ProCurve 3500yl Series Management And Configuration Manual Download Page 560 | Manualshive

Page: 560 / 732

ProCurve 3500yl Series Management And Configuration Manual Download Page 560

B-30

Monitoring and Analyzing Switch Operation

Traffic Mirroring

■

MAC addresses:

Enables mirroring on traffic selected according to a

specified source and/or destination MAC address in packet headers.

Criteria for Selecting Traffic To Mirror

On the traffic sources listed above, you can use the following criteria to select
traffic to mirror:

■

direction of traffic movement (entering or leaving the switch, or both)

■

type of IP traffic entering the switch, as defined by an ACL (Access Control
List)

■

source, destination, or both source and destination MAC addresses in
packet headers

Mirrored Traffic Operation and Options

Switches running software release K.12.xx or greater support the following:

■

four mirroring destinations configured to correspond to local mirroring
source sessions

■

32 mirroring destinations configured to correspond to remote mirroring
source sessions

■

four local or remote mirroring source sessions

Mirroring Sessions

A mirroring source can be a port or static-trunk list, mesh, VLAN, or MAC
address. A mirroring source and a mirroring destination comprise a given
mirroring session. For any session, the destination must be a single (exit) port.
(It cannot be a trunk, VLAN, or mesh.) Multiple mirroring sessions can be
mapped to the same exit port, which provides flexibility in distributing hosts
such as traffic analyzers or an IDS. On the mirroring destination switch, the
port through which the mirrored traffic for a given session enters the switch
and the exit port for that same session must belong to the same VLAN. (Refer
to “2. Configure the Remote Mirroring Session on Destination Switch” on page
B-44.)

Each of the four mirroring sessions supported at a mirroring source can have
either the same or a different destination. Destination options include an exit
port on the source (local) switch and/or on one remote ProCurve switch
configured to support remote mirroring. This offers the following benefits:

■

Mirrored traffic belonging to each session can be directed to the same
destination or to different destinations.

3500-5400-6200-8200-MCG-Jan08-K_13_01.book Page 30 Monday, January 28, 2008 10:04 AM

«
...
558
559
560
561
562
...
»

Summary of Contents for 3500yl Series

Page 1: ...Management and Configuration Guide www procurve com ProCurve Switches K 13 01 8200zl 6200yl 5400zl 3500yl...

Page 2: ......

Page 3: ...3500yl Switches Series 5400zl Switches 6200yl Switch Series 8200zl Switches Management and Configuration Guide January 2008 K 13 01 3500 5400 6200 8200 MCG Jan08 K_13_01 book Page i Monday January 28...

Page 4: ...t to change without notice HEWLETT PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A P...

Page 5: ...3 Configuration and Operation Examples 1 3 Keys 1 3 Sources for More Information 1 4 Getting Documentation From the Web 1 6 Online Help 1 6 Menu Interface 1 6 Command Line Interface 1 7 Web Browser I...

Page 6: ...rowser Access 2 9 Configuring and Displaying a Non Default Banner 2 10 Example of Configuring and Displaying a Banner 2 11 Operating Notes 2 13 3 Using the Menu Interface Contents 3 1 Overview 3 2 Sta...

Page 7: ...b Browser Interface Session with the Switch 5 4 Using a Standalone Web Browser in a PC or UNIX Workstation 5 4 Using ProCurve Manager PCM or ProCurve Manager Plus PCM 5 5 Tasks for Your First ProCurve...

Page 8: ...Menu Implementing Configuration Changes 6 10 Using Save and Cancel in the Menu Interface 6 10 Rebooting from the Menu Interface 6 11 Web Implementing Configuration Changes 6 13 Using Primary and Seco...

Page 9: ...erver 6 38 TFTP Copying a Configuration File to a Remote Host 6 38 TFTP Copying a Configuration File from a Remote Host 6 39 Xmodem Copying a Configuration File to a Serially Connected Host 6 39 Xmode...

Page 10: ...Displaying Loopback Interface Configurations 8 18 IP Preserve Retaining VLAN 1 IP Addressing Across Configuration File Downloads 8 20 Operating Rules for IP Preserve 8 20 Enabling IP Preserve 8 21 9...

Page 11: ...g Port Parameters 10 2 Menu Port Configuration 10 5 CLI Viewing Port Status and Configuring Port Parameters 10 7 Viewing Port Status and Configuration 10 7 Viewing Port Utilization Statistics 10 9 Vie...

Page 12: ...ining the Amount of PoE Power Available 11 10 Power Priority Operation 11 10 When Is Power Allocation Prioritized 11 10 How Is Power Allocation Prioritized 11 11 PoE Priority With Two or More Modules...

Page 13: ...tional PoE Event Log Messages 11 37 Warning PoE Event Log Messages 11 38 12 Port Trunking Contents 12 1 Overview 12 2 Port Trunk Features and Operation 12 4 Trunk Configuration Methods 12 4 Menu Viewi...

Page 14: ...MP Rate Limiting 13 15 ICMP Rate Limiting Trap and Event Log Messages 13 17 Guaranteed Minimum Bandwidth GMB 13 19 Introduction 13 19 Terminology 13 19 GMB Operation 13 19 Impacts of QoS Queue Configu...

Page 15: ...evels 14 11 SNMPv3 Communities 14 11 Menu Viewing and Configuring non SNMP version 3 Communities 14 13 CLI Viewing and Configuring SNMP Community Names 14 15 SNMP Notifications 14 17 Supported Notific...

Page 16: ...ring Per Port Transmit and Receive Modes 14 52 Configuring Basic LLDP Per Port Advertisement Content 14 53 Configuring Support for Port Speed and Duplex Advertisements 14 55 LLDP MED Media Endpoint Di...

Page 17: ...t Modules 15 15 Hotswapping Out the Active Management Module 15 15 When the Standby Module is not Available 15 16 Hotswapping In a Management Module 15 16 Software Version Mismatch Between Active and...

Page 18: ...Browser for Redundant Management 15 36 Identity Page 15 36 Overview Page 15 37 Redundancy Status Page 15 37 Device View Page 15 38 Management Module LED Behavior 15 40 Active Actv LED Behavior 15 40 S...

Page 19: ...Switch Download A 20 Menu Switch to Switch Download to Primary Flash A 20 CLI Switch To Switch Downloads A 21 Using PCM to Update Switch Software A 22 Copying Software Images A 23 TFTP Copying a Soft...

Page 20: ...sing USB Autorun A 37 How It Works A 37 Security Considerations A 38 Troubleshooting Autorun Operations A 39 Configuring Autorun on the Switch A 40 Enabling Secure Mode A 40 Operating Notes and Restri...

Page 21: ...erface Status Information B 25 Traffic Mirroring B 26 Terminology B 27 Mirrored Traffic Destinations B 29 Local Destinations B 29 Remote Destinations B 29 Mirrored Traffic Sources B 29 Criteria for Se...

Page 22: ...ry B 61 Displaying the Remote Endpoint Configuration B 63 Displaying a Mirroring Session Configuration on a Source Switch B 64 Viewing Mirroring in the Current Configuration File B 67 Mirroring Config...

Page 23: ...g the Event Log for Troubleshooting Switch Problems C 27 Event Log Entries C 27 Menu Displaying and Navigating in the Event Log C 35 CLI Displaying the Event Log C 36 CLI Clearing Event Log Entries C...

Page 24: ...solution with DNS Compatible Commands C 66 Configuring a DNS Entry C 67 Example Using DNS Names with Ping and Traceroute C 68 Viewing the Current DNS Configuration C 70 Operating Notes C 71 Event Log...

Page 25: ...of Connected Devices D 7 E Monitoring Resources Contents E 1 Viewing Information on Resource Usage E 2 Policy Enforcement Engine E 2 Displaying Current Resource Usage E 3 When Insufficient Resources A...

Page 26: ...xxiv 3500 5400 6200 8200 MCG Jan08 K_13_01 book Page xxiv Monday January 28 2008 10 04 AM...

Page 27: ...elow is available in PDF format on the ProCurve Web site as described in the Note at the top of this page Management and Configuration Guide Describes how to configure manage and monitor basic switch...

Page 28: ...Premium License and installing it on the Intelligent Edge version of these switches These features are automatically included on the ProCurve 6200yl and 8200zl switches Intelligent Edge Software Feat...

Page 29: ...DHCP Option 82 X DHCP Snooping X DHCP Bootp Operation X Diagnostic Tools X Downloading Software X Dynamic ARP Protection X Dynamic Configuration Arbiter X Eavesdrop Protection X Event Log X Factory De...

Page 30: ...ased Authentication X Management VLAN X Meshing X Monitoring and Analysis X Multicast Filtering X Multiple Configuration Files X Network Management Applications SNMP X OpenView Device Management X Pas...

Page 31: ...Configuration X Rate Limiting X RIP X RMON 1 2 3 9 X Routing X Routing IP Static X Secure Copy X sFlow X SFTP X SNMPv3 X Software Downloads SCP SFTP TFPT Xmodem X Source Port Filters X Spanning Tree...

Page 32: ...Link Detection UDLD X UDP Forwarder X USB Device Support X Virus Throttling Connection Rate Filtering X VLANs X VLAN Mirroring 1 static VLAN X Voice VLAN X Web Authentication RADIUS Support X Web base...

Page 33: ...Keys 1 3 Sources for More Information 1 4 Getting Documentation From the Web 1 6 Online Help 1 6 Menu Interface 1 6 Command Line Interface 1 7 Web Browser Interface 1 7 Need Only a Quick Start 1 8 IP...

Page 34: ...x and displayed information Command Syntax Statements Syntax ip default gateway ip addr routing Syntax show interfaces port list Vertical bars separate alternative mutually exclusive elements Square b...

Page 35: ...a Simulated Screen In some cases brief command output sequences appear without figure iden tification For example ProCurve config clear public key ProCurve config show ip client public key show_client...

Page 36: ...ed in current and previous releases Product Notes and Software Update Information The printed Read Me First shipped with your switch provides software update information product notes and other inform...

Page 37: ...for information on topics such as Local username and password security Web Based and MAC based authentication RADIUS and TACACS authentication SSH Secure Shell and SSL Secure Socket Layer operation 80...

Page 38: ...on the product for which you want to view or download a manual If you need further information on ProCurve switch technology visit the ProCurve Networking web site at www procurve com Online Help Men...

Page 39: ...online Help You can access the Help by clicking on the question mark button in the upper right corner of any of the web browser interface screens Figure 1 4 Button for Web Browser Interface Online He...

Page 40: ...uide you received with the switch To Set Up and Install the Switch in Your Network Physical Installation Use the ProCurve Installation and Getting Started Guide shipped with the switch for the followi...

Page 41: ...of Using the Web Browser Interface 2 5 Advantages of Using ProCurve Manager or ProCurve Manager Plus 2 7 Custom Login Banners for the Console and Web Browser Interfaces 2 9 Banner Operation with Teln...

Page 42: ...r 2 5 ProCurve Manager PCM a windows based network management solution included in box with all manageable ProCurve devices Features include automatic device discovery network status summary topology...

Page 43: ...a menu driven subset of switch configuration and performance features The menu interface also provides access for Offers out of band access through the RS 232 connection to the switch so network bott...

Page 44: ...ess through the RS 232 connection or Telnet in band access Enables quick detailed system configuration and management access to system operators and administrators experienced in command prompt interf...

Page 45: ...pendix B For information on individual CLI commands refer to the Index or to the online Help provided in the CLI interface Advantages of Using the Web Browser Interface Figure 2 3 Example of the Web B...

Page 46: ...een so you can view all values at once More visual cues using colors status bars device icons and other graphical objects instead of relying solely on alphanumeric values Display of acceptable ranges...

Page 47: ...r Plus PCM and PCM from a PC on the network to monitor traffic manage your hubs and switches and proactively recommend network changes to increase network uptime and optimize performance Easy to insta...

Page 48: ...vels physical view subnet view or VLAN view Device Management Many device focused tasks can be performed directly by the software or the user can access web browser and command line interfaces with th...

Page 49: ...anner displays product registration information the copyright splash is no longer displayed If a banner is configured the banner page is displayed when you access the Web user interface The default pr...

Page 50: ...the current banner status Syntax banner motd delimiter no banner motd This command defines the single character used to termi nate the banner text and enables banner text input You can use any charact...

Page 51: ...the Enter key to create line breaks blank spaces for line centering and the symbol to terminate the banner message Figure 2 5 Example of Configuring a Login Banner To view the current banner configur...

Page 52: ...time someone logs onto the switch s management CLI the following appears Figure 2 8 Example of CLI Result of the Login Banner Configuration Shows the current banner configuration The login screen disp...

Page 53: ...configuration The switch supports one banner at any time Configuring a new banner replaces any former banner configured on the switch If the switch is configured with ssh version 1 or ssh version 1 or...

Page 54: ...2 14 Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus 3500 5400 6200 8200 MCG Jan08 K_13_01 book Page 14 Monday January 28 2008 10 04 AM...

Page 55: ...a Menu Interface Session 3 4 How To End a Menu Session and Exit from the Console 3 5 Main Menu Features 3 7 Screen Structure and Navigation 3 9 Rebooting the Switch 3 12 Menu Features List 3 14 Where...

Page 56: ...page 3 14 Privilege Levels and Password Security ProCurve strongly recom mends that you configure a Manager password to help prevent unauthorized access to your network A Manager password grants full...

Page 57: ...nterface overwrites earlier changes made through any other interface The Menu Interface and the CLI Command Line Interface both use the switch console To enter the menu from the CLI use the menu comma...

Page 58: ...r more times until a prompt appears 3 When the switch screen appears do one of the following If a password has been configured the password prompt appears Password _ Type the Manager password and pres...

Page 59: ...allation and Getting Started Guide you received with the switch How To End a Menu Session and Exit from the Console The method for ending a menu session and exiting from the console depends on whether...

Page 60: ...a switch reboot thatis if anasterisk appearsnexttoaconfigureditemornexttoSwitch Configuration in the Main Menu a Return to the Main Menu b Press 6 to select Reboot Switch and follow the instructions...

Page 61: ...f features and parameters configurable through the menu interface see the Menu Fea tures List on page 3 14 For an index of the features covered in the software manuals for your switch refer to the Sof...

Page 62: ...e VLAN Support parameter See Rebooting from the Menu Interface on page 6 11 Download OS Enables you to download a new switch software version to the switch See Appendix A File Transfers Run Setup Disp...

Page 63: ...er these screens you see the current configuration for the item you have selected To change the configuration the basic operation is to 1 Press E to select the Edit action 2 Navigate through the scree...

Page 64: ...3 6 If you are finished editing parameters in the displayed screen press Enter to return to the Actions line and do one of the following Tosaveandactivateconfigurationchanges press S forthe Save actio...

Page 65: ...on or data field The help line under the Actions items describes the currently selected action or data field For guidance on how to navigate in a screen Seetheinstructionsprovided at the bottom of the...

Page 66: ...ounters to zero Note that statistical counters can be reset to zero without rebooting the switch To Reboot the switch use the Reboot Switch option in the Main Menu Note that Reboot Switch is not avail...

Page 67: ...parameter an asterisk appears next to the VLAN Support entry in the VLAN Menu screen and also next to the Switch Configuration entry in the Main Menu Figure 3 7 Indication of a Configuration Change Re...

Page 68: ...dress Table Port Address Table Switch Configuration System Information Port Trunk Settings Network Monitoring Port IP Configuration SNMP Community Names IP authorized Managers VLAN Menu Console Passwo...

Page 69: ...to configure and use passwords and other security features Refer to the Access Security Guide for your switch To learn how to use the Event Log Using the Event Log for Troubleshooting Switch Problems...

Page 70: ...3 16 Using the Menu Interface Where To Go From Here 3500 5400 6200 8200 MCG Jan08 K_13_01 book Page 16 Monday January 28 2008 10 04 AM...

Page 71: ...s 4 4 Manager Privileges 4 5 How To Move Between Levels 4 7 Listing Commands and Command Options 4 8 Listing Commands Available at Any Privilege Level 4 8 Listing Command Options 4 10 Displaying CLI H...

Page 72: ...ault interface when you start a console session You can access the console out of band by directly connect ing a terminal device to the switch or in band by using Telnet either from a terminal device...

Page 73: ...vilege levels control the type of access to the CLI To implement this control you must set at least a Manager password Without a Manager password configured anyone having serial port Telnet or web bro...

Page 74: ...m physical access by unauthorized persons If you are concerned about switch security and operation you should install the switch in a secure location such as a locked wiring closet Privilege Level Ope...

Page 75: ...ion changes to any of the switch s software features The prompt for the Global Configuration level includes the system name and config To select this level enter the config command at the Manager prom...

Page 76: ...anagerLevel ProCurve Perform system level actions such as system control monitoring and diagnostic commands plusanyoftheOperator levelcommands Foralist of available commands enter at the prompt Global...

Page 77: ...and Result Operator level to Manager level ProCurve enable Password _ After you enter enable the Password prompt appears After you enter the Manager password the system prompt appears with the symbol...

Page 78: ...all of the commands available at that level List the options for a specific command Listing Commands Available at Any Privilege Level At a given privilege level you can list and execute the commands t...

Page 79: ...r Complete a Command Word You can use Tab to help you find CLI commands or to quickly complete the current word in a command To do so type one or more consecutive characters in a command and then pres...

Page 80: ...ased priority device priorityConfigure device based priority dscp mapDefine mapping between a DSCP Differentiated Services Codepoint value and 802 1p priority type of serviceConfigure the Type of Serv...

Page 81: ...al Command For example to list the Help for the interface command in the Global Config uration privilege level Syntax help Displays a listing of command Help summaries for all commands available at th...

Page 82: ...ndividual command from a privilege level that does not include that command results in an error message For example trying to list the help for the interface command while at the global configuration...

Page 83: ...ed port s or trunk group plus the global config uration Manager and Operator commands The prompt for this mode includes the identity of the selected port s ProCurve config interface c3 c6 ProCurve eth...

Page 84: ...rt Context In the port context the first block of commands in the listing show the context specific commands that will affect only ports C3 C6 The remaining commands in the listing are Manager Operato...

Page 85: ...Context ProCurve config vlan 100 Command executed at configuration level to enter VLAN 100 context ProCurve vlan 100 Resulting prompt showing VLAN 100 context ProCurve vlan 100 Lists commands you can...

Page 86: ...command line Ctrl L or Ctrl R Repeats current command line on a new line Ctrl N or v Enters the next command line in the history buffer Ctrl P or Enters the previous command line in the history buffer...

Page 87: ...5 8 Entering a User Name and Password 5 10 Using a User Name 5 10 If You Lose the Password 5 10 Online Help for the Web Browser Interface 5 11 Support Mgmt URLs Feature 5 12 Support URL 5 13 Help and...

Page 88: ...ion for the Alert Log operation page 5 24 Getting access to online help for the web browser interface page 5 11 Description of the web browser interface Overview window and tabs page 5 16 Port Utiliza...

Page 89: ...nfiguration Device view Port configuration VLAN configuration Fault detection Quality of service QoS Port monitoring mirroring System information IP configuration Support and management server URLs De...

Page 90: ...IP address refer to IP Configuration on page 8 2 1 Ensure that the JavaTM applets are enabled for your browser For more information on this topic refer to your browser s online Help 2 Use the web bro...

Page 91: ...access has been assigned an IP address and optionally a DNS name and has been discovered by PCM or PCM For more on assigning an IP address refer to IP Configuration on page 8 2 To establish a web bro...

Page 92: ...Browser Interface Starting a Web Browser Interface Session with the Switch Figure 5 1 Example of Status Overview Screen First time install alert 3500 5400 6200 8200 MCG Jan08 K_13_01 book Page 6 Monda...

Page 93: ...switch s web browser interface for the first time the Alert log contains a First Time Install alert as shown in figure 5 2 This gives you information about first time installations and provides an im...

Page 94: ...password screen by clicking on the Configuration tab and then the Fault Detection key Security Creating Usernames and Passwords in the Browser Interface Not e On the switches covered in this guide you...

Page 95: ...Device Passwords window and enter user names and passwords You will be required to repeat the password strings in the confirmation boxes Both the user names and passwords can be up to 16 printable ASC...

Page 96: ...capabilities Entering the operator password gives you read and limited trouble shooting capabilities Using a User Name If you also set user names in the web browser interface screen you must supply t...

Page 97: ...owser Interface Online Help is available for the web browser interface You can use it by clicking on the question mark button in the upper right corner of any of the web browser interface screens Figu...

Page 98: ...rmation source you want the switch to access when you click on the web browser interface Support tab The default is the URL for the ProCurve Networking home page TheURLofaPCM ProCurveNetworkManager wo...

Page 99: ...e URL the switch uses to find online Help for the web browser interface If you install PCM ProCurve Manager in your network the PCM manage ment station acts as the web browser Help server for the swit...

Page 100: ...ot have HTTP access to the ProCurve Support Web site 1 Go to the ProCurve Support web site to get the Device Help files www hp com rnd device_help 2 Copy the Web help files to the PCM server under C p...

Page 101: ...8040 is the standard port number to use 4 Restart the Discovery process for the change to be applied Not e Changing the Discovery s Global properties file will redirect the Device Help URL for all de...

Page 102: ...e Overview Window The Overview Window is the home screen for any entry into the web browser interface The following figure identifies the various parts of the screen Figure 5 8 The Status Overview Win...

Page 103: ...identifies traffic types and their associated colors on the bar graph Unicast Rx All Tx This is all unicast traffic received and all transmitted traffic of any type This indicator a blue color on many...

Page 104: ...t click on the Port Counters button to get a detailed set of counters for the port To change the amount of bandwidth the Port Utilization bar graph shows Clickonthebandwidthdisplaycontrolbuttonintheup...

Page 105: ...le may not be connected to the port or the device at the other end may be powered off or inoperable or the cable or connected device could be faulty Port Disabled the port has been configured as disab...

Page 106: ...t was received by the web browser interface This value is shown in the format DD MM YY HH MM SS AM PM for example 16 Sep 99 7 58 44 AM Description A short narrative statement that describes the event...

Page 107: ...ement buttons Acknowledge Event removes the New symbol from the log entry Delete Event removes the alert from the Alert Log Cancel closes the detail view with no change to the status of the alert and...

Page 108: ...s Bar The Status Bar appears in the upper left corner of the web browser interface window Figure 5 15 shows an expanded view of the status bar Figure 5 15 Example of the Status Bar Status Indicator Mo...

Page 109: ...ystem Info screen of the menu interface Most Critical Alert Description A brief description of the earliest unacknowledged alert with the current highest severity in the Alert Log appearing in the rig...

Page 110: ...rted to the Alert Log based on their level of severity Set this policy in the Fault Detection window figure 5 16 Figure 5 16 The Fault Detection Window The Fault Detection screen contains a list box f...

Page 111: ...olicy is most effective on a network where there are normally a lot of problems and you want to be informed of only the most severe ones Never Disables the Alert Log and transmission of alerts traps t...

Page 112: ...5 26 Using the ProCurve Web Browser Interface Status Reporting Features 3500 5400 6200 8200 MCG Jan08 K_13_01 book Page 26 Monday January 28 2008 10 04 AM...

Page 113: ...witch Software Downloads 6 16 Local Switch Software Replacement and Removal 6 17 Rebooting the Switch 6 19 Operating Notes about Booting 6 19 Boot and Reload Command Comparison 6 20 Setting the Defaul...

Page 114: ...tion To Reset the Switch to Its Default Configuration 6 37 Transferring Startup Config Files To or From a Remote Server 6 38 TFTP Copying a Configuration File to a Remote Host 6 38 TFTP Copying a Conf...

Page 115: ...nning Config File Exists in volatile memory and controls switch operation If no configuration changes have been made in the CLI since the switch was last booted the running config file is identical to...

Page 116: ...sume operation using the new configuration insteadof theconfigurationpreviously defined in the startup config file There are three ways to save a new configuration In the CLI Use the write memory comm...

Page 117: ...ProCurve config menu Do you want to save current configuration y n If you type Y the switch overwrites the startup config file with the running config file and your configuration change s will be pres...

Page 118: ...le show config status Compares the startup config file to the running config file and lists one of the following results If the two configurations are the same you will see Running configuration is th...

Page 119: ...executing the following command ProCurve config write memory The new mode auto 10 on port A5 is now saved in the startup config file and the startup config and running config files are identical If y...

Page 120: ...e For example Figure 6 2 Boot Prompt for an Unsaved Configuration The above prompt means that one or more parameter settings in the running config file differ from their counterparts in the startup co...

Page 121: ...enu interface display for that parameter However as indicated above unless you also make a configuration change in the menu interface only the write memory command in the CLI will actually save the ch...

Page 122: ...aving to reboot the switch That is when you save a configuration change in the menu interface you simultaneously change both the running config file and the startup config file Not e The only exceptio...

Page 123: ...ooting the switch Rebooting from the Menu Interface Terminates the current session and performs a reset of the operating system Activates any configuration changes that require a reboot Resets statist...

Page 124: ...arameters go to the Main menu and select 2 Switch Configuration then 8 VLAN Menu then 1 VLAN Support If configuration changes requiring a reboot have been made the switch displays an asterisk next to...

Page 125: ...ses by clicking on Apply Changes or Apply Settings you simultaneously change both the running config file and the startup config file Not e If you reconfigure a parameter in the CLI and then go to the...

Page 126: ...your system The switch can use only one image at a time The following tasks involve primary secondary flash options Displaying the current flash image data and determining which switch software versi...

Page 127: ...Are Installed The show ver sion command displays which software version the switch is currently running and whether that version booted from primary or secondary flash Thus if the switch booted from...

Page 128: ...download the switch reboots with the image previ ously stored in primary flash In the unlikely event that the primary image is corrupted as a result ofan interruption the switchwillrebootfrom secondar...

Page 129: ...y or the reverse the switch overwrites the file in the destination location with a copy of the file from the source location This means you do not have to erase the current image at the destination lo...

Page 130: ...image location secondary orprimary Ifthe switchhasonly oneflashimage loaded ineither primary or secondary flash and you erase that image then the switch does not have a software image stored in flash...

Page 131: ...condary flash by entering either the boot system flash primary secondary or boot set default flash primary secondary command Both the boot command and the reload command will reboot based on how these...

Page 132: ...d at and reload after command information is not saved across reboots If the switch is rebooted before a scheduledreloadcommand isexecuted thecommandiseffectivelycancelled When entering a reload at or...

Page 133: ...rm all system self tests Yes No The reload command provides a faster system reboot Choice of primary or secondary flash image Yes No Uses the current flash image Performascheduled reboot No Yes Usethe...

Page 134: ...stem flash primary secondary config FILENAME Reboots the switch from the flash that you are currently booted on primary or secondary You can select which image to boot from during the boot process its...

Page 135: ...at the second prompt initiates the reboot operation ProCurve config show flash Image Size Bytes Date Version Build Primary Image 7497114 03 29 07 K 12 XX 57 Secondary Image 7497114 03 29 07 K 12 XX 57...

Page 136: ...if you use either of the boot command options If you are using redundant management and redundancy is enabled the switch will failover to the other management module Syntax reload For example if you c...

Page 137: ...d after 03 00 To schedule a reload for the same time the following day ProCurve reload after 01 00 00 To schedule a reload for the same day at 12 05 ProCurve reload at 12 05 To schedule a reload on so...

Page 138: ...ess ProCurve config reload after 04 14 00 Reload scheduled in 4 days 14 hours 0 minutes This command will cause a switchover at the scheduled time to the other management module which may not be runni...

Page 139: ...provision that if an unattended reboot occurs the switch will come up with the known good configuration instead of repeating a reboot with a misconfiguration General Operation Multiple Configuration...

Page 140: ...ake configuration changes in the running config file and then execute write mem The result is that the startup config file used to reboot the switch is modified by the actions in step 2 Figure 6 20 Ex...

Page 141: ...lot 1 Saves a copy of the existing startup config file in memory slot 2 with the filename workingConfig Assigns the workingConfig file as the active configuration and the default configuration for all...

Page 142: ...asterisk in this column indicates that the corresponding startup config file is currently assigned to the primary boot path sec An asterisk in this column indicates that the corresponding startup con...

Page 143: ...supports multiple configuration files and boot from the flash location of this version the switch copies the existing startup config file named oldConfig into memory slot 2 renames this file to worki...

Page 144: ...be used The following two commands configure the desired behavior Syntax startup default primary secondary config filename Specifies a boot configuration policy option primary secondary config filenam...

Page 145: ...lename Specifies the name of the startup config file to apply for the immediate boot instance only This command overrides the current reboot policy Syntax reload This command boots the switch from the...

Page 146: ...ry slot to a new startup config file in another empty memory slot This enables you to use a sepa rate configuration file to experiment with configuration changes while preserving the source file uncha...

Page 147: ...tup Config File Not e You can also generate a new startup config file by booting the switch from a flash memory location from which you have erased the currently assigned startup config file Refer to...

Page 148: ...e flash assignment from the memory slot for that file Thus if the switch boots using a flash location that does not have an assigned startup config then the switch creates a new default startup config...

Page 149: ...e Switch to Its Default Configuration The Clear Reset button combination described in the Installation and Getting Started Guide produces these results That is when you press the Clear Reset button co...

Page 150: ...file pc unix below copy config src file xmodem pc unix 6 39 copy xmodem config dest file pc unix 6 40 Syntax copy config src file tftp ip addr remote file pc unix This is an addition to the copy tftp...

Page 151: ...file from a TFTP server to the switch Note This command requires an empty memory slot in the switch If there are no empty memory slots the CLI displays the following message Unable to copy configurati...

Page 152: ...filename Syntax copy xmodem config dest file pc unix This is an addition to the copyxmodem command options Use this command to download a configuration file from an Xmodem host to the switch For more...

Page 153: ...s 7 4 CLI Modifying the Interface Access 7 5 Denying Interface Access by Terminating Remote Management Sessions 7 9 System Information 7 10 Menu Viewing and Configuring System Information 7 11 CLI Vie...

Page 154: ...the Command Line Interface CLI Chapter 5 Using the ProCurve Web Browser Interface Why Configure Interface Access and System Information The inter face access features in the switch operate properly by...

Page 155: ...switch You can also simply block unauthorized access via the web browser interface or Telnet as described in this section and installing the switch in a locked environment Feature Default Menu CLI We...

Page 156: ...stem Information Figure 7 1 The Default Interface Access Parameters Available in the Menu Interface 2 Press E for Edit The cursor moves to the System Name field 3 Use the arrow keys v to move to the p...

Page 157: ...ole serial configuration Figure 7 2 Listing of Show Console Command Reconfigure Inbound Telnet Access In the default configuration inbound Telnet access is enabled Syntax no telnet server To disable i...

Page 158: ...no web management To disable web browser access ProCurve config no web management To re enable web browser access ProCurve config web management Reconfigure the Console Serial Link Settings You can re...

Page 159: ...e new console configuration will take effect For example to use one command to configure the switch with the following VT100 operation 19 200 baud No flow control 10 minute inactivity time Critical lo...

Page 160: ...o execute a series of console commands and then save the configuration and boot the switch For example Figure 7 4 Example of Executing a Series of Console Commands Configure the individual parameters...

Page 161: ...on on the serial port either through a direct connection or via a modem It does not affect the console on the standby module Syntax kill session number For example if you are using the switch s serial...

Page 162: ...e before being aged out deleted Aging out occurs when there has been no traffic from the device belonging to that MAC address for the configured interval Time Sync Method Selects the method TimeP or S...

Page 163: ...For more on this topic refer to Appendix D Daylight Savings Time on ProCurve Switches Time Used in the CLI to specify the time of day the date and other system parameters Menu Viewing and Configuring...

Page 164: ...and Configuring System Information System Information Commands Used in This Section Listing the Current System Information Thiscommandliststhecurrent system information settings Syntax show system in...

Page 165: ...d North Data Room as the location Figure 7 8 System Information Listing After Executing the Preceding Commands The menu interface will only display up to 47 characters although you can specify a name...

Page 166: ...on System Name Blue Switch System Contact Bill_Smith System Location characters of the location are missing It s too long Inactivity Timeout min 0 0 MAC Age Time sec 300 300 Inbound Telnet Enabled Yes...

Page 167: ...for the age out interval measured in seconds Default 300 seconds For example to configure the age time to seven minutes ProCurve config mac age time 420 Configure the Time Zone and Daylight Time Rule...

Page 168: ...respectively Syntax time hh mm ss mm dd yy yy For example to set the switch to 9 45 a m on November 17 2002 ProCurve config time 9 45 11 17 02 Not e Executing reloadorboot resets the time and date to...

Page 169: ...ddressing 8 10 How IP Addressing Affects Switch Operation 8 11 DHCP Bootp Operation 8 12 Network Preparations for Configuring DHCP Bootp 8 14 Loopback Interfaces 8 15 Introduction 8 15 Configuring a L...

Page 170: ...Configuration IP Configuration Features IP Address and Subnet Mask Configuring the switch with an IP address expands your ability to manage the switch and use its features By default the switch is con...

Page 171: ...figured on the primary VLAN then the default gateway value provided by the DHCP or Bootp server will be used If the switch has a manually configured default gateway then the switch uses his gateway ev...

Page 172: ...switch can also learn other settings from a DHCP or Bootp server such as packet Time To Live TTL and Timep or SNMP settings Other VLANs can also use DHCP or BootP to acquire IP addressing However the...

Page 173: ...2 Switch Configuration 5 IP Configuration Not e s If multiple VLANs are configured a screen showing all VLANs appears instead of the following screen The Menu interface displays the IP address for any...

Page 174: ...iguration fields 6 Select the IP Address field and enter the IP address for the switch 7 Select the Subnet Mask field and enter the subnet mask for the IP address 8 Press Enter then S for Save CLI Con...

Page 175: ...provides additional information Figure 8 3 Example of Show IP Listing with Non Default IP Addressing Configured Configure an IP Address and Subnet Mask The following command includes both the IP addr...

Page 176: ...onfig no vlan 1 ip address 10 28 227 103 24 Configure Multiple IP Addresses on a VLAN Multinetting The fol lowing is supported Up to 2000 IP addresses for the switch Up to 32 IP addresses for the same...

Page 177: ...ing on the Default VLAN Not e The Internet IP Service screen in the Menu interface figure 8 1 on page 8 5 displays the first IP address for each VLAN You must use the CLI show ip command to display th...

Page 178: ...avoid loss of Telnet access to off subnet management stations you should use the ip route command to configure a static default route before enabling routing For more information refer to the chapter...

Page 179: ...c IP address configuration and DHCP support for automatic Timep server IP address configuration Multiple Spanning Tree Protocol Port settings and port trunking Switch meshing Console based status and...

Page 180: ...sk for the switch The switch also receives an IP Gateway address if the server has been config ured to provide one In the case of Bootp the server must first be configuredwithanentrythathastheswitch s...

Page 181: ...server Bootp Operation When a Bootp server receives a request it searches its Bootp database for a record entry that matches the MAC address in the Bootp request from the switch If a match is found th...

Page 182: ...are in place A DHCP server is accessible from the switch 8212switch is a user defined symbolic name to help you find the correct section of the bootptab file If you have multiple switches that will be...

Page 183: ...Loopback Interfaces This section describes how to configure and use user defined loopback inter faces on the switch Introduction By default each switch has an internal loopback interface lo0 with the...

Page 184: ...er ping the switch using the router ID even if other interfaces are operational For more information about how to configure a loopback IP address to participate in an OSPF broadcast area refer to the...

Page 185: ...ample if you configure a VLAN with IP address 172 16 100 8 24 you cannot configure a loopback interface with IP address 172 16 100 8 In the same way if you configure a loopback interface lo1 with IP a...

Page 186: ...d Output Not e The default loopback interface lo0 with IP address 127 0 0 1 is not displayed in the show ip command output because it is permanently configured on the switch To display the default loo...

Page 187: ...one user defined loopback interface lo2 Figure 8 8 Example of show ip route Command Output ProCurve show ip route IP Route Entries IP Routing Enabled Default TTL 64 ARP Age 20 Destination Gateway VLA...

Page 188: ...ddress when the switch downloads the file and reboots The switch adopts all other configuration parameters in the configuration file into the startup config file If the switch s current IP addressing...

Page 189: ...ir manually assigned IP addressing and switch 4 will be configured to acquire its IP addressing from a DHCP server Entering ippreserve inthelastlineofaconfiguration file implements IP Preserve when th...

Page 190: ...Curve module 1 type J8702A module 2 type J8705A trunk A11 A12 Trk1 Trunk ip default gateway 10 10 10 115 snmp server community public Unrestricted vlan 1 name DEFAULT_VLAN untagged A1 A10 A13 A24 B1 B...

Page 191: ...t of the downloaded configuration file determines the IP addresses and subnet masks for other VLANs ProCurve show run Running configuration J8715A Configuration Editor Created on release K 12 07 hostn...

Page 192: ...8 24 Configuring IP Addressing IP Preserve Retaining VLAN 1 IP Addressing Across Configuration File Downloads 3500 5400 6200 8200 MCG Jan08 K_13_01 book Page 24 Monday January 28 2008 10 04 AM...

Page 193: ...n 9 8 Configuring Enabling or Disabling the SNTP Mode 9 10 TimeP Viewing Selecting and Configuring 9 16 Menu Viewing and Configuring TimeP 9 17 CLI Viewing and Configuring TimeP 9 18 Viewing the Curre...

Page 194: ...d TimeP Time Synchronization You can either manually assign the switch to use a TimeP server or use DHCP to assign the TimeP server In either case the switch can get its time synchro nization updates...

Page 195: ...choices are SNTP Broadcast or Unicast TimeP DHCP or Manual 3 Configure the remaining parameters for the time protocol you selected The switch retains the parameter settings for both time protocols ev...

Page 196: ...time synchronization method timep page 9 6 page 9 10 ff disable time synchronization timep page 9 6 page 9 14 enable the SNTP mode Broadcast Unicast or Disabled disabled broadcast n a page 9 6 page 9...

Page 197: ...iginal server it the switch accepts a broadcast time update from the next server it detects Poll Interval seconds In Unicast Mode Specifies how often the switch polls the designated SNTP server for a...

Page 198: ...owing i Press to move the cursor to the Server Address field ii Enter the IP address of the SNTP server you want the switch to use for time synchronization CONSOLE MANAGER MODE Switch Configuration Sy...

Page 199: ...the updated list For more on this topic refer to SNTP Unicast Time Polling with Multiple SNTP Servers on page 9 25 iv Press to move the cursor to the Poll Interval field then go to step 6 Figure 9 3...

Page 200: ...od then enabled SNTP in broadcast mode with the default poll interval show sntp lists the following SNTP Command Page show sntp 9 8 no timesync 9 10 and ff 9 14 sntp broadcast 9 11 sntp unicast 9 11 s...

Page 201: ...ess Protocol Version 1 2001 db8 215 60ff fe79 8980 7 2 10 255 5 24 3 3 fe80 123 vlan10 3 ProCurve config show sntp SNTP Configuration Time Sync Mode Timep SNTP Mode Unicast Poll Interval sec 720 719 P...

Page 202: ...and page 9 11 Syntax sntp server ip addr Required only for unicast mode page 9 11 Syntax sntp server priority 1 3 Specifies the order in which the configured servers are polled for getting the time V...

Page 203: ...erify the configuration The commands and output would appear as follows Figure 9 7 Example of Enabling SNTP Operation in Broadcast Mode Enabling SNTP in Unicast Mode Like broadcast mode configuring SN...

Page 204: ...s the order in which the configured SNTP servers are polled for getting the time Value is between 1 and 3 Syntax no sntp server ip addr Deletes the specified SNTP server Not e Deleting an SNTP server...

Page 205: ...c Mode Sntp SNTP Mode Unicast Poll Interval sec 720 720 Priority SNTP Server Address Protocol Version 1 2001 db8 215 60ff fe79 8980 7 2 10 255 5 24 3 3 fe80 123 vlan10 3 In this example the Poll Inter...

Page 206: ...mand For example suppose SNTP is running as the switch s time synchronization protocol with Broadcast as the SNTP mode and the factory default polling interval You would halt time synchronization with...

Page 207: ...28 227 141 and a server version of 3 the default no sntp changes the SNTP configuration as shown below and disables time synchronization on the switch Figure 9 11 Example of Disabling Time Synchroniza...

Page 208: ...the Menu interface Time Sync Method parameter or the CLI timesync command DHCP When Timep is selected as the time synchronization method the switch attempts to acquire a Timep server IP address via D...

Page 209: ...ing Use the Space bar to select the DHCP mode then press v to move the cursor to the Poll Interval field and go to step 6 Use the Space bar to select the Manual mode i Press to move the cursor to the...

Page 210: ...you want for a TimeP Poll Interval Press Enter to return to the Actions line then S for Save to enter the new time protocol configuration in both the startup config and running config files CLI Viewin...

Page 211: ...hough it is not currently in use Figure 9 14 Example of TimeP Configuration When TimeP Is Not the Selected Time Synchronization Method Syntax show timep This command lists both the time synchronizatio...

Page 212: ...terface Time Sync Method parameter Syntax timesync timep Selects TimeP as the time protocol Syntax ip timep dhcp manual Enables the selected TimeP mode Syntax no ip timep Disables the TimeP mode Synta...

Page 213: ...or DHCP mode 4 View the TimeP configuration The commands and output would appear as follows Figure 9 16 Example of Enabling TimeP Operation in DHCP Mode Syntax timesync timep Selects TimeP as the time...

Page 214: ...new server IP address For example to select TimeP and configure it for manual operation using a TimeP server address of 10 28 227 141 and the default poll interval 720 minutes assuming the TimeP poll...

Page 215: ...running as the switch s time synchronization protocol with DHCP as the TimeP mode and the factory default polling interval You would halt time synchronization with this command ProCurve config no tim...

Page 216: ...wn below and disables time synchronization Figure 9 19 Example of Disabling Time Synchronization by Disabling the TimeP Mode Parameter Even though the Time Sync Mode is set to Timep time synchronizati...

Page 217: ...address list again after the configured Poll Interval time has expired Displaying All SNTP Server Addresses Configured on the Switch The System Information screen in the menu interface displays only o...

Page 218: ...use the CLI If there are multiple addresses and you delete one of them the switch re orders the address priority For example to delete the primary address in the above example and automatically conve...

Page 219: ...X 10 15 Web Viewing Port Status and Configuring Port Parameters 10 18 Using Friendly Optional Port Names 10 18 Configuring and Operating Rules for Friendly Port Names 10 18 Configuring Friendly Port N...

Page 220: ...other unexpected behavior on the link check the port configuration on both devices for a speed and or duplex mode mismatch To check the mode setting for a port on the switch use either the Port Status...

Page 221: ...he menu interface MDI Sets the port to connect with a PC using a crossover cable Manual mode applies only to copper port switches using twisted pair copper Ethernet cables MDIX Sets the port to connec...

Page 222: ...rossover MDI Configures the port to connect to a switch hub or other MDI X device with a straight through cable MDIX Configures the port to connect to a PC or other MDI device with a straight through...

Page 223: ...To View Port Configuration The menu interface dis plays the configuration for ports and if configured any trunk groups From the Main Menu select 1 Status and Counters 4 Port Status Figure 10 1 Exampl...

Page 224: ...r the first port 3 Refer to the online help provided with this screen for further information on configuration options for these features 4 When you have finished making changes to the above parameter...

Page 225: ...fig page 10 8 show interfaces port utilization page 10 9 show tech transceivers page 10 9 interface page 10 11 disable enable page 10 11 speed duplex page 10 11 flow control page 10 12 broadcast limit...

Page 226: ...00T No Yes Down Auto 10 100 Auto off 0 B2 100 1000T No Yes Down 1000FDx Auto off 0 B3 100 1000T No Yes Down 1000FDx Auto off 0 B4 100 1000T No Yes Down 1000FDx Auto off 0 B5 100 1000T No Yes Down 1000...

Page 227: ...k status and the port rate average over a 5 minute period Port rates are shown in bits per second bps for ports up to 1 Gigabit for 10 Gigabit ports port rates are shown in kilobits per second Kbps Vi...

Page 228: ...ine 23 Figure 10 6 no transceiver type product number or part information is displayed In the Serial Number field non operational is displayed instead of a serial num ber The following error messages...

Page 229: ...e available Only these speeds are allowed with this setting For example to configure port C5 for auto 10 100 enter this command ProCurve config int c5 speed duplex auto 10 100 To configure ports C1 th...

Page 230: ...mode must be set to Auto the default To disable flow control on some ports while leaving it enabled on other ports just disable it on the individual ports you want to exclude For example suppose that...

Page 231: ...n the switch you would use these commands Figure 10 8 Example of Configuring Flow Control for a Series of Ports Figure 10 9 Example Continued from Figure 10 8 Enables per port flow control for ports A...

Page 232: ...ontrol Syntax broadcast limit 0 99 Enables or disables broadcast limiting for outbound broadcasts on a selected port on the switch The value selected is the percentage of traffic allowed for example b...

Page 233: ...s If you connect a copper port using a straight through cable on a switch to a port on another switch or hub that uses MDI X ports the switch port automatically operates as an MDI port If you connect...

Page 234: ...rossover Cable Straight Through Cable Manual MDI X Straight Through Cable Crossover Cable Auto MDI X The Default Either Crossover or Straight Through Cable Syntax interface port list mdix mode auto md...

Page 235: ...he case of ports configured for Auto auto mdix the MDI mode appears as either MDIor MDIX depending upon which option the port has negotiated with the device on the other end of the link In the case of...

Page 236: ...ptional Port Names This feature enables you to assign alphanumeric port names of your choosing to augment automatically assigned numeric port names This means you can configure meaningful port names t...

Page 237: ...t allowed and if used cause an invalidinput error The switch interprets a blank space as a name terminator In a port listing not assigned indicates that the port does not have a name assignment other...

Page 238: ...isting of port numbers with their corresponding friendly port names and also quickly shows you which ports do not have friendly name assignments show name data comes from the running config file showi...

Page 239: ...for All Ports on the Switch Figure 10 16 Example of Friendly Port Name Data for Specific Ports on the Switch Including Friendly Port Names in Per Port Statistics Listings A friendly port name configu...

Page 240: ...running config file the Name line in the above command output appears as Name not assigned To Search the Configuration for Ports with Friendly Port Names This option tells you which friendly port nam...

Page 241: ...s the friendly port name for port A1 in the startup config file The name entered for port A2 is not saved becauseitwasexecutedafter write memory In this case show config lists only port A1 Executing w...

Page 242: ...as text files that can be uploaded to the switch without the modules having been installed yet Additionally you can pre configure the modules with the CLI module command The same module command used i...

Page 243: ...n UDLD is enabled on the trunk ports on each ProCurve switch the switches detect the failed link block the ports connected to the failed link and use the remaining ports in the trunk group to forward...

Page 244: ...be unblocked by disabling UDLD on the port Configuring UDLD When configuring UDLD keep the following considerations in mind UDLD is configured on a per port basis and must be enabled at both ends of...

Page 245: ...u can specify from 10 100 in 100 ms increments where 10 is 1 second 11 is 1 1 seconds and so on Default 50 5 seconds Syntax link keepalive retries num Determines the maximum number of retries to send...

Page 246: ...a value from 3 10 For example to change the maximum number of attempts to 4 enter the following command at the global configuration level ProCurve config link keepalive retries 4 Configuring UDLD for...

Page 247: ...ink keepalive Syntax show link keepalive statistics Displays detailed statistics for the UDLD enabled ports on the switch Syntax clear link keepalive statistics Clears UDLD statistics This command cle...

Page 248: ...ighbor Port 5 Udld Packets Received 1000 State Transitions 2 Port Blocking no Link vlan 1 Port 2 Current State up Neighbor MAC Addr 000102 030405 Udld Packets Sent 500 Neighbor Port 6 Udld Packets Rec...

Page 249: ...1 and 22 but the user tries to configure UDLD on port 7 to send tagged packets in VLAN 4 the configuration will be accepted The UDLD control packets will be sent tagged in VLAN 4 which may result in t...

Page 250: ...10 32 Port Status and Configuration Uni Directional Link Detection UDLD 3500 5400 6200 8200 MCG Jan08 K_13_01 book Page 32 Monday January 28 2008 10 04 AM...

Page 251: ...Level 11 14 Disabling or Re Enabling PoE Port Operation 11 15 Enabling Support for Pre Standard Devices 11 15 Configuring PoE Redundancy 11 16 Changing the Threshold for Generating a Power Notice 11 1...

Page 252: ...onfigurations 11 32 Assigning Priority Policies to PoE Traffic 11 33 Calculating the Maximum Load for a PoE Module 11 34 When a Power Supply Fails 11 35 PoE Operating Notes 11 36 PoE Event Log Message...

Page 253: ...4 mini GBIC PoE module J8705A The switch must have at least one of the following power supplies installed ProCurve J8712A Power Supply providing 273 watts of PoE power ProCurve J8713A Power Supply pro...

Page 254: ...modated PD Powered Device This is an IEEE 802 3af compliant device that receives its power through a direct connection to a Gig T PoE port in a PoE device ExamplesofPDsincludeVoice over IP VoIP teleph...

Page 255: ...or SNMP and Event Log reporting of PoE consumption on either all PoE ports on the switch or on all PoE ports in one or more PoE modules Specify the port priority you want to use for provisioning PoE p...

Page 256: ...uide which is available on the ProCurve Networking web site at www procurve com Click on technical support then Product manuals all The latest version of any ProCurve product guide is always on the Pr...

Page 257: ...in case a PoE module becomes oversubscribed and must drop power for some lower priority ports to support the demand on other higher priority ports Configure one of the following A global power thresh...

Page 258: ...m port Y and delivered to port X In this case the PD on port Y loses power and the PD on port X receives power If the new PD connects to a port X having a lower priority than all other PoE ports curre...

Page 259: ...PD from a PoE port causes the module to stop providing PoE power to that port and makes the power available to any other PoE ports that have PDs connected and waiting for power If the PD demand for po...

Page 260: ...Power Available PoE Power Available for the PoE J8702A Module One power supply J8712A Power Supply 273 watts J8713A Power Supply 900 watts Depending on the power demand from the PDs lower priority por...

Page 261: ...l ProCurve config interface c3 c17 power over ethernet critical The Critical priority class always receives power If there is not enough power to provision PDs on all of the ports configured for this...

Page 262: ...rnet low There are 48 PDs attached to all ports of modules A and C 24 ports each module There is only enough PoE power for 32 ports 8 5 watts x 32 ports 273 watts C22 C24 Low In this example the CLI c...

Page 263: ...hest priority of the ports in that module if all ports are in the same priority class which is the case for this example Since a minimum 17 5 watts of power is allocated per PoE module port A1 will al...

Page 264: ...est numbered port at that level will be provisioned first starting with module A then B C and so on PoE priorities are invoked only when all active PoE ports cannot be provisioned supplied with PoE po...

Page 265: ...isabled on port list The no form of the command disables PoE operation on port list Default All PoE ports on the module are initially enabled for PoE operation at Low priority If you configure a highe...

Page 266: ...r held in reserve for redundancy The no option means that all available power can be allocated to PDs Default No PoE redundancy enforced n 1 One of the power supplies is held in reserve for redundancy...

Page 267: ...ules installed in the switch For example suppose slots A B and C each have a PoE module installed In this case executing the following command sets the global notification threshold to 70 of available...

Page 268: ...on page 11 37 Default Global PoE Power Threshold 80 By using the slot slot id range option you can specify different notification thresholds for different PoE modules installed in the switch For exam...

Page 269: ...r disables port s for allocating PoE power based on the link partner s capabilities via LLDP By default PoE information detected through LLDP is ignored Default Disabled ProCurve config show power ove...

Page 270: ...lue command ProCurve config int A6 poe allocate by value or in interface context ProCurve eth A6 poe allocate by value Syntax no int port list poe allocate by usage class value Allows you to manually...

Page 271: ...t Power Status for port A6 Power Enable Yes LLDP Detect enabled Priority low Configured Type AllocateBy value Value 15 Detection Status Delivering Power Class 0 Over Current Cnt 0 MPS Absent Cnt 0 Pow...

Page 272: ...in the switch s MIB Manage ment Information Base as described in the following steps 1 Use the walkmibpethPsePortType slot command to determine the MIB based port number for the port to which you want...

Page 273: ...b pethPsePortType 1 5 D Wireless 1 pethPsePortType 1 5 Wireless 1 5400 config show power over ethernet brief Status and Counters Port Power Status PoE Power LLDP Power Alloc PoE Configured Detection P...

Page 274: ...power available in the event of a single power supply failure This is the amount of power the switch can maintain without dropping any PDs Total Redundancy Power Indicates the amount of PoE power tha...

Page 275: ...ve config show power over ethernet Status and Counters System Power Status Pre standard Detect On Power Redundancy none Chassis power over ethernet Total Provided Power 273 W Total Failover Power 0 W...

Page 276: ...ge class value PoE Value The maximum amount of PoE power allocated for that port expressed in watts Default 17W Configured Type If configured shows the user specified identifier for the port If not co...

Page 277: ...nable Detect Priority By Val Type Status Class A1 Yes enabled low usage 5 Phone 1 Delivering 0 A2 Yes disabled low usage 17 Searching 1 A3 Yes disabled low usage 17 Searching 0 A4 Yes disabled low usa...

Page 278: ...on this topic refer to the power command description under Configuring PoE Operation on page 11 14 Allocate by How PoE is allocated usage class value Detection Status Searching The port is available...

Page 279: ...the field is empty Refer to Configuring Optional PoE Port Identifiers on page 11 22 Value The maximum amount of PoE power allocated for that port expressed in watts Default 17W Power Class Shows the p...

Page 280: ...Detect enabled Priority low Configured Type AllocateBy value Value 17 Detection Status Delivering Power Class 0 Over Current Cnt 0 MPS Absent Cnt 0 Power Denied Cnt 0 Short Cnt 0 Voltage 492 dV Curren...

Page 281: ...ure 11 10 Displaying Information about the Power Supplies Syntax show chassis power supply Displays the power information for each power supply in the chassis ProCurve config show chassis power supply...

Page 282: ...first two topics If your PoE installation comes close to or is likely to exceed the system s ability to supply power to all devices that may request it then you should also read the third topic If it...

Page 283: ...Security Guide for your switch The ProCurve Networking web site offersthelatestversionofallProCurveproductpublications Referto Getting Documentation From the Web on page 1 6 Assigning Priority Policie...

Page 284: ...delivers to a specific PoE module there may or may not always be enough power available to connect and support PoE operation on all 24 Gig T ports in a PoE module PoE power is available if it is eith...

Page 285: ...s installed supplying 900 watts of PoE power each total 1800 watts then 900 watts of PoE power will be available to continue supplying PoE power to ports in priority order if one power supply fails If...

Page 286: ...d PoE devices as evenly as possible across modules To cycle the power on a PD receiving power from a PoE port on the switch disable then re enable the power to that port For example to cycle the power...

Page 287: ...low the threshold specified by the last execution of the power threshold command affecting that module This message occurs if after the last reboot the PoE demand on the module exceeded the power thre...

Page 288: ...onthe indicated port and the port does not have sufficient PoE priority to take power from another active PoE port Port port id PD Invalid Signature indication Theswitchhasdetectedanon 802 3af compli...

Page 289: ...runks 12 11 Using the CLI To Configure a Static or Dynamic Trunk Group 12 14 Web Viewing Existing Port Trunk Groups 12 17 Trunk Group Operation Using LACP 12 18 Default Port Operation 12 21 LACP Notes...

Page 290: ...e consecutive For example Figure 12 1 Conceptual Example of Port Trunking With full duplex operation in a eight port trunk group trunking enables the following bandwidth capabilities Feature Default M...

Page 291: ...media type in a port trunk group Similarly for proper trunk operation all links in the same trunk group must have the same speed duplex and flow control Port Security Restriction Portsecuritydoesnotop...

Page 292: ...s The 10 gigabit ports available for some switch models allow only the Auto setting Fault Tolerance If a link in a port trunk fails the switch redistributes traffic originally destined for that link t...

Page 293: ...to change them to LACP passive Static Trunk The switch uses the links you configure with the Port Trunk Settings screen in the menu interface or the trunk command inthe CLI to create a static port tru...

Page 294: ...nk group You want an LACP trunk group to operate in a VLAN other than the default VLAN and GVRP is disabled Refer to VLANs and Dynamic LACP on page 12 23 You want to use a monitor port on the switch t...

Page 295: ...Flow control Flow Ctrl LACP is a full duplex protocol Refer to Trunk Group Operation Using LACP on page 12 18 Trunk Configuration All ports in the same trunk group must be the same trunk type LACP or...

Page 296: ...e IGMP for a static trunk in the same way that you would configure IGMP on a non trunked port Note that the switch lists the trunk by name such as Trk1 and does not list the individual ports in the tr...

Page 297: ...dure uses the Port Trunk Settings screen to configure a static port trunk group on the switch 1 Follow the procedures in the Important note above 2 From the Main Menu Select 2 Switch Configuration 2 P...

Page 298: ...Advanced Traffic Management Guide for your switch To return a port to a non trunk status keep pressing the Space bar until a blank appears in the highlighted Group value for that port Figure 12 5 Exam...

Page 299: ...Port Trunks You can list the trunk type and group for all ports on the switch or for selected ports You can also list LACP only status information for LACP configured ports Listing Static Trunk Type a...

Page 300: ...includes a port list and thus shows trunk group information only for specific ports that have membership in a static trunk In figure 12 7 the command does not include a port list so the switch lists a...

Page 301: ...or a trunk by including more than eight ports in a dynamic LACP trunk configuration When eight ports trunk links are up the remaining link s will be held in standby status If a trunked link that is Up...

Page 302: ...the ports until the trunk is configured Refer to Enabling or Disabling Ports and Configuring Port Mode on page 10 11 The table on page 12 5 describes the maximum number of trunk groups you can configu...

Page 303: ...ve ports C4 and C5 from an existing trunk group ProCurve config no trunk c4 c5 Enabling a Dynamic LACP Trunk Group In the default port configura tion all ports on the switch are set to disabled To ena...

Page 304: ...figures port list as LACP active If the ports at the other end of the links on port list are configured as LACP passive then this command enables a dynamic LACP trunk group on port list Switch A withp...

Page 305: ...wing ProCurve config no interface c6 lacp ProCurve config interface c6 lacp passive Note that in the above example if the port on the other end of the link is configured for active LACP or static LACP...

Page 306: ...rates with Auto 10 Auto 100 andAuto 1000 ifnegotiation selectsFDx and 10FDx 100FDx and 1000FDx settings LACP trunk status commands include Thus to display a listing of dynamic LACP trunk ports you mus...

Page 307: ...t Group name The ports on both ends of each link have compatible mode settings speed and duplex The port on one end of each link must be configured for LACP Active and the port on the other end of the...

Page 308: ...of the following trunking protocols Active LACP Passive LACP Trunk This option uses LACP for the port Type parameter and TrkX for the port Group parameter where X is an automatically assigned value in...

Page 309: ...as Port Number The port is configured for LACP but is not a member of a port trunk Port Status Up The port has an active LACP link and is not blocked or in Standby mode Down The port is enabled but an...

Page 310: ...ACP is not allowed on ports configured for port security If you configure port security on a port on which LACP active or passive is configured the switch removes the LACP configuration displays a not...

Page 311: ...hat port which means you must manually configure both ends of the trunk Dynamic LACP Trunks You can configure a port for LACP active or LACP passive but on a dynamic LACP trunk you cannot configure th...

Page 312: ...omes active again the replace ment port goes back to blocked Port Status is Blocked It can take a few seconds for the switch to discover the current status of the ports Figure 12 11 Blocked Ports with...

Page 313: ...ex FDx requirement for LACP trunking 10 gigabit ports operate only at FDx A port configured as LACP passive and not assigned to a port trunk can be configured to half duplex HDx However in any of the...

Page 314: ...fic is handled by the device at the other end of the trunked links Similarly the switch handles incoming traffic from the trunked links as if it were from a trunked source When a trunk group is config...

Page 315: ...rs That is the switch sends traffic from the same sourceaddresstothesamedestinationaddressthroughthesametrunkedlink and may also send traffic from the same source address to a different desti nation a...

Page 316: ...he IP source address and IP destination address otherwise the MAC addresses are used The result of that process undergoes a mapping that determines which link the traffic goes through If you have only...

Page 317: ...can vary widely it is possible for one link in a trunk group to be fully utilized while other links in the same trunk have unused bandwidth capacity even if the assignments were evenly distributed acr...

Page 318: ...12 30 Port Trunking Outbound Traffic Distribution Across Trunked Links 3500 5400 6200 8200 MCG Jan08 K_13_01 book Page 30 Monday January 28 2008 10 04 AM...

Page 319: ...terface 13 14 Displaying the Current ICMP Rate Limit Configuration 13 14 Operating Notes for ICMP Rate Limiting 13 15 ICMP Rate Limiting Trap and Event Log Messages 13 17 Guaranteed Minimum Bandwidth...

Page 320: ...Jumbo Traffic on a VLAN 13 33 Configuring a Maximum Frame Size 13 33 Configuring IP MTU 13 34 SNMP Implementation 13 34 Displaying the Maximum Frame Size 13 35 Operating Notes for Maximum Frame Size...

Page 321: ...ify bandwidth usage in terms of kilobits per second kbps Guaranteed Minimum Bandwidth GMB Provides a method for ensuring that each of a port s outbound queues has a specified minimum consideration for...

Page 322: ...iting also can be applied by a RADIUS server during an authentication client session For further details refer to the chapter titled RADIUS Authen tication and Accounting in the Access Security Guide...

Page 323: ...either inbound or outbound traffic Specifying the traffic rate as either a percentage of bandwidth or in terms of bits per second Syntax no int port list rate limit all in out percent 0 100 kbps 0 100...

Page 324: ...100 199 Kbps is also implemented as a limit of 100 Kbps a limit of 200 299 Kbps is implemented as a limit of 200 Kbps and so on Percentage limits are based on link speed For example if a 100 Mbps port...

Page 325: ...d do not appear in the startup config file ProCurve eth A5 show rate limit all a1 a6 All Traffic Rate Limit Maximum Port Inbound Limit Mode Radius Override Outbound Limit Mode A1 Disabled Disabled No...

Page 326: ...adding it to a trunk suspends ProCurve config show config Startup configuration J8697A Configuration Editor Created on release K 12 XX hostname ProCurve Switch 8212zl module 1 type J8705A snmp server...

Page 327: ...pressure to hold high priority inbound traffic from the upstream device or application to a rate that is lower than the configured rate limit In this case the inbound traffic flow does not reach the...

Page 328: ...tes per second that 100 Mbps can support for minimum sized packets Suppose port X is configured with a rate limit of 50 4 761 904 bytes If a throughput testing application is the only application usin...

Page 329: ...allow one to five per cent of available inbound bandwidth at 10 Mbps or 100 Mbps speeds or 100 10 000 kbps 1Gbps or 10 Gbps speeds to be used for ICMP traffic This feature should not be used to remov...

Page 330: ...limit thresholds are applicable to other network environments On edge interfaces where ICMP traffic should be minimal a threshold of 1 of available bandwidth should be sufficient for most application...

Page 331: ...low values for example less than 45 Kbps This is to allow metering to function well at higher media speeds such as 10 Gbps Syntax no int port list rate limit icmp percent 0 100 kbps 0 10000000 Configu...

Page 332: ...f the port s bandwidth The ICMP traffic rate limit on port X is configured at 2 of the port s bandwidth If at a given moment Inbound ICMP traffic on port X is using 1 of the port s bandwidth and Inbou...

Page 333: ...te limiting is available on all types of ports other than trunk ports or mesh ports and at all port speeds configurable for the switch Rate limiting is not permitted on mesh ports Either type of rate...

Page 334: ...with flow control In cases where both types of rate limiting rate limit all and rate limit icmp are configured on the same interface thissituationismorelikelyto occur Inanothertypeofsituation an outbo...

Page 335: ...MP Rate Limiting Trap and Event Log Messages If the switch detects a volume of inbound ICMP traffic on a port that exceeds the ICMP rate limit configured for that port it generates one SNMP trap and o...

Page 336: ...s external slot number identity To match the port s external slot number to the internal port number use the walkmib ifDescr command as shown in the following figure Figure 13 5 Matching Internal Port...

Page 337: ...thereisinsufficientbandwidth allocated to a particular outbound priority queue for a given port If additional unused bandwidth is not available the port delays or drops the excess traffic GMB Operatio...

Page 338: ...it is neces sary only to specify the minimum bandwidth you want to allocate to the lower priority queues In this case the high priority traffic automatically receives all unassigned bandwidth without...

Page 339: ...B settings for all outbound queues on a given port cannot exceed 100 Impacts of QoS Queue Configuration on GMB Operation The section on Configuring Guaranteed Minimum Bandwidth for Out bound Traffic a...

Page 340: ...ch as links to routers other switches or to the network core Syntax no int port list bandwidth min output Configures the default minimum bandwidth allocation for the outbound priority queue for each p...

Page 341: ...the unallocated bandwidth is apportioned to oversubscribed queues in descending order of priority For example if you configure a minimum of 10 for queues 1 7 and 0 for queue 8 then the unallocated ba...

Page 342: ...eue 7 becomes oversubscribed and queue8isnotalreadyusingalloftheunallocatedbandwidth then queue 7 can use the unallocated bandwidth Also any unused bandwidth allocated to queues 6 to queue 1 is availa...

Page 343: ...ndwidth output port list Without port list this command lists the GMB configuration for all ports on the switch With port list this command lists the GMB configuration for the specified ports This com...

Page 344: ...andwidth min and show bandwidth output to operate only on the number of queues currently configured In addition when the qos queue config command is executed any previously configured bandwidth min ou...

Page 345: ...0 Mbps only frames that do not exceed 1522 bytes are allowed inbound on that port Terminology Jumbo Frame An IP frame exceeding 1522 bytes in size The maximum Jumbo frame size is 9220 bytes This size...

Page 346: ...rt Adds and Moves If you add a port to a VLAN that is already configured for jumbo traffic the switch enables that port to receive jumbo traffic If you remove a port from a jumbo enabled VLAN the swit...

Page 347: ...ating at least at gigabit speed Check the Mode field in the output for the show interfaces brief port list command 3 Use the jumbo command to enable jumbo frames on one or more VLANs statically config...

Page 348: ...umn to indicate which VLANs are configured to support jumbo traffic Entering only one port in port list results in a list of all VLANs to which that port belongs Entering multiple ports in port list r...

Page 349: ...Jumbo Status for a VLAN Syntax show vlans vid This command shows port membership and jumbo configuration for the specified vid Indicates which static VLANs are configured to enable jumbo frames Lists...

Page 350: ...o one jumbo VLAN can receive jumbo frames through any other VLAN statically configured on the switch regardless of whether the other VLAN is enabled for jumbo frames The no form of the command disable...

Page 351: ...ropri etary MIB object hpSwitchMaxFrameSize OBJECT TYPE This is the value of the global max frame size supported by the switch The default value is set to 9216 bytes Jumbo IP MTU The IP MTU for Jumbos...

Page 352: ...of software that supports setting the maximum frame size from a version that did not the max frame size value is set automatically to 9216 bytes Configuring a Jumbo maximum frame size on a VLAN allows...

Page 353: ...more jumbo VLANs with a membership comprised of only the ports you want to receive jumbo traffic Because a port belonging to one jumbo enabled VLAN can receive jumbo frames through any VLAN to which...

Page 354: ...opped by the downstream device Jumbo Traffic in a Switch Mesh Domain Note that if a switch belongs to a meshed domain but does not have any VLANs configured to support jumbo traffic then the meshed po...

Page 355: ...und jumbo frames To determine the actual operating speed of one or more ports view the Mode field in the output for the following command show interfaces brief port list A non jumbo port is generating...

Page 356: ...13 38 Port Traffic Controls Jumbo Frames 3500 5400 6200 8200 MCG Jan08 K_13_01 book Page 38 Monday January 28 2008 10 04 AM...

Page 357: ...LI Viewing and Configuring SNMP Community Names 14 15 SNMP Notifications 14 17 Supported Notifications 14 17 General Steps for Configuring SNMP Notifications 14 18 SNMPv1 and SNMPv2c Traps 14 19 Confi...

Page 358: ...fication Support 14 51 Configuring Per Port Transmit and Receive Modes 14 52 Configuring Basic LLDP Per Port Advertisement Content 14 53 Configuring Support for Port Speed and Duplex Advertisements 14...

Page 359: ...ically using DHCP or Bootp If multiple VLANs are configured each VLAN interface should have its own IP address For DHCP use with multiple VLANs refer to the section titled The Primary VLAN in the Stat...

Page 360: ...o to the ProCurve Networking web site at www procurve com Click on software updates then MIBs Configuring for SNMP version 1 and 2c Access to the Switch SNMP access requires an IP address and subnet m...

Page 361: ...DHCP Bootp to configure the switch ensure that the DHCP Bootp process provides the IP address See DHCP Bootp Operation on page 8 12 Once an IP address has been configured the main steps for configuri...

Page 362: ...etwork management applications such as auto discovery traffic monitoring SNMP trap generation and threshold setting from operating in the switch Syntax no snmpv3 enable Enable and disable the switch f...

Page 363: ...d to clone The initial user record can be downgraded and provided with fewer features but not upgraded by adding new features For this reason it is recommended that when you enable SNMPv3 you also cre...

Page 364: ...existing security group Adding Users To configure an SNMPv3 user you must first add the user name to the list of known users with the snmpv3 user command Figure 14 2 Adding SNMPv3 Users and Displayin...

Page 365: ...tion you can set either MD5 or SHA authentication The authentication password auth_pass must be 6 32 characters in length and is mandatory when you configure authentication Default None priv des aes p...

Page 366: ...applications Syntax no snmpv3 group This command assigns or removes a user to a security group for access rights to the switch To delete an entry all of the following three parameters must be included...

Page 367: ...SNMP commuities are supported by the switch to allow management applications that use version 2c or version 1 to access the switch The communities are mapped to Group Access Levels that are used for v...

Page 368: ...to specify the index_name parameter index index_name This is an index number or title for the mapping The values of 1 5 are reserved and can not be mapped name community_name This is the community nam...

Page 369: ...ome network management functions such as traffic monitoring SNMP trap generation and threshold setting If network management security is a concern and you are using the above software versions ProCurv...

Page 370: ...Community Name field and use the Space bar to select the appropriate value in each of the other fields Use the Tab key to move from one field to the next 4 Press Enter then S for Save Add and Edit opt...

Page 371: ...ther community named blue team Figure 14 7 Example of the SNMP Community Listing with Two Communities To list the data for only one community such as the public community use the above command with th...

Page 372: ...perator MIB view If you do not specify restricted or unrestricted the switch automatically assigns the community to restricted read only access The no form uses only the community name variable and de...

Page 373: ...up linkUp Port security web MAC or 802 1X authentication failure Invalid password entered in a login attempt through a direct serial Telnet or SSH connection Inability to establish a connection with t...

Page 374: ...procedures SNMPv1 and SNMPv2c Traps on page 14 19 Configuring an SNMP Trap Receiver on page 14 19 Enabling SNMPv2c Informs on page 14 21 If you want to use SNMPv3 notifications including traps you mus...

Page 375: ...ic community name these traps are not sent Thresholds A switch automatically sends all messages created when a system threshold is reached to the network management station that configured the thresho...

Page 376: ...ype of event log message that you specify applies only to event log messages not to threshold traps For each configured event level the switch continues to send threshold traps to all network manageme...

Page 377: ...for SNMPv2c you can use the snmp server host inform command to send inform requests when certain events occur When an SNMP Manager receives an inform request it can send an SNMP response back to the...

Page 378: ...ow snmp server SNMP Communities Community Name MIB View Write Access public Manager Unrestricted Trap Receivers Link Change Traps Enabled on Ports All All Address Community Events Sent Notify Type Ret...

Page 379: ...mand see SNMPv3 Users on page 14 7 Each SNMPv3 user configuration is entered in the User Table 3 Assign SNMPv3 users to security groups according to their level of access privilege by entering the snm...

Page 380: ...s to be sent to the IP address of the SNMPv3 management station You can enter more than one tag_name value Each tag_name value must be already associated with the name of an SNMPv3 notification config...

Page 381: ...snmpv3 targetaddress command in Step 5 to a specified SNMPv3 user from the user user_name value configured with the snmpv3 user command in Step 2 If you enter the snmpv3 params user command you must a...

Page 382: ...You can manage the default configuration of the switch to disable and re enable notifications to be sent for the following types of security events SNMP authentication failure Port security web MAC or...

Page 383: ...port security auth server fail dhcp snooping arp protect Enables or disables sending one of the following types of security notification to configured trap receivers snmp auth sends a trap for a faile...

Page 384: ...Category Current Trap Configuration SNMP Authentication extended Password change enabled Login failures enabled Port Security enabled Authorization Server Contact enabled ARP Protection enabled DHCP...

Page 385: ...SNMP request was received as the source IP address in the IP header of SNMP traps and replies enter the following command ProCurve config snmp server response source dst ip of request Syntax no snmp s...

Page 386: ...f the SNMP response PDU can be changed Only the source IP address field in the IP header and the SNMPv1 Agent Address field of the SNMP trap PDU can be changed To verify the configuration of the inter...

Page 387: ...r Unrestricted Trap Receivers Link Change Traps Enabled on Ports All All Excluded MIBs Snmp Response Pdu Source IP Information Selection Policy dstIpOfRequest Trap Pdu Source IP Information Selection...

Page 388: ...d blue team Manager Unrestricted red team Manager Unrestricted Trap Receivers Link Change Traps Enabled on Ports All All Trap Category Current Trap Configuration SNMP Authentication extended Password...

Page 389: ...leases sFlow was configured on the switch via SNMP using a single sFlow instance Beginning with software release K 11 34 sFlow can also be configured via the CLI for up to three distinct sFlow instanc...

Page 390: ...bles flow sampling for that instance The receiver instance number is 1 2 or 3 and the sampling rate is the allowable non zero skipcount for the specified port or ports To disable flow sampling for the...

Page 391: ...t has been configured Datagrams Sent shows the number of datagrams sent by the switch agent to the management station since the switch agent was last enabled Timeout displays thenumber of seconds rema...

Page 392: ...a specific receiver instance are assigned dynamically and so the instance numbers may not always match The key thing to note is whether sampling or polling is enabled on a port and the sampling rates...

Page 393: ...age 14 45 Enable or disable LLDP on the switch Enabled page 14 41 Change the transmit interval refresh interval for LLDP packets 30 seconds page 14 48 Change the holdtime multiplier for LLDP Packets h...

Page 394: ...capability and some configuration information In VoIP deployments using LLDP MED on the switches covered in this guide additional support unique to VoIP applications is also available Refer to LLDP M...

Page 395: ...s based telephone system having a common interface with the public switched telephone system and having multiple telephone lines common control units multiple telephone sets and control hardware and s...

Page 396: ...ocol and does not include any acknowledgement mechanism An LLDP enabled port receiving LLDP packets inbound from neighbor devices stores the packet data in a Neighbor database MIB LLDP MED This capabi...

Page 397: ...h active port enabled for outbound LLDP transmissions and receives LLDP advertisements on each active port enabled to receive LLDP traffic page 14 52 Per Port configuration options include four modes...

Page 398: ...Port Type3 6 N A Always Enabled Uses Local meaning assigned locally by LLDP Port Id6 N A Always Enabled Uses port number of the physical port In the switches covered in this guide this is an internal...

Page 399: ...play data collected on adjacent LLDP devices as well as the local data the switch is transmitting to adjacent LLDP devices page 14 45 Using an SNMP application that is designed to query the Neighbors...

Page 400: ...ID 1 and there is an IP address configured for the defaultVLAN thentheportadvertisesthisIPaddress Inthe defaultoperation the IP address that LLDP uses can be an address acquired by DHCP or Bootp You c...

Page 401: ...on on operation and configuration unique to LLDP MED refer to LLDP MED Media Endpoint Discovery on page 14 56 Viewing the Current Configuration Displaying the Global LLDP Port Admin and SNMP Notificat...

Page 402: ...eral LLDP Configuration Displays the LLDP global configuration LLDP port status and SNMP notification status For information on port admin status refer to Configuring Per Port Transmit and Receive Mod...

Page 403: ...configuration for all ports in port list including which optional TLVs and any non default IP address that are included in the port s outbound advertisements For information on the notification settin...

Page 404: ...nts received from other devices The switch preserves the current LLDP configuration when LLDP is disabled After LLDP is disabled the information in the LLDP neighbors database remains until it times o...

Page 405: ...ould result in a Time to Live of 30 seconds ProCurve config lldp holdtime multiplier 2 Changing the Delay Interval Between Advertisements Generated by Value or Status Changes to the LLDP MIB The switc...

Page 406: ...and SNMP notification are configured All of this can unnecessarily increase network traffic Extending the reinitialization Syntax setmib lldpTxDelay 0 i 1 8192 Uses setmib to change the minimum time d...

Page 407: ...les SNMP notification on ports 1 5 ProCurve config lldp enable notification 1 5 Syntax setmib lldpReinitDelay 0 i 1 10 Uses setmib to change the minimum time reinitialization delay interval an LLDP po...

Page 408: ...e generated in the specified interval only the first trap will be sent The remaining traps will be suppressed A network management application can periodically check the switch MIB to detect any misse...

Page 409: ...tbound LLDP advertisements for specific ports Syntax no lldp config port list ipAddrEnable ip address Replaces the default IP address for the port with an IP address you specify This can be any IP add...

Page 410: ...actual content port description TLV system name TLV system description TLV system capabilities TLV system capabilities Supported TLV subelement system capabilities Enabled TLV subelement port speed a...

Page 411: ...ts are supported on the switches covered in this guide to inform an LLDP endpoint and the switch port of each other s port speed and duplex configuration and capabilities Configuration mismatches betw...

Page 412: ...to both LLDP and LLDP MED operation LLDP MED benefits include plug and play provisioning for MED capable VoIP endpoint devices simplified vendor independent management enabling different IP telephony...

Page 413: ...LLDP MED on the switches coveredinthis guide interoperates with directly connected IP telephony endpoint clients having these features and services able to autonegotiate speed and duplex configuration...

Page 414: ...infrastructure devices such as switch to switch or switch to router links LLDP MED Endpoint Device Classes LLDP MED endpoint devices are by definition located at the network edge and communicate usin...

Page 415: ...s covered in this guide offer two configurable TLVs supporting MED specific capabilities medTlvEnable for per port enabling or disabling of LLDP MED opera tion medPortLocation for configuring per port...

Page 416: ...al on which the activity was detected For more in internal port numbers refer to Determining the Switch Port Number Included in Topology Change Notification Traps on page 14 78 the LLDP MED class of t...

Page 417: ...ort may use the data contained in the MED TLVs from the switch to configure itself However the lldp refresh interval setting default 30 seconds for transmitting advertisements can cause an unacceptabl...

Page 418: ...switch can be tagged or untagged However if the LLDP MED endpoint expects a tagged mem bership when the switch port is configured for untagged or the reverse then a configuration mismatch results Typ...

Page 419: ...bles or disables advertisement of the following TLVs on the specified ports device capability TLV configured network policy TLV configured location data TLV Refer to Configuring Location Data for LLDP...

Page 420: ...raffic Also this TLV cannot be enabled unless the capability TLV is already enabled For more information refer to Network Policy Advertisements on page 14 62 location_id This TLV enables the switch po...

Page 421: ...ed on the MED capable end point power value indicates the total power in watts that a switch port PSE can deliver at a particular time or the total power in watts that the MED endpoint PD requires to...

Page 422: ...new medPortLocation entry of any type on a port replaces any previously configured entry on that port civic addr COUNTRY STR WHAT CA TYPE CA VALUE CA TYPE CA VALUE CA TYPE CA VALUE This command enable...

Page 423: ...and organize the location data components in an understandable format for response personnel to interpret A civic addr command requires a minimum of one type value pair but typically includes multiple...

Page 424: ...e if a type value pair of 6 Atlantic to specify Atlantic as a street name is configured on port A5 and later another type value pair of 6 Pacific is configured on the same port then Pacific replaces A...

Page 425: ...unit or apartment 26 city subdivision 4 floor 27 street 6 room number 28 street suffix 18 The code assignments in this table are examples from a work in progress the internet draft titled Dynamic Host...

Page 426: ...data Figure 14 20 Example of a Civic Address Configuration Displaying Advertisement Data Command Page show lldp info local device below walkmib lldpXdot3LocPortOperMauType show lldp info remote device...

Page 427: ...mmand displays the global switch information and the per port information currently available for populating outbound LLDP advertisements With the port list option this command displays only the follo...

Page 428: ...by using an SNMP application You can also use the switch CLI to display thisinformation if necessary The following two commands provide methods for displaying speed and duplex information for switch...

Page 429: ...which they were discovered Multiple devices listed for a single port indicates that such devices are connected to the switch through a hub Discovering the same device on multiple ports indicates that...

Page 430: ...ered Devices Figure 14 24 Example of an LLLDP MED Listing of an Advertisement Received From an LLDP MED VoIP Telephone Source Indicates the policy configured on the telephone A configuration mismatch...

Page 431: ...LLDP neighbors detected since the last switch reboot Disconnecting then reconnecting a neighbor increments this counter Neighbor Entries Deleted Count Shows the number of neighbor deletions from the M...

Page 432: ...er to Neighbor Maximum on page 14 77 This can also be an indication of advertisement formatting problems in the neighbor device Frames Invalid Shows the total number of invalid LLDP advertisements rec...

Page 433: ...ch can support multiple neighbors connected through a hub on a given port but if the switch neighbor maximum is reached advertisements from additional neighbors on the same or other ports will not be...

Page 434: ...Neighbor Database After the Neighbor Is Disconnected After disconnecting a neighbor LLDP device from the switch the neighbor can continue to appear in the switch s neighbor database for an extended p...

Page 435: ...Neighbor Data With both LLDP and read only CDP enabled on a switch port the port can read both LLDP and CDP advertisements and stores the data from both types of advertisements in its neighbor databa...

Page 436: ...bility TLV However LLDP differentiates between what a device is capable of supporting and what it is actually supporting and separates the two types of information into subelements of the System Capab...

Page 437: ...bled1 n a Store inbound CDP data No forwarding of inbound CDP packets CDP Disabled n a NostorageofCDPdatafrom neighbor devices Floods inbound CDP packets from connected devices to outbound ports LLDP...

Page 438: ...e Switch s Current CDP Configuration CDP is shown as enabled disabled both globally on the switch and on a per port basis The following example shows the default CDP configuration Figure 14 28 Example...

Page 439: ...e for any CDP packets it receives from other neighboring CDP devices Syntax show cdp neighbors Lists the neighboring CDP devices the switch detects with a subset of the information collected from the...

Page 440: ...mpty CDP Neighbors table show cdp displays Global CDP information Enable CDP Yes No Enabling or Disabling CDP Operation on Individual Ports In the factory default configuration the switch has all port...

Page 441: ...cur 15 13 Consequences of Switchover 15 13 Resetting the Management Module 15 14 Hotswapping Management Modules 15 15 Hotswapping Out the Active Management Module 15 15 When the Standby Module is not...

Page 442: ...5 29 Boot Command 15 29 Setting the Default Flash for Boot 15 31 Reload Command 15 32 Additional Commands Affected by Redundant Management 15 34 Using the Web Browser for Redundant Management 15 36 Id...

Page 443: ...less downtime when updat ing software versions Not e The fabric modules are also redundant and can be enabled or disabled See Enabling and Disabling Fabric Modules on page 15 12 Terminology Redundant...

Page 444: ...e finishes booting and then brings up the interface modules and ports The standby module boots to a certain point syncs basic files such as the config and security files and only finishes booting if t...

Page 445: ...us of both the management and fabric redundant modules using this command An example of the output for the show redundancy command is seen in Figure 15 1 New Redundant Management Commands Page redunda...

Page 446: ...Standby K 12 XX Primary 1 ProCurve J9093A F2 Fabric Module 8200zl Enabled 2 ProCurve J9093A F2 Fabric Module 8200zl Enabled Syntax no redundancy management module Allows enabling or disabling of redu...

Page 447: ...t down a management module that is not functioning correctly without physically removing the module However removing the management module is the recommended method ProCurve config redundancy manageme...

Page 448: ...command is shown in Figure 15 4 ProCurve config no redundancy management module The other management module will no longer be used for system redundancy except in the case of a hardware failure of the...

Page 449: ...ting Primary Software Image Standby Console Syntax redundancy active management standby management module1 management module2 The specified module becomes the active management module at the next syst...

Page 450: ...nfiguration files haven t been synchronized if redundancy has been disabled An example of making the offline management module become the standby management module when redundancy is disabled is shown...

Page 451: ...ndby On the next system boot the standby will become active Redundancy and Synchronization have been disabled so it will not have current configurations ProCurve Switch 8200zl config boot The other ma...

Page 452: ...of Disabling a Fabric Module Syntax redundancy fabric module 1 2 enable disable Allows enabling or disabling of fabric modules You cannot have both fabric modules disabled at the same time Default Bo...

Page 453: ...d There is a hardware failure on the active management module In all of these cases the standby management module takes control and performs the actual switchover The reason for the switchover is ente...

Page 454: ...nagement module is notified immediately It then takes over and becomes the active management module If the MM Reset button is pressed on the standby management module that module reboots but no other...

Page 455: ...e hotswapped out press the MM Shut down button It is located between the Module Operation and Component Status LEDs See Figure 15 9 Figure 15 9 The MM Shutdown Button 2 The Dwn LED to the right of the...

Page 456: ...anagement module However these conditions must be met to determine if the hotswapped module can become a standby management module The hotswapped module must pass selftest Redundancy is not administra...

Page 457: ...formation about testing new software versions After installing the new software to the active management module wait a few minutes and then verify that the standby module has been synchronized with th...

Page 458: ...e unless redundancy has been disabled If the standby management module is rebooted it will be running a different software version than the active management module You can direct the standby module t...

Page 459: ...oftware version See Software Version Mismatch Between Active and Hotswapped Module on page 15 16 for more information Additionally if a switchover occurs or if you reboot to make the standby module be...

Page 460: ...ttings Mgmt Redundancy Enabled Statistics Failovers 0 Last Failover Slot Module Description Status SW Version Boot Image 1 ProCurve J9092A Management Module 8200zl Active K 12 30 Primary 2 ProCurve J9...

Page 461: ...written by the software version in the active management module Both management modules should now be operating on the same software version Turning Off Redundant Management Disabling Redundancy with...

Page 462: ...one management module in the switch and then you insert a second management module the second module will never go into standby mode You must re enable redundant management using this command ProCurv...

Page 463: ...es Command on an 8200zl Series Switch ProCurve config show modules Status and Counters Module Information Chassis 8212zl J9091A Serial Number LP711BX00Z Slot Module Description Serial Number Status 1...

Page 464: ...ings Mgmt Redundancy enabled Statistics Failovers 0 Last Failover Slot Module Description Status SW Version Boot Image 1 ProCurve J9092A Management Module 8200zl Standby K 12 XX Primary 2 ProCurve J90...

Page 465: ...redundancy is disabled the output of the show version command changes as shown in Figure 15 17 Figure 15 17 Example of show version Command when Redundancy is Disabled ProCurve config show version Man...

Page 466: ...ProCurve Switch 8200zl config show log Keys W Warning I Information M Major D Debug Event Log listing Events Since Boot M 01 26 14 17 34 07 sys System reboot due to Power Failure I 01 26 14 17 34 07...

Page 467: ...Settings Mgmt Redundancy Enabled Statistics Failovers 1 Last Failover Mon Sep 26 09 50 40 2005 Slot Module Description Status SW Version Boot Image 1 ProCurve J9092A Management Module 8200zl Active K...

Page 468: ...s only shows the running version of software on the standby management module Figure 15 21 Example of Show Version Command for Standby Module Standby Console show version Image stamp sw code build btm...

Page 469: ...mode for example it is in failed mode or offline mode switchover to the standby module does not occur The system is rebooted This message displays The other management module is not in standby mode an...

Page 470: ...nt in the switch the system is rebooted Boot standby Bootsthestandbymanagementmodule Theswitchdoesnot switchover If the standby module is not present this message displays The other management module...

Page 471: ...15 24 shows an example of the output when the command is used to set the boot default to secondary flash ProCurve config boot set default flash secondary This command changes the location of the defa...

Page 472: ...command is a warm reboot it skips the Power on Self Test routine ProCurve config show flash Image Size Bytes Date Version Build Primary Image 7463821 03 05 07 K 12 XX 351 Secondary Image 7463821 03 05...

Page 473: ...versions of this command do not display a prompt to save configuration file changes the changes are lost on the scheduled reload ProCurve config reload This command will cause a switchover to the oth...

Page 474: ...hen no parameter is specified with the copy crash data or copy crash log command files from all modules management and interface are concatenated See Crash Files on page 15 42 Note If redundancy is di...

Page 475: ...e standby module log Log messages from a formerly active management module are available on the current active management module after a switchover password set or clear Affects only the active manage...

Page 476: ...his guide Online Help is available for the web browser interface You can use it by clicking on the question mark button in the upper right corner of any of the web browser interface screens Identity P...

Page 477: ...nagement module The SystemUp Time since the last reboot Figure 15 27 Overview Page Showing the SystemUp Time for Both Management Modules Redundancy Status Page The Redundancy Status tab is visible onl...

Page 478: ...representation of the switch Select the Configuration tab and then the Device View button The information displayed includes Fabric modules Interface modules System Support module LEDs and the status...

Page 479: ...dundancy Switch 8212zl Using the Web Browser for Redundant Management Figure 15 29 Device View Showing Two Management Modules 3500 5400 6200 8200 MCG Jan08 K_13_01 book Page 39 Monday January 28 2008...

Page 480: ...uide for your switch for more information about LEDs Figure 15 30 The Actv LED on the Management Module Standby Led Behavior To be completed Table 15 2 Actv Active LED Behavior for Management Modules...

Page 481: ...Selftest I 01 26 14 17 36 19 00068 chassis Fabric 1 Inserted I 01 26 14 17 36 19 00068 chassis Fabric 2 Inserted I 01 26 14 17 36 19 00068 chassis Slot D Inserted I 01 26 14 17 36 19 00690 udpf DHCP r...

Page 482: ...If no parameter is specified files from all modules management and interface are concatenated slot id retrieves the crash log from the module in the specified slot mm retrieves the crash logs from bot...

Page 483: ...ost recent first Mgmt Module 1 in Active Mode went down 11 07 05 14 48 36 Operator warm reload from CONSOLE session Mgmt Module 1 in Active Mode went down 11 07 05 11 43 10 Operator cold reboot from C...

Page 484: ...decision process works as follows 1 If there is only one management module that is the active management module 2 If one module is already booted and operational a newly inserted module or the other...

Page 485: ...nly one module was active on last boot Only one module was on standby last boot Module in lowest slot becomes active Switch fails to boot Module passing selftest becomes active Module 1 becomes active...

Page 486: ...anagement module is the active management module RMON_SYSTEM_MGMT_MOD_ACTIVE 9 Mgmt Module 1 or 2 in Standby Mode info The specified management module is in standby mode RMON_SYSTEM_MGMT_MOD_STANDBY 1...

Page 487: ...eothermoduleand it has gone offline RMON_SYSTEM_MGMT_INCOMPAT_OS 19 Other management module is not in standby shutdown request ignored warn A shutdown request is ignored because the standby module is...

Page 488: ...le s flash image to the standby management module RMON_SYSTEM_SYNC_BEGIN 25 Initial active to standby sync complete info Indicates the end of the initial synchronization of theactivemanagementmodule s...

Page 489: ...NIX Workstation A 15 Menu Xmodem Download to Primary Flash A 16 CLI Xmodem Download from a PC or UNIX Workstation to Primary or Secondary Flash A 17 Using USB to Transfer Files to and from the Switch...

Page 490: ...ile from a Serially Connected PC or UNIX Workstation A 30 USB Uploading an ACL Command File from a USB Device A 31 Copying Diagnostic Data to a Remote Host USB Device PC or UNIX Workstation A 32 Copyi...

Page 491: ...Switch Software ProCurve periodically provides switch software updates through the ProCurve Networking web site For more information refer to the support and warranty booklet shipped with the switch...

Page 492: ...ad a new image to primary flash Refer to Restoring a Flash Image on page C 80 Using TFTP To Download Switch Software from a Server This procedure assumes that A software version for the switch has bee...

Page 493: ...E for Edit 3 Ensure that the Method field is set to TFTP the default 4 In the TFTP Server field type in the IP address of the TFTP server in which the software file has been stored 5 In the Remote Fi...

Page 494: ...ftware the new image is always stored in primary flash Also using the Reboot Switch command in the Main Menu always reboots the switch from primary flash Rebooting the switch from the CLI gives you mo...

Page 495: ...itch s IP configuration parameters are incorrect For a UNIX TFTP server the file permissions for the software file do not allow the file to be copied Another console session through either a direct co...

Page 496: ...mory and the boot commands refer to Using Primary and Secondary Flash Image Options on page 6 14 Not e If you use auto tftp to download a new image in a redundant management system the active manageme...

Page 497: ...nditconnectstoastandaloneTFTPserveroranotherProCurveswitchacting as a TFTP server to obtain the software image file s Using SCP and SFTP allows you to maintain your switches with greater security You...

Page 498: ...on the switch 2 Execute ip ssh filetransfer to tell the switch that you want to enable secure file transfer 3 Use a third party client application for SCP and SFTP commands The SCP SFTP Process To use...

Page 499: ...face or an SNMP application Auto TFTP is disabled by default and must be configured through the CLI ProCurve config ip ssh filetransfer Tftp and auto tftp have been disabled ProCurve config sho run Ru...

Page 500: ...consistent value message An SNMP management application cannot be used to enable or disable auto TFTP ToenableSFTP by usinganSNMPmanagementapplication youmustfirst disable TFTP and if configured auto...

Page 501: ...file transfer ProCurve config no ip ssh filetransfer Syntax no tftp enable This command disables all TFTP operation on the switch except for the auto TFTP feature To re enable TFTP operation use the...

Page 502: ...refer to the documentation provided with the utility you select before performing this process SCP SFTP Operating Notes When an SFTP client connects the switch provides a file system display ing all o...

Page 503: ...is no longer necessary Using Xmodem to Download Switch Software From a PC or UNIX Workstation This procedure assumes that The switch is connected via the Console RS 232 port to a PC operating as a ter...

Page 504: ...path and name in the Filename field c In the Protocol field select Xmodem d Click on the Send button The download will then commence It can take several minutes depend ing on the baud rate set in the...

Page 505: ...me in the Filename field c In the Protocol field select Xmodem d Click on the Send button The download can take several minutes depending on the baud rate used in the transfer 3 When the download fini...

Page 506: ...ns only the first partition is supported Devices with secure partitions are not supported If they already exist on the device sub directories are supported When specifying a filename you must enter ei...

Page 507: ...ch finishes copying the software file from the USB device it displays this progress message Validating and Writing System Software to the Filesystem 3 When the copy finishes you must reboot the switch...

Page 508: ...select 7 Download OS screen 2 Ensure that the Method parameter is set to TFTP the default 3 In the TFTP Server field enter the IP address of the remote switch contain ing the software file you want to...

Page 509: ...ons for this CLI feature include Copy from primary flash in the source to either primary or secondary in the destination Copy from either primary or secondary flash in the source to either primary or...

Page 510: ...sh in Destination Using PCM to Update Switch Software ProCurve Manager Plus includes a software update utility for updating on ProCurve switch products For further information refer to the Getting Sta...

Page 511: ...opied Xmodem Copying a Software Image from the Switch to a Serially Connected PC or UNIX Workstation To use this method the switch must be connected via the serial port to a PC or UNIX workstation For...

Page 512: ...or replace an ACL in the switch configuration Not e For greater security you can perform all TFTP operations using SFTP as described in the section on Using Secure Copy and SFTP on page A 9 Syntax cop...

Page 513: ...ory on drive d in a remote host having an IP address of 10 28 227 105 ProCurve copy tftp startup config 10 28 227 105 d configs sw8200 Syntax copy startup config running config tftp ip addr remote fil...

Page 514: ...erminal emulator commands to begin the file transfer Xmodem Copying a Configuration File from a Serially Connected PC or UNIX Workstation To use this method the switch must be connected via the serial...

Page 515: ...itch on page 6 19 Syntax copy xmodem startup config pc unix copy xmodem config filename pc unix Copies a configuration file from a serially connected PC or UNIX workstation to a designated configurati...

Page 516: ...me of the file to copy For example to copy a configuration file from a USB device to the switch 1 Insert a USB device into the switch s USB port 2 Execute the following command where procurve config i...

Page 517: ...isting ACL 2 Copied the file to a TFTP server at 18 38 124 16 Syntax copy tftp command file ip addr filename txt unix pc where ip addr The IP address of a TFTP server available to the switch filename...

Page 518: ...n the file it bypasses the illegal command displays a notice as shown in figure A 10 and continues to implement the remaining ACL commands in the file Figure A 10 Example of Using the Copy Command to...

Page 519: ...g ACL Refer to Creating an ACL Offline in the Access Control Lists ACLs chapter in the latest Access Security Guide for your switch Adds to an existing ACL Syntax copy usb command file filename txt un...

Page 520: ...station You can use the CLI to copy the following types of switch data to a text file in a destination device Command Output Sends the output of a switch CLI command as a file on the destination devic...

Page 521: ...and tftp ip address filepath filename copy command output cli command usb filename copy command output cli command xmodem These commands direct the displayed output of a CLI command to a remote host a...

Page 522: ...mulator Syntax copy crash data slot id master tftp ip address filename copy crash data slot id master usb filename copy crash data slot id master xmodem where slot id a h and retrieves the crash log o...

Page 523: ...module in the specified slot mm retrieves the crash data from both management modules and concatenates them Syntax copy crash log slot id master tftp ip address filepath and filename copy crash log sl...

Page 524: ...ter and start the Xmodem command sequence in your terminal emulator Syntax copy crash log slot id mm tftp ip address filename Copies both the active and standby management modules crash logs to a user...

Page 525: ...T 13 01 or greater The network management application ProCurve Manager Plus PCM PCM is required to create a valid AutoRun file and view the results after the file has been executed on the switch A non...

Page 526: ...switch to apply any configuration updates 7 Optional Transfer the result file and report file to a PCM enabled computer for report checking See Troubleshooting Autorun Opera tions on page A 39 Securit...

Page 527: ...for details The status files will not include any records of post commands that may have been executed after the USB flash drive was removed from the switch Color State Meaning Green Slow Blinking Swi...

Page 528: ...tion to install a valid key pair for signing the result files that are generated during autorun operations The key pair can be generated on the switch using the crypto key generate autorun rsa command...

Page 529: ...ertificate file and or the other key files the files must be in PEM format Autorun and Configuring Passwords When an operator or manager password is configured on a switch autorun will be disabled aut...

Page 530: ...autorun command displays autorun configuration status information as shown in the following example ProCurve config show autorun Autorun configuration status Enabled Yes Secure mode Disabled Encryptio...

Page 531: ...13 Web Access B 13 Viewing Port and Trunk Group Statistics and Flow Control Status B 14 Menu Access to Port and Trunk Statistics B 15 CLI Access To Port and Trunk Group Statistics B 16 Web Browser Ac...

Page 532: ...eference to Local Mirroring Set Up B 40 Quick Reference to Remote Mirroring Set Up B 41 1 Determine the Mirroring Session Identity and Destination B 44 2 Configure the Remote Mirroring Session on Dest...

Page 533: ...CL for Mirroring Criteria B 69 Remote Mirroring Destination Using a Port Interface and Directional Mirroring Criteria B 71 Maximum Supported Frame Size B 73 Enabling Jumbo Frames To Increase the Mirro...

Page 534: ...vents Using the Event Log for Troubleshooting Switch Problems on page C 27 Alert Log Lists network occurrences detected by the switch in the Status Overview screen of the web browser interface page 5...

Page 535: ...ription for each slot in which a module is installed B 11 Port Status Menu CLI Web Displays the operational status of each port B 13 Port and Trunk Statistics and Flow Control Status Menu CLI Web Summ...

Page 536: ...nd Counters menu by select ing 1 Status and Counters Figure B 1 The Status and Counters Menu Each of the above menu items accesses the read only screens described on the following pages Refer to the o...

Page 537: ...sole Main Menu select 1 Status and Counters 1 General System Information Figure B 2 Example of General Switch Information This screen dynamically indicates how individual switch resources are being us...

Page 538: ...m information and operational parameters for the switch information Displays global system information and operational parameters for the switch power supply Shows chassis power supply and settings te...

Page 539: ...ounters General System Information System Name ProCurve Switch 2900yl 24G System Contact System Location MAC Age Time sec 300 Time Zone 0 Daylight Time Rule None Software revision T 13 XX Base MAC Add...

Page 540: ...both the statically configured VLANs and any dynamic VLANs existing on the switch as a result of GVRP operation Also the switches covered in this guide use a multiple forwarding database When using mu...

Page 541: ...which slots have modules installed and which type s of modules are installed Menu Displaying Port Status From the Main Menu select 1 Status and Counters 3 Module Information Figure B 6 Example of Mod...

Page 542: ...oCurve J9092A Management Module 8200zl 111111111111 Active 2 ProCurve J9092A Management Module 8200zl 222222222222 Standby 1 ProCurve J9093A F2 Fabric Module 8200zl 1234SSN Enabled 2 ProCurve J9093A F...

Page 543: ...e port status data Menu Displaying Port Status From the Main Menu select 1 Status and Counters 4 Port Status Figure B 8 Example of Port Status on the Menu Interface CLI Access Syntax show interfaces b...

Page 544: ...can also reset the counters to zero for the current session This is useful for troubleshooting Refer to the Note On Reset below N o t e o n R e s e t The Reset action resets the counter display to zer...

Page 545: ...view details about the traffic on a particular port use the v key to highlight that port number then select Show Details For example selecting port A2 displays a screen similar to figure B 10 below F...

Page 546: ...ters for a specific port click anywhere in the row for that port then click on Refresh Not e To reset the port counters to zero you must reboot the switch Syntax show interfaces This command provides...

Page 547: ...per VLAN listing includes The MAC addresses that the switch has learned from network devices attached to the switch The port on which each MAC address was learned 1 From the Main Menu select 1 Status...

Page 548: ...press S forSearch todisplaythefollowing prompt Enter MAC address _ 2 Type the MAC address you want to locate and press Enter The address and port number are highlighted if found If the switch does no...

Page 549: ...for MAC addresses then press Enter to list the MAC addresses detected on that port Determining Whether a Specific Device Is Connected to the Selected Port Proceeding from step 2 above 1 Press S for S...

Page 550: ...the learned MAC address on ports A1 through A4 and port A6 ProCurve show mac address a1 a4 a6 To List All Learned MAC Addresses on a VLAN with Their Port Numbers This command lists the MAC addresses a...

Page 551: ...idge Figure B 14 Output from show spanning tree Command Syntax show spanning tree This command displays the switch s global and regional spanning tree status plus the per port spanning tree operation...

Page 552: ...e of IGMP Group Data Show Command Output show ip igmp GlobalcommandlistingIGMPstatusforallVLANsconfigured in the switch VLAN ID VID and name Active group addresses per VLAN Number of report and query...

Page 553: ...the above VLANs Listing the VLAN ID VID and Status for ALL VLANs in the Switch Figure B 16 Example of VLAN Listing for the Entire Switch Show Command Output show vlan Lists Maximum number of VLANs to...

Page 554: ...c Ports Figure B 17 Example of VLAN Listing for Specific Ports Listing Individual VLAN Status Figure B 18 Example of Port Listing for an Individual VLAN Because ports A1 and A2 are not members of VLAN...

Page 555: ...indicating the network utili zation on each of the switch ports symbolic port status indicators and the Alert Log which informs you of any problems that may have occurred on the switch For more infor...

Page 556: ...4 byte IPv4 header to mirrored frames For more on these topics including the jumbo and non jumbo frame size limits refer to Maximum Supported Frame Size on page B 73 Intelligent Mirroring supports des...

Page 557: ...ress used as mirroring criteria to select packets in inbound and or outbound traffic on specified inter faces Terminology Destination For a given local mirroring session on a switch this is the exit p...

Page 558: ...tch A switch configured to mirroring inbound and or outbound traffic to a destination on the same local switch or to a destination on a remote switch This is the switch on which mirrored traffic origi...

Page 559: ...roring traffic to that destination In the case of remote mirroring which uses IPv4 encapsulation if the intended exit switch is not already configured as the destination for that session its performan...

Page 560: ...port or static trunk list mesh VLAN or MAC address A mirroring source and a mirroring destination comprise a given mirroring session For any session the destination must be a single exit port It cann...

Page 561: ...l Monitor Traffic Direction CLI Config Menu and Web I F Config1 SNMP Config VLAN all traffic inbound only out bound only or both directions inbound and outbound combined inbound only out bound only or...

Page 562: ...smustbeProCurveswitchesthatsupportthemirroringfunctions described in this chapter However because remote mirroring on your ProCurve switch uses IPv4 encapsulation of mirrored traffic to remote desti n...

Page 563: ...ce Limits The Menu and Web interfaces can be used to quickly configure or reconfigure local mirroring on session 1 and allow one of the following two mirroring source options any combination of source...

Page 564: ...ort Figure B 20 The Default Network Mirroring Configuration Screen 2 In the Actions menu press E for Edit 3 If mirroring is currently disabled for session 1 the default then enable it by pressing the...

Page 565: ...bar to select the interfaces to mirror Ports Use for mirroring ports static trunks or the mesh VLAN Use for mirroring a VLAN 7 Do one of the following If you are mirroring ports static trunks or the m...

Page 566: ...mirrored Use the down arrow key to move from one interface to the next in the Action column If the mesh or any trunks are configured they will appear at the end of the port listing 10 When you finish...

Page 567: ...ip src udp port dst ip port B 44 Configuring a Local Destination on a Session Source Switch mirror 1 4 name name str port port B 46 Configuring a Remote Destination on a Session Source Switch mirror...

Page 568: ...subnet IP address on the destination switch random UDP port number for the session 7933 65535 exit port on destination switch Must belong to the same VLAN as the port through which the remotely mirror...

Page 569: ...umeric name exitport Thiscanbeanyportonthe switchexceptamirroringsource port 2 Use mirror 1 4 name name str port port to configure the session 3 Determine the traffic to be filtered by any of the foll...

Page 570: ...B 54 The name str option applies only if the specified mirroring session has already been configured with the name name str option in the mirror command The no form of the command removes the port tr...

Page 571: ...and destination are on different switches For each mirroring source switch option The mirror command identifies the destination for the mirroring session The interface and vlan commands identify the i...

Page 572: ...or Trunk Mirroring on a Source Switch Directional Criteria Selects Traffic To Mirror Page B 50 Inbound ACL Criteria Selects Traffic To Mirror Page B 54 The name str option applies only if the specifie...

Page 573: ...matically configures or removes mirroring for inbound and outbound traffic from the specified VLAN or port s to the destination configured for session 1 To Configure or Remove MAC based Mirroring on a...

Page 574: ...numbers in the range of 1 to 65535 UDP port numbers below 7933 are reserved for various IP applications Using them for mirroring can result in disrupting other IP functions and can also result in non...

Page 575: ...ndpoint support for the configured session on the remote destination switch Caution Mirroring endpoint support for a given session should not be removed if there are any remote source switches current...

Page 576: ...rroring Session Identity and Destination on page B 44 port Exit port for mirrored traffic from the specified session This is the port to which a traffic analyzer or IDS should be connected Syntax mirr...

Page 577: ...ction to configure the source switch for that same session port port Exit port for mirrored traffic from the specified session This is the port to which a traffic analyzer or IDS should be connected S...

Page 578: ...are reserved for various IP applications Using them for mirroring can result in disrupting other IP functions and can also result in non mirrored traffic received on the destination switch being sent...

Page 579: ...ic type inbound only MAC address source and or destination Mirroring Source Limits For a given mirroring session you can configure any one of the following mirroring source options multiple ports trun...

Page 580: ...specifies the port trunk and or mesh source s to use the direction of traffic to mirror and the session identifier The no form of the command removes a mirroring source assigned to the session but doe...

Page 581: ...ts on configuring mirroring sources to a given session refer to Mirroring Source Limits on page B 49 1 4 Assigns a numeric session identifier to associate with the traffic selected for mirroring by th...

Page 582: ...removes a mirroring source assigned to the session but does not remove the session itself This enables you to repurpose a session by removing an unwanted mirroring source and adding another in its pl...

Page 583: ...ket matching a deny statement including the explicit deny at the end of every ACL will not be mirrored Any log keywords in ACL deny statements are ignored by the mirroring function If both a mirrored...

Page 584: ...o permit or deny the IP traffic Syntax no interface port trunk mesh monitoripaccess group acl name in mirror 1 4 name str 1 4 name str 1 4 name str 1 4 name str This command assigns a mirroring source...

Page 585: ...he session must have been previously configured Refer to 3 Configure the Mirroring Session on the Source Switch on page B 46 Depending on how many sessions are already configured on the switch you can...

Page 586: ...epurpose a a session by removing an unwanted mirroring source and adding another in its place vlan vid Configures the VLAN on which inbound traffic is filtered and mirrored by the specified ACL monito...

Page 587: ...inued from Previous Page mirror 1 4 name str Assigns the traffic defined by the interface to a session by number or if configured by name The session must have been previously configured Refer to 3 Co...

Page 588: ...ror 1 4 name str 1 4 name str 1 4 name str 1 4 name str Use this command to configure a source and or destination MAC address as criteria for selecting traffic in one or more mirroring sessions on the...

Page 589: ...C address to a previously configured mirroring session The session is identified by a number or if configured a name Depending on how many sessions are configured on the switch you can use the same co...

Page 590: ...a source MAC address and only once as a destination MAC address to filter mirrored traffic For example after you enter the following commands monitor mac 111111 222222 src mirror 1 monitor mac 111111...

Page 591: ...gured Only the destination has been configured the mirroring source is not configured not defined Mirroring is not configured for this session Type Indicates whether the mirroring session is local por...

Page 592: ...iven mirroring session identifies the exit port on the destination switch Syntax show monitor ProCurve show monitor Network Monitoring Sessions Status Type Sources ACL 1 active port 1 yes 2 active mac...

Page 593: ...LAN or subnet on which the traffic source exists For a given mirroring session this value should be the same on the source and destination switches UDP port The unique UDP port number identifying a gi...

Page 594: ...e should be the same on the source and destination switches UDP port The unique UDP port number identifying a given mirroring session For a given mirroring session this value should be the same on the...

Page 595: ...selected interface indicates whether mirrored traffic is entering the switch in leaving the switch out or both Syntax show monitor 1 4 name name str ProCurve config mirror 2 name test 10 remote ip 10...

Page 596: ...traffic on port B1 Send the mirrored traffic to exit port B3 For the above configuration show monitor 1 produces the following output Figure B 28 Example of Output for a Local Mirroring Session ProCur...

Page 597: ...rroring Configuration ProCurve config show run Running configuration J8697A Configuration Editor Created on release K 12 XX max vlans 300 ip access list extended 100 10 permit icmp 0 0 0 0 255 255 255...

Page 598: ...e configured In this case the command sequence is 1 Configure the local mirroring session 2 Assign a mirroring source to the session Figure B 31 Example of a Local Mirroring Topology Figure B 32 Examp...

Page 599: ...nation interface on switch D Use a randomly selected UDP port number of 9300 For information on selecting UDP port numbers to use for remote mirroring refer to the syntax description on page B 45 You...

Page 600: ...Please configure destination switch first Do you want to continue y n y Switch A config access list 100 permit tcp any host 10 10 30 153 eq telnet Switch A config vlan 10 monitor ip access group 100...

Page 601: ...UDP port number will be needed Note that the port on which the mirrored traffic for this example enters switch D port A20 must be in the same VLAN as the configured exit port for Traffic Analyzer 2 wh...

Page 602: ...Refer to the Note on page B 71 If you need information on selecting UDP port numbers to use for remote mirroring refer to the syntax description on page B 45 Figure B 38 Example of Configuring Remote...

Page 603: ...r of dropped frames by enabling jumbo frames on all intermediate switches and routers The maximum transmission unit MTU on the switches covered by this manual is 9220 bytes for frames having an 802 1Q...

Page 604: ...n untagged mirrored frames leaving the source switch cannot exceed 9216 bytes Frame Type Configuration Maximum Frame Size VLAN Tag FrameMirrored to Local Port Frame Mirrored to Remote Port Data Data I...

Page 605: ...a mirrored port the mirrored copy retains the tagged or untagged state the original frame carried when it entered into or exited from the switch The tagged or untagged VLAN membership of ports in the...

Page 606: ...plicate mirrored frames in configurations where the port connecting the switch to the network path for mirroring to a destination is also a port whose inbound or outbound traffic is being mirrored For...

Page 607: ...IP address must be identical to their counterparts in the mirror endpoint command configured on the destination switch The configured exit port must not be a member of a trunk or mesh If the destinati...

Page 608: ...off Locate a device by using the blue Locate LED on the front panel blink 1 1440 Blinks the chassis Locate LED for a selected number of minutes default is 30 minutes on 1 1440 Turns the chassis Locat...

Page 609: ...1X Related Problems C 15 QoS Related Problems C 18 Radius Related Problems C 18 Spanning Tree Protocol MSTP and Fast Uplink Problems C 19 SSH Related Problems C 20 TACACS Related Problems C 22 TimeP S...

Page 610: ...1 Logging Command C 52 Configuring a Syslog Server C 53 Configuring the Severity Level for Event Log Messages Sent to a Syslog Server C 56 Configuring the System Module Used to Select the Event Log Me...

Page 611: ...itch Configuration and Operation Details C 73 CLI Administrative and Troubleshooting Commands C 75 Traceroute Command C 76 Restoring the Factory Default Configuration C 79 CLI Resetting to the Factory...

Page 612: ...ts and other potential hardware related problems refer to the Installation Guide you received with the switch Not e ProCurve periodically places switch software updates on the ProCurve Networking web...

Page 613: ...nce to the relevantIEEE802 3specification RefertotheInstallation Guideshipped with the switch for correct cable types and connector pin outs Use ProCurve Manager to help isolate problems and recommend...

Page 614: ...the DHCP Bootp server configuration to verify correct IP addressing If you are using DHCP to acquire the IP address for the switch the IP address lease time may have expired so that the IP address ha...

Page 615: ...ation screen of the menu interface 2 Switch Configuration 1 System Information The switch may not have the correct IP address subnet mask or gateway Verify by connecting a console to the switch s Cons...

Page 616: ...y be due to redundant links between nodes If you are configuring a port trunk finish configuring the ports in the trunk before connecting the related cables Otherwise you may inad vertently create a n...

Page 617: ...work Iftheswitchdoes not receive a reply to its DHCP Bootp requests it continues to periodically sendrequestpackets butwith decreasing frequency Thus ifa DHCP or Bootp server is not available or acces...

Page 618: ...ies assigned ACLs only at the point where traffic enters or leaves the switch on a VLAN Ensure that you have correctly applied your ACLs in and or out to the appropriate VLAN s The switch does not all...

Page 619: ...ch does not allow any routed access from a specific host group of hosts or subnet The implicit deny any function that the switch automatically applies as the last entry in any ACL may be blocking all...

Page 620: ...t includes a gateway address can block traffic attempting to use the gateway as a next hop Remote Gateway Case For example configuring ACL 101 below and applying it outbound on VLAN 1 in Figure C 4 in...

Page 621: ...the switch as a gateway for traffic you want routedbetweensubnets usethesegeneralstepstoavoidblockingthegateway for authorized applications 1 Configure gateway security first for routing with specific...

Page 622: ...address is configured Using the Switch Console Interface From the Main Menu check the Management Address Information screen by clicking on 1 Status and Counters 2 Switch Management Address Information...

Page 623: ...ify that the switch is using the correct encryption key RADIUS secret key for each server Verify that the switch has the correct IP address for each RADIUS server Ensure that the radius server timeout...

Page 624: ...s listing shows multiple ports with the same authenticator MAC address The link to the authenticator may have been moved from one port to another without the supplicant statistics having been cleared...

Page 625: ...as port security or any 802 1X configura tion on the RADIUS server are not blocking the link The authorized MAC address on a port that is configured for both 802 1X and port security either changes or...

Page 626: ...IUS server Verify that the switch is using the correct encryption key for the desig nated server Verify that the switch has the correct IP address for the RADIUS server Ensure that the radius server t...

Page 627: ...when there are physical loops redundant links in the topology Where this exists you should enable MSTP on all bridging devices in the topology in order for the loop to be detected STP Blocks a Link i...

Page 628: ...nd has become the root device due to a failure in the original root device SSH Related Problems Switch access refused to a client Even though you have placed the client s public key in a text file and...

Page 629: ...ges Download failed overlength key in key file Download failed too many keys in key file Download failed one or more keys is not a valid RSA public key The public key file you are trying to download h...

Page 630: ...nfiguration to flash then pressing the Reset button or cycling the power reboots the switch with the boot up configuration Disconnect the switch from network access to any TACACS servers and then log...

Page 631: ...ccount The time quota for the account has been exhausted The time credit for the account has expired The access attempt is outside of the time frame allowed for the account The allowed number of concu...

Page 632: ...as the traffic from the monitored ports the traffic output from the monitor port is untagged If the monitor port is not a member of the same VLAN as the traffic from the monitored ports traffic from t...

Page 633: ...other switch If the other device sends traffic over multiple VLANs its MAC address will consistently appear in multiple VLANs on the switch port to which it is linked Note that attempting to create re...

Page 634: ...otects the switch from possible overheating ProCurve recommends that you replace a failed fan tray assembly within one minute of removing it Server 8212zl Switch Multiple Forwarding Database Switch wi...

Page 635: ...witch is interrupted or if you enter the boot system command The contents of the Event Log are not erased if you Reboot the switch by choosing the Reboot Switch option from the menu interface Enter th...

Page 636: ...curitythatallowsLANaccessonlyonportson which a single 802 1X capable client supplicant has entered valid RADIUS user credentials Access Security Guide acl Access Control Lists ACLs Filter layer 3 IP t...

Page 637: ...Getting Started Guide cos Class of Service CoS Provides priority handling of packets traversingtheswitch basedontheIEEE802 1pprioritycarried by each packet CoS messages also include Quality of Service...

Page 638: ...rol access to switch Advanced Traffic Management Guide igmp Internet Group Management Protocol Reduces unnecessary bandwidth usage for multicast traffic transmitted from multimedia applications on a p...

Page 639: ...rotect Loop protection Detects the formation of loops when an unmanaged device on the network drops spanning tree packets andprovidesprotectionbytransmittingloopprotocol packets out ports on which loo...

Page 640: ...rface VLAN boundaries Multicast and Routing Guide ports Port status and port configuration features including mode speed and duplex flow control broadcast limit jumbo packets and security settings Por...

Page 641: ...16 of switches in thesameIPsubnet broadcastdomain resultinginareduced number of IP addresses and simplified management of small workgroups for scaling your network to handle increased bandwidth demand...

Page 642: ...cation A port based VLAN creates a layer 2 broadcast domain comprised of member ports that bridge IPv4 traffic among themselves A protocol based VLAN creates a layer 3 broadcast domain for traffic of...

Page 643: ...02 52 CONSOLE MANAGER MODE M 10 25 07 16 30 02 sys Operator cold reboot from CONSOLE session I 10 25 07 17 42 51 00061 system I 10 25 07 17 42 51 00063 system System went down 10 25 07 16 30 02 I 10 2...

Page 644: ...ces the display by one page next page P Rolls back the display by one page previous page v Advances display by one event down one line Rolls back display by one event up one line E Advances to the end...

Page 645: ...record how many times it detects duplicates of a particular event since the last system reboot When the first instance of a particular event or condition generates a message the switch initiates a log...

Page 646: ...witch to support PIM operation but do not configure an IP address If PIM attempted to use VLAN 100 the switch would generate the first instance of the following Event Log message and counter Figure C...

Page 647: ...s similar to the following Figure C 3 Example of Log Messages Generated by Unrelated Events of the Same Type W 10 01 06 09 00 33 PIM No IP address configured on VID 100 1 W 10 01 06 09 28 42 PIM No IP...

Page 648: ...og once for each log throttle period for the event being described and the Duplicate Message Counter would increment as shown in table C 4 The same operation would apply for messages sent to any confi...

Page 649: ...owing event types ACL deny matches Dynamic ARP protection events DHCP snooping events Events recorded in the switch s Event Log IP routing events LLDP events Use the logging command to select a subset...

Page 650: ...options acl SendsACLSyslogloggingtoconfigureddebugdestinations Whenthereisamatch with a deny statement directs the resulting message to the configured debug destination s event Sends standard Event L...

Page 651: ...eries 3400cl switches Series 2800 switches Series 2600 switches and the Switch 6108 software release H 07 30 or greater For the latest feature information on ProCurve switches visit the ProCurve Netwo...

Page 652: ...configure in Step 3 to all IP addresses 2 To use a CLI session on a destination device for debug messaging a Set up a serial Telnet or SSH connection to access the switch s CLI b Enter the debug desti...

Page 653: ...alue and save the settings to the startup configuration for example by entering the write memory command the debug settings are saved after a system reboot power cycle or reboot and re activated on th...

Page 654: ...Logging Destination None Enabled debug types None are enabled ProCurve config logging 10 28 38 164 ProCurve config write memory ProCurve config show debug Debug Logging Destination Logging 10 28 38 1...

Page 655: ...ent by entering the no debug event command There is no effect on the normal logging of messages in the switch s Event Log Example The next example shows how to configure Debug logging of ACL and IP OS...

Page 656: ...64 164 Facility user Severity debug System module all pass Session Enabled debug types acl log ip ospf packet ConfigureaSyslogserverIPaddress No other Syslog servers are configuredontheswitch Theserv...

Page 657: ...bug destinations Syntax no debug debug type acl When a match occurs on an ACL deny Access Control Entry with log configured the switch sends an ACL message to configured debug destinations For more in...

Page 658: ...f adj event flood lsa generation packet retransmission spf For the configured debug destination s ospf adj event flood lsa generation packet retransmission spf Enables the specified IP OSPF message ty...

Page 659: ...bug level For more informa tion refer to Operating Notes for Debug and Syslog on page C 58 session Enables transmission of event notification messages to the CLI session that most recently executed th...

Page 660: ...hese debug and logging settings are automatically re activated after a switch reboot or power recycle The debug settings and destinations configured in your previous troubleshooting session will then...

Page 661: ...cally enabled to be sent to the server To reconfigure this setting use the following commands Use debug command to specify additional debug message types see Debug Messages on page C 49 Use the loggin...

Page 662: ...o removing all configured Syslog destinations with the no loggingcommand or a specified Syslog server destination with the no logging syslog ip address command does not delete the Syslog server IP add...

Page 663: ...es kern Kernel messages mail Mail system daemon System daemons auth Security Authorization messages syslog Messages generated internally by Syslog lpr Line Printer subsystem news Netnews subsystem uuc...

Page 664: ...er Messages of the selected and higher severity willbe sent To configure a Syslog server see Configuring a Syslog Server on page C 53 Syntax no logging severity major error l warning info debug Config...

Page 665: ...dules to be sent If you re enter the command with a different system module name the currently configured value is replaced with the new one Syntax no logging system module system module Configures th...

Page 666: ...pplication is configured to accept the debug severity level The default configuration for some Syslog applications ignores the debug severity level Debug Option Effect of a Reboot or Reset logging deb...

Page 667: ...f the attached end node does not have an Auto mode setting then you must manually configure the switch port to the same setting as the end node port Refer to Chapter 10 Port Status and Configuration F...

Page 668: ...tch and another device on the same or another IP network that can respond to IP packets ICMP Echo Requests To use the ping or traceroute command with host names or fully qualified domain names refer t...

Page 669: ...s the network address of the target or destination device to which you want to test a connection with the switch An IP address is in the X X X X format where X is a decimal number between 0 and 255 A...

Page 670: ...r Link Tests Ping Tests You can issue single or multiple ping tests with varying repeti tions and timeout periods The defaults and ranges are Repetitions 1 1 999 Timeout 5 seconds 1 256 seconds Syntax...

Page 671: ...9 Timeout 5 seconds 1 256 seconds Syntax link mac address repetitions 1 999 timeout 1 256 vlan vlan id Figure C 15 Example of Link Tests Basic Link Test Link Test with Repetitions Link Test with Repet...

Page 672: ...equence of labels in a domain name identifying a specific host host name and the domain in which it exists For example if a device with an IP address of 10 10 10 101 has a host name of device53 and re...

Page 673: ...se the switch is configured with the domain suffix mygroup procurve net and the IP address for an accessible DNS server If an operator wants to use the switch to ping a target host in this domain by u...

Page 674: ...group net Assuming this second domain is accessible to the DNS server already configured on the switch a traceroute command using the target s fully qualified DNS name should succeed Figure C 17 Examp...

Page 675: ...name Syntax no ip dns server address priority 1 3 ip addr Configures the access priority and IP address of a DNS server accessible to the switch These settings specify the relative priority of the DN...

Page 676: ...name of the desired target For an example refer to Figure C 16 on page C 65 In either of the following two instances you must manually provide the domain identification by using a fully qualified DNS...

Page 677: ...68 Entity Identity DNS Server IP Address 10 28 229 10 Domain Name and Domain Suffix for Hosts in the Domain pubs outdoors com Host Name Assigned to 10 28 229 219 by the DNS Server docservr Fully Quali...

Page 678: ...he switch configuration currently includes a non default non null DNS entry it will also appear in the show run command output Figure C 22 Example of Viewing the Current DNS Configuration ProCurve pin...

Page 679: ...another address you must first use the no form of the command to remove the current address from the target priority The DNS server s and domain configured on the switch must be accessible to the swi...

Page 680: ...oduce this result Unknown host host name The host name did not resolve to an IP address Some reasons for this occurring include The host name was not found The named domain was not found The domain su...

Page 681: ...running configuration through the web browser interface 1 Click on the Diagnostics tab 2 Click on Configuration Report 3 Use the right side scroll bar to scroll through the configuration listing Listi...

Page 682: ...o a file and then use either Microsoft Word or Notepad to display the data In this case Microsoft Word provides the data in an easier to read format To Copy show tech output to a Text File This exampl...

Page 683: ...erminal screen 5 To access the file open it in Microsoft Word Notepad or a similar text editor CLI Administrative and Troubleshooting Commands These commands provide information or perform actions tha...

Page 684: ...n the route plus the time in microseconds for the traceroute packet reply to the switch for each hop To halt an ongoing traceroute search press the Ctrl C keys minttl 1 255 For the current instance of...

Page 685: ...he IP addresses for all hops it detects up to the maxttl limit For any instance of traceroute if you want a maxttl value other than the default you must specify that value Default 30 timeout 1 120 For...

Page 686: ...for all probes beyond the last detected hop For example with a maximum hop count of 7 maxttl 7 where the route becomes blocked or otherwise fails the output appears similar to this Figure C 27 Example...

Page 687: ...uration to a TFTP server before resetting the switch to its factory default configuration You can also save your configuration via Xmodem to a directly connected PC CLI Resetting to the Factory Defaul...

Page 688: ...the following A terminal emulator program with Xmodem capability such as the Hyper Terminal program included in Windows PC software A copy of a good OS image file for the switch Not e The following p...

Page 689: ...k on OK In the next window click on OK again vi Select Call Connect vii Press Enter one or more times to display the prompt 5 Start the Console Download utility by typing do at the prompt and pressing...

Page 690: ...em Download in Progress 8 When the download completes the switch reboots from primary flash using the OS image you downloaded in the preceding steps plus the most recent startup config file 3500 5400...

Page 691: ...termining MAC Addresses D 3 Menu Viewing the Switch s MAC Addresses D 4 CLI Viewing the Port and VLAN MAC Addresses D 5 Viewing the MAC Addresses of Connected Devices D 7 3500 5400 6200 8200 MCG Jan08...

Page 692: ...address For internal switch operations One MAC address per port Refer to CLI Viewing the Port and VLAN MAC Addresses on page D 5 MAC addresses are assigned at the factory The switch automatically impl...

Page 693: ...h Not e The switch s base MAC address is used for the default VLAN VID 1 that is always available on the switch This is true for dynamic VLANs as well the base MAC address is the same across all VLANs...

Page 694: ...screen On the switches covered in this guide the VID VLAN identification number for the default VLAN is always 1 and cannot be changed To View the MAC Address and IP Address assignments for VLANs Con...

Page 695: ...itch ProCurve walkmib ifPhysAddress The above command is not case sensitive For example a ProCurve 8212zl switch with the following module configura tion shows MAC address assignments similar to those...

Page 696: ...ifPhysAddress 65 00 12 79 88 b1 bf ifPhysAddress 66 00 12 79 88 b1 be ifPhysAddress 67 00 12 79 88 b1 bd ifPhysAddress 68 00 12 79 88 b1 bc ifPhysAddress 69 00 12 79 88 b1 bb ifPhysAddress 70 00 12 79...

Page 697: ...cted port list Lists the MAC addresses of the devices the switch has detected on the specified port s mac addr Lists the port on which the switch detects the specified MAC address Returns the followin...

Page 698: ...D 8 MAC Address Management Viewing the MAC Addresses of Connected Devices 3500 5400 6200 8200 MCG Jan08 K_13_01 book Page 8 Monday January 28 2008 10 04 AM...

Page 699: ...iewing Information on Resource Usage E 2 Policy Enforcement Engine E 2 Displaying Current Resource Usage E 3 When Insufficient Resources Are Available E 5 3500 5400 6200 8200 MCG Jan08 K_13_01 book Pa...

Page 700: ...igure Resource usage in the Policy Enforce ment engine is based on how these features are configured on the switch Resource usage by dynamic port ACLs and virus throttling is determined as follows Dyn...

Page 701: ...erved for less important features Not e A 1 1 mapping of internal rules to configured policies in the switch does not necessarily exist As a result displaying current resource usage is the most reliab...

Page 702: ...t Mirror endpoints DHCP Protection Resource usage includes resources actually in use or reserved for future use by the listed feature Internal dedicated purpose resources such as port bandwidth limits...

Page 703: ...current resources are fully subscribed Currently engaged resources must be released before any of the following actions are supported Configuration of new entries for QoS ACLs virus throttling ICMP r...

Page 704: ...E 6 Monitoring Resources When Insufficient Resources Are Available 3500 5400 6200 8200 MCG Jan08 K_13_01 book Page 6 Monday January 28 2008 10 04 AM...

Page 705: ...Southern Hemisphere Western Europe The pre defined settings follow these rules Alaska Begin DST at 2am on the second Sunday in March End DST at 2am on the first Sunday in November Canada and Continen...

Page 706: ...ay on or after March 23rd End DST at 2am the first Sunday on or after October 23rd A sixth option named User defined allows you to customize the DST config uration by entering the beginning month and...

Page 707: ...changes at 2am on that day If the configured day is not a Sunday the time changes at 2am on the first Sunday after the configured day This is true for both the Beginning day and the Ending day With t...

Page 708: ...F 4 Daylight Savings Time on ProCurve Switches 3500 5400 6200 8200 MCG Jan08 K_13_01 book Page 4 Monday January 28 2008 10 04 AM...

Page 709: ...ss 512 IP addresses per system 2048 IP 2048 IPv6 IP addresses per VLAN 32 static routes 256 supported routes 10 000 including ARP IPv4 host hardware table 72K 8K internal 64K external IPv4 BMP hardwar...

Page 710: ...G 2 Scalability IP Address VLAN and Routing Maximum Values 3500 5400 6200 8200 MCG Jan08 K_13_01 book Page 2 Monday January 28 2008 10 04 AM...

Page 711: ...the entries 5 20 allocation class 11 20 allocation value 11 20 ARP arp age default 8 7 maximums G 1 ARP protection SNMP notification 14 17 14 26 asterisk meaning in show config 6 30 meaning in tracer...

Page 712: ...14 15 viewing and configuring with the menu 14 13 config files SCP SFTP transfer 6 40 configuration Bootp 8 13 comparing startup to running 6 6 console 7 3 copying A 24 factory default 6 9 8 2 impacts...

Page 713: ...arting a session 3 4 statistics clear counters 3 12 status and counters access 3 7 status and counters menu B 6 troubleshooting access problems C 6 context level global config 4 5 8 10 manager level 4...

Page 714: ...xv printed in box publications xxv release notes xxv Domain Name Server See DNS download software 15 17 A 20 software using TFTP A 4 switch to switch A 20 TFTP A 5 troubleshooting A 6 Xmodem A 15 See...

Page 715: ...ion 13 22 described 13 19 displaying current configuration 13 25 impacts of QoS queue configuration 13 21 operation 13 19 outbound queue priority 13 20 starving queues 13 21 H Help for CLI 1 7 4 11 fo...

Page 716: ...8 20 rules operating 8 20 summary of effect 8 23 IP routing debug messages C 42 IPX broadcast traffic 10 4 10 14 network number B 10 J jumbo frames configuration 13 29 excessive inbound 13 35 flow co...

Page 717: ...es 14 37 general operation 14 40 global counters 14 75 holdtime multiplier 14 49 hub packet forwarding 14 40 IEEE P802 1AB D9 14 43 inconsistent value 14 50 information options 14 42 invalid frames 14...

Page 718: ...fits 8 15 configuration 8 16 default 8 15 8 18 displaying configuration 8 18 in OSPF area 8 16 multiple interfaces supported 8 15 lost password 5 10 M MAC address 8 13 B 7 D 2 displaying detected devi...

Page 719: ...it port host connection B 28 exit port local mirroring B 28 B 39 exit port oversubscribe B 31 exit port remote mirroring B 28 B 42 exit port VLAN rule B 27 B 28 B 30 B 38 B 44 B 77 exit switch B 28 fr...

Page 720: ...odule CLI command 10 24 configuring when not inserted 10 24 pre configuring 10 24 monitoring links between ports 10 25 status and counters screens B 5 monitoring traffic See mirroring MPS defined 11 4...

Page 721: ...11 26 PD defined 11 4 port identifiers 11 22 port number priority 11 11 port number priority defined 11 4 power supplies 11 3 power provisioning 11 5 prioritizing power 11 10 priority class 11 4 11 1...

Page 722: ...P operation 12 7 traffic distribution 12 7 Trk1 12 7 trunk non protocol option 12 6 trunk option described 12 26 types 12 6 UDLD configuration 10 26 VLAN 12 8 VLAN operation 12 7 web browser access 12...

Page 723: ...ot command 15 29 boot history 15 42 causes of switchover 15 13 disabling 15 6 15 21 downloading software 15 17 enabling 15 6 event log messages 15 46 hotswapping module 15 15 how active module determi...

Page 724: ...during factory default reset C 80 serial number B 7 setmib 11 22 setmib delay interval 14 49 setmib reinit delay 14 51 setup screen 1 8 severity level event log C 27 selecting Event Log messages for d...

Page 725: ...9 4 disabling 9 12 enabling and disabling 9 10 event log messages 9 26 manual config priority 8 12 menu interface operation 9 26 operating modes 9 2 poll interval See TimeP priority 9 14 selecting 9...

Page 726: ...57 System Name parameter 7 11 T TACACS SSH exclusion A 14 Telnet connecting to switch 3 4 enable disable 7 4 outbound 7 6 terminate session kill command 7 9 troubleshooting access C 7 temperature show...

Page 727: ...C 59 DNS See DNS fast uplink C 19 ping and link tests C 60 resource usage E 2 restoring factory default configuration C 79 spanning tree C 19 SSH C 20 switch software download A 6 switch won t reboot...

Page 728: ...8 5 10 users SNMPv3 See SNMPv3 utilization port 5 17 10 9 V version OS A 21 version switch software A 6 A 16 view duplex 10 7 port speed 10 7 transceiver status 10 9 virtual interface See loopback in...

Page 729: ...lost 5 10 password setting 5 9 port status 5 19 port utilization 5 17 port utilization and status displays 5 17 screen elements 5 16 security 5 2 5 8 standalone 5 4 status bar 5 22 status indicators...

Page 730: ...20 Index 3500 5400 6200 8200 MCG Jan08 K_13_01 book Page 20 Monday January 28 2008 10 04 AM...

Page 731: ......

Page 732: ...Copyright 2005 2008 Hewlett Packard Development Company L P January 2008 Manual Part Number 5992 3059...

Reviews:

No comments