Management and Configuration Guide 2610 2610-PWR ProCurve Switches R.11.XX www.procurve.
ProCurve Switch 2610 Series Switch 2610-PWR Series November 2008 Management and Configuration Guide
© Copyright 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Publication Number 5991-8640 November 2008 Applicable Products ProCurve Switch 2610-24 ProCurve Switch 2610-48 ProCurve Switch 2610-24-PWR ProCurve Switch 2610-48-PWR ProCurve Switch 2610-24/12-PWR (J9085A) (J9088A) (J9087A) (J9089A) (J9086A) Trademark Credits Microsoft, Windows, and Windows NT are US registered trademarks of Microsoft Corporation.
Contents Product Documentation Software Feature Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii 1 Getting Started Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Starting and Ending a Menu Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 How To Start a Menu Interface Session . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 How To End a Menu Session and Exit from the Console: . . . . . . . . . . 3-5 Main Menu Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 Screen Structure and Navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9 Rebooting the Switch . .
Tasks for Your First Web Browser Interface Session . . . . . . . . . . . . . . . . . 5-7 Viewing the “First Time Install” Window . . . . . . . . . . . . . . . . . . . . . . . . 5-7 Creating Usernames and Passwords in the Browser Interface . . . . . . 5-8 Using the Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10 Using the User Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10 If You Lose a Password . . . . . . . . . . . . . . . . . . . . .
Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-22 Multiple Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-23 General Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-24 Listing and Displaying Startup-Config Files . . . . . . . . . . . . . . . . . . . . . 6-26 Viewing the Startup-Config File Status with Multiple Configuration Enabled . . . . . . . . . . .
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3 Just Want a Quick Start with IP Addressing? . . . . . . . . . . . . . . . . . . . . 8-4 IP Addressing with Multiple VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4 IP Addressing in a Stacking Environment . . . . . . . . . . . . . . . . . . . . . . .
Address Prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-21 Adding and Deleting SNTP Server Addresses . . . . . . . . . . . . . . . . . . . 9-22 Menu Interface Operation with Multiple SNTP Server Addresses Configured . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-23 SNTP Messages in the Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Operating Rules for Port-Based Priority . . . . . . . . . . . . . . . . . . . . . . 10-32 Configuring and Viewing Port-Based Priority . . . . . . . . . . . . . . . . . . 10-33 Messages Related to Prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-34 Troubleshooting Prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-34 Using Friendly (Optional) Port Names . . . . . . . . . . . . . . . . . . . . . . . . . . .
Assigning PoE Ports to VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-14 Applying Security Features to PoE Configurations . . . . . . . . . . . . . 11-14 PoE Event Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-15 12 Port Trunking Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SNMP Version 3 Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-8 Group Access Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-11 SNMP Communities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-12 Menu: Viewing and Configuring non-SNMP version 3 Communities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-14 CLI: Viewing and Configuring SNMP Community Names . . . .
A File Transfers Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2 Downloading Switch Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2 General Switch Software Download Rules . . . . . . . . . . . . . . . . . . . . . A-3 Using TFTP To Download Switch Software from a Server . . . . . . . .
General System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-6 Menu Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-6 CLI Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-6 Switch Management Address Information . . . . . . . . . . . . . . . . . . . . . . B-7 Menu Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-7 CLI Access . . . . .
Unusual Network Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-7 General Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-7 Prioritization Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-8 IGMP-Related Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-8 LACP-Related Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
D MAC Address Management Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-2 Determining MAC Addresses in the Switch . . . . . . . . . . . . . . . . . . . . . . . . D-2 Menu: Viewing the Switch’s MAC Addresses . . . . . . . . . . . . . . . . . . . . D-3 CLI: Viewing the Port and VLAN MAC Addresses . . . . . . . . . . . . .
xvi
Product Documentation Note For the latest version of all ProCurve switch documentation, including release notes covering recently added features, visit the ProCurve Networking website at www.procurve.com. Click on Technical support, and then click on Product manuals. Printed Publications The two publications listed below are printed and shipped with your switch. The latest version of each is also available in PDF format on the ProCurve Web site, as described in the Note at the top of this page.
Product Documentation Software Feature Index For the software manual set supporting your switch model, the following feature index indicates which manual to consult for information on a given software feature. (Note that some software features are not supported on all switch models.) Feature Management and Configuration Advanced Traffic Management Access Security Guide 802.1Q VLAN Tagging - X - 802.
Product Documentation Feature Management and Configuration Advanced Traffic Management Access Security Guide File Transfers X - - Friendly Port Names X GVRP - X - IGMP - X - Interface Access (Telnet, Console/Serial, Web) X - - Jumbo Packets X - - IP Addressing X - - IP Routing - X - LACP X - - Link X - - LLDP X - - LLDP-MED X - - Loop Protection - - MAC Address Management X - - MAC Lockdown - - X MAC Lockout - - X MAC-based Authentication -
Product Documentation Feature Management and Configuration Advanced Traffic Management Access Security Guide Port Trunking (LACP) X - - Port-Based Access Control - - X Port-Based Priority (802.
Product Documentation Feature Management and Configuration Advanced Traffic Management Access Security Guide Uni-Directional Link Detection (UDLD) X - - VLANs - X - Web-based Authentication - - X Xmodem X - - xxi
Product Documentation xxii
1 Getting Started Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Feature Descriptions by Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Command Syntax Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Command Prompts . . . . . . . . . . . . . . . . . . .
Getting Started Introduction Introduction This Management and Configuration Guide is intended to support the following switches: ■ ProCurve Series 2610 ■ ProCurve Series 2610-PWR This guide describes how to use the command line interface (CLI), menu interface, and web browser interface to configure, manage, and monitor switch operation. A troubleshooting chapter is also included. For an overview of other product documentation for the above switches, refer to “Product Documentation” on page xvii.
Getting Started Conventions ■ Square brackets ( [ ] ) indicate optional elements. ■ Braces ( < > ) enclose required elements. ■ Braces within square brackets ( [ < > ] ) indicate a required element within an optional choice. ■ Boldface indicates use of a CLI command, part of a CLI command syntax, or other displayed element in general text. For example: “Use the copy tftp command to download the key from a TFTP server.
Getting Started Sources for More Information ProCurve(config)# ip default-gateway 18.28.152.1/24 ProCurve(config)# vlan 1 ip address 18.28.36.152/24 ProCurve(config)# vlan 1 ip igmp Port Identity Examples This guide describes software applicable to both chassis-based and stackable ProCurve switches. Where port identities are needed in an example, this guide uses the chassis-based port identity system, such as “A1”, “B3 - B5”, “C7”, etc.
Getting Started Sources for More Information Online Help for Menu Figure 1-2. Getting Help in the Menu Interface ■ For information on a specific command in the CLI, type the command name followed by “help”. For example: Figure 1-3. Getting Help in the CLI ■ For information on specific features in the Web browser interface, use the online help. For information on Help options, see “Online Help for the Web Browser Interface” on page 5-1.
Getting Started Need Only a Quick Start? Need Only a Quick Start? IP Addressing If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using multiple VLANs, ProCurve recommends that you use the Switch Setup screen to quickly configure IP addressing. To do so, do one of the following: ■ Enter setup at the CLI Manager level prompt. ProCurve# setup ■ In the Main Menu of the Menu interface, select 8.
2 Selecting a Management Interface Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Advantages of Using the Menu Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 Advantages of Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 Advantages of Using the Web Browser Interface . . . . . . . . . . . . . . . . . . . . .
Selecting a Management Interface Overview Overview Management interfaces enable you to reconfigure the switch and to monitor switch status and performance.
Selecting a Management Interface Advantages of Using the Menu Interface Advantages of Using the Menu Interface Figure 2-1.
Selecting a Management Interface Advantages of Using the CLI ■ Allows faster navigation, avoiding delays that occur with slower display of graphical objects over a web browser interface. ■ Provides more security; configuration information and passwords are not seen on the network. Advantages of Using the CLI ProCurve> Operator Level ProCurve# Manager Level ProCurve(config)# Global Configuration Level ProCurve()# Context Configuration Levels (port, VLAN) Figure 2-2.
Selecting a Management Interface Advantages of Using the Web Browser Interface Advantages of Using the Web Browser Interface Figure 2-3.
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus Advantages of Using ProCurve Manager or ProCurve Manager Plus You can operate ProCurve Manager and ProCurve Manager Plus (PCM and PCM+) from a PC on the network to monitor traffic, manage your hubs and switches, and proactively recommend network changes to increase network uptime and optimize performance. Easy to install and use, PCM and PCM+ are the answers to your management challenges.
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus RMON and sFlow, users can monitor overall traffic levels, segments with the highest traffic, or even the top users within a network segment. • Group and Policy Management: Changes in configuration are tracked and logged, and archived configurations can be applied to one or many devices. Configurations can be compared over time or between two devices, with the differences highlighted for users.
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus 2-8
3 Using the Menu Interface Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Starting and Ending a Menu Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 How To Start a Menu Interface Session . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 How To End a Menu Session and Exit from the Console: . . . . . . . . . . 3-5 Main Menu Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using the Menu Interface Overview Overview This chapter describes the following: ■ Overview of the Menu Interface ■ Starting and ending a Menu session (page 3-3)) ■ The Main Menu (page 3-7)) ■ Screen structure and navigation (page 3-9)) ■ Rebooting the switch (page 3-12)) The menu interface operates through the switch console to provide you with a subset of switch commands in an easy-to-use menu format enabling you to: ■ Perform a quick configuration of basic parameters, such as the IP addressin
Using the Menu Interface Starting and Ending a Menu Session Note If the switch has neither a Manager nor an Operator password, anyone having access to the console interface can operate the console with full manager privileges. Also, if you configure only an Operator password, entering the Operator password enables full manager privileges. For more information on passwords, see the chapter on local passwords in the Access Security Guide for your switch.
Using the Menu Interface Starting and Ending a Menu Session How To Start a Menu Interface Session In its factory default configuration, the switch console starts with the CLI prompt. To use the menu interface with Manager privileges, go to the Manager level prompt and enter the menu command. 1. Use one of these methods to connect to the switch: • A PC terminal emulator or terminal • Telnet (You can also use the stack Commander if the switch is a stack member). 2. 3.
Using the Menu Interface Starting and Ending a Menu Session Figure 3-1. The Main Menu with Manager Privileges For a description of Main Menu features, see “Main Menu Features” on page 3-7). Note To configure the switch to start with the menu interface instead of the CLI, go to the Manager level prompt in the CLI, enter the setup command, and in the resulting display, change the Logon Default parameter to Menu.
Using the Menu Interface Starting and Ending a Menu Session Asterisk indicates a configuration change that requires a reboot to activate. Figure 3-2. An Asterisk Indicates a Configuration Change Requiring a Reboot 1. In the current session, if you have not made configuration changes that require a switch reboot to activate, return to the Main Menu and press [0] (zero) to log out. Then just exit from the terminal program, turn off the terminal, or quit the Telnet session. 2.
Using the Menu Interface Main Menu Features Main Menu Features Figure 3-3. The Main Menu View with Manager Privileges The Main Menu gives you access to these Menu interface features: ■ Status and Counters: Provides access to display screens showing switch information, port status and counters, port and VLAN address tables, and spanning tree information. (See Appendix B, “Monitoring and Analyzing Switch Operation”.
Using the Menu Interface Main Menu Features 3-8 ■ Command Line (CLI): Selects the Command Line Interface at the same level (Manager or Operator) that you are accessing in the Menu interface. (See chapter 4, “Using the Command Line Interface (CLI)”.) ■ Reboot Switch: Performs a “warm” reboot of the switch, which clears most temporary error conditions, resets the network activity counters to zero, and resets the system up-time to zero.
Using the Menu Interface Screen Structure and Navigation Screen Structure and Navigation Menu interface screens include these three elements: ■ Parameter fields and/or read-only information such as statistics ■ Navigation and configuration actions, such as Save, Edit, and Cancel ■ Help line to describe navigation options, individual parameters, and readonly data For example, in the following System Information screen: Screen title – identifies the location within the menu structure Parameter fields
Using the Menu Interface Screen Structure and Navigation Table 3-1. 3-10 How To Navigate in the Menu Interface Task: Actions: Execute an action from the “Actions –>” list at the bottom of the screen: Use either of the following methods: • Use the arrow keys ([<] or [>]) to highlight the action you want to execute, then press [Enter]. • Press the key corresponding to the capital letter in the action name.
Using the Menu Interface Screen Structure and Navigation To get Help on individual parameter descriptions. In most screens there is a Help option in the Actions line. Whenever any of the items in the Actions line is highlighted, press [H], and a separate help screen is displayed. For example: Pressing [H] or highlighting Help and pressing [Enter] displays Help for the parameters listed in the upper part of the screen Highlight on any item in the Actions line indicates that the Actions line is active.
Using the Menu Interface Rebooting the Switch Rebooting the Switch Rebooting the switch from the menu interface ■ Terminates all current sessions and performs a reset of the operating system ■ Activates any menu interface configuration changes that require a reboot ■ Resets statistical counters to zero (Note that statistical counters can be reset to zero without rebooting the switch.) To Reboot the switch, use the Reboot Switch option in the Main Menu.
Using the Menu Interface Rebooting the Switch Rebooting To Activate Configuration Changes. Configuration changes for most parameters in the menu interface become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the Maximum VLANs to support parameter. (To access this parameter, go to the Main Menu and select: 2. Switch Configuration 8. VLAN Menu 1. VLAN Support.
Using the Menu Interface Menu Features List Menu Features List Status and Counters • General System Information • Switch Management Address Information • Port Status • Port Counters • Address Table • Port Address Table • Spanning Tree Information Switch Configuration • System Information • Port/Trunk Settings • Network Monitoring Port • Spanning Tree Operation • IP Configuration • SNMP Community Names • IP authorized Managers • VLAN Menu Console Passwords Event Log Command Lin
Using the Menu Interface Where To Go From Here Where To Go From Here This chapter provides an overview of the menu interface and how to use it. The following table indicates where to turn for detailed information on how to use the individual features available through the menu interface. Option: Turn to: To use the Run Setup option Refer to the Installation and Getting Started Guide shipped with the switch.
Using the Menu Interface Where To Go From Here 3-16
4 Using the Command Line Interface (CLI) Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Privilege Levels at Logon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using the Command Line Interface (CLI) Overview Overview The CLI is a text-based command interface for configuring and monitoring the switch. The CLI gives you access to the switch’s full set of commands while providing the same password protection that is used in the web browser interface and the menu interface. Accessing the CLI Like the menu interface, the CLI is accessed through the switch console, and, in the switch’s factory default state, is the default interface when you start a console session.
Using the Command Line Interface (CLI) Using the CLI Startup Config file in non-volatile memory. If you reboot the switch without first using write memory, all changes made since the last reboot or write memory (whichever is later) will be lost. For more on switch memory and saving configuration changes, see Chapter 6, “Switch Memory and Configuration”. Privilege Levels at Logon Privilege levels control the type of access to the CLI. To implement this control, you must set at least a Manager password.
Using the Command Line Interface (CLI) Using the CLI Caution ProCurve strongly recommends that you configure a Manager password. If a Manager password is not configured, then the Manager level is not passwordprotected, and anyone having in-band or out-of-band access to the switch may be able to reach the Manager level and compromise switch and network security. Note that configuring only an Operator password does not prevent access to the Manager level by intruders who have the Operator password.
Using the Command Line Interface (CLI) Using the CLI Manager Privileges Manager privileges give you three additional levels of access: Manager, Global Configuration, and Context Configuration. (See figure .) A "#" character delimits any Manager prompt. For example: ProCurve#_ ■ Example of the Manager prompt. Manager level: Provides all Operator level privileges plus the ability to perform system-level actions that do not require saving changes to the system configuration file.
Using the Command Line Interface (CLI) Using the CLI Changing Interfaces. If you change from the CLI to the menu interface, or the reverse, you will remain at the same privilege level. For example, entering the menu command from the Operator level of the CLI takes you to the Operator privilege level in the menu interface. Table 4-1.
Using the Command Line Interface (CLI) Using the CLI How To Move Between Levels Change in Levels Example of Prompt, Command, and Result Operator level to Manager level ProCurve> enable Password:_ After you enter enable, the Password prompt appears.
Using the Command Line Interface (CLI) Using the CLI For example, if you use the menu interface to configure an IP address of “X” for VLAN 1 and later use the CLI to configure a different IP address of “Y” for VLAN 1, then “Y” replaces “X” as the IP address for VLAN 1 in the runningconfig file. If you subsequently execute write memory in the CLI, then the switch also stores “Y” as the IP address for VLAN 1 in the startup-config file.
Using the Command Line Interface (CLI) Using the CLI Typing ? at the Manager level produces this listing: When - - MORE - - appears, use the Space bar or [Return] to list additional commands. Figure 4-4. Example of the Manager-Level Command Listing When - - MORE - - appears, there are more commands in the listing. To list the next set of commands, press the Space bar. To list the remaining commands one-by-one, repeatedly press [Enter].
Using the Command Line Interface (CLI) Using the CLI telnet terminal ProCurve(config)# t As mentioned above, if you type part of a command word and press [Tab], the CLI completes the current word (if you have typed enough of the word for the CLI to distinguish it from other possibilities), including hyphenated extensions. For example: ProCurve(config)# port [Tab] ProCurve(config)# port-security _ Pressing [Tab] after a completed command word lists the further options for that command.
Using the Command Line Interface (CLI) Using the CLI Listing Command Options. You can use the CLI to remind you of the options available for a command by entering command keywords followed by?. For example, suppose you want to see the command options for configuring port C5: This example displays the command options for configuring the switch’s console settings. Figure 4-5.
Using the Command Line Interface (CLI) Using the CLI Figure 4-6. Example of Context-Sensitive Command-List Help Displaying Help for an Individual Command. You can display Help for any command that is available at the current context level by entering enough of the command string to identify the command, along with help. Syntax: < command-string > help For example, to list the Help for the interface command in the Global Configuration privilege level: Figure 4-7.
Using the Command Line Interface (CLI) Using the CLI Figure 4-8. Example of Help for a Specific Instance of a Command Note that trying to list the help for an individual command from a privilege level that does not include that command results in an error message.
Using the Command Line Interface (CLI) Using the CLI ProCurve(eth-C5-C8)#? ProCurve(eth-C5-C8)#? Lists the commands you can use in the port or static trunk context, plus the Manager, Operator, and context commands you can execute at this level. In the port context, the first block of commands in the "?" listing show the context-specific commands that will affect only ports C3-C6. The remaining commands in the listing are Manager, Operator, and context commands. Figure 4-9.
Using the Command Line Interface (CLI) Using the CLI VLAN Context . Includes VLAN-specific commands that apply only to the selected VLAN, plus Manager and Operator commands. The prompt for this mode includes the VLAN ID of the selected VLAN. For example, if you had already configured a VLAN with an ID of 100 in the switch: ProCurve(config)# vlan 100 Command executed at configuration level to enter VLAN 100 context. ProCurve(vlan-100)# Resulting prompt showing VLAN 100 context.
Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing 4-16 Keystrokes Function [Ctrl] [A] Jumps to the first character of the command line. [Ctrl] [B] or [<] Moves the cursor back one character. [Ctrl] [C] Terminates a task and displays the command prompt. [Ctrl] [D] Deletes the character at the cursor. [Ctrl] [E] Jumps to the end of the current command line. [Ctrl] [F] or [>] Moves the cursor forward one character.
5 Using the Web Browser Interface Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 General Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Starting a Web Browser Interface Session with the Switch . . . . . . . . . . . . 5-4 Using a Standalone Web Browser in a PC or UNIX Workstation . . . .
Using the Web Browser Interface Overview Overview The Web browser interface built into the switch lets you easily access the switch from a browser-based PC on your network. This lets you do the following: ■ Optimize your network uptime by using the Alert Log and other diagnostic tools ■ Make configuration changes to the switch ■ Maintain security by configuring usernames and passwords This chapter covers the following: ■ General features (page 5-3).
Using the Web Browser Interface General Features General Features The switch includes these web browser interface features: Switch Configuration: • Ports • VLANs and Primary VLAN • Fault detection • Port monitoring (mirroring) • System information • Enable/Disable Multicast Filtering (IGMP) and Spanning Tree • IP • Stacking • Support and management URLs Switch Security: Usernames and passwords Switch Diagnostics: • Ping/Link Test • Device reset • Configuration report Switch status •
Using the Web Browser Interface Starting a Web Browser Interface Session with the Switch Starting a Web Browser Interface Session with the Switch You can start a web browser session in the following ways: ■ ■ Using a standalone web browser on a network connection from a PC or UNIX workstation: • Directly connected to your network • Connected through remote access to your network Using a management station running ProCurve Manager on your network Using a Standalone Web Browser in a PC or UNIX Worksta
Using the Web Browser Interface Starting a Web Browser Interface Session with the Switch Using ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+) ProCurve Manager and ProCurve Manager Plus are designed for installation on a network management workstation. For this reason, the system requirements are different from the system requirements for accessing the switch’s web browser interface from a non-management PC or workstation.
Using the Web Browser Interface Starting a Web Browser Interface Session with the Switch Alert Log First-Time Install Alert Figure 5-1. Example of Status Overview Screen Note 5-6 The above screen appears somewhat different if the switch is configured as a stack Commander. For an example, see figure 2-3 on page 2-5.
Using the Web Browser Interface Tasks for Your First Web Browser Interface Session Tasks for Your First Web Browser Interface Session The first time you access the web browser interface, there are three tasks that you should perform: ■ Review the “First Time Install” window ■ Set Manager and Operator passwords ■ Set access to the web browser interface online help Viewing the “First Time Install” Window When you access the switch’s web browser interface for the first time, the Alert log contains a “Fi
Using the Web Browser Interface Tasks for Your First Web Browser Interface Session This window is the launching point for the basic configuration you need to perform to set web browser interface passwords to maintain security and Fault Detection policy, which determines the types of messages that will be displayed in the Alert Log. To set web browser interface passwords, click on secure access to the device to display the Device Passwords screen, and then go to the next page.
Using the Web Browser Interface Tasks for Your First Web Browser Interface Session Figure 5-3. The Device Passwords Window To set the passwords: 1. 2. Access the Device Passwords screen by one of the following methods: • If the Alert Log includes a “First Time Install” event entry, double click on this event, then, in the resulting display, click on the secure access to the device link. • Select the Security tab.
Using the Web Browser Interface Tasks for Your First Web Browser Interface Session Using the Passwords Figure 5-4. Example of the Password Window in the Web Browser Interface The manager and operator passwords are used to control access to all switch interfaces. Once set, you will be prompted to supply the password every time you try to access the switch through any of its interfaces.
Using the Web Browser Interface Tasks for Your First Web Browser Interface Session Online Help for the Web Browser Interface Online Help is available for the web browser interface. You can use it by clicking on the question mark button in the upper right corner of any of the web browser interface screens. The Help Button Figure 5-5. The Help Button Context-sensitive help is provided for the screen you are on. Help can be downloaded onto any local server from: www.hp.com/rnd/device_help/download.
Using the Web Browser Interface Support/Mgmt URLs Feature Support/Mgmt URLs Feature The Support/Mgmt URLs window enables you to change the World Wide Web Universal Resource Locator (URL) for two functions: ■ Support URL – a support information site for your switch ■ Management Server URL – The web site for web browser online Help. The default is: www.hp.com/rnd/device_help 1. Click Here 2. Click Here 3.
Using the Web Browser Interface Support/Mgmt URLs Feature Support URL This is the site that the switch accesses when you click on the Support tab on the web browser interface. The default URL is: www.procurve.com which is the web site for ProCurve’s networking products. Click on the [Support] button on that page and you can get to support information regarding your switch, including white papers, operating system (OS) updates, and more.
Using the Web Browser Interface Status Reporting Features Status Reporting Features Browser elements covered in this section include: ■ The Overview window (below) ■ Port utilization and status (page 5-15) ■ The Alert log (page 5-18) ■ The Status bar (page 5-20) The Overview Window The Overview Window is the home screen for any entry into the web browser interface.The following figure identifies the various parts of the screen.
Using the Web Browser Interface Status Reporting Features Policy Management and Configuration. ProCurve PCM can perform network-wide policy management and configuration of your switch. For more information, refer to the documentation provided with the PCM software. The Port Utilization and Status Displays The Port Utilization and Status displays show an overview of the status of the switch and the amount of network activity on each port.
Using the Web Browser Interface Status Reporting Features ■ % Error Pkts Rx: All error packets received by the port. (This indicator is a reddish color on many systems.) Although errors received on a port are not propagated to the rest of the network, a consistently high number of errors on a specific port may indicate a problem on the device or network segment connected to the indicated port.
Using the Web Browser Interface Status Reporting Features Figure 5-10. Display of Numerical Values for the Bar Port Status Port Status Indicators Legend Figure 5-11. The Port Status Indicators and Legend The Port Status indicators show a symbol for each port that indicates the general status of the port. There are four possible statuses: ■ Port Connected – the port is enabled and is properly connected to an active network device.
Using the Web Browser Interface Status Reporting Features The Alert Log The web browser interface Alert Log, shown in the lower half of the screen, shows a list of network occurrences, or alerts, that were detected by the switch. Typical alerts are Broadcast Storm, indicating an excessive number of broadcasts received on a port, and Problem Cable, indicating a faulty cable. For more information on alerts, see “Alert Types and Detailed Views” on page 5-19 Figure 5-12.
Using the Web Browser Interface Status Reporting Features Alert Types and Detailed Views The web browser interface generates the following alert types: • • • • • • • • • Note Auto Partition Backup Transition Excessive broadcasts Excessive CRC/alignment errors Excessive jabbering Excessive late collisions First Time Install Full-Duplex Mismatch Half-Duplex Mismatch • • • • • • • • High collision or drop rate Loss of Link Mis-Configured SQE Network Loop Polarity Reversal Security Violation Stuck 10BaseT
Using the Web Browser Interface Status Reporting Features Figure 5-13.Example of Alert Log Detail View The Status Bar The Status Bar is displayed in the upper left corner of the web browser interface screen. Figure 5-14 shows an expanded view of the status bar. Status Indicator Most Critical Alert Description Product Name Figure 5-14. Example of the Status Bar The Status bar consists of four objects: ■ 5-20 Status Indicator.
Using the Web Browser Interface Status Reporting Features Table 5-1.Status Indicator Key Color Blue Switch Status Status Indicator Shape Normal Activity; "First time installation" information available in the Alert log. Green Normal Activity Yellow Warning Red Critical ■ System Name. The name you have configured for the switch by using Identity screen, system name command, or the switch console System Information screen. ■ Most Critical Alert Description.
Using the Web Browser Interface Status Reporting Features Figure 5-15. The Fault Detection Window The Fault Detection screen contains a list box for setting fault detection and response policy. You set the sensitivity level at which a network problem should generate an alert and send it to the Alert Log. To provide the most information on network problems in the Alert Log, the recommended sensitivity level for Log Network Problems is High Sensitivity.
Using the Web Browser Interface Status Reporting Features ■ Never. Disables the Alert Log and transmission of alerts (traps) to the management server (in cases where a network management tool such as ProCurve Manager is in use). Use this option when you don’t want to use the Alert Log. The Fault Detection Window also contains three Change Control Buttons: ■ Apply Changes.
Using the Web Browser Interface Status Reporting Features 5-24
6 Switch Memory and Configuration Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 Overview of Configuration File Management . . . . . . . . . . . . . . . . . . . . . . . . 6-3 Using the CLI To Implement Configuration Changes . . . . . . . . . . . . . . . . . 6-6 Using the Menu and Web Browser Interfaces To Implement Configuration Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Switch Memory and Configuration Contents Transferring Startup-Config Files To or From a Remote Server . . . . TFTP: Copying a Configuration File to a Remote Host . . . . . . . . TFTP: Copying a Configuration File from a Remote Host . . . . . Xmodem: Copying a Configuration File to a Serially Connected Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Xmodem: Copying a Configuration from a Serially Connected Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Switch Memory and Configuration Overview Overview This chapter describes: ■ How switch memory manages configuration changes ■ How the CLI implements configuration changes ■ How the menu interface and web browser interface implement configuration changes ■ How the switch provides software options through primary/secondary flash image options ■ How to use the switch’s primary and secondary flash options, including displaying flash information, booting or restarting the switch, and other topics Over
Switch Memory and Configuration Overview of Configuration File Management ■ Running Config File: Exists in volatile memory and controls switch operation. If no configuration changes have been made in the CLI since the switch was last booted, the running-config file is identical to the startup-config file. ■ Startup-config File: Exists in flash (non-volatile) memory and is used to preserve the most recently-saved configuration as the "permanent" configuration.
Switch Memory and Configuration Overview of Configuration File Management “permanent”. When you are satisfied that the change is satisfactory, you can make it permanent by executing the write memory command. For example, suppose you use the following command to disable port 5: ProCurve(config)# interface ethernet 5 disable The above command disables port 5 in the running-config file, but not in the startup-config file. Port 5 remains disabled only until the switch reboots.
Switch Memory and Configuration Using the CLI To Implement Configuration Changes Using the CLI To Implement Configuration Changes The CLI offers these capabilities: ■ Access to the full set of switch configuration features ■ The option of testing configuration changes before making them permanent How To Use the CLI To View the Current Configuration Files. Use show commands to view the configuration for individual features, such as port status or Spanning Tree Protocol.
Switch Memory and Configuration Using the CLI To Implement Configuration Changes 3. Observe the switch’s performance with the new parameter settings to verify the effect of your changes. 4. When you are satisfied that you have the correct parameter settings, use the write memory command to copy the changes to the startup-config file. Syntax: write memory For example, the default port mode setting is auto.
Switch Memory and Configuration Using the CLI To Implement Configuration Changes Disables port 1 in the running configuration, which causes port 1 to block all traffic. ProCurve(config)# interface e 1 disable ProCurve(config)# boot Device will be rebooted, do you want to continue [y/n]? y Press [Y] to continue the rebooting process. You will then see this prompt. Do you want to save current configuration [y/n]? Figure 6-2.
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes How To Reset the startup-config and running-config Files to the Factory-Default Configuration. This command reboots the switch, replacing the contents of the current startup-config and running-config files with the factory-default startup configuration.
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Note The only exception to this operation are two VLAN-related parameter changes that require a reboot—described under “Rebooting To Activate Configuration Changes” on page 6-12. Using Save and Cancel in the Menu Interface For any configuration screen in the menu interface, the Save command: 1. Implements the changes in the running-config file. 2. Saves your changes to the startup-config file.
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Note If you reconfigure a parameter in the CLI and then go to the menu interface without executing a write memory command, those changes are stored only in the running configuration. If you then execute a switch reboot command in the menu interface, the switch discards the configuration changes made while using the CLI.
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Rebooting To Activate Configuration Changes. Configuration changes for most parameters become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the Maximum VLANs to support parameter. (To access these parameters, go to the Main menu and select 2. Switch Configuration, then 8. VLAN Menu, then 1. VLAN Support.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Using Primary and Secondary Flash Image Options The switch features two flash memory locations for storing switch software image files: ■ Primary Flash: The default storage for a switch software image. ■ Secondary Flash: The additional storage for either a redundant or an alternate switch software image.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options For example, if the switch is using a software version of R.01.01 stored in Primary flash, show version produces the following: ProCurve(config)# show version Image stamp: Boot Image: /sw/code/build/info (s03) Nov 01 2007 10:50:26 R.01.01 501 Primary Figure 6-7. Example Showing the Identity of the Current Flash Image Determining Whether the Flash Images Are Different Versions.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options In this example show version indicates the switch has version R.11.XX in primary flash. After the boot system command, show version indicates that version R.11.XX is in secondary flash. ProCurve(config)# show version Image stamp: /sw/code/build/sw Aug 1 2007 12:06:23 R.11.XX 104 Boot Image: Primary Procurve(config)# boot system flash secondary Device will be rebooted, do you want to continue [y/n]? y . . .
Switch Memory and Configuration Using Primary and Secondary Flash Image Options flash and you can either copy the secondary image into primary or download another image to primary from an external source. See Appendix A, “File Transfers”. Local Switch Software Replacement and Removal This section describes commands for erasing a software version and copying an existing software version between primary and secondary flash.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Syntax: copy flash flash where: destination flash = primary or secondary: For example, to copy the image in secondary flash to primary flash: 1. Verify that there is a valid flash image in the secondary flash location. The following figure indicates that a software image is present in secondary flash.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options 1. First verify that a usable flash image exists in secondary flash. The most reliable way to ensure this is to reboot the switch from the flash image you want to retain. For example, if you are planning to erase the primary image, then first reboot from the secondary image to verify that the secondary image is present and acceptable for your system: ProCurve# boot system flash secondary 2.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Table 6-2. Comparing the Boot and Reload Commands Actions Included In Boot? Included In Reload Note Save all configuration changes since the last boot or reload Optional, with prompt Optional with reload , when prompt displays. Not saved with reload at/after commands; No prompt is displayed. Config changes saved to the startup-config file if “y” is selected (reload command).
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Syntax: boot system flash < primary | secondary > For example, to reboot the switch from secondary flash when there are no pending configuration changes in the running-config file: ProCurve(config)# boot system flash secondary Device will be rebooted, do you want to continue [y/n]? y Do you want to save current configuration [y/n]? n Figure 6-14.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Figure 6-15. Using Reload with Pending Configuration Changes Scheduled Reload. If no parameters are entered after the reload command, an immediate reboot is executed. The reload at and reload after command information is not saved across reboots. If the switch is rebooted before a scheduled reload command is executed, the command is effectively cancelled.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Operating Notes Default Boot Source. The switch reboots from primary flash by default unless you specify the secondary flash. Boot Attempts from an Empty Flash Location. In this case, the switch aborts the attempt and displays Image does not exist Operation aborted. Interaction of Primary and Secondary Flash Images with the Current Configuration.
Switch Memory and Configuration Multiple Configuration Files Multiple Configuration Files Action Page Listing and Displaying Startup-Config Files 6-26 Changing or Overriding the Reboot Configuration Policy 6-27 Managing Startup-Config Files Renaming Startup-Config Files 6-30 Copying Startup-Config Files 6-30 Erasing Startup-Config Files 6-33 Effect of Using the Clear + Reset Buttons 6-34 Copying Startup-Config Files to or from a Remote Server 6-35 The switches covered in this guide allow up
Switch Memory and Configuration Multiple Configuration Files ■ Transitions from one software release to another can be performed while maintaining a separate configuration for the different software release versions.
Switch Memory and Configuration Multiple Configuration Files 1. Reboot the switch through the Primary boot path using the startup-config file named backupConfig. 2. Use the CLI to make configuration changes in the running-config file, and then execute write mem. The result is that the startup-config file used to reboot the switch is modified by the actions in step 2.
Switch Memory and Configuration Multiple Configuration Files Listing and Displaying Startup-Config Files Command Page show config files show config < filename > Below 6-27 Viewing the Startup-Config File Status with Multiple Configuration Enabled . Syntax: show config files This command displays the available startup-config files on the switch and the current use of each file. id: Identifies the memory slot for each startup-config file available on the switch.
Switch Memory and Configuration Multiple Configuration Files ProCurve(config)# show config files Configuration files: id | act pri sec | name ---+-------------+--------------------1 | | oldconfig 2 | * * * | workingConfig 3 | | As this example shows, you must reconfigure either the primary or the secondary boot path if you want to boot the switch using the startup-config file in another memory slot. (You can also change the above filenames. Refer to “Renaming an Existing Startup-Config File” on page 6-30.
Switch Memory and Configuration Multiple Configuration Files Changing the Reboot Configuration Policy. For a given reboot, the switch automatically reboots from the startup-config file assigned to the flash location (primary or secondary) being used for the current reboot.
Switch Memory and Configuration Multiple Configuration Files pressing the Reset button or to a power cycle always uses the software version in primary flash, the operator needs to configure the switch to always boot from primary flash with the startup-config file named minconfig (in memory slot 1). Also, whenever the switch boots from secondary flash, the operator also wants the startup-config named newconfig to be used. The following two commands configure the desired behavior.
Switch Memory and Configuration Multiple Configuration Files Managing Startup-Config Files in the Switch Command Page rename config < current-filename > < newname-str > 6-30 copy config < source-filename > config < dest-filename > 6-30 erase config < filename > | startup-config 6-33 Erase startup-config using the front-panel Clear + Reset Buttons 6-34 Renaming an Existing Startup-Config File Syntax: rename config < current-filename > < newname-str > This command changes the name of an existing s
Switch Memory and Configuration Multiple Configuration Files Syntax: copy config < source-filename > config < target-filename > This command makes a local copy of an existing startupconfig file by copying the contents of an existing startupconfig file in one memory slot to a new startup-config file in another, empty memory slot. This enables you to use a separate configuration file to experiment with configuration changes, while preserving the source file unchanged.
Switch Memory and Configuration Multiple Configuration Files If you wanted to experiment with configuration changes to the software version in secondary flash, you could create and assign a separate startupconfig file for this purpose.
Switch Memory and Configuration Multiple Configuration Files Erasing a Startup-Config File You can erase any of the startup-config files in the switch’s memory slots. In some cases, erasing a file causes the switch to generate a new, defaultconfiguration file for the affected memory slot. Syntax: erase < config < filename >> | startup-config > config < filename >: This option erases the specified startupconfig file.
Switch Memory and Configuration Multiple Configuration Files Figure 6-22 illustrates using erase config < filename > to remove a startup-config file.
Switch Memory and Configuration Multiple Configuration Files ■ Boots the switch from primary flash using the new startup-config file. ProCurve(config)# show config files Configuration files: id | act pri sec | name ---+-------------+----------- Pressing Clear + Reset: – Replaces all startup-config files with a single 1 | * * * | config1 file named config1 that contains the default 2 | | configuration for the software version in 3 | | primary flash.
Switch Memory and Configuration Multiple Configuration Files TFTP: Copying a Configuration File from a Remote Host Syntax: copy tftp config < dest-file > < ip-addr > < remote-file > < pc | unix > Use this command to download a configuration file from a TFTP server to the switch. Note: This command requires an empty memory slot in the switch. If there are no empty memory slots, the CLI displays the following message: Unable to copy configuration to "< filename >".
Switch Memory and Configuration Multiple Configuration Files Xmodem: Copying a Configuration from a Serially Connected Host Syntax: copy xmodem config < dest-file > < pc | unix > Use this command to download a configuration file from an Xmodem host to the switch. For more on using Xmodem to copy a file from a serially connected host, refer to “Xmodem: Copying a Configuration File from a Serially Connected PC or Unix Workstation” on page A-20.
Switch Memory and Configuration Multiple Configuration Files 6-38
7 Interface Access and System Information Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Interface Access: Console/Serial Link, Web, and Telnet . . . . . . . . . . . . . . . 7-3 Menu: Modifying the Interface Access . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 CLI: Modifying the Interface Access . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Interface Access and System Information Overview Overview This chapter describes how to: ■ View and modify the configuration for switch interface access ■ Use the CLI kill command to terminate a remote session ■ View and modify switch system information For help on how to actually use the interfaces built into the switch, refer to: ■ Chapter 2, “Using the Menu Interface” ■ Chapter 4, “Using the Command Line Interface (CLI)” ■ Chapter 5, “Using the Web Browser Interface” Why Configure Interface
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Telnet Interface Access: Console/Serial Link, Web, and Telnet Interface Access Features Feature Inactivity Time Inbound Telnet Access Outbound Telnet Access Web Browser Interface Access Terminal type Event Log event types to list (Displayed Events) Baud Rate Flow Control Default Menu CLI Web 0 Minutes (disabled) page 7-4 page 7-6 — Enabled page 7-4 page 7-5 — n/a — page 7-6 — Enabled page 7-4 page 7-6
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Telnet Menu: Modifying the Interface Access The menu interface enables you to modify these parameters: ■ Inactivity Time-out ■ Inbound Telnet Enabled ■ Web Agent Enabled To Access the Interface Access Parameters: 1. From the Main Menu, Select... 2. Switch Configuration... 1. System Information Interface Access Parameters Figure 7-1. The Default Interface Access Parameters Available in the Menu Interface 2.
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Telnet CLI: Modifying the Interface Access Interface Access Commands Used in This Section show console below [no] telnet-server below [no] web-management page 7-6 console page 7-6 local terminal mode page 7-8 Listing the Current Console/Serial Link Configuration. The following command lists the current interface access parameter settings.
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Telnet Outbound Telnet to Another Device. This feature operates independently of the telnet-server status and enables you to Telnet to another device that has an IP address. Syntax: telnet < ip-address > For example: ProCurve# telnet 10.28.27.204 Reconfigure Web Browser Access. In the default configuration, web browser access is enabled.
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Telnet For example, to use one command to configure the switch with the following: ■ VT100 operation ■ 19,200 baud ■ No flow control ■ 10-minute inactivity time ■ Critical log events you would use the following command sequence: The switch implements the Event Log change immediately. The switch implements the other console changes after executing write memory and reload. Figure 7-3.
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Telnet CLI Local Terminal Mode. To enable temporary and non-disruptive changes to the terminal mode without forcing a change in the switch’s terminal mode configuration, use the console local-terminal command. This command dynamically changes only the console session from which it is executed. Unlike the console terminal command, it does not require write memory and a reboot, and does not persist across a reboot.
Interface Access and System Information Denying Interface Access by Terminating Remote Management Sessions Denying Interface Access by Terminating Remote Management Sessions The switch supports up to four management sessions. You can use show ip ssh to list the current management sessions, and kill to terminate a currently running remote session. (Kill does not terminate a Console session on the serial port, either through a direct connection or via a modem.
Interface Access and System Information System Information System Information System Information Features Feature Default Menu CLI Web System Name switch product name page 7-11 page 7-13 page 7-15 System Contact n/a page 7-11 page 7-13 page 7-15 System Location n/a page 7-11 page 7-13 page 7-15 MAC Age Time 300 seconds page 7-11 page 7-14 — Time Sync Method None See Chapter 9, “Time Protocols”.
Interface Access and System Information System Information Time Zone: The number of minutes your time zone location is to the West (-) or East (+) of Coordinated Universal Time (formerly GMT). The default 0 means no time zone is configured. For example, Berlin, Germany is in the +1 zone, while Vancouver, Canada is in the -8 zone. Daylight Time Rule: Specifies the daylight savings time rule to apply for your location. The default is None.
Interface Access and System Information System Information 3. Refer to the online help provided with this screen for further information on configuration options for these features. 4. When you have finished making changes to the above parameters, press [Enter], then press [S] (for Save) and return to the Main Menu.
Interface Access and System Information System Information Configure a System Name, Contact, and Location for the Switch. To help distinguish one switch from another, configure a plain-language identity for the switch. Syntax: hostname snmp-server [contact ] [location ] Both fields allow up to 255 characters.
Interface Access and System Information System Information Reconfigure the Age Time for Learned MAC Addresses. This command corresponds to the MAC Age Interval in the menu interface, and is expressed in seconds. Syntax: mac-age-time <60 . . 999960> (seconds) For example, to configure the age time to seven minutes: ProCurve(config)# mac-age-time 420 Configure the Time Zone and Daylight Time Rule.
Interface Access and System Information System Information Web: Configuring System Parameters In the web browser interface, you can enter the following system information: ■ System Name ■ System Location ■ System Contact For access to the MAC Age Interval and the Time parameters, use the menu interface or the CLI. Configure System Parameters in the Web Browser Interface. 1. Click on the Configuration tab. 2. Click on System Info. 3. Enter the data you want in the displayed fields. 4.
Interface Access and System Information System Information 7-16
8 Configuring IP Addressing Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3 Just Want a Quick Start with IP Addressing? . . . . . . . . . . . . . . . . . . . . 8-4 IP Addressing with Multiple VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4 IP Addressing in a Stacking Environment . . . . . . . .
Configuring IP Addressing Overview Overview You can configure IP addressing through all of the switch’s interfaces. You can also: ■ Easily edit a switch configuration file to allow downloading the file to multiple switches without overwriting each switch’s unique gateway and VLAN 1 IP addressing.
Configuring IP Addressing IP Configuration IP Configuration IP Configuration Features Feature IP Address and Subnet Mask Multiple IP Addresses on a VLAN Default Menu CLI Web DHCP/Bootp page 8-5 page 8-7 page 8-11 n/a page 8-9 Default Gateway Address none page 8-5 page 8-7 page 8-11 Packet Time-To-Live (TTL) 64 seconds page 8-5 page 8-7 n/a DHCP page 8-5 page 8-7 n/a Time Server (Timep) IP Address and Subnet Mask.
Configuring IP Addressing IP Configuration then the switch uses this gateway, even if a different gateway is received via DHCP or Bootp on the primary VLAN. (This is also true for TimeP and a nondefault Time-To-Live.) See “Notes” on page 8-4 and refer to the chapter on Virtual LANs in the Advanced Traffic Management Guide. Packet Time-To-Live (TTL) . This parameter specifies how long in seconds an outgoing packet should exist in the network. In most cases, the default setting (64 seconds) is adequate.
Configuring IP Addressing IP Configuration ■ The IP addressing used in the switch should be compatible with your network. That is, the IP address must be unique and the subnet mask must be appropriate for your IP network. ■ If you change the IP address through either Telnet access or the web browser interface, the connection to the switch will be lost. You can reconnect by either restarting Telnet with the new IP address or entering the new address as the URL in your web browser.
Configuring IP Addressing IP Configuration For descriptions of these parameters, see the online Help for this screen. Before using the DHCP/ Bootp option, refer to “DHCP/Bootp Operation” on page 8-12. Figure 8-1. Example of the IP Service Configuration Screen without Multiple VLANs Configured 8-6 2. Press [E] (for Edit). 3. If the switch needs to access a router, for example, to reach off-subnet destinations, select the Default Gateway field and enter the IP address of the gateway router. 4.
Configuring IP Addressing IP Configuration CLI: Configuring IP Address, Gateway, and Time-ToLive (TTL) IP Commands Used in This Section show ip page 8-7 vlan ip address page 8-8 ip default-gateway page 8-11 ip ttl page 8-11 Viewing the Current IP Configuration. The following command displays the IP addressing for each VLAN configured in the switch. If only the DEFAULT_VLAN exists, then its IP configuration applies to all ports in the switch.
Configuring IP Addressing IP Configuration Figure 8-3. Example of Show IP Listing with Non-Default IP Addressing Configured Configure an IP Address and Subnet Mask. The following command includes both the IP address and the subnet mask. You must either include the ID of the VLAN for which you are configuring IP addressing or go to the context configuration level for that VLAN. (If you are not using VLANs on the switch—that is, if the only VLAN is the default VLAN—then the VLAN ID is always “1”.
Configuring IP Addressing IP Configuration Configure Multiple IP Addresses on a VLAN (Multinetting). You can configure one primary IP address per VLAN and up to seven secondary IP addresses for the same VLAN. That is, the switch enables you to assign up to eight networks to a VLAN. ■ Each IP address on a VLAN must be for a separate subnet. ■ The switch assigns the first IP address manually configured on a VLAN as the primary IP address.
Configuring IP Addressing IP Configuration If you then wanted to multinet the default VLAN, you would do the following: The secondary IP addresses in a VLAN are listed immediately after the primary IP address for the VLAN. Figure 8-5. Example of Multinetting on the Default VLAN Note The Internet (IP) Service screen in the Menu interface (figure 8-1 on page 8-6) displays only the primary IP address for each VLAN.
Configuring IP Addressing IP Configuration Configure the Optional Default Gateway. Using the Global configuration level, you can assign one default gateway to the switch. Syntax: ip default-gateway For example: ProCurve(config)# ip default-gateway 10.28.227.115 Note The switch uses the IP default gateway only while operating as a Layer 2 device. While routing is enabled on the switch, the IP default gateway is not used.
Configuring IP Addressing IP Configuration through the switch, configure the switch with an IP address and subnet mask compatible with your network. The following table lists the general features available with and without a network-compatible IP address configured. Table 8-1. Features Available With and Without IP Addressing on the Switch Features Available Without an IP Address Additional Features Available with an IP Address and Subnet Mask • Direct-connect access to the CLI and the menu interface.
Configuring IP Addressing IP Configuration The DHCP/Bootp Process. Whenever the IP Config parameter in the switch or in an individual VLAN in the switch is configured to DHCP/Bootp (the default), or when the switch is rebooted with this configuration: Note 1. DHCP/Bootp requests are automatically broadcast on the local network. (The switch sends one type of request to which either a DHCP or Bootp server can respond.) 2.
Configuring IP Addressing IP Configuration Bootp Operation. When a Bootp server receives a request it searches its Bootp database for a record entry that matches the MAC address in the Bootp request from the switch. If a match is found, the configuration data in the associated database record is returned to the switch. For many Unix systems, the Bootp database is contained in the /etc/bootptab file. In contrast to DHCP operation, Bootp configurations are always the same for a specific receiving device.
Configuring IP Addressing IP Configuration Note lg TFTP server address (source of final configuration file) T144 is the vendor-specific “tag” identifying the configuration file to download. vm is a required entry that specifies the Bootp report format. For the switches described in this guide, set this parameter to rfc1048. The above Bootp table entry is a sample that will work for the switch when the appropriate addresses and file names are used.
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads IP Preserve enables you to copy a configuration file to multiple switches that use the same operating-system software while retaining the individual IP address and subnet mask on VLAN 1 in each switch, and the Gateway IP address assigned to the switch.
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads Entering "ip preserve" in the last line of a configuration file implements IP Preserve when the file is downloaded to the switch and the switch reboots. Figure 8-6. Example of Implementing IP Preserve in a Switch Configuration File For example, consider Figure 8-7: DHCP Server TFTP Server Management Station config. Switch 1 VLAN 1: 10.31.22.101 Switch 2 VLAN 1: 10.31.22.
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads Using figure 8-7, above, switches 1 - 3 ignore these entries because the file implements IP Preserve and their current IP addressing was not acquired through DHCP/Bootp. IP Preserve Command Switch 4 ignores IP Preserve and implements the DHCP/Bootp addressing and IP Gateway specified in this file (because its last IP addressing was acquired from a DHCP/Bootp server). Figure 8-8.
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads Because switch 4 (figure 8-7) received its most recent IP addressing from a DHCP/Bootp server, the switch ignores the ip preserve command and implements the IP addressing included in this file. Figure 8-9.
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads 8-20
9 Time Protocols Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2 TimeP Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2 SNTP Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2 Overview: Selecting a Time Synchronization Protocol or Turning Off Time Protocol Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Time Protocols Overview Overview This chapter describes: ■ SNTP Time Protocol Operation ■ Timep Time Protocol Operation Using time synchronization ensures a uniform time among inter operating devices. This helps you to manage and troubleshoot switch operation by attaching meaningful time data to event and error messages. The switch offers TimeP and SNTP (Simple Network Time Protocol) and a timesync command for changing the time protocol selection (or turning off time protocol operation).
Time Protocols Overview: Selecting a Time Synchronization Protocol or Turning Off Time Protocol Operation ular server, it ignores time broadcasts from other SNTP servers unless the configurable Poll Interval expires three consecutive times without an update received from the first-detected server. Note To use Broadcast mode, the switch and the SNTP server must be in the same subnet. ■ Unicast Mode: The switch requests a time update from the configured SNTP server.
Time Protocols SNTP: Viewing, Selecting, and Configuring Note that simply selecting a time synchronization protocol does not enable that protocol on the switch unless you also enable the protocol itself (step 2, above). For example, in the factory-default configuration, TimeP is the selected time synchronization method. However, because TimeP is disabled in the factory-default configuration, no time synchronization protocol is running.
Time Protocols SNTP: Viewing, Selecting, and Configuring Table 9-1.SNTP Parameters SNTP Parameter Operation Time Sync Method Used to select either SNTP, TIMEP, or None as the time synchronization method. SNTP Mode Disabled The Default. SNTP does not operate, even if specified by the Menu interface Time Sync Method parameter or the CLI timesync command. Unicast Directs the switch to poll a specific server for SNTP time synchronization. Requires at least one server address.
Time Protocols SNTP: Viewing, Selecting, and Configuring Time Protocol Selection Parameter – TIMEP – SNTP – None Figure 9-1. The System Information Screen (Default Values) 2. Press [E] (for Edit). The cursor moves to the System Name field. 3. Use [v] to move the cursor to the Time Sync Method field. 4. Use the Space bar to select SNTP, then press [v] once to display and move to the SNTP Mode field. 5.
Time Protocols SNTP: Viewing, Selecting, and Configuring ii. Enter the IP address of the SNTP server you want the switch to use for time synchronization. Note: This step replaces any previously configured server IP address. If you will be using backup SNTP servers (requires use of the CLI), then see “SNTP Unicast Time Polling with Multiple SNTP Servers” on page 9-21. iii. Press [v] to move the cursor to the Server Version field.
Time Protocols SNTP: Viewing, Selecting, and Configuring CLI: Viewing and Configuring SNTP CLI Commands Described in this Section show sntp page 9-8 [no] timesync pages 9-9 and ff., 9-12 sntp broadcast page 9-9 sntp unicast page 9-10 sntp server pages 9-10 and ff. Protocol Version page 9-12 poll-interval page 9-12 no sntp page 9-13 This section describes how to use the CLI to view, enable, and configure SNTP parameters.
Time Protocols SNTP: Viewing, Selecting, and Configuring Even though, in this example, TimeP is the current time synchronous method, the switch maintains the SNTP configuration. Figure 9-3. Example of SNTP Configuration When SNTP Is Not the Selected Time Synchronization Method Configuring (Enabling or Disabling) the SNTP Mode Enabling the SNTP mode means to configure it for either broadcast or unicast mode.
Time Protocols SNTP: Viewing, Selecting, and Configuring 2. Select SNTP as the time synchronization mode. 3. Enable SNTP for Broadcast mode. 4. View the SNTP configuration again to verify the configuration. The commands and output would appear as follows: 1 show sntp displays the SNTP configuration and also shows that TimeP is the currently active time synchronization mode.
Time Protocols SNTP: Viewing, Selecting, and Configuring Note Deleting an SNTP server when only one is configured disables SNTP unicast operation. For example, to select SNTP and configure it with unicast mode and an SNTP server at 10.28.227.141 with the default server version (3) and default poll interval (720 seconds): ProCurve(config)# timesync sntp Selects SNTP. ProCurve(config)# sntp unicast Activates SNTP in Unicast mode. ProCurve(config)# sntp server 10.28.227.
Time Protocols SNTP: Viewing, Selecting, and Configuring Deletes unicast SNTP server entry. Re-enters the unicast server with a nondefault protocol version. show sntp displays the result. Figure 9-6. Example of Specifying the SNTP Protocol Version Number Changing the SNTP Poll Interval. Syntax: sntp poll-interval < 30 . . 720 > Specifies how long the switch waits between time polling intervals. The default is 720 seconds and the range is 30 to 720 seconds.
Time Protocols SNTP: Viewing, Selecting, and Configuring Figure 9-7. Example of SNTP with Time Sychronization Disabled Disabling the SNTP Mode. If you want to prevent SNTP from being used even if selected by timesync (or the Menu interface’s Time Sync Method parameter), configure the SNTP mode as disabled. Syntax: no sntp Disables SNTP by changing the SNTP mode configuration to Disabled. For example, if the switch is running SNTP in Unicast mode with an SNTP server at 10.28.227.
Time Protocols TimeP: Viewing, Selecting, and Configuring TimeP: Viewing, Selecting, and Configuring TimeP Feature view the Timep time synchronization configuration select Timep as the time synchronization method disable time synchronization enable the Timep mode Default Menu CLI n/a page 9-15 page 9-17 Web — TIMEP page 9-13 pages 9-18 ff.
Time Protocols TimeP: Viewing, Selecting, and Configuring Menu: Viewing and Configuring TimeP To View, Enable, and Modify the TimeP Protocol: 1. From the Main Menu, select: 2. Switch Configuration... 1. System Information Time Protocol Selection Parameter – TIMEP (the default) – SNTP – None Figure 9-9. The System Information Screen (Default Values) 2. Press [E] (for Edit). The cursor moves to the System Name field. 3. Use [v] to move the cursor to the Time Sync Method field. 4.
Time Protocols TimeP: Viewing, Selecting, and Configuring • Use the Space bar to select the Manual mode. i. Press [>] to move the cursor to the Server Address field. ii. Enter the IP address of the TimeP server you want the switch to use for time synchronization. Note: This step replaces any previously configured TimeP server IP address. iii. Press [>] to move the cursor to the Poll Interval field, then go to step 6. 6.
Time Protocols TimeP: Viewing, Selecting, and Configuring This section describes how to use the CLI to view, enable, and configure TimeP parameters. Viewing the Current TimeP Configuration This command lists both the time synchronization method (TimeP, SNTP, or None) and the TimeP configuration, even if SNTP is not the selected time protocol.
Time Protocols TimeP: Viewing, Selecting, and Configuring Configuring (Enabling or Disabling) the TimeP Mode Enabling the TimeP mode means to configure it for either broadcast or unicast mode. Remember that to run TimeP as the switch’s time synchronization protocol, you must also select TimeP as the time synchronization method by using the CLI timesync command (or the Menu interface Time Sync Method parameter). Syntax: timesync timep Selects TimeP as the time protocol.
Time Protocols TimeP: Viewing, Selecting, and Configuring The commands and output would appear as follows: 1 show timep displays the TimeP configuration and also shows that SNTP is the currently active time synchronization mode. 2 3 4 show timep again displays the TimeP configuration and shows that TimeP is now the currently active time synchronization mode. Figure 9-12. Example of Enabling TimeP Operation in DHCP Mode Enabling Timep in Manual Mode.
Time Protocols TimeP: Viewing, Selecting, and Configuring Figure 9-13. Example of Configuring Timep for Manual Operation Changing the TimeP Poll Interval. This command lets you specify how long the switch waits between time polling intervals. The default is 720 minutes and the range is 1 to 9999 minutes. (This parameter is separate from the poll interval parameter used for SNTP operation.) Syntax: ip timep dhcp interval < 1 . . 9999 > ip timep manual interval < 1 . .
Time Protocols SNTP Unicast Time Polling with Multiple SNTP Servers Disabling the TimeP Mode. Disabling the TimeP mode means to configure it as disabled. (Disabling TimeP prevents the switch from using it as the time synchronization protocol, even if it is the selected Time Sync Method option.) Syntax: no ip timep Disables TimeP by changing the TimeP mode configuration to Disabled.
Time Protocols SNTP Unicast Time Polling with Multiple SNTP Servers accordingly, with the lowest decimal value assigned as the primary address, the second-lowest decimal value assigned as the next address, and the thirdlowest decimal value as the last address. If the first octet is the same between two of the addresses, the second octet is compared, and so on. For example: SNTP Server IP Address Server Ranking According to Decimal Value of IP Address 10.28.227.141 Primary 10.28.227.153 Secondary 10.
Time Protocols SNTP Messages in the Event Log Deleting Addresses. To delete an address, you must use the CLI. If there are multiple addresses and you delete one of them, the switch re-orders the address priority. (See “Address Prioritization” on page 9-21.) Syntax: no sntp server For example, to delete the primary address in the above example (and automatically convert the secondary address to primary): ProCurve(config)# no sntp server 10.28.227.
Time Protocols SNTP Messages in the Event Log 9-24
10 Port Status and Basic Configuration Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3 Viewing Port Status and Configuring Port Parameters . . . . . . . . . . . . . . . 10-3 Menu: Viewing Port Status and Configuring Port Parameters . . . . . 10-6 CLI: Viewing Port Status and Configuring Port Parameters . . . . . . . 10-8 Using the CLI To View Port Status . . . . . . . . . . . . . . . . . . . . . . . .
Port Status and Basic Configuration Contents Configuring and Viewing Port-Based Priority . . . . . . . . . . . . . . . . . . 10-31 Messages Related to Prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-32 Troubleshooting Prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-32 Using Friendly (Optional) Port Names . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-33 Configuring and Operating Rules for Friendly Port Names . . . . . . .
Port Status and Basic Configuration Overview Overview This chapter describes how to view the current port configuration and how to configure ports to non-default settings, including ■ Enable/Disable ■ Mode (speed and duplex) ■ Flow Control ■ Broadcast Limit ■ Auto-MDIX ■ Jumbo Packets ■ QoS Pass-Through Mode ■ Using Friendly (Optional) Port Names Viewing Port Status and Configuring Port Parameters Port Status and Configuration Features Note On Connecting Transceivers to Fixed-Configuration
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters Table 10-1. Status and Parameters for Each Port Type Status or Parameter Description Enabled Yes (default): The port is ready for a network connection. No: The port will not operate, even if properly connected in a network. Use this setting, for example, if the port needs to be shut down for diagnostic purposes or while you are making topology changes. Status (read-only) Up: The port senses a linkbeat.
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters Status or Parameter Description Mode (Continued) 10/100/1000Base-T: • Auto-10: Allows the port to negotiate between half-duplex (HDx) and full-duplex (FDx) while keeping speed at 10 Mbps. Also negotiates flow control (enabled or disabled). ProCurve recommends Auto-10 for links between 10/100 autosensing ports connected with Cat 3 cabling. (Cat 5 cabling is required for 100 Mbps links.).
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters Status or Parameter Description Group Menu Interface: Specifies the static trunk group, if any, to which a port belongs. (menu) or CLI: Appears in the show lacp command output to show the LACP trunk, if any, to which a port belongs. Trunk Group Note: An LACP trunk requires a full-duplex link. In most cases, ProCurve recommends that you leave (CLI) the port Mode setting at Auto (the default).
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters ProCurve Switch 11-Sept-2007 8:46:35 ==========================- CONSOLE - MANAGER MODE -============================ Status and Counters - Port Status Port In this example, ports A7----and A8 1 have previously been configured 2 as a trunk 3 group.
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters Figure 10-2. Example of Port/Trunk Settings with a Trunk Group Configured 2. Press [E] (for Edit). The cursor moves to the Enabled field for the first port. 3. Refer to the online help provided with this screen for further information on configuration options for these features. 4. When you have finished making changes to the above parameters, press [Enter], then press [S] (for Save).
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters ■ show interface config: Lists a subset of the data shown by the show interfaces command (above); that is, only the enabled/disabled, mode, and flow control status for all ports on the switch. Syntax: show interfaces [ brief | config ] These two commands display the information listed in table 10-2, below. Table 10-2.
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters Displaying Spanning Tree Configuration Details To view detailed statistics on spanning tree operation for different ports, use the show spanning-tree command. Syntax: show spanning-tree detail Lists 802.1D and 802.1w port operating statistics for all ports, or those specified. You can also use this command to view spanning tree parameters on a static trunk (see page 12-7).
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters Displaying Loop Protection Status To display information about ports with loop protection enabled, enter the show loop-protect command. Syntax: show loop-protect Displays the loop protection status. If no ports are specified, the information is displayed only for the ports that have loop protection enabled.
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters Note that in the above syntax you can substitute an “int” for “interface” and an “e” for “ethernet”; that is int e .
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters Syntax: broadcast-limit < 0 . . 99 > Configures the theoretical maximum bandwidth percentage that can be used on the switch ports for incoming broadcasts. The switch drops any broadcast or multicast traffic exceeding that limit. Zero (0) disables the feature.
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters This means you can use a “straight-through” twisted-pair cable or a “crossover” twisted-pair cable for any of the connections—the port makes the necessary adjustments to accommodate either one for correct operation. The following port types on your switch support the IEEE 802.
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters MDI/MDI-X Device Type Setting Auto-MDI-X (The Default) PC or Other MDI Device Type Switch, Hub, or Other MDI-X Device Either Crossover or Straight-Through Cable The Auto-MDIX features apply only to copper port switches using twisted-pair copper Ethernet cables. Syntax: interface < port-list > mdix-mode < automdix | mdi | mdix > automdix is the automatic, default setting.
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters Per-Port MDI Configuration Figure 10-7. Example of Displaying the Current MDI Configuration Per-Port MDI Operating Mode Figure 10-8. Example of Displaying the Current MDI Operating Mode Note Port Response to Switch Software Updates 1. Copper ports in auto-negotiation still default to auto-mdix mode. 2. Copper ports in forced speed/duplex default to mdix mode. The default is auto-mdix.
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters Viewing Transceiver Status The show tech transceivers command allows you to: ■ Remotely identify transceiver type and revision number without having to physically remove an installed transceiver from its slot. ■ Display real-time status information about all installed transceivers, including non-operational transceivers. Figure 10-9 shows sample output from the show tech transceivers command.
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters ■ For a non-ProCurve installed transceiver (see line 23 Figure 10-9), no transceiver type, product number, or part information is displayed. In the Serial Number field, non-operational is displayed instead of a serial number. ■ The following error messages may be displayed for a non-operational transceiver: • Unsupported Transceiver. (SelfTest Err#060) Check: www.hp.com/rnd/device_help/2_inform for more info.
Port Status and Basic Configuration Jumbo Frames Jumbo Frames Feature display VLAN jumbo status configure jumbo VLANs Default Menu CLI Web n/a — 10-22 — Disabled — 10-24 — The Maximum Transmission Unit (MTU) is the maximum size IP frame the switch can receive for Layer 2 frames inbound on a port. The switch drops any inbound frames larger than the MTU allowed on the port. On ports operating at 10 Mbps or 100 Mbps, the MTU is fixed at 1522 bytes.
Port Status and Basic Configuration Jumbo Frames Operating Rules ■ Required Port Speed: Allows inbound and outbound jumbo frames on ports operating at speeds of 1 gigabit or higher. At lower port speeds, only standard (1522-byte or smaller) frames are allowed, regardless of the jumbo configuration. ■ Flow Control: Disable flow control (the default setting) on any ports or trunks through which you want to transmit or receive jumbo frames.
Port Status and Basic Configuration Jumbo Frames Overview 1. Determine the VLAN membership of the ports or trunks through which you want the switch to accept inbound jumbo traffic. For operation with GVRP enabled, refer to the GVRP topic under “Operating Rules”, above. 2. Ensure that the ports through which you want the switch to receive jumbo frames are operating at least at gigabit speed. (Check the Mode field in the output for the show interfaces brief < port-list > command.) 3.
Port Status and Basic Configuration Jumbo Frames Viewing the Current Jumbo Configuration Syntax: show vlans Lists the static VLANs configured on the switch and includes a Jumbo column to indicate which VLANs are configured to support inbound jumbo traffic. All ports belonging to a jumbo-enabled VLAN can receive jumbo traffic. (For more information refer to “Operating Notes for Jumbo TrafficHandling” on page 10-24.) See figure 10-10, below.
Port Status and Basic Configuration Jumbo Frames Indicates which static VLANs are configured to enable jumbo packets. Figure 10-11. Example of Listing the VLAN Memberships for a Range of Ports Syntax: show vlans < vid > This command shows port membership and jumbo configuration for the specified < vid >. Lists the ports belonging to VLAN 100 and whether the VLAN is enabled for jumbo packet traffic. Figure 10-12.
Port Status and Basic Configuration Jumbo Frames Enabling or Disabling Jumbo Traffic on a VLAN Syntax: vlan < vid > jumbo [ no ] vlan < vid > jumbo Configures the specified VLAN to allow jumbo frames on all ports on the switch that belong to that VLAN. If the VLAN is not already configured on the switch, vlan < vid > jumbo also creates the VLAN.
Port Status and Basic Configuration Jumbo Frames This same condition generates a Fault-Finder message in the Alert log of the switch’s web browser interface, and also increments the switch’s “Giant Rx” counter. ■ If you do not want all ports in a given VLAN to accept jumbo frames, you can consider creating one or more jumbo VLANs with a membership comprised of only the ports you want to receive jumbo traffic.
Port Status and Basic Configuration Jumbo Frames 1 2 3 4 5 6 Jumbo-Enabled VLAN Non-Jumbo VLAN VLAN 10 VLAN 20 Port 3 belongs to both VLAN 10 and VLAN 20. Jumbo packets received inbound on port 3 can be forwarded out the Non-Jumbo ports 4, 5, and 6. Figure 10-13.
Port Status and Basic Configuration QoS Passthrough Mode QoS Passthrough Mode QoS Passthrough mode is designed to enhance the performance of line-rate traffic transfers through the switch. This feature should only be used in environments where Quality of Service (QoS) is not of major importance, but where lossless data transfers are key. This command disables any discrimination of QoS queues for traffic, consolidating frame buffer memory to provide line-rate flows with no loss of data.
Port Status and Basic Configuration QoS Passthrough Mode Note As stated earlier, use of this QoS-Passthrough-Mode feature generally assumes that QoS tagged frames are not being sent through the switch. The receipt of priority 6 or 7 packets may in fact suffer packet drops depending on the traffic load of non-priority 6 or 7 packets. Priority Mapping With and Without QoS Passthrough Mode The switch supports 802.
Port Status and Basic Configuration QoS Passthrough Mode optimized: Consists of two queues; a smaller queue for protocol packets and a larger queue for all other traffic. typical: Consists of four queues consisting of a large queue for normal traffic and small queues for protocol and low priority traffic.
Port Status and Basic Configuration Configuring Port-Based Priority for Incoming Packets Configuring Port-Based Priority for Incoming Packets Feature Default Assigning a priority level to traffic on the basis of incoming port Disabled Menu n/a CLI Web page 10-33 n/a When network congestion occurs, it is important to move traffic on the basis of relative importance.
Port Status and Basic Configuration Configuring Port-Based Priority for Incoming Packets downstream device. If the outbound port is not configured as a tagged member of the VLAN, then the tag is stripped from the packet, which then exits from the switch without a priority setting.
Port Status and Basic Configuration Configuring Port-Based Priority for Incoming Packets For example, suppose you have configured port A10 to assign a priority level of 1 (low): Note ■ An untagged packet coming into the switch on port A10 and leaving the switch through any other port configured as a tagged VLAN member would leave the switch as a tagged packet with a priority level of 1. ■ A tagged packet with an 802.
Port Status and Basic Configuration Configuring Port-Based Priority for Incoming Packets ■ On a given port, an inbound, tagged packet received on the port with a preset priority of 1 - 7 in its tag keeps that priority and is assigned an outbound queue on the basis of that priority (regardless of the port-based priority configured on the port). (Refer to table 10-3, “Mapping Priority Settings to Device Queues” on page 10-31.
Port Status and Basic Configuration Configuring Port-Based Priority for Incoming Packets For example, suppose you wanted to configure ports A10 -A12 on the switch to prioritize all untagged, inbound VLAN traffic as “Low” (priority level = 1; refer to table 10-3 on page 10-31). Configures port-based priority on ports A9 -A12 to "1" (Low) and saves the configuration changes to the startupconfig file. Ports A9 - A12 are now configured to assign a priority level of "1" (Low) to untagged, incoming traffic.
Port Status and Basic Configuration Using Friendly (Optional) Port Names Using Friendly (Optional) Port Names Feature Configure Friendly Port Names Display Friendly Port Names Default Menu CLI Web Standard Port Numbering n/a page 36 n/a n/a n/a page 37 n/a This feature enables you to assign alphanumeric port names of your choosing to augment automatically assigned numeric port names.
Port Status and Basic Configuration Using Friendly (Optional) Port Names ■ To retain friendly port names across reboots, you must save the current running-configuration to the startup-config file after entering the friendly port names. (In the CLI, use the write memory command.) Configuring Friendly Port Names Syntax: interface name Assigns a port name to port-list. no interface name Deletes the port name from port-list. Configuring a Single Port Name.
Port Status and Basic Configuration Using Friendly (Optional) Port Names Figure 10-17. Example of Configuring One Friendly Port Name on Multiple Ports Displaying Friendly Port Names with Other Port Data You can display friendly port name data in the following combinations: ■ show name: Displays a listing of port numbers with their corresponding friendly port names and also quickly shows you which ports do not have friendly name assignments. (show name data comes from the runningconfig file.
Port Status and Basic Configuration Using Friendly (Optional) Port Names For example: Ports Without "Friendly" Name Friendly port names assigned in previous examples. Figure 10-18. Example of Friendly Port Name Data for All Ports on the Switch Port Without a "Friendly" Name Friendly port names assigned in previous examples. Figure 10-19. Example of Friendly Port Name Data for Specific Ports on the Switch Including Friendly Port Names in Per-Port Statistics Listings.
Port Status and Basic Configuration Using Friendly (Optional) Port Names Friendly Port Name Figure 10-20. Example of a Friendly Port Name in a Per-Port Statistics Listing For a given port, if a friendly port name does not exist in the running-config file, the Name line in the above command output appears as: Name : not assigned To Search the Configuration for Ports with Friendly Port Names. This option tells you which friendly port names have been saved to the startupconfig file.
Port Status and Basic Configuration Uni-Directional Link Detection (UDLD) For example, if you configure port A1 with a friendly port name: This command sequence saves the friendly port name for port A1 in the startupconfig file, but does not do so for the name entered for port A2. Listing includes friendly port name for port A1 only. In this case, show config lists only port A1.
Port Status and Basic Configuration Uni-Directional Link Detection (UDLD) Scenario 1 (No UDLD): Without UDLD, the switch ports remain enabled despite the link failure. Traffic continues to be load-balanced to the ports connected to the failed link. Scenario 2 (UDLD-enabled): When UDLD is enabled, the feature blocks the ports connected to the failed link. Third Party Switch Fiber ProCurve Switch ProCurve Switch ProCurve Switch Link Failure Third Party Switch Trunk Third Party Switch Figure 10-22.
Port Status and Basic Configuration Uni-Directional Link Detection (UDLD) When a port is blocked by UDLD, the event is recorded in the switch log or via an SNMP trap (if configured); and other port blocking protocols, like spanning tree or meshing, will not use the bad link to load balance packets. The port will remain blocked until the link is unplugged, disabled, or fixed. The port can also be unblocked by disabling UDLD on the port.
Port Status and Basic Configuration Uni-Directional Link Detection (UDLD) Determines the maximum number of retries to send UDLD control packets. The parameter specifies the maximum number of times the port will try the health check. You can specify a value from 3 – 10. Default: 5 Syntax: [no] interface link-keepalive vlan Assigns a VLAN ID to a UDLD-enabled port for sending of tagged UDLD control packets.
Port Status and Basic Configuration Uni-Directional Link Detection (UDLD) Changing the Keepalive Retries By default, a port waits five seconds to receive a health-check reply packet from the port at the other end of the link. If the port does not receive a reply, the port tries four more times by sending up to four more health-check packets. If the port still does not receive a reply after the maximum number of retries, the port goes down.
Port Status and Basic Configuration Uni-Directional Link Detection (UDLD) Viewing UDLD Information The following show commands allow you to display UDLD configuration and status via the CLI. Syntax: show link-keepalive Displays all the ports that are enabled for link-keepalive. Syntax: show link-keepalive statistics Displays detailed statistics for the UDLD-enabled ports on the switch. Syntax: clear link-keepalive statistics Clears UDLD statistics.
Port Status and Basic Configuration Uni-Directional Link Detection (UDLD) To display detailed UDLD information for specific ports, enter the show linkkeepalive statistics command. For example: Ports 1 and 2 are UDLD-enabled and show the number of health check packets sent and received on each port.
Port Status and Basic Configuration Uni-Directional Link Detection (UDLD) Configuration Warnings and Event Log Messages Warning Messages. The following table shows the warning messages that may be issued and their possible causes, when UDLD is configured for tagged ports. Table 10-1. Warning Messages caused by configuring UDLD for Tagged Ports CLI Command Example Warning Message Possible Problem link-keepalive 6 Possible configuration problem detected on port 6.
Port Status and Basic Configuration Uni-Directional Link Detection (UDLD) 10-48
11 Power Over Ethernet (PoE) Operation Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2 Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2 Related Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Power Over Ethernet (PoE) Operation Overview Overview Power Over Ethernet (PoE) technology allows IP telephones, wireless LAN access points, and other powered devices (PDs) to receive power and transfer data over existing LAN cabling.
Power Over Ethernet (PoE) Operation Overview Related Publications This chapter introduces general PoE operation, PoE configuration and monitoring commands, and event log messages related to PoE operation on the ProCurve Series 2610-PWR switches. The following two manuals provide further information: ■ For information on installation, refer to the ProCurve Series 2610 Switches Installation and Reference Guide provided with the switch.
Power Over Ethernet (PoE) Operation Power Availability and Provisioning Power Availability and Provisioning Powered Device (PD) Support The switch must have a minimum of 15.4 watts of unused PoE power available when you connect an 802.3af-compliant PD, regardless of how much power the PD actually uses. Note that once a PD connects to a port and begins operating, the port retains only enough PoE power to support the PD’s operation. Unneeded power becomes available for supporting other PD connections.
Power Over Ethernet (PoE) Operation Power Availability and Provisioning Power Priority In the default configuration PoE power priority is determined by port number, with the lowest numbered port having the highest priority. When Does the Switch Prioritize Power Allocations? If the switch can provide power for all existing PD demands, it does not use its power priority settings to allocate power.
Power Over Ethernet (PoE) Operation Power Availability and Provisioning Port Priority Setting Configuration Command1 and Resulting Operation 9 - 12 High This priority class receives power only if all PDs on ports with a Critical priority setting are receiving full power. If there is not enough power to provision PDs on all ports with a High priority, then no power goes to ports with a Low priority.
Power Over Ethernet (PoE) Operation Configuring PoE Operation Configuring PoE Operation By default, PoE support is enabled on the switch’s 10/100Base-TX ports, with the power priority set to Low and the power threshold set to 80 (%). The following commands allow you to adjust these settings. Syntax: power threshold < 1 - 99 > The power threshold is a configurable percentage of the total PoE power available on the switch.
Power Over Ethernet (PoE) Operation Configuring PoE Operation Syntax: interface [e] < port-list > power [ critical | high | low ] Reconfigures the PoE priority level on < port-list >. For a given level, the switch automatically prioritizes ports by port number (in ascending order). If there is not enough power available to provision all active PoE ports at a given priority level, then the lowest-numbered port at that level will be provisioned first, and so on.
Power Over Ethernet (PoE) Operation Configuring PoE Operation PoE for Pre-802.3af-standard PDs By default, all ProCurve PoE switches support 802.3af-standard PDs. In addition, the switches covered in this guide have the ability to supply power to pre-802.3af-standard devices, such as legacy (non-standard) IP phones. Note When the switch is in legacy detection mode, the detection signature range is expanded beyond the IEEE specification. This allows non-compliant devices to be powered.
Power Over Ethernet (PoE) Operation Configuring PoE Operation For information on the meaning of other power status parameters, refer to “Viewing PoE Configuration and Status” on page 11-11.
Power Over Ethernet (PoE) Operation Viewing PoE Configuration and Status Viewing PoE Configuration and Status Displaying the Switch’s Global PoE Power Status Syntax: show power-management Displays the switch’s global PoE power status, including: • Max Power: Lists the maximum PoE wattage available to provision active PoE ports on the switch. • Power In Use: Lists the amount of PoE power presently in use. • Operational Status: Indicates whether PoE power is available on the switch.
Power Over Ethernet (PoE) Operation Viewing PoE Configuration and Status Displaying an Overview of PoE Status on All Ports Syntax: show power-management brief Displays the following port power status: • Port: Lists all PoE-capable ports on the switch. • Power Enable: Shows Yes for ports on which PoE is enabled (the default) and No for ports on which PoE is disabled. • Priority: Lists the power priority (Low, High, and Critical) configured on ports enabled for PoE.
Power Over Ethernet (PoE) Operation Viewing PoE Configuration and Status Displaying the PoE Status on Specific Ports Syntax: show power-management Displays the following PoE status and statistics (since the last reboot) for each port in < port-list >: • Power Enable: Shows Yes for ports enabled to support PoE (the default) and No for ports on which PoE is disabled. • Priority: Lists the power priority (Low, High, and Critical) configured on ports enabled for PoE.
Power Over Ethernet (PoE) Operation Planning and Implementing a PoE Configuration For example, if you wanted to view the PoE status of port 5, you would use show power-management 5 to display the data: ProCurve(config)# show power-management 5 Status and Counters - Port Power Status for port 5 Power Enable Priority Detection : Yes : Low Status : Delivering Configured Type Power Class : : 0 Over Current Cnt Power Denied Cnt : 0 : 0 MPS Absent Cnt Short Cnt : 2 : 0 Voltage Power : 545 dV : 711 mW
Power Over Ethernet (PoE) Operation PoE Event Log Messages ■ MAC Address Security: Using Port Security, you can configure each switch port with a unique list of up to eight MAC addresses for devices that are authorized to access the network through that port. For more information, refer to the chapter titled “Configuring and Monitoring Port Security” in the Access Security Guide for your switch.
Power Over Ethernet (PoE) Operation PoE Event Log Messages POE usage is below configured threshold of <1 - 99> % < slot-# > POE usage is below configured threshold of <1-99> % Indicates that POE usage in the switch or indicated slot (if the switch includes module slots) has decreased below the threshold specified by the last execution of the global power threshold <1 - 99> command.
Power Over Ethernet (PoE) Operation PoE Event Log Messages POE usage has exceeded threshold of < 1 - 99 > % < slot-# > POE usage has exceeded threshold of < 1 - 99 > % Indicates that POE usage in the switch or indicated slot (if the switch includes module slots) has exceeded the configured threshold for the switch, as specified by the last execution of the power threshold < 1 - 99 > command. (Note that the switch also generates an SNMP trap for this event.
Power Over Ethernet (PoE) Operation PoE Event Log Messages 11-18
12 Port Trunking Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2 Port Status and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2 Port Connections and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3 Link Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3 Port Trunk Options and Operation . . . . . . . . . . . . . . . . . .
Port Trunking Overview Overview This chapter describes creating and modifying port trunk groups. This includes non-protocol trunks and LACP (802.3ad) trunks.
Port Trunking Port Status and Configuration The multiple physical links in a trunk behave as one logical link Switch 1: Ports c1 - c4 configured as a port trunk group. port c1 port c2 port c3 port c4 port c5 port c6 port c7 port a1 port a2 port a3 port a4 port a5 port a6 port a7 ... ... port n port n Switch 2: Ports a2 and a4 - a6 are configured as a port trunk group Figure 12-1.
Port Trunking Port Status and Configuration LACP Note LACP operation requires full-duplex (FDx) links. For most installations, ProCurve recommends that you leave the port Mode settings at Auto (the default). LACP also operates with Auto-10, Auto-100, and Auto-1000 (if negotiation selects FDx); 10FDx, 100FDx, and 1000FDx settings. Fault Tolerance: If a link in a port trunk fails, the switch redistributes traffic originally destined for that link to the remaining links in the trunk.
Port Trunking Port Status and Configuration Table 12-1. Trunk Types Used in Static and Dynamic Trunk Groups Trunking Method LACP Trunk Dynamic Yes No Static Yes Yes Table 12-2. Trunk Configuration Protocols Protocol Trunking Options LACP (802.3ad) Provides dynamic and static LACP trunking options. • Dynamic LACP — Use the switch-negotiated dynamic LACP trunk when: – The port on the other end of the trunk link is configured for Active or Passive LACP.
Port Trunking Port Status and Configuration Table 12-3. General Operating Rules for Port Trunks Media: All ports on both ends of a trunk group must have the same media type and mode (speed and duplex). The switch blocks any trunked links that do not conform to this rule. (For the switches covered in this guide, ProCurve recommends leaving the port Mode setting at Auto or, in networks using Cat 3 cabling, Auto-10.
Port Trunking Port Status and Configuration Spanning Tree: Spanning Tree operates as a global setting on the switch (one instance of Spanning Tree per switch). However, you can adjust Spanning Tree parameters on a per-port basis. A static trunk of any type appears in the Spanning Tree configuration display, and you can configure Spanning Tree parameters for a static trunk in the same way that you would configure Spanning Tree parameters on a non-trunked port.
Port Trunking Port Status and Configuration Menu: Viewing and Configuring a Static Trunk Group Important Configure port trunking before you connect the trunked links to another switch, routing switch, or server. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured. See “Using the CLI To Configure Ports” on page 10-11.
Port Trunking Port Status and Configuration • All ports in a trunk must have the same media type and mode (such as 10/100TX set to 100FDx, or 100FX set to 100FDx). The flow control settings must also be the same for all ports in a given trunk. To verify these settings, see “Viewing Port Status and Configuring Port Parameters” on page 10-3. • You can configure the trunk group with up to 8 ports per trunk.
Port Trunking Port Status and Configuration 8. Connect the trunked ports on the switch to the corresponding ports on the opposite device. If you previously disabled any of the trunked ports on the switch, enable them now. (See “Viewing Port Status and Configuring Port Parameters” on page 10-3.) Check the Event Log (“Using Logging To Identify Problem Sources” on page C-21) to verify that the trunked ports are operating properly.
Port Trunking Port Status and Configuration Using a port list specifies, for switch ports in a static trunk group, only the ports you want to view. In this case, the command specifies ports A5 through A7. However, because port A6 is not in a static trunk group, it does not appear in the resulting listing: Port A5 appears with an example of a name that you can optionally assign using the Friendly Port Names feature. (See “Using Friendly (Optional) Port Names” on page 10-35.
Port Trunking Port Status and Configuration Listing Static LACP and Dynamic LACP Trunk Data. This command lists data for only the LACP-configured ports. Syntax: show lacp In the following example, ports A1 and A2 have been previously configured for a static LACP trunk. (For more on “Active”, see table 12-5 on page 12-18.) Figure 12-6. Example of a Show LACP Listing Dynamic LACP Standby Links.
Port Trunking Port Status and Configuration On the 2610-24 switch you can configure up to twelve port trunk groups having up to eight links each (with additional standby links if you’re using dynamic LACP). On the 2610-48 switch you can configure up to twenty-four port trunk groups having up to eight links each.
Port Trunking Port Status and Configuration ProCurve(config)# no trunk c4-c5 Enabling a Dynamic LACP Trunk Group. In the default port configuration, all ports on the switch are set to LACP Passive. However, to enable the switch to automatically form a trunk group that is dynamic on both ends of the link, the ports on one end of a set of links must be LACP Active. The ports on the other end can be either LACP Active or LACP Passive.
Port Trunking Port Status and Configuration Caution Unless STP is running on your network, removing a port from a trunk can result in a loop. To help prevent a broadcast storm when you remove a port from a trunk where STP is not in use, ProCurve recommends that you first disable the port or disconnect the link on that port. Syntax: no interface lacp In this example, port C6 belongs to an operating, dynamic LACP trunk.
Port Trunking Port Status and Configuration LACP trunk status commands include: Trunk Display Method Static LACP Trunk Dynamic LACP Trunk CLI show lacp command Included in listing. Included in listing. CLI show trunk command Included in listing. Not included. Port/Trunk Settings screen in menu interface Included in listing. Not included Thus, to display a listing of dynamic LACP trunk ports, you must use the show lacp command.
Port Trunking Port Status and Configuration Table 12-4. LACP Trunk Types LACP Port Trunk Operation Configuration Dynamic LACP This option automatically establishes an 802.3ad-compliant trunk group, with LACP for the port Type parameter and DynX for the port Group name, where X is an automatically assigned value from 1 to 12 (ProCurve 2610-24) or 1-24 (ProCurve 2610-48), depending on how many dynamic and static trunks are currently on the switch.
Port Trunking Port Status and Configuration Default Port Operation In the default configuration, all ports are configured for passive LACP. However, if LACP is not configured, the port will not try to detect a trunk configuration and will operate as a standard, untrunked port. Note Passive and active LACP port will pause and listen for LACP packets once a link is established. Once this pause is complete then the port, if a trunk is not detected, will be placed in forwarding mode.
Port Trunking Port Status and Configuration Status Name Meaning LACP Partner Yes: LACP is enabled on both ends of the link. No: LACP is enabled on the switch, but either LACP is not enabled or the link has not been detected on the opposite device. LACP Status Success: LACP is enabled on the port, detects and synchronizes with a device on the other end of the link, and can move traffic across the link.
Port Trunking Port Status and Configuration ProCurve(config)# int a17 lacp passive Error configuring port A17: LACP and port security cannot be run together. To restore LACP to the port, you must remove port security and re-enable LACP active or passive. Changing Trunking Methods. To convert a trunk from static to dynamic, you must first eliminate the static trunk. Static LACP Trunks.
Port Trunking Port Status and Configuration Easy control methods include either disabling LACP on the selected ports or configuring them to operate in static LACP trunks. STP and IGMP. If spanning tree (STP) and/or IGMP is enabled in the switch, a dynamic LACP trunk operates only with the default settings for these features and does not appear in the port listings for these features. Half-Duplex and/or Different Port Speeds Not Allowed in LACP Trunks.
Port Trunking Port Status and Configuration Dynamic LACP Trunk Group: Appears in the output from the CLI show lacp command.
Port Trunking Port Status and Configuration Broadcasts, multicasts, and floods from different source addresses are distributed evenly across the links. As links are added or deleted, the switch redistributes traffic across the trunk group. For example, in figure 12-9 showing a three-port trunk, traffic could be assigned as shown in table 12-6. A B C D C1 Switch C 2 C3 W X Y Z Switch Figure 12-9. Example of Port-Trunked Network Table 12-6.
Port Trunking Port Status and Configuration 12-24
13 Configuring for Network Management Applications Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2 Port Status and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2 Port Connections and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3 Link Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3 Port Trunk Options and Operation .
Configuring for Network Management Applications Contents LLDP Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-31 Options for Reading LLDP Information Collected by the Switch . . 13-34 LLDP Standards Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-34 LLDP Operating Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-35 LLDP Operation and Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Using SNMP Tools To Manage the Switch Overview You can manage the switch via SNMP from a network management station running an application such as ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+). For more on PCM and PCM+, visit the ProCurve web site at: www.procurve.com Click on products index in the sidebar, then click on the appropriate link appearing under the Network Management heading.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Management Features SNMP management features on the switch include: ■ SNMP version 1, version 2c or version 3 over IP ■ Security via configuration of SNMP communities (page 13-4) ■ Security via authentication and privacy for SNMP Version 3 access ■ Event reporting via SNMP • Version 1 traps • RMON ■ ProCurve Manager/Plus support ■ Flow sampling using either EASE or sFlow ■ Standard MIBs, such as the B
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch If you want to restrict access to one or more specific nodes, you can use the switch’s IP Authorized Manager feature. (Refer to the Access Security Guide for your switch.) Caution The “public” community exists by default and is used by ProCurve’s network management applications.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Version 3 Commands SNMP version 3 (SNMPv3) adds new commands to the CLI for configuring SNMPv3 functions. You can: Caution ■ Enable SNMPv3 with the snmpv3 enable command. An initial user entry will be generated with MD5 authentication and DES privacy. ■ Restrict access to only SNMPv3 agents with the snmpv3 only command.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMPv3 Enable The snmpv3 enable command starts a dialog that performs three functions: enabling the switch to receive SNMPv3 messages, configuring the initial users, and, optionally, to restrict non version-3 messages to “read only”. Figure 13-1 shows and example of this dialog.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Version 3 Users The second step to using SNMPv3 on the switch is to configure the users that you assign to different groups. To establish users on the switch: Caution a. Add the users to the User table. This is done with the snmpv3 user command. To view the users in the list you use the show snmpv3 user command. b. Assign users to Security Groups based on their security model.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch [no] snmpv3 group group_name user user_name sec-model (— Continued —) user user_name This is the user to be added to the access group. This must match the user name added with the snmpv3 user command. sec-model This defines which security model to use for the added user. A SNMPv3 access Group should only use the ver3 security model.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Then you must set the group access level to the user. This is done with the snmpv3 group command. For more details on the MIBs access for a give group see “Group Access Levels” on page 13-11. Add NetworkAdmin to operator noauth group Add NetwrokMgr to managerpriv group Pre-assigned groups for access by Version 2c and version 1 management applications Figure 13-3.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Group Access Levels The switch supports eight predefined group access levels. There are four levels for use with version 3 users and four are used for access by version 2c or version 1 management applications.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Communities SNMP commuities are supported by the switch to allow management application that use version 2c or version 1 to access the switch. The communities are mapped to Group Access Levels that are used for version 2c or version 1 support. For more information see “Group Access Levels” on page 13-11.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Figure 13-4 shows the assigning of the Operator community on MgrStation1 to the CommunityOperatorReadWrite group. Any other Operator only has an access level of CommunityOperatorReadOnly. Add mapping to allow write access for Operator community on MgrStation1 Two Operator Access Levels Figure 13-4. Assigning a Community to a Group Access Level Table 13-1.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Caution Deleting or changing the community named “public” prevents network management applications (such as auto-discovery, traffic monitoring, SNMP trap generation, and threshold setting) from operating in the switch. (Changing or deleting the “public” name also generates an Event Log message.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch If you are adding a community, the fields in this screen are blank. If you are editing an existing community, the values for the currently selected Community appear in the fields. Type the value for this field. Use the Space bar to select values for other fields Figure 13-6.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch CLI: Viewing and Configuring SNMP Community Names Community Name Commands Page show snmp-server [] 13-16 [no] snmp-server 13-17 [community ] 13-17 [host ] [] 13-21 [enable traps 13-25 Listing Community Names and Values.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring Community Names and Values. The snmp-server command enables you to add SNMP communities with either default or specific access attributes, and to delete specific communities. Syntax: [no] snmp-server community < community-name > Configures a new community name. If you do not also specify operator or manager, the switch automatically assigns the community to the operator MIB view.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Notification and Traps The switches covered in this guide support the SNMPv3 notification process. They also support version 1or version 2c traps. For more information on version 1 or version 2c traps, see “Trap Features” on page 13-20. The SNMPv3 notification process allows for the messages passed to be authenticated and encrypted if you choose. To set up a SNMPv3 notification there are three steps: 1.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch [no] snmpv3 targetaddress < addr-name > params < parms-name> < IP-Addr > ( — Continued — ) max-msg-size The maximum number of bytes of length a message to this target can be. ( Default:1472) taglist < tag-params > Set list of values used to select this entry from snmpNotifyTable. [no] snmpv3 params < params-name > user < user-name > Add or delete a user parameter for use with target address.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Trap Features Feature Default Menu CLI Web snmp-server host (trap receiver) public — page 13-21 — snmp-server enable (authentication trap) none — page 13-25 — A trap receiver is a management station designated by the switch to receive SNMP traps sent from the switch. An authentication trap is a specialized SNMP trap sent to trap receivers when an unauthorized management station tries to access the switch.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Using the CLI To List Current SNMP Trap Receivers. This command lists the currently configured trap receivers and the setting for authentication traps (along with the current SNMP community name data — see “SNMP Communities” on page 13-12). Syntax: show snmp-server Displays current community and trap receiver data.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Note If you specify a community name that does not exist—that is, has not yet been configured on the switch—the switch still accepts the trap receiver assignment. However, no traps will be sent to that trap receiver until the community to which it belongs has been configured on the switch.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch If the sending agent does not receive an SNMP response back from the SNMP Manager within the timeout period, the inform request may be resent, based on the retry count value. You must specify an IP address that will receive the notifications and the community name. Note The retries and timeout options are not used when using trap requests.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Sending Event Log Messages as Traps Use the following options to send Event Log messages as traps. Table 13-2. Options for Sending Event Log Messages as Traps Event Level Description None (default) Send no log messages. All Send all log messages. Not INFO Send the log messages that are not information-only. Critical Send critical-level log messages. Debug Reserved for ProCurve-internal use.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Using the CLI To Enable Authentication Traps. Syntax: [no] snmp-server enable traps authentication Enables or disables sending an authentication trap to the configured trap receiver(s) if an unauthorized management station attempts to access the switch. For example: ProCurve(config)# snmp-server enable traps authentication Check the Event Log in the console interface to help determine why the authentication trap was sent.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Displays status information about sFlow sampling and polling. The show sflow agent command displays read-only switch agent information. The version information shows the sFlow version, MIB support and software versions; the agent address is typically the ip address of the first vlan configured on the switch. ProCurve# show sflow agent Version Agent Address 1.3;HP;K.12.XX 10.0.10.228 Figure 13-11.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch ■ Timeout displays the number of seconds remaining before the switch agent will automatically disable sFlow (this is set by the management station and decrements with time). ■ Max Datagram Size shows the currently set value (typically a default value, but this can also be set by the management station).
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP (Link-Layer Discovery Protocol) To standardize device discovery on all ProCurve switches, LLDP has been implemented while offering limited read-only support for CDP as documented in this manual. For current information on your switch model, consult the latest Release Notes (available on the ProCurve Networking web site).
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Also, by using show commands to access the switch’s neighbor database for information collected by an individual switch, system administrators can learn about other devices connected to the switch, including device type (capability) and some configuration information. LLDP Terminology Adjacent Device: Refer to “Neighbor or Neighbor Device”. Advertisement: See LLDPDU.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) General LLDP Operation An LLDP packet contains data about the transmitting switch and port. The switch advertises itself to adjacent (neighbor) devices by transmitting LLDP data packets out all ports on which outbound LLDP is enabled, and reading LLDP advertisements from neighbor devices on ports that are inbound LLDPenabled. (LLDP is a one-way protocol and does not include any acknowledgement mechanism.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Transmit and Receive Mode. With LLDP enabled, the switch periodically transmits an LLDP advertisement (packet) out each active port enabled for outbound LLDP transmissions, and receives LLDP advertisements on each active port enabled to receive LLDP traffic (page 13-42). Per-Port configuration options include four modes: ■ Transmit and Receive (tx_rx): This is the default setting on all ports.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Data Type Configuration Options Default Description Remote Management Address Type4, 6 N/A Always Enabled Shows the network address type. Address4 Default or Configured System Name6 Enable/Disable Enabled Uses the switch’s assigned name. System Description6 Enable/Disable Enabled Includes switch model name and running software version, and ROM version.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Options for Reading LLDP Information Collected by the Switch You can extract LLDP information from the switch to identify adjacent LLDP devices. Options include: ■ Using the switch’s show lldp info command options to display data collected on adjacent LLDP devices—as well as the local data the switch is transmitting to adjacent LLDP devices (page 13-35).
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP Operating Rules Port Trunking. LLDP manages trunked ports individually. That is, trunked ports are configured individually for LLDP operation, in the same manner as non-trunked ports. Also, LLDP sends separate advertisements on each port in a trunk, and not on a per-trunk basis. Similarly, LLDP data received through trunked ports is stored individually, per-port. IP Address Advertisements.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP Operation and Commands In the default configuration, LLDP is enabled and in both transmit and receive mode on all active ports. The LLDP configuration includes global settings that apply to all active ports on the switch, and per-port settings that affect only the operation of the specified ports.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) For example, show lldp config produces the following display when the switch is in the default LLDP configuration: Note: This value corresponds to the lldp refresh-interval command (page 13-38). Figure 13-15. Example of Viewing the General LLDP Configuration Displaying Port Configuration Details. This command displays the portspecific configuration, including .
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) The blank IpAddress field indicates that the default IP address will be advertised from this port. (Refer to page 13-42: “Configuring a Remote Management Address for Outbound LLDP Advertisements” Figure 13-16. Example of Per-Port Configuration Display Configuring Global LLDP Packet Controls The commands in this section configure the aspects of LLDP operation that apply the same to all ports in the switch.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Changing the Transmission Interval for LLDP Packets. This interval controls how often active ports retransmit advertisements to their neighbors. Syntax lldp refresh-interval < 5 - 32768 > Changes the interval between consecutive transmissions of LLDP advertisements on any given port. (Default: 30 seconds) Note: The refresh-interval must be greater than or equal to (4 x delay-interval). (The default delay-interval is 2).
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Changing the Delay Interval Between Advertisements Generated by Value or Status Changes to the LLDP MIB. The switch uses a delayinterval setting to delay transmitting successive advertisements resulting from these LLDP MIB changes. If a switch is subject to frequent changes to its LLDP MIB, lengthening this interval can reduce the frequency of successive advertisements.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Changing the Reinitialization Delay Interval. In the default configuration, a port receiving a disable command followed immediately by a txonly, rxonly, or tx_rx command delays reinitializing for two seconds, during which time LLDP operation remains disabled.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) For example, this command enables SNMP notification on ports 1 - 5: ProCurve(config)# lldp enable-notification 1-5 Changing the Minimum Interval for Successive LLDP Data Change Notifications for the Same Neighbor. If LLDP trap notification is enabled on a port, a rapid succession of changes in LLDP information received in advertisements from one or more neighbors can generate a high number of traps.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Configuring Per-Port LLDP Transmit and Receive Modes These commands control LLDP advertisement traffic inbound and outbound on active ports. Syntax lldp admin-status < port-list > < txonly | rxonly | tx_rx | disable > With LLDP enabled on the switch in the default LLDP configuration, each port is configured to transmit and receive LLDP packets.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax [ no ] lldp config < port-list > ipAddrEnable < ip-address > Replaces the default IP address for the port with an IP address you specify. This can be any IP address configured in a static VLAN on the switch, even if the port does not belong to the VLAN configured with the selected IP address. The no form of the command deletes the specified IP address.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax [ no ] lldp config < port-list > basicTlvEnable < TLV-Type > port_descr For outbound LLDP advertisements, includes an alphanumeric string describing the port. system_name For outbound LLDP advertisements, includes the system’s assigned name.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying Switch Information Available for Outbound Advertisements These commands display the current switch information that will be used to populate outbound LLDP advertisements. Syntax show lldp info local-device [ port-list ] Without the [ port-list ] option, this command displays the global switch information and the per-port information currently available for populating outbound LLDP advertisements.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) The Management Address field displays only the LLDP-configurable IP addresses on the switch. (Only manually-configured IP addresses are LLDP-configurable.) If the switch has only an IP address from a DHCP or Bootp server, then the Management Address field is empty (because there are no LLDPconfigurable IP addresses available). For more on this topic, refer to “Remote Management Address” on page 13-32. Figure 13-18.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax show lldp info remote-device [ port-list ] Without the [ port-list ] option, this command provides a global list of the individual devices it has detected by reading LLDP advertisements (and also CDP advertisements). Discovered devices are listed by the inbound port on which they were discovered.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) The data shown for port 3 was translated from a CDP advertisement from a 5300xl switch with LLDP disabled. (Not all fields expected by the LLDP device are populated with the CDP data.) Figure 13-20. Example of a Global Listing of Discovered Devices Example of an LLDP advertisement received from a 3400cl-48G neighbor on port 1. Figure 13-21.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying LLDP Statistics LLDP statistics are available on both a global and a per-port levels. Rebooting the switch resets the LLDP statistics counters to zero. Disabling the transmit and/or receive capability on a port “freezes” the related port counters at their current values.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) — Continued from the preceding page. — Per-Port LLDP Counters: NumFramesRecvd: Shows the total number of valid, inbound LLDP advertisements received from any neighbor(s) on < portlist >. Where multiple neighbors are connected to a port through a hub, this value is the total number of LLDP advertisements received from all sources. NumFramesSent: Shows the total number of LLDP advertisements sent from < port-list >.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Counters showing frames sent on a port but no frames received on that port indicates an active link with a device that either has LLDP disabled on the link or is not LLDPaware. Figure 13-22. Example of a Global LLDP Statistics Display Figure 13-23.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP Operating Notes Neighbor Maximum. The neighbors table in the switch supports as many neighbors as there are ports on the switch.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP and CDP Data Management This section describes points to note regarding LLDP (Link-Layer Discovery Protocol) and CDP (Cisco Discovery Protocol) data received by the switch from other devices. LLDP operation includes both transmitting LLDP packets to neighbor devices and reading LLDP packets received from neighbor devices. CDP operation is limited to reading incoming CDP packets from neighbor devices.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note Because ProCurve switches do not generate CDP packets, they are not represented in the CDP data collected by any neighbor devices running CDP. A switch with CDP disabled forwards the CDP packets it receives from other devices, but does not store the CDP information from these packets in its own MIB. LLDP data transmission/collection and CDP data collection are both enabled in the switch’s default configuration.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) CDP Operation and Commands By default the switches covered by this guide have CDP enabled on each port. This is a read-only capability, meaning that the switch can receive and store information about adjacent CDP devices but does not generate CDP packets.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) The following example shows the default CDP configuration. CDP Enable/Disable on the Switch Per-Port CDP Enable/Disable Figure 13-24. Example of Show CDP with the Default CDP Configuration Viewing the Switch’s Current CDP Neighbors Table. Devices are listed by the port on which they were detected.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Enabling CDP Operation. Enabling CDP operation (the default) on the switch causes the switch to add entries to its CDP Neighbors table for any CDP packets it receives from other neighboring CDP devices. Disabling CDP Operation. Disabling CDP operation clears the switch’s CDP Neighbors table and causes the switch to drop inbound CDP packets from other devices without entering the data in the CDP Neighbors table.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) 13-58
A File Transfers Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2 Downloading Switch Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2 General Switch Software Download Rules . . . . . . . . . . . . . . . . . . . . . A-3 Using TFTP To Download Switch Software from a Server . . . . . . . . A-3 Menu: TFTP Download from a Server to Primary Flash . . . . . . .
File Transfers Overview Overview You can download new switch software and upload or download switch configuration files. These features are useful for acquiring periodic switch software upgrades and for storing or retrieving a switch configuration. Note You can also use the WebAgent to upload or download software.
File Transfers Downloading Switch Software General Switch Software Download Rules Note ■ A switch software image downloaded through the menu interface always goes to primary flash. ■ After a switch software download, you must reboot the switch to implement the newly downloaded code. Until a reboot occurs, the switch continues to run on the software it was using before the download started. Downloading new switch software does not change the current switch configuration.
File Transfers Downloading Switch Software Note If your TFTP server is a Unix workstation, ensure that the case (upper or lower) that you specify for the filename is the same case as the characters in the switch software filenames on the server. Menu: TFTP Download from a Server to Primary Flash Note that the menu interface accesses only the primary flash. 1. In the console Main Menu, select Download OS to display this screen: Figure A-1. A-4 Example of the Download OS Screen (Default Values) 2.
File Transfers Downloading Switch Software Progress Bar Figure A-2. Example of the Download OS Screen During a Download A “progress” bar indicates the progress of the download. When the entire switch software file has been received, all activity on the switch halts and you will see Validating and writing system software to FLASH... 7. After the primary flash memory has been updated with the new switch software, you must reboot the switch to implement the newly downloaded code.
File Transfers Downloading Switch Software CLI: TFTP Download from a Server to Primary or Secondary Flash This command automatically downloads a switch software image to primary or secondary flash. Syntax: copy tftp flash < ip-address > < remote-os-file > [< primary | secondary >] Note that if you do not specify the flash destination, the Xmodem download defaults to primary flash. For example, to download a switch software file named G0502.swi from a TFTP server with the IP address of 10.28.227.
File Transfers Downloading Switch Software Using Secure Copy and SFTP For some situations you may want to use a secure method to issue commands or copy files to the switch. By opening a secure, encrypted SSH session you can then use a third-party software application to take advantage of Secure Copy (SCP) and Secure ftp (SFTP). SCP and SFTP provide a secure alternative to TFTP for transferring information that may be sensitive (like switch configuration files) to and from the switch.
File Transfers Downloading Switch Software Note SFTP over SSH version 1 (SSH v1) is not supported. A request from either the client or the switch (or both) using SSH v1 generates an error message. The actual text of the error message differs, depending on the client software in use. Some examples are: Protocol major versions differ: 2 vs. 1 Connection closed Protocol major versions differ: 1 vs.
File Transfers Downloading Switch Software The SCP/SFTP Process To use SCP and SFTP: 1. Open an SSH session as you normally would to establish a secure encrypted tunnel between your computer and the switch. For more detailed directions on how to open an SSH session see the chapter titled “Configuring Secure Shell (SSH)” in the Access Security Guide for your switch. Please note that this is a one-time procedure for new switches or connections.
File Transfers Downloading Switch Software Authentication Switch memory allows up to ten public keys. This means the authentication and encryption keys you use for your third-party client SCP/SFTP software can differ from the keys you use for the SSH session, even though both SCP and SFTP use a secure SSH tunnel. Note SSH authentication through a TACACS+ server and use of SCP or SFTP through an SSH tunnel are mutually exclusive.
File Transfers Downloading Switch Software ■ All files have read-write permission. Several SFTP commands, such as create or remove, are not allowed and return an error message.
File Transfers Downloading Switch Software 7. Download OS 2. Press [E] (for Edit). 3. Use the Space bar to select XMODEM in the Method field. 4. Press [Enter], then [X] (for eXecute) to begin the switch software download. The following message then appears: Press enter and then initiate Xmodem transfer from the attached computer..... 5. Press [Enter] and then execute the terminal emulator command(s) to begin Xmodem binary transfer. For example, using HyperTerminal: a.
File Transfers Downloading Switch Software Note that if you do not specify the flash destination, the Xmodem download defaults to primary flash. For example, to download a switch software file named G0103.swi from a PC (running a terminal emulator program such as HyperTerminal) to primary flash: 1. Execute the following command in the CLI: Figure A-4. 2. Example of the Command to Download Switch Software Using Xmodem Execute the terminal emulator commands to begin the Xmodem transfer.
File Transfers Downloading Switch Software Switch-to-Switch Download You can use TFTP to transfer a switch software file between two ProCurve switches that use the same software code base. The menu interface enables you to transfer primary-to-primary or secondary-to-primary. The CLI enables all combinations of flash location options.
File Transfers Downloading Switch Software General System Information b. Check the Firmware revision line. CLI: Switch-To-Switch Downloads You can download a switch software file between two switches that use the same code base and which are connected on your LAN. To do so, use a copy tftp command from the destination switch.The options for this CLI feature include: ■ Copy from primary flash in the source to either primary or secondary in the destination.
File Transfers Downloading Switch Software If you do not specify either a primary or secondary flash location for the destination, the download automatically goes to primary flash. For example, to download switch software from secondary flash in a switch with an IP address of 10.28.227.103 to the secondary flash in the destination switch, you would execute the following command in the destination switch’s CLI: Figure A-6.
File Transfers Troubleshooting TFTP Downloads Troubleshooting TFTP Downloads When using the menu interface, if a TFTP download fails, the Download OS screen indicates the failure. Message Indicating cause of TFTP Download Failure Figure A-7.
File Transfers Transferring Switch Configurations Note ■ For a Unix TFTP server, the file permissions for the switch software file do not allow the file to be copied. ■ Another console session (through either a direct connection to a terminal device or through Telnet) was already running when you started the session in which the download was attempted. If an error occurs in which normal switch operation cannot be restored, the switch automatically reboots itself.
File Transfers Transferring Switch Configurations TFTP: Copying a Configuration File to a Remote Host. Syntax: copy < startup-config | running-config > tftp < ip-addr > < remote-file > This command copies the switch’s startup configuration (startup-config file) to a remote TFTP host. For example, to upload the current startup configuration to a file named sw2610 in the configs directory on drive "d" in a remote host having an IP address of 10.28.227.105: ProCurve# copy startup-config tftp 10.28.227.
File Transfers Transferring Switch Configurations Xmodem: Copying a Configuration File from a Serially Connected PC or Unix Workstation. To use this method, the switch must be connected via the serial port to a PC or Unix workstation on which is stored the configuration file you want to copy. To complete the copying, you will need to know the name of the file to copy and the drive and directory location of the file.
File Transfers Copying Diagnostic Data to a Remote Host, PC, or Unix Workstation Copying Diagnostic Data to a Remote Host, PC, or Unix Workstation You can use the CLI to copy the following types of switch data to a text file in a management device: ■ Command Output: Sends the output of a switch CLI command as a file on the destination device. ■ Event Log: Copies the switch’s Event Log into a file on the destination device.
File Transfers Copying Diagnostic Data to a Remote Host, PC, or Unix Workstation Copying Event Log Output to a Destination Device This command uses TFTP or Xmodem to copy the Event Log content to a PC or UNIX workstation on the network. Syntax: copy event-log tftp < ip-address > < filepath and filename > copy event-log xmodem For example, to copy the event log to a PC connected to the switch: At this point, press [Enter] and start the Xmodem command sequence in your terminal emulator. Figure A-9.
File Transfers Copying Diagnostic Data to a Remote Host, PC, or Unix Workstation Copying Crash Log Data Content to a Destination Device This command uses TFTP or Xmodem to copy the Crash Log content to a PC or UNIX workstation on the network. You can copy individual slot information or the master switch information. If you do not specify either, the command defaults to the master data.
File Transfers Copying Diagnostic Data to a Remote Host, PC, or Unix Workstation A-24
B Monitoring and Analyzing Switch Operation Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3 Status and Counters Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-4 Menu Access To Status and Counters . . . . . . . . . . . . . . . . . . . . . . . . . B-5 General System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-6 Menu Access . . . . . . . . . . . . . . . . . .
Monitoring and Analyzing Switch Operation Contents Web Browser Interface Status Information . . . . . . . . . . . . . . . . . . . . B-26 Port and Static Trunk Monitoring Features . . . . . . . . . . . . . . . . . . . . . . . B-27 Menu: Configuring Port and Static Trunk Monitoring . . . . . . . . . . . B-28 CLI: Configuring Port and Static Trunk Monitoring . . . . . . . . . . . . . B-30 Web: Configuring Port Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . .
Monitoring and Analyzing Switch Operation Overview Overview The switch has several built-in tools for monitoring, analyzing, and troubleshooting switch and network operation: Note ■ Status: Includes options for displaying general switch information, management address data, port status, port and trunk group statistics, MAC addresses detected on each port or VLAN, and STP, IGMP, and VLAN data (page B-4). ■ Counters: Display details of traffic volume on individual ports (page B-10).
Monitoring and Analyzing Switch Operation Status and Counters Data Status and Counters Data This section describes the status and counters screens available through the switch console interface and/or the web browser interface. Note Status or Counters Type You can access all console screens from the web browser interface via Telnet to the console. Telnet access to the switch is available in the Device View window under the Configuration tab.
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access To Status and Counters Beginning at the Main Menu, display the Status and Counters menu by selecting: 1. Status and Counters Figure B-1. The Status and Counters Menu Each of the above menu items accesses the read-only screens described on the following pages. Refer to the online help for a description of the entries displayed in these screens.
Monitoring and Analyzing Switch Operation Status and Counters Data General System Information Menu Access From the console Main Menu, select: 1. Status and Counters 1. General System Information Figure B-2. Example of General Switch Information This screen dynamically indicates how individual switch resources are being used. See the online Help for details.
Monitoring and Analyzing Switch Operation Status and Counters Data Switch Management Address Information Menu Access From the Main Menu, select: 1 Status and Counters . . . 2. Switch Management Address Information Figure B-3. Example of Management Address Information with VLANs Configured This screen displays addresses that are important for management of the switch. If multiple VLANs are not configured, this screen displays a single IP address for the entire switch. See the online Help for details.
Monitoring and Analyzing Switch Operation Status and Counters Data Module Information Use this feature to determine which slots have modules installed and which type(s) of modules are installed. Menu: Displaying Port Status From the Main Menu, select: 1. Status and Counters . . . 3. Module Information Figure B-4.
Monitoring and Analyzing Switch Operation Status and Counters Data Port Status The web browser interface and the console interface show the same port status data. Menu: Displaying Port Status From the Main Menu, select: 1. Status and Counters . . . 4. Port Status Figure B-5. Example of Port Status on the Menu Interface CLI Access Syntax: show interfaces brief Web Access 1. Click on the Status tab. 2. Click on Port Status.
Monitoring and Analyzing Switch Operation Status and Counters Data Viewing Port and Trunk Group Statistics and Flow Control Status Feature Default Menu CLI Web viewing port and trunk statistics for all ports, and flow control status n/a page B-11 page B-12 page B-12 viewing a detailed summary for a particular port or trunk n/a page B-11 page B-12 page B-12 resetting counters n/a page B-11 page B-12 page B-12 These features enable you to determine the traffic patterns for each port since
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to Port and Trunk Statistics To access this screen from the Main Menu, select: 1. Status and Counters . . . 4. Port Counters Figure B-6. Example of Port Counters on the Menu Interface To view details about the traffic on a particular port, use the [v] key to highlight that port number, then select Show Details. For example, selecting port A2 displays a screen similar to figure B-7, below. Figure B-7.
Monitoring and Analyzing Switch Operation Status and Counters Data CLI Access To Port and Trunk Group Statistics To Display the Port Counter Summary Report. This command provides an overview of port activity for all ports on the switch. Syntax: show interfaces To Display a Detailed Traffic Summary for Specific Ports. This command provides traffic details for the port(s) you specify. Syntax: show interfaces [ethernet] < port-list > To Reset the Port Counters for a Specific Port.
Monitoring and Analyzing Switch Operation Status and Counters Data ■ The MAC addresses that the switch has learned from network devices attached to the switch ■ The port on which each MAC address was learned B-13
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to the MAC Address Views and Searches Per-VLAN MAC-Address Viewing and Searching. This feature lets you determine which switch port on a selected VLAN is being used to communicate with a specific device on the network. The per-VLAN listing includes: ■ The MAC addresses that the switch has learned from network devices attached to the switch ■ The port on which each MAC address was learned 1. From the Main Menu, select: 1.
Monitoring and Analyzing Switch Operation Status and Counters Data Finding the Port Connection for a Specific Device on a VLAN. This feature uses a device’s MAC address that you enter to identify the port used by that device. 1. Proceeding from figure B-8, press [S] (for Search), to display the following prompt: Enter MAC address: _ 2. Type the MAC address you want to locate and press [Enter]. The address and port number are highlighted if found.
Monitoring and Analyzing Switch Operation Status and Counters Data Prompt for Selecting the Port To Search Figure B-10. Listing MAC Addresses for a Specific Port 2. Use the Space bar to select the port you want to list or search for MAC addresses, then press [Enter] to list the MAC addresses detected on that port. Determining Whether a Specific Device Is Connected to the Selected Port. Proceeding from step 2, above: 1. Press [S] (for Search), to display the following prompt: Enter MAC address: _ 2.
Monitoring and Analyzing Switch Operation Status and Counters Data Corresponding Port Numbers. For example, to list the learned MAC address on ports A1 through A4 and port A6: ProCurve> show mac-address a1-a4,a6 To List All Learned MAC Addresses on a VLAN, with Their Port Numbers. This command lists the MAC addresses associated with the ports for a given VLAN. For example: ProCurve> show mac-address vlan 100 Note The switch operates with a multiple forwarding database architecture.
Monitoring and Analyzing Switch Operation Status and Counters Data Spanning Tree Protocol (STP) Information Menu Access to STP Data From the Main Menu, select: 1. Status and Counters . . . 8. Spanning Tree Information STP must be enabled on the switch to display the following data: Figure B-12. Example of Spanning Tree Information Use this screen to determine current switch-level STP parameter settings and statistics.
Monitoring and Analyzing Switch Operation Status and Counters Data Figure B-13. Example of STP Port Information CLI Access to STP Data This option lists the STP configuration, root data, and per-port data (cost, priority, state, and designated bridge).
Monitoring and Analyzing Switch Operation Status and Counters Data Loop Protection In cases where spanning tree cannot be used to prevent loops at the edge of the network, loop protection may provide a suitable alternative. Unlike spanning tree, however, loop protection is not a comprehensive loop detection feature and should only be enabled on untagged edge ports, that is, ports that connect to unmanaged switches and/or clients at the edge of the network.
Monitoring and Analyzing Switch Operation Status and Counters Data Configuring Loop Protection Loop protection provides protection against loops by transmitting loop protocol packets out of ports on which loop protection has been enabled. When the switch sends out a loop protocol packet and then receives the same packet on a port that has a receiver-action of send-disable configured, it shuts down the port from which the packet was sent. To enable loop protection: 1.
Monitoring and Analyzing Switch Operation Status and Counters Data Notes ■ The receiver-action option can be configured on a per-port basis and can only be enabled after loop protection has been enabled on the port. All other configuration options (disable-timer, trap loop-detected, and transmit interval) are global. ■ The trap option refers to a SNMP trap. ■ Regardless of how the receiver-action and trap options are configured, all detected loops will be logged in the switch’s event log.
Monitoring and Analyzing Switch Operation Status and Counters Data Figure B-15.
Monitoring and Analyzing Switch Operation Status and Counters Data VLAN Information The switch uses the CLI to display the following VLAN status: Syntax: show vlan Lists: • Maximum number of VLANs to support • Existing VLANs • Status (static or dynamic) • Primary VLAN Syntax: show vlan < vlan-id > For the specified VLAN, lists: • Name, VID, and status (static/dynamic) • Per-Port mode (tagged, untagged, forbid, no/auto) • “Unknown VLAN” setting (Learn, Block, Disable) • Port status (up/down) For exampl
Monitoring and Analyzing Switch Operation Status and Counters Data Listing the VLAN ID (VID) and Status for ALL VLANs in the Switch. Figure B-16. Example of VLAN Listing for the Entire Switch Listing the VLAN ID (VID) and Status for Specific Ports. Because ports A1 and A2 are not members of VLAN44, it does not appear in this listing. Figure B-17. Example of VLAN Listing for Specific Ports Listing Individual VLAN Status. Figure B-18.
Monitoring and Analyzing Switch Operation Status and Counters Data Web Browser Interface Status Information The “home” screen for the web browser interface is the Status Overview screen, as shown below. As the title implies, it provides an overview of the status of the switch, including summary graphs indicating the network utilization on each of the switch ports, symbolic port status indicators, and the Alert Log, which informs you of any problems that may have occurred on the switch.
Monitoring and Analyzing Switch Operation Port and Static Trunk Monitoring Features Port and Static Trunk Monitoring Features Port Monitoring Features Feature Default Menu CLI Web display monitoring configuration disabled page B-28 page B-30 page B-32 configure the monitor port(s) ports: none page B-28 page B-30 page B-32 selecting or removing ports page B-28 page B-31 page B-32 none selected You can designate a port for monitoring inbound (ingress) and outbound (egress) traffic of other ports
Monitoring and Analyzing Switch Operation Port and Static Trunk Monitoring Features Menu: Configuring Port and Static Trunk Monitoring This procedure describes configuring the switch for monitoring when monitoring is disabled. (If monitoring has already been enabled, the screens will appear differently than shown in this procedure.) 1. From the Console Main Menu, Select: 2. Switch Configuration... 3. Network Monitoring Port Enable monitoring by setting this parameter to “Yes”. Figure B-20.
Monitoring and Analyzing Switch Operation Port and Static Trunk Monitoring Features Move the cursor to the Monitoring Port parameter. Port where monitored traffic exits the switch. Figure B-21. How To Select a Monitoring Port 5. Use the Space bar to select the port to use for monitoring. 6. Use the down arrow key to move the cursor to the Action column for the individual ports and position the cursor at a port you want to monitor. 7.
Monitoring and Analyzing Switch Operation Port and Static Trunk Monitoring Features CLI: Configuring Port and Static Trunk Monitoring Port and Static Trunk Monitoring Commands Used in This Section show monitor mirror-port monitor below page B-30 page B-31 You must use the following configuration sequence to configure port and static trunk monitoring in the CLI: 1. Assign a monitoring (mirror) port. 2. Designate the port(s) and static trunk(s) to monitor. Displaying the Monitoring Configuration.
Monitoring and Analyzing Switch Operation Port and Static Trunk Monitoring Features To turn off monitoring: ProCurve(config)# no mirror-port Selecting or Removing Ports and Static Trunks As Monitoring Sources. After you configure a monitor port you can use either the global configuration level or the interface context level to select ports and static trunks as monitoring sources. You can also use either level to remove monitoring sources.
Monitoring and Analyzing Switch Operation Port and Static Trunk Monitoring Features Web: Configuring Port Monitoring To enable port monitoring: 1. Click on the Configuration tab. 2. Click on Monitor Port. 3. To monitor one or more ports. 4. a. Click on the radio button for Monitor Selected Ports. b. Select the port(s) to monitor. Click on Apply Changes. To remove port monitoring: 1. Click on the Monitoring Off radio button. 2. Click on Apply Changes.
C Troubleshooting Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-3 Troubleshooting Approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-3 Browser or Telnet Access Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-5 Unusual Network Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-7 General Problems . . . . . . . . . . . . . . . . . . . . .
Troubleshooting Contents Displaying the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . CLI: Viewing the Configuration File . . . . . . . . . . . . . . . . . . . . . . Web: Viewing the Configuration File . . . . . . . . . . . . . . . . . . . . . . Listing Switch Configuration and Operation Details for Help in Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-37 C-37 C-37 C-38 CLI Administrative and Troubleshooting Commands . . . . . . . . . . .
Troubleshooting Overview Overview This chapter addresses performance-related network problems that can be caused by topology, switch configuration, and the effects of other devices or their configurations on switch operation. (For switch-specific information on hardware problems indicated by LED behavior, cabling requirements, and other potential hardware-related problems, refer to the installation guide you received with the switch.
Troubleshooting Troubleshooting Approaches C-4 ■ Check the network cables – Cabling problems are a frequent cause of network faults. Check the cables for damage, correct type, and proper connections. You should also use a cable tester to check your cables for compliance to the relevant IEEE 802.3 specification. See the Installation Guide shipped with the switch for correct cable types and connector pinouts.
Troubleshooting Browser or Telnet Access Problems Browser or Telnet Access Problems Cannot access the web browser interface: ■ Access may be disabled by the Web Agent Enabled parameter in the switch console. Check the setting on this parameter by selecting: 2. Switch Configuration . . . 1. System Information ■ The switch may not have the correct IP address, subnet mask or gateway. Verify by connecting a console to the switch’s Console port and selecting: 2. Switch Configuration . . . 5.
Troubleshooting Browser or Telnet Access Problems Cannot Telnet into the switch console from a station on the network: ■ Telnet access may be disabled by the Inbound Telnet Enabled parameter in the System Information screen of the menu interface: 2. Switch Configuration 1. System Information ■ The switch may not have the correct IP address, subnet mask, or gateway. Verify by connecting a console to the switch’s Console port and selecting: 2. Switch Configuration 5.
Troubleshooting Unusual Network Activity Unusual Network Activity Network activity that fails to meet accepted norms may indicate a hardware problem with one or more of the network components, possibly including the switch. Such problems can also be caused by a network loop or simply too much traffic for the network as it is currently designed and implemented.
Troubleshooting Unusual Network Activity This can also happen, for example, if the server is first configured to issue IP addresses with an unlimited duration, then is subsequently configured to issue IP addresses that will expire after a limited duration. One solution is to configure “reservations” in the DHCP server for specific IP addresses to be assigned to devices having specific MAC addresses. For more information, refer to the documentation for the DHCP server.
Troubleshooting Unusual Network Activity Filter Traffic. The IGMP feature does not operate if the switch or VLAN does not have an IP address configured manually or obtained through DHCP/ Bootp. To verify whether an IP address is configured for the switch or VLAN, do either of the following: ■ Try Using the Web Browser Interface: If you can access the web browser interface, then an IP address is configured.
Troubleshooting Unusual Network Activity There can be several reasons for not receiving a response to an authentication request. Do the following: ■ Use ping to ensure that the switch has access to the configured RADIUS servers. ■ Verify that the switch is using the correct encryption key (RADIUS secret key) for each server. ■ Verify that the switch has the correct IP address for each RADIUS server. ■ Ensure that the radius-server timeout period is long enough for network conditions.
Troubleshooting Unusual Network Activity unauthorized. 802.1X is not active on the switch. After you execute aaa portaccess authenticator active, all ports configured with control unauthorized should be listed as Closed. Port A9 shows an “Open” status even though Access Control is set to Unauthorized (Force Auth). This is because the port-access authenticator has not yet been activated. Figure C-1.
Troubleshooting Unusual Network Activity Global RADIUS Encryption Key Unique RADIUS Encryption Key for the RADIUS server at 10.33.18.119 Figure C-2. Example of How To List the Global and Server-Specific Radius Encryption Keys Also, ensure that the switch port used to access the RADIUS server is not blocked by an 802.1X configuration on that port. For example, show portaccess authenticator < port-list > gives you the status for the specified ports.
Troubleshooting Unusual Network Activity Radius-Related Problems The switch does not receive a response to RADIUS authentication requests. In this case, the switch will attempt authentication using the secondary method configured for the type of access you are using (console, Telnet, or SSH). There can be several reasons for not receiving a response to an authentication request. Do the following: ■ Use ping to ensure that the switch has access to the configured RADIUS server.
Troubleshooting Unusual Network Activity Spanning-Tree Protocol (STP) and Fast-Uplink Problems Caution If you enable STP, it is recommended that you leave the remainder of the STP parameter settings at their default values until you have had an opportunity to evaluate STP performance in your network. Because incorrect STP settings can adversely affect network performance, you should avoid making changes without having a strong understanding of how STP operates.
Troubleshooting Unusual Network Activity SSH-Related Problems Switch access refused to a client. Even though you have placed the client’s public key in a text file and copied the file (using the copy tftp pub-keyfile command) into the switch, the switch refuses to allow the client to have access. If the source SSH client is an SSHv2 application, the public key may be in the PEM format, which the switch (SSHv1) does not interpret.
Troubleshooting Unusual Network Activity The public key file you are trying to download has one of the following problems: ■ A key in the file is too long. The maximum key length is 1024 characters, including spaces. This could also mean that two or more keys are merged together instead of being separated by a . ■ There are more than ten public keys in the key file. ■ One or more keys in the file is corrupted or is not a valid rsa public key.
Troubleshooting Unusual Network Activity memory to save the authentication configuration to flash, then pressing the Reset button or cycling the power reboots the switch with the boot-up configuration. ■ Disconnect the switch from network access to any TACACS+ servers and then log in to the switch using either Telnet or direct console port access. Because the switch cannot access a TACACS+ server, it will default to local authentication.
Troubleshooting Unusual Network Activity ■ The access attempt is outside of the time frame allowed for the account. ■ The allowed number of concurrent logins for the account has been exceeded For more help, refer to the documentation provided with your TACACS+ server application. Unknown Users Allowed to Login to the Switch. Your TACACS+ application may be configured to allow access to unknown users by assigning them the privileges included in a default user profile.
Troubleshooting Unusual Network Activity None of the devices assigned to one or more VLANs on an 802.1Qcompliant switch are being recognized. If multiple VLANs are being used on ports connecting 802.1Q-compliant devices, inconsistent VLAN IDs may have been assigned to one or more VLANs. For a given VLAN, the same VLAN ID must be used on all connected 802.1Q-compliant devices. Link Configured for Multiple VLANs Does Not Support Traffic for One or More VLANs.
Troubleshooting Unusual Network Activity Note that attempting to create redundant paths through the use of VLANs will cause problems with some switches. One symptom is that a duplicate MAC address appears in the Port Address Table of one port, and then later appears on another port.
Troubleshooting Using Logging To Identify Problem Sources Using Logging To Identify Problem Sources Event Log Operation The Event Log records operating events as single-line entries listed in chronological order, and serves as a tool for isolating problems. Each Event Log entry is composed of five fields: Severity I Date 08/05/01 Time System Module 10:52:32 ports: Event Message port A1 enabled Figure C-6.
Troubleshooting Using Logging To Identify Problem Sources (The event log is not erased by using the Reboot Switch command in the Main Menu.) Table C-1.
Troubleshooting Using Logging To Identify Problem Sources Menu: Entering and Navigating in the Event Log From the Main Menu, select Event Log. Range of Events in the Log Range of Log Events Displayed Log Status Line Figure C-7. Example of an Event Log Display The log status line at the bottom of the display identifies where in the sequence of event messages the display is currently positioned.
Troubleshooting Using Logging To Identify Problem Sources CLI: Using the CLI, you can list ■ Events recorded since the last boot of the switch ■ All events recorded ■ Event entries containing a specific keyword, either since the last boot or all events recorded Syntax: show logging [-a] [] ProCurve> show logging Lists recorded log messages since last reboot. ProCurve> show logging -a Lists all recorded log messages, including those before the last reboot.
Troubleshooting Using Logging To Identify Problem Sources Debug and Syslog Operation You can direct switch debug (Event log) messages to these destinations: ■ Up to six SyslogD servers ■ One management-access session through: • A direct-connect RS-232 console CLI session • A Telnet session • An SSH session Figure C-8.
Troubleshooting Using Logging To Identify Problem Sources Debug Types This section describes the types of debug messages the switch can send to configured debug destinations. Syntax: [no] debug < debug-type > all Configures the switch to send all debug types to the configured debug destination(s). (Default: Disabled) event Configures the switch to send Event Log messages to the configured debug destination(s).
Troubleshooting Using Logging To Identify Problem Sources Configuring the Switch To Send Debug Messages to One or More SyslogD Servers Use the logging command to configure the switch to send Syslog messages to a SyslogD server, or to remove a SyslogD server from the switch configuration.
Troubleshooting Using Logging To Identify Problem Sources For example, on a switch where there are no SyslogD servers configured, you would do the following to configure SyslogD servers 18.120.38.155 and 18.120.43.125 and automatically enable Syslog logging (with user as the default logging facility): logging < syslog-ip-addr > configures the Syslog server(s) to use and enables Syslog debug logging.
Troubleshooting Using Logging To Identify Problem Sources Enabling or Disabling Logging to Management Sessions and SyslogD Servers. Use this command when you want to do any of the following: ■ Disable Syslog logging on all currently configured SyslogD servers without removing the servers from the switch configuration. ■ Re-enable Syslog logging if it is disabled and there is at least one SyslogD server currently configured in the switch.
Troubleshooting Using Logging To Identify Problem Sources Shows that Syslog (Destination) logging is enabled and transmitting log messages to IP address 18.120.38.155. Also shows that the logging facility is set to user (the default), and that session logging is enabled.) Disables Syslog logging (but retains the Syslog IP address in the switch configuration). Does not affect Session logging. Shows Syslog (Destination) logging now disabled. Session logging continues to operate. Figure C-10.
Troubleshooting Using Logging To Identify Problem Sources Syntax: show debug List the current debug status for both Syslog logging and Session logging. Shows that Syslog logging is enabled and sending event messages to the user facility on the SyslogD server at IP address 18.120.38.155. Shows that session logging is operating through another session. (You can take control of session logging by executing debug destination session in the session you are currently using.) Figure C-12.
Troubleshooting Diagnostic Tools server, ensure that the server’s Syslog application is configured to accept the “debug” severity level. (The default configuration for some Syslog applications ignores the “debug” severity level.) ■ A reboot temporarily suspends Syslog logging. After a reboot, the switch suspends configured Syslog logging for 30 seconds.
Troubleshooting Diagnostic Tools Ping and Link Tests The Ping test and the Link test are point-to-point tests between your switch and another IEEE 802.3-compliant device on your network. These tests can tell you whether the switch is communicating properly with another device. Note To respond to a Ping test or a Link test, the device you are trying to reach must be IEEE 802.3-compliant. Ping Test.
Troubleshooting Diagnostic Tools Web: Executing Ping or Link Tests 1. Click here. 2. Click here. 3. Select Ping Test (the default) or Link Test 4. For a Ping test, enter the IP address of the target device. For a Link test, enter the MAC address of the target device. 5. Select the number of tries (packets) and the timeout for each try from the drop-down menus. 6. Click on Start to begin the test. Figure C-13.
Troubleshooting Diagnostic Tools Number of Packets to Send is the number of times you want the switch to attempt to test a connection. Timeout in Seconds is the number of seconds to allow per attempt to test a connection before determining that the current attempt has failed. To halt a Link or Ping test before it concludes, click on the Stop button. To reset the screen to its default settings, click on the Defaults button. CLI: Ping or Link Tests Ping Tests.
Troubleshooting Diagnostic Tools Link Tests. You can issue single or multiple link tests with varying repetitions and timeout periods. The defaults are: ■ Repetitions: 1 (1 - 999) ■ Timeout: 5 seconds (1 - 256 seconds) Syntax: Basic Link Test Link Test with Repetitions Link Test with Repetitions and Timeout Link Test Over a Specific VLAN Link Test Over a Specific VLAN; Test Fail Figure C-15.
Troubleshooting Diagnostic Tools Displaying the Configuration File The complete switch configuration is contained in a file that you can browse from either the web browser interface or the CLI. It may be useful in some troubleshooting scenarios to view the switch configuration. CLI: Viewing the Configuration File Using the CLI, you can display either the running configuration or the startup configuration. (For more on these topics, see appendix C, “Switch Memory and Configuration”.
Troubleshooting Diagnostic Tools Listing Switch Configuration and Operation Details for Help in Troubleshooting The show tech command outputs, in a single listing, switch operating and running configuration details from several internal switch sources, including: ■ Image stamp (software version data) ■ Running configuration ■ Event Log listing ■ Boot History ■ Port settings ■ Status and counters — port status ■ IP routes ■ Status and counters — VLAN information ■ Transceivers ■ Instrumen
Troubleshooting Diagnostic Tools 1. In Hyperterminal, click on Transfer | Capture Text... Figure C-16. The Capture Text window of the Hypertext Application Used with Microsoft Windows Software 2. In the File field, enter the path and file name under which you want to store the show tech output. Figure C-17. Example of a Path and Filename for Creating a Text File from show tech Output 3. Click [Start] to create and open the text file. 4. Execute show tech: ProCurve# show tech Note a.
Troubleshooting Diagnostic Tools CLI Administrative and Troubleshooting Commands These commands provide information or perform actions that you may find helpful in troubleshooting operating problems with the switch. Note For more on the CLI, refer to “Using the Command Line Interface (CLI)” on page 4-1. Syntax: show version Shows the software version currently running on the switch and the flash image from which the switch booted (primary or secondary).
Troubleshooting Diagnostic Tools Syntax: traceroute < ip-address > Lists the IP address of each hop in the route, plus the time in microseconds for the traceroute packet reply to the switch for each hop. To halt an ongoing traceroute search, press the [Ctrl] [C] keys. [minttl < 1-255 >] For the current instance of traceroute, changes the minimum number of hops allowed for each probe packet sent along the route.
Troubleshooting Diagnostic Tools Intermediate router hops with the time taken for the switch to receive acknowledgement of each probe reaching each router. Destination IP Address Figure C-18. Example of a Completed Traceroute Enquiry Continuing from the previous example (figure C-18, above), executing traceroute with an insufficient maxttl for the actual hop count produces an output similar to this: Traceroute does not reach destination IP address because of low maxttl setting.
Troubleshooting Diagnostic Tools Executing traceroute where the route becomes blocked or otherwise fails results in an output marked by timeouts for all probes beyond the last detected hop. For example with a maximum hop count of 7 (maxttl = 7), where the route becomes blocked or otherwise fails, the output appears similar to this: At hop 3, the first and third probes timed out but the second probe reached the router.
Troubleshooting Restoring the Factory-Default Configuration Restoring the Factory-Default Configuration As part of your troubleshooting process, it may become necessary to return the switch configuration to the factory default settings. This process momentarily interrupts the switch operation, clears any passwords, clears the console event log, resets the network counters to zero, performs a complete self test, and reboots the switch into its factory default configuration including deleting an IP address.
Troubleshooting Restoring a Flash Image Restoring a Flash Image The switch can lose its operating system if either the primary or secondary flash image location is empty or contains a corrupted OS file and an operator uses the erase flash command to erase a good OS image file from the opposite flash location. To Recover from an Empty or Corrupted Flash State.
Troubleshooting Restoring a Flash Image 4. Since the OS file is large, you can increase the speed of the download by changing the switch console and terminal emulator baud rates to a high speed. For example: a. Change the switch baud rate to 115,200 Bps. => sp 115200 b. 5. Change the terminal emulator baud rate to match the switch speed: i. In HyperTerminal, select Call | Disconnect. ii. Select File | Properties. iii. Click on Configure . . .. iv. Change the baud rate to 115200. v. Click on [OK].
Troubleshooting Restoring a Flash Image Figure C-21. Example of Xmodem Download in Progress 8. When the download completes, the switch reboots from primary flash using the OS image you downloaded in the preceding steps, plus the most recent startup-config file.
Troubleshooting Restoring a Flash Image C-48
D MAC Address Management Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-2 Determining MAC Addresses in the Switch . . . . . . . . . . . . . . . . . . . . . . . . D-2 Menu: Viewing the Switch’s MAC Addresses . . . . . . . . . . . . . . . . . . . . D-3 CLI: Viewing the Port and VLAN MAC Addresses . . . . . . . . . . . . . . . . D-4 Viewing the MAC Addresses of Connected Devices . . . . . . . . . . . . . . . . .
MAC Address Management Overview Overview The switch assigns MAC addresses in these areas: ■ ■ For management functions: • One Base MAC address assigned to the default VLAN (VID = 1) • Additional MAC address(es) corresponding to additional VLANs you configure in the switch For internal switch operations: One MAC address per port (See “CLI: Viewing the Port and VLAN MAC Addresses” on page D-4.) MAC addresses are assigned at the factory.
MAC Address Management Determining MAC Addresses in the Switch ■ Use the CLI to view the switch’s port MAC addresses in hexadecimal format. Menu: Viewing the Switch’s MAC Addresses The Management Address Information screen lists the MAC addresses for: ■ Base switch (default VLAN; VID = 1) ■ Any additional VLANs configured on the switch. Also, the Base MAC address appears on a label on the back of the switch. Note The Base MAC address is used by the first (default) VLAN in the switch.
MAC Address Management Determining MAC Addresses in the Switch CLI: Viewing the Port and VLAN MAC Addresses The MAC address assigned to each switch port is used internally by such features as Flow Control and the Spanning Tree Protocol. Using the walkmib command to determine the MAC address assignments for individual ports can sometimes be useful when diagnosing switch operation. The switch allots 24 MAC addresses per slot.
MAC Address Management Determining MAC Addresses in the Switch ifPhysAddress.1 - 6:Ports A1 - A6 in Slot 1 (Addresses 7 - 24 in slot 1 and 25 - 48 in slot 2 are unused.) ifPhysAddress.49 - 51:Ports C1 - C3 in Slot 3 (Addresses 52 - 72 in slot 3 are unused.) ifPhysAddress.205Base MAC Address (MAC Address for default VLAN; VID = 1) ifPhysAddress.226 & 237MAC Addresses for non-default VLANs. Figure D-1.
MAC Address Management Viewing the MAC Addresses of Connected Devices Viewing the MAC Addresses of Connected Devices Syntax: show mac-address [ | mac-addr | Lists the MAC addresses of the devices the switch has detected, along with the number of the specific port on which each MAC address was detected. [ port-list ] Lists the MAC addresses of the devices the switch has detected, on the specified port(s). [ mac-addr ] Lists the port on which the switch detects the specified MAC address.
MAC Address Management Viewing the MAC Addresses of Connected Devices To list the MAC addresses of devices the switch has detected, use the show mac-address command. For example: ProCurve# show mac-address Status and Counters - Port Address Table MAC Address ------------0001e6-09620c 0001e7-61d4c0 0001e7-6025c0 0001e7-6d5a30 0001e7-7932c0 0001e7-7b4300 0001e7-cc24c0 000480-376a70 Located on Port --------------11 12 13 14 15 16 17 18 Figure D-2.
MAC Address Management Viewing the MAC Addresses of Connected Devices D-8
E Daylight Savings Time on ProCurve Switches Configuring Daylight Savings Time This information applies to the following ProCurve switches: • • • • • • • • 2512 2524 2610 2610-PWR 2626 2650 2626-PWR 2650-PWR • • • • • • • • • • 2824 2848 3400cl 4108gl 4104gl 6108 5304xl 5308xl 5400zl 8200zl • • • • • • • 1600M 2400M 2424M 4000M 8000M 212M 224M • ProCurve AdvanceStack Switches • ProCurve AdvanceStack Routers ProCurve switches provide a way to automatically adjust the system clock for Daylight Savings
Daylight Savings Time on ProCurve Switches Configuring Daylight Savings Time Canada and Continental US: • Begin DST at 2am on the second Sunday in March. • End DST at 2am on the first Sunday in November. Middle Europe and Portugal: • Begin DST at 2am the first Sunday on or after March 25th. • End DST at 2am the first Sunday on or after September 24th. Southern Hemisphere: • Begin DST at 2am the first Sunday on or after October 25th. • End DST at 2am the first Sunday on or after March 1st.
Daylight Savings Time on ProCurve Switches Configuring Daylight Savings Time Before configuring a "User defined" Daylight Time Rule, it is important to understand how the switch treats the entries. The switch knows which dates are Sundays, and uses an algorithm to determine on which date to change the system clock, given the configured "Beginning day" and "Ending day": ■ If the configured day is a Sunday, the time changes at 2am on that day.
Daylight Savings Time on ProCurve Switches Configuring Daylight Savings Time E-4
Index Symbols => prompt … C-45 Numerics 802.1x LLDP blocked … 13-34 802.1X effect, LLDP … 13-52 802.
copying … A-18 download … A-3 factory default … 6-9, 8-2 IP … 8-3 network monitoring … B-27 permanent … 6-7 permanent change defined … 6-5 port … 10-1, 12-1 port trunk groups … 10-1, 12-1 quick … 3-8 reboot to activate … 3-13 restoring factory defaults … C-44 saving from menu interface … 3-10 serial link … 7-3 SNMP … 13-4, 13-5, 13-12 SNMP communities … 13-14, 13-16 startup … 3-10 system … 7-10 Telnet access configuration … 7-3 transferring … A-18 trap receivers … 13-20 viewing … 6-6 web browser access … 7-
Syslog, number of servers … C-25 Telnet session … C-25 debug logging, LLDP … 13-32 default gateway … 8-3 default trunk type … 12-9 Device Passwords Window … 5-8 DHCP address problems … C-7 configuring DHCP relay … 8-12 effect of no reply … C-7 Option 82 … 8-12 setting up a DHCP helper … 8-12 DHCP/Bootp operation … 8-12 process … 8-13 DHCP/Bootp, LLDP … 13-43 diagnostics tools … C-32 browsing the configuration file … C-37 ping and link tests … C-33 disclaimer … 1-ii Displaying Loop Protection Status … 10-11
inform requests … 13-22 invalid input … 4-13 IP CLI access … 8-7 configuration … 8-3 DHCP/Bootp … 8-3 duplicate address … C-7 duplicate address, DHCP network … C-7 effect when address not used … 8-11 gateway … 8-3 gateway (IP) address … 8-4 menu access … 8-5 multinetting … 8-9 multiple addresses in VLAN … 8-9 stacking … 8-5 subnet … 8-9 subnet mask … 8-3, 8-6 subnetting … 8-9 using for web browser interface … 5-4 web access … 8-11 IP address for SNMP management … 13-3 multiple in a VLAN … 8-9 removing or re
active port … 13-29 advertisement … 13-29 advertisement content … 13-42 advertisement data … 13-44 advertisement, mandatory data … 13-42 advertisement, optional data … 13-43 advertisements, delay interval … 13-39 CDP neighbor data CDP LLDP neighbor data … 13-53 chassis ID … 13-42 chassis type … 13-42 clear statistics counters … 13-49 comparison with CDP data fields … 13-53 configuration options … 13-30 data options … 13-31 data read options … 13-33 data unit … 13-29 debug logging … 13-32 default … 13-54 def
configuring … B-20 send-disable … B-20 show … 10-11 transmit-interval … B-21 trap … B-21 loop, network … 12-3 lost password … 5-10 M MAC address … 8-14, B-6, D-2 duplicate … C-14, C-19 learned … B-13, B-14 listing connected devices … D-6 port … D-2, D-3 switch … D-2 VLAN … D-2 management server URL … 5-12 management VLAN See VLAN.
planning and implementation … 11-14 port priority … 11-5 power supplies … 11-3 pre standard detect … 11-11 pre-802.
ProCurve Networking support URL … 5-13 prompt, => … C-45 public SNMP community … 13-5 publication data … 1-ii Q qos pass-through mode … 10-3, 10-27 priority mapping … 10-28 quick configuration … 3-8 quick start … 1-6, 8-4 R reboot … 3-8, 3-10, 3-12 reboot, actions causing … 6-4 reboot, effect on configuration … 3-13 reconfigure … 3-10 reload … 6-18, 6-20, 6-29 at/after … 6-20, 6-21, 6-29 comparing to boot … 6-19 scheduled … 6-21 remote session, terminate … 7-9 reset … 3-12, 6-11 Reset button restoring fac
enabling … 13-6 group access levels … 13-11, 13-12 groups … 13-10 network management problems with snmpv3 only … 13-6 notification … 13-18 restricted-access option … 13-6 set up … 13-5 traps … 13-18 users … 13-5 SNTP … 9-3 broadcast mode … 9-2, 9-9 broadcast mode, requirement … 9-3 configuration … 9-4 disabling … 9-11 enabling and disabling … 9-9 event log messages … 9-23 menu interface operation … 9-23 operating modes … 9-2 poll interval … 9-12 See also TimeP.
time protocol selecting … 9-3 time server … 8-3 time, configure … 7-14 TimeP … 8-4, 8-5 assignment methods … 9-2 disabling … 9-20 enabling and disabling … 9-18 poll interval … 9-20 selecting … 9-3 viewing and configuring, menu … 9-15 viewing, CLI … 9-17 timesync, disabling … 9-20 Time-To-Live … 8-4, 8-5 time-to-live, LLDP … 13-30 traceroute asterisk … C-42 blocked route … C-43 fails … C-41 traffic monitoring … 13-5, B-27 traffic, port … B-10 transceiver error messages … 10-18 view status … 10-17 transceiver
V version, OS … A-5, A-12, A-15 view transceiver status … 10-17 VLAN … 8-4, C-20, D-2 address … 13-3 Bootp … 8-14 configuring Bootp … 8-14 configuring UDLD for tagged ports … 10-44 device not seen … C-19 event log entries … C-21 link blocked … C-14 management and jumbo packets … 10-24 management VLAN, SNMP block … 13-3 monitoring … B-3 multinetting … 8-9 multiple … 13-3 multiple IP addresses … 8-9 OS download … A-3 port configuration … C-19 primary … 8-4 reboot required … 3-8 subnet … 8-9 support enable/dis
© Copyright 2007, 2008 Hewlett-Packard Development Company, L.P.