HP Switch Software Management and Configuration Guide K/KA/KB.15.15 Abstract This switch software guide is intended for network administrators and support personnel, and applies to the switch models listed on this page unless otherwise noted. This guide does not provide information about upgrading or replacing switch hardware. The information in this guide is subject to change without notice.
© Copyright 2008, 2014 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Contents 1 Time Protocols..........................................................................................22 General steps for running a time protocol on the switch...............................................................22 About SNTP time synchronization.........................................................................................22 About TimeP time synchronization........................................................................................
Enabling or disabling the SNTP mode ......................................................................................43 Configuring the SNTP mode.....................................................................................................44 Enabling SNTP in broadcast mode.......................................................................................44 Enabling or disabling in Broadcast mode..................................................................................
Show services...............................................................................................................76 No parameters.............................................................................................................77 Show services locator....................................................................................................77 Show services device.....................................................................................................
About using friendly port names.............................................................................................104 Configuring and operating rules for friendly port names........................................................104 About configuring transceivers and modules that have not been inserted......................................105 Transceivers....................................................................................................................105 Modules..................
Port Shutdown with Broadcast Storm...................................................................................132 Configuration Commands.............................................................................................133 Viewing broadcast-storm configuration...........................................................................133 Definitions..................................................................................................................134 Event logs.................
Trunk load balancing using Layer 4 ports.................................................................................159 Distributed trunking overview..................................................................................................159 Distributed trunking interconnect protocol............................................................................161 Configuring distributed trunking.........................................................................................
A non-jumbo port is generating "Excessive undersize/giant frames" messages in the Event Log...........................................................................................................................195 6 Configuring for Network Management Applications....................................196 Enabling SNMPv3................................................................................................................196 Configuring users in SNMPv3..............................................
LLDP-MED fast start control.....................................................................................................227 Enabling or Disabling TLVs controlled by medTLvEnable.............................................................228 Viewing PoE advertisements...................................................................................................229 Configuring location data for LLDP-MED devices.......................................................................
Remote management address.......................................................................................254 Debug logging...........................................................................................................254 Options for reading LLDP information collected by the switch.................................................255 LLDP and LLDP-MED standards compatibility........................................................................255 Port trunking.............................
Downloading software automatically from a TFTP server............................................................271 Downloading to primary flash using TFTP.................................................................................272 Enabling SCP and SFTP.........................................................................................................273 Downloading software via a Xmodem.....................................................................................
Failure to exit from a previous session........................................................................297 Attempt to start a second session..............................................................................297 Using USB to transfer files to and from the switch.................................................................298 Transferring switch configurations............................................................................................298 Transferring ACL command files...
Configuring a mirroring policy to select inbound traffic.........................................................319 Configuring MAC-based criteria to select traffic....................................................................319 Configuring a remote mirroring destination on the remote switch.................................................319 Configuring a remote mirroring destination on the local switch....................................................
Migration to release K.14.01 or greater...............................................................................346 Using the Menu to configure local mirroring.............................................................................347 Menu and WebAgent limits..............................................................................................347 Remote mirroring overview.....................................................................................................
The switch does not allow any routed access from a specific host, group of hosts, or subnet...372 The switch is not performing routing functions on a VLAN.................................................372 Routing through a gateway on the switch fails.................................................................372 Remote gateway case.............................................................................................373 Local gateway case.........................................................
Unknown users allowed to login to the switch.............................................................380 System allows fewer login attempts than specified in the switch configuration..................380 TimeP, SNTP, or Gateway problems...............................................................................380 The switch cannot find the time server or the configured gateway..................................380 VLAN-related problems..................................................................
Configuring the system module used to select the Event Log messages sent to a syslog server........................................................................................................................424 Operating notes for debug and Syslog...............................................................................425 Diagnostic tools....................................................................................................................426 Port auto-negotiation.....................
Directing the standby module to become active........................................................................467 Setting the active management module for next boot.................................................................468 Hotswapping out the active management module.....................................................................470 Resetting the management module..........................................................................................
Disable management module redundancy with only one module present.................................492 Active management module commands...................................................................................492 Viewing modules.............................................................................................................492 CLI commands affected by redundant management...................................................................492 boot command..................................
Configuring an OOBM IPv4 default gateway......................................................................507 OOBM show commands.......................................................................................................507 Showing the global OOBM and OOBM port configuration...................................................507 Showing OOBM IP configuration.......................................................................................508 Showing OOBM ARP information...................
1 Time Protocols General steps for running a time protocol on the switch Using time synchronization ensures a uniform time among interoperating devices. This helps you to manage and troubleshoot switch operation by attaching meaningful time data to event and error messages. The switch offers TimeP and SNTP (Simple Network Time Protocol) and a timesync command for changing the time protocol selection (or turning off time protocol operation.
detected through a broadcast. The default value between each polling request is 720 seconds, but can be configured. At least one manually configured server IP address is required. About TimeP time synchronization You can either manually assign the switch to use a TimeP server or use DHCP to assign the TimeP server. In either case, the switch can get its time synchronization updates from only one, designated TimeP server. This option enhances security by specifying which time server to use.
This command configures SNTP and specifies whether the switch operates in broadcast or unicast mode. If no mode is specified, then the mode defaults to broadcast. • Broadcast mode output: (HP_Switch_name#) sntp broadcast or • Unicast mode output:(HP_Switch_name#) sntp unicast IMPORTANT: mode. To enable SNTP client authentication, you must configure either unicast or broadcast To set the SNTP mode or change from one mode to the other, enter the appropriate command.
success, it sends an error message to the Event Log and reschedules to try the address list again after the configured Poll Interval time has expired. As with broadcast mode, configuring SNTP for unicast mode enables SNTP. For unicast operation, however, you must also specify the IP address of at least one SNTP server. The switch allows up to three unicast servers. You can use the Menu interface or the CLI to configure one server or to replace an existing unicast server with another.
Figure 3 Specifying the SNTP protocol version number Enabling TimeP This section describes steps and syntax for selecting and enabling TimeP as the time protocol. IMPORTANT: Enabling TimeP as the time protocol means to configure it for either DHCP or manual mode. To run TimeP as the switch's time synchronization protocol, you must also select TimeP as the time synchronization method by using the CLI timesync command or the menu interface Time Sync Method parameter.
Example 1 Configuring TimeP for DHCP operation (HP_Switch_name#) show timep Timep Configuration Time Sync Mode: Sntp TimeP Mode : Disabled Poll Interval (min) [720] : 720 (HP_Switch_name#) timesync timep (HP_Switch_name#) ip timep dhcp (HP_Switch_name#) show timep Timep Configuration Time Sync Mode: Timep TimeP Mode : DHCP Poll Interval (min): 720 Example 2 TimeP synchronization method Suppose: • Time Synchronization is configured for SNTP. • You want to: ◦ View the current time synchronization.
Syntax ip timep manual This activates TimeP in manual mode with a specified TimeP server. (By default, SNTP traffic goes through the data ports.) Example 3 Configuring TimeP for manual operation To select TimeP and configure it for manual operation using a TimeP server address of 10.28.227.
5. Do one of the following: • Use the Space bar to select the DHCP mode. ◦ Press â to move the cursor to the Poll Interval field. ◦ Go to step 6. Enabling TIMEP or DHCP Time Sync Method [None] : TIMEP TimeP Mode [Disabled] : DHCP Poll Interval (min) [720] : 720 Time Zone [0] : 0 Daylight Time Rule [None] : None • Use the Spacebar to select the Manual mode. ◦ Press à to move the cursor to the Server Address field.
This disables time synchronization by changing the Time Sync Mode configuration to Disabled. This halts time synchronization without changing your TimeP configuration. The recommended method for disabling time synchronization is to use the timesync command. System Information screen of the Menu interface: a. Set the Time Synch Method parameter to None. b. Press [Enter], then [S] (for Save.
Figure 6 Disabling time synchronization by disabling the SNTP mode Deleting an SNTP server Syntax [no] sntp server priority Deletes the specified SNTP server. NOTE: Deleting an SNTP server when only one server is configured disables SNTP unicast operation. Disabling SNTP by deleting a server Syntax [no] sntp server priority PRIORITY [<1-3>] [version] [key-id ] Disabling SNTP by deleting the specified SNTP server.
Example 5 Disabling TimeP in DHCP mode (HP_Switch_name#) no ip timep (HP_Switch_name#) show timep Timep Configuration Time Sync Mode: Timep TimeP Mode : Disabled Example 6 Disabling TimeP in manual mode Timep Configuration Time Sync Mode: Sntp TimeP Mode : Disabled Poll Interval (min) [720] : 720 (HP_Switch_name#) timesync timep (HP_Switch_name#) ip timep manual (HP_Switch_name#) show timep Timep Configuration Time Sync Mode: Timep TimeP Mode : DHCP Poll Interval (min): 720 NOTE: To change from one TimeP
Example 7 How to list all SNTP servers configured on the switch (HP_Switch_name#) show management Status and Counters - Management Address Information Time Server Address : fe80::215:60ff:fe7a:adc0%vlan10 Priority SNTP Server Address Protocol Version -------- ---------------------------------------------- ---------------1 2001:db8::215:60ff:fe79:8980 7 2 10.255.5.24 3 3 fe80::123%vlan10 3 Default Gateway : 10.0.9.
SNTP server authentication support The following must be performed on the SNTP server: • The same authentication key-identifier, trusted key, authentication mode and key-value that were configured on the SNTP client must also be configured on the SNTP server. • SNTP server authentication must be enabled on the server. If any of the parameters on the server are changed, the parameters have to be changed on all the SNTP clients in the network as well.
Example 8 Changing an SNTP poll interval to 300 seconds (HP_Switch_name#) sntp 300 SNTP unicast time polling with multiple SNTP servers NOTE: When you use the Menu interface to configure an SNTP server IP address, the new address writes over the current primary address, if one is configured.
Syntax sntp server An IPv4 or IPv6 address of an SNTP server. for information on usage in changing server priorities. Adding and deleting SNTP server addresses Adding addresses You can configure one SNTP server address using either the Menu interface or the CLI. To configure a second and third address, you must use the CLI.
2. Press [E] (for Edit.) The cursor moves to the System Name field. 3. 4. 5. Use â to move the cursor to the Time Sync Method field. Use the Space bar to select SNTP, then press â once to display and move to the SNTP Mode field. Complete one of the following options. Option 1 a. b. c. Use the Space bar to select the Broadcast mode. Press â to move the cursor to the Poll Interval field. Go to step 6 (page 37). Figure 8 Time configuration fields for SNTP with broadcast mode Option 2 d. e. f.
Viewing and configuring TimeP parameters IMPORTANT: To run TimeP as the switch's time synchronization protocol, you must also select TimeP as the time synchronization method by using the CLI timesync command, or the Menu interface Time Sync Method parameter. TimeP parameters and their operations are listed below. Disabling TimeP The default mode. Timep does not operate, even if specified by the Menu interface Time Sync Method parameter or the CLI timesync command.
Syntax To disable time synchronization using the CLI: no timesync System Information screen of the Menu interface : a. Set the Time Synch Method parameter to None. b. Press [Enter], then [S] (for Save.) Other time protocol commands Features that apply to both SNTP and TimeP protocols. Show management command Syntax show management This command shows the switch addresses available for management, and the time server if the switch uses one.
Statistics Displays SNTP protocol statistics. Configure the switch with SNTP as the time synchronization method, and then enable SNTP in broadcast mode with the default poll interval, show sntp. Figure 10 SNTP configuration when SNTP is not the selected time synchronization method Example 13 show sntp authentication command with authentication disabled To display all the SNTP authentication keys that have been configured on the switch, enter the show sntp authentication command.
Example 14 TimeP configuration when TimeP is the selected Time synchronization method If you configure the switch with TimeP as the time synchronization method, then enable TimeP in DHCP mode with the default poll interval, show timep lists the following: (HP_Switch_name#) show timep Timep Configuration Time Sync Mode: Timep TimeP Mode [Disabled] : DHCP Server Address : 10.10.28.
Example 16 Display showing IP addressing for all configured time servers and VLANs (HP_Switch_name#) show management Status and Counters - Management Address Information Time Server Address : 10.10.28.100 Priority SNTP Server Address Protocol Version -------- ------------------------------------------------------------1 10.10..28.101 3 2 10.255.5.24 3 3 fe80::123%vlan10 3 Default Gateway : 10.0.9.
Figure 12 SNTP configuration Syntax show management This command can help you to easily examine and compare the IP addressing on the switch. It lists the IP addresses for all time servers configured on the switch, plus the IP addresses and default gateway for all VLANs configured on the switch.
Figure 14 Disabling time synchronization by disabling the SNTP mode Configuring the SNTP mode Enabling the SNTP mode means to configure it for either broadcast or unicast mode. Remember that to run SNTP as the switch's time synchronization protocol, you must also select SNTP as the time synchronization method by using the CLI timesync command (or the menu interface Time Sync Method parameter.) Syntax timesync sntp Selects SNTP as the time protocol. sntp Enables the SNTP mode.
Example 17 Enable SNTP for broadcast mode Suppose that time synchronization is in the factory-default configuration (TimeP is the currently selected time synchronization method.) Complete the following: 1. View the current time synchronization. 2. Select SNTP as the time synchronization mode. 3. Enable SNTP for Broadcast mode. 4. View the SNTP confguration again to verify the configuration.
Figure 15 show sntp configuration output SNTP in unicast mode Like broadcast mode, configuring SNTP for unicast mode enables SNTP. However, for unicast operation, you must also specify the IP address of at least one SNTP server. The switch allows up to three unicast servers. You can use the Menu interface or the CLI to configure one server or to replace an existing unicast server with another. To add a second or third server, you must use the CLI.
HP Switch(config)# sntp unicast Activates SNTP in unicast mode. HP Switch(config)# sntp server priority 1 10.28.227.141 Specifies the SNTP server and accepts the current SNTP server version (default: 3.) Figure 16 Configuring SNTP for unicast operation If the SNTP server you specify uses SNTP v4 or later, use the sntp server command to specify the correct version number. For example, suppose you learned that SNTP v4 was in use on the server you specified above (IP address 10.28.227.141.
HP Switch(config)# sntp 300 Changing the SNTP server priority You can choose the order in which configured servers are polled for getting the time by setting the server priority. Syntax sntp Specifies the order in which the configured servers are polled for getting the time Value is between 1 and 3. NOTE: You can enter both IPv4 and IPv6 addresses. Example To set one server to priority 1 and another to priority 2: HP Switch(config)# sntp server priority 1 10.28.22.
Example 19 How to list all SNTP servers configured on the switch HP Switch(config)# show management Status and Counters - Management Address Information Time Server Address : fe80::215:60ff:fe7a:adc0%vlan10 Priority SNTP Server Address Protocol Version -------- ---------------------------------------------- ---------------1 2001:db8::215:60ff:fe79:8980 7 2 10.255.5.24 3 3 fe80::123%vlan10 3 Default Gateway : 10.0.9.
Syntax sntp authentication key-id authentication-mode md5 key-value trusted [encrypted-key ] Configures a key-id, authentication-mode (MD5 only), and key-value, which are required for authentication. key-id A numeric key identifier in the range of 1-4,294,967,295 (232) that identifies the unique key value. It is sent in the SNTP packet. key-value The secret key that is used to generate the message digest. Up to 32 characters are allowed for key-string.
• In unicast mode: The trusted key is associated with a specific NTP/SNTP server, and configured on the switch so that the SNTP client communicates with the server to get the date and time. The key is used for authenticating the SNTP packet. • In broadcast mode: The SNTP client switch checks the size of the received packet to determine if it is authenticated. If the broadcast packet is authenticated, the key-id value is checked to see if the same key-id value is configured on the SNTP client switch.
Example 22 Associating a key-id with a specific server (HP_Switch_name#) sntp server priority 1 10.10.19.5 2 key-id 55 Enabling and disabling SNTP client authentication The sntp authentication command enables SNTP client authentication on the switch. If SNTP authentication is not enabled, SNTP packets are not authenticated. Syntax [no] sntp authentication Enables the SNTP client authentication. The no version of the command disables authentication. Default: SNTP client authentication is disabled .
Example 23 SNTP configuration information (HP_Switch_name#) show sntp SNTP Configuration SNTP Time SNTP Poll Authentication : Enabled Sync Mode: Sntp Mode : Unicast Interval (sec) [720] : 720 Priority -------1 2 SNTP Server Address --------------------------------------10.10.10.
Example 25 SNTP authentication statistical information (HP_Switch_name#) show sntp statistics SNTP Statistics Received Packets : 0 Sent Packets : 3 Dropped Packets : 0 SNTP Server Address Auth Failed Pkts --------------------------------------- ---------------10.10.10.1 0 fe80::200:24ff:fec8:4ca8 0 Example 26 show sntp statistics command Displays all SNTP authentication keys configured on the switch.
Associating a key with an SNTP server Syntax [no] sntp server priority 1-3 ip-address | ipv6-address version-num [ key-id 1-4,294,967,295 ] Configures a key-id to be associated with a specific server. The key itself must already be configured on the switch. The no version of the command disassociates the key from the server. This does not remove the authentication key. Default: No key is associated with any server by default.
the original server, the switch accepts a broadcast time update from the next server it detects. Viewing SNTP authentication configuration information The show sntp command displays SNTP configuration information, including any SNTP authentication keys that have been configured on the switch.
Example 31 Show SNTP authentication command output HP Switch(config)# show sntp authentication SNTP Authentication Information SNTP Authentication : Enabled Key-ID ------55 10 Auth Mode ---------MD5 MD5 Trusted -------Yes No Viewing statistical information for each SNTP server To display the statistical information for each SNTP server, enter the show sntp statistics command. The number of SNTP packets that have failed authentication is displayed for each SNTP server address.
3. Press [E] (for Edit.) The cursor moves to the System Name field. 4. 5. Use the Space bar to select SNTP, then press â once to display and move to the SNTP Mode field. Complete one of the following options. Option 1 a. b. c. d. Use the Space bar to select the Broadcast mode. Press â to move the cursor to the Poll Interval field. Go to step 6 (page 37). Figure 19 Time configuration fields for SNTP with broadcast mode e. Option 2 i. Use the Space bar to select the Unicast mode. ii.
Viewing the current TimeP configuration Using different show commands, you can display either the full TimeP configuration or a combined listing of all TimeP, SNTP, and VLAN IP addresses configured on the switch. Syntax show timep Lists both the time synchronization method (TimeP, SNTP, or None) and the TimeP configuration, even if SNTP is not the selected time protocol. (If the TimeP Mode is set to Disabled or DHCP, the Server field does not appear.
Example 34 Showing IP addressing for all configured time servers and VLANs HP Switch(config)# show management Status and Counters - Management Address Information Time Server Address : 10.10.28.100 Priority SNTP Server Address Protocol Version -------- ------------------------------------------------------------1 10.10..28.101 3 2 10.255.5.24 3 3 fe80::123%vlan10 3 Default Gateway : 10.0.9.
Example 35 Enabling TimeP for DHCP Suppose time synchronization is configured for SNTP. Following this example to enable TimeP for DHCP. 1. View the current time synchronization. 2. show timep displays the TimeP configuration and also shows that SNTP is the currently active time synchronization mode. 3. Select TimeP as the time synchronization mode. 4. Enable TimeP for DHCP mode. 5. View the TimeP configuration. 6.
For switches that have a separate out-of-band management port, oobm specifies that SNTP traffic goes through that port. (By default, SNTP traffic goes through the data ports.) Disabling TimeP in manual mode Syntax no ip timep Disables TimeP. Enabling TimeP in DHCP Mode Because the switch provides a TimeP polling interval (default:720 minutes), you need only these two commands for a minimal TimeP DHCP configuration: Syntax timesync timep Selects TimeP as the time synchronization method.
Activates TimeP in manual mode with a specified TimeP server. By default, SNTP traffic goes through the data ports. Example 37 Enabling TimeP in manual mode To select TimeP and configure it for manual operation using a TimeP server address of 10.28.227.141 and the default poll interval (720 minutes, assuming the TimeP poll interval is already set to the default): HP Switch(config)# timesync time Selects TimeP. HP Switch(config)# ip timep manual 10.28.227.141 Activates TimeP in Manual mode.
configuration.The recommended method for disabling time synchronization is to use the timesync command. Example 38 TimeP with time synchronization disabled Suppose TimeP is running as the switch's time synchronization protocol, with DHCP as the TimeP mode, and the factory-default polling interval.
Example 39 Disabling time synchronization by disabling the TimeP mode parameter If the switch is running TimeP in DHCP mode, no ip timep changes the TimeP configuration as shown below and disables time synchronization. Even though the TimeSync mode is set to TimeP, time synchronization is disabled because no ip timep has disabled the TimeP mode parameter.
• Press à to move the cursor to the Server Address field. • Enter the IP address of the TimeP server you want the switch to use for time synchronization. NOTE: • 6. 7. This step replaces any previously configured TimeP server IP address. Press à to move the cursor to the Poll Interval field, then go to step 6. In the Poll Interval field, enter the time in minutes that you want for a TimeP Poll Interval.
Table 1 SNTP parameters (continued) SNTP parameter Operation Server Address Used only when the SNTP Mode is set to Unicast. Specifies the IP address of the SNTP server that the switch accesses for time synchronization updates. You can configure up to three servers; one using the menu or CLI, and two more using the CLI. Server Version Specifies the SNTP software version to use and is assigned on a per-server basis. The version setting is backwards-compatible.
If there are already three SNTP server addresses configured on the switch, and you want to use the CLI to replace one of the existing addresses with a new one, you must delete the unwanted address before you configure the new one. About trusted keys trusted Trusted keys are used in SNTP authentication. In unicast mode, you must associate a key with a specific NTP/SNTP server. That key is used for authenticating the SNTP packet.
Example 41 Retrieved configuration file when include credentials is not configured HP Switch (config) # copy tftp startup-config 10.2.3.44 config1 Switch reboots ... Startup configuration timesync sntp sntp broadcast sntp 50 sntp server priority 1 10.10.10.2.3 sntp server priority 2 fe80::200:24ff:fec8:4ca8 4 NOTE: The SNTP authentication line and the Key-ids are not displayed. You must reconfigure SNTP authentication.
reconfigure software features to free resources reserved for less important features. access-list Display the same command output and provide different ways to access task-specific information. openflow NOTE: qos policy 70 Time Protocols See OpenFlow Administrators Guide.
Example 42 Unavailable resources The resource usage on a 3500yl switch configured for ACLs, QoS, RADIUS-based authentication, and other features: • The "Rules Used" columns show that ACLs, VT, mirroring, and other features (for example, Management VLAN) have been configured globally or per-VLAN, because identical resource consumption is displayed for each port range in the switch. If ACLs were configured per-port, the number of rules used in each port range would be different.
• Access control lists (ACL) • Quality-of-service (QoS), including device and application port priority, ICMP rate-limiting, and QoS policies • Dynamic assignment of per-port or per-user ACLs and QoS through RADIUS authentication designated as “IDM”, with or without the optional identity-driven management (IDM) application • Virus throttling (VT) using connection-rate filtering • Mirroring policies, including switch configuration as an endpoint for remote intelligent mirroring • Other features, i
usage in the policy enforcement engine is based on how these features are configured on the switch: • • • Resource usage by dynamic port ACLs and VT is determined as follows: • Dynamic port ACLs configured by a RADIUS server (with or without the optional IDM application) for an authenticated client determine the current resource consumption for this feature on a specified slot. When a client session ends, the resources in use for that client become available for other uses.
• 74 "Internal dedicated-purpose resources" include the following features: • Per-port ingress and egress rate limiting through the CLI using rate-limit in/out • Per-port ingress and egress broadcast rate limiting through the CLI using rate-limit bcast/mcast • Per-port or per-VLAN priority or DSCP through the CLI using qos priority or qos dscp • Per protocol priority through the CLI using qos protocol • For chassis products (for example, the 5400zl or 8212zl switches), 'slots' are listed instead
2 Port Status and Configuration Viewing port status and configuration Use the following commands to display port status and configuration data. Syntax show interfaces [ brief | config | ] brief Lists the current operating status for all ports on the switch. config Lists a subset of configuration data for all ports on the switch; that is, for each port, the display shows whether the port is enabled, the operating mode, and whether it is configured for flow control.
Example 45 Show interfaces HP-8212zl# show interfaces brief d1i-d3i Status and Counters - Port Status | Intrusion Port Type | Alert Enabled Status ------ ---------- + --------- ------- -----D1i 10GbE-INT | No Yes Up D2i 10GbE-INT | No Yes Up D3i 1GbE-INT | No Yes Down MDI Mode ---NA NA NA HP-8212zl# show interfaces brief b1-b3i Status and Counters - Port Status | Intrusion Port Type | Alert Enabled Status ------ ---------- + --------- ------- -----B1 100/1000T | No Yes Down B2 100/1000T | No Yes Down B3 1
Example 46 Show services HP-8212zl# show services Slot -----H,L L H Installed Services Index Description Name ------------------------------------------------1. Services zl Module services-module 2. HP ProCurve MSM765 zl Int-Ctlr msm765-applicati 3. Threat Management Services zl Module tms-module No parameters This no parameters command lists only installed modules which have applications running that provide a pass-through CLI feature. Syntax show services Show services of only installed modules.
Current status : running Description Version Status ------------------------------------------ --------------------------Services zl Module hardware HP MSM775 zl Premium Controller J9840A installed For more information, use the show commands in services context Example Status and Counters - Services Module F Status HP Services zl Module J9840A Versions : Current status : running Description Version Status ------------------------------------------ --------------------------Services zl Module hardware HP
Example 47 Show services device HP-8212zl# show services d device Services Module Device Configuration Device | State ----------------|-------------------USB | disabled Shutdown | enabled PXE | enabled Requesting a reboot This command requests a reboot (graceful shutdown and restart) of the x86. Syntax services boot[product|PXE|service|USB] product Boot to the Product OS. PXE Boot to the PXE or Product OS (if supported). service Boot to the Service OS.
name Configure parameters for the installed application. Services in Manager Context Display applications installed and running for the services module or change the module's state (reload or shutdown). Syntax services [| boot | locator | name | reload |serial | shutdown] slot-id Device slot identifier for the services module. Configure parameters for the installed application. boot Reboot the services module.
reload Reset the services module. serial Connect to services module via serial port. shutdown Shutdown (halt) the services module. Boot Reboot the services module. Integer Index of the services CLI to access. Locator Control services module locator LED. Name Name of the services CLI to access. Reload Reset the services module. Serial Connect to application via serial port. Shutdown Shutdown (halt) the services module. Enable or disable devices.
Syntax show services [blink <1-1440>|off|on] blink Blink the locator LED. Default 30 mins. Range <1-1440>. off Turn the locate led off. on Turn the locate led on. Example HP-8212zl# show services d locator blink Reloading services module Reloads the services module and is similar to the command services boot with no additional parameters given. Syntax services reload Connection to the application via a serial port Starts a serial-passthrough session to the x86.
Untagged values can be: • VLAN-ID: When the VLAN number is displayed, the port is a member of a single untagged VLAN. • multi: When “multi” is displayed, the port is added to multiple untagged VLANs. • no: When “no” is displayed, the port is not a member of any tagged VLAN. If the port is part of a trunk, then the trunk_VLAN membership is displayed in the Tagged and Untagged columns.
Figure 25 show interfaces display command with dynamically updating output Customizing the show interfaces command You can create show commands displaying the information that you want to see in any order you want by using the option. Syntax show interfaces custom Select the information that you want to display. Supported columns are shown in Table 2 (page 84).
Example 49 Example of the custom show interfaces command (HP_Switch_name#) show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi Status and Counters - Custom Port Status Port ---1 2 3 4 Name ---------Acco Huma Deve Lab1 Type ---------100/1000T 100/1000T 100/1000T 100/1000T VLAN ----1 1 1 1 Intrusion Alert --------No No No No Speed ------1000FDx 1000FDx 1000FDx 1000FDx Enabled ------Yes Yes Yes Yes MDI-mode -------Auto Auto Auto Auto You can specify the column width by entering a col
Viewing transceiver status The show interfaces transceivers command allows you to: • Remotely identify transceiver type and revision number without having to physically remove an installed transceiver from its slot. • Display real-timestatus information about all installed transceivers, including non-operational transceivers. Figure 27 (page 86) shows sample output from the show tech transceivers command.
• Transceiver type not supported in this port. • Transceiver type not supported in this software version. • Not an HP Switch Transceiver. Go to: www.hp.com/rnd/device_help/2_inform for more info. Enabling or disabling ports and configuring port mode You can configure one or more of the following port parameters. See Table 3 (page 101) (Broadcast limit (page 103).) Syntax interface [ disable | enable ] Disables or enables the port for network traffic.
Enabling or disabling the USB port This feature allows configuration of the USB port with either the CLI or SNMP. Syntax usb-port no usb-port Enables the USB port. The no form of the command disables the USB port and any access to the device. To display the status of the USB port: Syntax show usb-port Displays the status of the USB port. It can be enabled, disabled, or not present. Figure 29 Example of show usb-port command output on version K.13.
Software Version K.14.XX Operation. For software versions K.14.XX, the USB port can be disabled and enabled without affecting the autorun feature. When the USB port is enabled, the autorun feature activates if a USB device is already inserted in the USB port. Power is synchronized with the enabling and disabling of USB ports as described above for K.13.59 and later software. Enabling or disabling flow control NOTE: You must enable flow control on both ports in a given link.
Example 51 Configuring flow control for a series of ports (HP_Switch_name#) int a1-a6 flow-control (HP_Switch_name#) show interfaces brief Status and Counters - Port Status Port -----A1 A2 A3 A4 A5 A6 A7 A8 Type --------10GbE-T 10GbE-T 10GbE-T 10GbE-T 10GbE-T 10GbE-T 10GbE-T 10GbE-T | | + | | | | | | | | Intrusion Alert --------No No No No No No No No Enabled ------Yes Yes Yes Yes Yes Yes Yes Yes Status -----Up Up Up Up Up Up Down Up Mode ---------1000FDx 10GigFD 10GigFD 10GigFD 10GigFD 10GigFD 10Gig
Syntax interface mdix-mode [ auto-mdix | mdi | mdix ] auto-mdix The automatic, default setting. This configures the port for automatic detection of the cable (either straight-through or crossover.) mdi The manual mode setting that configures the port for connecting to either a PC or other MDI device with a crossover cable, or to a switch, hub, or other MDI-X device with a straight-through cable.
Example 54 Example of displaying the current MDI configuration (HP_Switch_name#) show interfaces config Port Settings Port -----A1 A2 A3 A4 A5 A6 A7 A8 Type --------10GbE-T 10GbE-T 10GbE-T 10GbE-T 10GbE-T 10GbE-T 10GbE-T 10GbE-T | + | | | | | | | | Enabled ------Yes Yes Yes Yes Yes Yes Yes Yes Mode -----------Auto Auto Auto Auto Auto Auto Auto Auto Flow Ctrl --------Disable Disable Disable Disable Disable Disable Disable Disable MDI ---Auto MDI MDIX Auto Auto Auto Auto Auto Example 55 Example of disp
1. From the Main Menu, select: 2. Switch Configuration… 2. Port/Trunk Settings Figure 31 Port/trunk settings with a trunk group configured 2. Press [E] (for Edit.) The cursor moves to the Enabled field for the first port. 3. When you have finished making changes to the above parameters, press [Enter], then press [S] (for Save.) Configuring friendly port names Syntax interface name Assigns a port name to .
Example 56 Example of configuring a friendly port name (HP_Switch_name#) int A3 name Bill_Smith@10.25.101.73 (HP_Switch_name#) write mem (HP_Switch_name#) show name A3 Port Names Port : A3 Type : 10/100TX Name : Bill_Smith@10.25.101.73 Configuring the same name for multiple ports Example Suppose that you want to use ports A5 through A8 as a trunked link to a server used by a drafting group. In this case you might configure ports A5 through A8 with the name "Draft-Server:Trunk.
Listing all ports or selected ports with their friendly port names Syntax show name [ ] Lists the friendly port name with its corresponding port number and port type. The show name command without a port list shows this data for all ports on the switch.
Example 60 Example of a friendly port name in a per-port statistics listing (HP_Switch_name#) show interface a1 Status and Counters - Port Counters for port A1 Name : O’Connor@10.25.101.
Figure 32 Listing of the startup-config file with a friendly port name configured Configuring the type of a module Syntax module module-num type module-type Allows you to configure the type of the module. Clearing the module configuration Syntax [no] module slot Allows removal of the module configuration in the configuration file after the module has been removed. Enter an integer between 1 and 12 for slot.
Syntax link-keepalive retries num Determines the maximum number of retries to send UDLD control packets. The num parameter specifies the maximum number of times the port will try the health check. You can specify a value from 3 to 10. Default: 5 Syntax [ no ]interface link-keepalive vlan vid Assigns a VLAN ID to a UDLD-enabled port for sending tagged UDLD control packets.
Example To change the maximum number of attempts to four, enter the following command at the global configuration level: (HP_Switch_name#) link-keepalive retries 4 Configuring UDLD for tagged ports The default implementation of UDLD sends the UDLD control packets untagged, even across tagged ports. If an untagged UDLD packet is received by a non-HP switch, that switch may reject the packet.
Example Figure 33 show link-keepalive command Viewing detailed UDLD information for specific ports Enter the show link-keepalive statistics command.
This command clears the packets sent, packets received, and transitions counters in the show link keepalive statistics display. Configuring UFD Syntax [no] uplink-failure-detection Globally enables UFD. The no form of the command globally disables UFD. Syntax [no] uplink-failure-detection track track-id links-to-monitor [[lacp-key] | []] links-to-disable [[lacp-key] | []] Configures ports as LtM ports and LtD ports for the specified track. Trunk interfaces are also configurable.
Table 3 Status and parameters for each port type (continued) Status or parameter Description 10/100/1000Base-T Ports: • Auto-MDIX (default): Senses speed and negotiates with the port at the other end of the link for port operation (MDI-X or MDI.) To see what the switch negotiates for the auto setting, use theCLI show interfaces brief command or the 3. Port Status option under 1. Status and Counters in the menu interface.
Table 3 Status and parameters for each port type (continued) Status or parameter Flow control Description • Disabled (default): The port does not generate flow control packets, and drops any flow control packets it receives. • Enabled: The port uses 802.3x link layer flow control, generates flow-control packets, and processes received flow-control packets. With the port mode set to Auto (the default) and flow control enabled, the switch negotiates flow control on the indicated port.
for correct operation. The following port types on your switch support the IEEE 802.3ab standard, which includes the "Auto MDI/MDI-X" feature: • 10/100-TX xl module ports • 100/1000-T xl module ports • 10/100/1000-T xl module ports Using the above ports: • If you connect a copper port using a straight-through cable on a switch to a port on another switch or hub that uses MDI-X ports, the switch port automatically operates as an MDI port.
• Trunking ports together does not affect friendly naming for the individual ports. (If you want the same name for all ports in a trunk, you must individually assign the name to each port.) • A friendly port name can have up to 64 contiguous alphanumeric characters. • Blank spaces within friendly port names are not allowed, and if used, cause an invalid input error. (The switch interprets a blank space as a name terminator.
Uni-directional link detection (UDLD) Uni-directional link detection (UDLD) monitors a link between two HP switches and blocks the ports on both ends of the link if the link fails at any point between the two devices. This feature is particularly useful for detecting failures in fiber links and trunks. Figure 35 (page 106) shows an example. Figure 35 UDLD In this example, each HP switch load balances traffic across two ports in a trunk group.
About Configuring UDLD When configuring UDLD, keep the following considerations in mind: • UDLD is configured on a per-port basis and must be enabled at both ends of the link. See the note below for a list of HP switches that support UDLD. • To configure UDLD on a trunk group, you must configure the feature on each port of the group individually. Configuring UDLD on a trunk group's primary port enables the feature on that port only. • Dynamic trunking is not supported.
Figure 36 Teamed NICs in conjunction with UFD Figure 37 Teamed NICs with a failed uplink UFD operating notes • A port cannot be added to a trunk group if it already belongs to an LtM or LtD. • Ports that are already members of a trunk group cannot be assigned to an LtM or LtD. • Trunks that are configured as LtM or LtD cannot be deleted.
Example 61 Configuring ports as LtM and LtD for track 3 (HP_Switch_name#) uplink-failure-detection track 3 links-to-monitor 5,6,7 links-to-disable 8,9,10 Example 62 Removing a LtM port and an LtD port for track 3 (HP_Switch_name#) no uplink-failure-detection track 3 links-to-monitor 5 links-to-disable 8 Viewing UFD configuration Enter the show uplink-failure-detection command to display information about the UFD configuration.
3 Power Over Ethernet (PoE/PoE+) Operation Introduction to PoE PoE technology allows IP telephones, wireless LAN access points, and other appliances to receive power and transfer data over existing ethernet LAN cabling. For more information about PoE technology, see the PoE Planning and Implementation Guide, which is available on the HP Networking website at www.hp.com/networking/support. PoE Power-over-ethernet (PoE) and Power-over-ethernet plus (PoE+ or POEP) operate similarly in most cases.
Reconfigures the PoE priority level on . For a given level, ports Critical Specifies the highest-priority PoE support for . The active PoE ports at this level are provisioned before the PoE ports at any other level are provisioned. High Specifies the second priority PoE support for . The active PoE ports at this level are provisioned before the Low priority PoE ports are provisioned. Low (Default) Specifies the third priority PoE support for .
Example 64 PoE port allocation by class To allocate by class for ports 6 to 8: (HP_Switch_name#) int 6-8 PoE-allocate-by class Manually configuring PoE power levels You can specify a power level (in watts) allocated for a port by using the value option. This is the maximum amount of power that will be delivered. 1.
Configuring PoE redundancy (chassis switches only) PoE redundancy occurs automatically when enabled. The switch keeps track of power use and does not supply PoE power to additional PoE devices trying to connect if that results in the switch not having enough power in reserve for redundancy. Syntax [no] power-over-ethernet redundancy [ n+1 | full ] Allows you to set the amount of power held in reserve for redundancy. Means that all available power can be allocated to PDs.
Example 65 Enable LLDP detection HP Switch(config) # int A7 poe-lldp-detect enabled Example 66 Interface context HP Switch(eth-A7) # poe-lldp-detect enabled Enabling PoE detection via LLDP TLV advertisement Syntax lldp config For inserting the desired port or ports. Negotiating power using the DLL When a PD requests power on a PoE port, LLDP interacts with PoE to see if there is enough power to fulfill the request. Power is set at the level requested.
Figure 40 Port with LLDP configuration information obtained from the device Initiating advertisement of PoE+ TLVs Syntax lldp config dot3TlvEnable poeplus_config Enables advertisement of data link layer power using PoE+ TLVs.The TLV is processed only after the physical layer and the data link layer are enabled. The TLV informs the PSE about the actual power required by the device.
Example 70 LLDP port configuration information with PoE Figure Figure 42 (page 116) shows an example of the local device power information using the show lldp info local-device command. Figure 41 LLDP port configuration information with PoE Figure 42 Local power information Figure Figure 43 (page 116) shows an example of the remote device power information using the show lldp info remote-device command.
Viewing the global PoE power status of the switch Syntax show power-over-ethernet [ brief | [ethernet] | [ slot slot-id-range | all ] ] Displays the switch's global PoE power status, including: • Total Available Power Lists the maximum PoE wattage available to provision active PoE ports on the switch. This is the amount of usable power for PDs. • Total Failover Power Lists the amount of PoE power available in the event of a single power supply failure.
Example 71 Show power-over-etherne The command show power-over-ethernet displays data similar to that shown in Figure Figure 44 (page 118). Figure 44 show power-over-ethernet command output Viewing PoE status on all ports Syntax show power-over-ethernet brief Displays the port power status. • PoE Port Lists all PoE-capable ports on the switch. • Power Enable Shows Yes for ports enabled to support PoE (the default) and No for ports on which PoE is disabled.
• • Detection Status: ◦ Searching: The port is trying to detect a PD connection. ◦ Delivering: The port is delivering power to a PD. ◦ Disabled: On the indicated port, either PoE support is disabled or PoE power is enabled but the PoE module does not have enough power available to supply the port's power needs. ◦ Fault: The switch detects a problem with the connected PD. ◦ Other Fault: The switch has detected an internal fault that prevents it from supplying power on that port.
Example 72 Show power-over-ethernet brief show power-over-ethernet brief displays this output: Figure 45 show power-over-ethernet brief command output You can also show the PoE information by slot: Figure 46 Showing the PoE information by slot Viewing the PoE status on specific ports Syntax show power-over-ethernet Displays the following PoE status and statistics (since the last reboot) for each port in : Power Enable Shows Yes for ports enabled to support PoE (the default) and No
Other Fault The switch has detected an internal fault that prevents it from supplying power on that port. Over Current Cnt Shows the number of times a connected PD has attempted to draw more than 15.4 watts for PoE or 24.5 watts for PoE+. Each occurrence generates an Event Log message. Power Denied Cnt Shows the number of times PDs requesting power on the port have been denied because of insufficient power available. Each occurrence generates an Event Log message.
Example 73 PoE status of ports If you want to view the PoE status of ports A6 and A7, you would use show power-over-ethernet A6-A7 to display the data: Figure 47 show power-over-ethernet port-list output Planning and implementing a PoE configuration This section provides an overview of some considerations for planning a PoE application. For additional information on this topic, refer to the PoE Planning and Implementation Guide which is available on the HP Networking web site at www.hp.
supply) can also be connected to the 5400zl/8200zl switches to provide extra or redundant PoE power. For example, if the 5406zl has two 24-port PoE modules (J8702A) installed, and all ports are using 15.4 watts, then the total wattage used is 739.2 watts (48 x 15.4.) To supply the necessary PoE wattage a J8713A power supply is installed in one of the power supply slots. To gain redundant power, a second J8713A must be installed in the second power supply slot.
Power-sourcing equipment (PSE) detects the power needed by a powered device (PD) before supplying that power, a detection phase referred to as "searching." If the PSE cannot supply the required amount of power, it does not supply any power. For PoE using a Type 1 device, a PSE will not supply any power to a PD unless the PSE has at least 17 watts available.
For PoE+, there must be 33 watts available for the module to begin supplying power to a port with a PD connected. A slot in a zl chassis can provide a maximum of 370 watts of PoE/PoE+ power to a module. Disconnecting a PD from a PoE port makes that power available to any other PoE ports with PDs waiting for power. If the PD demand for power becomes greater than the PoE power available, power is transferred from the lower-priority ports to the higher-priority ports.
About configuring PoE operation In the default configuration,PoE support is enabled on the ports in a PoE module installed on the switch. The default priority for all ports is low and the default power notification threshold is 80%. Using the CLI, you can: • Disable or re-enable PoE operation on individual PoE ports. • Enable support for pre-standard devices. • Change PoE priority level on individual PoE ports. • Change the threshold for generating a power level notice.
Table 8 PoE priority operation on a PoE module (continued) Port Priority setting Configuration command and resulting operation with PDs connected to ports C3 through C24 low- priority ports, power is allocated to the ports in ascending order, beginning with the lowest-numbered port in the class (port 22, in this case), until all available power is in use.
threshold 75 (HP_Switch_name#) power-over-ethernet slot b threshold 68 The last threshold command affecting a given slot supersedes the previous threshold command affecting the same slot.
LLDP MED TLVs sent by the PD are used to negotiate power only if the LLDP PoE+ TLV is disabled or inactive; if the LLDP PoE+ TLV is sent as well (not likely), the LLDP MED TLV is ignored. • Using LLDP PoE+ TLVs Enabled by default. The LLDP PoE+ TLV is always advertised unless it has been disabled (enable it by using the lldp config dot3TlvEnable poeplus_config command.) It always takes precedence over the LLDP MED TLV.
4 Port Trunking Viewing and configuring port trunk groups You can list the trunk type and group for all ports on the switch or for selected ports. You can also list LACP-only status information for LACP-configured ports. CAUTION: To avoid broadcast storms or loops in your network while configuring a trunk, first disable or disconnect all ports you want to add to or remove from the trunk. After you finish configuring the trunk, enable or re-connect the ports.
Example 74 Static trunk group In a switch where ports A4 and A5 belong to Trunk 1 and ports A7 and A8 belong to Trunk 2, you have the options shown in figures Figure 48 (page 131) and Example 75 (page 131) for displaying port data for ports belonging to static trunks. Using a port list specifies, for switch ports in a static trunk group, only the ports you want to view. In this case, the command specifies ports A5 through A7.
Example 76 Example of a show LACP listing Ports A1 and A2 have been previously configured for a static LACP trunk. (For more on the Active parameter, see Table 12 (page 154).
a broadcast storm is detected. Commands can be used only to support broadcast traffic and not multicast and unicast types of traffic. The waiting period range for re-enabling ports is 0 to 604800 seconds. The default waiting period to re-enable a port is zero which prevents the port from automatic re-enabling. NOTE: Avoid port flapping when choosing the waiting period by considering the time to re-enable carefully.
Show example 2 HP Switch (config)# show fault-finder broadcast-storm Port Bcast storm Port status Rising threshold Action Disable timer Disable timer left A1 Yes Down 200 pps warnanddisable 10 9 Show example 3 HP Switch (config)# show fault-finder broadcast-storm A1 Port Bcast storm Port status A1 No Up Rising threshold Action Disable timer Disable timer left none Show example 4 HP Switch (config)# show fault-finder broadcast-storm Port Bcast storm Port status Rising threshold Acti
Example 78 Event log l 01/01/90 00:35:20 00025 ip: DEFAULT_VLAN: ip address 10.100.38.231/24 configured on vlan 1 l 01/01/90 00:35:20 00083 dhcp: updating IP address and subnet mask l 01/01/90 00:35:05 00076 ports: port A1 is now on-line l 01/01/90 00:35:02 00900 ports: port A1 timer (71) has expired W 01/01/90 00:34:13 00026 ip: DEFAULT_VLAN: ip address 10.100.38.
In the above example, if the port on the other end of the link is configured for active LACP or static LACP, the trunked link will be re-established almost immediately. Setting the LACP key During dynamic link aggregation using LACP, ports with the same key are aggregated as a single trunk.
This procedure uses the Port/Trunk Settings screen to configure a static port trunk group on the switch. 1. Follow the procedures in the preceding IMPORTANT note. 2. From the Main Menu, select: 2. Switch Configuration … 2. Port/Trunk Settings 3. Press [E] (for Edit) and then use the arrow keys to access the port trunk parameters. Figure 49 Menu screen for configuring a port trunk group 4. 5. In the Group column, move the cursor to the port you want to configure.
6. Move the cursor to the Type column for the selected port and use the Space bar to select the trunk type: • LACP • Trunk (the default type if you do not specify a type) All ports in the same trunk group on the same switch must have the same Type (LACP or Trunk.) 7. When you are finished assigning ports to the trunk group, press [Enter], then [S] (for Save) and return to the Main Menu. (It is not necessary to reboot the switch.
Figure 53 Running config file when L4-based trunk load balancing is enabled Viewing trunk load balancing The show trunks load-balance interface command displays the port on which the information will be forwarded out for the specified traffic flow with the specified source and destination address.
Example 81 Example showing information about the forwarding port HP Switch# show trunks load-balance interface trk1 mac 424521-498421 534516795463 inbound-port a5 Traffic in this flow will be forwarded out port 23 based on the confiugred L2 load balancing. Operating notes The port cannot be determined if: • All the ports in the trunk are down. • The MAC address is all zeros. • The source MAC address is broadcast or multicast.
Figure 54 Configuring distributed trunking Configuring peer-keepalive links Syntax [no] distributed-trunking [hold-timer3-10] [ peer-keepalive destination ip-address | vlan vid [interval 400-10000] [ timeout 3-20] [udp-port 1024-49151] ] Distributed trunking uses a VLAN interface between DT peers to transmit periodic peer-keepalive messages. This command configures the peer-keepalive parameters for distributed trunking. Configures the hold time in seconds. hold-timer 3-10 Default is 3 seconds.
Port ----A5 A6 Enabled --------Active Active Group ------Trk10 Trk10 Status --------Up Up Partner --------Yes Yes Status -----Sucess Sucess Key ----200 200 Syntax show distributed trunk consistency parameters global This command displays configured features on VLANs that have dt‐lacp or dt‐trunk ports as member port. This command also displays VLAN memberships and loop‐protect status of a given DT trunk.
Example Figure 55 Output displaying peer-keepalive settings Viewing switch interconnect Syntax show switch-interconnect Displays information about switch interconnect settings. Example Figure 56 Switch-interconnect settings Overview of port trunking Port trunking allows you to assign up to eight physical links to one logical link (trunk) that functions as a single, higher-speed link providing dramatically increased bandwidth.
Figure 57 Conceptual example of port trunking With full-duplex operation in a eight-port trunk group, trunking enables the following bandwidth capabilities: Port connections and configuration All port trunk links must be point-to-point connections between a switch and another switch, router, server, or workstation configured for port trunking. No intervening, non-trunking devices are allowed.
of eight actively trunking ports.) The trunks do not have to be the same size; for example, 100 two-port trunks and 11 eight-port trunks are supported. NOTE: LACP requires full-duplex (FDx) links of the same media type (10/100Base-T, 100FX, and so on) and the same speed, and enforces speed and duplex conformance across a trunk group. For most installations, HP Switch recommends that you leave the port Mode settings at Auto (the default.
A4 A5 A6 A7 A8 A9 Active Active Active Active Active Active Dyn1 Dyn1 Dyn1 Dyn1 Dyn1 Dyn1 Up Up Up Up Up Standby Yes Yes Yes Yes Yes Yes Success Success Success Success Success Success 100 100 100 100 100 100 100 100 100 100 100 100 Viewing LACP Local Information HP Switch# show lacp local LACP Local Information.
value of the Operational key. The Admin and Operational key are usually the same, but using static LACP can alter the Operational key during runtime, in which case the keys would differ. The lacp key command configures both the Admin and Operational keys when using dynamic LACP trunks. It only configures the Admin key if the trunk is a static LACP trunk. It is executed in the interface context.
General operating rules for port trunks Media: For proper trunk operation, all ports on both ends of a trunk group must have the same media type and mode (speed and duplex.) (For the switches, HP Switch recommends leaving the port Mode setting at Auto or, in networks using Cat 3 cabling, Auto-10.) Port Configuration The default port configuration is Auto, which enables a port to sense speed and negotiate duplex with an auto-enabled port on another device.
ports C1 and C2 are configured as a static trunk named Trk1, they are listed in the Spanning Tree display as Trk1 and do not appear as individual ports in the Spanning Tree displays. When Spanning Tree forwards on a trunk, all ports in the trunk will be forwarding. Conversely, when Spanning Tree blocks a trunk, all ports in the trunk are blocked. NOTE: A dynamic LACP trunk operates only with the default Spanning Tree settings.
Monitor port NOTE: A trunk cannot be a monitor port. A monitor port can monitor a static trunk but cannot monitor a dynamic LACP trunk. About configuring a static or dynamic trunk group IMPORTANT: Configure port trunking before you connect the trunked links between switches. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured.
standby link, which maintains your intended bandwidth for the trunk. (See also the "Standby" entry under "Port Status" in Table 12.) In the next example, ports A1 through A9 have been configured for the same LACP trunk. Notice that one of the links shows Standby port status, while the remaining eight links show Up port status.
Example 85 Example of LACP peer information (HP_Switch_name#) show lacp peer LACP Peer Information. System ID: 001871-b98500 Local Port -----A2 A3 Local Trunk -----A2 A3 System ID -------------123456-654321 234567-456789 Port ----2 3 Port Priority --------0 0 Oper Key ------100 100 LACP Mode -------Passive Passive Tx Timer ----Fast Fast Viewing LACP counters Use the show lacp counters command to display statistical information about LACP ports.
LACP trunk status commands include: Trunk display method Static LACP trunk Dynamic LACP trunk CLI show lacp command Included in listing. Included in listing. CLI show trunk command Included in listing. Not included. Port/Trunk Settings screen in menu interface Included in listing. Not included Thus, to display a listing of dynamic LACP trunk ports, you must use the show lacp command. In most cases, trunks configured for LACP on the switches operate as described in Table 11 (page 153).
Table 11 LACP trunk types (continued) LACP port trunk configuration Operation • You want an LACP trunk group to operate in a VLAN other than the default VLAN and GVRP is disabled. • You want to use a monitor port on the switch to monitor an LACP trunk.
Table 12 LACP port status data (continued) Status name Meaning Standby: The port is configured for dynamic LACP trunking to another device, but the maximum number of ports for the dynamic trunk to that device has already been reached on either the switch or the other device. This port will remain in reserve, or "standby" unless LACP detects that another, active link in the trunk has become disabled, blocked, or down.
run together. (HP_Switch_name#) To restore LACP to the port, you must remove port security and re-enable LACP active or passive. Changing trunking methods To convert a trunk from static to dynamic, you must first eliminate the static trunk. Static LACP trunks When a port is configured for LACP (active or passive), but does not belong to an existing trunk group, you can add that port to a static trunk.
Figure 61 A dynamic LACP trunk forming in a VLAN can cause a traffic loop Easy control methods include either disabling LACP on the selected ports or configuring them to operate in static LACP trunks. Spanning Tree and IGMP If Spanning Tree, IGMP, or both are enabled in the switch, a dynamic LACP trunk operates only with the default settings for these features and does not appear in the port listings for these features.
Use the trunk option to establish a trunk group between a switch and another device, where the other device's trunking operation fails to operate properly with LACP trunking configured on the switches. Viewing trunk data on the switch Static trunk group Appears in the menu interface and the output from the CLI show trunk and show interfaces commands. Dynamic LACP trunk group Appears in the output from the CLI show lacp command.
pairs are different. The more ports you have in the trunk, the more likely it is that the traffic will be distributed among the links. When a new port is added to the trunk, the switch begins sending traffic, either new traffic or existing traffic, through the new link. As links are added or deleted, the switch redistributes traffic across the trunk group. For example, in Figure 63 (page 159) showing a three-port trunk, traffic could be assigned as shown in Table 13 (page 159).
any other networking device that supports trunking to interoperate with the distributed trunking switches (DTSs) seamlessly. Distributed trunking provides device-level redundancy in addition to link failure protection. DTSs are connected by a special interface called the InterSwitch-Connect (ISC) port. This interface exchanges information so that the DTSs appear as a single switch to a downstream device, as mentioned above.
Figure 65 Distributed trunking switch-to-switch square topology Distributed trunking interconnect protocol Distributed trunking uses the distributed trunking interconnect protocol (DTIP) to transfer DT-specific configuration information for the comparison process and to synchronize MAC and DHCP snooping binding data between the two DT peer switches.
About configuring peer-keepalive links Distributed trunking uses UDP-based peer-keepalive messages to determine if an ISC link failure is at the link level or the peer has completely failed. The following operating rules must be followed to use peer-keepalive links: • An IP address must be configured for a peer-keepalive VLAN interface and the same IP address must be configured as a peer-keepalive destination on the peer DT switch.
Figure 66 ISC link failure with peer-keepalive Peer-keepalive messages are sent by both the DT switches as soon as the switches detect that the ISC link is down. Peer-keepalive message transmission (sending and receiving) is suspended until the peer-keepalive hold timer expires. When the hold timer expires, the DT switches begin sending peer-keepalive messages periodically while receiving peer-keepalive messages from the peer switch.
Forwarding traffic with distributed trunking and spanning tree Refer to Figure 67 (page 164) for the following discussion about forwarding traffic when spanning tree is enabled. In this example, it is assumed that traffic is sent from a host off switch B to a server, and from the server back to the host. STP can block any one of the upstream links; in this example, STP has blocked all the links except the I1 link connected to DT1. NOTE: STP is automatically disabled on the DT ports.
Figure 68 Unicast traffic flow across DT switches Forwarding broadcast, multicast, and unknown traffic In the example shown in Figure 69 (page 166), multicast/broadcast/unknown traffic from Host X or Y is always forwarded by Switch A over one of its standard 802.3ad trunk links to either Switch B or C. Switch B or C forwards the traffic on all the links including the ISC port, but not on the port that the traffic was received on.
Figure 69 Broadcast/multicast/unknown traffic flow access DT switches IP routing and distributed trunking In switch-to-switch distributed trunking, the peer DT switches behave like independent Layer 3 devices with their own IP addresses in each active VLAN. If a DT switch receives a packet destined for the peer DT switch, it switches the packet through the ISC link. Interfaces on a VLAN using DT typically use a single default gateway pointing to only one of the DT switches in a DT pair.
Figure 70 Layer 3 forwarding (IP unicast) in DT topology Another example in Figure 71 shows Layer 3 (IP unicast) forwarding in a DT topology. The packet is sent as follows: 1. Host 2 sends a packet to Switch C. 2. Switch C performs a lookup in the routing table and determines that the default gateway IP address is 10.0.0.1. 3. Layer 2 lookup determines that the outgoing interface is the DT port. 4. Hashing determines that the trunk member chosen is DT_SW_2 and the packet is sent there. 5.
Figure 71 Layer 3 forwarding (IP unicast) in DT topology Distributed trunking restrictions There are several restrictions with distributed trunking: Beginning with software version K.15.07, the switch will not allow both Distributed Trunking and MAC-based mirroring to function simultaneously. The switch will respond as follows: • If the user attempts to configure both, an error message will appear. • When a switch is updated from older software to K.15.
• There can be eight links in a distributed trunk grouped across two switches, with a limit of four links per distributed trunking switch. • The limit of 144 manual trunks per switch includes distributed trunks as well. • ARP protection is not supported on the distributed trunks. • Dynamic IP Lockdown protection is not supported on the distributed trunks. • QinQ in mixed VLAN mode and distributed trunking are mutually exclusive.
(HP_Switch_name#) distributed-trunking peer-keepalive destination 20.0.0.2 3. 4. Ping the keepalive destination address to make sure that there is connectivity between the two DT switches (keepalive VLANs.) Enable the ISC link on both switches, and then execute write memory. Assume a2 is configured as switch-interconnect. (HP_Switch_name#) int a2 enable (HP_Switch_name#) write mem When updating software from a software version that does support shared DT keepalive (K.15.03, K.15.
5 Port Traffic Controls Rate-limiting In earlier releases, all traffic rate-limiting applied to inbound traffic only, and was specified as a percentage of total bandwidth. Beginning with software release K.12.xx or later, it is also possible to configure outbound rate-limiting for all traffic on a port and specify bandwidth usage in terms of kilobits per second (kbps.) CAUTION: Rate-limiting is intended for use on edge ports in a network.
Figure 72 Listing the rate-limit configuration NOTE: To view RADIUS-assigned rate-limit information, use one of the following command options: show port-access web-based clients detailed mac-based clients detailed authenticator clients detailed The show running command displays the currently applied setting for any interfaces in the switch configured for all traffic rate-limiting and ICMP rate limiting.
Figure 73 Rate-limit settings listed in the show config output Configuring ICMP rate-limiting The rate-limit icmp command controls inbound usage of a port by setting a limit on the bandwidth available for inbound ICMP traffic. Syntax [no] int port- list rate-limit icmp [ percent 0-100 ] | kbps 0-10000000 Configures inbound ICMP traffic rate-limiting. You can configure a rate limit from either the global configuration level (as shown above) or from the interface context level.
HP Switch(config) # int a3-a5 rate-limit icmp 1 HP Switch(eth-A3-A5) # rate-limit icmp 1 Viewing the current ICMP rate-limit configuration The show rate-limit icmp command displays the per-interface ICMP rate-limit configuration in the running-config file. Syntax show rate-limit icmp Without [port-list], this command lists the ICMP rate-limit configuration for all ports on the switch. With [port-list], this command lists the rate-limit configuration for the specified interfaces.
Determining the switch port number used in ICMP port reset commands To enable excess ICMP traffic notification traps and Event Log messages, use the setmib command described on (page 190). The port number included in the command corresponds to the internal number the switch maintains for the designated port and not the port's external (slot/number) identity.
Syntax show running-config Displays the running-config file. The broadcast limit setting appears here if enabled. If the setting is not also saved to the startup-config file, rebooting the switch returns broadcast limit to the setting currently in the startup-config file. Example The following command enables broadcast limiting of 1% of the traffic rate on the selected port on the switch: HP Switch(int B1) # broadcast-limit 1 For a 1-Gbps port, this results in a broadcast traffic rate of 10 Mbps.
If you rate-limit multicast traffic on the same port, the multicast limit is also in effect for that port, as shown in Figure 77. Only 20% of the multicast traffic will be forwarded. Figure 77 Inbound multicast rate-limiting of 20% on port 3 To disable rate-limiting for a port enter the no form of the command, as shown in Figure 78. Figure 78 Disabling inbound multicast rate-limiting for port 3 Operating Notes • This rate-limiting option does not limit unicast traffic.
• Queue 5 (medium priority): 10% • Queue 6 (medium priority): 10% • Queue 7 (high priority): 15% • Queue 8 (high priority): 20% The no form of the command disables GMB for all ports in the port-list. In this state, which is the equivalent of setting all outbound queues on a port to 0 (zero), a high level of higher-priority traffic can starve lower-priority queues, which can slow or halt lower-priority traffic in the network.
NOTE: Configuring 0% for a queue can result in that queue being starved if any higher queue becomes over-subscribed and is then given all unused bandwidth. The switch applies the bandwidth calculation to the link speed the port is currently using. For example, if a 10/100 Mbs port negotiates to 10 Mbps on the link, it bases its GMB calculations on 10 Mbps, not 100 Mbps. Use show bandwidth output to display the current GMB configuration.
This command operates the same way in any CLI context. If the command lists Disabled for a port, there are no bandwidth minimums configured for any queue on the port. (See the description of the no form of the bandwidth-min output command on page 13-24.
Configuring jumbo frame operation Overview 1. 2. 3. 4. Determine the VLAN membership of the ports or trunks through which you want the switch to accept inbound jumbo traffic. For operation with GVRP enabled, refer to the GVRP topic under “Operating Rules”, above. Ensure that the ports through which you want the switch to receive jumbo frames are operating at least at gigabit speed. (Check the Mode field in the output for the show interfaces brief command.
Figure 82 Listing the VLAN memberships for a range of ports Syntax show vlans vid Shows port membership and jumbo configuration for the specified vid . (See Figure 83.) Figure 83 Listing the port membership and jumbo status for a VLAN Enabling or disabling jumbo traffic on a VLAN Syntax vlan vid jumbo no vlan vid jumbo Configures the specified VLAN to allow jumbo frames on all ports on the switch that belong to that VLAN.
NOTE: The jumbo max-frame-size is set on a GLOBAL level. Configuring IP MTU NOTE: The following feature is available on the switches covered in this guide. jumbos support is required for this feature. On switches that do not support this command, the IP MTU value is derived from the maximum frame size and is not configurable. You can set the IP MTU globally by entering this command. The value of max-frame-size must be greater than or equal to 18 bytes more than the value selected for ip-mtu.
traffic from non-critical users or to enforce service agreements such as those offered by Internet Service Providers (ISPs) to provide only the bandwidth for which a customer has paid. CAUTION: Rate-limiting is intended for use on edge ports in a network. HP does not recommend it for use on links to other switches, routers, or servers within a network, or for use in the network core. Doing so can interfere with applications the network requires to function properly.
it to a trunk suspends rate-limiting on the port while it is in the trunk. Attempting to configure rate-limiting on a port that already belongs to a trunk generates the following message: : Operation is not allowed for a trunked port. • Rate-limiting for inbound and outbound traffic are separate features. The rate limits for each direction of traffic flow on the same port are configured separately—even the specified limits can be different.
NOTE: Rate-limiting is applied to the available bandwidth on a port and not to any specific applications running through the port. If the total bandwidth requested by all applications is less than the configured maximum rate, then no rate-limit can be applied. This situation occurs with a number of popular throughput-testing applications, as well as most regular network applications.
inquiries. In unusual situations, if the messages are generated rapidly with the intent of overloading network circuits, they can threaten network availability. This problem is visible in denial-of-service (DoS) attacks or other malicious behaviors where a worm or virus overloads the network with ICMP messages to an extent where no other traffic can get through. (ICMP messages themselves can also be misused as virus carriers.
Figure 84 ICMP rate-limiting NOTE: When using kbps-mode ICMP rate-limiting, the rate-limiting operates on only the IP payload part of the ICMP packet (as required by metering RFC 2698.) This means that effective metering is at a rate greater than the configured rate, with the disparity increasing as the packet size decreases (the packet to payload ratio is higher.) Also, in kbps mode, metering accuracy is limited at low values, for example, less than 45 Kbps.
Rate-limiting is not permitted on mesh Either type of rate-limiting (all-traffic or ICMP) can reduce ports the efficiency of paths through a mesh domain. Rate-limiting is not supported on port Neither all-traffic nor ICMP rate-limiting are supported on trunks ports configured in a trunk group.
Outbound traffic flow Configuring ICMP rate-limiting on an interface does not control the rate of outbound traffic flow on the interface. Notes on testing ICMP rate-limiting ICMP rate-limiting is applied to the available bandwidth on an interface. If the total bandwidth requested by all ICMP traffic is less than the available, configured maximum rate, no ICMP rate-limit can be applied. That is, an interface must be receiving more inbound ICMP traffic than the configured bandwidth limit allows.
Table 15 Per-port outbound priority queues 802.1p Priority settings in tagged VLAN packets1 Outbound priority queue for a given port 1 (low) 1 2 (low) 2 0 (normal) 3 3 (normal) 4 4 (medium) 5 5 (medium) 6 6 (high) 7 7 (high) 8 1 The switch processes outbound traffic from an untagged port at the "0" (normal) priority level. You can use GMB to reserve a specific percentage of each port's available outbound bandwidth for each of the eight priority queues.
Table 16 Default GMB percentage allocations per QoS queue configuration 802.1p priority 8 queues (default) 1 (lowest) 2% 2 3% 0 (normal) 30% 3 10% 4 10% 5 10% 6 15% 7 (highest) 20% 4 queues 2 queues 10% 90% 70% 10% 10% 10% For more information on queue configuration and the associated default minimum bandwidth settings, (see the Advanced Traffic Management Guide.) Impact of QoS queue configuration on GMB commands.
you remove a port from a jumbo-enabled VLAN, the switch disables jumbo traffic capability on the port only if the port is not currently a member of another jumbo-enabled VLAN. This same operation applies to port trunks. Jumbo traffic sources A port belonging to a jumbo-enabled VLAN can receive inbound jumbo frames through any VLAN to which it belongs, including non-jumbo VLANs.
• Any port operating at 1 Gbps or higher can transmit outbound jumbo frames through any VLAN, regardless of the jumbo configuration. The VLAN is not required to be jumbo-enabled, and the port is not required to belong to any other, jumbo-enabled VLANs. This can occur in situations where a non-jumbo VLAN includes some ports that do not belong to another, jumbo-enabled VLAN and some ports that do belong to another, jumbo-enabled VLAN.
Troubleshooting A VLAN is configured to allow jumbo frames, but one or more ports drops all inbound jumbo frames The port may not be operating at a minimum of 10 Mbps on the HP 3500 switches or 1 Gbps on the other switches covered in this guide. Regardless of a port's configuration, if it is actually operating at a speed lower than 10 Mbps for HP 3500 switches or 1 Gbps for the other switches, it drops inbound jumbo frames.
6 Configuring for Network Management Applications Enabling SNMPv3 The snmpv3 enable command allows the switch to: • Receive SNMPv3 messages. • Configure initial users. • Restrict non-version 3 messages to "read only" (optional.) CAUTION: Restricting access to only version 3 messages makes the community named "public" inaccessible to network management applications (such as autodiscovery, traffic monitoring, SNMP trap generation, and threshold setting) from operating in the switch.
NOTE: Only AES 128-bit and DES 56-bit encryption are supported as privacy protocols. Other non-standard encryption algorithms, such as AES-172, AES-256, and 3-DES are not supported. NOTE: For the 5400zl, 3800, and 8200zl switches, when the switch is in enhanced secure mode, commands that take a password as a parameter have the echo of the password typing replaced with asterisks. The input for the password is prompted for interactively. Additionally, the DES option is not available.
Example Example 88 Displays information about the management stations configured on VLAN 1 to access the switch HP Switch# configure terminal (HP_Switch_name#) vlan 1 HP Switch(vlan-1)# show snmpv3 user Status and Counters - SNMPv3 Global Configuration Information User Name ----------initial NetworkAdmin Auth. Protocol -------------MD5 MD5 Privacy Protocol ----------------CFB AES-128 CBC-DES Assigning users to groups Next you must set the group access level for the user by assigning the user to a group.
Syntax [no] snmpv3 community Maps or removes a mapping of a community name to a group access level. To remove a mapping you need to specify only the index_name parameter. index index_name An index number or title for the mapping. The values of 1 to 5 are reserved and can not be mapped. name community_name The community name that is being mapped to a group access level. sec-name security_name The group level to which the community is being mapped.
Figure 88 SNMP community listing with two communities To list the data for only one community, such as the "public" community, use the above command with the community name included. For example: HP Switch# show snmp-server public Configuring community names and values The snmp-server command enables you to add SNMP communities with either default or specific access attributes, and to delete specific communities. Syntax [no] snmp-server community community-name Configures a new community name.
Example To add the following communities: Community Access Level Type of Access red-team manager (Access to all MIB objects.) unrestricted (read/write) blue-team operator (Access to all MIB objects except the CONFIG MIB.
3. 4. Enter the name you want in the Community Name field, and use the Space bar to select the appropriate value in each of the other fields. (Use the [Tab] key to move from one field to the next.) Press [Enter], then [S] (for Save.
Enables (or disables) the inform option for SNMPv2c on the switch and allows you to configure options for sending SNMP inform requests. Maximum number of times to resend an inform request if no SNMP response is received. retries (Default: 3) Number of seconds to wait for an acknowledgement before resending the inform request. timeout (Default: 15 seconds) NOTE: The retries and timeout values are not used to send trap requests.
Syntax [no] snmpv3 notify notify_name tagvalue tag_name Associates the name of an SNMPv3 notification configuration with a tag name used (internally) in SNMPv3 commands. To delete a notification-to-tag mapping, enter no snmpv3 notify notify_name. 5. notify notify_name Specifies the name of an SNMPv3 notification configuration. tagvalue tag_name Specifies the name of a tag value used in other SNMPv3 commands, such as snmpv3 targetaddress params taglist tag_name in Step 5.
[Default: 1500 (15 seconds.)] [ max-msg-sizesize ] 6. (Optional) Maximum number of bytes supported in a notification message to the specified target. (Default: 1472) Create a configuration record for the target address with the snmpv3 params command.
Enables or disables sending one of the security notification types listed below to configured trap receivers. (Unless otherwise stated, all of the following notifications are enabled in the default configuration.) The notification sends a trap: arp-protect If ARP packets are received with an invalid source or destination MAC address, an invalid IP address, or an invalid IP-to-MAC binding. auth-server-fail If the connection with a RADIUS or TACACS+ authentication server fails.
Figure 92 Display of configured network security notifications Enabling Link-Change Traps By default, a switch is enabled to send a trap when the link state on a port changes from up to down (linkDown) or down to up (linkUp.) To reconfigure the switch to send link-change traps to configured trap receivers, enter the snmp-server enable traps link-change command.
Enabling SNMP traps on Startup Configuration changes You can send a specific SNMP trap for any configuration change made in the switch’s startup configuration file when the change is written to flash. Changes to the configuration file can occur when executing a CLI write command, executing an SNMP set command directly using SNMP, or when using the WebAgent NOTE: A log message is always generated when a startup configuration change occurs.
Figure 94 Fields when the SNMP trap is set Viewing configuration file change information Syntax show running-config [ changes-history [ 1-32 ] ] [ detail ] Displays the history up to 32 events for changes made to the running-configuration file, as shown in Figure 95 (page 209) and Figure 96 (page 209). The changes are displayed in descending order, the most recent change at the top of the list. You can specify from 1 to 32 entries for display.
Figure 97 Detailed output for running configuration changes history Figure 98 Example of output for running config changes history with detail Figure 99 (page 210) displays the current status (enabled/disabled) of the SNMP trap type for running-configuration changes.
(Default: Interface IP address) dst-ip-of-request Destination IP address of the SNMP request PDU that is used as the source IP address in an SNMP response PDU. [ ipv4-addr | ipv6-addr ] User-defined interface IP address that is used as the source IP address in an SNMP response PDU. Both IPv4 and IPv6 addresses are supported. loopback 0-7 IP address configured for the specified loopback interface that is used as the source IP address in an SNMP response PDU.
Figure 100 Display of source IP address configuration Viewing SNMP notification configuration Syntax show snmp-server Displays the currently configured notification settings for versions SNMPv1 and SNMPv2c traps, including SNMP communities, trap receivers, link-change traps, and network security notifications.
Syntax [no]mac-count-notify traps [] Configures mac-count-notify traps on the specified ports (or all) for the entire switch. The [no] form of the command disables mac-count-notify traps. []: The number of MAC addresses learned before sending a trap. Values range between 1-128.
Dynamic ARP Protection : Dynamic IP Lockdown : MAC address table changes : MAC Address Count : Enabled Enabled Disabled Enabled Address Community Events Type Retry Timeout ---------------------- ---------------------- -------- ------ ------- ------15.146.194.77 public None trap 3 15 15.255.134.252 public None trap 3 15 16.181.49.167 public None trap 3 15 16.181.51.
When this command is executed without the learned or removed option, it enables or disables the capture of both learned and removed MAC address table changes for the selected ports in . Configures MAC address table changes capture on the specified ports. Use all to capture changes for all ports on the switch. learned Enables the capture of learned MAC address table changes on the selected ports.
Trap-interval : 60 Port MAC Addresses trap learned/removed ------ ---------------------------------1 None 2 None 3 Removed 4 Removed 5 Learned 6 Learned The configured mac-notify commands are displayed in the show running-configuration output. Example of running config file with mac-notify parameters configured (HP_Switch_name#) show running-config Running configuration: ; J9087A Configuration Editor; Created on release #R.11.
Configuring sFlow The following sFlow commands allow you to configure sFlow instances via the CLI. Syntax [no] sflow receiver-instance destination ip-address [ udp-port-num ] Enables an sFlow receiver/destination. The receiver-instance number must be a 1, 2, or 3. By default, the udp destination port number is 6343. To disable an sFlow receiver/destination, enter no sflow receiver-instance.
Example 90 sFlow Destination is OOBM port HP_Switch (Config#) sflow 1 destination 192.168.2.3 6000 oobm Figure 102 Output showing OOBM Support Enabled Figure 103 Output of the running-config File showing the sFlow Destination is the OOBM Port Viewing sFlow Configuration and Status The following sFlow commands allow you to display sFlow configuration and status via the CLI. Figure 105 (page 219) is an example of sflow agent information. Syntax show sflow agent Displays sFlow agent information.
Figure 105 Example of viewing sFlow destination information Note the following details: • Destination Address remains blank unless it has been configured. • Datagrams Sent shows the number of datagrams sent by the switch agent to the management station since the switch agent was last enabled. • Timeout displays the number of seconds remaining before the switch agent will automatically disable sFlow (this is set by the management station and decrements with time.
(HP_Switch_name#) show lldp config LLDP Global Configuration LLDP LLDP LLDP LLDP LLDP LLDP LLDP Enabled [Yes] : Transmit Interval [30] : Hold time Multiplier [4] : Delay Interval [2] : Reinit Interval [2] : Notification Interval [5] : Fast Start Count [5] : Yes 30 4 2 2 5 5 LLDP Port Configuration Port | AdminStatus NotificationEnabled ---- + ----------- ------------------A1 | Tx_Rx False A2 | Tx_Rx False A3 | Tx_Rx False A4 | Tx_Rx False A5 | Tx_Rx False A6 | Tx_Rx False A7 | Tx_Rx False A8 | Tx_Rx Fals
The switch preserves the current LLDP configuration when LLDP is disabled. After LLDP is disabled, the information in the LLDP neighbors database remains until it times-out. (Default: Enabled) Example To disable LLDP on the switch: (HP_Switch_name#) no lldp run Changing the packet transmission interval This interval controls how often active ports retransmit advertisements to their neighbors.
NOTE: The LLDP refresh-interval (transmit interval) must be greater than or equal to (4 x delay-interval.) The switch does not allow increasing the delay interval to a value that conflicts with this relationship. That is, the switch displays Inconsistent value if (4 x delay-interval) exceeds the current transmit interval, and the command fails. Depending on the current refresh-interval setting, it may be necessary to increase the refresh-interval before using this command to increase the delay-interval.
Enables or disables each port in for sending notification to configured SNMP trap receivers if an LLDP data change is detected in an advertisement received on the port from an LLDP neighbor.
Syntax [no] lldp config ipAddrEnable ip-address Replaces the default IP address for the port with an IP address you specify. This can be any IP address configured in a static VLAN on the switch, even if the port does not belong to the VLAN configured with the selected IP address. The no form of the command deletes the specified IP address. If there are no IP addresses configured as management addresses, the IP address selection method returns to the default operation.
Configuring support for port speed and duplex advertisements Syntax [no] lldp config dot3TlvEnable macphy_config For outbound advertisements, this TLV includes the (local) switch port's current speed and duplex settings, the range of speed and duplex settings the port supports, and the method required for reconfiguring the speed and duplex settings on the device (autonegotiation during link initialization, or manual configuration.
Figure 109 Displaying the TLVs for a port Figure 110 Example of local device LLDP information 226 Configuring for Network Management Applications
Figure 111 Example of remote device LLDP information Tracking LLDP-MED connects and disconnects—topology change notification This optional feature provides information an SNMP application can use to track LLDP-MED connects and disconnects.
To support rapid LLDP-MED device configuration, the lldp fast-start-count command temporarily overrides the refresh-interval setting for the fast-start-count advertisement interval. This results in the port initially advertising LLDP-MED at a faster rate for a limited time. Thus, when the switch detects a new LLDP-MED device on a port, it transmits one LLDP-MED advertisement per second out the port for the duration of the fast-start-count interval.
NOTE: When disabled, this TLV cannot be enabled unless the capability TLV is already enabled. This TLV enables the switch port to advertise its current PoE state and to read the PoE requirements advertised by the LLDP-MED endpoint device connected to the port. poe (Default: Enabled) NOTE: When disabled, this TLV cannot be enabled unless the capability TLV is already enabled.
Type/Value Pairs [CA-TYPE|CA-VALUE] A series of data pairs, each composed of a location data "type" specifier and the corresponding location data for that type. That is, the first value in a pair is expected to be the civic address "type" number (CA-TYPE), and the second value in a pair is expected to be the corresponding civic address data (CA-VALUE.) For example, if the CA-TYPE for "city name" is "3," the type/value pair to define the city of Paris is "3 Paris.
With the option, displays only the following port-specific information that is currently available for outbound LLDP advertisements on the specified ports: • PortType • PortId • PortDesc NOTE: This command displays the information available on the switch. Use the lldp config command to change the selection of information that is included in actual outbound advertisements.
Example 92 Default per-port information content for ports 1 and 2 (HP_Switch_name#) show lldp info local 1-2 LLDP Local Port Information Detail Port PortType PortId PortDesc : : : : 1 local 1 1 ---------------------------------------Port : 2 PortType : local PortId : 2 PortDesc : 2 Viewing the current port speed and duplex configuration on a switch port Syntax show interfaces brief Includes port speed and duplex configuration in the Mode column of the resulting display.
Examples Example 93 A global listing of discovered devices (HP_Switch_name#) show lldp info remote LLDP Remote Devices Information LocalPort --------1 2 | + | | ChassisId ------------------------00 11 85 35 3b 80 00 11 85 cf 66 60 PortId -----6 8 PortDescr --------6 8 SysName ------------HP Switch 3500yl HP Switch 3500yl Figure 113 An LLLDP-MED listing of an advertisement received from an LLDP-MED (VoIP telephone) source Viewing LLDP statistics Syntax show lldp stats The global LLDP statis
Global LLDP Counters: Neighbor Entries List Last Updated The elapsed time since a neighbor was last added or deleted. New Neighbor Entries Count The total of new LLDP neighbors detected since the last switch reboot. Disconnecting, and then reconnecting a neighbor increments this counter. Neighbor Entries Deleted Count The number of neighbor deletions from the MIB for AgeOut Count and forced drops for all ports.
Examples Example 94 A global LLDP statistics display (HP_Switch_name#) show lldp stats LLDP Device Statistics Neighbor Entries List Last Updated : 2 hours New Neighbor Entries Count : 20 Neighbor Entries Deleted Count : 20 Neighbor Entries Dropped Count : 0 Neighbor Entries AgeOut Count : 20 LLDP Port Statistics Port -----A1 A2 A3 A4 A5 A6 A7 A8 | + | | | | | | | | NumFramesRecvd -------------97317 21 0 446 0 0 0 0 NumFramesSent ------------97843 12 0 252 0 0 0 0 NumFramesDiscarded -----------------0 0
Example Example 96 Show CDP with the default CDP configuration This example shows the default CDP configuration. (HP_Switch_name#) show cdp Global CDP information Enable CDP [Yes] : Yes (Receive Only) Port ---1 2 3 . . . CDP -------enabled enabled enabled . . . Viewing the current CDP neighbors table of the switch Devices are listed by the port on which they were detected.
Example Example 97 CDP neighbors table listing This example displays the CDP devices that the switch has detected by receiving their CDP packets. (HP_Switch_name#) show cdp neighbors CDP neighbors information Port ---1 2 4 7 12 12 Device ID ----------------------------Accounting (0030c1-7fcc40) Resear¢1-1 (0060b0-889e43) Support (0060b0_761a45) Marketing (0030c5_33dc59) Mgmt NIC(099a05-09df9b Mgmt NIC(099a05-09df11 | + | | | | | | Platform ---------------------------J4812A HP Switch. . .
Configuring CDPv2 for voice transmission Legacy Cisco VOIP phones only support manual configuration or using CDPv2 for voice VLAN auto-configuration. LLDP-MED is not supported. CDPv2 exchanges information such as software version, device capabilities, and voice VLAN information between directly connected devices such as a VOIP phone and a switch. When the Cisco VOIP phone boots up (or sometimes periodically), it queries the switch and advertises information about itself using CDPv2.
tx_rx NOTE: Enable transmit and receive mode. Not recommended for phones that support LLDP-MED. Example (HP_Switch_name#) cdp mode pre-standard-voice admin-status A5 rxonly Example Show CDP output when CDP Run is disabled. HP Switch (config#) show cdp Global CDP information Enable CDP [yes] : no Example show cdp output when cdp run and sdp mode are enabled.
is not learned or reported by the software address management components. This enhancement also filters out the MAC address learns from LLDP and 802.1x EAPOL packets on untagged VLANs. The feature is configured per-port. Filtering PVID Mismatch Log Messages This enhancement filters out PVID mismatch log messages on a per-port basis. PVID mismatches are logged when there is a difference in the PVID advertised by a neighboring switch and the PVID of the switch port which receives the LLDP advertisement.
; J9627 Configuration Editor; Created on release K.15.XX ; Ver #03:03.1f.ef:f0 hostname “HP Switch” interface 1 ignore-untagged-mac exit interface 2 ignore-untagged-mac exit ... vlan 1 name “DEFAULT_VLAN” untagged 1-24 ip address dhcp-bootp exit Using SNMP tools to manage the switch SNMP is a management protocol that allows an SNMP client application to retrieve device configuration and status information and to configure the device (get and set.
1. 2. 3. 4. 5. Type a model number of your switch (for example, 8212) or product number in the Auto Search text box. Select an appropriate product from the drop down list. Click the Display selected button. From the options that appear, select Software downloads. MIBs are available with switch software in the Other category. Click on software updates, then MIBs. SNMPv1 and v2c access to the switch SNMP access requires an IP address and subnet mask configured on the switch.
SNMPv3 users NOTE: To create new users, most SNMPv3 management software requires an initial user record to clone. The initial user record can be downgraded and provided with fewer features, but not upgraded by adding new features. For this reason, HP recommends that when you enable SNMPv3, you also create a second user with SHA authentication and DES privacy. To use SNMPv3 on the switch, you must configure the users that will be assigned to different groups: 1.
Table 18 Predefined group access levels (continued) Group name Group access type Group read view Group write view commanagerrw Ver2c or Ver1 ManagerReadView ManagerWriteView commanagerr Ver2c or Ver1 ManagerReadView DiscoveryView comoperatorrw Ver2c or Ver1 OperatorReadView OperatorReadView comoperatorr Ver2c or Ver1 OperatorReadView DiscoveryView Each view allows you to view or modify a different set of MIBs: • Manager Read View – access to all managed objects • Manager Write View –
SNMP notifications The switches: • Fixed or “Well-Known” Traps: A switch automatically sends fixed traps (such as “coldStart”, “warmStart”, “linkDown”, and “linkUp”) to trap receivers using the public community name, which is the default. These traps can also be sent to non-public communities. • SNMPv2c informs • SNMP v3 notification process, including traps This section describes how to configure a switch to send network security and link-change notifications to configured trap receivers.
These traps cannot be redirected to other communities. If you change or delete the default public community name, these traps are not sent. • Thresholds: A switch automatically sends all messages created when a system threshold is reached to the network management station that configured the threshold, regardless of the trap receiver configuration.
Trap-interval : 30 Port MAC Addresses trap learned/removed/aged ------ --------------------------------------1 Learned, Removed & Aged 2 Removed & Aged 3 Learned & Aged 4 Learned & Removed 5 Aged 6 Learned 7 Removed Example For port 1 the command would be as follows show mac-notify traps 1 Displays the following information: 1 Aged SNMP trap when power supply is inserted or removed SNMP traps generate while inserting or removing a powered up Power Supply Unit (PSU) without pulling out the power cable and
Configuring SNMP notification support You can enable SNMP trap notification of LLDP data changes detected on advertisements received from neighbor devices, and control the interval between successive notifications of data changes on the same neighbor. SNMPv2c informs On a switch enabled for SNMPv2c, you can use the snmp-server host inform command (“Enabling SNMPv2c informs” (page 202)) to send inform requests when certain events occur.
The SNMP trap contains the following information. Information Description Event ID An assigned number that identifies a specific running configuration change event. Method Method by which the change was made—CLI, Menu, or remote SNMP. For configuration changes triggered by internal events, the term "Internal-Event" is used as the source of the change. IP Address Type Indicates the source address type of the network agent that made a change.
The RMON agent automatically runs in the switch. Use the RMON management station on your network to enable or disable specific RMON traps and events. Note that you can access the Ethernet statistics, Alarm, and Event groups from the HP Switch Manager network management software. For more information on PCM+, see the HP Networking web site at www.hp.com/networking From the Products menu, select Network Management. Then click on PCM+ Network Management under the HP Network Management bar.
Figure 116 Removing an RMON Alarm Figure 117 Show Command Output for a Specific Alarm Figure 118 Display Command Output for a Specific Alarm Figure 119 Output of the running-config File Displaying the Configured RMON Alarm Parameters sFlow Configuring multiple instances In earlier software releases, sFlow was configured on the switch via SNMP using a single sFlow instance. Beginning with software release K.11.
model, consult the Release Notes (available on the HP Networking website.) If LLDP has not yet been implemented (or if you are running an older version of software), consult a previous version of the Management and Configuration Guide for device discovery details. LLDP (Link Layer Discovery Protocol) Provides a standards-based method for enabling the switches covered in this guide to advertise themselves to adjacent devices and to learn about adjacent LLDP devices.
Enable or disable LLDP on the switch In the default configuration, LLDP is globally enabled on the switch. To prevent transmission or receipt of LLDP traffic, you can disable LLDP operation. Enabling or disabling LLDP-MED In the default configuration for the switches, LLDP-MED is enabled by default which requires that LLDP is also enabled.
Table 19 Data available for basic LLDP advertisements (continued) Data type Configuration options Default Description advertised data before discarding it. Chassis Type2, 3 N/A Always Enabled Indicates the type of identifier used for Chassis ID. Chassis ID3 N/A Always Enabled Uses base MAC address of the switch. Port Type4, 3 N/A Always Enabled Uses "Local," meaning assigned locally by LLDP. Port Id3 N/A Always Enabled Uses port number of the physical port.
Options for reading LLDP information collected by the switch You can extract LLDP information from the switch to identify adjacent LLDP devices. Options include: • Using the switch's show lldp info command options to display data collected on adjacent LLDP devices—as well as the local data the switch is transmitting to adjacent LLDP devices (“Viewing the global LLDP, port admin, and SNMP notification status” (page 219).
802.1X blocking Ports blocked by 802.1X operation do not allow transmission or receipt of LLDP packets. LLDP operation on the switch Enabling LLDP operation (the default) causes the switch to: • Use active, LLDP-enabled ports to transmit LLDP packets describing itself to neighbor devices. • Add entries to its neighbors table based on data read from incoming LLDP advertisements.
Mandatory Data An active LLDP port on the switch always includes the mandatory data in its outbound advertisements. LLDP collects the mandatory data, and, except for the Remote Management Address, you cannot use LLDP commands to configure the actual data.
The port VLAN ID TLV local information can be obtained from the MIB object lldpXdot1LocPortVlanId in the local information table lldpXdot1LocTable. The port VLAN ID TLV information about all the connected peer devices can be obtained from the MIB object lldpXdot1RemPortVlanId in the remote information table lldpXdot1RemTable. LLDP-MED LLDP-MED (ANSI/TIA-1057/D6) extends the LLDP (IEEE 802.
• Provide information on network connectivity capabilities (for example, a multi-port VoIP phone with Layer 2 switch capability) • Support the fast-start capability NOTE: LLDP-MED is intended for use with VoIP endpoints and is not designed to support links between network infrastructure devices, such as switch-to-switch or switch-to-router links.
Advertising device capability, network policy, PoE status and location data The medTlvEnable option on the switch is enabled in the default configuration and supports the following LLDP-MED TLVs: • LLDP-MED capabilities: This TLV enables the switch to determine: • Whether a connected endpoint device supports LLDP-MED • Which specific LLDP-MED TLVs the endpoint supports • The device class (1, 2, or 3) for the connected endpoint This TLV also enables an LLDP-MED endpoint to discover what LLDP-MED TLVs
int vlan vid qos priority qos dscp 0 - 7 codepoint NOTE: A codepoint must have an 802.1p priority before you can configure it for use in prioritizing packets by VLAN-ID. If a codepoint you want to use shows No Override in the Priority column of the DSCP policy table (display with show qos-dscp map, then use qos-dscp map codepoint priority 0 - 7 to configure a priority before proceeding. For more information on this topic, see the Advanced Traffic Management Guide.
codes to use, contact the PSAP or other authority responsible for specifying the civic addressing data standard for your network.
Example 98 Example of a civic address configuration (HP_Switch_name#) lldp config 2 medportlocation civic-addr US 2 1 CA 3 Widgitville 6 Main 19 1433 26 Suite_4—N 27 4 28 N4—3 (HP_Switch_name#) show lldp config 2 LLDP Port Configuration Detail Port : A2 AdminStatus [Tx_Rx] : Tx_Rx NotificationEnabled [False] : False Med Topology Trap Enabled [False] : False Country Name : US What : 2 Ca-Type : 1 Ca-Length : 2 Ca-Value : CA Ca-Type : 3 Ca-Length : 11 Ca-Value : Widgitville Ca-Type : 6 Ca-Length : 4 Ca-Value
LLDP packet forwarding An 802.1D-compliant switch does not forward LLDP packets, regardless of whether LLDP is globally enabled or disabled on the switch. One IP address advertisement per port LLDP advertises only one IP address per port, even if multiple IP addresses are configured by lldp config ipAddrEnable (see syntax (page 224)) on a given port. 802.1Q VLAN Information LLDP packets do not include 802.1Q header information and are always handled as untagged packets. Effect of 802.
limited to reading incoming CDP packets from neighbor devices. (HP switches do not generate CDP packets.) Incoming CDP and LLDP packets tagged for VLAN 1 are processed even if VLAN 1 does not contain any ports. VLAN 1 must be present, but it is typically present as the default VLAN for the switch. NOTE: The switch may pick up CDP and LLDP multicast packets from VLAN 1 even when CDPand /or LLDP-enabled ports are not members of VLAN 1.
devices running either CDP or LLDP can retrieve neighbor information from the switch regardless of whether LLDP or CDP is used to collect the device-specific information. Protocol state Packet generation Inbound data management Inbound packet forwarding CDP Enabled1 N/A Store inbound CDP data. No forwarding of inbound CDP packets. CDP Disabled N/A No storage of CDP data from neighbor devices. Floods inbound CDP packets from connected devices to outbound ports.
7 Link Aggregation Control Protocol-Multi-Active Detection LACP configuration The following command defines whether LACP is enabled on a port, and whether it is in active or passive mode when enabled. When LACP is enabled and active, the port sends LACP packets and listens to them. When LACP is enabled and passive, the port sends LACP packets only if it is spoken to. When LACP is disabled, the port ignores LACP packets. If the command is issued without a mode parameter, 'active' is assumed.
making process. These devices simply forward LACP-MAD TLVs received on one interface to the other interfaces on the trunk. LACP-MAD passthrough can be enabled for 24 LACP trunks. By default, LACP-MAD passthrough is disabled.
8 File transfers File transfer methods The switches support several methods for transferring files to and from a physically connected device or via the network, including TFTP, Xmodem, and USB. This appendix explains how to download new switch software, upload or download switch configuration files and software images, and upload command files for configuring ACLs.
1. Execute copy as shown below: Figure 122 Download command for an OS (switch software) When the switch finishes downloading the software file from the server, it displays this progress message: Validating and Writing System Software to FLASH ... 2. When the download finishes, you must reboot the switch to implement the newly downloaded software image. To do so, use one of the following commands: Syntax boot system flash [ primary | secondary ] Boots from the selected flash.
For switches that have a separate out-of-band management port, the listen parameter in a server configuration allows you to specify whether transfers take place through the out-of-band management (oobm) interface, the data interface, or both. NOTE: To disable all TFTP client or server operation on the switch except for the auto-TFTP feature, enter the no tftp [client|server] command.
Downloading to primary flash using TFTP Note that the menu interface accesses only the primary flash. 1. In the console Main Menu, select Download OS to display the screen in Figure 123 (page 272). (The term "OS" or "operating system" refers to the switch software): Figure 123 Download OS (software) screen (default values) 2. 3. 4. 5. 6. Press [E] (for Edit.) Ensure that the Method field is set to TFTP (the default.
Continue reboot of system? : No Press the space bar once to change No to Yes, then press [Enter] to begin the reboot. NOTE: When you use the menu interface to download a switch software, the new image is always stored in primary flash. Also, using the Reboot Switch command in the Main Menu always reboots the switch from primary flash. Rebooting the switch from the CLI provides more options. See the Basic Operation Guide. 8. After you reboot the switch, confirm that the software downloaded correctly: a.
2. Execute the terminal emulator commands to begin the Xmodem transfer. For example, using HyperTerminal: a. Click on Transfer, then Send File. b. Type the file path and name in the Filename field. c. In the Protocol field, select Xmodem. d. Click on the [Send] button. The download can take several minutes, depending on the baud rate used in the transfer. 3. When the download finishes, you must reboot the switch to implement the newly downloaded software.
7. To confirm that the software downloaded correctly: a. From the Main Menu, select 1. Status and Counters 1. General System Information b. Check the Firmware revision line. Downloading switch software using USB This procedure assumes that: • A software version for the switch has been stored on a USB flash drive. (The latest software file is typically available from the HP Switch Networking website at www.hp.com/networking/ support.) • The USB device has been plugged into the switch's USB port.
Boots from the flash image and startup-config file. A switch covered in this guide (with multiple configuration files), also uses the current startup-config file. 3. To confirm that the software downloaded correctly, execute show system and check the Firmware revision line. Switch-to-switch download You can use TFTP to transfer a software image between two switches of the same series. The CLI enables all combinations of flash location options.
For switches that have a separate out-of-band management port, the oobm parameter specifies that the TFTP traffic must come in through the out-of-band management interface. If this parameter is not specified, the TFTP traffic comes in through the data interface. The oobm parameter is not available on switches that do not have a separate out-of-band management port. Example To download a software file from secondary flash in a switch with an IP address of 10.28.227.
Copying software images Copying a software image to a remote host in TRTP Syntax copy flash tftp ip-addr filename [oobm] Copies the primary flash image to a TFTP server. For switches that have a separate OOBM port, the oobm parameter specifies that the transfer is through the OOBM interface. If this parameter is not specified, the transfer is through the data interface. The oobm parameter is not available on switches that do not have a separate OOBM port.
Transferring switch configurations Copying a configuration file to a remote host in TFTP Syntax copy startup-config | running-config tftp ip-addr remote-file [ pc | unix ] [oobm] copy config filename tftp ip-addr remote-file [ pc | unix ] [oobm] This command can copy a designated config file in the switch to a TFTP server. For more information, see the Basic Operation Guide. For switches that have a separate OOBM port, the oobm parameter specifies that the transfer is through the OOBM interface.
Copies a customized command file to the switch. For switches that have a separate OOBM port, the oobm parameter specifies that the transfer is through the out-of-band management interface. If this parameter is not specified, the transfer is through the data interface. The oobm parameter is not available on switches that do not have a separate OOBM port. Example Example 100 Using the copy tftp show-tech command to upload a customized command file HP Switch(config)# copy tftp show-tech 10.10.10.
Copying a configuration file from a serially connected PC or UNIX workstation To use this method, the switch must be connected via the serial port to a PC or UNIX workstation on which is stored the configuration file you want to copy. To complete the copying, you need to know the name of the file to copy and the drive and directory location of the file.
Copying a configuration file from a USB device To use this method, the switch must be connected via the USB port to a USB flash drive on which is stored the configuration file you want to copy. To execute the command, you will need to know the name of the file to copy. Syntax copy usb startup-config filename Copies a configuration file from a USB device to the startup configuration file on the switch. Example To copy a configuration file from a USB device to the switch: 1.
Using a PC workstation, you then execute the following from the CLI to upload the file to the switch and implement the ACL commands it contains: HP Switch(config)# copy tftp command-file 18.38.124.16 vlan10_in.txt pc The switch displays this message: Running configuration may change, do you want to continue [y/n]? To continue with the upload, press the [Y] key. To abort the upload, press the [N] key.
Copies and executes the named text file from a USB flash drive and executes the ACL commands in the file. filename.txt A text file containing ACL commands and stored in the USB flash drive unix | pc The type of workstation used to create the text file. Depending on the ACL commands used, this action does one of the following in the running-config file: • Creates a new ACL. • Replaces an existing ACL. • Adds to an existing ACL. Example Suppose you: 1. Created an ACL command file named vlan10_in.
Example To use Xmodem to copy the output of show config to a serially connected PC: Figure 128 Sending command output to a file on an attached PC NOTE: The command you specify must be enclosed in double quotation marks.
tftp ip-address filename [oobm] Syntax copy crash-data [ usb filename slot-id | mm ] slot-id | mm ] Syntax copy crash-data [ xmodem These commands copy the crash data content to a remote host, attached USB device, or to a serially connected PC or UNIX workstation. slot-id a - h—Retrieves the crash log or crash data from the processor on the module in the specified slot mm Retrieves crash log or crash data from the switch's chassis processor.
Copies the crash data of both the active and standby management modules to a user-specified file. If no parameter is specified, files from all modules (management and interface) are concatenated. slot-id Retrieves the crash data from the module in the specified slot. mm Retrieves the crash data from both management modules and concatenates them. oobm For switches that have a separate OOBM port, specifies that the transfer is through the OOBM interface. (Default is transfer through the data interface.
Syntax copy crash-log [ filename [oobm] slot-id | mm ] tftp ip-address filepath and Copies the crash logs of both the active and standby management modules to a user-specified file. If no parameter is specified, files from all modules (management and interface) are concatenated. slot-id Retrieves the crash log from the module in the specified slot. mm Retrieves the crash logs from both management modules and concatenates them.
Insufficient FLASH space to complete the file copy. Flight data recorder The Flight Data Recorder (FDR) log collects information that is "interesting" when the switch is not performing correctly, but has not crashed. Runtime logs are written to FDR memory while the switch is running, and crashtime logs are collected and stored in the FDR buffer during a switch crash.
One of the following messages indicates the presence or absence of the USB device: • Not able to sense device in USB port • USB device detected in port • No USB device detected in port The reseat status messages can be one of the following (K.13.XX only): • Undetermined USB reseat requirement • USB reseat not required • USB device reseat required for USB autorun The autorun feature works only when a USB device is inserted and the USB port is enabled.
When executed from the configuration mode, enables or disables USB autorun on the switch. Use the encryption-key keyword to configure or remove an encryption-key (a base-64 encoded string.) The encryption key is a prerequisite for enabling autorun in secure-mode. Encryption is regarded only when the AutoRun file is also signed by an authentic source. Use the secure-mode keyword to enable or disable secure mode for autorun.
Figure 135 Example of message for download failure Some of the causes of download failures include: • Incorrect or unreachable address specified for the TFTP Server parameter. This may include network problems. • Incorrect VLAN. • Incorrect name specified for the Remote File Name parameter, or the specified file cannot be found on the TFTP server.
As described earlier in this chapter you can use a TFTP client on the administrator workstation to update software images. This is a plain-text mechanism that connects to a standalone TFTP server or another HP switch acting as a TFTP server to obtain the software image files. Using SCP and SFTP allows you to maintain your switches with greater security. You can also roll out new software images with automated scripts that make it easier to upgrade multiple switches simultaneously and securely.
Figure 136 Example of switch configuration with SFTP enabled If you enable SFTP and then later disable it, TFTP and auto-TFTP remain disabled unless they are explicitly re-enabled. Operating rules are: • The TFTP feature is enabled by default, and can be enabled or disabled through the CLI, the Menu interface (see Figure 137 (page 294)), or an SNMP application. Auto-TFTP is disabled by default and must be configured through the CLI.
Similarly, while SFTP is enabled, TFTP cannot be enabled using an SNMP management application. Attempting to do so generates an "inconsistent value" message. (An SNMP management application cannot be used to enable or disable auto-TFTP.) • To enable SFTP by using an SNMP management application, you must first disable TFTP and, if configured, auto-TFTP on the switch. You can use either an SNMP application or the CLI to disable TFTP, but you must use the CLI to disable auto-TFTP.
switch needs are already in place on the switch. You do not need to (nor can you) create new files. • The switch supports one SFTP session or one SCP session at a time. • All files have read-write permission. Several SFTP commands, such as create or remove, are not allowed and return an error message.
NOTE: Messages that are sent by the switch to the client depend on the client software in use to display them on the user console. Broken SSH connection If an ssh connection is broken at the wrong moment (for instance, the link goes away or spanning tree brings down the link), a fatal exception occurs on the switch. If this happens, the switch gracefully exits the session and produces an Event Log message indicating the cause of failure.
Using USB to transfer files to and from the switch The switch's USB port (labeled as Auxiliary Port) allows the use of a USB flash drive for copying configuration files to and from the switch. Beginning with software release K_12_XX or later, copy commands that used either tftp or xmodem now include an additional option for usb as a source or destination for file transfers. Operating rules and restrictions on USB usage are: • Unformatted USB flash drives must first be formatted on a PC (Windows FAT format.
The destination device and copy method options are as follows (CLI keyword is in bold): • Remote Host via TFTP. • Physically connected USB flash drive via the switch's USB port. • Serially connected PC or UNIX workstation via Xmodem. Behavior of autorun when USB port is disabled Software versions K.13.XX operation When using software version K.13.
In terms of physical security, access to the switch's console port and USB port are equivalent. Keeping the switch in a locked wiring closet or other secure space helps to prevent unauthorized physical access. As additional precautions, you have the following configuration options via the CLI. • Disable autorun by setting an operator or manager password. • Disable or re-enable the USB autorun function via the CLI.
Autorun secure mode You can use autorun secure mode to verify the authenticity of autorun command files. Secure-mode is configured using the autorun secure-mode command and can be enabled under both of the following conditions: • An encryption-key has already been configured using the autorun encryption key command. • A trusted certificate for verifying autorun command files has been copied to the switch using the copy [ tftp | usb ] autorun-cert-file command.
9 Monitoring and Analyzing Switch Operation Status and counters data This section describes the status and counters screens available through the switch console interface and/or the WebAgent. NOTE: You can access all console screens from the WebAgent via Telnet to the console. Telnet access to the switch is available in the Device View window under the Configuration tab. Accessing status and counters (Menu) Beginning at the Main Menu, display the Status and Counters menu by selecting: 1.
Example Figure 139 Command results for show system chassislocate command Figure 140 System fan status Figure 141 Switch system information Locating a switch To locate where a specific switch is physically installed, use the chassislocate command to actuivate the blue locator LED on the switch’s front panel.
Locates a switch by using the blue locate LED on the front panel. blink 1–1440 Blinks the chassis locate LED for a specified number of minutes (Default: 30 min.) on 1–1440 Turns the chassis locate LED on for a specified number of minutes (Default: 20 min.) off Turns the chassis locate LED off. Chassislocate at Boot The chassislocate command has an optional parameter that configures it to run in the future instead of immediately.
The task monitor feature allows you to enable or disable the collection of processor utilization data. The task-monitor cpu command is equivalent to the existing debug mode command taskusage -d. (The taskUsageShow command is available as well.) When the task-monitor command is enabled, the show cpu command summarizes the processor usage by protocol and system functions.
Accessing switch management address information (Menu) From the Main Menu, select: 1. Status and Counters ... 2. Switch Management Address Information Figure 144 Example of management address information with VLANs configured This screen displays addresses that are important for management of the switch. If multiple VLANs are not configured, this screen displays a single IP address for the entire switch. See the online Help for details.
Examples Figure 145 The show modules command output Figure 146 The show modules details command for the 8212zl, showing SSM and mini-GBIC information NOTE: On HP Switch 3500yl and 6200yl series switches, the mini-GBIC information does not display, because the ports are fixed and not part of any module. Viewing port status (Menu) From the Main Menu, select: 1. Status and Counters ... 3.
Examples Figure 147 Enabling compatibility mode Figure 148 Disabling compatibility mode Viewing port status Syntax show interfaces brief Viewing port status (Menu) From the Main Menu, select: 1. Status and Counters ... 4. Port Status Figure 149 Example of port status on the menu interface Accessing port and trunk group statistics Viewing the port counter summary report Syntax show interfaces Provides an overview of port activity for all ports on the switch.
Provides traffic details for the ports you specify. Resetting the port counters It is useful to be able to clear all counters and statistics without rebooting the switch when troubleshooting network issues. The clear statistics global command clears all counters and statistics for all interfaces except SNMP. You can also clear the counters and statistics for an individual port using the clear statistics command.
To view details about the traffic on a particular port, use the ↓ key to highlight that port number, then select Show Details. For example, selecting port A2 displays a screen similar to Figure 151 (page 310), below. Figure 151 Example of the display for Show Details on a selected port This screen also includes the Reset action for the current session. (See the “NOTE” (page 340).) NOTE: Once cleared, statistics cannot be reintroduced.
Example 102 Listing all learned MAC addresses on the switch, with the port number on which each MAC address was learned HP Switch# show mac-address Example 103 Listing all learned MAC addresses on one or more ports, with their corresponding port numbers For example, to list the learned MAC address on ports A1 through A4 and port A6: HP Switch# show mac-address a1-a4,a6 Example 104 Listing all learned MAC addresses on a VLAN, with their port numbers This command lists the MAC addresses associated with the
2. Use the Space bar to select the VLAN you want, and then press [Enter]. The switch then displays the MAC address table for that VLAN (Figure 152 (page 312).) Figure 152 Example of the address table To page through the listing, use Next page and Prev page. Finding the port connection for a specific device on a VLAN This feature uses a device's MAC address that you enter to identify the port used by that device. 1.
1. From the Main Menu, select: 1. Status and Counters ... 7. Port Address Table Figure 154 Listing MAC addresses for a specific port 2. Use the Space bar to select the port you want to list or search for MAC addresses, then press [Enter] to list the MAC addresses detected on that port. Determining whether a specific device is connected to the selected port Proceeding from step 2 (page 313), above: 1. Press [S] (for Search), to display the following prompt: Enter MAC address: _ 2.
Example Figure 155 Output from show spanning-tree command Viewing internet IGMP status Show command Output show ip igmp Global command listing IGMP status for all VLANs configured in the switch: • VLAN ID (VID) and name • Querier address • Active group addresses per VLAN • Number of report and query packets per group • Querier access port per VLAN 314 show ip igmp config Displays the IGMP configuration information, including VLAN ID, VLAN name, status, forwarding, and Querier information.
Show command Output show ip igmp group ip-addr Lists the ports currently participating in the specified group, with port type, Access type, Age Timer data and Leave Timer data. show ip igmp groups Displays VLAN-ID, group address, uptime, expiration time, multicast filter type, and the last reporter for IGMP groups. show ip igmp statistics Displays IGMP operational information, such as VLAN IDs and names, and filtered and flooding statistics.
Show command Output • "Unknown VLAN" setting (Learn, Block, Disable) • Port status (up/down) Example Suppose that your switch has the following VLANs: Ports VLAN VID A1-A12 DEFAULT_VLAN 1 A1, A2 VLAN-33 33 A3, A4 VLAN-44 44 The next three figures show how you could list data on the above VLANs.
Figure 158 Port listing for an individual VLAN WebAgent status information The WebAgent Status screen provides an overview of the status of the switch. Scroll down to view more details. For information about this screen, click on ? in the upper right corner of the WebAgent screen.
1. Determine the session and local destination port: • Session number (1-4) and (optional) alphanumeric name • Exit port (any port on the switch except a monitored interface used to mirror traffic) CAUTION: An exit port should be connected only to a network analyzer, IDS, or other network edge device that has no connection to other network resources. Connecting a mirroring exit port to a network can result in serious network performance problems, and is strongly discouraged by HP. 2.
Configuring a mirroring policy to select inbound traffic Syntax class ipv4 | ipv6 classname [ no ] [seq-number] [ match | ignore ip-protocol source-address destination-address ] [precedence precedence-value] [tos tos-value] [ip-dscp codepoint] [vlan vlan-id] Syntax policy mirror policy-name [no] [seq-number] [ class ipv4 | ipv6 classname action mirror session ] [ action mirror session ]...
Configuring monitored traffic Deprecation of ACL-based traffic selection: In release K.14.01 and greater, the use of ACLs to select inbound traffic in a mirroring session interface | vlan monitor ip access-group in mirror command has been deprecated and is replaced with classifier-based mirroring policies.
Procedure 1 1. From the Main Menu, select: 1. Switch Configuration ... 3. Network Monitoring Port Figure 160 The default network mirroring configuration screen 2. 3. 4. In the Actions menu, press [E] (for Edit.) If mirroring is currently disabled for session 1 (the default), enable it by pressing the Space bar (or [Y]) to select Yes. Press the down arrow key to display a screen similar to Figure 161 (page 321), and move the cursor to the Monitoring Port parameter.
ii. Use the Space bar to select the VLAN you want to mirror. iii. Go to step 10 (page 322). 8. Use the down arrow key to move the cursor to the Action column for the individual port interfaces and position the cursor at a port, trunk, or mesh you want to mirror. 9. Press the Space bar to select Monitor for the ports, trunks, mesh, or any combination of these that you want mirrored. Use the down arrow key to move from one interface to the next in the Action column.
Enter this command on a remote switch to configure the exit port to use in a remote mirroring session. You will configure the mirroring source on the local switch in the next step. The mirror endpoint ip command configures: • The unique UDP port number to be used for the mirroring session on the source switch. The recommended port range is from 7933 to 65535. • The IP address of the source switch to use in the session. • The IP address and exit-port number on the remote (endpoint) switch.
service-policy mirror-policy-name in In the policy mirror command, the mirror session parameter accepts a number (1 to 4) or name, if the specified mirroring session has already been configured with the name name-str option in the mirror command. The no [ interface | vlan ] service-policy in command removes the mirroring policy from a port, VLAN, trunk, or mesh interface for a specified session, but leaves the session available for other assignments.
This setting associates the monitored source with the desired remote endpoint in the remote session by using the same, unique UDP port number to identify the session on the source and remote switches. dst-ip Must exactly match the dst-ip setting you configure on the source switch for the remote session. exit-port-# Exit port for mirrored traffic in the remote session, to which a traffic analyzer or IDS is connected.
Caution: Please configure destination switch first. Do you want to continue [y/n]? • If you have not yet configured the session on the remote destination switch, follow the configuration procedure in “Configure a mirroring destination on a remote switch” (page 349) before using this command. • If you have already configured the session on the remote destination switch, enter y (for "yes") to complete this command. 1 - 4 Identifies the mirroring session created by this command.
Assigns a mirroring source to a previously configured mirroring session on a source switch by specifying the port, trunk, and/or mesh sources to use, the direction of traffic to mirror, and the session. Identifies the source ports, static trunks, and/or mesh on which to mirror traffic. interface port/trunk/mesh Use a hyphen for a range of consecutive ports or trunks (a5-a8, Trk2-Trk4.) Use a comma to separate non-contiguous interfaces (b11, b14, Trk4, Trk7.
This command assigns a monitored VLAN source to a previously configured mirroring session on a source switch by specifying the VLAN ID, the direction of traffic to mirror, and the session. vlan vid-# Identifies the VLAN on which to mirror traffic. monitor all [ in | out | both ] Uses the direction of traffic on the specified vid-# to select traffic to mirror.If you enter the monitor all command without selection criteria or a session identifier, the command applies by default to session 1.
Configures the MAC address as selection criteria for mirroring traffic on any port or learned VLAN on the switch. src | dest | both Specifies how the MAC address is used to filter and mirror packets in inbound and/or outbound traffic on the interfaces on which the mirroring session is applied: • src: Mirrors all packets in inbound traffic that contain the specified MAC address as source address. • dest: Mirrors all packets in outbound traffic that contain the specified MAC address as destination address.
Context: Class configuration Syntax [ no ] [seq-number] [ match | ignore ip-protocol source-address destination-address ] [ip-dscp codepoint] [precedence precedence-value] [tos tos-value] [vlan vlan-id] For detailed information about how to enter match and ignore commands to configure a traffic class, the Advanced Traffic Management Guide. Context: Global configuration Syntax [ no ] policy mirror policy-name Defines the name of a mirroring policy and enters the policy configuration context.
Applying a mirroring policy on a port or VLAN interface Enter one of the following service-policy commands from the global configuration context. Context: Global configuration Syntax interface service-policy policy-name in Configures the specified ports with a mirroring policy that is applied to inbound traffic on each interface. Separate individual port numbers in a series with a comma, for example, a1,b4,d3. Enter a range of ports by using a dash, for example, a1-a5.
If a monitored source for a remote session is configured on the switch, the following information is displayed. Otherwise, the output displays: Mirroring is currently disabled. Sessions Lists the four configurable sessions on the switch. Status Displays the current status of each session : • active: The session is configured. • inactive: Only the destination has been configured; the mirroring source is not configured. • not defined: Mirroring is not configured for this session.
Viewing the remote endpoints configured on the switch Syntax show monitor endpoint Displays the remote mirroring endpoints configured on the switch. Information on local sessions configured on the switch is not displayed. (To view the configuration of a local session, use the show monitor [ 1-4 | name name-str ] ] command, as described on page 74 and page 77.) Type Indicates whether the session is a port (local) or IPv4 (remote) mirroring session.
Mirroring Destination For a local mirroring session, displays the port configured as the exit port on the source switch. For a remote mirroring session, displays IPv4, which indicates mirroring to a remote (endpoint) switch. UDP Source Addr The IP address configured for the source VLAN or subnet on which the monitored source interface exists. In the configuration of a remote session, the same UDP source address must be configured on the source and destination switches.
Figure 166 Configuring a MAC-based mirroring session Figure 167 Displaying a MAC-based mirroring session Viewing a local mirroring session When used to display the configuration of a local session, the show monitor command displays a subset of the information displayed for a remote mirroring session.
Figure 169 Configuring a classifier-based mirroring policy in a local mirroring session Example 108 Displaying a classifier-based policy in a local mirroring session HP Switch(config)# show monitor 3 Network Monitoring Session: 3 Session Name: Policy: MirrorAdminTraffic Mirror Destination: Monitoring Sources -----------------VLAN: 5 C1 (Port) Direction --------Source Viewing information about a classifier-based mirroring configuration Syntax show class ipv4 classname show class ipv6 classname show clas
show policy config policy-name Lists the statements that make up the specified policy. config Displays the names of all policies defined for the switch and lists the statements that make up each policy. Additional variants of the show policy command provide information on policies that have been applied to ports or VLANs.
currently applied to interfaces on the switch, as well as QoS policies and other software features. NOTE: The information displayed is the same as the output of the show qos resources and show access-list resources commands. Figure 173 Displaying the hardware resources used by currently configured mirroring policies Viewing the mirroring configurations in the running configuration file Use the show run command to view the current mirroring configurations on the switch.
Example Figure 174 Displaying mirroring sources and sessions in the running configurations Information about remote endpoints configured for remote sessions on the switch begin with the mirror endpoint keywords.
NOTE: Link test and ping test—analysis tools in troubleshooting situations—are described in Appendix C, “Troubleshooting” (page 368). See “Diagnostic tools” (page 426). Compatibility mode Table 21 (page 340) shows how the v2 zl and zl modules behave in various combinations and situations when Compatibility mode is enabled and when it is disabled.
Traffic mirroring provides the following benefits: • Allows you to monitor the traffic flow on specific source interfaces. • Helps in analyzing and debugging problems in network operation resulting from a misbehaving network or an individual client. The mirroring of selected traffic to an external device makes it easier to diagnose a network problem from a centralized location in a topology spread across a campus.
Mirroring destinations Traffic mirroring supports destination devices that are connected to the local switch or to a remote switch: • Traffic can be copied to a destination (host) device connected to the same switch as the mirroring source in a local mirroring session. You can configure up to four exit ports to which destination devices are connected. • Traffic can be bridged or routed to a destination device connected to a different switch in a remote mirroring session.
Selecting mirrored traffic You can use any of the following options to select the traffic to be mirrored on a port, trunk, mesh, or VLAN interface in a local or remote session: • All traffic Monitors all traffic entering or leaving the switch on one or more interfaces (inbound and outbound.) • Direction-based traffic selection Monitors traffic that is either entering or leaving the switch (inbound or outbound.
Remote destinations A remote mirroring traffic destination is an HP switch configured to operate as the exit switch for mirrored traffic sessions originating on other HP switches.
Table 22 Mirroring configuration options Monitoring interface and configuration level Traffic selection criteria Traffic direction CLI config Menu and web i/f config1 Snmp config VLAN All traffic Inbound only All traffic (inbound and outbound combined) Inbound only Outbound only Both directions ACL (IP traffic)2 Port(s) Both directions See “About selecting inbound traffic using advanced classifier-based mirroring” (page 354).
on an HP switch uses IPv4 to encapsulate mirrored traffic sent to a remote endpoint switch, the intermediate switches and routers in a layer 2/3 domain can be from any vendor if they support IPv4. The following restrictions apply to remote endpoint switches and intermediate devices in a network configured for traffic mirroring: • The exit port for a mirroring destination must be an individual port and not a trunk, mesh, or VLAN interface.
The new mirroring policy is automatically configured on the same port or VLAN interface on which the mirroring ACL was assigned. The behavior of the new class and mirroring-policy configuration exactly matches the traffic-selection criteria and mirroring destination used in the ACL-based session.) Figure 177 (page 347) and Figure 178 (page 347) show how ACL-based selection criteria in a mirroring session are converted to a classifier-based policy and class configuration when you install release K.14.
• If session 1 has been configured in the CLI with an ACL/classifier-based mirroring policy or as a remote mirroring session, the Menu is not available for changing the session 1 configuration. • The CLI (and SNMP) can be used to override any Menu configuration of session 1. Remote mirroring overview To configure a remote mirroring session in which the mirroring source and destination are on different switches, follow these general steps: 1.
Quick reference to remote mirroring setup The commands beginning with “Configuring the mirroring destination on a remote switch” (page 322), configure mirroring for a remote session in which the mirroring source and destination are on different switches: • The mirror command identifies the destination in a mirroring session. • The interface and vlan commands identify the monitored interface, traffic direction, and traffic-selection criteria for a specified session.
Configure a destination switch in a remote mirroring session Enter the mirror endpoint ip command on the remote switch to configure the switch as a remote endpoint for a mirroring session with a different source switch. Configure a mirroring session on the source switch To configure local mirroring, only a session number and exit port number are required.
Traffic selection options To configure traffic mirroring, specify the source interface, traffic direction, and criteria to be used to select the traffic to be mirrored by using the following options: • • Interface type • Port, trunk, and/or mesh • VLAN • Switch (global configuration level) Traffic direction and selection criteria • All inbound and/or outbound traffic on a port or VLAN interface • Only inbound IP traffic selected with an ACL (deprecated in software release K.14.
Figure 180 Displaying a mirror session configuration with the no-tag-added option About using SNMP to configure no-tag-added The MIB object hpicfBridgeDontTagWithVlan is used to implement the no-tag-added option, as shown below: hpicfBridgeDontTagWithVlan OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This oid mentions whether VLAN tag is part of the mirror'ed copy of the packet.
About selecting inbound traffic using an ACL (deprecated) Deprecation of ACL-based traffic selection In release K.14.01 or greater, the use of ACLs to select inbound traffic in a mirroring session has been replaced with classifier-based mirroring policies. The following commands have been deprecated: • interface port/trunk/mesh monitor ip access-group acl-name in mirror 1 - 4 | name-str • vlan vid-# monitor ip access-group acl-name in mirror 1 - 4 | name-str After you install and boot release K.14.
packet is forwarded. Therefore, the destination MAC address that you want to mirror will not appear in routed packet headers. This restriction also applies to the destination MAC address of a host that is directly connected to a routing switch. (Normally, a host is connected to an edge switch, which is directly connected to the router.
Like ACL-based traffic-selection criteria, classifier-based service policies apply only to inbound traffic flows and are configured on a per-port or per-VLAN basis.
NOTE: Be sure to enter each class and its associated mirroring actions in the precise order in which you want packets to be checked and processed. To configure the mirroring actions that you want to execute on packets that match the criteria in a specified class, enter one or more class action mirror commands from the policy configuration context. (See (page 330).) You can configure only one mirroring session (destination) for each class.
5. Apply the mirroring policy to inbound traffic on a port (interface service-policy in command) or VLAN (vlan service-policy in command) interface. CAUTION: After you apply a mirroring policy for one or more preconfigured sessions on a port or VLAN interface, the switch immediately starts to use the traffic-selection criteria and exit port to mirror traffic to the destination device connected to each exit port.
Figure 181 Mirroring configuration in which only a mirroring policy is supported • If a mirroring session is already configured with one or more traffic-selection criteria (MAC-based or all inbound and/or outbound traffic), the session does not support the addition of a classifier-based policy.
Figure 183 Example of applying multiple sessions to the same interface Classifier-based mirroring configuration 359
Mirroring configuration examples Example 109 Local mirroring using traffic-direction criteria An administrator wants to mirror the inbound traffic from workstation "X" on port A5 and workstation "Y" on port B17 to a traffic analyzer connected to port C24 (see Figure 184 (page 360).) In this case, the administrator chooses "1" as the session number. (Any unused session number from 1 to 4 is valid.
Example 110 Remote mirroring using a classifier-based policy In the network shown in Figure 186 (page 361), an administrator has connected a traffic analyzer to port A15 (in VLAN 30) on switch C to monitor the TCP traffic to the server at 10.10.30.153 from workstations connected to switches A and B. Remote mirroring sessions are configured on switches A and B, and a remote mirroring endpoint on switch C. TCP traffic is routed through the network to the server from VLANs 10 and 20 on VLAN 30.
4. On source switch B, repeat steps 2 and 3: a. Configure an association between the remote mirroring endpoint on switch C and a mirroring session on switch B. b. Configure a classifier-based mirroring policy to select inbound TCP traffic destined to the server at 10.10.30.153, and apply the policy to a VLAN interface for VLAN 20. Because the remote session has mirroring sources on different switches, you can use the same session number (1) for both sessions.
Example 111 Remote mirroring using traffic-direction criteria In the network shown in Figure 190 (page 363), the administrator connects another traffic analyzer to port B10 (in VLAN 40) on switch C to monitor all traffic entering switch A on port C12. For this mirroring configuration, the administrator configures a mirroring destination (with a remote exit port of B10) on switch C, and a remote mirroring session on switch A.
Maximum supported frame size The IPv4 encapsulation of mirrored traffic adds a 54-byte header to each mirrored frame. If a resulting frame exceeds the MTU allowed in the network, the frame is dropped or truncated. NOTE: Oversized mirroring frames are dropped or truncated, according to the setting of the [truncation] parameter in the mirror command. Also, remote mirroring does not allow downstream devices in a mirroring path to fragment mirrored frames.
Effect of downstream VLAN tagging on untagged, mirrored traffic In a remote mirroring application, if mirrored traffic leaves the switch without 802.1Q VLAN tagging, but is forwarded through a downstream device that adds 802.1Q VLAN tags, the MTU for untagged mirrored frames leaving the source switch is reduced below the values shown in Table 23 (page 364). For example, if the MTU on the path to the destination is 1522 bytes, untagged mirrored frames leaving the source switch cannot exceed 1518 bytes.
• Effect of IGMP on mirroring If both inbound and outbound mirroring is operating when IGMP is enabled on a VLAN, two copies of mirrored IGMP frames may appear at the mirroring destination. • Mirrored traffic not encrypted Mirrored traffic undergoes IPv4 encapsulation, but mirrored encapsulated traffic is not encrypted. • IPv4 header added The IPv4 encapsulation of mirrored traffic adds a 54-byte header to each mirrored frame.
Troubleshooting traffic mirroring If mirrored traffic does not reach the configured remote destination (endpoint) switch or remote exit port, check the following configurations: • In a remote mirroring session, the mirror remote ip command parameters configured on the source switch for source IP address, source UDP port, and destination IP address must be identical to the same parameters configured with the mirror endpoint ip command on the remote destination switch.
10 Troubleshooting Overview This chapter addresses performance-related network problems that can be caused by topology, switch configuration, and the effects of other devices or their configurations on switch operation. (For switch-specific information on hardware problems indicated by LED behavior, cabling requirements, and other potential hardware-related problems, see the Installation Guide you received with the switch.
Browser or Telnet access problems Cannot access the WebAgent • Access may be disabled by the Web Agent Enabled parameter in the switch console. Check the setting on this parameter by selecting: 2. Switch Configuration 1. System Information • The switch may not have the correct IP address, subnet mask, or gateway. Verify by connecting a console to the switch's Console port and selecting: 2. Switch Configuration 5.
Unusual network activity Network activity that fails to meet accepted norms may indicate a hardware problem with one or more of the network components, possibly including the switch. Such problems can also be caused by a network loop or simply too much traffic for the network as it is currently designed and implemented. Unusual network activity is usually indicated by the LEDs on the front of the switch or measured with the switchconsole interface or with a network management tool such as HP PCM+.
the switch when DHCP/Bootp is first configured, the switch may not immediately receive the desired configuration. After verifying that the server has become accessible to the switch, reboot the switch to re-start the process. 802.
The switch does not allow management access from a device on the same VLAN The implicit deny any function that the switch automatically applies as the last entry in any ACL always blocks packets having the same DA as the switch's IP address on the same VLAN. That is, bridged packets with the switch itself as the destination are blocked as a security measure. To preempt this action, edit the ACL to include an ACE that permits access to the switch's DA on that VLAN from the management device.
Examples Remote gateway case Configuring ACL "101" (Example 112 (page 373)) and applying it outbound on VLAN 1 in Figure 196 (page 373) includes the router gateway (10.0.8.1) needed by devices on other networks. This can prevent the switch from sending ARP and other routing messages to the gateway router to support traffic from authorized remote networks. Example 112 ACE blocking an entire subnet In Figure 196 (page 373), this ACE (see data in bold below) denies access to the 10 Net's 10.0.8.
IGMP-related problems IP multicast (IGMP) traffic that is directed by IGMP does not reach IGMP hosts or a multicast router connected to a port IGMP must be enabled on the switch and the affected port must be configured for "Auto" or "Forward" operation. IP multicast traffic floods out all ports; IGMP does not appear to filter traffic The IGMP feature does not operate if the switch or VLAN does not have an IP address configured manually or obtained through DHCP/Bootp.
There can be several reasons for not receiving a response to an authentication request. Do the following: • Use ping to ensure that the switch has access to the configured RADIUS servers. • Verify that the switch is using the correct encryption key (RADIUS secret key) for each server. • Verify that the switch has the correct IP address for each RADIUS server. • Ensure that the radius-server timeout period is long enough for network conditions.
RADIUS server fails to respond to a request for service, even though the server's IP address is correctly configured in the switch Use show radius to verify that the encryption key (RADIUS secret key) the switch is using is correct for the server being contacted. If the switch has only a global key configured, it either must match the server key or you must configure a server-specific key.
There can be several reasons for not receiving a response to an authentication request. Do the following: • Use ping to ensure that the switch has access to the configured RADIUS server. • Verify that the switch is using the correct encryption key for the designated server. • Verify that the switch has the correct IP address for the RADIUS server. • Ensure that the radius-server timeout period is long enough for network conditions.
Fast-uplink troubleshooting Some of the problems that can result from incorrect use of fast-uplink MSTP include temporary loops and generation of duplicate packets. Problem sources can include: • Fast-uplink is configured on a switch that is the MSTP root device. • Either the Hello Time or the Max Age setting (or both) is too long on one or more switches. Return the Hello Time and Max Age settings to their default values (2 seconds and 20 seconds, respectively, on a switch.
The public key file you are trying to download has one of the following problems: • A key in the file is too long. The maximum key length is 1024 characters, including spaces. This could also mean that two or more keys are merged together instead of being separated by a CRLF. • There are more than ten public keys in the key file. • One or more keys in the file is corrupted or is not a valid rsa public key. Client ceases to respond ("hangs") during connection phase.
Access is denied even though the username/password pair is correct Some reasons for denial include the following parameters controlled by your TACACS+ server application: • The account has expired. • The access attempt is through a port that is not allowed for the account. • The time quota for the account has been exhausted. • The time credit for the account has expired. • The access attempt is outside of the time frame allowed for the account.
Figure 200 Example of correct VLAN port assignments on a link • If VLAN_1 (VID=1) is configured as "Untagged" on port 3 on switch "X," it must also be configured as "Untagged" on port 7 on switch "Y." Make sure that the VLAN ID (VID) is the same on both switches. • Similarly, if VLAN_2 (VID=2) is configured as "Tagged" on the link port on switch "A," it must also be configured as "Tagged" on the link port on switch "B." Make sure that the VLAN ID (VID) is the same on both switches.
Using the Event Log for troubleshooting switch problems The Event Log records operating events in single- or double-line entries and serves as a tool to isolate and troubleshoot problems. Starting in software release K.13.xx, the maximum number of entries supported in the Event Log is increased from 1000 to 2000. Entries are listed in chronological order, from the oldest to the most recent. Once the log has received 2000 entries, it discards the oldest message each time a new message is received.
Table 24 Event Log system modules System module Description Documented in HP Switch hardware/software guide 802.1x 802.1X authentication: Provides access control on a per-client or per-port basis: Access Security Guide • Client-level security that allows LAN access to 802.1X clients (up to 32 per port) with valid user credentials • Port-level security that allows LAN access only on ports on which a single 802.
Table 24 Event Log system modules (continued) System module Description Documented in HP Switch hardware/software guide throttling or dropping all IP traffic from the offending hosts. Connection-rate filtering messages include events on virus throttling. Virus throttling uses connection-rate filtering to stop the propagation of malicious agents.
Table 24 Event Log system modules (continued) System module Description Documented in HP Switch hardware/software guide ffi Find, Fix, and Inform: Event or alert log messages indicating a possible topology loop that causes excessive network activity and results in the network running slow. FFI messages include events on transceiver connections with other network devices.
Table 24 Event Log system modules (continued) System module Description Documented in HP Switch hardware/software guide licensing HP Switch premium licensing: Provides Premium License Installation Guide access to expanded features on certain HP switches. kms Key Management System: Configures Access Security Guide and maintains security information (keys) for all routing protocols, including a timing mechanism for activating and deactivating an individual protocol.
Table 24 Event Log system modules (continued) System module Description Documented in HP Switch hardware/software guide assigned port on the switch. MAC Lockdown also restricts the client device to a specific VLAN. • MAC lockout blocks a specific MAC address so that the switch drops all traffic to or from the specified address. mgr HP PCM and PCM+: Windows-based Management and Configuration Guide network management solutions for managing and monitoring performance of HP switches.
Table 24 Event Log system modules (continued) System module Description Documented in HP Switch hardware/software guide QinQ IEEE 802.1ad specification, known as Advanced Traffic Management Guide QinQ (provider bridging), provides a second tier of VLANs in a bridged network. QinQ supports the forwarding of traffic from multiple customers over a provider network using service VLANs (S-VLANs.
Table 24 Event Log system modules (continued) System module Description Documented in HP Switch hardware/software guide switches in the same IP subnet (broadcast domain), resulting in a reduced number of IP addresses and simplified management of small workgroups for scaling your network to handle increased bandwidth demand. stp Multiple-instance spanning tree Advanced Traffic Management Guide protocol/MSTP (802.
Table 24 Event Log system modules (continued) System module Description Documented in HP Switch hardware/software guide update Updates (TFTP or serial) to HP switch Management and Configuration Guide software and updates to running-config and start-up config files usb Auxiliary port that allows you to Installation and Getting Started Guide connect external devices to the switch. vlan Static 802.
By default, the show logging command displays the log messages recorded since the last reboot in chronological order: -a Displays all recorded log messages, including those before the last reboot. -b Displays log events as the time since the last reboot instead of in a date/time format. -r Displays all recorded log messages, with themost recent entries listed first (reverse order.) -e Displays all errors in the event class.
Figure 203 Example of an event log display The log status line below the recorded entries states the total number of events stored in the event log and which logged events are currently displayed. Navigating in the Event Log in the menu To scroll to other entries in the Event Log, either preceding or following the currently visible portion, press the keys indicated at the bottom of the display (Back,Nextpage, Prev page, or End) or the keys described in Table 3-3 (page 392).
Turning event numbering on Syntax [ no ] log-numbers Turns event numbering on and off Using log throttling to reduce duplicate Event Log and SNMP messages A recurring event can generate a series of duplicate Event Log messages and SNMP traps in a relatively short time. As a result, the Event Log and any configured SNMP trap receivers may be flooded with excessive, exactly identical messages.
Figure 204 Duplicate messages over multiple log throttling periods Note that if the same type of event occurs under different circumstances, the switch handles these as unrelated events for the purpose of Event Log messages.
Example 114 Event counter operation Suppose the switch detects the following after a reboot: • Three duplicate instances of the PIM "Send error" during the first log throttle period for this event • Five more instances of the same Send error during the second log throttle period for this event • Four instances of the same Send error during the third log throttle period for this event In this case, the duplicate message appears three times in the Event Log (once for each log throttle period for the eve
• • VRRP events • Wireless services events Use the logging command to select a subset of Event Log messages to send to an external device for debugging purposes according to: • Severity level • System module Hostname in syslog message The syslog now messages the sender identified by hostname. The hostname field identifies the switch that originally sends the syslog message. Configurable through the CLI and SNMP, the format of the hostname field supports the following formats.
NOTE: When the syslog server receives messages from the switch, the IPv6 address of the switch is partly displayed. Configured Host Ipv6 Address: 2001::1 Expected Syslog message: Syslog message: USER.INFO: Oct 11 02:40:02 2001::1 00025 ip: ST1CMDR: VLAN60: ip address 30.1.1.1/24 configured on vlan 60 Actual Truncated syslog message: Syslog message: USER.INFO: Oct 11 02:40:02 2001:: 00025 ip: ST1CMDR: VLAN60: ip address 30.1.1.
Debug Logging Origin identifier: Outgoing Interface IP Destination: None Enabled debug types: None are enabled. Viewing Syslog/debug message sender Use the commands show debugorshow running-config to display the identification of the syslog message sender. The default option for origin-id is ip-address. The command show running-configwill not display the configured option when origin-id is set to the default value of ip address.
The command logging origin-id none will display the following. logging origin-id none Syslog messages Syslog messages have been made to incorporate origin identifier changes. Example HP_Switch(config)# logging origin-id ip-address Resulting syslog message: Jan 1 00:15:35 169.254.230.236 00076 ports: port 2 is now on-line Example HP_Switch(config)# logging origin-id hostname Resulting syslog message: Jan 1 00:15:35 HP-2910al-24G 00076 ports: port 2 is now on-line.
Example Syslog server at 192.168.1.3 is using TCP at port 1470 (the default): (config)# logging 192.168.1.3 tcp Example Syslog server at 192.168.1.4 is using TCP at port 9514: (config)# logging 192.168.1.4 tcp 9514 Example Syslog server at 192.168.1.5 is using TLS at port 6514 (the default): (config)# logging 192.168.1.5 tls Example Syslog server at 192.168.1.6 is using TCP at port 10000: (config)# logging 192.168.1.6 tls 10000 Adds an IP address to the list of receiving syslog servers.
Debug/syslog configuration commands Event notification logging — Automatically sends switch-level event messages to the switch's Event Log. Debug and syslog do not affect this operation, but add the capability of directing Event Log messaging to an external device. Command syslog-ip-addr Enables syslog messaging to be sent to the specified IP address. IPv4 and IPv6 are supported.
buffer: Enables syslog logging to send the debug message types specified by the debug debug-type command to a buffer in switch memory. event Sends standard Event Log messages to configured debug destinations. (The same messages are also sent to the switch's Event Log, regardless of whether you enable this option.) ip fib: Displays IP Forwarding Information Base messages and events. forwarding: Sends IPv4 forwarding messages to the debug destinations.
forwarding: Sends IPv6 forwarding messages to the debug destination(s) nd: Sends IPv6 debug messages for IPv6 neighbor discovery to the configured debug destinations. ospf3 [ adj | event | flood | lsa-generation | packet | retransmission | spf ] : Sends OSPFv3 events to the debug destinations. Must be executed in OSPFv3 context. Selecting an option filters the debug messages by that option. packet: Sends IPv6 packet messages to the debug destinations.
Configuring Syslog/debug operation 1. To use a syslog server as the destination device for debug messaging, follow these steps: a. Enter the logging syslog-ip-addr command at the global configuration level to configure the syslog server IP address and enable syslog logging. Optionally, you may also specify the destination subsystem to be used on the syslog server by entering the logging facility command.
CAUTION: If you configure a severity-level, system-module, logging destination, or logging facility value and save the settings to the startup configuration (for example, by entering the write memory command), the debug settings are saved after a system reboot (power cycle or reboot) and re-activated on the switch. As a result, after switch startup, one of the following situations may occur: • Only a partial set of Event Log messages may be sent to configured debug destinations.
Figure 207 Syslog configuration to receive event log messages from specified system module and severity levels As shown at the top of Figure 207 (page 406), if you enter the show debug command when no syslog server IP address is configured, the configuration settings for syslog server facility, Event Log severity level, and system module are not displayed.
Figure 208 Debug/syslog configuration for multiple debug types and multiple destinations Debug command At the manager level, use the debug command to perform two main functions: • Specify the types of event messages to be sent to an external destination. • Specify the destinations to which selected message types are sent. By default, no debug destination is enabled and only Event Log messages are enabled to be sent. NOTE: To configure a syslog server, use the logging syslog-ip-addr command.
NOTE: Beginning with software release K.14.01, ACE matches (hits) for permit and deny entries can be tracked using the show statistics [ aclv4 | aclv6 ] command. (Default: Disabled—ACL messages for traffic that matches "deny" entries are not sent.) all Configures the switch to send all debug message types to configured debug destinations. (Default: Disabled—No debug messages are sent.) cdp Sends CDP information to configured debug destinations.
lsa-generation—New LSAs added to database. packet [packet-type] — All OSPF packet messages sent and received on the switch, where packet-type enables only the specified OSPF packet type. Valid values are: dd—Database descriptions hello—Hello messages lsa—Link-state advertisements lsr—Link-state requests lsu—Link-state updates retransmission—Retransmission timer messages. spf—Path recalculation messages. ip [ospfv3] ip [pim [packet Enables OSPFv3 debug messages.
NOTE: When PIM debugging is enabled, the following message displays: PIM Debugging can be extremely CPU intensive when run on a device with an existing high CPU load or on a switch with more than 10 PIM-enabled VLANs. In high load situations, the switch may suffer from protocol starvation, high latency, or even reload. When debugging a switch with more than 10 PIM-enabled VLANs, the “vlan” option in “debug ip pim packet” should be utilized.
flood— Information on flood messages. lsa-generation— New link state advertisements added to database. packet [ packet-type] —All OSPFv3 packet messages sent and received on the switch, where packet-type enables only the specified OSPFv3 packet type. Valid values are: dd— Database descriptions hello— Hello messages lsa— Link-state advertisements lsr— Link-state requests lsu— Link-state updates retransmission—Retransmission timer messages. spf—Path recalculation messages.
services slot-id-range Displays debug messages on the services module. Enter an alphabetic module ID or range of module IDs for the slot-id-range parameter. snmp event | pdu | routines Displays the SNMP debug messages. event—Displays SNMP event debug messages. pdu—Displays SNMP pdu debug messages. routines—Displays SNMP routines debug messages vrrp Displays VRRP debug messages on the configured destinations.
Figure 210 Example of setting an IP RIP filter for port A4 Figure 211 Example of setting a filter for fatal SSH messages on a VLAN Enabling or disabling syslog messaging When a syslog server is configured, the forwarding of events begins immediately. The commands no debug eventor no debug all have no effect. The only way to disable the forwarding of events to the Syslog server is by removing the server with the no logging ip-address command or the no logging command, which removes all Syslog servers.
NOTE: Debug messages from the switches covered in this guide have a debug severity level. Because the default configuration of some syslog servers ignores syslog messages with the debug severity level, ensure that the syslog servers you want to use to receive debug messages are configured to accept the debug level. session Enables transmission of event notification messages to the CLI session that most recently executed this command.
By specifying both a severity level and system module, you can use both configured settings to filter the Event Log messages you want to use to troubleshoot switch or network error conditions.
sent to the syslog servers if they are currently enabled as debug types. (See "Debug Messages" on page A-47.) Removes all currently configured syslog logging destinations from the running configuration. no logging Using this form of the command to delete the only remaining syslog server address disables debug destination logging on the switch, but the default Event debug type does not change.
Examples Figure 212 Configuring UDP for logging message transmission using the default port Figure 213 Configuring TCP for logging message transmission using a specified port Figure 214 Configuring UDP for logging message transmission using the default port Figure 215 Configuring UDP for logging message transmission using a specified port Syntax [ no ] logging facility facility-name The logging facility specifies the destination subsystem used in a configured syslog server.
Disable LinkUp/Down Syslog Messages Based on Port This feature provides a per-port basis filter that can restrict the logging of events that are associated with a link status change. Unimportant linkup/linkdown events can be filtered out, avoiding unwanted messages in the event log and reducing troubleshooting time. The specific port-based events to be controlled are: RMON_PMGR_PORT_UP—Indicates that the port has changed from and off-line to an on-line state.
• Sub-filters are executed from the lowest sequence number to the highest. As soon as a match is found the log event is immediately accepted or rejected and no further matching operation is performed. • The default sub-filter must always be the last entry in a filter module. It functions as the rules terminator when the criteria matching performed by the prior sub-filters in a filter does not produce an action. • The default sub-filter cannot be deleted, re-ordered, or changed.
Example Figure 216 Specifying the Criteria for a Filter and then Enabling the Filter 1. 2. 3. 4. The filter named SevWarnFatal adds a sub-filter of the severity type, with a sequence number of 10. The sub-filter specifies that a match for an event log message with a severity of “warning” will be logged. The second sub-filter has a sequence number of 20 and a severity type of major. The sub-filter specifies that a match for an event log message with a severity of “major” will be logged.
This example denies logging of the matching regular expression “port is now on-line” for ports A10, A22, and B5. 1. The filter named noUpPorts adds a sub-filter with a type of regular expression for ports A10, A22, and B5. The sub-filter specifies the matching criteria for the regular expression and if there is a match, the event log message is not logged. 2. The default sub-filter specifies that any message that did not meet the prior matching criteria will be logged. 3.
Figure 221 Output for Specified Logging Filters The following example displays the running-config output.
Adding a description for a Syslog server You can associate a user-friendly description with each of the IP addresses (IPv4 only) configured for syslog using the CLI or SNMP. CAUTION: Entering the no logging command removes ALL the syslog server addresses without a verification prompt. NOTE: The HP enterprise MIB hpicfSyslog.mib allows the configuration and monitoring of syslog for SNMP (RFC 3164 supported.
Configuring the severity level for Event Log messages sent to a syslog server Event Log messages are entered with one of the following severity levels (from highest to lowest): Major A fatal error condition has occurred on the switch. Error An error condition has occurred on the switch. Warning A switch service has behaved unexpectedly. Information Information on a normal switch event. Debug Reserved for HP switch internal diagnostic information.
Operating notes for debug and Syslog • Rebooting the switch or pressing the Reset button resets the debug configuration. Debug option Effect of a reboot or reset logging (debug destination) If syslog server IP addresses are stored in the startup-config file, they are saved across a reboot and the logging destination option remains enabled. Otherwise, the logging destination is disabled. session (debug destination) Disabled. ACL (debug type) Disabled. All (debug type) Disabled.
• When debugging is finished and the no debug all command is entered, the commands being sent to the previously configured Syslog server(s) are not affected, and no additional commands are needed. If both debug event and debug destination logging are configured, duplicate events are not sent to the configured Syslog servers. • The show debug command won’t display debug event or debug destination logging unless the debug event command is executed for buffer or session destinations.
Figure 223 Ping test and link test screen on the WebAgent Destination IP Address is the network address of the target, or destination, device to which you want to test a connection with the switch. An IP address is in the X.X.X.X format where X is a decimal number between 0 and 255. Number of Packets to Send is the number of times you want the switch to attempt to test a connection.
The source IP address must be owned by the router. If a VLAN is specified, the IP address associated with the specified VLAN is used. data-size 0-65471 Size of packet sent. Default: 0 (zero) data-fill 0-1024 The data pattern in the packet. Default: Zero length string ip-option Specify an IP option, such as loose or strict source routing, or an include-timestamp option: include-timestamp: Adds the timestamp option to the IP header. The timestamp displays the amount of travel time to and from a host.
Example Figure 224 Ping tests Halting a ping test before it concludes Press [Ctrl] [C]. Issuing single or multiple link tests Single or multiple link tests can have varying repetitions and timeout periods.
Tracing the route from the switch to a host address This command outputs information for each (router) hop between the switch and the destination address. Note that every time you execute traceroute, it uses the same default settings unless you specify otherwise for that instance of the command.
[dstport 1-34000] Destination port. [srcport 1-34000] Source port. [ip-option] Specify an IP option, such as loose or strict source routing, or an include-timestamp option: [include-timestamp]: Adds the timestamp option to the IP header. The timestamp displays the amount of travel time to and from a host. Default: 9 [include-timestamp-and-address]: Records the intermediate router's timestamp and IP address.
Continuing from the previous example (Figure 226 (page 431)), executing traceroute with an insufficient maxttl for the actual hop count produces an output similar to this: Figure 227 Incomplete traceroute because of low maxttl setting If a network condition prevents traceroute from reaching the destination Common reasons for traceroute failing to reach a destination include: • Timeouts (indicated by one asterisk per probe, per hop) • Unreachable hosts • Unreachable networks • Interference from firew
Displays the running configuration. show config Displays the startup configuration. show running-config Displays the running-config file. Viewing the configuration file (WebAgent) To display the running configuration using the WebAgent: 1. In the navigation pane, click Troubleshooting. 2. Click Configuration Report. 3. Use the right-side scroll bar to scroll through the configuration listing.
Figure 229 show tech command To specify the data displayed by the show tech command, use the copy show tech command. Saving show tech command output to a text file When you enter the show tech command, a summary of switch operational data is sent to your terminal emulator. You can use your terminal emulator's text capture features to save the show tech data to a text file for viewing, printing, or sending to an associate to diagnose a problem.
Figure 231 Entering a path and filename for saving show tech output 3. 4. Click [Start] to create and open the text file. From the global configuration context, enter the show tech command: HP Switch# show tech The show tech command output is copied into the text file and displayed on the terminal emulator screen. When the command output stops and displays the following, press the Space bar to display and copy more information. -- MORE -- The CLI prompt appears when the command output finishes. 5.
To limit the amount of crash data displayed, specify an installed module or management modules, where: • slot-id: Includes the crash data from an installed module. Valid slot IDs are the letters a through h. • master: Includes the crash data from both management modules. crash-log [ slot-id | master ] : Includes the crash logs from all management and interface modules in show tech command output.
pcunix: Specifies whether the connected device is a DOS-based PC or UNIX workstation. Viewing more information on switch operation Use the following commands to display additional information on switch operation for troubleshooting purposes. Syntax show boot-history Displays the crash information saved for each management module on the switch. Syntax show history Displays the current command history. This command output is used for reference or when you want to repeat a command.
Only regular expressions are permitted; symbols such as the asterisk cannot be substituted to perform more general matching. include Only the lines that contain the matching pattern are displayed in the output. exclude Only the lines that contain the matching pattern are not displayed in the output. begin The display of the output begins with the line that contains the matching pattern. NOTE: Pattern matching is case-sensitive.
Figure 233 Pattern matching with exclude option Figure 234 Pattern matching with begin option Figure 235 (page 440) is an example of the show arp command output, and then the output displayed when the include option has the IP address of 15.255.128.1 as the regular expression.
Figure 235 The show arp command and pattern matching with the include option Viewing the information you need to diagnose problems Use the following commands in a troubleshooting session to more accurately display the information you need to diagnose a problem. Syntax alias Creates a shortcut alias name for commonly used commands and command options. Syntax kill Terminates a currently running, remote troubleshooting session. Use the show ip ssh command to list the current management sessions.
Restoring the factory-default configuration As part of your troubleshooting process, it may become necessary to return the switch configuration to the factory default settings.
• system generated private keys • user installed private keys and certificates • legacy manager/operator password files • crypto-key files • fdr logs • core dumps Zeroization can be initiated in one of three ways: • CLI command • During Secure Mode transition, initiated through the secure-mode CLI command executed in a serial session • ROM console command The zeroization process can be time-consuming; for this reason, it is performed during the initial process of a switch reboot.
Example 118 Zeroizing the management module files from the ROM console => erase-all zeroize The system will be rebooted and all management module files except software images will be erased and zeroized. This will take up to 60 minutes and the switch will not be usable during that time. Continue (y/n)? y Zeroizing with HA When zeroization is triggered by a secure mode transition, HA handles zeroization on the AMM and SMM automatically.
3. Because the OS file is large, you can increase the speed of the download by changing the switch console and terminal emulator baud rates to a high speed. For example: a. Change the switch baud rate to 115,200 Bps. = sp 115200 b. 4. Change the terminal emulator baud rate to match the switch speed: i. In HyperTerminal, select CallDisconnect. ii. Select FileProperties. iii. Click on Configure. iv. Change the baud rate to 115200. v. Click on [OK], then in the next window, click on [OK] again. vi.
DNS resolver operation • When the switch is configured with only the IP address of a DNS server available to the switch, a DNS-compatible command, executed with a fully qualified domain name, can reach a device found in any domain accessible through the configured DNS server.
Figure 238 Example using the fully qualified domain name for an accessible target in another domain Configuring and using DNS resolution with DNS-compatible commands (At software release K.13.01, the DNS-compatible commands include ping and traceroute.) 1. Determine the following: 2. 3. • The IP address for a DNS server operating in a domain in your network. • The priority (1 to 3) of the selected server, relative to other DNS servers in the domain.
The no form of the command replaces the configured IP address with the null setting. (Default: null) Syntax [ no ]ip dns domain-name domain-name-suffix This optional DNS command configures the domain suffix that is automatically appended to the host name entered with a DNS-compatible command. When the domain suffix and the IP address for a DNS server that can access that domain are both configured on the switch, you can execute a DNS-compatible command using only the host name of the desired target.
Entity Identity Switch IP address 10.28.192.1 Document server IP address 10.28.229.219 With the above already configured, the following commands enable a DNS-compatible command with the host name docserver to reach the document server at 10.28.229.219.
Figure 243 Example of viewing the current DNS configuration Operating notes • Configuring another IP address for a priority that has already been assigned to an IP address is not allowed. To replace one IP address at a given priority level with another address having the same priority, you must first use the no form of the command to remove the unwanted address. Also, only one instance of a given server address is allowed in the server list.
Locates a switch by using the blue Locate LED on the front panel. blink 1-1440 Blinks the chassis Locate LED for a specified number of minutes (Default: 30 minutes.) on 1-1440 Turns the chassis Locate LED on for a specified number of minutes (Default: 30 minutes.) off Turns the chassis Locate LED off. Example Figure 244 Locating a switch with the chassislocate command For redundant management systems, if the active management module failsover, the Locator LED does not remain lit.
Example 119 Example of output for a specified transceiver The output for show interfaces transceiver is shown below. You can specify multiple ports, separated by commas, and the information for each transceiver will display.
Example 123 Transceiver information displayed with the detail parameter When the show interfaces transceiver detail command is executed, the following information displays.
Table 29 Alarm and error information (GBIC/SFP transceivers only) (continued) Alarm Description TX power low TX power is low Temp high Temperature is high Temp low Temperature is low Voltage High Voltage is high Voltage Low Voltage is low The alarm information for XENPAK transceivers is shown in Table 30 (page 453).
Example 124 Detailed information for a 1000SX Mini-GBIC transceiver An example of the output for the show interfaces transceiver detail for a 1000SX transceiver is shown below.
Testing the Cable Enter the test cable-diagnostics command in any context to begin cable diagnostics for the transceiver. The diagnostic attempts to identify cable faults. The tests may take a few seconds to complete for each interface. There is the potential of link loss during the diagnostic. Syntax test cable-diagnostics Invokes cable diagnostics and displays the results.
Example 126 Example of output from test cable-diagnostics command HP Switch # test cable-diagnostics a23-a24 The ‘test cable-diagnostics’ command will cause a loss of link and will take a few seconds per interface to complete.
Table 31 General transceiver information (continued) Parameter Description 50um multimode fiber. If the transceiver supports multiple transfer media, the values are separated by a comma.
The counters are polled twice per second (every 500 milliseconds), and the event is triggered if the sensitivity threshold is crossed at that time. The sensitivity thresholds are: High 3 transitions in 10 seconds Medium 6 transitions in 10 seconds Low 10 transitions in 10 seconds Configuring the link-flap event and corresponding action applies to all ports and port types (it is a global setting per FFI event type.
Figure 245 Link-flap on port 1 event detail dialog box Transceiver information 459
11 Scalability: IP Address, VLAN, and Routing Maximum Values The following table lists the switch scalability values for the areas of VLANs, ACLs, hardware, ARP, and routing.
Subject Maximum RIP interfaces 128 OSPFv2 Interfaces/subnets 512 (128 active) Max. areas supported 16 ECMP next hops 4 IPv6 Routing Protocol DHCPv6 Helper Addresses 32 unique addresses; multiple instances of same address counts as 1 towards maximum OSPFv3 Interfaces/subnets 512 (128 active) Max. areas supported 16 ECMP next hops 4 1 Actual availability depends on combined resource usage on the switch.
A Chassis Redundancy (8200zl Switches) Viewing management module redundancy status You can display the status of both the management and fabric redundant modules using this command: Syntax show redundancy Displays the status of the management and fabric modules. Example The output for the show redundancy command is seen in Figure 246 (page 462).
When the nonstop-switching option is not selected, the switch enters warm-standby redundancy mode. You are prompted with "All configuration files and software images on the off-line management module will be overwritten with the data from the current active management module. Do you want to continue [y/n]?" The no version of the command disables redundant management.
Figure 248 Enabling nonstop-switching redundancy The no version of the redundancy management-module command is used to disable management module redundancy on the switch, as seen in Figure Figure 249 (page 464). The show redundancy command displays "Mgmt Redundancy" as Nonstop switching disabled. The standby management module in slot MM1 is now offline. The management module in slot MM2 remains the active management module. NOTE: HP recommends that you leave management module redundancy enabled.
The redundancy management-module command shows Nonstop switching redundant management being enabled. The show redundancy command displays “Mgmt Redundancy” as Nonstop switching enabled. Management Module 1 (MM1) is the standby management module and Management Module 2 (MM2) is the active management module. Example Enabling non-stop switching redundancy.
Transitioning from no redundancy to nonstop switching While the switch is transitioning from no redundancy mode to Nonstop switching mode, no configuration changes are allowed. The management modules are syncing information during the transition period.
management module will now reboot and will become the standby module! You will need to use the other management module’s console interface. Do you want to continue [y/n]? In warm-standby mode the warning displays:A warm failover will occur; all networking operations will be interrupted. This management module will now reboot and will become the standby module! You will need to use the other management module’s console interface.
For nonstop switching, the warning displays: "A nonstop switching failover will occur; L2 operations will not be interrupted. This management module will now reboot and will become the standby module! You will need to use the other management module's console interface. Do you want to continue [y/n]?" In warm-standby mode the warning displays: "A warm failover will occur; all networking operations will be interrupted.
If the specified management module is not there or is in failed mode, this message displays: The specified module is not present or is in failed state. Example Figure 251 (page 469) shows an example of setting management module 2 to be the active management module.
Figure 252 Showing the results of switching to standby module when redundancy is disabled Hotswapping out the active management module 1. On the management module to be hotswapped out, press the MM Shutdown button. It is located between the Module Operation and Component Status LEDs. (See Figure 253 (page 470).) Figure 253 The MM Shutdown button 2. 3. The Dwn LED to the right of the MM Shutdown button begins flashing green. File synchronization will complete before shutdown occurs.
4. 5. The Dwn LED on the management module being hotswapped out turns green and all other LEDs go out when it is OK to remove the module. The module being hotswapped out goes into offline mode. In the offline mode, the module cannot take over when the active module fails over.
SSM FM1 FM2 A B C D E F G H I J K L HP HP HP HP HP HP HP HP HP HP HP HP HP HP HP J9095A J9093A J9093A J9536A J8702A J9840A J8705A J9857A J8708A J9154A J9051A J9545A J9051A J9154A System Support Module SG911BZ00N Fabric Module 8200zl SG911BQ015 Fabric Module 8200zl SG911BQ04T 20p GT PoE+/2p SFP+ v2 zl...
Example Figure 256 show redundancy detail command Viewing which software version is in each flash image The show flash command displays which software version is in each flash image. The Default Boot field displays which flash image will be used for the next boot.
When redundancy is disabled, the output of the show version command changes, as shown in Figure 259 (page 474). Example Figure 259 show version command when redundancy is disabled Viewing the status of the switch and its management modules The show logging command displays the status of the switch and its management modules. See “Displaying module events” (page 477). To show log messages in reverse chronological order (most recent messages displayed first), enter show log -r.
Example Figure 261 show redundancy command for standby module Viewing the flash information on the standby module Use the show flash command to display the flash information on the standby module, as shown in Figure 262 (page 475). The Default Boot field displays which flash image will be used for the next boot.
Syntax boot set-default flash [ primary | secondary Sets the flash image to boot from on the next boot. primary Boots the primary flash image. secondary Boots the secondary flash image. ] Example Figure 264 (page 476) shows an example of the output when the command is used to set the boot default to secondary flash.
Example Figure 265 reload command with redundancy enabled Displaying module events Viewing log events The log file displays messages about the activities and status of the management modules. Enter this command to display the messages: Syntax show logging [ -a, -b, -r, -s, -t, -m, -p, -w, -i, -d, option-str ] Displays log events. The event messages are tagged with the management module state and the management module slot (AM1 or AM2, SM1 or SM2.
Example Figure 266 Log file listing Copying crash file information to another file Crash logs for all modules are always available on the active management module. You can use the copy crash-log and copy crash-data commands to copy the information to a file of your choice. Syntax copy crash-log [ slot-id | mm ] tftp ip-address filename Copies the crash logs of both the active and standby management modules to a user-specified file.
Displays the system boot log. Example Figure 267 The system boot log file Enabling and disabling fabric modules The fabric modules can be enabled or disabled even if they are not present in the switch. You cannot disable both fabric modules at the same time; one must be enabled. Use this command to enable or disable the redundant fabric modules. Disabling one fabric module reduces the overall switching capacity of the 8200zl series switches.
to the standby management module. The standby management module now becomes the active management module. Management module redundancy keeps the switch operating and reduces network downtime.
About directing the standby module to become active To make the standby management module become the active management module, use the redundancy switchover command. The switch will switchover after all files have finished synchronizing. In nonstop switching mode: • The switchover occurs quickly and seamlessly; no reboot is needed. • There is no interruption in switching operations.
Example Example 128 Example of enabling nonstop switching for VRRP and then displaying the output This example shows nonstop VRRP being enabled. The show vrrp config command output displays the enabled status (see bold line below.
The configuration is shown graphically in Figure 269 (page 483). Figure 269 Example of nonstop routing configuration Nonstop forwarding with RIP On a Nonstop RIP router, the traffic does not get re-routed when the MM fails over. A request packet is sent on failover that asks for the router’s peers to send routing updates to the requesting router. There is no loss of routed traffic.
Syntax (ospf)# [no] nonstop Enables nonstop forwarding for OSPFv2. The no version of the command disables nonstop forwarding. The commands must be executed in ospf context. Default: Disabled Example 131 Example of enabling nonstop forwarding for OSPFv2 HP Switch(ospf)# nonstop Configuring restart parameters for OSPFv2 Syntax (ospf)# [no] restart interval 1-1800 [strict-lsa-checking] Specify the graceful restart timeout interval in seconds.
Example 132 Example of output showing status of nonstop forwarding for OSPFv2 (HP_Switch_name#) show ip ospf general OSPF General Status OSPF protocol :enabled Router ID :10.10.10.80 . . . Nonstop forwarding : Enabled Graceful Restart Interval : 500 Graceful Restart Helper Mode : Enabled . . . Enabling nonstop forwarding for OSPFv3 The routing switch must be in ospf3 context when enabling Nonstop forwarding for OSPFv3. To enable nonstop forwarding, enter this command.
Example 134 Example of output showing status of nonstop forwarding for OSPFv3 (HP_Switch_name#) show ipv6 ospf3 general OSPFv3 General Status OSPFv3 protocol :enabled Router ID :10.10.10.80 . . . Nonstop forwarding : Enabled Graceful Restart Interval : 500 Graceful Restart Helper Mode : Enabled . . .
When switchover will not occur There are some events for which a switchover is not triggered: • When a boot system command is executed • When the Clear button on the System Support module is pressed • When management module redundancy is disabled, unless there is a hardware failure and the system is rebooted.
2. 3. 4. The module that was hotswapped in then reboots if necessary to primary or secondary flash, whichever matches (if it does not already match.) After the hotswapped management module finishes booting, it is sent the config and other critical files from the active management module. The hotswapped management module goes into standby mode and is ready to take over in case of a switchover.
Table 32 Example of upgrading software version K.15.01.0003 to version K.15.01.0004 Newer code to secondary flash New code to primary flash Active MM Standby MM Active MM Standby MM Software version downloaded to Primary flash image K.15.01.0003 K.15.01.0003 K.15.01.0004 K.15.01.0004 Software version downloaded to Secondary flash image K.15.01.0004 K.15.01.0004 K.15.01.0003 K.15.01.
Figure 270 Booting the standby management module to secondary flash CAUTION: If you have booted one module out of primary flash and one module out of secondary flash, and the secondary flash is running a prior software version because the latest version was never copied over from the primary flash, you will have a software version mismatch. The configuration file may not work with that software version.
Figure 271 Example of a software version mismatch between the active and standby modules Downloading a software version serially if the management module is corrupted If the software version on a management module becomes corrupted, you may need to do a serial download to restore the affected module. The non-corrupted management module becomes the active module. You can then use the serial port on the corrupted management module to download a new software version.
Figure 272 (page 492) shows that redundant management was disabled. Figure 272 Results of disabling redundancy Disable management module redundancy with only one module present If you disable redundancy when there is only one management module in the switch, and then you insert a second management module, the second module never goes into standby mode.
If you select y, switchover is initiated by the standby management module, which becomes the active management module after boot completes. If the standby module is not in standby mode (for example, it is in failed mode or offline mode), switchover to the standby module does not occur.
Figure 274 Showing boot command with default flash set to secondary CAUTION: For a given reboot, the switch automatically reboots from the startup-config file assigned to the flash (primary or secondary) being used for the current reboot. The startup-default command can be used to set a boot configuration policy. This means that both the flash image and one of the three configuration files can be specified as the default boot policy.
Command Action chassislocate If the management module performs a switchover, the LED does not remain lit. clear The clear crypto command causes public keys to be deleted from both modules when the second module is in standby mode. console Console settings, such as mode, flow-control, and baud-rate, are the same on both management modules. There cannot be individual settings for each management module.
Command Action startup-default Affects both modules. The config file is immediately sent to the standby module and also becomes the default on that module when the next boot occurs. update Affects only the active module. The standby may become the active module when the updated active module is booted. write A write memory updates the config file in flash on the active module. The file is then sync'd to the standby module.
3. 4. 5. 6. 7. If there are two management modules and one fails selftest, the one that passes selftest becomes the active management module. If only one of two modules was ever booted in the chassis, that module is given precedence. The module that was active on the last boot becomes the active management module. This guarantees that the active module has the latest configuration data.
During initial syncing, no SNMP set requests are executed, except the SNMP request for ping.
• HP Wireless Edge Services zl Module (J9051A) and Redundant Wireless Services zl Module (J9052A) • HP MSM765zl Mobility Controller (J9370A) During a nonstop switching failover, unsupported modules will not failover seamlessly to the standby module. A nonstop switching failover causes a forced reboot on these modules. After rebooting, these modules then sync with the newly active management module and begin operation again. Module traffic is disconnected until the module completes the reboot process.
Use the 'slot' argument to display CPU utilization for the specified modules, rather than the chassis CPU. Use the 'process' argument to display module process usages. show cpu process help Usage: show cpu process [slot [SLOT-LIST][refresh ]] [refresh ] Description: Display module process usage.
show cpu process slot SLOT-ID-RANGE Enter an alphabetic device slot identifier or slot range show cpu process slot A refresh Number of times to refresh process usage display show cpu process slot A refresh INTEGER Enter an integer number show cpu process slot A refresh 10 Command ouput show cpu process HP-5406zl# show cpu process | Recent | % | Time Since| Times | Max Process Name | Priority | Time | CPU | Last Ran | Ran | Time --------------------+----------+-------
B MAC Address Management Overview The switch assigns MAC addresses in these areas: • For management functions, one Base MAC address is assigned to the default VLAN (VID = 1.) (All VLANs on the switches covered in this guide use the same MAC address.) • For internal switch operations: One MAC address per port. MAC addresses are assigned at the factory. The switch automatically implements these addresses for VLANs and ports as they are added to the switch.
NOTE: The Base MAC address is used by the first (default) VLAN in the switch. This is usually the VLAN named "DEFAULT_VLAN" unless the name has been changed (by using the VLAN Names screen.) On the switches covered in this guide, the VID (VLAN identification number) for the default VLAN is always "1," and cannot be changed. • From the Main Menu, select 1. Status and Counters 2. Switch Management Address Information If the switch has only the default VLAN, the following screen appears.
Example An HP 8212zl switch with the following module configuration shows MAC address assignments similar to those shown in Figure 278 (page 504): • A 4-port module in slot A, a 24-port module in slot C, and no modules in slots B and D • Two non-default VLANs configured Figure 278 Example of Port MAC address assignments on a switch 504 MAC Address Management
C Network Out-of-Band Management (OOBM) for the 6600 Switch OOBM Configuration OOBM configuration commands can be issued from the global configuration context (config) or from a specific OOBM configuration context (oobm.) Entering the OOBM configuration context from the general configuration context Syntax oobm Enters the OOBM context from the general configuration context.
Syntax interface [ enable | disable ] From the general configuration context: Syntax oobm interface [ enable | disable ] Enables or disables the networked OOBM interface (port.) Examples HP Switch (oobm)# interface enable HP Switch (config)# oobm interface disable Setting the OOBM port speed The OOBM port operates at 10 Mbps or 100 Mbps, half or full duplex. These can be set explicitly or they can be automatically negotiated using the auto setting.
Syntax [ no ] oobm ip address [ dhcp-bootp | ip-address/mask-length ] Configures an IPv4 address for the switch's OOBM interface. You can configure an IPv4 address even when global OOBM is disabled; that address will become effective when OOBM is enabled. Example HP Switch (oobm)# ip address 10.1.1.17/24 Configuring an OOBM IPv4 default gateway Configuring an IPv4 default gateway for the OOBM interface is similar to VLAN default gateway configuration, but it is accomplished within the OOBM context.
OOBM Interface Status : Up OOBM Port : Enabled OOBM Port Speed : Auto Showing OOBM IP configuration Syntax show oobm ip Summarizes the IP configuration of the OOBM interface. This command displays the status of IPv4 (enabled/disabled), the IPv4 default gateway, and the IPv4 address configured for the interface. You can issue this command from any context. Example HP Switch# show oobm ip Showing OOBM ARP information Syntax show oobm arp Summarizes the ARP table entries for the OOBM interface.
Examples Telnet: no telnet-server SSH: no ip ssh … SNMP: no snmp-server … TFTP: no tftp server HTTP: no web-management … The show servers command shows the listen mode of the servers: HP Switch# show servers Server listen mode Server Listen mode ----------------------------Telnet | both Ssh | both Tftp | both Web-management | both Snmp | both Application client commands CLI commands for client applications have added the oobm keyword to allow you to specify that the outgoing request be issued from the OOBM
Management and Configuration Guide Traceroute: traceroute [...] [source [ ip-address | vlan-id | oobm ]] Management and Configuration Guide Example Figure 279 (page 510) shows setup and use of network OOBM using the commands described above. Assume that the figure below describes how you want to set up your data center. Figure 279 Example data center Assume that you are configuring the switch in the left-hand rack to communicate on both the data and management networks.
10.1.131.51 is alive, time = 15 ms Switch 41# ping 10.255.255.42 The destination address is unreachable. Switch 41# ping source oobm 10.255.255.42 10.255.255.42 is alive, time = 2 ms Switch 41# Ping switch in adjacent rack. Oops! It’s on the management network. Go through the management port and it works fine.
Table 34 Switch management ports In band Out of band Networked Directly connected Networked Management interface Command line (CLI), menu, Web Command line (CLI), menu Command line (CLI), menu Communication plane Data plane Management plane Management plane Connection port Any data port Dedicated serial or USB console port Dedicated networked management port Connector type Usually RJ-45; also CX4, SFP, SFP+, and XFP DB9 serial, serial-wired 8-pin RJ-45 RJ Advantages Allows centralized m
OOBM and switch applications The table below shows the switch applications that are supported on the OOBM interface as well as on the data interfaces. In this list, some applications are client-only, some are server-only, and some are both.
Index A ACL Transferring command files, 298 ACL criteria Configuring inbound traffic, 318, 323 Authentication keys Enryption keys, 295 Auto-MDI/MDI-X Configuring, 90 Autorun Behavior when USB port is disabled, 299 Configuring passwords, 301 Operations Secure-mode, 301 Secure mode, 301 B Bootp/DHCP, LLDP, 224 Broadcast limit Configuring, 175 Broadcast mode SNTP, 55 Broadcast storm Definition, 134 Event logs, 134 Broadcast-storm Configuration, 133 C CDP, 237, 265 Configuring mode, 235 Enabling/disabling ope
interface enable/disable, 506 interface lacp active, 135 interface mdix-mode auto-mdix, 91 interface monitor ip access-group , 353 interface name, 93 interface port-list enable | disable, 87 interface port/trunk/mesh, 320 interface power-over-ethernet, 110 interface service-policy, 331 interface speed-duplex, 506 ip ssh listen, 508 ip timep, 26 dhcp | manual, 38, 63 ip timep , 60 ip timep dhcp, 26, 62 ip timep manual, 28, 61 ip timep manual ip-addr, 62 ip-address, 38 jumbo ip-mtu size, 183 jumb
no sflow receiver-instance, 217 no sflow receiver-instance destination, 217 no snmp-server community, 200 no snmp-server enable traps, 205 no snmp-server enable traps link-change, 207 no snmp-server enable traps mac-count-notify, 212 no snmp-server enable traps mac-notify, 214 no snmp-server enable traps startup-config-change, 208 no snmp-server enable trapsfig-change, 207 no snmp-server host, 202, 246 no snmp-server response-source, 210 no snmp-server trap-source, 211 no snmpv3 community, 199 no snmpv3 ena
show monitor endpoint, 333 show name, 94, 95 show oobm, 507 show oobm arp, 508 show policy config, 331, 337 show policy resources, 331, 337 show power-over-ethernet, 117, 120 show power-over-ethernet brief, 118 show rate-limit all, 171 show rate-limit icmp, 174 show redundancy, 462 show resources qos | access-list | policy, 69 show running-config, 176, 240 show running-config changes-history, 209 show services, 76, 77 show services blink off | on, 82 show services device, 77, 78 show services locator Show s
D Data change notifications Minimal interval, 223 Debug Event message types Destinations, 407 Debug command Destinations, 413 Event types supported, 395 Sending event log messages External device, 396 Debug configuring Debug destinations, 407 Debug messages Message filtering, 412 Debug/syslog messaging, 395 Debug/syslog messaging destination devices, 400 Debug/syslog operation, 395 DHCP mode Enabling TimeP, 26 DHCP/Bootp, LLDP, 224 Distributed trunk IP routing, 166 Keepalive software versions, 169 Distribut
Viewing status, 314 IP Time server address, 43 IP MTU Configuring value, 183 J Jumbo frame Configuration, 181 Configuring maximum size, 182 Enabling/disabling traffic, 182 Maximum size, 194 Operation, 183 Overview, 181 Viewing current configuration, 181 Viewing maximum size, 183 Jumbo frames IP MTU, 194 MTU, 192 Operations, 192 Traffic handling, 193 L LACP Clear statistics, 267 Default port operation, 154 Port security, 155 Restrictions, 155 LACP configuration, 267 LACP port Port-based access control 802.
Viewing port admin View SNMP notification status, 219 Viewing port configuration, 220 Viewing statistics, 233, 263 LLDP data management CDP data management, 264 LLDP neighbor data management CDP neighbor data management, 265 LLDP-MED, 252 Classes, 259 Configuring location data, 229 Enabling/disabling, 253 Enabling/disabling TLVs, 228 Fast start control, 227 Location data, 261 Operations, 259 PoE advertisements, 261 PoE status Advertising device capability, 260 Topology change notification, 227 Viewing port-
running config file, 338 Viewing local, 335 Viewing MAC-based, 334 Viewing resource usage, 337 Viewing statistics, 337 Mirroring sessions Destination, 342 Multiple application, 358 Viewing configuration, 331 Mirroring traffic Destination, 343 Operations, 365 Selection criteria, 344 Sources, 344 Troubleshooting, 367 Module Clearing the configuration, 105 Configuration restrictions, 105 configuring, 97 Module configuration Clearing, 97 Modules Port configuration, 105 Monitored traffic Configuring, 320 MSTP Ac
Viewing Menu, 92 Port connection Identify specific device, 312 Port connections and configuration Overview, 144 Port counter Viewing summary report, 308 Port counters Resetting statistics, 309 Port mode Enabling and configuring port mode Disabling port mode, 87 Port shutdown Broadcast Storm, 132 Port specified Connected devices, 313 Viewing and searching for MAC addresses, 312 Port speed Configuring duplex advertisements, 225 Port speed and duplex Viewing current configuration, 232 Port Status Viewing Menu,
Viewing redundancy role, 472 Viewing system software image, 473 Remote endpoints Viewing configuration, 333 Remote mirroring Traffic destination, 344 Remote mirroring destination Configuring on local switch, 319 Remote mirroring session Configuring destination, 324 Configuring source switch, 325 resource monitor event log, 72 Resource usage Viewing, 69 resource usage insufficient resources, 72 RMON groups supported Advanced management, 249 S Scalability IP address/VLAN Routing maximum values, 460 SCP and S
Mapping, 244 Configuring notifications, 203 Configuring users, 196 Enabling, 196 Enabling/disabling access, 197 Enabling/disabling restrictions non-SNMPv3, 197 Enabling/disabling restrictions to access, 197 Group access levels, 243 Mapping, 198 Viewing management stations Access and view switch authentication, 197 Viewing message reception status, 197 Viewing messages, 197 Viewing operating status, 197 SNTP Adding addresses, 36 Adding server addresses, 49 Associating a key, 51 Associating a key to a server,
Origin identifier, 399 Syslog servers, 396 Blocking messages, 416 Config friendly descriptions, 423 Configuration, 415 Deleting addresses, 416 Disabling logging, 416 Event messages, 396 Facility, 396 Filtering, 396 Notification types, 396 Origin, 396 Port numbers, 396 Sending with UDP/TCP, 416 Severity, 396 Transmission interval, 396 Transport layers, 396 Viewing addresses, 416 Syslog/debug Operating notes, 425 System information Accessing Menu, 305 viewing information, 302 T Task monitor Collecting data,
ACL, 371 Disallowed routed access, 372 Implicit deny any function, 372 IP Layer 3 packet filter, 371 Authentication Control authorized, 375 Duplicate MAC address, 375 Port security, 376 Broadcast storms, 377 Broken SSH connection, 297 Cable testing, 455 Clear/reset factory default, 441 Configuring DNS entries, 446 Configuring Syslog servers and debug destinations, 400 Console access problems, 369 Customizing show tech output, 435 DHCP Duplicate IP address, 370 Diagnostics tools, 426 DNS operating notes, 449
Monitor port, 380 Port connection failure, 380 Routing functions, 372 STP blocks, 377 VLAN tagged traffic Communication lost, 376 Web browser access problems, 369 WebAgent access problems, 369 zeroization remove customer installed files, 441 Zeroizing from ROM console, 442 Zeroizing with HA, 443 troubleshooting resource usage, 71 restoring factory default configuration, 441 Troublshooting Autorun, 300 DNS configuration, 448 DNS ping and traceroute, 447 Non-default prioritization Failed specified action, 371
W Warn Definition, 134 Warn and disable Definition, 134 WebAgent Status and counter screens Telnet, 302 Status information, 317 X Xmodem copying a configuration file Serial connected PC, 280 Copying a software image Serially connected PC, 278 Downloading software, 273 Downloading software to flash Menu, 274 terminal emulator, 273 Uploading ACL files Serially connected PC or Unix, 283 528 Index