimeP 9 16 CLI Viewing and Configuring TimeP 9 18 Viewing the Current TimeP Configuration 9 18 Configuring Enabling or Disabling the TimeP Mode 9 20 SNTP Unicast Time Polling with Multiple SNTP Servers 9 24 Address Prioritization 9 24 Displayi...

Page 194: ... time In the factory default configuration the time synchronization option is set to TimeP with the TimeP mode itself set to Disabled TimeP Time Synchronization You can either manually assign the switch to use a TimeP server or use DHCP to assign the TimeP server In either case the switch can get its time synchro nization updates from only one designated Timep server This option enhances security ...

Page 195: ...chronization Protocol or Turning Off Time Protocol Operation General Steps for Running a Time Protocol on the Switch 1 Select the time synchronization protocol SNTP or TimeP the default 2 Enable the protocol The choices are SNTP Broadcast or Unicast TimeP DHCP or Manual 3 Configure the remaining parameters for the time protocol you selected The switch retains the parameter settings for both time p...

Page 196: ...Configuring SNTP Feature Default Menu CLI Web view the SNTP time synchronization configuration n a page 9 5 page 9 8 select SNTP as the time synchronization method timep page 9 6 page 9 10 ff disable time synchronization timep page 9 6 page 9 13 enable the SNTP mode Broadcast Unicast or Disabled disabled broadcast n a page 9 6 page 9 10 unicast n a page 9 6 page 9 11 none disabled n a page 9 6 pag...

Page 197: ...roadcast time update from the next server it detects Poll Interval seconds In Unicast Mode Specifies how often the switch polls the designated SNTP server for a time update In Broadcast Mode Specifies how often the switch polls the network broadcast address for a time update Server Address Used only when the SNTP Mode is set to Unicast Specifies the IP address of the SNTP server that the switch ac...

Page 198: ...c Method field 4 Use the Space bar to select SNTP then press v once to display and move to the SNTP Mode field 5 Do one of the following Use the Space bar to select the Broadcast mode then press v to move the cursor to the Poll Interval field and go to step 6 For Broadcast mode details refer to SNTP Operating Modes on page 9 2 Figure 9 2 Time Configuration Fields for SNTP with Broadcast Mode Use t...

Page 199: ...rver when the switch already has one or more SNTP servers config ured causes the switch to delete the primary SNTP server from the server list and to select a new primary SNTP server from the IP address es in the updated list For more on this topic refer to SNTP Unicast Time Polling with Multiple SNTP Servers on page 9 24 iv Press to move the cursor to the Poll Interval field then go to step 6 Not...

Page 200: ...no sntp 9 14 This section describes how to use the CLI to view enable and configure SNTP parameters Viewing the Current SNTP Configuration Syntax show sntp This command lists both the time synchronization method TimeP SNTP or None and the SNTP configuration even if SNTP is not the selected time protocol For example if you configured the switch with SNTP as the time synchronization method then enab...

Page 201: ...urrently in use For example Even though in this example TimeP is the current time synchronous method the switch maintains the SNTP configuration Figure 9 5 Example of SNTP Configuration When SNTP Is Not the Selected Time Synchronization Method Syntax show management This command can help you to easily examine and compare the IP addressing on the switch It lists the IP addresses for all time server...

Page 202: ...LI timesync command or the Menu interface Time Sync Method parameter Syntax timesync sntp Selects SNTP as the time protocol sntp broadcast unicast Enables the SNTP mode below and page 9 11 Syntax sntp server ip addr Required only for unicast mode page 9 11 Syntax sntp poll interval 30 720 Enabling the SNTP mode also enables the SNTP poll interval default 720 seconds page 9 13 Enabling SNTP in Broa...

Page 203: ...uration and shows that SNTP is now the currently active time synchronization mode and is configured for broadcast operation 4 4 Figure 9 7 Example of Enabling SNTP Operation in Broadcast Mode Enabling SNTP in Unicast Mode Like broadcast mode configuring SNTP for unicast mode enables SNTP However for Unicast operation you must also specify the IP address of at least one SNTP server The switch allow...

Page 204: ...ast mode ProCurve config sntp server 10 28 227 141 Specifies the SNTP server and accepts the current SNTP server version default 3 In this example the Poll Interval and the Protocol Version appear at their default settings Note Protocol Version appears only when there is an IP address configured for an SNTP server Figure 9 8 Example of Configuring SNTP for Unicast Operation If the SNTP server you ...

Page 205: ...val parameter used for Timep operation For example to change the poll interval to 300 seconds ProCurve config sntp poll interval 300 Disabling Time Synchronization Without Changing the SNTP Configuration The recommended method for disabling time synchroniza tion is to use the timesync command Syntax no timesync Halts time synchronization without changing your SNTP configuration For example suppose...

Page 206: ...Disables SNTP by changing the SNTP mode configuration to Disabled For example if the switch is running SNTP in Unicast mode with an SNTP server at 10 28 227 141 and a server version of 3 the default no sntp changes the SNTP configuration as shown below and disables time synchronization on the switch Even though the Time Sync Mode is set to Sntp time synchronization is disabled because no sntp has ...

Page 207: ...ync Method parameter or the CLI timesync command DHCP When Timep is selected as the time synchronization method the switch attempts to acquire a Timep server IP address via DHCP If the switch receives a server address it polls the server for updates according to the Timep poll interval If the switch does not receive a Timep server IP address it cannot perform time synchronization updates Manual Wh...

Page 208: ...NTP None Figure 9 12 The System Information Screen Default Values Press E for Edit The cursor moves to the System Name field 2 Use v to move the cursor to the Time Sync Method field 3 If TIMEP is not already selected use the Space bar to select TIMEP then press v once to display and move to the TimeP Mode field 4 Do one of the following Use the Space bar to select the DHCP mode then press v to mov...

Page 209: ...for time synchronization Note This step replaces any previously configured TimeP server IP address iii Press to move the cursor to the Poll Interval field then go to step 6 5 In the Poll Interval field enter the time in minutes that you want for a TimeP Poll Interval Press Enter to return to the Actions line then S for Save to enter the new time protocol configuration in both the startup config an...

Page 210: ...full TimeP config uration or a combined listing of all TimeP SNTP and VLAN IP addresses configured on the switch Syntax show timep This command lists both the time synchronization method TimeP SNTP or None and the TimeP configuration even if SNTP is not the selected time protocol If the TimeP Mode is set to Disabled or DHCP then the Server field does not appear For example if you configure the swi...

Page 211: ... the TimeP configuration Figure 9 14 Example of TimeP Configuration When TimeP Is Not the Selected Time Synchronization Method Syntax show management This command can help you to easily examine and compare the IP addressing on the switch It lists the IP addresses for all time servers configured on the switch plus the IP addresses and default gateway for all VLANs configured on the switch Figure 9 ...

Page 212: ...ables the selected TimeP mode Syntax no ip timep Disables the TimeP mode Syntax no timesync Disables the time protocol Enabling TimeP in DHCP Mode Because the switch provides a TimeP polling interval default 720 minutes you need only these two commands for a minimal TimeP DHCP configuration Syntax timesync timep Selects TimeP as the time synchronization method Syntax ip timep dhcp Configures DHCP ...

Page 213: ...itch allows only one TimeP server To enable the TimeP protocol Syntax timesync timep Selects Timep Syntax ip timep manual ip addr Activates TimeP in Manual mode with a specified TimeP server Syntax no ip timep Disables TimeP Not e To change from one TimeP server to another you must 1 use the no ip timep command to disable TimeP mode and then reconfigure TimeP in Manual mode with the new server IP ...

Page 214: ...nd lets you specify how long the switch waits between time polling intervals The default is 720 minutes and the range is 1 to 9999 minutes This parameter is separate from the poll interval parameter used for SNTP operation Syntax ip timep dhcp manual interval 1 9999 For example to change the poll interval to 60 minutes ProCurve config ip timep interval 60 9 22 ...

Page 215: ...imesync If you then viewed the TimeP configuration you would see the following Figure 9 18 Example of TimeP with Time Sychronization Disabled Disabling the TimeP Mode Disabling the TimeP mode means to configure it as disabled Disabling TimeP prevents the switch from using it as the time synchronization protocol even if it is the selected Time Sync Method option Syntax no ip timep Disables TimeP by...

Page 216: ...ends an error message to the Event LogandreschedulestotrytheaddresslistagainaftertheconfiguredPollInterval time has expired Address Prioritization If you use the CLI to configure multiple SNTP servers the switch prioritizes them according to the decimal values of their IP addresses That is the switch compares the decimal value of the octets in the addresses and orders them accordingly with the low...

Page 217: ... all configured SNTP servers on the switch Figure 9 20 Example of How To List All SNTP Servers Configured on the Switch Adding and Deleting SNTP Server Addresses Adding Addresses As mentioned earlier you can configure one SNTP server address using either the Menu interface or the CLI To configure a second and third address you must use the CLI For example suppose you have already configured the pr...

Page 218: ...ng addresses with a new one you must delete the unwanted address before you configure the new one Deleting Addresses To delete an address you must use the CLI If there are multiple addresses and you delete one of them the switch re orders the address priority Refer to Address Prioritization on page 9 24 Syntax no sntp server ip addr For example to delete the primary address in the above example an...

Page 219: ...owing three SNTP server IP addresses configured 10 28 227 141 primary 10 28 227 153 secondary 10 29 227 100 tertiary If you use the Menu interface to add 10 28 227 160 the new prioritized list will be New Address List Address Status 10 28 227 153 New Primary The former primary 10 28 227 141 was deleted when you used the menu to add 10 28 227 160 10 28 227 160 New Secondary 10 29 227 100 Same Terti...

Page 220: ...Time Protocols SNTP Messages in the Event Log 9 28 ...

Page 221: ...ring a Broadcast Limit on the Switch 10 14 Configuring ProCurve Auto MDIX 10 15 Web Viewing Port Status and Configuring Port Parameters 10 18 Using Friendly Optional Port Names 10 18 Configuring and Operating Rules for Friendly Port Names 10 18 Configuring Friendly Port Names 10 19 Displaying Friendly Port Names with Other Port Data 10 20 Uni Directional Link Detection UDLD 10 24 Configuring UDLD ...

Page 222: ... viewing transceiver status n a n a page 10 9 page 10 18 configuring ports Refer to Table page 10 6 page 10 11 page 10 18 10 1 on pages 10 3 thru 10 4 configuring ProCurve auto mdix page 9 11 If the switch either fails to show a link between an installed transceiver and another device or demonstrates errors or other unexpected behavior on the link check the port configuration on both devices for a...

Page 223: ...tion under 1 Status and Counters in the menu interface MDI Sets the port to connect with a PC using a crossover cable Manual mode applies only to copper port switches using twisted pair copper Ethernet cables MDIX Sets the port to connect with a PC using a straight through cable Manual mode applies only to copper port switches using twisted pair copper Ethernet cables Auto 10 Allows the port to ne...

Page 224: ... port for automatic detection of the cable type straight through or crossover MDI Configures the port to connect to a switch hub or other MDI X device with a straight through cable MDIX Configures the port to connect to a PC or other MDI device with a straight through cable Flow Control Disabled default The port does not generate flow control packets and drops any flow control packets it receives ...

Page 225: ...the port configuration Using the Menu To View Port Configuration The menu interface dis plays the configuration for ports and if configured any trunk groups From the Main Menu select 1 Status and Counters 4 Port Status In this example ports A7 and A8 have previously been configured as a trunk group Figure 10 1 Example of a Switch Port Status Screen 10 5 ...

Page 226: ...roup Type A1 1000T Yes Auto 10 100 Disable A2 1000T Yes Auto 10 100 Disable A3 1000T Yes Auto Disable A4 1000T Yes Auto Disable A5 1000T Yes Auto Disable A6 1000T Yes Auto Disable A7 1000T Yes Auto Disable Trk1 Trunk A8 1000T Yes Auto Disable Trk2 Trunk Actions Cancel Edit Save Help Cancel changes and return to previous screen Use arrow keys to change action selection and Enter to execute ac tion ...

Page 227: ...speed duplex page 10 11 flow control page 10 12 broadcast limit page 10 14 auto mdix page 10 15 Viewing Port Status and Configuration Use the following commands to display port status and configuration data Syntax show interfaces brief config port list brief Lists the current operating status for all ports on the switch config Lists a subset of configuration data for all ports on the switch that i...

Page 228: ... 0 B5 100 1000T No Yes Down 1000FDx Auto off 0 B6 100 1000T No Yes Down 1000FDx Auto off 0 Figure 10 3 Example of Show Interfaces Brief Command Listing Use the show interfaces config command to view the port settings as shown below ProCurve config show interfaces config Port Settings Port Type Enabled Mode Flow Ctrl MDI B1 100 1000T Yes Auto 10 100 Disable Auto B2 100 1000T Yes Auto Disable Auto B...

Page 229: ... Operating Notes Foreachportontheswitch thecommandprovidesareal timedisplay oftherateatwhichdataisreceived Rx andtransmitted Tx interms of kilobits per second KBits s number of packets per second Pkts s and utilization Util expressed as a percentage of the total band width available The show interfaces port list command can be used to display the current link status and the port rate average over ...

Page 230: ...ransceivers Command Operating Notes The following information is displayed for each installed transceiver Port number on which transceiver is installed Type of transceiver Product number Includes revision letter such as A B or C If no revision letter follows a product number this means that no revision is available for the transceiver Part number Allows you to determine the manufacturer for a spec...

Page 231: ...ecifies the port s data transfer speed and mode Does not use the no form of the command Default auto Note that in the above syntax you can substitute an int for interface that is int port list The 10 100 auto negotiation feature allows a port to establish a link with a port at the other end at either 10 Mbps or 100 Mbps using the highest mutual speed and duplex mode available Only these speeds are...

Page 232: ...sabling Flow Control on page 10 12 for more on flow control Enabling or Disabling Flow Control Not e You must enable flow control on both ports in a given link Otherwise flow control does not operate on the link and appears as Off in the show interfaces brief port listing even if flow control is configured as enabled on the port in the switch Refer to Figure 10 3 on page 10 8 Also the port speed d...

Page 233: ... flow control is currently disabled on the switch you would use these commands Enables per port flow control for ports A1 A6 Figure 10 8 Example of Configuring Flow Control for a Series of Ports Disables per port flow control on ports A5 and A6 Figure 10 9 Example Continued from Figure 10 8 10 13 ...

Page 234: ...ve int B1 broadcast limit 1 Broadcast Limit Syntax broadcast limit 0 99 Enables or disables broadcast limiting for outbound broadcasts on a selected port on the switch The value selected is the percentage of traffic allowed for example broadcast limit 5 allows 5 of the maximum amount of traffic for that port A value of zero disables broadcast limiting for that port Note You must switch to port con...

Page 235: ... port makes the necessary adjustments to accommodate either one for correct operation The following port types on your switch support the IEEE 802 3ab standard which includes the Auto MDI MDI X feature 10 100 TX xl module ports 100 1000 T xl module ports 10 100 1000 T xl module ports Using the above ports If you connect a copper port using a straight through cable on a switch to a port on another ...

Page 236: ...ugh Cable Crossover Cable Auto MDI X The Default Either Crossover or Straight Through Cable The Auto MDIX features apply only to copper port switches using twisted pair copper Ethernet cables Syntax interface port list mdix mode auto mdix mdi mdix auto mdix is the automatic default setting This configures the port for automatic detection of the cable either straight through or crossover mdi is the...

Page 237: ...ay matches the configured setting If the link to another device was up but has gone down this command shows the last operating MDI mode the port was using If a port on a given switch has not detected a link to another device since the last reboot this command lists the MDI mode to which the port is currently configured For example show interfaces config displays the following data when port A1 is ...

Page 238: ...er 12 Port Trunking Using Friendly Optional Port Names Feature Default Menu CLI Web Configure Friendly Port Names Standard Port Numbering n a page 19 n a Display Friendly Port Names n a n a page 20 n a This feature enables you to assign alphanumeric port names of your choosing to augment automatically assigned numeric port names This means you can configure meaningful port names to make it easier ...

Page 239: ...es within friendly port names are not allowed and if used cause an invalidinput error The switch interprets a blank space as a name terminator In a port listing not assigned indicates that the port does not have a name assignment other than its fixed port number To retain friendly port names across reboots you must save the current running configuration to the startup config file after entering th...

Page 240: ...g combinations show name Displays a listing of port numbers with their corresponding friendly port names and also quickly shows you which ports do not have friendly name assignments show name data comes from the running config file showinterface port number Displays the friendly port name if any along with the traffic statistics for that port The friendly port name data comes from the running conf...

Page 241: ...ort names assigned in previous examples Ports Without Friendly Figure 10 15 Example of Friendly Port Name Data for All Ports on the Switch Port Without a Friendly Name Friendly port names assigned in previous examples Figure 10 16 Example of Friendly Port Name Data for Specific Ports on the Switch Including Friendly Port Names in Per Port Statistics Listings A friendly port name configured to a po...

Page 242: ...iven port if a friendly port name does not exist in the running config file the Name line in the above command output appears as Name not assigned To Search the Configuration for Ports with Friendly Port Names This option tells you which friendly port names have been saved to the startup config file show config does not include ports that have only default settings in the startup config file Synta...

Page 243: ...The name entered for port A2 is not saved becauseitwasexecutedafter write memory In this case show config lists only port A1 Executing write memafterenteringthenamefor port A2 and then executing show config again would result in a listing that includes both Listing includes friendly port name for port A1 only Figure 10 18 Example Listing of the Startup Config File with a Friendly Port Name Configu...

Page 244: ...ird Party Switch ProCurve Switch Figure 10 19 UDLD Example In this example each ProCurve switch load balances traffic across two ports in a trunk group Without the UDLD feature a link failure on a link that is not directly attached to one of the ProCurve switches remains undetected As a result each switch continue to send traffic on the ports connected to the failed link When UDLD is enabled on th...

Page 245: ...meshing will not use the bad link to load balance packets The port will remain blocked until the link is unplugged disabled or fixed The port can also be unblocked by disabling UDLD on the port Configuring UDLD When configuring UDLD keep the following considerations in mind UDLD is configured on a per port basis and must be enabled at both ends of the link See the note below for a list of ProCurve...

Page 246: ...ol packets The num parameter specifies the maximum number of times the port will try the health check You can specify a value from 3 10 Default 5 Syntax no interface port list link keepalive vlan vid Assigns a VLAN ID to a UDLD enabled port for sending of tagged UDLD control packets Under default settings untagged UDLD packets can still be transmitted and received on tagged only ports however a wa...

Page 247: ... health check reply packet from the port at the other end of the link If the port does not receive a reply the port tries four more times by sending up to four more health check packets If the port still does not receive a reply after the maximum number of retries the port goes down You can change the maximum number of keepalive attempts to a value from 3 10 For example to change the maximum numbe...

Page 248: ...g UDLD for tagged ports you may receive a warning message if there are any inconsistencies with the port s VLAN config uration see page 31 for potential problems Viewing UDLD Information The following show commands allow you to display UDLD configuration and status via the CLI Syntax show link keepalive Displays all the ports that are enabled for link keepalive Syntax show link keepalive statistic...

Page 249: ...the System Administrator Keepalive Retries 3 Keepalive Interval 1 sec Port Enabled Physical Keepalive Adjacent UDLD Status Status Switch VLAN 1 Yes up up 00d9d f9b700 200 2 Yes up up 01560 7b1600 3 Yes down off line 4 Yes up failure 5 No down off line Port 4 is connected but is blocked due to a link keepalive failure Port 1 is UDLD enabled and tagged for a specific VLAN Port 3 is UDLD enabled but ...

Page 250: ...30405 Udld Packets Sent 500 Neighbor Port 6 Udld Packets Received 450 State Transitions 3 Current State off line Neighbor MAC Addr n a Udld Packets Sent 0 Neighbor Port n a Udld Packets Received 0 State Transitions 0 Port Blocking no Link vlan 1 Port 4 Current State failure Neighbor MAC Addr n a Udld Packets Sent 128 Neighbor Port n a Udld Packets Received 50 State Transitions 8 Port Blocking yes ...

Page 251: ...t 7 belongs to VLAN 1 and 22 but the user tries to configure UDLD on port 7 to send tagged packets in VLAN 4 the configuration will be accepted The UDLD control packets will be sent tagged in VLAN 4 which may result in the port being blocked by UDLD if the user does not configure VLAN 4 on this port You have attempted to remove a VLAN on port that is configured for tagged UDLD packets on that VLAN...

Page 252: ...Port Status and Configuration Uni Directional Link Detection UDLD 10 32 ...

Page 253: ...ration 11 14 Changing the PoE Port Priority Level 11 14 Disabling or Re Enabling PoE Port Operation 11 15 Enabling Support for Pre Standard Devices 11 15 Changing the Threshold for Generating a Power Notice 11 16 Configuring Optional PoE Port Identifiers 11 17 Viewing PoE Configuration and Status 11 19 Displaying the Switch s Global PoE Power Status 11 19 Displaying an Overview of PoE Status on Al...

Page 254: ...n Contents Calculating the Maximum Load for a PoE Module 11 25 When a Power Supply Fails 11 26 PoE Operating Notes 11 27 PoE Event Log Messages 11 28 Informational PoE Event Log Messages 11 28 Warning PoE Event Log Messages 11 29 11 2 ...

Page 255: ...oE module J8702A or the 20 port Gig T plus 4 mini GBIC PoE module J8705A The switch must have at least one of the following power supplies installed ProCurve J8712A Power Supply providing 273 watts of PoE power ProCurve J8713A Power Supply providing 900 watts of PoE power For information about the power supply specifications refer to the ProCurve Switch zl Internal Power Supplies Installation Guid...

Page 256: ... state where there are more PDs requesting PoE power than can be accommodated PD Powered Device This is an IEEE 802 3af compliant device that receives its power through a direct connection to a Gig T PoE port in a PoE device Examples of PDs include Voice over IP VoIP telephones wireless access points and remote video cameras port number Refers to the type of power prioritization where within a pri...

Page 257: ...ct either a PoE device PD or a non PoE device to a port configured for PoE operation on a J8702A PoE module Using the commands described in this chapter you can Configure a non default power threshold for SNMP and Event Log reporting of PoE consumption on either all PoE ports on the switch or on all PoE ports in one or more PoE modules Specify the port priority you want to use for provisioning PoE...

Page 258: ...oCurve Switch zl 24 Port 10 100 1000 PoE Module J8702A refer to the ProCurve Switch Modules Installation Guide provided with the module To help you plan and implement a PoE system in your network refer to the PoE Planning and Implementation Guide which is available on the ProCurve Networking web site at www procurve com Click on technical support then Product manuals all The latest version of any ...

Page 259: ...priority for allocating power in case a PoE module becomes oversubscribed and must drop power for some lower priority ports to support the demand on other higher priority ports Configure one of the following A global power threshold that applies to all modules on the switch This setting acts as a trigger for sending a notice when the PoE power consumption on any PoE module installed in the switch ...

Page 260: ...upportinganotherPD thenthepower is removed from port Y and delivered to port X In this case the PD on port Y loses power and the PD on port X receives power If the new PD connects to a port X having a lower priority than all other PoE ports currently providing power to PDs then power is not supplied to port X until one or more PDs using higher priority ports are removed Note that once a PD connect...

Page 261: ...riority Operation on page 11 10 Disconnecting a PD from a PoE port causes the module to stop providing PoE power to that port and makes the power available to any other PoE ports that have PDs connected and waiting for power If the PD demand for power becomes greater than the PoE power available then power is transferred from the lower priority ports to the higher priority ports Ports not currentl...

Page 262: ...he same type recommended Two J8712A Power Supplies 546 watts or Two J8713A Power Supplies 1800 watts Two power supplies of different types not recommended One J8712A power supply one J8713 power supply 1173 watts Three power supplies Three J8712A power supplies 819 watts Three J8713A power supplies 2700 watts One J8712A and two J8713A 1446 watts Four power supplies Four J8712A power supplies 1092 ...

Page 263: ...Power Allocation Prioritized There are two ways that PoE power is prioritized Using a priority class method a power priority of Low the default High or Critical is assigned to each enabled PoE port Using a port number priority method a lower numbered port has priority over a higher numbered port within the same configured priority class for example port A1 has priority over port A5 if both are con...

Page 264: ...d to these ports in ascending order beginning in this example with port 18 until all available power is in use C22 C24 Low In this example the CLI command sets ports C23 C24 to Low2 ProCurve config interface c23 c24 power low This priority class receives power only if all PDs on ports with High and Critical priority settings are receiving power If there is enough power to provision PDs on only som...

Page 265: ...e config interface a1 a24 power low There are 48 PDs attached to all ports of modules A and C 24 ports each module There is only enough PoE power for 32 ports 8 5 watts x 32 ports 273 watts The result is that all the Critical priority ports on module C would receive power but only 8 ports on module A would receive power On module A the port A1 has the highest priority of the ports in that module i...

Page 266: ...t a given priority level then the lowest numbered port at that level will be provisioned first starting with module A then B C and so on PoE priorities are invoked only when all active PoE ports cannot be provisioned supplied with PoE power Critical Specifies the highest priority PoE support for port list The active PoE ports at this level are provisioned before the PoE ports at any other level ar...

Page 267: ...ion at Low priority If you configure a higher priority this priority is retained until you change it Note Disabling all ports on a module allows the 22W of minimum PoE power allocated for the module to be recovered and used elsewhere You must disable ALL ports in the module for this to occur Enabling Support for Pre Standard Devices The ProCurve 8212zl switch also supports some pre 802 3af devices...

Page 268: ... power threshold setting on all PoE modules installed in the switch For example suppose slots A B and C each have a PoE module installed In this case executing the following command sets the global notification threshold to 70 of available PoE power ProCurve config power threshold 70 With this setting if module B is allocated 100 watts of PoE power and is using 68 watts and then another PD is conn...

Page 269: ...hold command affecting the same slot Thus executing the following two commands in the order shown sets the threshold for the PoE module in slot D to 75 but leaves the thresholds for any PoE modules in the other slots at 90 ProCurve config power threshold 90 ProCurve config power slot d threshold 75 If you reverse the order of the above two commands all PoE modules in the switch will have a thresho...

Page 270: ...r Port B1 Command to configure Wireless 1 as the Configured Type identifier for port B1 CLI response indicates successful command execution Show command lists the new Configured Type identifier Figure 11 1 Example of using the MIB To Configure a Configured Type Identifier for a Port To remove a Configured Type identifier use the setmib command with a blank space enclosed in quotes For example to r...

Page 271: ...able PoE power provisioning the switch must exceed to generate a usage notice in the form of an Event Log message and an SNMP trap If this event is followed by a drop in power provisioning below the threshold the switch generates another SNMP trap and Event Log message Event Log messages are also sent to any optionally configured debug destinations Default 80 For example in the default PoE configu...

Page 272: ...r for the port If not configured the field is empty Refer to Configuring Optional PoE Port Identifiers on page 11 17 Detection Status Searching The port is trying to detect a PD connection Delivering The port is delivering power to a PD Disabled On the indicated port either PoE support is disabled or PoE power is enabled but the PoE module does not have enough power available to supply the port s ...

Page 273: ...ield displayed by show power management port list Priority Lists the power priority Low High and Critical configured on ports enabled for PoE For more on this topic refer to the power command description under Configuring PoE Operation on page 11 14 Detection Status Searching The port is available to support a PD Delivering The port is delivering power to a PD Disabled PoE power is enabled on the ...

Page 274: ...d on the indicated port Classes include 0 0 44w to 12 95w 2 3 84w to 6 49w 4 reserved 1 0 44w to 3 84w 3 6 49w to 12 95w MPS Absent Cnt This value shows the number of times a detected PD has no longer requested power from the port Each occurrence generates an Event Log message MPS refers to the Maintenance Power Signature Refer to PoE Terminology on page 11 4 Short Cnt Shows the number of times th...

Page 275: ...etwork security you should read the first two topics If your PoE installation comes close to or is likely to exceed the system s ability to supply power to all devices that may request it then you should also read the third topic If it is unlikely that your installation will even approach a full utilization of the PoE power available then you may find it unnecessary to spend much time on calculati...

Page 276: ... to the latest edition of the Access Security Guide for your switch The ProCurve Networking web site offersthelatestversionofallProCurveproductpublications Referto Getting Documentation From the Web on page 1 6 Assigning Priority Policies to PoE Traffic You can use the configurable QoS Quality of Service features in the switch to create prioritization policies for traffic moving through PoE ports ...

Page 277: ... amountofpowerthe power supply device delivers to a specific PoE module there may or may not always be enough power available to connect and support PoE operation on all 24 Gig T ports in a PoE module PoE power is available if it is either not currently in use or can be acquired by automatically removing PoE power from another lower priority port After an appliance is connected to a PoE port the s...

Page 278: ...If you have two J8713A power supplies installed supplying 900 watts of PoE power each total 1800 watts then 900 watts of PoE power will be available to continue supplying PoE power to ports in priority order if one power supply fails Ifyouhavea mixedpowersupply configurationwithoneJ8712Apowersupply supplying 273 watts of PoE power and one J8713A power supply supplying 900 watts of PoE power a tota...

Page 279: ...tilize the allocated PoE power spread your connected PoE devices as evenly as possible across modules To cycle the power on a PD receiving power from a PoE port on the switch disable then re enable the power to that port For example to cycle the power on a PoE device connected to port 1 on a PoE module installed in slot D ProCurve config no interface d1 power ProCurve config interface d1 power Dis...

Page 280: ...hreshold of 1 99 has decreased below the threshold specified by the last execution of the power threshold command affecting that module This message occurs if after the last reboot the PoE demand on the module exceeded the power threshold and then later dropped below the threshold value port port id applying power to PD A PoE device is connected to the indicated port and receiving power port port ...

Page 281: ...he PD onthe insufficient power allocation indicated port and the port does not have sufficient PoE priority to take power from another active PoE port Port port id PD Invalid Signature Theswitchhasdetectedanon 802 3af compliantdeviceon indication theindicatedport Thismessageappearsforallnon 802 3af devices connected to the port such as other switches PC NICs etc Port port id PD MPS Absent indicati...

Page 282: ...Power Over Ethernet PoE Operation PoE Operating Notes 11 30 ...

Page 283: ...ps 12 11 Using the CLI To View Port Trunks 12 11 Using the CLI To Configure a Static or Dynamic Trunk Group 12 14 Web Viewing Existing Port Trunk Groups 12 17 Trunk Group Operation Using LACP 12 18 Default Port Operation 12 20 LACP Notes and Restrictions 12 21 Trunk Group Operation Using the Trunk Option 12 25 How the Switch Lists Trunk Data 12 26 Outbound Traffic Distribution Across Trunked Links...

Page 284: ...ack bone devices as well as to connections in other network areas where traffic bottlenecks exist A trunk group is a set of up to eight ports configured as members of the same port trunk Note that the ports in a trunk group do not have to be consecutive For example The multiple physical links in a trunk behave as one logical link Switch 2 Switch 1 port 1 port c1 port 2 port c2 Ports a1 a3 a4 Ports...

Page 285: ...ngdevicesuchasahub orusingmorethanonemedia type in a port trunk group Similarly for proper trunk operation all links in the same trunk group must have the same speed duplex and flow control Port Security Restriction Portsecuritydoesnotoperateonatrunkgroup If you configure port security on one or more ports that are later added to a trunk group the switch resets the port security parameters for tho...

Page 286: ...tings at Auto the default LACP also operates with Auto 10 Auto 100 andAuto 1000 ifnegotiation selectsFDx and 10FDx 100FDx and 1000FDx settings The 10 gigabit ports available for some switch models allow only the Auto setting Fault Tolerance If a link in a port trunk fails the switch redistributes traffic originally destined for that link to the remaining links in the trunk The trunk remains operab...

Page 287: ...move them from the trunk For example if ports C1 C4 were LACP active and operating in a trunk with another device you would do the following to change them to LACP passive ProCurve config no int c1 c4 lacp Removes the ports from the trunk ProCurve config int c1 c4 lacp passive Configures LACP passive Static Trunk The switch uses the links you configure with the Port Trunk Settings screen in the me...

Page 288: ...ree or IGMP parameters on an LACP trunk group You want an LACP trunk group to operate in a VLAN other than the default VLAN and GVRP is disabled Refer to VLANs and Dynamic LACP on page 12 23 You want to use a monitor port on the switch to monitor an LACP trunk For more information refer to Trunk Group Operation Using LACP on page 12 18 Trunk Provides manually configured static only trunking to non...

Page 289: ...g operate on a per port basis regardless of trunk membership Enable Disable Flow control Flow Ctrl LACP is a full duplex protocol Refer to Trunk Group Operation Using LACP on page 12 18 Trunk Configuration All ports in the same trunk group must be the same trunk type LACP or Trunk All LACP ports in the same trunk group must be either all static LACP or all dynamic LACP A trunk appears as a single ...

Page 290: ...moveaportfromastatictrunk theportretainsthesameSpanningTreesettingsthatwereconfiguredforthetrunk IP Multicast Protocol IGMP A static trunk of any type appears in the IGMP configuration display and you can configure IGMP for a static trunk in the same way that you would configure IGMP on a non trunked port Note that the switch lists the trunk by name such as Trk1 and does not list the individual po...

Page 291: ...igure Static Port Trunking This procedure uses the Port Trunk Settings screen to configure a static port trunk group on the switch 1 Follow the procedures in the Important note above 2 From the Main Menu Select 2 Switch Configuration 2 Port Trunk Settings 3 Press E for Edit and then use the arrow keys to access the port trunk parameters These two columns indicate static trunk status For dynamic LA...

Page 292: ...led Static Virtual LANs VLANs in the Advanced Traffic Management Guide for your switch To return a port to a non trunk status keep pressing the Space bar until a blank appears in the highlighted Group value for that port Figure 12 5 Example of the Configuration for a Two Port Trunk Group 6 Move the cursor to the Type column for the selected port and use the Space bar to select the trunk type LACP ...

Page 293: ... Commands show trunks below show lacp page 12 13 trunk page 12 15 interface port list lacp page 12 15 Using the CLI To View Port Trunks You can list the trunk type and group for all ports on the switch or for selected ports You can also list LACP only status information for LACP configured ports Listing Static Trunk Type and Group for All Ports or for Selected Ports Syntax show trunks port list Om...

Page 294: ...dly Port Names feature Refer to Using Friendly Optional Port Names on page 10 18 Port A6 does not appear in this listing because it is not assigned to a static trunk Figure 12 6 Example Listing Specific Ports Belonging to Static Trunks The show trunks port list command in the above example includes a port list and thus shows trunk group information only for specific ports that have membership in a...

Page 295: ...age 12 20 Dynamic LACP Standby Links Dynamic LACP trunking enables you to configure standby links for a trunk by including more than eight ports in a dynamic LACP trunk configuration When eight ports trunk links are up the remaining link s will be held in standby status If a trunked link that is Up fails it will be replaced by a standby link which maintains your intended bandwidth for the trunk Re...

Page 296: ...configuring them for trunking you can temporarily disable the ports until the trunk is configured Refer to Enabling or Disabling Ports and Configuring Port Mode on page 10 11 The table on page 12 5 describes the maximum number of trunk groups you can configure on the switch An individual trunk can have up to eight links with additional standby links if you re using LACP You can configure trunk gro...

Page 297: ...ee is not in use ProCurve recommends that you first disable the port or disconnect the link on that port Syntax no trunk port list Removes the specified ports from an existing trunk group For example to remove ports C4 and C5 from an existing trunk group ProCurve config no trunk c4 c5 Enabling a Dynamic LACP Trunk Group In the default port configura tion all ports on the switch are set to disabled...

Page 298: ...d is LACP active Spanning tree is not needed and the clear advantages are increased bandwidth and fault tolerance Syntax interface port list lacp active Configures port list as LACP active If the ports at the other end of the links on port list are configured as LACP passive then this command enables a dynamic LACP trunk group on port list This example uses ports C4 and C5 to enable a dynamic LACP...

Page 299: ...ive LACP In this example port C6 belongs to an operating dynamic LACP trunk To remove port C6 from the dynamic trunk and return it to passive LACP you would do the following ProCurve config no interface c6 lacp ProCurve config interface c6 lacp passive Note that in the above example if the port on the other end of the link is configured for active LACP or static LACP the trunked link will be re es...

Page 300: ...gs at Auto the default LACP also operates with Auto 10 Auto 100 andAuto 1000 ifnegotiation selectsFDx and 10FDx 100FDx and 1000FDx settings LACP trunk status commands include Trunk Display Method Static LACP Trunk Dynamic LACP Trunk CLI show lacp command Included in listing Included in listing CLI show trunk command Included in listing Not included Port Trunk Settings screen in menu interface Incl...

Page 301: ...P port trunk group and assigns a port Group name The ports on both ends of each link have compatible mode settings speed and duplex The port on one end of each link must be configured for LACP Active and the port on the other end of the same link must be configured for either LACP Passive or LACP Active For example Switch 1 Port X LACP Enable Active Port Y LACP Enable Active Switch 2 Port A LACP E...

Page 302: ...s assigned ports use the CLI show trunk command or display the menu interface Port Trunk Settings screen Static LACP does not allow standby ports Default Port Operation In the default configuration LACP is disabled for all ports If LACP is not configured as Active on at least one end of a link then the port does not try to detect a trunk configuration and operates as a standard untrunked port Tabl...

Page 303: ...e This port will remain in reserve or standby unless LACP detects that another active link in the trunk has become disabled blocked or down In this case LACP automatically assigns a Standby port if available to replace the failed port LACP Partner Yes LACP is enabled on both ends of the link No LACP is enabled on the switch but either LACP is not enabled or the link has not been detected on the op...

Page 304: ...n secured port s ProCurve config The switch will not allow you to configure LACP on a port on which port security is enabled For example ProCurve config int a17 lacp passive Error configuring port A17 LACP and port security cannot be run together ProCurve config To restore LACP to the port you must remove port security and re enable LACP active or passive Changing Trunking Methods To convert a tru...

Page 305: ...are blocked The LACP status of the blocked ports is shown as Failure If one of the other ports becomes disabled a blocked port will replace it Port Status becomes Up When the other port becomes active again the replace ment port goes back to blocked Port Status is Blocked It can take a few seconds for the switch to discover the current status of the ports ProCurve eth B1 B8 show lacp LACP PORT LAC...

Page 306: ... to operate in static LACP trunks Spanning Tree and IGMP If Spanning Tree and or IGMP is enabled in the switch a dynamic LACP trunk operates only with the default settings for these features and does not appear in the port listings for these features Half Duplex and or Different Port Speeds Not Allowed in LACP Trunks The ports on both sides of an LACP trunk must be configured for the same speed an...

Page 307: ...orts without regard for how that traffic is handled by the device at the other end of the trunked links Similarly the switch handles incoming traffic from the trunked links as if it were from a trunked source When a trunk group is configured with the trunk option the switch automati cally sets the trunk to a priority of 4 for spanning tree operation even if spanning tree is currently disabled This...

Page 308: ...inks The two trunk group options LACP and Trunk use source destination address pairs SA DA for distributing outbound traffic over trunked links SA DA source address destination address causes the switch to distribute outbound traffic to the links within the trunk group on the basis of source destination address pairs That is the switch sends traffic from the same sourceaddresstothesamedestinationa...

Page 309: ...ce Address and Destination address When an IP address is available the calculation includes the last five bits of the IP source address and IP destination address otherwise the MAC addresses are used The result of that process undergoes a mapping that determines which link the traffic goes through If you have only two ports in a trunk it is possible that all the traffic will be sent through one po...

Page 310: ...B Node X 2 Node C Node Y 3 Node D Node Z 1 Node A Node Y 2 Node B Node W 3 Because the amount of traffic coming from or going to various nodes in a network can vary widely it is possible for one link in a trunk group to be fully utilized while other links in the same trunk have unused bandwidth capacity even if the assignments were evenly distributed across the links in a trunk 12 28 ...

Page 311: ...miting 13 10 Terminology 13 11 Guidelines for Configuring ICMP Rate Limiting 13 11 Configuring ICMP Rate Limiting 13 12 on the Same Interface 13 12 Displaying the Current ICMP Rate Limit Configuration 13 13 Operating Notes for ICMP Rate Limiting 13 14 ICMP Rate Limiting Trap and Event Log Messages 13 15 Guaranteed Minimum Bandwidth GMB 13 18 Introduction 13 18 Terminology 13 18 GMB Operation 13 18...

Page 312: ...s Configuring Jumbo Frame Operation 13 28 Overview 13 28 Viewing the Current Jumbo Configuration 13 29 Enabling or Disabling Jumbo Traffic on a VLAN 13 31 Operating Notes for Jumbo Traffic Handling 13 31 Troubleshooting 13 34 13 2 ...

Page 313: ...pplied to inbound traffic only and was specified as a percentage of total bandwidth Beginning with software release K 12 xx or later it is also possible to configure outbound rate limiting for all traffic on a port and specify bandwidth usage in terms of bits per second bps Guaranteed Minimum Bandwidth GMB Provides a method for ensuring that each of a port s outbound queues has a specified minimum...

Page 314: ...d to be appliedatthenetworkedgetolimittrafficfromnon criticalusersortoenforce service agreements such as those offered by Internet Service Providers ISPs to provide only the bandwidth for which a customer has paid Not e Rate limiting also can be applied by a RADIUS server during an authentication client session For further details refer to the chapter titled RADIUS Authen tication and Accounting i...

Page 315: ...s The rate limit icmp command specifies a rate limit on inbound ICMP traffic only see ICMP Rate Limiting on page 13 9 Rate limiting does not apply to trunked ports including meshed ports Bps rate limiting is done in 100 Kbps segments That is a 1 100 000 bps rate limit is implemented as a limit of 100 Kbps a limit of 100 001 199 999 bps is also implemented as a limit of 100 Kbps a limit of 200 000 ...

Page 316: ...e rate limit configuration for the specified port s This command operates the same way in any CLI context For example if you wanted to view the rate limiting configuration on the first six ports in the module in slot A ProCurve Switch 8212zl eth A5 show rate limit all a1 a6 All Traffic Rate Limit Maximum Port Inbound Limit Mode Radius Override Outbound Limit Mode A1 Disabled Disabled No override 2...

Page 317: ...on J8697A Configuration Editor Created on release K 12 XX hostname ProCurve Switch 8212zl module 1 type J8705A snmp server community public Unrestricted vlan 1 name DEFAULT_VLAN untagged A1 A24 ip address dhcp bootp exit interface A1 rate limit all out bps 100000 exit interface A2 rate limit all out bps 100000 exit interface A3 rate limit all out bps 100000 exit interface A4 rate limit all out bps...

Page 318: ... the ratio of outbound traffic from an inbound rate limited port versus the inbound rate For outbound rate limiting the rate is visible as the percentage of available outbound bandwidth assuming that the amount of requested traffic to be forwarded is larger than the rate limit Operation with other features Configuring rate limiting on a port where other features affect port queue behavior such as ...

Page 319: ... rate limit can be applied This situation occurs with a number of popular throughput testing applications as well as most regular network applications Consider the following example that uses the minimum packet size The total available bandwidth on a 100 Mbps port X allowing for Inter packet Gap IPG with no rate limiting restrictions is 100 000 000 bits 8 84 x 64 9 523 809 bytes per second where T...

Page 320: ...rs to restrict ICMP traffic to percentage levels that permit necessary ICMP functions but throttle additional traffic that may be due to worms or viruses reducing their spread and effect In addition ICMP rate limiting preserves inbound port bandwidth for non ICMP traffic C a u t i o n The ICMP protocol is necessary for routing diagnostic and error responses in an IP network ICMP rate limiting is p...

Page 321: ... on the switch to effec tively throttle excessive ICMP messaging from any source Figure 13 3 shows an example of how to configure this for a small to mid sized campus though similar rate limit thresholds are applicable to other network environments On edge interfaces where ICMP traffic should be minimal a threshold of 1 of available bandwidth should be sufficient for most applications On core inte...

Page 322: ...xample either of the following commands configures an inbound rate limit of 1 on ports A3 A5 which are used as network edge ports ProCurve config int a3 a5 rate limit icmp 1 ProCurve eth A3 A5 rate limit icmp 1 Using Both ICMP Rate Limiting and All Traffic Rate Limiting on the Same Interface ICMP and all traffic rate limiting can be configured on the same interface All traffic rate limiting applie...

Page 323: ... for all ports on the switch With port list this command lists the rate limit configuration for the specified interface s This command operates the same way in any CLI context For example if you wanted to view the rate limiting configuration on the first six ports in the module in slot B Ports B2 B5 areconfiguredwithanICMP rate limit of 1 Ports B1 and B6 are not configured for ICMP rate limiting F...

Page 324: ...rcentage of an interface s entire inbound bandwidth The rate of inbound flow for traffic of a given priority and the rate of flow from an ICMP rate limited interface to a particular queue of an outbound interface are not measures of the actual ICMP rate limit enforced on an interface Below maximum rates ICMP rate limiting operates on a per interface basis regardless of traffic priority Configuring...

Page 325: ...more inbound ICMP traffic than the configured bandwidth limit allows If the interface is configured with both rate limit all and rate limit icmp then the ICMP limit can be met or exceeded only if the rate limit for all types of inbound traffic has not already been met or exceeded Also totesttheICMPlimititisnecessarytogenerateICMPtrafficthatexceeds the configured ICMP rate limit Using the recommend...

Page 326: ...g internal port i 1 On a port configured with ICMP rate limiting this command resets the ICMP trap function which allows the switch to generate a new SNMP trap and an Event Log message if ICMP traffic in excess of the configured limit is detected on the port For example an operator noticing an ICMP rate limiting trap or Event Log message originating with port A1 on a switch would use the following...

Page 327: ...Descr 23 A23 ifDescr 24 A24 ifDescr 27 B1 ifDescr 28 B2 ifDescr 29 B3 ifDescr 48 B22 ifDescr 49 B23 ifDescr 50 B24 Beginning and Ending of Port Number Listing for Slot A Beginning and Ending of Port Number Listing for Slot B Figure 13 5 Matching Internal Port Numbers to External Slot Port Numbers 13 17 ...

Page 328: ...ority traffic in the network are frequently or continually starved by high volumes of higher priority traffic You can configure GMB per port Terminology Oversubscribed Queue Theconditionwherethereisinsufficientbandwidth allocated to a particular outbound priority queue for a given port If additional unused bandwidth is not available the port delays or drops the excess traffic GMB Operation Theswit...

Page 329: ...at there will always be bandwidth reserved for lower priority traffic Since the switch services outbound traffic according to priority highest to lowest the highest priority outbound traffic on a given port automatically receives the first priority in servicing Thus in most applications it is neces sary only to specify the minimum bandwidth you want to allocate to the lower priority queues In this...

Page 330: ...r priority traffic The sum of the GMB settings for all outbound queues on a given port cannot exceed 100 Impacts of QoS Queue Configuration on GMB Operation The section on Configuring Guaranteed Minimum Bandwidth for Out bound Traffic assumes the ports on the switch offer eight prioritized out bound traffic queues This may not always be the case however since the switch supports a QoS queue config...

Page 331: ...s or to the network infrastructure such as links to routers other switches or to the network core Syntax no int port list bandwidth min output Configures the default minimum bandwidth allocation for the outbound priority queue for each port in port list The default values per priority queue are Queue 1 low priority 2 Queue 2 low priority 3 Queue 3 normal priority 30 Queue 4 normal priority 10 Queu...

Page 332: ...e becomes oversubscribed In this case the unallocated bandwidth is apportioned to oversubscribed queues in descending order of priority For example if you configure a minimum of 10 for queues 1 7 and 0 for queue 8 then the unallocated bandwidth will be available to all eight queues in the following prioritized order 1 Queue 8 high priority 2 Queue 7 high priority 3 Queue 6 medium priority 4 Queue ...

Page 333: ... available for outbound traffic If queue 7 becomes oversubscribed and queue8isnotalreadyusingalloftheunallocatedbandwidth then queue 7 can use the unallocated bandwidth Also any unused bandwidth allocated to queues 6 to queue 1 is available to queue 7 if queue 8 has not already claimed it 6 10 Queue 6 has a guaranteed minimum bandwidth of 10 and if oversubscribed is subordinate to queues 8 and 7 i...

Page 334: ... command lists the GMB configuration for the specified ports This command operates the same way in any CLI context If the command lists Disabled for a port there are no bandwidth minimums configured for any queue on the port Refer to the description of the no form of the bandwidth min output command on page 13 21 For example to display the GMB configuration resulting from either of the above comma...

Page 335: ...ter than 0 and less than 100 are internally computed in steps of 1 0 Thus the switch internally converts a configured bandwidth percentage to the closest multiple of 1 0 Impact of QoS Queue Configuration on GMB commands Changing the number of queues affects the GMB commands interface bandwidth min and show bandwidth output to operate only on the number of queues currently configured In addition wh...

Page 336: ...o frames of up to 9220 bytes Regardless of the mode configured on a given jumbo enabled port if the port is operating at only 10 Mbps or 100 Mbps only frames that do not exceed 1522 bytes are allowed inbound on that port Terminology Jumbo Frame An IP frame exceeding 1522 bytes in size The maximum Jumbo frame size is 9220 bytes This size includes 4 bytes for the VLAN tag Jumbo VLAN A VLAN configure...

Page 337: ...AN cannot join a dynamic VLAN Port Adds and Moves If you add a port to a VLAN that is already configured for jumbo traffic the switch enables that port to receive jumbo traffic If you remove a port from a jumbo enabled VLAN the switch disables jumbotrafficcapabilityonthe portonly ifthe portisnotcurrently a member of another jumbo enabled VLAN This same operation applies to port trunks Jumbo Traffi...

Page 338: ...led refer to the GVRP topic under Operating Rules above 2 Ensure that the ports through which you want the switch to receive jumbo frames are operating at least at gigabit speed Check the Mode field in the output for the show interfaces brief port list command 3 Use the jumbo command to enable jumbo frames on one or more VLANs statically configured in the switch All ports belonging to a jumbo enab...

Page 339: ...how vlans ports port list Lists the static VLANs to which the specified port s belong including the Jumbo column to indicate which VLANs are configured to support jumbo traffic Entering only one port in port list results in a list of all VLANs to which that port belongs Entering multiple ports in port list results in a superset list that includes the VLAN memberships of all ports in the list even ...

Page 340: ...ting the VLAN Memberships for a Range of Ports Syntax show vlans vid This command shows port membership and jumbo configuration for the specified vid Lists the ports belonging to VLAN 100 and whether the VLAN is enabled for jumbo frame traffic Figure 13 10 Example of Listing the Port Membership and Jumbo Status for a VLAN 13 30 ...

Page 341: ...d allowing a voice VLAN to accept jumbo frame traffic can degrade the voice transmission perfor mance You can configure the default primary and or if configured the manage ment VLAN to accept jumbo frames on all ports belonging to the VLAN When the switch applies the default MTU 1522 bytes to a VLAN all ports in the VLAN can receive incoming frames of up to 1522 bytes in length When the switch app...

Page 342: ...ird VLAN with the sole purpose of enabling jumbo traffic on the desired ports while leaving the other ports on the switch disabled for jumbo traffic That is VLAN 100 VLAN 200 VLAN 300 Ports 6 10 11 15 6 7 12 and 13 Jumbo No No Yes Enabled If there are security concerns with grouping the ports as shown for VLAN 300 you can either use source port filtering to block unwanted traffic paths or create s...

Page 343: ...must be configured to accept the jumbo traffic Otherwise this traffic will be dropped by the downstream device Jumbo Traffic in a Switch Mesh Domain Note that if a switch belongs to a meshed domain but does not have any VLANs configured to support jumbo traffic then the meshed ports on that switch will drop any jumbo frames they receive from other devices In this regard if a mesh domain includes a...

Page 344: ...nk then the port cannot receive inbound jumbo frames To determine the actual operating speed of one or more ports view the Mode field in the output for the following command show interfaces brief port list A non jumbo port is generating Excessive undersize giant frames messages in the Event Log The switches can transmit outbound jumbo traffic on any port regardless of whether the port belongs to a...

Page 345: ...wing and Configuring non SNMP version 3 Communities 14 13 CLI Viewing and Configuring SNMP Community Names 14 15 SNMPv3 Notification and Traps 14 17 SNMPv1 and SNMPv2c Trap Features 14 19 CLI Configuring and Displaying Trap Receivers 14 20 Using the CLI To Enable Authentication Traps 14 23 Configuring the Source IP Address for SNMP Requests and Traps 14 24 Operating Notes 14 27 Enabling and Config...

Page 346: ...es 14 40 Configuring LLDP Operation 14 41 Viewing the Current Configuration 14 42 Configuring Global LLDP Packet Controls 14 43 Configuring SNMP Notification Support 14 47 Configuring Per Port Transmit and Receive Modes 14 48 Configuring Basic LLDP Per Port Advertisement Content 14 49 Advertisements 14 51 LLDP MED Media Endpoint Discovery 14 52 LLDP MED Topology Change Notification 14 55 LLDP MED ...

Page 347: ...s configured either manually or dynamically using DHCP or Bootp If multiple VLANs are configured each VLAN interface should have its own IP address For DHCP use with multiple VLANs refer to the section titled The Primary VLAN in the Static Virtual LANs VLANs chapter of the Advanced Traffic Management Guide for your switch Not e If you use the switch s Authorized IP Managers and Management VLAN fea...

Page 348: ...the OpenView database To do so go to the ProCurve Networking web site at www procurve com Click on software updates then MIBs Configuring for SNMP version 1 and 2c Access to the Switch SNMP access requires an IP address and subnet mask configured on the switch Refer to IP Configuration on page 8 2 If you are using DHCP Bootp to configure the switch ensure that the DHCP Bootp process provides the I...

Page 349: ...ion on page 8 2 If you are using DHCP Bootp to configure the switch ensure that the DHCP Bootp process provides the IP address See DHCP Bootp Operation on page 8 12 Once an IP address has been configured the main steps for configuring SNMP version 3 access management features are 1 Enable SNMPv3 for operation on the switch Refer to SNMP Version 3 Commands on page 14 6 2 Configure the appropriate S...

Page 350: ...mmunitynamed public inaccessible to network management applications such as auto discovery traffic monitoring SNMP trap generation and threshold setting from operating in the switch Syntax no snmpv3 enable Enable and disable the switch for access from SNMPv3 agents This includes the creation of the initial user record no snmpv3 only Enables or disables restrictions to access from only SNMPv3 agent...

Page 351: ...ftware requires an initial user record to clone The initial user record can be downgraded and provided with fewer features but not upgraded by adding new features For this reason it is recommended that when you enable SNMPv3 you also create a second user with SHA authentication and DES privacy Enable SNMPv3 CreateinitialusermodelsforSNMPv3 Management Applications Set restriction on non SNMPv3 mess...

Page 352: ... the appropriate security level to an existing security group Adding Users To configure an SNMPv3 user you must first add the user name to the list of known users with the snmpv3 user command ProCurve config snmpv3 user NetworkAdmin ProCurve config snmpv3 user NetworkMgr auth md5 authpass priv privpass Add user Network Admin with no authentication or privacy Add user Network Mgr with authenticatio...

Page 353: ...password priv_pass must be 6 32 characters in length and is mandatory when you configure privacy Default DES Note Only AES 128 bit and DES 56 bit encryption are supported as privacy protocols Other non standard encryptionalgorithms suchasAES 172 AES 256 and 3 DES are not supported Listing Users To display the management stations configured to access the switch with SNMPv3 and view the authenticati...

Page 354: ... Assigning Users to Groups SNMPv3 Group Commands Syntax no snmpv3 group This command assigns or removes a user to a security group for access rights to the switch To delete an entry all of the following three parameters must be included in the command group group_name This parameter identifies the group that has the privileges that will be assigned to the user For more details refer to Group Acces...

Page 355: ...w DiscoveryView Each view allows you to view or modify a different set of MIBs Manager Read View access to all managed objects Manager Write View access to all managed objects except the follow ing vacmContextTable vacmAccessTable vacmViewTreeFamilyTable OperatorReadView no access to icfSecurityMIB hpSwitchIpTftp Mode vacmContextTable vacmAccessTable vacmViewTreeFami lyTable usmUserTable snmpCommu...

Page 356: ...is being mapped to a group access level sec name security_name This is the group level to which the community is being mapped For more information refer to Group Access Levels on page 14 11 tag tag_value This is used to specify which target address may have access by way of this index reference Figure 14 4 shows the assigning of the Operator community on MgrStation1 to the CommunityOperatorReadWri...

Page 357: ...her an operator level or a manager level view and either restricted or unrestricted write access Using SNMP requires that the switch have an IP address and subnet mask compatible with your network C a u t i o n For ProCurve Manager PCM version 1 5 or earlier or any TopTools version deleting the public community disables some network management functions such as traffic monitoring SNMP trap generat...

Page 358: ...sting community the values for the currently selected Community appear in the fields Type the value for this field Use the Space bar to select values for other fields Figure 14 6 The SNMP Add or Edit Screen Need Help If you need information on the options in each field press Enter to move the cursor to the Actions line then select the Help option on the Actions line When you are finished with Help...

Page 359: ...igured SNMP community names along with trap receivers and the setting for authentication traps refer to SNMPv3 Notification and Traps on page 14 17 Syntax show snmp server community string This example lists the data for all communities in a switch that is both the default public community name and another community named blue team Default Community and Settings Non Default Community and Settings ...

Page 360: ... Optionally assigns an access level At the operator level the community can access all MIB objects except the CONFIG MIB At the manager level the community can access all MIB objects restricted unrestricted Optionally assigns MIB access type Assigning the restricted type allows the community to read MIB variables but not to set them Assigning the unrestricted type allows the community to read and ...

Page 361: ...sh a parameter record for the target address with the snmpv3 params command Syntax no snmpv3 notify notify_name tag tag_name This adds or deletes a notification request To remove a mapping you only need the notify_name no snmpv3 targetaddress name params parms_name ip addr Add or delete an address where notification messages are sent The tag value must match the tag value of a notify entry filter ...

Page 362: ...e Adds or deletes a user parameter for use with target address The params_name must match the parms_name in the targetaddress command The user_name should be a user from the User Table For more information on users refer to SNMPv3 Users on page 14 7 A complete params command must also have a sec model and msg processing entry sec model ver1 ver2c ver3 This establishes the security model to use for...

Page 363: ...ntication trap is a specialized SNMP trap sent to trap receivers when an unauthorized management station tries to access the switch A link change trap is an SNMP trap sent to trap receivers when the link on a port changes from up to down linkDown or down to up linkUp Not e Fixed or Well Known Traps The switches covered in this guide automatically sends fixed traps such as coldStart warmStart linkD...

Page 364: ...er host ip addr community name none all non info critical debug 14 21 snmp server enable traps authentication 14 21 snmp server enable traps link change port list 14 23 Using the CLI To List Current SNMP Trap Receivers This command lists the currently configured trap receivers and the setting for authentication traps along with the current SNMP community name data refer to SNMPv3 Communities on pa...

Page 365: ...g Address Community Events Sent in Trap 10 28 227 200 public All 10 28 227 105 red team Critical 10 28 227 120 blue team Not INFO Figure 14 9 Example of Show SNMP Server Listing Configuring Trap Receivers This command specifies trap receivers by community membership management station IP address and the type of Event Log messages to send to the trap receiver Not e If you specify a community name t...

Page 366: ...ly set the threshold s none all non info critical debug Options for sending switch Event Log messages to a trap receiver Refer toTable 14 1 Options for Sending Event Log Messages as Traps on page 14 22 The levels specified with these options apply only to Event Log messages and not to threshold traps Table 14 1 Options for Sending Event Log Messages as Traps Event Level Description None default Se...

Page 367: ... must be configured on the switch Refer to Configuring Trap Receivers on page 14 21 Using the CLI To Enable Authentication Traps Syntax no snmp server enable traps authentication Enables or disables sending an authentication trap to the configured trap receiver s if an unauthorized management station attempts to access the switch For example ProCurve config snmp server enable traps authentication ...

Page 368: ...NMP Requests and Traps SNMP Server Source IP Address Commands Page show snmp server 14 26 snmp server response source dst ip of request IP ADDR loopback 0 7 14 25 snmp server trap source IP ADDR loopback 0 7 14 25 The switch uses the interface IP address as the source IP address in the IP header when sending a response to SNMP requests For multi netted interfaces the source IP address is the outgo...

Page 369: ...request pdu that will be used as the source IP address in the SNMP response pdu IP ADDR The user specified IP address that will be used as the source IP address in the SNMP response pdu loopback 0 7 The IP address configured for the specified loopback interface will be used as the source IP address in the SNMP response pdu In the case of multiple addresses the lowest alphanumeric address will be u...

Page 370: ... snmp server trap source commands configure the source IP address for IPv4 interfaces only The show snmp server command displays the policy configuration ProCurve_8212 config show snmp server SNMP Communities Community Name MIB View Write Access public Manager Unrestricted Trap Receivers Link Change Traps Enabled on Ports All All Send Authentication Traps No No Address Community Events Sent in Tra...

Page 371: ...s occur When an SNMP Manager receives an inform request it can send an SNMP response back to the sending agent This lets the agent know that the inform request reached its destination If the sending agent does not receive an SNMP response back from the SNMP Manager within the timeout period the inform request may be resent based on the retry count value You must specify an IP address that will rec...

Page 372: ...anagement RMON The switch supports RMON Remote Monitoring on all connected network segments This allows for troubleshooting and optimizing your network The following RMON groups are supported EthernetStatistics exceptthenumbersofpacketsofdifferentframesizes Alarm History of the supported Ethernet statistics Event The RMON agent automatically runs in the switch Use the RMON management station on yo...

Page 373: ...es data into datagrams that are forwarded to a central data collector sFlow destination The central data collector that gathers datagrams from sFlow enabled switch ports on the network The data collector decodes the packet headers and other information to present detailed Layer 2 to Layer 7 usage statistics Configuring sFlow The following sFlow commands allow you to configure sFlow instances via t...

Page 374: ... no sflow receiver instance command Viewing sFlow Configuration and Status The following sFlow commands allow you to display sFlow configuration and status via the CLI Syntax show sflow agent Displays sFlow agent information The agent address is normally the ip address of the first vlan configured Syntax show sflow receiver instance destination Displays information about the management station to ...

Page 375: ...ation Note the following details Destination Address remains blank unless it has been configured Datagrams Sent shows the number of datagrams sent by the switch agent to the management station since the switch agent was last enabled Timeout displays thenumber of seconds remaining before the switch agent will automatically disable sFlow this is set by the management station and decrements with time...

Page 376: ...8 1234567890 A2 0 Yes 1 60 A3 No 1 0 100 898703 No 30 A4 Yes 3 50 128 0 No 3 0 Figure 14 15 Example of Viewing sFlow Sampling and Polling Information Not e The sampling and polling instances noted in parentheses coupled to a specific receiver instance are assigned dynamically and so the instance numbers may not always match The key thing to note is whether sampling or polling is enabled on a port ...

Page 377: ...oldtime multiplier for LLDP Packets 4 seconds page 14 37 holdtime multiplier x refresh interval time to live Change the delay interval between advertisements 2 seconds page 14 45 Changing the reinitialization delay interval 2 seconds page 14 46 Configuring SNMP notification support Disabled page 14 47 Configuring transmit and receive modes tx_rx page 14 48 Configuring basic LLDP per port advertise...

Page 378: ...d to the switch including device type capability and some configuration information In VoIP deployments using LLDP MED on the switches covered in this guide additional support unique to VoIP applications is also available Refer to LLDP MED Media Endpoint Discovery on page 14 52 Terminology Adjacent Device Refer to Neighbor or Neighbor Device Advertisement See LLDPDU Active Port A port linked to an...

Page 379: ...System A network based and or premises based telephone system having a common interface with the public switched telephone system and having multiple telephone lines common control units multiple telephone sets and control hardware and software NANP North American Numbering Plan A ten digit telephone number format where the first three digits are an area code and the last seven digits are a local ...

Page 380: ...d LLDP enabled LLDP is a one way protocol and does not include any acknowledgement mechanism An LLDP enabled port receiving LLDP packets inbound from neighbor devices stores the packet data in a Neighbor database MIB LLDP MED This capability is an extension to LLDP and is available on the switches covered in this guide Refer to LLDP MED Media Endpoint Discovery on page 14 52 Packet Boundaries in a...

Page 381: ... an LLDP advertisement packet out each active port enabled for outbound LLDP transmissions and receives LLDP advertisements on each active port enabled to receive LLDP traffic page 14 48 Per Port configuration options include four modes Transmit and Receive tx_rx This is the default setting on all ports It enables a given port to both transmit and receive LLDP packets and to store the data from re...

Page 382: ... Uses base MAC address of the switch Port Type3 6 N A Always Enabled Uses Local meaning assigned locally by LLDP Port Id6 N A Always Enabled Uses port number of the physical port In the switches covered in this guide this is an internal number reflecting the reserved slot port position in the chassis For more information on this numbering scheme refer to figures D 2 andD 3inAppendixD MACAddressMan...

Page 383: ...an enable LLDP debug logging to a configured debug destination Syslog server and or a terminal device by executing the debug lldp command For more on Debug and Syslog refer to the Troubleshooting appendix in this guide Note that the switch s Event Log does not record usual LLDP update messages Options for Reading LLDP Information Collected by the Switch You can extract LLDP information from the sw...

Page 384: ...rt is a member of the default VLAN VID 1 and there is an IP address configured for the defaultVLAN thentheportadvertisesthisIPaddress Inthe defaultoperation the IP address that LLDP uses can be an address acquired by DHCP or Bootp You can override the default operation by configuring the port to advertise any IP address that is manually configured on the switch even if the port does not belong to ...

Page 385: ... ports on the switch and per port settings that affect only the operation of the specified ports The commands in this section affect both LLDP and LLDP MED operation for information on operation and configuration unique to LLDP MED refer to LLDP MED Media Endpoint Discovery on page 14 52 Command Page show lldp config 14 43 no lldp run 14 43 lldp refresh interval 14 44 lldp holdtime multiplier 14 4...

Page 386: ...ns Syntax show lldp config Displays the LLDP global configuration LLDP port status and SNMP notification status For information on port admin status refer to Configuring Per Port Transmit and Receive Modes on page 14 48 For example show lldp config produces the following display when the switch is in the default LLDP configuration Med Topology Trap Enabled False True False False True False False N...

Page 387: ...ransmit and Receive Modes on page 14 48 The blank IpAddress field indicates that the default IP address will be advertised from this port Refer to page 14 49 Configuring a Remote Management Address for Outbound LLDP Advertisements This fieldappearswhendot3tlvenableis enabled on the switch which is the default setting These fields appear when medtlvenable is enabled on the switch which is the defau...

Page 388: ... database remains until it times out Default Enabled For example to disable LLDP on the switch ProCurve config no lldp run Changing the Packet Transmission Interval This interval controls how often active ports retransmit advertisements to their neighbors Syntax lldp refresh interval 5 32768 Changes the interval between consecutive transmissions of LLDP advertisements on any given port Default 30 ...

Page 389: ...es the advertised data is deleted from the neighbor switch s MIB Default 4 Range 2 10 For example if the refresh interval on the switch is 15 seconds and the holdtime multiplier is at the default the Time to Live for advertisements transmitted from the switch is 60 seconds 4 x 15 To reduce the Time to Live you could lower the holdtime interval to 2 which would result in a Time to Live of 30 second...

Page 390: ...ou must first set the refresh interval to a minimum of 32 seconds 32 4 x 8 Figure 14 18 Example of Changing the Transmit Delay Interval Attempt to change the transmit delay interval shows that the refresh interval is less than 4 x delay interval Changes the refresh interval to 32 that is 32 4 x desired transmit delay interval Successfully changes the transmit delay interval to 8 Changing the Reini...

Page 391: ...five seconds ProCurve config setmib lldpreinitdelay 0 i 5 Configuring SNMP Notification Support You can enable SNMP trap notification of LLDP data changes detected on advertisements received from neighbor devices and control the interval between successive notifications of data changes on the same neighbor Enabling LLDP Data Change Notification for SNMP Trap Receivers Syntax no lldp enable notific...

Page 392: ...5 seconds For example the following command limits change notification traps from a particular switch to one per minute ProCurve config setmib lldpnotificationinterval 0 i 60 lldpNotificationInterval 0 60 Configuring Per Port Transmit and Receive Modes These commands control advertisement traffic inbound and outbound on active ports Syntax lldp admin status port list txonly rxonly tx_rx disable Wi...

Page 393: ... a specific IP address in the outbound LLDP advertisements for specific ports Syntax no lldp config port list ipAddrEnable ip address Replaces the default IP address for the port with an IP address you specify This can be any IP address configured in a static VLAN on the switch even if the port does not belong to the VLAN configured with the selected IP address The no form of the command deletes t...

Page 394: ... use LLDP commands to configure their actual content port description TLV system name TLV system description TLV system capabilities TLV system capabilities Supported TLV subelement system capabilities Enabled TLV subelement port speed and duplex TLV subelement Syntax no lldp config port list basicTlvEnable TLV Type port_descr For outbound LLDP advertisements this TLV includes an alphanumeric stri...

Page 395: ...roCurve config lldp config 1 5 basicTlvEnable system_name Configuring Support for Port Speed and Duplex Advertisements This feature is optional for LLDP operation but is required for LLDP MED operation Port speed and duplex advertisements are supported on the switches covered in this guide to inform an LLDP endpoint and the switch port of each other s port speed and duplex configuration and capabi...

Page 396: ...on refer to Displaying the Current Port Speed and Duplex Configuration on a Switch Port on page 14 68 LLDP MED Media Endpoint Discovery LLDP MED ANSI TIA 1057 D6 extends the LLDP IEEE 802 1AB industry standard to support advanced features on the network edge for Voice Over IP VoIP endpoint devices with specialized capabilities and LLDP MED standards based functionality LLDP MED in the switches use...

Page 397: ...ays media servers IP communications controllers other VoIP devices or servers IP Network Infrastructure IEEE 802 LAN Switches Providing Network Access to LLDP MED Endpoints LLDP MED Class 1 Generic Endpoints Such As IP Call Control Devices LLDP MEDClass2MediaEndpointsSuchAs Media Gateways Conference Bridges and other Devices Supporting IP Media Streams LLDP MED Class 3 End User IP Communication De...

Page 398: ... e LLDP MED on the switches covered in this guide is intended for use with VoIP endpoints and is not designed to support links between network infrastructure devices such as switch to switch or switch to router links LLDP MED Endpoint Device Classes LLDP MED endpoint devices are by definition located at the network edge and communicate using the LLDP MED framework Any LLDP MED endpoint device belo...

Page 399: ...P MED Operational Support The switches covered in this guide offer two configurable TLVs supporting MED specific capabilities medTlvEnable for per port enabling or disabling of LLDP MED opera tion medPortLocation for configuring per port location or emergency call data Not e LLDP MED operation also requires the port speed and duplex TLV dot3TlvEnable page 14 52 which is enabled in the default conf...

Page 400: ...page 14 54 The show running command shows whether the topology change notification feature is enabled or disabled For example if ports A1 A10 have topology change notification enabled the following entry appears in the show running output lldp top change notify A1 A10 Default Disabled Note To send traps this feature requires access to at least one SNMP server For information on configuring traps r...

Page 401: ...ration of the fast start count interval In most cases the default setting should provide an adequate fast start count interval Range 1 10 seconds Default 5 seconds Note This global command applies only to ports on which a new LLDP MED device is detected It does not override the refresh interval setting on ports where non MED devices are detected Advertising Device Capability Network Policy PoE Sta...

Page 402: ...LAN port membership configured on the switch can be tagged or untagged However if the LLDP MED endpoint expects a tagged mem bership when the switch port is configured for untagged or the reverse then a configuration mismatch results Typically the endpoint expects the switch port to have a tagged voice VLAN membership If a given port does not belong to a voice VLAN then the switch does not adverti...

Page 403: ...fig port list medTlvEnable medTlv Enables or disables advertisement of the following TLVs on the specified ports device capability TLV configured network policy TLV configured location data TLV Refer to Configuring Location Data for LLDP MED Devices on page 14 61 current PoE status TLV Default All of the above TLVs are enabled Helps to locate configuration mismatches by allowing use of an SNMP app...

Page 404: ... is selected as the VLAN for voice traffic Also this TLV cannot be enabled unless the capability TLV is already enabled For more information refer to Network Policy Advertisements on page 14 58 location_id This TLV enables the switch port to advertise its configured location data if any For more on configuring location data refer to Configuring Location Data for LLDP MED Devices Default Enabled No...

Page 405: ...E port or the power priority configured on the MED capable end point power value indicates the total power in watts that a switch port PSE can deliver at a particular time or the total power in watts that the MED endpoint PD requires to operate To display the current power data for an LLDP MED device connected to a port use the following command show lldp info remote device port list For more on t...

Page 406: ...without regard to type Configuring a new medPortLocation entry of any type on a port replaces any previously configured entry on that port civic addr COUNTRY STR WHAT CA TYPE CA VALUE CA TYPE CA VALUE CA TYPE CA VALUE This command enables configuration of a physical address on a switch port and allows up to 75 characters of address information COUNTRY STR A two character country code as defined by...

Page 407: ...ers are used by the PSAP to identify and organize the location data components in an understandable format for response personnel to interpret A civic addr command requires a minimum of one type value pair but typically includes multiple type value pairs as needed to configure a complete set of data describing a given location CA TYPE This is the first entry in a type value pair and is a number de...

Page 408: ...ure An ELIN Emergency Location Identification Number is a valid North American Numbering Plan NANP format telephone number assigned to MLTS operators in North America by the appropriate authority The ELIN is used to route emergency E911 calls to a Public Safety Answering Point PSAP Range 1 15 numeric characters Configuring Coordinate Based Locations Latitude longitude and altitude data can be conf...

Page 409: ...ost Configuration Protocol DHCPv4 and DHCPv6 Option for Civic Addresses Configuration Information draft ietf geopriv dhcp civil 06 dated May 30 2005 For the actual codes to use contact the PSAP or other authority responsible for specifying the civic addressing data standard for your network Example of a Location Configuration Suppose a system operator wanted to configure the following information ...

Page 410: ...ol Figure 14 20 Example of a Civic Address Configuration Displaying Advertisement Data Command Page show lldp info local device below walkmib lldpXdot3LocPortOperMauType show lldp info remote device 14 69 walkmib lldpXdot3RemPortAutoNegAdvertisedCap show lldp info stats 14 71 14 66 ...

Page 411: ...e port list option this command displays only the following port specific information that is currently available for outbound LLDP advertisements on the specified ports PortType PortId PortDesc Note This command displays the information available on the switch Use the lldp config port list command to change the selection of information that is included in actual outbound advertisements In the def...

Page 412: ...Management Address on page 14 39 Figure 14 21 Example of Displaying the Global and Per Port Information Available for Outbound Advertisements Figure 14 22 Example of the Default Per Port Information Content for Ports 1 and 2 Displaying the Current Port Speed and Duplex Configuration on a Switch Port Port speed and duplex information for a switch port and a connected LLDP MED endpoint can be compar...

Page 413: ...s are listed by the inbound port on which they were discovered Multiple devices listed for a single port indicates that such devices are connected to the switch through a hub Discovering the same device on multiple ports indicates that the remote device may be connected to the switch in one of the following ways Through different VLANS using separate links This applies to switches that use the sam...

Page 414: ...Example of a Global Listing of Discovered Devices Indicates the policy configured on the telephone A configuration mismatch occurs if the supporting port is configured differently Figure 14 24 Example of an LLLDP MED Listing of an Advertisement Received From an LLDP MED VoIP Telephone Source 14 70 ...

Page 415: ...ntries Count Shows the total of new LLDP neighbors detected since the last switch reboot Disconnecting then reconnecting a neighbor increments this counter Neighbor Entries Deleted Count Shows the number of neighbor deletions from the MIB for AgeOut Count and forced drops for all ports For example if the admin status for port on a neighbor device changes from tx_rx or txonly to disabled or rxonly ...

Page 416: ... the maximum number of neighbors Refer to Neighbor Maximum on page 14 73 This can also be an indication of advertisement formatting problems in the neighbor device Frames Invalid Shows the total number of invalid LLDP advertisements received on the port An invalid advertisement can be caused by header formatting problems in the neighbor device TLVs Unrecognized Shows the total number of LLDP TLVs ...

Page 417: ...istics Display Figure 14 26 Example of a Per Port LLDP Statistics Display LLDP Operating Notes Neighbor Maximum The neighbors table in the switch supports as many neighbors as there are ports on the switch The switch can support multiple neighbors connected through a hub on a given port but if the switch neighbor maximum is reached advertisements from additional neighbors on the same or other port...

Page 418: ...sumes Neighbor Data Can Remain in the Neighbor Database After the Neighbor Is Disconnected After disconnecting a neighbor LLDP device from the switch the neighbor can continue to appear in the switch s neighbor database for an extended period if the neighbor s holdtime multiplier is high especially if the refresh interval is large Refer to Changing the Time to Live for Transmitted Advertisements o...

Page 419: ...ry Protocol data received by the switch from other devices LLDP operation includes both transmitting LLDP packets to neighbor devices and reading LLDP packets received from neighbor devices CDP operation is limited to reading incoming CDP packets from neighbor devices ProCurve switches do not generate CDP packets LLDP and CDP Neighbor Data With both LLDP and read only CDP enabled on a switch port ...

Page 420: ...LLDP and CDP support the System Capability TLV However LLDP differentiates between what a device is capable of supporting and what it is actually supporting and separates the two types of information into subelements of the System Capability TLV CDP has only a single field for this data Thus when CDP System Capability data is mapped to LLDP the same value appears in both LLDP System Capability fie...

Page 421: ...u want to use only one type of data from a neighbor sending both types disable the unwanted protocol on either the neighbor device or on the switch However if the chassis and port ID information in the two types of advertisements is the same the LLDP information overwrites the CDP data for the same neighbor device on the same port CDP Operation and Commands By default the switches covered in this ...

Page 422: ...he switch s CDP Neighbors table maintained in the switch s MIB Management Information Base refer to the documentation provided with the particular SNMP utility Viewing the Switch s Current CDP Configuration CDP is shown as enabled disabled both globally on the switch and on a per port basis Syntax show cdp Lists the switch s global and per port CDP configuration The following example shows the def...

Page 423: ...e port at a time Using detail provides a longer list of details on the CDP device the switch detects on the specified port detail e port num Provides a list of the details for all of the CDP devices the switch detects Using port num produces a list of details for the selected port Figure 14 29 lists CDP devices that the switch has detected by receiving their CDP packets Figure 14 29 Example of CDP...

Page 424: ...r example to disable CDP read only on the switch ProCurve config no cdp run When CDP is disabled show cdp neighbors displays an empty CDP Neighbors table show cdp displays Global CDP information Enable CDP Yes No Enabling or Disabling CDP Operation on Individual Ports In the factory default configuration the switch has all ports enabled to receive CDP packets Disabling CDP on a port causes it to d...

Page 425: ... 12 Management Module Switchover 15 13 Events that Cause a Switchover 15 13 When Switchover Will not Occur 15 13 Consequences of Switchover 15 14 Resetting the Management Module 15 14 Hotswapping Management Modules 15 15 Hotswapping Out the Active Management Module 15 15 Hotswapping In a Management Module 15 16 and Hotswapped Module 15 16 Downloading a New Software Version 15 17 File Synchronizati...

Page 426: ...Show Version 15 27 Existing CLI Commands Affected by Redundant Management 15 29 Boot Command 15 29 Setting the Default Flash for Boot 15 31 Reload Command 15 32 Additional Commands Affected by Redundant Management 15 34 Using the Web Browser for Redundant Management 15 36 Identity Page 15 36 Overview Page 15 37 Redundancy Status Page 15 37 Device View Page 15 38 Management Module LED Behavior 15 4...

Page 427: ...ng software versions Not e The fabric modules are resilient to each other you need both modules enabled for 100 performance With one module enabled you will have 50 performance but most networks operate at less than 50 utilization The modules can be individually enabled or disabled See Enabling and Disabling Fabric Modules on page 15 12 Terminology Redundant management uses the following terminolo...

Page 428: ... becomes active finishes booting and then brings up the interface modules and ports The standby module boots to a certain point synchronizes basic files such as the config and security files and only finishes booting if the active management module fails or you choose to change which module is the active module The two management modules communicate by sending heartbeats back and forth The active ...

Page 429: ...nt module page 15 6 redundancy switchover 15 8 redundancy active management 15 9 redundancy fabric module 15 12 Displaying Redundancy Status Not e You should be at the global configuration level when executing these commands that is Procurve config as shown in the examples You can display the status of both the management and fabric redundant modules using this command Syntax show redundancy Displ...

Page 430: ... module continues to be the active module on boot unless you use the redundancy active management command to make the other module the active module When you enable redundancy you are prompted with All configuration files and software images on the off line management module will be overwritten with the data from the current active management module Do you want to continue y n The no version of th...

Page 431: ...l Enabled FM2 ProCurve J9093A Fabric Module 8200zl Enabled Figure 15 2 Example of Enabling Redundancy The no version of the redundancy management module command is used to disable redundancy on the switch as seen in Figure 15 3 The show redundancy command displays Mgmt Redundancy as disabled The standby management module 1 is now offline Management module 2 remains the active management module Not...

Page 432: ...t module become the active management module use the redundancy switchover command The switch will switchover after all files have finished synchronizing This may take a couple of minutes if there have been recent configuration file changes or if you have downloaded a new operating system The standby module finishes booting and becomes the active module The formerly active module becomes the stand...

Page 433: ...over Command Setting the Active Management Module for Next Boot You can select which management module you want to be the active management module at the next boot system Not e A switchover before the next system boot cancels what you configured with the redundancy active management command Syntax redundancy active management standby management module1 management module2 The specified module becom...

Page 434: ...ot the management module2 will become active ProCurve config boot system boot occurs ProCurve config show redundancy Settings Mgmt Redundancy enabled Statistics Failovers 0 Last Failover Slot Module Description Status SW Version MM1 ProCurve J9092A Management Module 8200zl Standby K 12 30 MM2 ProCurve J9092A Management Module 8200zl Active K 12 30 Boot Image Primary Primary FM1 FM2 ProCurve J9093A...

Page 435: ... J9093A Fabric Module 8200zl Enabled ProCurve Switch 8200zl config redundancy active management standby On the next system boot the standby will become active ProCurve config boot The other management module is not in standby mode and this command will not cause a switchover System will reboot from primary image Do you want to continue y n y After system reboots ProCurve config show redundancy Set...

Page 436: ...e fabric module connects to all 12 module slots Syntax redundancy fabric module 1 2 enable disable Allows enabling or disabling of fabric modules You cannot have both fabric modules disabled at the same time Default Both fabric modules are enabled ProCurve config redundancy fabric module 2 disable ProCurve config show redundancy Settings Mgmt Redundancy enabled Statistics Failovers 0 Last Failover...

Page 437: ...ctive command is executed The reload command is executed There is a hardware failure on the active management module The active management module crashes In all of these cases the standby management module takes control and performs the actual switchover The reason for the switchover is entered in log messages on the newly active management module and to any configured Syslog servers Not e You sho...

Page 438: ...d switchover occurs The standby management module is notified immediately It then takes over and becomes the active management module If the MM Reset button is pressed on the standby management module that module reboots but no other switch operations are affected The active management module remains in control Ifredundancyisdisabled theactivemanagementmodulerebootsandremains in control as long as...

Page 439: ...le are overwritten with files from the active management module The data that was on the hotswapped module is lost 1 On the management module to be hotswapped out press the MM Shut down button It is located between the Module Operation and Component Status LEDs See Figure 15 9 Figure 15 9 The MM Shutdown Button 2 The Dwn LED to the right of the MM Shutdown button will begin flashing green File syn...

Page 440: ...dule will become the active management module as there is already a functioning active management module However these conditions must be met to determine if the hotswapped module can become a standby management module The hotswapped module must pass selftest Redundancy is not administratively disabled using the configuration level command no redundancy management module If the active manage ment ...

Page 441: ... standby module will also be synchronized to use config1 Table 15 1 Example of Upgrading Software Version K 12 03 to Version K 12 04 Newer Code to Secondary Flash New Code to Primary Flash Active MM Standby MM Active MM Standby MM Software version downloaded to Primary flash image K 12 03 K 12 03 K 12 04 K 12 04 Software version downloaded to Secondary flash image K 12 04 K 12 04 K 12 03 K 12 03 N...

Page 442: ...ediately copied to the corresponding flash primary or secondary in the standby management module unless redundancy has been disabled If the standby management module is rebooted it will be running a different software version than the active management module You can direct the standby module to boot from the non corresponding flash image that has a different software version during the actual reb...

Page 443: ... 15 11 When the Config Files are Different You can also have a situation where you are running the same software on the active and standby management modules but the standby module is configured to use a different configuration file from the active module When you enter the show redundancy command this message displays Warning Standby management module is set to use a different configuration file ...

Page 444: ...Enabled Statistics Failovers 0 Last Failover Slot Module Description Status SW Version Boot Image MM1 ProCurve J9092A Management Module 8200zl Active K 12 30 Primary MM2 ProCurve J9092A Management Module 8200zl Standby K 12 30 Primary FM1 ProCurve J9093A Fabric Module 8200zl Enabled FM2 ProCurve J9093A Fabric Module 8200zl Enabled Warning Standby module is running a different software version Conf...

Page 445: ...corrupted module is immediately overwritten by the software version in the active management module Both management modules should now be operating on the same software version Turning Off Redundant Management Disabling Redundancy with Two Modules Present In some cases for troubleshooting a suspect management module you may want to operate the switch with redundant management disabled by entering ...

Page 446: ...sed for system redundancy except in the case of a hardware failure of the active management module Do you want to continue y n y ProCurve config show redundancy Settings Mgmt Redundancy disabled Statistics Failovers 0 Last Failover Slot Module Description Status SW Version Boot Image 1 ProCurve J9092A Management Module 8200zl Offline K 12 XX Primary 2 ProCurve J9092A Management Module 8200zl Activ...

Page 447: ...h ProCurve config show modules Status and Counters Module Information Chassis 8212zl J9091A Serial Number LP711BX00Z Slot Module Description Serial Number Status MM1 ProCurve J9092A Management Module 8200zl 111111111111 Active MM2 ProCurve J9092A Management Module 8200zl 222222222222 Standby FM1 ProCurve J9093A Fabric Module 8200zl 1234SSN Enabled FM2 ProCurve J9093A Fabric Module 8200zl 5678SSN D...

Page 448: ... Secondary FM1 ProCurve J9093A Fabric Module 8200zl Enabled FM2 ProCurve J9093A Fabric Module 8200zl Enabled Status SW Version Boot Image The active management module was last booted from secondary flash The standby management module was last booted from primary flash Figure 15 14 Example of show redundancy Command Show Flash The show flash command displays which software version is in each flash ...

Page 449: ...Module 1 Standby Image stamp sw code build btm t2g Mar 5 2007 13 20 59 K 12 XX 351 Boot Image Primary Management Module 2 Active Both management Image stamp sw code build btm t2g modules were booted Mar 5 2007 13 20 59 from primary flash K 12 XX 351 Boot Image Primary Figure 15 16 Example of Show Version Command when Redundancy is Enabled When redundancy is disabled the output of the show version ...

Page 450: ... tftp Enable succeeded I 01 26 07 17 36 19 00417 cdp CDP enabled I 01 26 07 17 36 19 00688 lldp LLDP enabled I 01 26 07 17 36 19 00540 system Initial active to standby sync complete I 01 26 07 17 36 19 00066 system Mgmt Module 2 Booted I 01 26 07 17 36 19 00260 system Mgmt Module 2 Active I 01 26 07 17 36 27 00375 chassis Slot D Downloading I 01 26 07 17 36 29 00376 chassis Slot D Download Complet...

Page 451: ...8200zl Enabled Figure 15 19 Example of Show Redundancy Command for Standby Module Show Flash You can display the flash information on the standby module as shown in Figure 15 20 The Default Boot field displays which flash image will be used for the next boot Standby Console show flash Image Size Bytes Date Version Primary Image 7493854 03 21 07 K 12 30 Secondary Image 7463821 03 05 07 K 12 30 Boot...

Page 452: ...d on an active management module this only shows the running version of software on the standby management module Standby Console show version Image stamp sw code build btm t2g Mar 21 2007 15 03 31 K 12 XX 1617 Boot Image Primary Was booted from primary flash Figure 15 21 Example of Show Version Command for Standby Module 15 28 ...

Page 453: ...he standby module is not in standby mode for example it is in failed mode or offline mode switchover to the standby module does not occur The system is rebooted This message displays The other management module is not in standby mode and this command will not cause a switchover but will reboot the system do you want to continue y n If the other management module is not present in the switch the sy...

Page 454: ...e and standby management modules You can specify the flash image to boot from Sets the default flash for the next boot to primary or secondary You will see this message Thiscommandchangesthelocationofthedefaultboot This command will change the default flash image to boot from flashchosen Hereafter reload and boot commandswill boot from flash chosen Do you want to continue y n You can select a boot...

Page 455: ...h Default Flash set to Secondary C a u t i o n For a given reboot the switch automatically reboots from the startup config file assigned to the flash primary or secondary being used for the current reboot The startup default command can be used to set a boot configuration policy This means that both the flash image and one of the three configuration files can be specified as the default boot polic...

Page 456: ...how flash Image Size Bytes Date Version Primary Image 7463821 03 05 07 K 12 30 Secondary Image 7463821 03 05 07 K 12 30 Boot Rom Version K 12 01 Default Boot Secondary Figure 15 24 Example of boot set default Command Defaulting to Secondary Flash Reload Command The reload command boots the active management module from the current default flash You can change the default flash with the boot set de...

Page 457: ... not display a prompt to save configuration file changes the changes are lost on the scheduled reload ProCurve config reload This command will cause a switchover to the other management module which may not be running the same software image and configurations Do you want to continue y n y Boots ProCurve config show redundancy Settings Mgmt Redundancy Enabled Statistics Failovers 1 Last Failover M...

Page 458: ...le to the standby management module When no parameter is specified with the copy crash data or copy crash log command files from all modules management and interface are concatenated See Crash Files on page 15 42 Note If redundancy is disabled or the standby module failed selftest the copy command affects only the active management module crypto Authentication files for ssh or the https server are...

Page 459: ...e standby module log Log messages from a formerly active management module are available on the current active management module after a switchover password set or clear Affects only the active management module until a switchover occurs at which time it affects the new active module The new password information is sent to the standby module and takes effect when a switchover occurs startup defaul...

Page 460: ... ProCurve Web Browser Interface in this guide Online Help is available for the web browser interface You can use it by clicking on the question mark button in the upper right corner of any of the web browser interface screens Identity Page The Identity page displays information about the version of software running on both the active and the standby management module Software version on standby Ma...

Page 461: ...rsion of software running on each management module The SystemUp Time since the last reboot Figure 15 27 Overview Page Showing the SystemUp Time for Both Management Modules Redundancy Status Page The Redundancy Status tab is visible only if the alternate management module non active module is in standby mode Select the Status tab and then the Redundancy Status button The Redundancy Statuspage disp...

Page 462: ...Device View page displays a graphical representation of the switch Select the Configuration tab and then the Device View button The information displayed includes Fabric modules Interface modules System Support module LEDs and the status of the switch and management modules The LEDs indicate in green which management module is active and which management module is in standby mode 15 38 ...

Page 463: ...Redundancy Switch 8212zl Using the Web Browser for Redundant Management Figure 15 29 Device View Showing Two Management Modules 15 39 ...

Page 464: ...es and what they indicate Refer to the Installation and Getting Started Guide for your switch for more information about LEDs Figure 15 30 The Actv LED on the Management Module Table 15 2 Actv Active LED Behavior for Management Modules Active Module Actv LED Standby Module Actv LED Meaning Solid green Not lit Correct Active Standby mode Not lit Flashing green Standby module is starting to take ove...

Page 465: ...Mgmt Module 1 Active I 01 26 07 17 36 19 00068 chassis Fabric 1 active I 01 26 07 17 36 19 00068 chassis Fabric 2 active I 01 26 07 17 36 19 00068 chassis Slot D Inserted I 01 26 07 17 36 19 00690 udpf DHCP relay agent feature enabled I 01 26 07 17 36 19 00400 stack Stack Protocol disabled I 01 26 07 17 36 19 00128 tftp Enable succeeded I 01 26 07 17 36 19 00417 cdp CDP enabled I 01 26 07 17 36 19...

Page 466: ...odule in the specified slot mm retrieves the crash logs from both management modules and concatenates them Syntax copy crash data slot id mm tftp ip address filename Copies both the active and standby management modules crash data to a user specified file If no parameter is specified files from all modules management and interface are concatenated slot id retrieves the crash data from the interfac...

Page 467: ...mt Module 1 in Active Mode went down 06 07 07 14 48 36 Operator warm reload from CONSOLE session Mgmt Module 1 in Active Mode went down 06 07 07 11 43 10 Operator cold reboot from CONSOLE session Mgmt Module 2 Saved Crash Information most recent first No Saved Crash Information Figure 15 32 An Example of the System Boot Log File 15 43 ...

Page 468: ...e The module must have passed selftest and be in standby mode The entire boot decision process works as follows 1 If there is only one management module that is the active management module 2 If one module is already booted and operational a newly inserted module will always become the standby module The standby module does not become active unless a switchover occurs 3 If there are two management...

Page 469: ... active on last boot Only one module was on standby last boot Module in lowest slot becomes active Switch fails to boot Module passing selftest becomes active Module 1 becomes active module One module booted In chassis Module 2 becomes active module Module active last time becomes active module Module standby last time becomes active module Module last booted in chassis becomes active module Yes Y...

Page 470: ... RMON_SYSTEM_MGMT_FAILED_SYNC 263 Mgmt Module 1 or 2 Offline redundancy disabled info The no redundancy management module command was issued and the specified management module went offline RMON_SYSTEM_MGMT_OFFLINE 264 Mgmt Module 1 or 2 Failed Selftest warn The specified management module failed selftest and will not become an active or standby module RMON_SYSTEM_MGMT_FAILED 265 LostCommunication...

Page 471: ...module must be in active or standby mode to be shut down The module goes into a down state which allows you to safely swap it out RMON_SYSTEM_MGMT_HSBUTTONERR 272 Mgmt Module 1 or 2 Offline shutdown info The specified management module is offline because of a shutdown RMON_SYSTEM_MGMT_SHUTDOWN 273 ResettingMgmtModule 1or2 reason for reset info The indicated management module is being reset for the...

Page 472: ...Redundancy Switch 8212zl Event Log Messages 15 48 ...

Page 473: ...ownload Switch Software From a PC or UNIX Workstation A 16 Menu Xmodem Download to Primary Flash A 16 CLI Xmodem Download from a PC or UNIX Workstation to Primary or Secondary Flash A 17 Using USB to Transfer Files to and from the Switch A 18 Using USB to Download Switch Software A 19 Switch to Switch Download A 20 Menu Switch to Switch Download to Primary Flash A 21 CLI Switch To Switch Downloads...

Page 474: ... 28 USB Copying a Configuration File from a USB Device A 29 Transferring ACL Command Files A 29 TFTP Uploading an ACL Command File from a TFTP Server A 30 Xmodem Uploading an ACL Command File from a Serially Connected PC or UNIX Workstation A 31 USB Uploading an ACL Command File from a USB Device A 32 Copying Diagnostic Data to a Remote Host USB Device PC or UNIX Workstation A 33 Copying Command O...

Page 475: ...s a source or destination for file transfers see appropriate sections for command syntax and operations Downloading Switch Software ProCurve periodically provides switch software updates through the ProCurve Networking web site For more information refer to the support and warranty booklet shipped with the switch or visit www procurve com and click on software updates After you acquire a new softw...

Page 476: ...ase use the boot ROM console to download a new image to primary flash Refer to Restoring a Flash Image on page C 65 Using TFTP To Download Switch Software from a Server This procedure assumes that A software version for the switch has been stored on a TFTP server accessible to the switch The software file is typically available from the ProCurve Networking web site at www procurve com The switch i...

Page 477: ...Software Screen Default Values 2 Press E for Edit 3 Ensure that the Method field is set to TFTP the default 4 In the TFTP Server field type in the IP address of the TFTP server in which the software file has been stored 5 In the Remote File Name field type the name of the software file If you are using a UNIX system remember that the filename is case sensitive 6 Press Enter then X for eXecute to b...

Page 478: ...menu interface to download a switch software the new image is always stored in primary flash Also using the Reboot Switch command in the Main Menu always reboots the switch from primary flash Rebooting the switch from the CLI gives you more options Refer to Rebooting the Switch on page 6 19 8 After you reboot the switch confirm that the software downloaded cor rectly a FromtheMainMenu select 1 Sta...

Page 479: ...tware screen One or more of the switch s IP configuration parameters are incorrect For a UNIX TFTP server the file permissions for the software file do not allow the file to be copied Another console session through either a direct connection to a terminal device or through Telnet was already running when you started the session in which the download was attempted Not e If an error occurs in which...

Page 480: ... flash primary secondary Boots from the selected flash Syntax reload Boots from the flash image and startup config file A switch covered in this guide with multiple configuration files also uses the current startup config file For more on these commands refer to Rebooting the Switch on page 6 19 4 To confirm that the software downloaded correctly execute show system and check the Firmware revision...

Page 481: ... you also download the documentation As described earlier in this chapter you can use a TFTP client on the admin istrator workstation to update software images This is a plain text mechanism anditconnectstoastandaloneTFTPserveroranotherProCurveswitchacting as a TFTP server to obtain the software image file s Using SCP and SFTP allows you to maintain your switches with greater security You can also...

Page 482: ... that the most third party software application clients that support SCP use SSHv1 How It Works The general process for using SCP and SFTP involves three steps 1 Open an SSH tunnel between your computer and the switch if you haven t already done so This step assumes that you have already set up SSH on the switch 2 Execute ip ssh filetransfer to tell the switch that you want to enable secure file t...

Page 483: ...essage ProCurve config sho run Running configuration J9091A Configuration Editor Created on release K 12 XX hostname ProCurve module 1 type J8702A module 2 type J702A vlan 1 name DEFAULT_VLAN untagged A1 A24 B1 B24 ip address 10 28 234 176 255 255 240 0 exit ip ssh filetransfer no tftp enable password manager password operator Viewingtheconfigurationshows thatSFTP is enabled and TFTP is disabled F...

Page 484: ... produces one of the following messages in the CLI SFTP must be disabled before enabling tftp SFTP must be disabled before enabling auto tftp Similarly while SFTP is enabled TFTP cannot be enabled using an SNMP management application Attempting to do so generates an inconsistent value message An SNMP management application cannot be used to enable or disable auto TFTP ToenableSFTP by usinganSNMPma...

Page 485: ...tion thus preventing auto tftp operation if the switch reboots Note This command does not affect the current TFTP enable configuration on the switch Command Options If you need to enable SSH v2 which is required for SFTP enter this command ProCurve config ip ssh version 2 Note As a matter of policy administrators should not enable the SSHv1 only or the SSHv1 or v2 advertisement modes SSHv1 is supp...

Page 486: ...tication on a switch providing SCP or SFTP support use the switch s local username password facility Otherwise you can use the switch s local public key for authentication Some clients such as PSCP PuTTY SCP automatically compare switch host keys for you Other clients require you to manually copy and paste keys to the HOME ssh known_hosts file Whatever SCP SFTP software tool you use after installi...

Page 487: ...f crash data g 8212zl only crash data h crash data I crash data J crash data K crash data L crash log crash log a crash log b crash log c crash log d 8212zl only crash log e crash log f crash log g 8212zl only crash log h crash log I crash log J crash log K crash log L event log os primary secondary ssh mgr_keys authorized_keys oper_keys authorized_keys Once you have configured your switch for sec...

Page 488: ...the Transfer dropdown menu Menu Xmodem Download to Primary Flash Note that the menu interface accesses only the primary flash 1 From the console Main Menu select 7 Download OS 2 Press E for Edit 3 Use the Space bar to select XMODEM in the Method field 4 Press Enter then X for eXecute to begin the software download The following message then appears Press enter and then initiate Xmodem transfer fro...

Page 489: ...dem Download from a PC or UNIX Workstation to Primary or Secondary Flash Using Xmodem and a terminal emulator you can download a software file to either primary or secondary flash Syntax copy xmodem flash primary secondary Downloads a software file to primary or secondary flash If you do not specify the flash destination the Xmodem download defaults to primary flash For example to download a switc...

Page 490: ...software version that you downloaded in the preceding steps If you need information on primary secondary flash memory and the boot commands refer to Using Primary and Secondary Flash Image Options on page 6 14 Using USB to Transfer Files to and from the Switch The switch s USB port labeled as Auxiliary Port allows the use of a USB flash drive for copying configuration files to and from the switch ...

Page 491: ... has been stored on a USB flash drive The latest software file is typically available from the ProCurve Network ing web site at www procurve com The USB device has been plugged into the switch s USB port Before you use the procedure Determine the name of the software file stored on the USB flash drive for example k0800 swi Decide whether the image will be installed in the primary or secondary flas...

Page 492: ...ust reboot the switch to implement the newly loaded software To do so use one of the following commands Syntax boot system flash primary secondary Boots from the selected flash Syntax reload Boots from the flash image and startup config file A switch covered in this guide with multiple configuration files also uses the current startup config file For more on these commands refer to Rebooting the S...

Page 493: ...owercase characters To download the software in the secondary flash of the source switch type os secondary 5 Press Enter then X for eXecute to begin the software download 6 A progress bar indicates the progress of the download When the entire switch software download has been received all activity on the switch halts and the following messages appear Validating and writing system software to FLASH...

Page 494: ...nly Syntax copy tftp flash ip addr flash primary secondary This command executed in the destination switch downloads the software flash in the source switch s primary flash to either the primary or secondary flash in the destination switch If you do not specify either a primary or secondary flash location for the destination the download automatically goes to primary flash For example to download ...

Page 495: ...econdary flash in a destination switch you would execute the following command in the destination switch s CLI Figure A 9 Switch to Switch from Either Flash in Source to Either Flash in Destination Using PCM to Update Switch Software ProCurve Manager Plus includes a software update utility for updating on ProCurve switch products For further information refer to the Getting Started Guide and the A...

Page 496: ...onnected via the serial port to a PC or UNIX workstation Syntax copy flash xmodem pc unix Uses Xmodem to copy a designated configuration file from the switch to a PC or Unix workstation For example to copy the primary flash image to a serially connected PC 1 Execute the following command Procurve copy xmodem flash Press Enter and start XMODEM on your host 2 After you see the above prompt press Ent...

Page 497: ...g file A 26 Use Xmodem to copy a config file to a serially connected host A 27 Use USB to copy a configuration from a USB device to a config file A 28 Use USB to copy a config file to a USB device A 29 Using the CLI commands described in this section you can copy switch configurations to and from a switch or copy a software image to configure or replace an ACL in the switch configuration Not e The...

Page 498: ...p config running config ip address remote file pc unix copy tftp config filename ip address remote file pc unix This command can copy a configuration from a remote host to a designated config file in the switch For more on multiple configuration files refer to Multiple Configuration Files on page 6 27 Refer to Using Primary and Secondary Flash Image Options on page 6 14 for more on flash image use...

Page 499: ...ss Enter 4 Execute the terminal emulator commands to begin the file transfer Xmodem Copying a Configuration File from a Serially Connected PC or UNIX Workstation To use this method the switch must be connected via the serial port to a PC or UNIX workstation on which is stored the configuration file you want to copy To complete the copying you will need to know the name of the file to copy and the ...

Page 500: ...For more on multiple configuration files refer to Multiple Configuration Files on page 6 27 Syntax reload Reboots from the flash image currently in use For more on these commands refer to Rebooting the Switch on page 6 19 USB Copying a Configuration File to a USB Device To use this method a USB flash memory device must be connected to the switch s USB port Syntax copy startup config usb filename c...

Page 501: ...le to copy a configuration file from a USB device to the switch 1 Insert a USB device into the switch s USB port 2 Execute the following command Procurve copy usb startup config procurve config where procurve config is the name of the file to copy 3 At the prompt press Enter to reboot the switch and implement the newly downloaded software Transferring ACL Command Files This section describes how t...

Page 502: ... the file Depending on the ACL commands used this action does one of the following in the running config file Creates a new ACL Replaces an existing ACL Refer to Creating an ACL Offline in the Access Control Lists ACLs chapter in the latest Access Security Guide for your switch Adds to an existing ACL For example suppose you 1 Created an ACL command file named vlan10_in txt to update an existing A...

Page 503: ...om the CLI indicates that the file was implemented creating ACL 155 in the switch s running configuration Figure A 10 Example of Using the Copy Command to Download and Configure an ACL Xmodem Uploading an ACL Command File from a Serially Connected PC or UNIX Workstation Syntax copy xmodem command file unix pc Uses Xmodem to copy and executes an ACL command from a PC or Unix workstation Depending o...

Page 504: ...chapter in the latest Access Security Guide for your switch Adds to an existing ACL For example suppose you 1 Created an ACL command file named vlan10_in txt to update an existing ACL 2 Copied the file to a USB flash drive Usinga PC workstation you then execute thefollowingfrom theCLIto upload the file to the switch and implement the ACL commands it contains ProCurve config copy usb command file v...

Page 505: ...r Specific operating data useful for determining the reason for a system crash The destination device and copy method options are as follows CLI key word is in bold Remote Host via TFTP Physically connected USB flash drive via the switch s USB port Serially connected PC or UNIX workstation via Xmodem Copying Command Output to a Destination Device Syntax copy command output cli command tftp ip addr...

Page 506: ...event log usb filename copy event log xmodem filename These commands copy the Event Log content to a remote host attached USB device or to a serially connected PC or UNIX workstation For example to copy the event log to a PC connected to the switch At this point press Enter and start the Xmodem command sequence in your terminal emulator Figure A 12 Example of Sending Event Log Content to a File on...

Page 507: ...d in double quotes for example show system Note For 8200zl switches When selecting mm as the source both the active and standby management modules crash data is copied to a user specified file If no parameter is specified files from all modules management and interface are concatenated destination Specifies the target to be copied to which can be tftp xmodem usb startup configuration file command ...

Page 508: ...ation file crash log slots a h mm crash data event log command output command Note When using command output put the desired CLI command in double quotes for example show system Note For 8200zl switches When selecting mm as the source both the active and standby management modules crash logs are copied to a user specified destination If no parameter is specified files from all modules management a...

Page 509: ...X Workstation For example to copy the Crash Log for slot C to a file in a PC connected to the switch At this point press Enter and start the Xmodem command sequence in your terminal emulator Figure A 14 Example of sending a Crash Log for Slot C to a File on an Attached PC A 37 ...

Page 510: ...File Transfers Copying Diagnostic Data to a Remote Host USB Device PC or UNIX Workstation A 38 ...

Page 511: ...t Status B 11 CLI Access B 11 Web Access B 11 Viewing Port and Trunk Group Statistics and Flow Control Status B 12 Menu Access to Port and Trunk Statistics B 13 CLI Access To Port and Trunk Group Statistics B 14 Web Browser Access To View Port and Trunk Group Statistics B 14 Viewing the Switch s MAC Address Tables B 15 Menu Access to the MAC Address Views and Searches B 15 CLI Access for MAC Addre...

Page 512: ... Configure Mirroring B 36 Quick Reference to Local Mirroring Set Up B 38 Quick Reference to Remote Mirroring Set Up B 39 1 Determine the Mirroring Session Identity and Destination B 41 2 Configure the Remote Mirroring Session on Destination Switch B 41 3 Configure the Mirroring Session on the Source Switch B 43 4 Configure Mirroring Sources B 47 Using Interface Identity and Direction of Movement U...

Page 513: ...Port Interface Effect of Downstream VLAN Tagging on and an ACL for Mirroring Criteria B 63 and Directional Mirroring Criteria B 66 Maximum Supported Frame Size B 68 Enabling Jumbo Frames To Increase the Mirroring Path MTU B 68 Untagged Mirrored Traffic B 69 Operating Notes B 70 Troubleshooting Mirroring B 72 Locating a Device B 72 Mirroring Configuration Examples B 62 B 3 ...

Page 514: ... 12 Event Log Lists switch operating events Using the Event Log To Identify Problem Sources on page C 26 Alert Log Lists network occurrences detected by the switch in the Status Overview screen of the web browser interface page 5 20 Configurable trap receivers Uses SNMP to enable management sta tions on your network to receive SNMP traps from the switch Refer to SNMPv1 and SNMPv2c Trap Features on...

Page 515: ...Menu CLI Lists the module type and description for each slot in which a B 9 module is installed Port Status Menu CLI Displays the operational status of each port B 11 Web Port and Trunk Statistics Menu CLI Summarizes port activity and lists per port flow control status B 12 and Flow Control Status Web VLAN Address Table Menu CLI Lists the MAC addresses of nodes the switch has detected on B 15 spec...

Page 516: ... at the Main Menu display the Status and Counters menu by select ing 1 Status and Counters Figure B 1 The Status and Counters Menu Each of the above menu items accesses the read only screens described on the following pages Refer to the online help for a description of the entries displayed in these screens B 6 ...

Page 517: ...cess From the console Main Menu select 1 Status and Counters 1 General System Information Figure B 2 Example of General Switch Information This screen dynamically indicates how individual switch resources are being used Refer to the online Help for details CLI Access Syntax show system information B 7 ...

Page 518: ... for details Not e As shown in figure B 3 all VLANs on the switches use the same MAC address This includes both the statically configured VLANs and any dynamic VLANs existing on the switch as a result of GVRP operation Also the switches covered in this guide use a multiple forwarding database When using multiple VLANs and connecting a switch to a device that uses a single forwarding database such ...

Page 519: ...ormation Use this feature to determine which slots have modules installed and which type s of modules are installed Menu Displaying Port Status From the Main Menu select 1 Status and Counters 3 Module Information Figure B 4 Example of Module Information in the Menu Interface B 9 ...

Page 520: ...8200zl 111111111111 Active MM2 ProCurve J9092A Management Module 8200zl 222222222222 Standby FM1 ProCurve J9093A Fabric Module 8200zl 1234SSN Enabled FM2 ProCurve J9093A Fabric Module 8200zl 5678SSN Disabled A ProCurve J8708A 4p 10G CX4 zl Module 333333333333 Up B ProCurve J8702A 24p Gig T zl Module 444444444444 Up C ProCurve J8702A 24p Gig T zl Module 555555555555 Up D ProCurve J8702A 24p Gig T z...

Page 521: ...and the console interface show the same port status data Menu Displaying Port Status From the Main Menu select 1 Status and Counters 4 Port Status Figure B 6 Example of Port Status on the Menu Interface CLI Access Syntax show interfaces brief Web Access 1 Click on the Status tab 2 Click on Port Status B 11 ...

Page 522: ...ecific port The menu interface and the web browser interface provide a dynamic display of counters summarizing the traffic on each port The CLI lets you see a static snapshot of port or trunk group statistics at a particular moment As mentioned above rebooting or resetting the switch resets the counters to zero You can also reset the counters to zero for the current session This is useful for trou...

Page 523: ...Port Counters on the Menu Interface To view details about the traffic on a particular port use the v key to highlight that port number then select Show Details For example selecting port A2 displays a screen similar to figure B 8 below Figure B 8 Example of the Display for Show details on a Selected Port This screen also includes the Reset action for the current session Refer to the Note on Reset ...

Page 524: ...command provides traffic details for the port s you specify To Reset the Port Counters for a Specific Port Syntax clear statistics port list This command resets the counters for the specified ports to zero for the current session See the Note on Reset on page B 12 Web Browser Access To View Port and Trunk Group Statistics 1 Click on the Status tab 2 Click on Port Counters 3 To refresh the counters...

Page 525: ...ach MAC address was learned Menu Access to the MAC Address Views and Searches Per VLAN MAC Address Viewing and Searching This feature lets you determine which switch port on a selected VLAN is being used to communi cate with a specific device on the network The per VLAN listing includes The MAC addresses that the switch has learned from network devices attached to the switch The port on which each...

Page 526: ...device 1 Proceeding from figure B 9 press S for Search to display the following prompt Enter MAC address _ 2 Type the MAC address you want to locate and press Enter The address and port number are highlighted if found If the switch does not find the MAC address on the currently selected VLAN it leaves the MAC address listing empty Located MAC Address and Corresponding Port Number Figure B 10 Examp...

Page 527: ...ecific Port 2 Use the Space bar to select the port you want to list or search for MAC addresses then press Enter to list the MAC addresses detected on that port Determining Whether a Specific Device Is Connected to the Selected Port Proceeding from step 2 above 1 Press S for Search to display the following prompt Enter MAC address _ 2 Type the MAC address you want to locate and press Enter The add...

Page 528: ...ing Port Numbers For example to list the learned MAC address on ports A1 through A4 and port A6 ProCurve show mac address a1 a4 a6 To List All Learned MAC Addresses on a VLAN with Their Port Numbers This command lists the MAC addresses associated with the ports for a given VLAN For example ProCurve show mac address vlan 100 Not e The switches coveredinthisguideoperate with a multiple forwarding da...

Page 529: ...cost priority state and designated bridge Syntax show spanning tree This command displays the switch s global and regional spanning tree status plus the per port spanning tree operation at the regional level Note that values for the following parameters appear only for ports connected to active devices Designated Bridge Hello Time PtP and Edge Figure B 12 Output from show spanning tree Command B 1...

Page 530: ... addresses per VLAN Number of report and query packets per group Querier access port per VLAN show ip igmp vlan id Per VLAN command listing above IGMP status for specified VLAN VID show ip igmp group ip addr Lists the ports currently participating in the specified group with port type Access type Age Timer data and Leave Timer data For example suppose that show ip igmp listed an IGMP group address...

Page 531: ...r the specified VLAN lists Name VID and status static dynamic Per Port mode tagged untagged forbid no auto Unknown VLAN setting Learn Block Disable Port status up down For example suppose that your switch has the following VLANs PortsVLANVID A1 A12DEFAULT_VLAN 1 A1 A2VLAN 33 33 A3 A4VLAN 44 44 The next three figures show how you could list data on the above VLANs Listing the VLAN ID VID and Status...

Page 532: ...he VLAN ID VID and Status for Specific Ports Because ports A1 and A2 are not members of VLAN 44 itdoesnotappear in this listing Figure B 15 Example of VLAN Listing for Specific Ports Listing Individual VLAN Status Figure B 16 Example of Port Listing for an Individual VLAN B 22 ...

Page 533: ...of the switch including summary graphs indicating the network utili zation on each of the switch ports symbolic port status indicators and the Alert Log which informs you of any problems that may have occurred on the switch For more information on this screen refer to the chapter titled Using the ProCurve Web Browser Interface Port Utilization Graphs Port Status Indicators Alert Log Figure B 17 Ex...

Page 534: ... Using the CLI you can make full use of the switch s local and remote mirroring capabilities Using the Menu interface you can configure only local mirroring for either a single VLAN or a list composed of ports and or static trunks Mirrored frames exceeding the allowed maximum transmission unit MTU size willbe dropped Also the switch applies a 54 byte IPv4 header to mirrored frames For more on thes...

Page 535: ...ound traffic on a given interface instead of all inbound traffic on the interface Terminology Destination For a given local mirroring session on a switch this is the exit port configured on that switch For a given remote mirroring session this is the remote switch supporting the exit port you want to use The destination for a given remote mirroring session should always be config ured before the s...

Page 536: ...n the same switch Mirroring Source Switch A switch configured to mirroring inbound and or outbound traffic to a destination on the same local switch or to a destination on a remote switch This is the switch on which mirrored traffic originates Remote Exit Port A port configured on a remote exit switch as the port through which traffic from a specific remote mirroring session leaves the switch A tr...

Page 537: ...00zl 6200yl 8200zl C a u t i o n Configuring a mirroring source switch with the destination and traffic selec tion criteria for a given mirroring session causes the switch to immediately begin mirroring traffic to that destination In the case of remote mirroring which uses IPv4 encapsulation if the intended exit switch is not already configured as the destination for that session its performance m...

Page 538: ...ote mirroring source sessions Mirroring Sessions A mirroring source can be a port or static trunk list a mesh or a VLAN A mirroring source and a mirroring destination comprise a given mirroring session For any session the destination must be a single exit port It cannot be a trunk VLAN or mesh Multiple mirroring sessions can be mapped to the same exit port which provides flexibility in distributin...

Page 539: ... only or both directions inbound and outbound combined inbound only out bound only or both directions ACL selected IP traffic Inbound only n a n a 1Configures only session 1 and only for local mirroring Not e Using the CLI you can access all mirroring capabilities on the switch Using the Menu or Web interfaces you can configure and display only session 1 and only as a local mirroring session for t...

Page 540: ...dividual port The switch mirrors traffic on static trunks but not on dynamic LACP trunks The switch mirrors traffic at line rate When mirroring multiple interfaces in networks with high traffic levels it is possible to copy more traffic to a mirroring destination than the link supports In this case some mirrored trafficmaynotreachthedestination If you are mirroring a high traffic volume distribute...

Page 541: ...e Local Mirroring Menu and Web Interface Limits The Menu and Web interfaces can be used to quickly configure or reconfigure local mirroring on session 1 and allow one of the following two mirroring source options any combination of source port s trunk s and or a mesh one static source VLAN interface The Menu and Web interfaces also have these limits Configure and display only session 1 and only as...

Page 542: ... Configuration 3 Network Monitoring Port Enable mirroring by setting this parameter to Yes Figure B 18 The Default Network Mirroring Configuration Screen 2 In the Actions menu press E for Edit 3 If mirroring is currently disabled for session 1 the default then enable it by pressing the Space bar or Y to select Yes 4 Press the down arrow key to display a screen similar to the following and move the...

Page 543: ...ort It cannot be a trunk or mesh In this example port 5 is selected as the local exit port 6 Highlight the Monitor field and use the Space bar to select the interfaces to mirror Ports Use for mirroring ports static trunks or the mesh VLAN Use for mirroring a VLAN 7 Do one of the following If you are mirroring ports static trunks or the mesh go to step 8 If you are mirroring a VLAN i Press Tab or t...

Page 544: ...affic you want to mirror to the local exit port 9 Press the Space bar to select Monitor for the port s and or trunk s and or mesh that you want mirrored Use the down arrow key to move from one interface to the next in the Action column If the mesh or any trunks are configured they will appear at the end of the port listing 10 When you finish selecting interfaces to mirror press Enter then press S ...

Page 545: ...te ip src ip src udp port dst ip B 44 Defining Traffic To Mirror on a Session Source Switch interface port trunk mesh monitor all in out both mirror ip access group acl name in mirror vlan vid monitor all in out both mirror ip access group acl name in mirror B 48 B 52 B 50 B 54 Display Commands show monitor endpoint 1 4 name name str B 56 Mirroring Examples B 62 Maximum Frame Size B 68 Operating N...

Page 546: ...tion VLAN or subnet IP address on the destination switch random UDP port number for the session 7933 65535 exit port on destination switch Must belong to the same VLAN as the port through which the remotely mirrored traffic for the session enters the switch For a given session the IP addressing and UDP port number selected in this step must be used on both the source and destination switches 2 On ...

Page 547: ...eric name exitport Thiscanbeanyportonthe switchexceptamirroringsource port 2 Use mirror 1 4 name name str port port to configure the session 3 Determine the source interface s to monitor VLAN port mesh and the traffic selection method in out or both inbound ACL 4 Use the monitor command to assign the source interface s to the session After completing step 4 the switch begins mirroring traffic to t...

Page 548: ...elects Traffic To Mirror Page B 48 no interface port trunk mesh monitor all in out both mirror 1 4 name str 1 4 name str 1 4 name str 1 4 name str Inbound ACL Criteria Selects Traffic To Mirror Page B 52 no interface port trunk mesh monitor ip access group acl name in mirror 1 4 name str 1 4 name str 1 4 name str 1 4 name str The name str option applies only if the specified mirroring session has ...

Page 549: ...d syntax details refer to the pages listed after each heading Caution When configuring a remote mirroring session always configure the destina tion switch first Configuring the source switch first can result in a large volume of mirrored IPv4 encapsulated traffic arriving at the destination without an exit path which can slow switch performance To Enable or Disable a Remote Mirroring Destination o...

Page 550: ...unk mesh monitor ip access group acl name in mirror 1 4 name str 1 4 name str 1 4 name str 1 4 name str The name str option applies only if the specified mirroring session has already been configured with the name name str option in the mirror command The no command form removes the port trunk mesh mirroring source from the specified session but leaves the session available for other assignments T...

Page 551: ...nation switch the mirrored traffic entry port for a given remote mirroring session and the exit port for that session must belong to the same VLAN the IP address of the VLAN or subnet on which the mirrored traffic enters or leaves the source switch the unique UDP port number to use for the session The recommended range is 7933 65535 Refer to the following Caution C a u t i o n Although the switch ...

Page 552: ...ce switch with a specific exit port on the destination switch This is done by using the same set of source and destination identifiers when configuring the same session on both the source and destination switches Thus foragivenmirroring session the src ip src udp port and dst ip for the mirrorendpoint command must be the same on both switches To see this correspon dence refer to the mirror command...

Page 553: ... which a traffic analyzer or IDS should be connected Note On the remote exit switch the mirrored traffic entry port for a given session and the exit port for that session must belong to the same VLAN 3 Configure the Mirroring Session on the Source Switch For local mirroring only a session number and a destination port number are needed You also have the option of associating a name with the sessio...

Page 554: ...r IDS should be connected Configuring a Source Switch for a Mirroring Destination on a Remote Switch Use this command when you want to mirroring traffic from a source switch to an exit port on a remote mirroring destination switch For a given session the values forthe fields in this command shouldalready be configured in the destination switch Refer to steps 1 and 2 on page B 41 C a u t i o n Conf...

Page 555: ... you want to continue y n If you have not yet configured the session on the mirroring destination switch use the instructions in step 2 on page B 41 to do so before using this command If you previously configured the session on the mirroring destination switch type y for yes to complete this command The no form of the command removes the mirroring session and any mirroring source previously assign...

Page 556: ...tion switch being sent to a mirroring exit port The configured UDP port number is included in the frames mirrored from the source switch to the remote exit switch mirror endpoint and enables the exit switch to match the frames to the exit port configured for that combination of UDP port number source IP address and destination IP address To see this correspondence refer to the mirror endpoint comm...

Page 557: ...tion or IP type all traffic inbound outbound or both ACL filtered IP traffic type inbound only Mirroring Source Limits For a given mirroring session you can configure any one of the following mirroring source options multiple ports trunks and or a mesh One VLAN If a VLAN is already assigned to a mirroring session assigning another VLAN to the same session causes the second assignment to overwrite ...

Page 558: ...roring session on a source switch It specifies the port trunk and or mesh source s to use the direction of traffic to mirror and the session identifier The no form of the command removes a mirroring source assigned to the session but does not remove the session itself This enables you to repurpose a session by removing an unwanted mirroring source and adding another in its place interface port tru...

Page 559: ...dentifiers For example 1 2 4 For limits on configuring mirroring sources to a given session refer to Mirroring Source Limits on page B 47 1 4 Assigns a numeric session identifier to associate with the traffic selected for mirroring by this command name name str Optional uses a previously configured alphanumeric identifier to associate the traffic source with the mirroring session The string can be...

Page 560: ...ource VLAN The no form of the command removes a mirroring source assigned to the session but does not remove the session itself This enables you to repurpose a session by removing an unwanted mirroring source and adding another in its place vlan vid Identifies the VLAN on which to mirror traffic monitor all in out both Uses the traffic s direction of movement on the specified vid to select traffic...

Page 561: ...CLs in the latest Access Security Guide for your switch ACLs used for selecting traffic to mirror are configured in the same way as ACLs for traffic filtering This means that an ACL applied as a static port ACL VLAN ACL VACL or routed ACL RACL can be applied to mirroring An ACL used for mirroring does not filter traffic When an ACL is applied to mirroring the permit and deny statements in the ACL ...

Page 562: ...effect of the ACL is to mirror or not mirror IP traffic instead of to permit or deny the IP traffic Syntax no interface port trunk mesh monitoripaccess group acl name in mirror 1 4 name str 1 4 name str 1 4 name str 1 4 name str This command assigns a mirroring source to a previously configured mirroring session on a source switch It specifies the port trunk and or mesh source s to use the previou...

Page 563: ...n by number or if configured by name The session must have been previously configured Refer to 3 Configure the Mirroring Session on the Source Switch on page B 43 Depending on how many sessions are already configured on the switch you can use the same command to assign the specified source to up to four numeric or alphanumeric identifiers For example 1 2 4 For limits on configuring mirroring sourc...

Page 564: ...ased on the selection criteria specified in the named ACL The ACL must be already be configured on the switch Refer to ACL Operation for Mirroring Applications on page B 51 Using monitor without mirroring criteria or session number affects session 1 Refer to Monitor Command on page B 71 acl name For traffic entering the switch on the specified interface mirror the IP traffic having a match with th...

Page 565: ...te the traffic source with the mirroring session The string can be used interchangeably with the mirroring session number when using this command to assign a mirroring source to a session To configure an alphanumeric name for a mirroring session refer to the command description under Configuring a Source Switch for a Mirroring Destination on a Remote Switch on page B 44 B 55 ...

Page 566: ...s session Type Indicates whether the session is a port local or IPv4 remote mirroring session Sources Indicates how many mirroring sources are using each mirroring session ACL Indicates whether the source is using an ACL to select traffic for mirroring If a remote mirroring endpoint is configured on the switch then the following fields appear Otherwise the output displays the following There are n...

Page 567: ...e show monitor Sources Session 1 is performing local mirroring from an ACL source Network Monitoring Session 2 is performing remote mirroring using non ACL sources Session 3 is not configured Sessions Status Type Sources ACL Session 4 isconfigured forremote mirroring from a non ACL source but is currently not mirroring any 1 active port 1 yes traffic 2 active IPv4 2 no Remote Mirroring Destination...

Page 568: ...fying a given mirroring session For a given mirroring session this value should be the same on the source and destination switches UDP Dest Addr The IP address configured as the destination VLAN or subnet on which the exit port exists For a given mirroring session this value should be the same on the source and destination switches Dest Port For a given mirroring session identifies the exit port o...

Page 569: ...iven mirroring session this value should be the same on the source and destination switches UDP port The unique UDP port number identifying a given mirroring session For a given mirroring session this value should be the same on the source and destination switches UDP Dest Addr The IP address configured as the destination VLAN or subnet on which the exit port exists For a given mirroring session t...

Page 570: ...s Mirror Destination IPv4 UDP Source Addr UDP port UDP Dest Addr Status 10 10 10 1 8010 10 10 30 2 active Monitoring Sources Direction Port B1 Both If there are no mirroring sources configured for a given mirroring session these two fields are empty Figure B 23 Example of Output for a Remote Mirroring Session If the selected session is configured for local mirroring using show monitor with the ses...

Page 571: ...es begin with the mirror keyword and the mirroring sources are listed per interface For example ProCurve config show run Running configuration J9091A Configuration Editor Created on release K 12 XX max vlans 300 ip access list extended 100 10 permit icmp 0 0 0 0 255 255 255 255 0 0 0 0 255 255 255 255 0 exit no ip address exit mirror 1 port B3 Configured Source Mirroring Sessions mirror 2 name tes...

Page 572: ...e of Using the Configuration File to View the Source Mirroring Configuration Mirroring Configuration Examples Local Mirroring Destination Example of Local Mirroring Configuration A system operator wants to mirror the inbound traffic from workstation X on port A5 and workstation Y on port B17 to a traffic analyzer connected to port C24 In this case the operator chooses 1 as the session number Any u...

Page 573: ...and B17 to session 1 Figure B 28 Example of Configuring Local Mirroring of Inbound Traffic Remote Mirroring Destination Using a VLAN Interface and an ACL for Mirroring Criteria In the network shown in figure B 29 the system operator has connected a traffic analyzer to port A15 in VLAN 30 on switch D and wants to monitor the Telnet traffic to the server at 10 10 30 153 from the workstations on swit...

Page 574: ...use for remote mirroring refer to the syntax description on page B 43 You can use the same random UDP port number on different interfaces because the identity of the mirroring source is the combination of the unique interface identity and the UDP port number and not the UDP port number alone 3 Configure an ACL on switches A and B to select inbound Telnet traffic intended for the server at 10 10 30...

Page 575: ...or 1 Configures an ACL with a permit entry ACE that mirrors Telnet traffic entering switch 1 on VLAN 10 if their destination is the server at 10 10 30 153 The implicit deny included in all ACLs prevents all other inbound traffic from being mirrored Configures VLAN 10 as the source of traffic to mirror and the ACL as the selection criteria for inbound traffic on VLAN 10 for mirror session 1 Uses th...

Page 576: ...connected another traffic analyzer to port B10 in VLAN 40 on switch D and wants to monitor all traffic entering Switch A from client X on port C12 The operator does this by configuring a mirroring destination with an exit port of B10 on switch D and a remote mirroring session on Switch A For this example assume that the mirroring configuration from the proceeding example remains in place This mean...

Page 577: ...e traffic selection criteria configure mirroring ses sion 2 on switch A for port C12 The proceeding example configured session 1 on the same switch 3 Configure switch A to mirror session 2 to the destination interface for port B10 on switch D Use a randomly selected UDP port number of 9400 Refer to the Note on page B 66 If you need information on selecting UDP port numbers to use for remote mirror...

Page 578: ...on of mirrored traffic adds a 54 byte header to each mirrored frame If a resulting frame exceeds the MTU Maximum Transmis sion Unit allowed in the network the frame is dropped Not e Mirroring does not truncate frames and oversized mirroring frames will be dropped Also remote mirroring does not allow downstream devices in a mirroring path to fragment mirrored frames Ifjumboframesareenabledonthemirr...

Page 579: ...guration on the source VLAN dictates an MTU of 1518 bytes for untagged frames and an MTU of 1522 for tagged frames regardless of the Jumbo configuration on any other VLANs on the switch Effect of Downstream VLAN Tagging on Untagged Mirrored Traffic In a remote mirroring application if mirrored traffic leaves the switch without 802 1QVLANtagging butisforwardedthroughadownstreamdevicethatadds 802 1Q...

Page 580: ... switch still mirrors the Telnet packets it receives on the interface and subsequently drops Mirroring and Spanning Tree Mirroring is done regardless of the spanning tree STP state of a port or trunk This means for example that inbound traffic on a port blocked by STP can still be monitored for STP protocol packets during the STP setup phase Tagged and Untagged Frames For a frame entering or leavi...

Page 581: ...terface This prevents duplicate mirrored frames in configurations where the port connecting the switch to the network path for mirroring to a destination is also a port whose inbound or outbound traffic is being mirrored For example if traffic leaving the switch through ports B5 B6 and B7 is being mirrored through port B7 to a network analyzer the mirrored frames from traffic on ports B5 and B6 wi...

Page 582: ...nterparts in the mirror endpoint command configured on the destination switch The configured exit port must not be a member of a trunk or mesh If the destination for mirrored traffic is on a different VLAN than the source routing must be correctly configured along the path from the source to the destination On the destination switch for a given mirroring session both the port on which the mirrored...

Page 583: ...cate LED on for a selected number of minutes default is 30 minutes off Turns the chassis Locate LED off ProCurve config chassislocate blink 1 1440 Blink the chassis locate led default 30 minutes off Turn the chassis locate led off on 1 1440 Turn the chassis locate led on default 30 minutes ProCurve config chassislocate Figure B 37 The chassislocate Command For redundant management systems if the a...

Page 584: ...Monitoring and Analyzing Switch Operation Locating a Device B 74 ...

Page 585: ...elated Problems C 14 Port Based Access Control 802 1X Related Problems C 14 QoS Related Problems C 17 Radius Related Problems C 17 Spanning Tree Protocol MSTP and Fast Uplink Problems C 18 SSH Related Problems C 19 TACACS Related Problems C 21 TimeP SNTP or Gateway Problems C 23 VLAN Related Problems C 23 Fan Failure C 25 Using the Event Log To Identify Problem Sources C 26 Menu Entering and Navig...

Page 586: ...cuting Ping or Link Tests C 47 CLI Ping or Link Tests C 48 DNS Resolver C 50 Terminology C 50 Basic Operation C 50 Configuring and Using DNS Resolution with Ping and Traceroute Commands C 52 Configuring a DNS Entry C 53 Example Using DNS Names with Ping and Traceroute C 53 Viewing the Current DNS Configuration C 56 Operating Notes C 56 Event Log Messages C 57 Displaying the Configuration File C 57...

Page 587: ...Troubleshooting Contents Clear Reset Resetting to the Factory Default Configuration C 64 Restoring a Flash Image C 65 C 3 ...

Page 588: ...ted by LED behavior cabling requirements and other potential hardware related problems refer to the Installation Guide you received with the switch Not e ProCurve periodically places switch software updates on the ProCurve Net working web site ProCurve recommends that you check this web site for software updates that may have fixed a problem you are experiencing For information on support and warr...

Page 589: ...ester to check your cables for compliance to the relevantIEEE802 3specification RefertotheInstallation Guideshipped with the switch for correct cable types and connector pin outs Use ProCurve Manager to help isolate problems and recommend solu tions Use the Port Utilization Graph and Alert Log in the web browser interface included in the switch to help isolate problems Refer to Chapter 5 Using the...

Page 590: ...agement Address Information also check the DHCP Bootp server configuration to verify correct IP addressing If you are using DHCP to acquire the IP address for the switch the IP address lease time may have expired so that the IP address has changed For more information on how to reserve an IP address refer to the documentation for the DHCP application that you are using If one or more IP Authorized...

Page 591: ...Enabled parameter in the System Information screen of the menu interface 2 Switch Configuration 1 System Information The switch may not have the correct IP address subnet mask or gateway Verify by connecting a console to the switch s Console port and selecting 2 Switch Configuration 5 IP Configuration Note If DHCP Bootp is used to configure the switch refer to the Note above If you are using DHCP ...

Page 592: ...y be occurring in the network These may be due to redundant links between nodes If you are configuring a port trunk finish configuring the ports in the trunk before connecting the related cables Otherwise you may inad vertently create a number of redundant links i e topology loops that will cause broadcast storms Turn on Spanning Tree Protocol to block redundant links i e topol ogy loops Check for...

Page 593: ...elybeginssendingrequestpacketsonthenetwork Iftheswitchdoes not receive a reply to its DHCP Bootp requests it continues to periodically sendrequestpackets butwith decreasing frequency Thus ifa DHCP or Bootp server is not available or accessible to the switch when DHCP Bootp is first configured the switch may not immediately receive the desired configuration After verifying that the server has becom...

Page 594: ...witches covered in this guide applies only to routed packets and packets having a destination IP address DA on the switch itself Also the switch applies assigned ACLs only at the point where traffic enters or leaves the switch on a VLAN Ensure that you have correctly applied your ACLs in and or out to the appropriate VLAN s The switch does not allow management access from a device on the same VLAN...

Page 595: ... with the deny action The switch does not allow any routed access from a specific host group of hosts or subnet The implicit deny any function that the switch automatically applies as the last entry in any ACL may be blocking all access by devices not specifically permitted by an entry in an ACL affecting those sources If you are using the ACL to block specific hosts a group of hosts or a subnet b...

Page 596: ...ks This can prevent the switch from sending ARP and other routing messages to the gateway router to support traffic from authorized remote networks In figure C 4 this ACE denies access to the 10 Net s 10 0 8 1 router gateway needed by the 20 Net Subnet mask is 255 255 255 0 Figure C 3 Example of ACE Blocking an Entire Subnet 30 Net IP 30 29 16 1 Deflt Gateway Router X 10 Net IP 10 0 8 1 8212zl 10 ...

Page 597: ...c 3 Deny any unauthorized traffic that you have not already denied in step 1 IGMP Related Problems IP Multicast IGMP Traffic That Is Directed By IGMP Does Not Reach IGMP Hosts or a Multicast Router Connected to a Port IGMP must be enabled on the switch and the affected port must be configured for Auto or Forward operation IP Multicast Traffic Floods Out All Ports IGMP Does Not Appear To Filter Tra...

Page 598: ...sable the port or disconnect it from the LAN Mesh Related Problems Traffic on a dynamic VLAN does not get through the switch mesh GVRP enables dynamic VLANs Ensure that all switches in the mesh have GVRP enabled Port Based Access Control 802 1X Related Problems To list the 802 1X port access Event Log messages stored on the switch use show log 802 See also Radius Related Problems on page C 17 The ...

Page 599: ...ration in the Access Security Guide for your switch The switch appears to be properly configured as a supplicant but cannot gain access to the intended authenticator port on the switch to which it is connected If aaa authentication port access is configured for Local ensure that you have entered the local login operator level username and password of the authenticator switch into the identity and ...

Page 600: ...figured in the switch Use show radius to verify that the encryption key RADIUS secret key the switch is using is correct for the server being contacted If the switch has only a global key configured then it either must match the server key or you must configure a server specific key If the switch already has a server specific key assigned to the server s IP address then it overrides the global key...

Page 601: ...ed If you are using RADIUS authentication and the RADIUS server specifies a VLAN for the port the switch allows authentication but blocks the port To eliminate this prob lem either remove the port from the trunk or reconfigure the RADIUS server to avoid specifying a VLAN QoS Related Problems Loss of communication when using VLAN tagged traffic If you cannot communicate with a device in a tagged VL...

Page 602: ...y has a server specific key assigned to the server s IP address then it overrides the global key and must match the server key Global RADIUS Encryption Key Unique RADIUS Encryption Key for the RADIUS server at 10 33 18 119 Figure C 7 Examples of Global and Unique Encryption Keys Spanning Tree Protocol MSTP and Fast Uplink Problems C a u t i o n If you enable MSTP it is recommended that you leave t...

Page 603: ... switch that is the MSTP root device Either the Hello Time or the Max Age setting or both is too long on one or more switches Return the Hello Time and Max Age settings to their default values 2 seconds and 20 seconds respectively on a switch A downlink port is connected to a switch that is further away in hop count from the root device than the switch port on which fast uplink MSTP is configured ...

Page 604: ...he last entry creates an error potential if you either add another key to the file at a later time or change the order of the keys in the file An attempt to copy a client public key file into the switch has failed and the switch lists one of the following messages Download failed overlength key in key file Download failed too many keys in key file Download failed one or more keys is not a valid RS...

Page 605: ...e memory to save the authentication configuration to flash then pressing the Reset button or cycling the power reboots the switch with the boot up configuration Disconnect the switch from network access to any TACACS servers and then log in to the switch using either Telnet or direct console port access Because the switch cannot access a TACACS server it will default to local authentication You ca...

Page 606: ...h a port that is not allowed for the account The time quota for the account has been exhausted The time credit for the account has expired The access attempt is outside of the time frame allowed for the account The allowed number of concurrent logins for the account has been exceeded For more help refer to the documentation provided with your TACACS server application Unknown Users Allowed to Logi...

Page 607: ...runtaggedVLANoperationonthe same VLAN as the traffic from the monitored ports the traffic output from the monitor port is untagged If the monitor port is not a member of the same VLAN as the traffic from the monitored ports traffic from the monitored ports does not go out the monitor port None of the devices assigned to one or more VLANs on an 802 1Q compliant switch are being recognized If multip...

Page 608: ...ring on different VLANs can appear where a device having one MAC address is a member of more than one 802 1Q VLAN and the switch porttowhichthedeviceislinkedisusingVLANs insteadofMSTPortrunking to establish redundant links to another switch If the other device sends traffic over multiple VLANs its MAC address will consistently appear in multiple VLANs on the switch port to which it is linked Note ...

Page 609: ...ontinual moves of MAC address A between ports VLAN 1 VLAN 2 Figure C 9 Example of Duplicate MAC Address Fan Failure When two or more fans fail a tow minute timer starts After two minutes the switch is powered down and must be rebooted to restart it This protects the switch from possible overheating ProCurve recommends that you replace a failed fan tray assembly within one minute of removing it C 2...

Page 610: ...on Date is the date in mm dd yy format that the entry was placed in the log Time is the time in hh mm ss format that the entry was placed in the log Event Number is the number assigned to the event This feature can be turned on with the log number command System Module is the internal module such as ports for port manager that generated the log entry If VLANs are configured then a VLAN name also a...

Page 611: ...h hardware bootp addressing Connection Rate filtering Console interface DHCP addressing file transfer Find Fix and Inform available in the console Event Log and web browser interface alert log GARP GVRP IP Multicast IP related Novell Netware Dynamic LACP trunks Load Balance Protocol meshing Link Layer Discovery Protocol MAC lockdown and MAC lockout Console management Protocol Independent multicast...

Page 612: ...0 chassis Slot B Inserted I 04 24 06 15 42 34 00071 chassis Power Supply OK Supply 1 Failures 0 Figure C 10 Example of an Event Log Display with Numbering Turned On The log status line at the bottom of the display identifies where in the sequence of event messages the display is currently positioned To display various portions of the Event Log either preceding or following the currently visible po...

Page 613: ... cycles r Displays log events in reverse order most recent first d i w p m Restricts output to events of equal or higher severity Only one option may be specified From lowest to highest severity d debug i informative w warning p performance m major The a r and substring options may be used in combination with one of the above substring Displays those events that match the specified string Log Mess...

Page 614: ... Lists all recorded log messages including those before the last reboot show logging r Lists all recorded log messages with the most recent entries listed first show logging a system Lists log messages with system in the text or module name show logging system Lists all log messages since the last reboot that have system in the text or module name CLI Clearing Event Log Entries The clear logging c...

Page 615: ...of that event If the logged event recurs during the log throttle period the switch increments the counter initiated by the first instance of the event but does not generate a new message If the logged event repeats again afterthelogthrottleperiod expires thentheswitch generates a duplicate of the first message increments the counter and starts a new log throttle period during which any additional ...

Page 616: ...e message with an updated counter and start a new log throttle period W 10 01 06 09 00 33 PIM No IP address configured on VID 100 1 W 10 01 06 09 28 42 PIM No IP address configured on VID 100 8 This message indicates the original instance of the event since the last switch reboot The duplicate of the original message is the first instance of the event since the previous log throttle period expired...

Page 617: ...le period for this event Four instances of the same Send error during the third log throttle period for this event In this case the duplicate message would appear three times in the Event Log once for each log throttle period for the event being described and the Duplicate Message Counter would increment as shown in table C 3 The same operation would apply for messages sent to any configured SNMP ...

Page 618: ...ng to an external file Optional Debug Commands all Assigns debug logging to the configured debug destination s for all ACL Event Log IP OSPF and IP RIP options acl Assigns ACL Syslog logging to the debug destination s When there is a match with a deny ACE directs the resulting message to the configured debug destination s arp protect Assigns dynamic ARP protection messages to the debug destination...

Page 619: ... Series 3400cl switches Series 2800 switches Series 2600 switches and the Switch 6108 software release H 07 30 or greater For the latest feature information on ProCurve switches visit the ProCurve Networkingwebsiteandcheckthelatestreleasenotesfortheswitchproducts you use Configure the switch to send Event Log messages to the current manage ment access session serial connect CLI Telnet CLI or SSH D...

Page 620: ...ax no debug debug type acl When a match occurs on an ACL deny Access Control Entry with log configured the switch sends an ACL message to the configured debug destination s For more on ACLs refer to the chapter titled Access Control Lists in the latest Access Security Guide for your switch Default Disabled all Configures the switch to send all debug types to the config ured debug destination s Def...

Page 621: ...ed des tinations lldp Enables all LLDP message types for the configured destina tions Syntax no debug debug type Continued ip ospf adj event flood lsa generation packet retransmission spf For the configured debug destination s ospf adj event flood lsa generation packet retransmission spf Enables the specified IP OSPF message type adj Adjacency changes event OSPF events flood Information on flood m...

Page 622: ... ignore Syslog mes sages with this severity level you should ensure that the Syslog servers you intend to receive debug messages are configured to accept the debug severity level For more information refer to Operating Notes for Debug and Sys log on page C 43 session Enables or disables transmission of event notification mes sages to the CLI session that most recently executed this command The ses...

Page 623: ... to the configured Syslog server s The ACL IP OSPF and or IP RIP message types will also be sent to the Syslog server s if they are currently enabled debug types Refer to Debug Types on page C 36 no logging removes all currently configured Syslog logging destinations from the switch nologging syslog ip address removes only the specified Syslog logging destination from the switch If you use the no ...

Page 624: ... Printer subsystem news Netnews subsystem uucp uucp subsystem cron cron at subsystem sys9 cron at subsystem sys10 sys14 Reserved for system use local10 local17 Reserved for system use For a listing of applicable ProCurve switches refer to the Note on page C 35 Viewing the Debug Configuration Syntax show debug This command displays the currently configured debug log ging destination s and type s Fo...

Page 625: ... the selected debug mes sage types to all such addresses c If you want Event Log messages sent to the Syslog server skip this step Otherwise use this command to block Event Log messages to the server ProCurve no debug event 2 If you do not want a CLI session for a destination skip this step Otherwise from the device to which you want the switch to send debug messages a Use a serial Telnet or SSH c...

Page 626: ...onfiguring Basic Syslog Operation Note that after you enable Syslog logging if you do not want Event Log messages sent to the Syslog server s you can block such messages by executing no debug event This has no effect on standard logging of messages in the switch s Event Log Example Suppose that you want to Configure Syslog logging of ACL and IP OSPF packet messages on a Syslog server at 18 38 64 1...

Page 627: ...g Configuration for Multiple Types and Destinations Operating Notes for Debug and Syslog Rebooting the Switch or pressing the Reset button resets the Debug Configuration Debug Option Effect of a Reboot or Reset logging destination If any Syslog server IP addresses are in the startup config file they are saved across a reboot and the logging destination option remains enabled Otherwise the logging ...

Page 628: ...configure session and or logging as well as to the Event Log Ensure that your Syslog server s will accept Debug messages All Syslog messages resulting from debug operation carry a debug severity If you configure the switch to transmit debug messages to a Syslog server ensure that the server s Syslog application is configured to accept the debug severity level The default configuration for some Sys...

Page 629: ...st common reason is a failure of port auto negotiation between the connecting ports If a link LED fails to light when you connect the switch to a port on another device do the following 1 Ensure that the switch port and the port on the attached end node are both set to Auto mode 2 If the attached end node does not have an Auto mode setting then you must manually configure the switch port to the sa...

Page 630: ...ets ICMP Echo Requests To use the ping or traceroute command with host names or fully qualified domain names refer to DNS Resolver on page C 50 Link Test This is a test of the connection between the switch and a desig nated network device on the same LAN or VLAN if configured During the link test IEEE 802 2 test packets are sent to the designated network device in the same VLAN or broadcast domain...

Page 631: ...n the Web Browser Interface Successes indicates the number of Ping or Link packets that successfully completed the most recent test Failures indicates the number of Ping or Link packets that were unsuccessful in the last test Failures indicate connectivity or network performance prob lems such as overloaded links or devices DestinationIP MACAddress is the network address of the target or destinati...

Page 632: ...ick on the Defaults button CLI Ping or Link Tests Ping Tests You can issue single or multiple ping tests with varying repeti tions and timeout periods The defaults and ranges are Repetitions 1 1 999 Timeout 5 seconds 1 256 seconds Syntax ping ip address repetitions 1 999 timeout 1 256 Ping with Repetitions and Timeout Basic Ping Operation Ping Failure Ping with Repetitions Figure C 17 Examples of ...

Page 633: ...ds The defaults are Repetitions 1 1 999 Timeout 5 seconds 1 256 seconds Syntax link mac address repetitions 1 999 timeout 1 256 vlan vlan id Basic Link Test Link Test with Repetitions Link Test with Repetitions and Timeout Link Test Over a Specific VLAN Link Test Over a Specific VLAN Test Fail Figure C 18 Example of Link Tests C 49 ...

Page 634: ...solution of this name is 10 10 10 101 Host Name The unique leftmost label in a domain name assigned to a specific IP address in a DNS server configuration This enables the server to distinguish a device using that IP address from other devices in the same domain For example in the evergreen trees org domain if an IP address of 10 10 100 27 is assigned a host name of accounts015 and another IP addr...

Page 635: ... 28 229 220 is alive time 1 ms Desired Host Ping Response Figure C 19 Example of Using Either a Host Name or a Fully Qualified Domain Name In the proceeding example if the DNS server s IP address is configured on the switch but a domain suffix is not configured then the fully qualified domain name must be used Note that if the target host is in a domain other than the domain configured on the swit...

Page 636: ...onfiguring and Using DNS Resolution with Ping and Traceroute Commands 1 Determine the following a the IP address for a DNS server operating in a domain in your network b the domain name for an accessible domain in which there are hosts you want to reach with ping and or traceroute commands This is the domain suffix in the fully qualified domain name for a given host operating in the selected domai...

Page 637: ...e host name entered with the ping or traceroute command When the domain suffix and the DNS server IP address are both configured on the switch you can execute ping and traceroute with only the host name of the desired target within the domain In either of the following two instances you must manually provide the domain identifica tion by using a fully qualified DNS name with each ping and tracerou...

Page 638: ...he domain To summarize Entity Identity DNS Server IP Address 10 28 229 10 Domain Name and Domain Suffix for Hosts in pubs outdoors com the Domain Host Name Assigned to 10 28 229 219 by the docservr DNS Server Fully Qualified Domain Name for the IP address docservr pubs outdoors com Used By the Document Server 10 28 229 219 Switch IP Address 10 28 192 1 Document Server IP Address 10 28 229 219 With...

Page 639: ... if the DNS entry config ured in the switch includes only the DNS server s IP address you must use the target host s fully qualified domain name with ping and traceroute For example using the document server in figureC 21 as a target ProCurve ping docservr pubs outdoors com 10 28 229 219 is alive time 1 ms ProCurve traceroute docservr pubs outdoors com traceroute to 10 28 229 219 1 hop min 30 hops...

Page 640: ...ample of Viewing the Current DNS Configuration Operating Notes The DNS server must be accessible to the switch but it is not neces sary for any intermediate devices between the switch and the DNS server to be configured to support DNS operation A DNS configuration must include the IP address for a DNS server that is able to resolve host names for the desired domain If a DNS server has limited know...

Page 641: ...ailed to respond or is unreachable An incorrect server IP address can produce this result Unknown host host name The host name did not resolve to an IP address Some reasons for this occurring include The host name was not found The named domain was not found The domain suffix was expected but has not been configured If the server s IP address has been configured in the switch but the domain name h...

Page 642: ...he show tech command outputs in a single listing switch operating and running configuration details from several internal switch sources including Image stamp software version data Running configuration Event Log listing Boot History Port settings Status and counters port status IP routes Status and counters VLAN information GVRP support Load balancing trunk and LACP Syntax show tech Executing sho...

Page 643: ...lick on Transfer Capture Text Figure C 26 The Capture Text window of the Hyperterminal Application 2 In the File field enter the path and file name under which you want to store the show tech output Figure C 27 Example of a Path and Filename for Creating a Text File from show tech Output 3 Click Start to create and open the text file 4 Execute show tech ProCurve show tech a Each time the resulting...

Page 644: ...lpful in troubleshooting operating problems with the switch For more on the CLI refer to chapter 4 Using the Command Line Interface CLI Syntax show version Shows the software version currently running on the switch and the flash image from which the switch booted primary or secondary show boot history Displays the switch shutdown history show history Displays the current command history no page To...

Page 645: ...ludes only the hops at and above the minttl threshold The hops below the threshold are not listed If minttl matches the actual number of hops only that hop is shown in the output If minttl is less than the actual number of hops then all hops are listed For any instance of tracer oute if you want a minttl value other than the default you must specify that value Default 1 maxttl 1 255 For the curren...

Page 646: ... hops with the time taken for the switch to receive acknowledgement of eachprobereachingeach router Destination IP Address Figure C 28 Example of a Completed Traceroute Enquiry Continuing from the previous example figure C 28 above executing traceroute with an insufficient maxttl for the actual hop count produces an output similar to this Traceroute does not reach destination IP address because of...

Page 647: ...y timeouts for all probes beyond the last detected hop For example with a maximum hop count of 7 maxttl 7 where the route becomes blocked or otherwise fails the output appears similar to this At hop 3 the first and third probes timed out but the second probe reached the router All further probes within the maxttl timed out without finding a router or the destination IP address An asterisk indicate...

Page 648: ...factory default configuration You can also save your configuration via Xmodem to a directly connected PC CLI Resetting to the Factory Default Configuration This command operates at any level except the Operator level Syntax erase startup configuration Deletes the startup config file in flash so that the switch will reboot with its factory default configuration Not e The erase startup config comman...

Page 649: ...ility such as the Hyper Terminal program included in Windows PC software A copy of a good OS image file for the switch Not e The following procedure requires the use of Xmodem and copies an OS image into primary flash only This procedure assumes you are using HyperTerminal as your terminal emu lator If you use a different terminal emulator you may need to adapt this procedure to the operation of y...

Page 650: ... Change the baud rate to 115200 v Click on OK In the next window click on OK again vi Select Call Connect vii Press Enter one or more times to display the prompt 5 Start the Console Download utility by typing do at the prompt and pressing Enter do 6 You will then see this prompt 7 At the above prompt a Type y for Yes b Select Transfer File in HyperTerminal c Enter the appropriate filename and path...

Page 651: ...ash Image Figure C 31 Example of Xmodem Download in Progress 8 When the download completes the switch reboots from primary flash using the OS image you downloaded in the preceding steps plus the most recent startup config file C 67 ...

Page 652: ...Troubleshooting Restoring a Flash Image C 68 ...

Page 653: ...ss Management Contents Overview D 2 Determining MAC Addresses D 3 Menu Viewing the Switch s MAC Addresses D 4 CLI Viewing the Port and VLAN MAC Addresses D 5 Viewing the MAC Addresses of Connected Devices D 7 D 1 ...

Page 654: ...overed in this guide use the same MAC address For internal switch operations One MAC address per port Refer to CLI Viewing the Port and VLAN MAC Addresses on page D 5 MAC addresses are assigned at the factory The switch automatically implements these addresses for VLANs and ports as they are added to the switch Not e The switch s base MAC address is also printed on a label affixed to the switch D ...

Page 655: ... interface to view the switch s base MAC address and the MAC address assigned to any VLAN you have configured on the switch The same MAC address is assigned to VLAN1 and all other VLANs configured on the switch Not e The switch s base MAC address is used for the default VLAN VID 1 that is always available on the switch This is true for dynamic VLANs as well the base MAC address is the same across ...

Page 656: ...s been changed by using the VLAN Names screen On the switches covered in this guide the VID VLAN identification number for the default VLAN is always 1 and cannot be changed To View the MAC Address and IP Address assignments for VLANs Configured on the Switch 1 From the Main Menu Select 1 Status and Counters 2 Switch Management Address Information If the switch has only the default VLAN the follow...

Page 657: ...d so on All Models The switch s base MAC address is assigned to VLAN VID 1 and appearsinthewalkmiblistingaftertheMACaddressesfortheports All VLANs in the switch have the same MAC address To display the switch s MAC addresses use the walkmib command at the command prompt Not e This procedure displays the MAC addresses for all ports and existing VLANs in the switch regardless of which VLAN you selec...

Page 658: ...ID 1 ifPhysAddress 50 00 12 79 88 b1 ce ifPhysAddress 51 00 12 79 88 b1 cd ifPhysAddress 52 00 12 79 88 b1 cc ifPhysAddress 53 00 12 79 88 b1 cb ifPhysAddress 54 00 12 79 88 b1 ca ifPhysAddress 55 00 12 79 88 b1 c9 ifPhysAddress 56 00 12 79 88 b1 c8 ifPhysAddress 57 00 12 79 88 b1 c7 ifPhysAddress 58 00 12 79 88 b1 c6 ifPhysAddress 59 00 12 79 88 b1 c5 ifPhysAddress 60 00 12 79 88 b1 c4 ifPhysAddr...

Page 659: ...tch has detected on the specified port s mac addr Lists the port on which the switch detects the specified MAC address Returns the following message if the specified MAC address is not detected on any port in the switch MAC address mac addr not found vlan vid Lists the MAC addresses of the devices the switch has detected on ports belonging to the specified VLAN along with the number of the specifi...

Page 660: ...MAC Address Management Viewing the MAC Addresses of Connected Devices D 8 ...

Page 661: ...E Monitoring Resources Contents Viewing Information on Resource Usage E 2 Policy Enforcement Engine E 2 Displaying Current Resource Usage E 3 When Insufficient Resources Are Available E 5 E 1 ...

Page 662: ...ages quality of service and ACL policies as well as other software fea tures using the rules that you configure Resource usage in the Policy Enforce ment engine is based on how these features are configured on the switch Resource usage by dynamic port ACLs and virus throttling is determined as follows Dynamic port ACLs configured by a RADIUS server with or without the optional IDM application for ...

Page 663: ...age To display current resource usage in the switch enter the show resources command Syntax show qos access list resources Displays the resource usage of the Policy Enforcement Engine on the switch by software feature For each type of resource the amount still available and the amount used by each software feature is shown Theqos and access listparameters display the same command output The show r...

Page 664: ...nd 25 48 and on slot A The IDM column shows the rules used for RADIUS based authentication with or without the IDM option ProCurve show access list resources Resource usage in Policy Enforcement Engine Rules Rules Used Ports Available ACL QoS IDM VT ICMP Other 1 24 3014 15 6 0 1 5 3 25 48 3005 15 6 10 1 4 3 A 3017 15 6 0 1 2 3 Application Application Port Ranges Port Ranges Used Ports Available AC...

Page 665: ...erates an event log notice to say that current resources are fully subscribed Currently engaged resources must be released before any of the following actions are supported Configuration of new entries for QoS ACLs virus throttling ICMP rate limiting Management VLAN DHCP snooping dynamic ARP pro tection and remote mirroring endpoint features Acceptance of new RADIUS based client authentication req...

Page 666: ...Monitoring Resources When Insufficient Resources Are Available E 6 ...

Page 667: ...utomatically adjust the system clock for DaylightSavingsTime DST changes Tousethisfeatureyoudefinethemonth and date to begin and to end the change from standard time In addition to the value none no time changes there are five pre defined settings named Alaska Canada and Continental US Middle Europe and Portugal Southern Hemisphere Western Europe The pre defined settings follow these rules Alaska ...

Page 668: ...Europe Begin DST at 2am the first Sunday on or after March 23rd End DST at 2am the first Sunday on or after October 23rd A sixth option named User defined allows you to customize the DST config uration by entering the beginning month and date plus the ending month and date for the time change The menu interface screen looks like this all month date entries are at their default values Select User d...

Page 669: ...he configured day is a Sunday the time changes at 2am on that day If the configured day is not a Sunday the time changes at 2am on the first Sunday after the configured day This is true for both the Beginning day and the Ending day With that algorithm one should use the value 1 to represent first Sunday of the month and a value equal to number of days in the month minus 6 to represent last Sunday ...

Page 670: ...Daylight Savings Time on ProCurve Switches F 4 ...

Page 671: ...14 3 auto MDI MDI X configuration display 10 16 auto MDI MDI X operation 10 15 10 16 auto MDI MDI X port mode display 10 16 Auto 10 12 4 12 7 12 18 autonegotiate 14 53 auto tftp A 8 downloading image A 8 redundant management A 8 B bandwidth displaying port utilization 10 9 displaying utilization 5 17 guaranteed minimum See guaranteed minimum bandwidth banner configuring 2 11 non default 2 10 opera...

Page 672: ...configuration file browsing for troubleshooting C 57 multiple configuration file multiple after first reboot 6 30 applications 6 27 asterisk 6 31 backupConfig 6 28 change policy 6 32 Clear Reset button combination 6 38 copy from tftp host 6 40 copy to tftp host 6 39 create new file 6 29 6 35 6 36 current file in use 6 31 default reboot from primary 6 33 erasing 6 36 memory assignments 6 30 memory ...

Page 673: ...ce 8 12 DHCP snooping resource usage E 2 DHCP Bootp differences 8 13 DHCP Bootp process 8 12 DHCP Bootp LLDP 14 49 diagnostics tools C 45 browsing the configuration file C 57 ping and link tests C 45 displaying duplex information 14 68 DNS configuration C 52 C 54 configuration error C 57 configuration viewing C 56 domain name fully qualified C 50 C 51 C 55 domain suffix C 50 domain name configurat...

Page 674: ...e limiting 13 8 13 14 flow control status B 12 flow control terminal 7 3 flow sampling 14 4 format date C 26 format time C 26 friendly port names See port names friendly G gateway 8 3 8 5 8 12 routing fails C 12 gateway IP address 8 4 8 6 gateway manual config priority 8 12 gateway on primary VLAN 8 4 giant frames 13 34 global config level 8 10 GMB See guaranteed minimum bandwidth guaranteed minim...

Page 675: ...ilable with and without 8 11 gateway 8 3 gateway IP address 8 4 menu access 8 5 multiple addresses in VLAN 8 3 8 8 subnet 8 3 8 8 subnet mask 8 2 8 6 time server address 9 9 9 19 Time To Live 8 7 8 10 TTL 8 7 8 10 using for web browser interface 5 4 web access 8 10 IP address for SNMP management 14 3 loopback interface configuration 8 16 multiple in a VLAN 8 8 removing or replacing 8 10 IP preserv...

Page 676: ...data 14 50 advertisements delay interval 14 45 CDP neighbor data 14 75 chassis ID 14 49 chassis type 14 49 clear statistics counters 14 71 comparison with CDP data fields 14 76 configuration options 14 37 configuring optional data 14 50 data options 14 38 data read options 14 39 data unit 14 35 debug logging 14 39 default configuration 14 41 DHCP Bootp operation 14 40 disable per port 14 48 displa...

Page 677: ...mit receive modes per port 14 48 trap notice interval 14 48 trap notification 14 47 trap receiver data change notice 14 47 TTL 14 37 14 39 txonly 14 48 VLAN untagged 14 74 walkmib 14 39 LLDPDU 14 35 LLDP MED displaying speed 14 68 ELIN 14 62 enable or disable 14 37 endpoint support 14 53 fast start control 14 57 location data 14 61 medTlvenable 14 59 Neighbors MIB 14 69 topology change notificatio...

Page 678: ...ted traffic B 30 dropped traffic B 30 dropped traffic mirrored B 70 duplicate frames IGMP B 71 effect of STP state B 70 encapsulation B 31 encryption B 71 endpoint B 36 endpoint configuration B 42 B 58 endpoint switch B 30 example configuration B 62 B 63 B 66 exit configuration B 58 exit interface B 30 exit port caution B 26 exit port example B 64 B 66 exit port host connection B 26 exit port loca...

Page 679: ...58 B 59 UDP port B 56 B 58 B 59 B 66 UDP source address B 58 B 59 update from pre K 12 xx B 30 VLAN B 29 B 33 VLAN rule example B 64 B 66 VLAN rule exit port B 41 B 43 B 72 VLAN tag frame size B 69 VLAN tagging B 70 VLAN rule exit port B 25 B 26 Web interface B 29 Web limits B 31 mirroring entry port B 25 MLTS 14 35 monitoring links between ports 10 24 monitoring traffic See mirroring MPS defined ...

Page 680: ...11 3 power supply failure 11 26 power provisioning 11 5 prioritizing power 11 10 priority class 11 4 11 11 priority class defined 11 4 priority policies 11 24 priority port 11 8 11 10 PSE defined 11 4 QoS classifiers 11 24 related publications 11 6 RPS defined 11 4 security 11 23 setmib 11 17 11 18 status 14 57 status on specific ports 11 21 supporting pre standard devices 11 15 terminology 11 4 t...

Page 681: ...l 12 8 static trunk 12 7 static trunk overview 12 4 static dynamic limit 12 19 STP 12 8 STP operation 12 7 traffic distribution 12 7 Trk1 12 7 trunk non protocol option 12 6 trunk option described 12 25 types 12 6 UDLD configuration 10 25 VLAN 12 8 VLAN operation 12 7 web browser access 12 17 port trunk group interface access 12 1 port active 14 34 port based access control event log C 14 LACP not...

Page 682: ...ve module 15 9 setting default flash for boot 15 31 show flash 15 24 show log 15 26 show module 15 23 show redundancy 15 5 15 24 show version 15 25 software version mismatch 15 16 15 18 using Web Browser 15 36 redundancy active management 15 9 redundancy switchover 15 8 reload 6 4 6 20 15 32 remote intelligent mirroring See mirroring Remote mirroring resource usage E 2 remote session terminate 7 8...

Page 683: ...ow redundancy 15 24 show tech C 58 show version 15 25 slow network C 8 SNMP 14 3 CLI commands 14 13 communities 14 4 14 5 14 13 14 14 Communities screen 14 11 configure 14 4 14 5 IP 14 3 mirroring B 30 notification LLDP SNMP notification 14 38 public community 14 5 14 13 setmib 11 17 thresholds 14 19 traps 10 25 14 4 14 19 link change 14 23 traps well known 14 19 walkmib D 5 D 6 snmp informs 14 27...

Page 684: ...ing default URL 5 13 URL 5 12 URL Window 5 12 switch console See console switch setup menu 3 8 switch software copy from a USB device A 18 download using TFTP A 4 download failure indication A 7 download switch to switch A 21 download troubleshooting A 6 download using TFTP A 4 software image A 3 version A 6 A 17 switchover 15 13 Syslog configure server IP C 36 configuring messaging C 40 facility ...

Page 685: ...authentication trap 14 23 CLI access 14 20 event levels 14 22 limit 14 20 receiver 14 19 SNMP 14 20 trap notification 14 47 trap receiver 14 4 14 5 configuring 14 19 14 21 troubleshooting ACL C 9 approaches C 5 browsing the configuration file C 57 console access problems C 6 diagnosing unusual network activity C 8 diagnostics tools C 45 DNS See DNS fast uplink C 18 ping and link tests C 45 resourc...

Page 686: ...lization port 5 17 10 9 version OS A 21 version switch software A 6 A 17 view duplex 10 7 port speed 10 7 transceiver status 10 9 virtual interface See loopback interface virus throttling E 2 virus throttling See connection rate filtering VLAN 8 4 C 24 address 14 3 Bootp 8 13 configuring Bootp 8 13 configuring UDLD for tagged ports 10 27 device not seen C 23 event log entries C 26 ID 4 15 link blo...

Page 687: ...tatus displays 5 17 screen elements 5 16 security 5 2 5 8 standalone 5 4 status bar 5 22 status indicators 5 23 status overview screen 5 6 system requirements 5 4 troubleshooting access problems C 6 URL default 5 13 URL management server 5 14 URL support 5 14 Web Browser with redundancy 15 36 web site HP 14 4 world wide web site HP SeeProcurve write access 14 13 write memory redundant management 6...

Page 688: ...18 Index ...

Page 689: ......

Page 690: ...to change without notice Copyright 2007 Hewlett Packard Development Company L P Reproduction adaptation or translation without prior written permission is prohibited except as allowed under the copyright laws September 2007 Manual Part Number 5991 8583 ...

Search results

Summary of Contents for ProCurve 1600M

Reviews:

Brands by name

Popular brands

HP ProCurve 1600M, Management And Configuration Manual

Search results

Summary of Contents for ProCurve 1600M

Reviews:

Brands by name

Popular brands