User Manual

ManualsBrandsHP ManualsComputer Accessories2910AL

Management and

Configuration Guide

ProCurve Switches

W.14.03

2910al

www.procurve.com

Summary of content (618 pages)

PAGE 1
Management and Configuration Guide 2910al ProCurve Switches W.14.03 www.procurve.
PAGE 2
PAGE 3
HP ProCurve 2910al Switch February 2009 W.14.
PAGE 4
© Copyright 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change with out notice. All Rights Reserved. Disclaimer This document contains proprietary information, which is protected by copyright. No part of this document may be photocopied, reproduced, or translated into another language without the prior written consent of HewlettPackard.
PAGE 5
Contents Product Documentation About Your Switch Manual Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi Printed Publications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi Electronic Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi Software Feature Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxii 1 Getting Started Contents . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 6
2 Selecting a Management Interface Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Understanding Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Advantages of Using the Menu Interface . . . . . . . . . . . . . . . . . . . . . . . . 2-3 Advantages of Using the CLI . . . . . . . . . . . . . .
PAGE 7
4 Using the Command Line Interface (CLI) Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 8
Entering a User Name and Password . . . . . . . . . . . . . . . . . . . . . . 5-11 Using a User Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11 If You Lose the Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11 Online Help for the Web Browser Interface . . . . . . . . . . . . . . . . . . . . 5-12 Support/Mgmt URLs Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13 Support URL . . . . . . . . . . . . . . . . . . .
PAGE 9
Operating Notes about Booting . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18 Boot and Reload Command Comparison . . . . . . . . . . . . . . . . . . . 6-19 Setting the Default Flash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-20 Booting from the Default Flash (Primary or Secondary) . . . . . . 6-20 Booting from a Specified Flash . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-20 Using Reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 10
Denying Interface Access by Terminating Remote Management Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-9 System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11 Menu: Viewing and Configuring System Information . . . . . . . . . . . . . 7-12 CLI: Viewing and Configuring System Information . . . . . . . . . . . . . . 7-13 Web: Configuring System Parameters . . . . . . . . . . . . . . .
PAGE 11
Selecting a Time Synchronization Protocol or Turning Off Time Protocol Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3 General Steps for Running a Time Protocol on the Switch: . . . . . . . . 9-3 Disabling Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3 SNTP: Viewing, Selecting, and Configuring . . . . . . . . . . . . . . . . . . . . . 9-4 Menu: Viewing and Configuring SNTP . . . . . . . . . . . . . . . . . . . . .
PAGE 12
Viewing Port Utilization Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-11 Viewing Transceiver Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-12 Enabling or Disabling Ports and Configuring Port Mode . . . . . . . . . 10-13 Enabling or Disabling Flow Control . . . . . . . . . . . . . . . . . . . . . . . . . . 10-15 Configuring a Broadcast Limit on the Switch . . . . . . . . . . . . . . . . . . 10-17 Configuring ProCurve Auto-MDIX . . . . . . . . . . . . . . .
PAGE 13
Disabling or Re-Enabling PoE Port Operation . . . . . . . . . . . . . . . . . . 11-8 Configuring the PoE Port Priority Level . . . . . . . . . . . . . . . . . . . . . . . 11-8 Enabling Support for Pre-Standard Devices . . . . . . . . . . . . . . . . . . . 11-10 Controlling PoE Allocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-10 Manually Configuring PoE Power Levels . . . . . . . . . . . . . . . . . . . . . . 11-11 Changing the Threshold for Generating a Power Notice . . . . .
PAGE 14
Using the CLI To Configure a Static or Dynamic Trunk Group . . . 12-14 Web: Viewing Existing Port Trunk Groups . . . . . . . . . . . . . . . . . . . . 12-17 Trunk Group Operation Using LACP . . . . . . . . . . . . . . . . . . . . . . . . . 12-18 Default Port Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-21 LACP Notes and Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-22 Trunk Group Operation Using the “Trunk” Option . . . . . . . . . .
PAGE 15
14 Configuring for Network Management Applications Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1 Using SNMP Tools To Manage the Switch . . . . . . . . . . . . . . . . . . . . . . 14-3 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-3 SNMP Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 16
Packet Boundaries in a Network Topology . . . . . . . . . . . . . . . . . . . . 14-40 Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-41 Options for Reading LLDP Information Collected by the Switch . . 14-43 LLDP and LLDP-MED Standards Compatibility . . . . . . . . . . . . . . . . 14-44 LLDP Operating Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-44 Configuring LLDP Operation . . . . . . . . . . . . . . . . . . . . . . .
PAGE 17
CLI: TFTP Download from a Server to Flash . . . . . . . . . . . . . . . . A-7 Using Secure Copy and SFTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-9 How It Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-10 The SCP/SFTP Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-10 Disable TFTP and Auto-TFTP for Enhanced Security . . . . . . . A-11 Command Options . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 18
TFTP: Uploading an ACL Command File from a TFTP Server A-31 Xmodem: Uploading an ACL Command File from a Serially Connected PC or UNIX Workstation . . . . . . . . . . . . . . . . . . . . . . A-33 USB: Uploading an ACL Command File from a USB Device . . A-33 Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation . . . . . . . . . . . . . . . . . . . A-35 Copying Command Output to a Destination Device . . . . . . . . . A-35 Copying Event Log Output to a Destination Device . . . . . . .
PAGE 19
Web Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-11 Viewing Port and Trunk Group Statistics and Flow Control Status B-11 Menu Access to Port and Trunk Statistics . . . . . . . . . . . . . . . . . B-13 CLI Access To Port and Trunk Group Statistics . . . . . . . . . . . . B-14 Web Browser Access To View Port and Trunk Group Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-14 Viewing the Switch’s MAC Address Tables . .
PAGE 20
Radius-Related Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-17 Spanning-Tree Protocol (MSTP) and Fast-Uplink Problems . . . . . . C-18 SSH-Related Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-19 TACACS-Related Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-21 TimeP, SNTP, or Gateway Problems . . . . . . . . . . . . . . . . . . . . . . . . . C-23 VLAN-Related Problems . . . . . . . . . . . . . . . . . .
PAGE 21
Port Auto-Negotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-60 Ping and Link Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-60 Web: Executing Ping or Link Tests . . . . . . . . . . . . . . . . . . . . . . . C-61 CLI: Ping Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-62 Link Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 22
Event Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-96 D MAC Address Management Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-2 Determining MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-3 Menu: Viewing the Switch’s MAC Addresses . . . . .
PAGE 23
Product Documentation About Your Switch Manual Set Note For the latest version of all ProCurve switch documentation, including Release Notes covering recently added features, please visit the ProCurve Networking Web site at www.procurve.com, click on Customer Care, and then click on Manuals. Printed Publications The publications listed below are printed and shipped with your switch.
PAGE 24
Software Feature Index For the software manual set supporting your 2910al switch model, this feature index indicates which manual to consult for information on a given software feature. Note This Index does not cover IPv6 capable software features. For information on IPv6 protocol operations and features (such as DHCPv6, DNS for IPv6, Ping6, and MLD Snooping), refer to the IPv6 Configuration Guide. Intelligent Edge Software Features Manual Management Advanced and Traffic Configuration Management 802.
PAGE 25
Intelligent Edge Software Features Manual Management Advanced and Traffic Configuration Management DHCP/Bootp Operation X Diagnostic Tools X Downloading Software X Multicast and Routing Access Security Guide Dynamic ARP Protection X Dynamic Configuration Arbiter X Eavesdrop Protection X Event Log X Factory Default Settings X Flow Control (802.
PAGE 26
Intelligent Edge Software Features Manual Management Advanced and Traffic Configuration Management Multicast and Routing Access Security Guide MAC Lockdown X MAC Lockout X MAC-based Authentication X Management VLAN Monitoring and Analysis X X Multicast Filtering X Multiple Configuration Files X Network Management Applications (SNMP) X OpenView Device Management X Passwords and Password Clear Protection X ProCurve Manager (PCM) X Ping X Port Configuration X Port Monitoring X Por
PAGE 27
Intelligent Edge Software Features RMON 1,2,3,9 Manual Management Advanced and Traffic Configuration Management Multicast and Routing Access Security Guide X Routing X Routing - IP Static X Secure Copy X sFlow X SFTP X SNMPv3 X Software Downloads (SCP/SFTP, TFPT, Xmodem) X Source-Port Filters X Spanning Tree (STP, RSTP, MSTP) X SSHv2 (Secure Shell) Encryption X SSL (Secure Socket Layer) X Stack Management (3500yl/6200yl switches only) X Syslog X System Information X TACACS+
PAGE 28
Intelligent Edge Software Features Manual Management Advanced and Traffic Configuration Management Voice VLAN Multicast and Routing Access Security Guide X Web Authentication RADIUS Support X Web-based Authentication X Web UI X Xmodem X xxvi
PAGE 29
1 Getting Started Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Command Syntax Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Command Prompts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 Screen Simulations . . . . . . . . . . . . . . . . .
PAGE 30
Getting Started Introduction Introduction This guide is intended for use with the following switches: ■ HP ProCurve 2910al Switch It describes how to use the command line interface (CLI), Menu interface, and web browser to configure, manage, monitor, and troubleshoot switch opera tion. For an overview of other product documentation for the above switches, refer to “Product Documentation” on page xi. You can download documenta tion from the ProCurve Networking web site, www.procurve.com.
PAGE 31
Getting Started Conventions ■ Boldface indicates use of a CLI command, part of a CLI command syntax, or other displayed element in general text. For example: “Use the copy tftp command to download the key from a TFTP server.” ■ Italics indicate variables for which you must supply a value when execut ing the command.
PAGE 32
Getting Started Sources for More Information Keys Simulations of actual keys use a bold, sans-serif typeface with square brackets. For example, the Tab key appears as [Tab] and the “Y” key appears as [Y]. Sources for More Information For information about switch operation and features not covered in this guide, consult the following sources: ■ Note Feature Index—For information on which manual to consult for a given software feature, refer to the “Software Feature Index” on page xii.
PAGE 33
Getting Started Sources for More Information • • • ■ Advanced Traffic Management Guide—Use this guide for information on topics such as: • ■ ■ ■ port configuration, trunking, traffic control, and PoE operation SNMP, LLDP, and other network management topics file transfers, switch monitoring, troubleshooting, and MAC address management VLANs: Static port-based and protocol VLANs, and dynamic GVRP VLANs • spanning-Tree: 802.1D (STP), 802.1w (RSTP), and 802.
PAGE 34
Getting Started Sources for More Information Getting Documentation From the Web To obtain the latest versions of documentation and release notes for your switch: 1. Go to the ProCurve Networking web site at www.procurve.com 2. Click on Customer Care. 3. Click on Manuals. 4. Click on the product for which you want to view or download a manual. If you need further information on ProCurve switch technology, visit the ProCurve Networking web site at: www.procurve.
PAGE 35
Getting Started Sources for More Information Command Line Interface If you need information on a specific command in the CLI, type the command name followed by help. For example: Figure 1-3. Example of CLI Help Web Browser Interface If you need information on specific features in the ProCurve Web Browser Interface (hereafter referred to as the “web browser interface”), use the online Help. You can access the Help by clicking on the Help text on top right side of any of the web browser interface screens.
PAGE 36
Getting Started Need Only a Quick Start? Need Only a Quick Start? IP Addressing If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, ProCurve recommends that you use the Switch Setup screen to quickly configure IP addressing. To do so, do one of the following: ■ Enter setup at the CLI Manager level prompt. Procurve# setup ■ In the Main Menu of the Menu interface, select 8.
PAGE 37
Selecting a Management Interface Contents 2 Selecting a Management Interface Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Understanding Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Advantages of Using the Menu Interface . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 38
Selecting a Management Interface Overview Overview This chapter describes the following: ■ Management interfaces for the switches covered in this guide ■ Advantages of using each interface Understanding Management Interfaces Management interfaces enable you to reconfigure the switch and to monitor switch status and performance.
PAGE 39
Selecting a Management Interface Advantages of Using the Menu Interface To use ProCurve Manager or ProCurve Manager Plus, refer to the Getting Started Guide and the Administrator’s Guide, which are available electron ically with the software for these applications. For more information, visit the ProCurve Networking web site at www.procurve.com. Advantages of Using the Menu Interface Figure 2-1.
PAGE 40
Selecting a Management Interface Advantages of Using the CLI ■ Enables Telnet (in-band) access to the menu functionality. ■ Allows faster navigation, avoiding delays that occur with slower display of graphical objects over a web browser interface. ■ Provides more security; configuration information and passwords are not seen on the network.
PAGE 41
Selecting a Management Interface Advantages of Using the Web Browser Interface ■ To perform specific procedures (such as configuring IP addressing or VLANs), use the Contents listing at the front of the manual to locate the information you need. ■ For monitoring and analyzing switch operation, refer to Appendix B. ■ For information on individual CLI commands, refer to the Index or to the online Help provided in the CLI interface. Advantages of Using the Web Browser Interface Figure 2-3.
PAGE 42
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus ■ More visual cues, using colors, status bars, device icons, and other graphical objects instead of relying solely on alphanumeric values ■ Display of acceptable ranges of values available in configuration list boxes Advantages of Using ProCurve Manager or ProCurve Manager Plus You can operate ProCurve Manager and ProCurve Manager Plus (PCM and PCM+) from a PC on the network to monitor traffic, manage your hub
PAGE 43
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus • In-Depth Traffic Analysis: An integrated, low-overhead traffic mon itor interface shows detailed information on traffic throughout the network. Using enhanced traffic analysis protocols such as Extended RMON and sFlow, users can monitor overall traffic levels, segments with the highest traffic, or even the top users within a network segment.
PAGE 44
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus If a banner is configured, the banner page is displayed when you access the Web user interface. The default product registration information is not displayed as there is already a product registration prompt displayed in the Web user interface.
PAGE 45
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus Use show banner motd to display the current banner status. Syntax: banner motd < delimiter > no banner motd This command defines the single character used to termi nate the banner text and enables banner text input. You can use any character except a blank space as a delimiter. The no form of the command disables the login banner feature.
PAGE 46
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus Figure 2-4. Example of Configuring a Login Banner To view the current banner configuration, use either the show banner motd or show running command. ProCurve(config)# show banner motd Banner Information Banner status: Enabled Configured Banner: This is a private system maintained by the Allied Widget Corporation. Unauthorized use of this system can result in civil and criminal penalties! Figure 2-5.
PAGE 47
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus The next time someone logs onto the switch’s management CLI, the following appears: The login screen displays the configured banner. Entering a correct password clears the banner and displays the CLI prompt. Figure 2-7. Example of CLI Result of the Login Banner Configuration If someone uses a Web browser to log in to the switch interface, the following message appears: Figure 2-8.
PAGE 48
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus ■ If the switch is configured with ssh version 1 or ssh version 1-or-2, configuring the banner sets the SSH configuration to ssh version 2 and displays the following message in the CLI: Warning: SSH version has been set to v2. ■ If a banner is configured, the switch does not allow configuration with ssh version 1 or ssh version 1-or-2.
PAGE 49
3 Using the Menu Interface Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Starting and Ending a Menu Session . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 How To Start a Menu Interface Session . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 How To End a Menu Session and Exit from the Console: . . . . . . . . . . 3-5 Main Menu Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 50
Using the Menu Interface Overview Overview This chapter describes the following features: ■ Overview of the Menu Interface (page 3-2) ■ Starting and ending a Menu session (page 3-3) ■ The Main Menu (page 3-7) ■ Screen structure and navigation (page 3-9) ■ Rebooting the switch (page 3-12) The menu interface operates through the switch console to provide you with a subset of switch commands in an easy-to-use menu format enabling you to: ■ Perform a “quick configuration” of basic parameters, such a
PAGE 51
Using the Menu Interface Starting and Ending a Menu Session Note If the switch has neither a Manager nor an Operator password, anyone having access to the console interface can operate the console with full manager privileges. Also, if you configure only an Operator password, entering the Operator password enables full manager privileges. For more information on passwords, refer to the Access Security Guide for your switch. Menu Interaction with Other Interfaces.
PAGE 52
Using the Menu Interface Starting and Ending a Menu Session How To Start a Menu Interface Session In its factory default configuration, the switch console starts with the CLI prompt. To use the menu interface with Manager privileges, go to the Manager level prompt and enter the menu command. 1. 2. 3. Use one of these methods to connect to the switch: • A PC terminal emulator or terminal • Telnet Do one of the following: • If you are using Telnet, go to step 3.
PAGE 53
Using the Menu Interface Starting and Ending a Menu Session Figure 3-1. Example of the Main Menu with Manager Privileges For a description of Main Menu features, see “Main Menu Features” on page 3 7. Note To configure the switch to start with the menu interface instead of the CLI, go to the Manager level prompt in the CLI, enter the setup command, and in the resulting display, change the Logon Default parameter to Menu.
PAGE 54
Using the Menu Interface Starting and Ending a Menu Session Asterisk indicates a configuration change that requires a reboot to activate. Figure 3-2. Example Indication of a Configuration Change Requiring a Reboot 1. In the current session, if you have not made configuration changes that require a switch reboot to activate, return to the Main Menu and press [0] (zero) to log out. Then just exit from the terminal program, turn off the terminal, or quit the Telnet session. 2.
PAGE 55
Using the Menu Interface Main Menu Features Main Menu Features ProCurve Switch 2-Jan-1990 0:00:44 ===========================- TELNET - MANAGER MODE -========================= Main Menu 1. 2. 3. 4. 5. 6. 7. 8. 9. 0. Status and Counters... Switch Configuration... Console Passwords... Event Log Command Line (CLI) Reboot Switch Download OS Run Setup Stacking... Logout Provides the menu to display configuration, status, and counters.
PAGE 56
Using the Menu Interface Main Menu Features 3-8 ■ Command Line (CLI): Selects the Command Line Interface at the same level (Manager or Operator) that you are accessing in the Menu interface. (Refer to Chapter 4, “Using the Command Line Interface (CLI)”.) ■ Reboot Switch: Performs a “warm” reboot of the switch, which clears most temporary error conditions, resets the network activity counters to zero, and resets the system up-time to zero.
PAGE 57
Using the Menu Interface Screen Structure and Navigation Screen Structure and Navigation Menu interface screens include these three elements: ■ Parameter fields and/or read-only information such as statistics ■ Navigation and configuration actions, such as Save, Edit, and Cancel ■ Help line to describe navigation options, individual parameters, and readonly data For example, in the following System Information screen: Screen title – identifies the location within the menu structure Parameter fields
PAGE 58
Using the Menu Interface Screen Structure and Navigation Table 3-5. 3-10 How To Navigate in the Menu Interface Task: Actions: Execute an action from the “Actions –>” list at the bottom of the screen: Use either of the following methods: • Use the arrow keys ([<], or [>]) to highlight the action you want to execute, then press [Enter]. • Press the key corresponding to the capital letter in the action name.
PAGE 59
Using the Menu Interface Screen Structure and Navigation To get Help on individual parameter descriptions. In most screens there is a Help option in the Actions line. Whenever any of the items in the Actions line is highlighted, press [H], and a separate help screen is displayed. For example: Pressing [H] or highlighting Help and pressing [Enter] displays Help for the parameters listed in the upper part of the screen Highlight on any item in the Actions line indicates that the Actions line is active.
PAGE 60
Using the Menu Interface Rebooting the Switch Rebooting the Switch Rebooting the switch from the menu interface ■ Terminates all current sessions and performs a reset of the operating system ■ Activates any menu interface configuration changes that require a reboot ■ Resets statistical counters to zero (Note that statistical counters can be reset to zero without rebooting the switch.) To Reboot the switch, use the Reboot Switch option in the Main Menu.
PAGE 61
Using the Menu Interface Rebooting the Switch Rebooting To Activate Configuration Changes. Configuration changes for most parameters in the menu interface become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the Maximum VLANs to support parameter. (To access this parameter, go to the Main Menu and select: 2. Switch Configuration 8. VLAN Menu 1. VLAN Support.
PAGE 62
Using the Menu Interface Menu Features List Menu Features List Status and Counters • General System Information • Switch Management Address Information • Port Status • Port Counters • VLAN Address Table • Port Address Table Switch Configuration • System Information • Port/Trunk Settings • Network Monitoring Port • IP Configuration • SNMP Community Names • IP authorized Managers • VLAN Menu Console Passwords Event Log Command Line (CLI) Reboot Switch Download OS (Download Switch So
PAGE 63
Using the Menu Interface Where To Go From Here Where To Go From Here This chapter provides an overview of the menu interface and how to use it. The following table indicates where to turn for detailed information on how to use the individual features available through the menu interface. Option: Turn to: To use the Run Setup option Refer to the Installation and Getting Started Guide for your switch, available on the Procurve web site at www.procurve.com.
PAGE 64
Using the Menu Interface Where To Go From Here 3-16
PAGE 65
4 Using the Command Line Interface (CLI) Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Privilege Levels at Logon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 66
Using the Command Line Interface (CLI) Overview Overview The CLI is a text-based command interface for configuring and monitoring the switch. The CLI gives you access to the switch’s full set of commands while providing the same password protection that is used in the web browser interface and the menu interface. Accessing the CLI Like the menu interface, the CLI is accessed through the switch console, and in the switch’s factory default state, is the default interface when you start a console session.
PAGE 67
Using the Command Line Interface (CLI) Using the CLI When you use the CLI to make a configuration change, the switch writes the change to the Running-Config file in volatile memory. This allows you to test your configuration changes before making them permanent. To make changes permanent, you must use the write memory command to save them to the Startup-Config file in non-volatile memory.
PAGE 68
Using the Command Line Interface (CLI) Using the CLI Caution ProCurve strongly recommends that you configure a Manager password. If a Manager password is not configured, then the Manager level is not passwordprotected, and anyone having in-band or out-of-band access to the switch may be able to reach the Manager level and compromise switch and network security. Note that configuring only an Operator password does not prevent access to the Manager level by intruders who have the Operator password.
PAGE 69
Using the Command Line Interface (CLI) Using the CLI Manager Privileges Manager privileges give you three additional levels of access: Manager, Global Configuration, and Context Configuration. A “#” character delimits any Man ager prompt. For example: ProCurve#_ ■ Example of the Manager prompt. Manager level: Provides all Operator level privileges plus the ability to perform system-level actions that do not require saving changes to the system configuration file.
PAGE 70
Using the Command Line Interface (CLI) Using the CLI Table 4-1. Privilege Level Hierarchy Privilege Level Example of Prompt and Permitted Operations Operator Privilege Operator Level ProCurve> show < command > setup View status and configuration information. ping < argument > link-test < argument > Perform connectivity tests. enable Move from the Operator level to the Manager level. menu Move from the CLI interface to the menu interface.
PAGE 71
Using the Command Line Interface (CLI) Using the CLI How To Move Between Levels Change in Levels Example of Prompt, Command, and Result Operator level to Manager level ProCurve> enable Password:_ After you enter enable, the Password prompt appears.
PAGE 72
Using the Command Line Interface (CLI) Using the CLI For example, if you use the menu interface to configure an IP address of “X” for VLAN 1 and later use the CLI to configure a different IP address of “Y” for VLAN 1, then “Y” replaces “X” as the IP address for VLAN 1 in the running config file. If you subsequently execute write memory in the CLI, then the switch also stores “Y” as the IP address for VLAN 1 in the startup-config file.
PAGE 73
Using the Command Line Interface (CLI) Using the CLI Typing ? at the Manager level produces this listing: When - - MORE - - appears, use the Space bar or [Return] to list additional commands. Figure 4-4.Example of the Manager-Level Command Listing When - - MORE - - appears, there are more commands in the listing. To list the next screenfull of commands, press the Space bar. To list the remaining commands one-by-one, repeatedly press [Enter].
PAGE 74
Using the Command Line Interface (CLI) Using the CLI As mentioned above, if you type part of a command word and press [Tab], the CLI completes the current word (if you have typed enough of the word for the CLI to distinguish it from other possibilities), including hyphenated exten sions. For example: ProCurve(config)# port-[Tab] ProCurve(config)# port-security _ Pressing [Tab] after a completed command word lists the further options for that command.
PAGE 75
Using the Command Line Interface (CLI) Using the CLI Displaying CLI “Help” CLI Help provides two types of context-sensitive information: ■ Command list with a brief summary of each command’s purpose ■ Detailed information on how to use individual commands Displaying Command-List Help. Syntax: help Displays a listing of command Help summaries for all commands available at the current privilege level.
PAGE 76
Using the Command Line Interface (CLI) Using the CLI Figure 4-7.Example of How To Display Help for a Specific Command Note that trying to list the help for an individual command from a privilege level that does not include that command results in an error message.
PAGE 77
Using the Command Line Interface (CLI) Using the CLI Configuration Commands and the Context Configuration Modes You can execute any configuration command in the global configuration mode or in selected context modes. However, using a context mode enables you to execute context-specific commands faster, with shorter command strings. The switch offers interface (port or trunk group) and VLAN context configu ration modes: Port or Trunk-Group Context.
PAGE 78
Using the Command Line Interface (CLI) Using the CLI In the port context, the first block of commands in the “?” listing show the context-specific commands that will affect only ports C3-C6. The remaining commands in the listing are Manager, Operator, and context commands. Figure 4-8.
PAGE 79
Using the Command Line Interface (CLI) Using the CLI VLAN Context . Includes VLAN-specific commands that apply only to the selected VLAN, plus Manager and Operator commands. The prompt for this mode includes the VLAN ID of the selected VLAN. For example, if you had already configured a VLAN with an ID of 100 in the switch: ProCurve(config)# vlan 100 Command executed at configuration level to enter VLAN 100 context. ProCurve(vlan-100)# Resulting prompt showing VLAN 100 context.
PAGE 80
Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing Executing a Prior Command—Redo The redo command executes a prior command in the history list. Syntax: redo [number | command-str] Re-executes a command from history. Executes the last command by default. number: The position of the command to execute in the history list. When number is specified, the nth command starting from the most recent command in the history is executed.
PAGE 81
Using the Command Line Interface (CLI) CLI Control and Editing Syntax: repeat [cmdlist] [count] [delay] Repeats execution of a previous command. Repeats the last command by default until a key is pressed. cmdlist: If a number or range of numbers is specified, the command repeats the nth most recent commands (where “n” is the position in the history list). count: Repeats the command for the number of times specified. delay: The command repeats execution after a delay for the number of seconds specified.
PAGE 82
Using the Command Line Interface (CLI) CLI Editing Shortcuts CLI Editing Shortcuts Keystrokes Function [Ctrl] [A] Jumps to the first character of the command line. [Ctrl] [B] or [<] Moves the cursor back one character. [Ctrl] [C] Terminates a task and displays the command prompt. [Ctrl] [D] Deletes the character at the cursor. [Ctrl] [E] Jumps to the end of the current command line. [Ctrl] [F] or [>] Moves the cursor forward one character.
PAGE 83
5 Using the ProCurve Web Browser Interface Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 General Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Starting a Web Browser Interface Session with the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4 Using a Standalone Web Browser in a PC or UNIX Workstation . . . .
PAGE 84
Using the ProCurve Web Browser Interface Contents 5-2
PAGE 85
Using the ProCurve Web Browser Interface Overview Overview The ProCurve web browser interface built into the switch lets you easily access the switch from a browser-based PC on your network. This lets you do the following: ■ Optimize your network uptime by using the Alert Log and other diagnostic tools ■ Make configuration changes to the switch ■ Maintain security by configuring usernames and passwords This chapter covers the following: ■ General features (page 5-4).
PAGE 86
Using the ProCurve Web Browser Interface General Features General Features The web browser interface includes these features: Switch Identity and Status: • General system data • Software version • Redundant Management Module software version • IP address • Status Overview • Port utilization • Port counters • Port status • Alert log Switch Configuration: • Device view • Port configuration • VLAN configuration • Fault detection • Quality of service (QoS) • Port monitoring (mirroring) • System information • I
PAGE 87
Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Switch Starting a Web Browser Interface Session with the Switch You can start a web browser session in the following ways: ■ ■ Using a standalone web browser on a network connection from a PC or UNIX workstation: • Directly connected to your network • Connected through remote access to your network Using a network management station running ProCurve Manager on your network Using a Standalone Web Browser in a P
PAGE 88
Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Switch Using ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+) ProCurve Manager and ProCurve Manager Plus are designed for installation on a network management workstation. For this reason, the system require ments are different from the system requirements for accessing the switch’s web browser interface from a non-management PC or workstation.
PAGE 89
Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Switch First time install alert Figure 5-1.
PAGE 90
Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Tasks for Your First ProCurve Web Browser Interface Session The first time you access the web browser interface, there are three tasks you should perform: ■ Review the “First Time Install” window ■ Set Manager and Operator passwords ■ Set access to the web browser interface online help Viewing the “First Time Install” Window When you access the switch’s web browser interface for the first time, the Al
PAGE 91
Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session This window is the launching point for the basic configuration you need to perform to set web browser interface passwords for maintaining security and a fault detection policy, which determines the types of messages that the Alert Log displays. To set web browser interface passwords, click on secure access to the device to display the Device Passwords screen, and then go to the next page.
PAGE 92
Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Figure 5-3.The Device Passwords Window To set the passwords: 1. 2. Access the Device Passwords screen by one of the following methods: • If the Alert Log includes a “First Time Install” event entry, double click on this event, then, in the resulting display, click on the secure access to the device link. • Select the Security tab.
PAGE 93
Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Entering a User Name and Password Figure 5-4. Example of the Password Prompt in the Web Browser Interface The manager and operator passwords are used to control access to all switch interfaces. Once set, you will be prompted to supply the password every time you try to access the switch through any of its interfaces.
PAGE 94
Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session The Clear button is provided for your convenience, but its presence means that if you are concerned with the security of the switch configuration and operation, you should make sure the switch is installed in a secure location, such as a locked wiring closet.
PAGE 95
Using the ProCurve Web Browser Interface Support/Mgmt URLs Feature Support/Mgmt URLs Feature The Support/Mgmt URLs window enables you to change the World Wide Web Universal Resource Locator (URL) for two functions: ■ Support URL – A support information site for your switch ■ Management Server URL – The web site for web browser online Help 1. Click Here 2. Click Here 3.
PAGE 96
Using the ProCurve Web Browser Interface Support/Mgmt URLs Feature Support URL This is the site the switch accesses when you click on the Support tab on the web browser interface. The default URL is: www.procurve.com which is the World Wide Web site for ProCurve networking products. Click on technical support on that page to get support information regarding your switch, including white papers, software updates, and more.
PAGE 97
Using the ProCurve Web Browser Interface Support/Mgmt URLs Feature In the default configuration, the switch uses the URL for accessing the web browser interface help files on the ProCurve World Wide Web site. Figure 5-7. How To Access Web Browser Interface Online Help Using the PCM Server for Switch Web Help For ProCurve devices that support the “Web Help” feature, you can use the PCM server to host the switch help files for devices that do not have HTTP access to the ProCurve Support Web site. 1.
PAGE 98
Using the ProCurve Web Browser Interface Support/Mgmt URLs Feature 3. Add an entry, or edit the existing entry in the Discovery portion of the global properties (globalprops.prp) in PCM to redirect the switches to the help files on the PCM server. For example: Global { TempDir=data/temp ... Discovery{ ... ... DeviceHelpUrlRedirect=http://15.29.37.12.8040/rnd/device_help ... } } You will enter the IP address for your PCM server. 8040 is the standard port number to use. 4.
PAGE 99
Using the ProCurve Web Browser Interface Status Reporting Features Status Reporting Features Browser elements covered in this section include: ■ The Overview window (below) ■ Port utilization and status (page 5-18) ■ The Alert log (page 5-21) The Overview Window The Overview Window is the home screen for any entry into the web browser interface.The following figure identifies the various parts of the screen.
PAGE 100
Using the ProCurve Web Browser Interface Status Reporting Features The Port Utilization and Status Displays The Port Utilization and Status displays show an overview of the status of the switch and the amount of network activity on each port. The following figure shows a sample reading of the Port Utilization and Port Status. Port Utilization Bar Graphs Bandwidth Display Control Port Status Indicators Legend Figure 5-9.
PAGE 101
Using the ProCurve Web Browser Interface Status Reporting Features ■ Maximum Activity Indicator: As the bars in the graph area change height to reflect the level of network activity on the corresponding port, they leave an outline to identify the maximum activity level that has been observed on the port. Utilization Guideline. A network utilization of 40% is considered the maximum that a typical Ethernet-type network can experience before encoun tering performance difficulties.
PAGE 102
Using the ProCurve Web Browser Interface Status Reporting Features Port Status Port Status Indicators Legend Figure 5-12. The Port Status Indicators and Legend The Port Status indicators show a symbol for each port that indicates the general status of the port. There are four possible statuses: 5-20 ■ Port Connected – the port is enabled and is properly connected to an active network device. ■ Port Not Connected – the port is enabled but is not connected to an active network device.
PAGE 103
Using the ProCurve Web Browser Interface Status Reporting Features The Alert Log The web browser interface Alert Log, shown in the lower half of the screen, shows a list of network occurrences, or alerts, that were detected by the switch. Typical alerts are Broadcast Storm, indicating an excessive number of broadcasts received on a port, and Problem Cable, indicating a faulty cable. A full list of alerts is shown in the table on page 5-22. Figure 5-13.
PAGE 104
Using the ProCurve Web Browser Interface Status Reporting Features Alert Types and Detailed Views As of June, 2007, the web browser interface generates the following alert types: • • • • • • • • • Note Auto Partition Backup Transition Excessive broadcasts Excessive CRC/alignment errors Excessive jabbering Excessive late collisions First Time Install Full-Duplex Mismatch Half-Duplex Mismatch • • • • • • • • High collision or drop rate Loss of Link Mis-Configured SQE Network Loop Polarity Reversal Securi
PAGE 105
Using the ProCurve Web Browser Interface Status Reporting Features Figure 5-14.
PAGE 106
Using the ProCurve Web Browser Interface Status Reporting Features Setting Fault Detection Policy One of the powerful features in the web browser interface is the Fault Detection facility. For your switch, this feature controls the types of alerts reported to the Alert Log based on their level of severity. Set this policy in the Fault Detection window (figure 5-15). Figure 5-15.
PAGE 107
Using the ProCurve Web Browser Interface Status Reporting Features To provide the most information on network problems in the Alert Log, the recommended sensitivity level for Log Network Problems is High Sensitivity. The Fault Detection settings are: ■ High Sensitivity. This policy directs the switch to send all alerts to the Alert Log. This setting is most effective on networks that have none or few problems. ■ Medium Sensitivity.
PAGE 108
Using the ProCurve Web Browser Interface Status Reporting Features 5-26
PAGE 109
6 Switch Memory and Configuration Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 Configuration File Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 Using the CLI To Implement Configuration Changes . . . . . . . . . . . . 6-6 Using the Menu and Web Browser Interfaces To Implement Configuration Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 110
Switch Memory and Configuration Contents Changing or Overriding the Reboot Configuration Policy . . . . . . . . . 6-28 Managing Startup-Config Files in the Switch . . . . . . . . . . . . . . . . . . . 6-30 Renaming an Existing Startup-Config File . . . . . . . . . . . . . . . . . . 6-31 Creating a New Startup-Config File . . . . . . . . . . . . . . . . . . . . . . . . 6-31 Erasing a Startup-Config File . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 111
Switch Memory and Configuration Overview Overview This chapter describes: ■ How switch memory manages configuration changes ■ How the CLI implements configuration changes ■ How the menu interface and web browser interface implement configu ration changes ■ How the switch provides software options through primary/secondary flash images ■ How to use the switch’s primary and secondary flash options, including displaying flash information, booting or restarting the switch, and other topics Configura
PAGE 112
Switch Memory and Configuration Configuration File Management ■ Startup-config File: Exists in flash (non-volatile) memory and is used to preserve the most recently-saved configuration as the “permanent” configuration. Booting the switch replaces the current running-config file with a new run ning-config file that is an exact copy of the current startup-config file.
PAGE 113
Switch Memory and Configuration Configuration File Management The above command disables port 5 in the running-config file, but not in the startup-config file. Port 5 remains disabled only until the switch reboots. If you want port 5 to remain disabled through the next reboot, use write memory to save the current running-config file to the startup-config file in flash memory.
PAGE 114
Switch Memory and Configuration Using the CLI To Implement Configuration Changes Using the CLI To Implement Configuration Changes The CLI offers these capabilities: ■ Access to the full set of switch configuration features ■ The option of testing configuration changes before making them perma nent How To Use the CLI To View the Current Configuration Files. Use show commands to view the configuration for individual features, such as port status or Spanning Tree Protocol.
PAGE 115
Switch Memory and Configuration Using the CLI To Implement Configuration Changes 3. Observe the switch’s performance with the new parameter settings to verify the effect of your changes. 4. When you are satisfied that you have the correct parameter settings, use the write memory command to copy the changes to the startup-config file. Syntax: write memory Saves the running configuration file to the startup-config. The saved configuration becomes the boot-up configuration of the switch on the next boot.
PAGE 116
Switch Memory and Configuration Using the CLI To Implement Configuration Changes If you use the CLI to change a parameter setting, and then execute the boot command without first executing the write memory command to save the change, the switch prompts you to specify whether to save the changes in the current running-config file. For example: Disables port 1 in the running configuration, which causes port 1 to block all traffic.
PAGE 117
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes value will appear in the menu interface display for that parameter. However, as indicated above, unless you also make a configuration change in the menu interface, only the write memory command in the CLI will actually save the change to the startup-config file. How To Reset the startup-config and running-config Files to the Factory Default Configuration.
PAGE 118
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Menu: Implementing Configuration Changes You can use the menu interface to simultaneously save and implement a subset of switch configuration changes without having to reboot the switch. That is, when you save a configuration change in the menu interface, you simultane ously change both the running-config file and the startup-config file.
PAGE 119
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes the switch discards the configuration changes made while using the CLI. To ensure that changes made while using the CLI are saved, execute write memory in the CLI before rebooting the switch.
PAGE 120
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes If configuration changes requiring a reboot have been made, the switch displays an asterisk (*) next to the menu item in which the change has been made.
PAGE 121
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Using Primary and Secondary Flash Image Options The switches covered in this guide feature two flash memory locations for storing switch software image files: ■ Primary Flash: The default storage for a switch software image. ■ Secondary Flash: The additional storage for an alternate switch software image.
PAGE 122
Switch Memory and Configuration Using Primary and Secondary Flash Image Options For example, if the switch is using a software version of W.14.XX stored in Primary flash, show version produces the following: ProCurve(config)# show version Image stamp: Boot Image: Figure 6-7. /su/code/build/info(s01) Jun 01 2008 10:50:26 W.14.XX 1223 Primary Example Showing the Identity of the Current Flash Image Determining Whether the Flash Images Are Different Versions.
PAGE 123
Switch Memory and Configuration Using Primary and Secondary Flash Image Options 1. In this example show version indicates the switch has version W.14.02 in primary flash. 2. After the boot system command, show version indicates that version W.14.01 is in secondary flash. Figure 6-9. ProCurve(config)# show version Image stamp: /sw/code/build/info(s02) Sept 01 2008 14.03.06 W.14.
PAGE 124
Switch Memory and Configuration Using Primary and Secondary Flash Image Options flash and you can either copy the secondary image into primary or download another image to primary from an external source. Refer to Appendix A, “File Transfers”. Local Switch Software Replacement and Removal This section describes commands for erasing a software version and copying an existing software version between primary and secondary flash.
PAGE 125
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Syntax: copy flash flash where: destination flash = primary or secondary: For example, to copy the image in secondary flash to primary flash: 1. Verify that there is a valid flash image in the secondary flash location. The following figure indicates that a software image is present in secondary flash.
PAGE 126
Switch Memory and Configuration Using Primary and Secondary Flash Image Options 2. Then erase the software image in the selected flash (in this case, primary): The prompt shows which flash location will be erased. Figure 6-11. Example of Erase Flash Prompt 3. Type y at the prompt to complete the flash erase. 4.
PAGE 127
Switch Memory and Configuration Using Primary and Secondary Flash Image Options factory-default values to the parameters controlling the new features. Simi larly, If you create a startup-config file while using a version “Y” of the switch software, and then reboot the switch with an earlier software version “X” that does not include all of the features found in “Y”, the software simply ignores the parameters for any features that it does not support. Scheduled Reload.
PAGE 128
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Setting the Default Flash You can specify the default flash to boot from on the next boot by entering the boot set-default flash command. Syntax: boot set-default flash [primary |secondary] Upon booting, set the default flash for the next boot to primary or secondary.
PAGE 129
Switch Memory and Configuration Using Primary and Secondary Flash Image Options ProCurve(config)# boot system flash secondary System will be rebooted from secondary image. Do you want to continue [y/n]? Figure 6-13. Example of Boot Command with Secondary Flash Option In the above example, typing either a y or n at the second prompt initiates the reboot operation. Using the Fastboot feature.
PAGE 130
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Scheduled Reload. Additional parameters have been added to the reload command to allow for a scheduled reboot of the switch via the CLI. Syntax: [no] reload [after <[dd:]hh:]mm> | at []] Enables a scheduled warm reboot of the switch. The switch boots up with the same startup config file and using the same flash image as before the reload.
PAGE 131
Switch Memory and Configuration Multiple Configuration Files Multiple Configuration Files Action Page Listing and Displaying Startup-Config Files 6-27 Changing or Overriding the Reboot Configuration Policy 6-28 Managing Startup-Config Files Renaming Startup-Config Files 6-31 Copying Startup-Config Files 6-31 Erasing Startup-Config Files 6-32 Effect of Using the Clear + Reset Buttons 6-34 Copying Startup-Config Files to or from a Remote Server 6-35 This method of operation means that you can
PAGE 132
Switch Memory and Configuration Multiple Configuration Files ■ Transitions from one software release to another can be performed while maintaining a separate configuration for the different software release versions.
PAGE 133
Switch Memory and Configuration Multiple Configuration Files 2. Use the CLI to make configuration changes in the running-config file, and then execute write mem. The result is that the startup-config file used to reboot the switch is modified by the actions in step 2.
PAGE 134
Switch Memory and Configuration Multiple Configuration Files ■ Saves a copy of the existing startup-config file in memory slot 2 with the filename workingConfig. ■ Assigns the workingConfig file as the active configuration and the default configuration for all subsequent reboots using either primary or second ary flash. Figure 6-16.
PAGE 135
Switch Memory and Configuration Multiple Configuration Files Listing and Displaying Startup-Config Files Command Page show config files show config < filename > Below 6-28 Viewing the Startup-Config File Status with Multiple Configuration Enabled Rebooting the switch automatically enables the multiple configuration fea ture. Syntax: show config files This command displays the available startup-config files on the switch and the current use of each file.
PAGE 136
Switch Memory and Configuration Multiple Configuration Files Displaying the Content of A Specific Startup-Config File With Multiple Configuration enabled, the switch can have up to three startup config files. Because the show config command always displays the content of the currently active startup-config file, the command extension shown below is needed to allow viewing the contents of any other startup-config files stored in the switch.
PAGE 137
Switch Memory and Configuration Multiple Configuration Files Syntax: startup-default [ primary | secondary ] config < filename > Specifies a boot configuration policy option: [ primary | secondary ] config < filename >: Designates the startup-config file to use in a reboot with the software version stored in a specific flash location. Use this option to change the reboot policy for either primary or secondary flash, or both.
PAGE 138
Switch Memory and Configuration Multiple Configuration Files ProCurve(config)# startup-default pri config minconfig ProCurve(config) # startup-default sec config newconfig. Overriding the Default Reboot Configuration Policy. This command provides a method for manually rebooting with a specific startup-config file other than the file specified in the default reboot configuration policy.
PAGE 139
Switch Memory and Configuration Multiple Configuration Files Renaming an Existing Startup-Config File Syntax: rename config < current-filename > < newname-str > This command changes the name of an existing startup config file. A file name can include up to 63, alphanumeric characters. Blanks are allowed in a file name enclosed in quotes (“ “ or ‘ ‘). (File names are not case-sensitive.) Creating a New Startup-Config File The switch allows up to three startup-config files.
PAGE 140
Switch Memory and Configuration Multiple Configuration Files Figure 6-17. Example of Using One Startup-Config File for Both Primary and Secondary Flash If you wanted to experiment with configuration changes to the software version in secondary flash, you could create and assign a separate startup config file for this purpose. The first two commands copy the config1 startup-config file to config2, and then make config2 the default startup-config file for booting from secondary flash. Figure 6-18.
PAGE 141
Switch Memory and Configuration Multiple Configuration Files Syntax: erase < config < filename >> | startup-config > config < filename >: This option erases the specified startup config file. If the specified file is not the currently active startup-config file, then the file is simply deleted from the memory slot it occupies.
PAGE 142
Switch Memory and Configuration Multiple Configuration Files Figure 6-19 illustrates using erase config < filename > to remove a startup-config file. Figure 6-19. Example of Erasing a Non-Active Startup-Config File With the same memory configuration as is shown in the bottom portion of figure 6-19, executing erase startup-config boots the switch from primary flash, resulting in a new file named minconfig in the same memory slot.
PAGE 143
Switch Memory and Configuration Multiple Configuration Files ProCurve(config)# show config files Pressing Clear + Reset: – Replaces all startup-config files with a single file named config1 that contains the default configuration for the software version in id | act pri sec | name primary flash. ---+-------------+----------------------------------------------– Resets the Active, Primary, and Secondary 1 | * * * | config1 assignments as shown here. Configuration files: 2 | 3 | | | Figure 6-20.
PAGE 144
Switch Memory and Configuration Multiple Configuration Files TFTP: Copying a Configuration File from a Remote Host Syntax: copy tftp config < dest-file > < ip-addr > < remote-file > < pc | unix > This is an addition to the copy tftp command options. Use this command to download a configuration file from a TFTP server to the switch. Note: This command requires an empty memory slot in the switch.
PAGE 145
Switch Memory and Configuration Multiple Configuration Files Xmodem: Copying a Configuration from a Serially Connected Host Syntax: copy xmodem config < dest-file > < pc | unix > This is an addition to the copy xmodem command options. Use this command to download a configuration file from an Xmodem host to the switch. For more on using Xmodem to copy a file from a serially connected host, refer to “Xmodem: Copying a Configuration File from a Serially Connected PC or UNIX Workstation” on page A-29.
PAGE 146
Switch Memory and Configuration Multiple Configuration Files 6-38
PAGE 147
7 Interface Access and System Information Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Interface Access: Console/Serial Link, Web, and Inbound Telnet . 7-3 Menu: Modifying the Interface Access . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 CLI: Modifying the Interface Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5 Denying Interface Access by Terminating Remote Management Sessions . . . . . . . . .
PAGE 148
Interface Access and System Information Overview Overview This chapter describes how to: ■ View and modify the configuration for switch interface access ■ Use the CLI kill command to terminate a remote session ■ View and modify switch system information For help on how to actually use the interfaces built into the switch, refer to: ■ Chapter 3, “Using the Menu Interface” ■ Chapter 4, “Using the Command Line Interface (CLI)” ■ Chapter 5, “Using the ProCurve Web Browser Interface” Why Configure I
PAGE 149
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access Features Feature Inactivity Time Inbound Telnet Access Outbound Telnet Access Web Browser Interface Access Terminal type Event Log event types to list (Displayed Events) Baud Rate Flow Control Default Menu CLI Web 0 Minutes (disabled) page 7-4 page 7-7 — Enabled page 7-4 page 7-5 — n/a — page 7-6 — Enabled pa
PAGE 150
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Menu: Modifying the Interface Access The menu interface enables you to modify these parameters: ■ Inactivity Timeout ■ Inbound Telnet Enabled ■ Web Agent Enabled To Access the Interface Access Parameters: 1. From the Main Menu, Select... 2. Switch Configuration... 1. System Information Interface Access Parameters Figure 7-1.
PAGE 151
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet 4. When you have finished making changes to the above parameters, press [Enter], then press [S] (for Save). CLI: Modifying the Interface Access Interface Access Commands Used in This Section show console below [no] telnet-server below [no] web-management page 7-7 console page 7-7 Listing the Current Console/Serial Link Configuration.
PAGE 152
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet ProCurve(config)# telnet-server Outbound Telnet to Another Device. This feature operates indepen dently of the telnet-server status and enables you to Telnet to another device that has an IP address. Syntax: telnet Initiates an outbound telnet session to another network device.
PAGE 153
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet ProCurve(config)# show telnet Telnet Activity ------------------------------------------------------Session : ** 1 Privilege: Manager From : Console To : ------------------------------------------------------Session : ** 2 Privilege: Manager From : 12.13.14.10 To : 15.33.66.
PAGE 154
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet [inactivity-timer < 0 | 1 | 5 | 10 | 15 | 20 | 30 | 60 |120 >] [events ] Note If you change the Baud Rate or Flow Control settings for the switch, you should make the corresponding changes in your console access device.
PAGE 155
Interface Access and System Information Denying Interface Access by Terminating Remote Management Sessions You can also execute a series of console commands and then save the configuration and boot the switch. For example: ProCurve(config)# console baud-rate speed-sense Command will take effect after saving configuration and reboot ProCurve(config)# console flow-control xon/xoff Command will take effect after saving configuration and reboot Configure the individual parameters.
PAGE 156
Interface Access and System Information Denying Interface Access by Terminating Remote Management Sessions Session Session 22 is is an an active active Telnet Telnet session. session. The kill 2 command terminates session 2. Figure 7-6.
PAGE 157
Interface Access and System Information System Information System Information System Information Features Feature Default Menu CLI Web System Name switch product name page 7-12 page 7-14 page 7-17 System Contact n/a page 7-12 page 7-14 page 7-17 System Location n/a page 7-12 page 7-14 page 7-17 MAC Age Time 300 seconds page 7-12 page 7-16 — Time Sync Method None See Chapter 9, “Time Protocols”.
PAGE 158
Interface Access and System Information System Information Time Zone: The number of minutes your time zone location is to the West (+) or East (-) of Coordinated Universal Time (formerly GMT). The default 0 means no time zone is configured. For example, the time zone for Berlin, Germany is + 60 (minutes) and the time zone for Vancouver, Canada is - 480 (minutes). Daylight Time Rule: Specifies the daylight savings time rule to apply for your location. The default is None.
PAGE 159
Interface Access and System Information System Information 2. Press [E] (for Edit). The cursor moves to the System Name field. 3. Refer to the online help provided with this screen for further information on configuration options for these features. 4. When you have finished making changes to the above parameters, press [Enter], then press [S] (for Save) and return to the Main Menu.
PAGE 160
Interface Access and System Information System Information Configure a System Name, Contact, and Location for the Switch. To help distinguish one switch from another, configure a plain-language identity for the switch. Syntax: hostname < name-string > snmp-server [contact ] [location ] Each field allows up to 255 characters.
PAGE 161
Interface Access and System Information System Information MENU ProCurve Switch 2910al 24-Oct-2006 12:41:47 ===========================- TELNET - MANAGER MODE =========================== Switch Configuration - System Information System Name : Blue Switch System Contact : Bill_Smith System Location : + characters of the location are missing. It’s too long.
PAGE 162
Interface Access and System Information System Information Reconfigure the MAC Age Time for Learned MAC Addresses. This command corresponds to the MAC Age Interval in the menu interface, and is expressed in seconds. Syntax: mac-age-time < 10 - 1000000 > (seconds) Allows you to set the MAC address table’s age-out interval. An address is aged out if the switch does not receive traffic from that MAC address for the age-out interval, measured in seconds. Default: 300 seconds.
PAGE 163
Interface Access and System Information System Information Note Executing reload or boot resets the time and date to their default startup values. Web: Configuring System Parameters In the web browser interface, you can enter the following system information: ■ System Name ■ System Location ■ System Contact For access to the MAC Age Interval and the Time parameters, use the menu interface or the CLI. Configure System Parameters in the Web Browser Interface. 1. Click on the Configuration tab. 2.
PAGE 164
Interface Access and System Information System Information 7-18
PAGE 165
8 Configuring IP Addressing Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 Just Want a Quick Start with IP Addressing? . . . . . . . . . . . . . . . . . . . . 8-3 IP Addressing with Multiple VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 166
Configuring IP Addressing Overview Overview You can configure IP addressing through all of the switch’s interfaces. You can also: ■ Easily edit a switch configuration file to allow downloading the file to multiple switches without overwriting each switch’s unique gateway and VLAN 1 IP addressing. ■ Assign up to 32 IP addresses to a VLAN (multinetting).
PAGE 167
Configuring IP Addressing IP Configuration use the menu interface or the CLI to manually configure the initial IP values. After you have network access to a device, you can use the web browser interface to modify the initial IP configuration if needed. For information on how IP addressing affects switch operation, refer to “How IP Addressing Affects Switch Operation” on page 8-11. Multinetting: Assigning Multiple IP Addresses to a VLAN. For a given VLAN you can assign up to 32 IP addresses.
PAGE 168
Configuring IP Addressing IP Configuration For more on using the Switch Setup screen, refer to the Installation and Getting Started Guide you received with the switch. IP Addressing with Multiple VLANs In the factory-default configuration, the switch has one, permanent default VLAN (named DEFAULT_VLAN) that includes all ports on the switch.
PAGE 169
Configuring IP Addressing IP Configuration Menu: Configuring IP Address, Gateway, and Time-ToLive (TTL) Do one of the following: ■ To manually enter an IP address, subnet mask, set the IP Config parameter to Manual and then manually enter the IP address and subnet mask values you want for the switch. ■ To use DHCP or Bootp, use the menu interface to ensure that the IP Config parameter is set to DHCP/Bootp, then refer to “DHCP/Bootp Operation” on page 8-12. To Configure IP Addressing. 1.
PAGE 170
Configuring IP Addressing IP Configuration 3. If the switch needs to access a router, for example, to reach off-subnet destinations, select the Default Gateway field and enter the IP address of the gateway router. 4. If you need to change the packet Time-To-Live (TTL) setting, select Default TTL and type in a value between 2 and 255. 5.
PAGE 171
Configuring IP Addressing IP Configuration (You can also use the show management command to display the IP addressing and time server IP addressing configured on the switch. Refer to figure 9-6 on page 9-10.) For example, in the factory-default configuration (no IP addressing assigned), the switch’s IP addressing appears as: The Default IP Configuration Figure 8-2.
PAGE 172
Configuring IP Addressing IP Configuration Note The default IP address setting for the DEFAULT_VLAN is DHCP/Bootp. On additional VLANs you create, the default IP address setting is Disabled. Syntax: [ no ] vlan < vlan-id > ip address or [ no ] vlan < vlan-id > ip address < ip-address > < mask-bits > or vlan < vlan-id > ip address dhcp-bootp This example configures IP addressing on the default VLAN with the subnet mask specified in mask bits.
PAGE 173
Configuring IP Addressing IP Configuration 1. Go to VLAN 20. 2. Configure two additional IP addresses on VLAN 20. 3. Display IP addressing. Figure 8-4. Example of Configuring and Displaying a Multinetted VLAN If you then wanted to multinet the default VLAN, you would do the following: Figure 8-5. Example of Multinetting on the Default VLAN Note The Internet (IP) Service screen in the Menu interface (figure 8-1 on page 8-5) displays the first IP address for each VLAN.
PAGE 174
Configuring IP Addressing IP Configuration Removing or Replacing IP Addresses in a Multinetted VLAN. To remove an IP address from a multinetted VLAN, use the no form of the IP address command shown on page 8-8. Generally, to replace one IP address with another, you should first remove the address you want to replace, and then enter the new address. Configure the Optional Default Gateway. Using the Global configura tion level, you can manually assign one default gateway to the switch.
PAGE 175
Configuring IP Addressing IP Configuration 3. If you need further information on using the web browser interface, click on [?] to access the web-based help available for the switch. How IP Addressing Affects Switch Operation Without an IP address and subnet mask compatible with your network, the switch can be managed only through a direct terminal device connection to the Console RS-232 port. You can use direct-connect console access to take advantage of features that do not depend on IP addressing.
PAGE 176
Configuring IP Addressing IP Configuration DHCP/Bootp Operation Overview. DHCP/Bootp is used to provide configuration data from a DHCP or Bootp server to the switch. This data can be the IP address, subnet mask, default gateway, Timep Server address, and TFTP server address. If a TFTP server address is provided, this allows the switch to TFTP a previously saved configuration file from the TFTP server to the switch.
PAGE 177
Configuring IP Addressing IP Configuration DHCP Operation. A significant difference between a DHCP configuration and a Bootp configuration is that an IP address assignment from a DHCP server is automatic. Depending on how the DHCP server is configured, the switch may receive an IP address that is temporarily leased. Periodically the switch may be required to renew its lease of the IP configuration.
PAGE 178
Configuring IP Addressing IP Configuration gw=10.66.77.1:\ lg=10.22.33.44:\ T144=”switch.cfg”:\ vm=rfc1048 where: Note 8212switch is a user-defined symbolic name to help you find the correct section of the bootptab file. If you have multiple switches that will be using Bootp to get their IP configuration, you should use a unique symbolic name for each switch. ht is the “hardware type”. For the switches covered in this guide, enter ether (for Ethernet). This tag must precede the ha tag.
PAGE 179
Configuring IP Addressing Loopback Interfaces Note Designating a primary VLAN other than the default VLAN affects the switch’s use of information received via DHCP/Bootp. For more on this topic, refer to the chapter describing VLANs in the Advanced Traffic Management Guide for your switch.
PAGE 180
Configuring IP Addressing Loopback Interfaces ■ You can use a loopback interface to establish a Telnet session, ping the switch, and access the switch through SNMP, SSH, and HTTP (web interface). ■ A loopback IP address can be used by routing protocols.
PAGE 181
Configuring IP Addressing Loopback Interfaces For example, if you configure a VLAN with IP address 172.16.100.8/24, you cannot configure a loopback interface with IP address 172.16.100.8. In the same way, if you configure a loopback interface (lo1) with IP address 172.16.101.8, you cannot configure another loopback interface (lo2) with IP address 172.16.101.8. ■ You can configure multiple IP addresses on a loopback interface (lo0 to lo7).
PAGE 182
Configuring IP Addressing Loopback Interfaces ProCurve> show ip Internet (IP) Service IP Routing : Enabled Default TTL : 64 ARP Age : 20 VLAN IP Config IP Address Subnet Mask Proxy ARP ---------------- ---------- ---------- ------DEFAULT_VLAN Manual 10.0.8.121 255.255.0.0 No VLAN2 Manual 192.168.12.1 255.255.255.0 No VLAN3 Disabled Loopback -------lo1 lo2 lo2 Loopback Addresses IP Config IP Address Subnet Mask ---------- -----------------------Manual 172.16.110.2 255.255.255.255 Manual 172.16.112.2 255.
PAGE 183
Configuring IP Addressing Loopback Interfaces To display the loopback interfaces configured on the switch in a list of IP routing entries displayed according to destination IP address, enter the show ip route command. The following example displays the configuration of the default loopback interface (lo0) and one user-defined loopback interface (lo2).
PAGE 184
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads For the switches covered in this guide, IP Preserve enables you to copy a configuration file to multiple switches while retaining the individual IP address and subnet mask on VLAN 1 in each switch, and the Gateway IP address assigned to the switch.
PAGE 185
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads ; J9146A Configuration Editor; Created on release #W.14.01 hostname “ProCurve” time daylight-time-rule None . . . password manager password operator ip preserve Entering “ip preserve” in the last line of a configuration file implements IP Preserve when the file is downloaded to the switch and the switch reboots. Figure 8-9.
PAGE 186
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads ProCurve(config)# show run Running configuration: ; J9146A Configuration Editor; Created on release #W.14.XX hostname "ProCurve" module 1 type J8702A module 2 type J8705A trunk A11-A12 Trk1 Trunk ip default-gateway 10.10.10.
PAGE 187
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads ProCurve# show run Running configuration: ; J9146A Configuration Editor; Created on release #W.14.XX hostname "ProCurve" module 1 type J8702A module 2 type J8705A trunk A11-A12 Trk1 Trunk ip default-gateway 10.10.10.1 snmp-server community "public" Unrestricted vlan 1 name "DEFAULT_VLAN" untagged A1,A7-A10,A13-A24,B1-B24,Trk1 ip address 10.10.10.5 255.255.255.
PAGE 188
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads 8-24
PAGE 189
9 Time Protocols Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2 TimeP Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2 SNTP Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2 Selecting a Time Synchronization Protocol or Turning Off Time Protocol Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 190
Time Protocols Overview Overview This chapter describes: ■ SNTP Time Protocol Operation ■ Timep Time Protocol Operation Using time synchronization ensures a uniform time among interoperating devices. This helps you to manage and troubleshoot switch operation by attaching meaningful time data to event and error messages. The switch offers TimeP and SNTP (Simple Network Time Protocol) and a timesync command for changing the time protocol selection (or turning off time protocol operation).
PAGE 191
Time Protocols Selecting a Time Synchronization Protocol or Turning Off Time Protocol Operation Note To use Broadcast mode, the switch and the SNTP server must be in the same subnet. ■ Unicast Mode: The switch requests a time update from the config ured SNTP server. (You can configure one server using the menu interface, or up to three servers using the CLI sntp server command.
PAGE 192
Time Protocols SNTP: Viewing, Selecting, and Configuring ■ In the System Information screen of the Menu interface, set the Time Synch Method parameter to None, then press [Enter], then [S] (for Save). ■ In the Global config level of the CLI, execute no timesync. SNTP: Viewing, Selecting, and Configuring SNTP Feature Default CLI Web view the SNTP time synchronization configuration n/a page 9-5 page 9-8 — select SNTP as the time synchronization method timep page 9-6 page 9-10 ff.
PAGE 193
Time Protocols SNTP: Viewing, Selecting, and Configuring Table 9-1. SNTP Parameters SNTP Parameter Operation Time Sync Method Used to select either SNTP, TIMEP, or None as the time synchronization method. SNTP Mode Disabled The Default. SNTP does not operate, even if specified by the Menu interface Time Sync Method parameter or the CLI timesync command. Unicast Directs the switch to poll a specific server for SNTP time synchronization. Requires at least one server address.
PAGE 194
Time Protocols SNTP: Viewing, Selecting, and Configuring ==========================- CONSOLE - MANAGER MODE -======================== Switch Configuration - System Information System Name : ProCurve System Contact : System Location : Inactivity Timeout (min) [0] : 0 Inbound Telnet Enabled [Yes] : Yes Time Sync Method [None] : TIMEP TimeP Mode [Disabled] : Disabled Tftp-enable [Yes] : Yes Time Zone [0] : 0 Daylight Time Rule [None] : None Actions-> Cancel Edit MAC Age Time (sec) [300] : 300 Web Agent En
PAGE 195
Time Protocols SNTP: Viewing, Selecting, and Configuring Note: This step replaces any previously configured server IP address. If you will be using backup SNTP servers (requires use of the CLI), then refer to “SNTP Unicast Time Polling with Multiple SNTP Servers” on page 9-25. iii. Press [v] to move the cursor to the Server Version field. Enter the value that matches the SNTP server version running on the device you specified in the preceding step (step ii).
PAGE 196
Time Protocols SNTP: Viewing, Selecting, and Configuring CLI: Viewing and Configuring SNTP CLI Commands Described in this Section SNTP Command show sntp Page 9-8 [no] timesync 9-10 and ff., 9-14 sntp broadcast 9-11 sntp unicast 9-12 sntp server 9-12 and ff. Protocol Version 9-10 9-12 Priority 9-10 9-12 poll-interval 9-14 no sntp 9-15 This section describes how to use the CLI to view, enable, and configure SNTP parameters.
PAGE 197
Time Protocols SNTP: Viewing, Selecting, and Configuring ProCurve(config)# show sntp SNTP Configuration Time Sync Mode: Sntp SNTP Mode : Unicast Poll Interval (sec) [720] : 719 Priority -------1 2 3 SNTP Server Address ---------------------------------------------2001:db8::215:60ff:fe79:8980 10.255.5.24 fe80::123%vlan10 Protocol Version --------------7 3 3 Figure 9-4.
PAGE 198
Time Protocols SNTP: Viewing, Selecting, and Configuring ProCurve(config)# show management Status and Counters - Management Address Information Time Server Address : fe80::215:60ff:fe7a:adc0%vlan10 Priority -------1 2 3 SNTP Server Address ---------------------------------------------2001:db8::215:60ff:fe79:8980 10.255.5.24 fe80::123%vlan10 Default Gateway VLAN Name -----------DEFAULT_VLAN VLAN10 Protocol Version --------------7 3 3 : 10.0.9.
PAGE 199
Time Protocols SNTP: Viewing, Selecting, and Configuring Enabling SNTP in Broadcast Mode. Because the switch provides an SNTP polling interval (default: 720 seconds), you need only these two commands for minimal SNTP broadcast configuration: Syntax: timesync sntp Selects SNTP as the time synchronization method. Syntax: sntp broadcast Configures broadcast as the SNTP mode.
PAGE 200
Time Protocols SNTP: Viewing, Selecting, and Configuring Enabling SNTP in Unicast Mode. Like broadcast mode, configuring SNTP for unicast mode enables SNTP. However, for Unicast operation, you must also specify the IPv4 or IPv6 address and priority (1 - 3) of at least one SNTP server. The switch allows up to three unicast servers. You can use the Menu interface or the CLI to configure one IPv4 server address or to replace an existing IPv4 Unicast server address with another.
PAGE 201
Time Protocols SNTP: Viewing, Selecting, and Configuring . ProCurve(config)# show sntp SNTP Configuration Time Sync Mode: Sntp SNTP Mode : Unicast Poll Interval (sec) [720] : 720 Priority -------1 2 3 In this example, the Poll Interval and the Protocol Version appear at their default settings. Both IPv4 and IPv6 addresses are displayed. Note: Protocol Version appears only when there is an IP address configured for an SNTP server.
PAGE 202
Time Protocols SNTP: Viewing, Selecting, and Configuring Changing the SNTP Poll Interval. Syntax: sntp < 30..720 > Specifies how long the switch waits between time polling intervals. The default is 720 seconds and the range is 30 to 720 seconds. (This parameter is separate from the poll inter val parameter used for Timep operation.) For example, to change the poll interval to 300 seconds: ProCurve(config)# sntp poll-interval 300 Disabling Time Synchronization Without Changing the SNTP Configuration.
PAGE 203
Time Protocols SNTP: Viewing, Selecting, and Configuring Disabling the SNTP Mode. If you want to prevent SNTP from being used even if selected by timesync (or the Menu interface’s Time Sync Method param eter), configure the SNTP mode as disabled. Syntax: no sntp Disables SNTP by changing the SNTP mode configuration to Disabled.
PAGE 204
Time Protocols TimeP: Viewing, Selecting, and Configuring TimeP: Viewing, Selecting, and Configuring TimeP Feature Default Menu CLI Web view the Timep time synchronization configuration n/a page 9-17 page 9-19 — select Timep as the time synchronization method TIMEP page 9-15 pages 9-21 ff.
PAGE 205
Time Protocols TimeP: Viewing, Selecting, and Configuring Menu: Viewing and Configuring TimeP To View, Enable, and Modify the TimeP Protocol: 1. From the Main Menu, select: 2. Switch Configuration... 1.
PAGE 206
Time Protocols TimeP: Viewing, Selecting, and Configuring ii. Enter the IP address of the TimeP server you want the switch to use for time synchronization. Note: This step replaces any previously configured TimeP server IP address. iii. Press [>] to move the cursor to the Poll Interval field, then go to step 6. 5. In the Poll Interval field, enter the time in minutes that you want for a TimeP Poll Interval.
PAGE 207
Time Protocols TimeP: Viewing, Selecting, and Configuring Viewing the Current TimeP Configuration Using different show commands, you can display either the full TimeP config uration or a combined listing of all TimeP, SNTP, and VLAN IP addresses configured on the switch. Syntax: show timep This command lists both the time synchronization method (TimeP, SNTP, or None) and the TimeP configuration, even if SNTP is not the selected time protocol.
PAGE 208
Time Protocols TimeP: Viewing, Selecting, and Configuring ProCurve(config)# show management Status and Counters - Management Address Information Time Server Address : 10.10.28.100 Priority -------1 2 3 SNTP Server Address ---------------------------------------------10.10..28.101 10.255.5.24 fe80::123%vlan10 Default Gateway VLAN Name -----------DEFAULT_VLAN VLAN10 Protocol Version ---------------3 3 3 : 10.0.9.
PAGE 209
Time Protocols TimeP: Viewing, Selecting, and Configuring Enabling TimeP in DHCP Mode. Because the switch provides a TimeP polling interval (default: 720 minutes), you need only these two commands for a minimal TimeP DHCP configuration: Syntax: timesync timep Selects TimeP as the time synchronization method. Syntax: ip timep dhcp Configures DHCP as the TimeP mode. For example, suppose: ■ Time synchronization is configured for SNTP. ■ You want to: 1. View the current time synchronization. 2.
PAGE 210
Time Protocols TimeP: Viewing, Selecting, and Configuring Enabling Timep in Manual Mode. Like DHCP mode, configuring TimeP for Manual mode enables TimeP. However, for manual operation, you must also specify the IP address of the TimeP server. (The switch allows only one TimeP server.) To enable the TimeP protocol: Syntax: timesync timep Selects Timep. Syntax: ip timep manual < ip-addr > Activates TimeP in Manual mode with a specified TimeP server. Syntax: no ip timep Disables TimeP.
PAGE 211
Time Protocols TimeP: Viewing, Selecting, and Configuring Changing the TimeP Poll Interval. This command lets you specify how long the switch waits between time polling intervals. The default is 720 minutes and the range is 1 to 9999 minutes. (This parameter is separate from the poll interval parameter used for SNTP operation.
PAGE 212
Time Protocols TimeP: Viewing, Selecting, and Configuring For example, if the switch is running TimeP in DHCP mode, no ip timep changes the TimeP configuration as shown below, and disables time synchronization. Even though the Time Sync Mode is set to Timep, time synchronization is disabled because no ip timep has disabled the TimeP Mode parameter. Figure 9-19.
PAGE 213
Time Protocols SNTP Unicast Time Polling with Multiple SNTP Servers SNTP Unicast Time Polling with Multiple SNTP Servers When running SNTP unicast time polling as the time synchronization method, the switch requests a time update from the server you configured with either the Server Address parameter in the menu interface, or the primary server in a list of up to three SNTP servers configured using the CLI.
PAGE 214
Time Protocols SNTP Messages in the Event Log Adding and Deleting SNTP Server Addresses Adding Addresses. As mentioned earlier, you can configure one SNTP server address using either the Menu interface or the CLI. To configure a second and third address, you must use the CLI. To configure the remaining two addresses, you would do the following: ProCurve(config)# sntp server 2001:db8::215:60ff:fe79:8980 ProCurve(config)# sntp server 10.255.5.24 Figure 9-21.
PAGE 215
10 Port Status and Configuration Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3 Viewing Port Status and Configuring Port Parameters . . . . . . . . . . 10-3 Menu: Port Status and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 10-4 Port Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-4 Status of Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 216
Port Status and Configuration Contents Configuring UDLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-30 Enabling UDLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-31 Changing the Keepalive Interval . . . . . . . . . . . . . . . . . . . . . . . . . 10-32 Changing the Keepalive Retries . . . . . . . . . . . . . . . . . . . . . . . . . . 10-32 Configuring UDLD for Tagged Ports . . . . . . . . . . . . . . . . . . . . . .
PAGE 217
Port Status and Configuration Overview Overview This chapter describes how to view the current port configuration and how to configure ports to non-default settings, including ■ Enable/Disable ■ Mode (speed and duplex) ■ Flow Control ■ Broadcast Limit ■ Friendly Port Names ■ Uni-directional Link Detection (UDLD) Viewing Port Status and Configuring Port Parameters Port Status and Configuration Features Feature Default Menu CLI Web viewing port status n/a page 10-4 page 10-8 page 10-21
PAGE 218
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Menu: Port Status and Configuration From the menu interface, you can view and change the port configuration. Using the Menu To View Port Configuration. The menu interface dis plays the configuration for ports and (if configured) any trunk groups. From the Main Menu, select: 1. Status and Counters 4.
PAGE 219
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Status of Ports A port can be enabled or disabled: ■ Yes: Enabled, the default. This indicates the port is ready for a network connection. ■ No: Disabled, the port will not operate, even if properly connected to a network. Use the setting, for example, to shut the port down for diagnostic purposes or while you are making topology changes. The status of a port can be up or down (Read-only): Up: The port senses a link beat.
PAGE 220
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Modes The mode is the port’s speed and duplex (date transfer operation) setting. Table 10-1 shows possible modes available, depending on the port type (copper or fiber) and port speed. Table 10-1. Supported Modes Mode Speed and Duplex Settings Auto-MDIX Senses speed and negotiates with the port at the other end of the link for port operation (MDI-X or MDI).
PAGE 221
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Table 10-2. Protocols and Modes Supported for Copper Ports 10/100 Mbps Gigabit 10 Gigabit 10/100 TX 10/100/1000-T 10GBASE-CX4 Modes Settings Modes Settings Modes Settings Auto 10HDx 100HDx 10FDx 100FDx Auto-10 100FDx 10HDx 100HDx 10FDx 100FDX 10FDX Auto Auto-10 Auto-100 Auto-10-100 Auto-1000 10HDx 100HDX 1000FDx 1000FDx 10HDx 100FDx 100FDx 1000FDx 10HDx 100HDx 1000FDx Auto 10 Gigabit FDx Table 10-3.
PAGE 222
Port Status and Configuration Viewing Port Status and Configuring Port Parameters ===========================- TELNET - MANAGER MODE -============= Switch Configuration - Port/Trunk Settings Port ---1 2 3 4 5 6 7 8 Type --------1000T 1000T 1000T 1000T 1000T 1000T 1000T 1000T Actions-> + | | | | | | | | Enabled ------Yes Yes Yes Yes Yes Yes Yes Yes Cancel Mode -----------Auto-10-100 Auto-10-100 Auto Auto-1000 10HDx 10FDx 100FDx Auto Edit Save Flow Ctrl --------Disable Disable Disable Disable Disabl
PAGE 223
Port Status and Configuration Viewing Port Status and Configuring Port Parameters flow-control page 10-15 broadcast-limit page 10-17 auto-mdix page 10-18 Viewing Port Status and Configuration Use the following commands to display port status and configuration data. Syntax: show interfaces [ brief | config | < port-list >] brief: Lists the current operating status for all ports on the switch.
PAGE 224
Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)# show interfaces config Port Settings Port ----1 2 3 4 5 Type | Enabled Mode --------- + ------- -----------100/1000T Yes Auto-10-100 100/1000T Yes Auto 100/1000T Yes Auto 100/1000T Yes Auto 100/1000T Yes Auto Flow Ctrl --------Disable Disable Disable Disable Disable MDI --Auto Auto Auto Auto Auto Figure 10-4.
PAGE 225
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Dynamically updates Figure 10-5. Example of show int display Command with Dynamically Updating Output Viewing Port Utilization Statistics Use the show interface port-utilization command to view a real-time rate display for all ports on the switch. The following shows a sample output from this command.
PAGE 226
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Operating Notes: ■ For each port on the switch, the command provides a real-time display of the rate at which data is received (Rx) and transmitted (Tx) in terms of kilobits per second (KBits/s), number of packets per second (Pkts/ s), and utilization (Util) expressed as a percentage of the total band width available.
PAGE 227
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Operating Notes: ■ The following information is displayed for each installed transceiver: • Port number on which transceiver is installed. • Type of transceiver. • Product number—Includes revision letter, such as A, B, or C. If no revision letter follows a product number, this means that no revision is available for the transceiver.
PAGE 228
Port Status and Configuration Viewing Port Status and Configuring Port Parameters [speed-duplex < auto-10 |10-full | 10-half | 100-full | 100-half |1000-full |auto| auto 100 | auto-1000 | auto 10-100 >] Specifies the port’s data transfer speed and mode. Does not use the no form of the command. (Default: auto.) Note that in the above syntax you can substitute an “int” for “interface”; that is: int < port-list >.
PAGE 229
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Enabling or Disabling Flow Control Note You must enable flow control on both ports in a given link. Otherwise, flow control does not operate on the link, and appears as Off in the show interfaces brief port listing, even if flow control is configured as enabled on the port in the switch. (Refer to Figure 10-3 on page 10-9.) Also, the port (speed-duplex) mode must be set to Auto (the default).
PAGE 230
Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)# int 7-10 flow-control ProCurve(config)# show int brief Status and Counters - Port Status Port ------1 2 3 4 5 6 7-Trk1 8-Trk1 9-Trk2 10-Trk2 11 Type --------100/1000T 100/1000T 100/1000T 100/1000T 100/1000T 100/1000T 100/1000T 100/1000T 100/1000T 100/1000T 100/1000T | | + | | | | | | | | | | | Intrusion Alert --------No No No No No No No No No No No Enabled ------Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
PAGE 231
Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)# no int 7-10 flow-control ProCurve(config)# show int brief Status and Counters - Port Status Port ------1 2 3 4 5 6 7-Trk1 8-Trk1 9-Trk2 10-Trk2 11 Type --------100/1000T 100/1000T 100/1000T 100/1000T 100/1000T 100/1000T 100/1000T 100/1000T 100/1000T 100/1000T 100/1000T | | + | | | | | | | | | | | Intrusion Alert --------No No No No No No No No No No No Enabled ------Yes Yes Yes Yes Yes Yes Yes Yes Yes Y
PAGE 232
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Syntax: show config Displays the startup-config file. The broadcast limit setting appears here if enabled and saved to the startup-config file. Syntax: show running-config Displays the running-config file. The broadcast limit setting appears here if enabled. If the setting is not also saved to the startup-config file, rebooting the switch returns broadcast limit to the setting currently in the startup-config file.
PAGE 233
Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve Auto-MDIX was developed for auto-negotiating devices, and was shared with the IEEE for the development of the IEEE 802.3ab standard. ProCurve Auto-MDIX and the IEEE 802.3ab Auto MDI/MID-X feature are completely compatible. Additionally, ProCurve Auto-MDIX supports opera tion in forced speed and duplex modes. If you want more information on this subject please refer to the IEEE 802.3ab Standard Reference.
PAGE 234
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Syntax: show interfaces config Lists the current per-port Auto/MDI/MDI-X configuration. Syntax: show interfaces brief Where a port is linked to another device, this command lists the MDI mode the port is currently using. In the case of ports configured for Auto (auto-mdix), the MDI mode appears as either MDI or MDIX, depending upon which option the port has negotiated with the device on the other end of the link.
PAGE 235
Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)# show int brief Per-Port MDI Operating Mode Status and Counters - Port Status Port ------1 2 3 4 5 6 Type --------100/1000T 100/1000T 100/1000T 100/1000T 100/1000T 100/1000T | | + | | | | | | Intrusion Alert --------No No No No No No Enabled ------Yes Yes Yes Yes Yes Yes Status -----Down Down Down Down Down Up Mode ---------1000FDx 100FDx 100FDx 1000FDx 1000FDx 1000FDx MDI Mode ----MDIX MDI MDIX Auto
PAGE 236
Port Status and Configuration Using Friendly (Optional) Port Names Using Friendly (Optional) Port Names Feature Configure Friendly Port Names Display Friendly Port Names Default Menu CLI Web Standard Port Numbering n/a page 23 n/a n/a n/a page 24 n/a This feature enables you to assign alphanumeric port names of your choosing to augment automatically assigned numeric port names.
PAGE 237
Port Status and Configuration Using Friendly (Optional) Port Names ■ To retain friendly port names across reboots, you must save the current running-configuration to the startup-config file after entering the friendly port names. (In the CLI, use the write memory command.) Configuring Friendly Port Names Syntax: interface < port-list > name < port-name-string > Assigns a port name to port-list. Syntax: no interface < port-list > name Deletes the port name from port-list. Configuring a Single Port Name.
PAGE 238
Port Status and Configuration Using Friendly (Optional) Port Names Configuring the Same Name for Multiple Ports. Suppose that you want to use ports A5 through A8 as a trunked link to a server used by a drafting group. In this case you might configure ports A5 through A8 with the name “Draft-Server:Trunk”. Figure 10-15.
PAGE 239
Port Status and Configuration Using Friendly (Optional) Port Names Syntax: show name [ port-list ] Lists the friendly port name with its corresponding port number and port type. The show name command without a port list shows this data for all ports on the switch. For example: Ports Without “Friendly” Friendly port names assigned in previous examples. Figure 10-16.
PAGE 240
Port Status and Configuration Using Friendly (Optional) Port Names Syntax: show interface < port-number > Includes the friendly port name with the port’s traffic statistics listing. For example, if you configure port A1 with the name “O’Connor_10.25.101.43”, the show interface output for this port appears similar to the following: Friendly Port Name Figure 10-18.
PAGE 241
Port Status and Configuration Using Friendly (Optional) Port Names For example, if you configure port A1 with a friendly port name: This command sequence saves the friendly port name for port A1 in the startup config file. The name entered for port A2 is not saved because it was executed after write memory. Listing includes friendly port name for port A1 only. In this case, show config lists only port A1.
PAGE 242
Port Status and Configuration Using Friendly (Optional) Port Names Syntax: module type Allows you to configure the type of the module. The same module command used in an uploaded configuration file is used to define a module that is being pre-configured. The validation performed when issued through the CLI is still performed just as if the command was executed on the switch, in other words, as if the module were actually present in the switch.
PAGE 243
Port Status and Configuration Uni-Directional Link Detection (UDLD) Uni-Directional Link Detection (UDLD) Uni-directional Link Detection (UDLD) monitors a link between two ProCurve switches and blocks the ports on both ends of the link if the link fails at any point between the two devices. This feature is particularly useful for detecting failures in fiber links and trunks. Figure 10-20 shows an example. Scenario 1 (No UDLD): Without UDLD, the switch ports remain enabled despite the link failure.
PAGE 244
Port Status and Configuration Uni-Directional Link Detection (UDLD) connected ports. UDLD-enabled ports; however, will prevent traffic from being sent across a bad link by blocking the ports in the event that either the individual transmitter or receiver for that connection fails. Ports enabled for UDLD exchange health-check packets once every five seconds (the link-keepalive interval).
PAGE 245
Port Status and Configuration Uni-Directional Link Detection (UDLD) The following commands allow you to configure UDLD via the CLI. Syntax: [no] interface link-keepalive Enables UDLD on a port or range of ports. To disable the feature, enter the no form of the command. Default: UDLD disabled Syntax: link-keepalive interval Determines the time interval to send UDLD control packets. The parameter specifies how often the ports send a UDLD packet.
PAGE 246
Port Status and Configuration Uni-Directional Link Detection (UDLD) Note When at least one port is UDLD-enabled, the switch will forward out UDLD packets that arrive on non-UDLD-configured ports out of all other non-UDLD configured ports in the same vlan. That is, UDLD control packets will “pass through” a port that is not configured for UDLD. However, UDLD packets will be dropped on any blocked ports that are not configured for UDLD.
PAGE 247
Port Status and Configuration Uni-Directional Link Detection (UDLD) Notes ■ You must configure the same VLANs that will be used for UDLD on all devices across the network; otherwise, the UDLD link cannot be maintained. ■ If a VLAN ID is not specified, then UDLD control packets are sent out of the port as untagged packets. ■ To re-assign a VLAN ID, re-enter the command with the new VLAN ID number. The new command will overwrite the previous command setting.
PAGE 248
Port Status and Configuration Uni-Directional Link Detection (UDLD) To display summary information on all UDLD-enabled ports, enter the show link-keepalive command. For example: ProCurve(config)# show link-keepalive Total link-keepalive enabled ports: 4 Keepalive Retries: 3 Keepalive Interval: 1 sec Port 1 is UDLD-enabled, and tagged for a specific VLAN.
PAGE 249
Port Status and Configuration Uni-Directional Link Detection (UDLD) Ports 1 and 2 are UDLD-enabled and show the number of health check packets sent and received on each port.
PAGE 250
Port Status and Configuration Uni-Directional Link Detection (UDLD) Configuration Warnings and Event Log Messages Warning Messages. The following table shows the warning messages that may be issued and their possible causes, when UDLD is configured for tagged ports. Table 10-5. Warning Messages caused by configuring UDLD for Tagged Ports CLI Command Example Warning Message Possible Problem link-keepalive 6 Possible configuration problem detected on port 6.
PAGE 251
11 Power Over Ethernet (PoE+) Operation Contents Introduction to PoE+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3 Related Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3 PoE Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-4 PoE Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-5 Configuration Options . . . .
PAGE 252
Power Over Ethernet (PoE+) Operation Contents Applying Security Features to PoE Configurations . . . . . . . . . . . . . 11-26 Assigning Priority Policies to PoE Traffic . . . . . . . . . . . . . . . . . . . . . 11-27 PoE Event Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-28 “Informational” PoE Event-Log Messages . . . . . . . . . . . . . . . . . 11-28 “Warning” PoE Event-Log Messages . . . . . . . . . . . . . . . . . . . . . .
PAGE 253
Power Over Ethernet (PoE+) Operation Introduction to PoE+ Introduction to PoE+ PoE technology allows IP telephones, wireless LAN access points, and other appliances to receive power and transfer data over ethernet LAN cabling. Using an available power supply of 382 watts, PoE can deliver up to 15.4 watts of power to 24 PoE ports over category 3 cabling. PoE+ can deliver up to 30 watts of power to 12 PoE+ ports over category 5 cabling.
PAGE 254
Power Over Ethernet (PoE+) Operation Introduction to PoE+ PoE Terminology 11-4 Term Use in this Manual active PoE port A PoE port connected to a PD requesting power. DTE Data Terminal Equipment MPS Maintenance Power Signature; the signal a PD sends to the switch to indicate that the PD is connected and requires power. Oversubscribed The state where there are more PDs requesting PoE power than can be accommodated. PD Powered Device. This is an IEEE 802.
PAGE 255
Power Over Ethernet (PoE+) Operation PoE Operation PoE Operation Note You can connect either a PoE device (PD) or a non-PoE device to a port configured for PoE operation. Using the commands described in this chapter, you can: ■ Configure a non-default power threshold for SNMP and Event Log reporting of PoE consumption on all PoE ports on the switch. ■ Specify the port priority you want to use for provisioning PoE power in the event that the PoE resources become oversubscribed.
PAGE 256
Power Over Ethernet (PoE+) Operation PoE Operation Note ■ Configure per-port priority for allocating power in case power is oversubscribed. Power for some lower-priority ports is dropped to support the demand on other, higher-priority ports. ■ Configure a global power threshold. This setting acts as a trigger for sending a notice when the PoE power consumption crosses the configured global threshold level.
PAGE 257
Power Over Ethernet (PoE+) Operation Configuring PoE Operation Power Priority Operation If a PSE can provide power for all connected PD demand, it does not use its power priority settings to allocate power. However, if the PD power demand oversubscribes the available power, then the power allocation is prioritized to the ports that present a PD power demand. This causes the loss of power from one or more lower-priority ports to meet the power demand on other, higher-priority ports.
PAGE 258
Power Over Ethernet (PoE+) Operation Configuring PoE Operation Disabling or Re-Enabling PoE Port Operation Syntax: [no] interface power-over-ethernet Re-enables PoE operation on and restores the priority setting in effect when PoE was disabled on . The no form of the command disables PoE operation on . (Default: All PoE are initially enabled for PoE operation at Low priority. If you configure a higher priority, this priority is retained until you change it.
PAGE 259
Power Over Ethernet (PoE+) Operation Configuring PoE Operation Table 11-2 shows some examples of PoE priority configuration. Table 11-2. Example of PoE Priority Operation Port Priority Setting 3 - 17 Critical Configuration Command1 and Resulting Operation with PDs connected to Ports 3 Through 24 In this example, the following CLI command sets ports 3-17 to Critical: ProCurve(config)# interface 3-17 power-over-ethernet critical The Critical priority class always receives power.
PAGE 260
Power Over Ethernet (PoE+) Operation Configuring PoE Operation Enabling Support for Pre-Standard Devices The ProCurve switches covered in this guide are automatically backward compatible with 802.3af devices, and can also support some pre-802.3af devices. For a list of the devices supported, refer to the FAQs for your switch model. Syntax: [no] power-over-ethernet pre-std-detect Detects and powers pre-802.3af standard devices. Note: This is enabled by default.
PAGE 261
Power Over Ethernet (PoE+) Operation Configuring PoE Operation Table 11-3. Power Classes and Their Values Power Class Value 0 Depends on cable type and PoE architecture. Requires a minimum of 30W. This is the default class; if there isn’t enough information about the load for a specific classification, the PSE classifies the load as class 0 (zero). 1 Requires at least 4 watts at the PSE. 2 Requires at least 7 watts at the PSE. 3 15.4 watts 4 reserved: can be power value beyond the class 3 limit.
PAGE 262
Power Over Ethernet (PoE+) Operation Configuring PoE Operation ProCurve(config)# show power-over-ethernet 6 Status and Counters - Port Power Status for port 6 Power Enable : Yes Priority : low AllocateBy : value Detection Status : Delivering LLDP Detect Configured Type Value Power Class : enabled : : 15 : 0 Over Current Cnt Power Denied Cnt : 0 : 0 MPS Absent Cnt Short Cnt : 0 : 0 Voltage Power : 55.1 V : 19.1 W Current : 348 mA Figure 11-1.
PAGE 263
Power Over Ethernet (PoE+) Operation Configuring PoE Operation Changing the Threshold for Generating a Power Notice You can generate a power usage notice at a specified threshold by entering this command. Syntax: power-over-ethernet threshold < 1 - 99 > This command specifies the PoE usage level (as a percentage of the PoE power available) at which the switch generates a power usage notice.
PAGE 264
Power Over Ethernet (PoE+) Operation PoE with LLDP PoE with LLDP Overview The data link layer classification (DLC) for PoE provides more exact control over the power requirement between a PSE and PD. The DLC works in conjunction with the physical layer classification (PLC) and is mandatory for any Type-2 PD that requires more than 12.95 watts of input power. Note DLC is defined as part of the IEEE 802.3at standard.
PAGE 265
Power Over Ethernet (PoE+) Operation PoE with LLDP For example, you can enter this command to enable LLDP detection: ProCurve(config)# int 7 PoE-lldp-detect enabled or in interface context: ProCurve(eth-7)# PoE-lldp-detect enabled Note Detecting PoE information via LLDP only affects power delivery; it does not affect normal Ethernet connectivity.
PAGE 266
Power Over Ethernet (PoE+) Operation PoE with LLDP Displaying PoE When Using LLDP Information Displaying LLDP Port Configuration To display information about LLDP port configuration, use the show lldp config command. Syntax: show lldp config Displays the LLDP port configuration information, including the TLVs advertised.
PAGE 267
Power Over Ethernet (PoE+) Operation PoE with LLDP Syntax: show lldp info local-device Displays detailed information about local PoE devices.
PAGE 268
Power Over Ethernet (PoE+) Operation PoE with LLDP ProCurve(config)# show lldp info remote-device 3 LLDP Remote Device Information Detail Local Port ChassisType ChassisId PortType PortId SysName System Descr PortDescr : : : : : : : : 3 mac-address 00 16 35 ff 2d 40 local 23 ProCurve Switch ProCurve J9146A Switch 2910al-24G-PoE, revision W.14.XX 23 System Capabilities Supported System Capabilities Enabled : bridge, router : bridge Remote Management Address Type : ipv4 Address : 10.0.10.
PAGE 269
Power Over Ethernet (PoE+) Operation PoE with LLDP Possible values for the PoE information are shown in table 11-4. Table 11-4.
PAGE 270
Power Over Ethernet (PoE+) Operation Displaying the Global PoE Status Displaying the Global PoE Status Syntax: show power-over-ethernet [brief | [ethernet] | all>]] Displays the switch’s global PoE power status. brief: Displays PoE information for each port. See “Displaying PoE Status on All Ports” on page 11-21. : Displays PoE information for the ports in . See “Displaying the PoE Status on Specific Ports” on page 11-23.
PAGE 271
Power Over Ethernet (PoE+) Operation Displaying the Global PoE Status Displaying PoE Status on All Ports Syntax: show power-over-ethernet brief Displays the following port power status: • Port: Lists all PoE-capable ports on the switch. • Power Enable: Shows Yes for ports enabled to support PoE (the default) and No for ports on which PoE is disabled. • LLDP Detect: Displays if the port is enabled or disabled for allocating PoE power based on the link-partner’s capabilities via LLDP (enabled, disabled).
PAGE 272
Power Over Ethernet (PoE+) Operation Displaying the Global PoE Status For example, show power-over-ethernet brief displays this output: ProCurve(config)# show power-over-ethernet brief Status and Counters - Port Power Status PoE Port ----1 2 3 4 5 6 7 8 | | + | | | | | | | | Power Enable ------Yes Yes Yes Yes Yes Yes Yes Yes LLDP Detect -------enabled disabled disabled disabled disabled disabled disabled disabled Power Priority --------low low low low low low low low Alloc By ----usage usage usage usa
PAGE 273
Power Over Ethernet (PoE+) Operation Displaying the Global PoE Status Displaying the PoE Status on Specific Ports Syntax: show power-over-ethernet Displays the following PoE status and statistics (since the last reboot) for each port in : • Power Enable: Shows Yes for ports enabled to support PoE (the default) and No for ports on which PoE is disabled. Note that for ports on which power is disabled, this is the only field displayed by show power-over-ethernet < port-list >.
PAGE 274
Power Over Ethernet (PoE+) Operation Displaying the Global PoE Status Syntax: show power-over-ethernet (Continued) • Power Denied Cnt: Shows the number of times PDs requesting • • • • • • power on the port have been denied due to insufficient power available. Each occurrence generates an Event Log message. Voltage: The total voltage, in dV, being delivered to PDs. Power: The total power, in mW, being delivered to PDs.
PAGE 275
Power Over Ethernet (PoE+) Operation Displaying the Global PoE Status For example, if you wanted to view the PoE status of ports 6 and 7, you would use show power-over-ethernet 6-7 to display the data: ProCurve(config)# show power-over-ethernet 6-7 Status and Counters - Port Power Status for port 6 Power Enable : Yes Priority : low AllocateBy : value Detection Status : Delivering LLDP Detect Configured Type Value Power Class : enabled : : 17 W : 0 Over Current Cnt Power Denied Cnt : 0 : 0 MPS Absent
PAGE 276
Power Over Ethernet (PoE+) Operation Planning and Implementing a PoE Configuration Planning and Implementing a PoE Configuration This section provides an overview of some considerations for planning a PoE application. For additional information on this topic, refer to the ProCurve PoE Planning and Implementation Guide which is available on the ProCurve Networking web site at www.procurve.com. (Click on Customer Care, then Manuals).
PAGE 277
Power Over Ethernet (PoE+) Operation Planning and Implementing a PoE Configuration ■ MAC Address Security: Using Port Security, you can configure each switch port with a unique list of MAC addresses for devices that are authorized to access the network through that port. For more infor mation, refer to the chapter titled "Configuring and Monitoring Port Security" in the Access Security Guide for your switch.
PAGE 278
Power Over Ethernet (PoE+) Operation Planning and Implementing a PoE Configuration PoE Event Log Messages PoE operation generates these Event Log messages. You can also configure the switch to send these messages to a configured debug destination (terminal device or SyslogD server). “Informational” PoE Event-Log Messages Message Meaning I < MM/DD/YY > < HH:MM:SS > Message header, with severity, date, system time.
PAGE 279
Power Over Ethernet (PoE+) Operation Planning and Implementing a PoE Configuration Message Meaning Port PD Over Current indication The PD connected to < port-id > has requested more than 15.4 watts of power. This may indicate a short-circuit or other problem in the PD. 50v Power Supply is faulted. Failures:x Internal power supply has faulted. 50v Power Supply is OK. Failures:x Internal power supply is now OK.
PAGE 280
Power Over Ethernet (PoE+) Operation Planning and Implementing a PoE Configuration 11-30
PAGE 281
12 Port Trunking Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2 Port Trunk Features and Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4 Trunk Configuration Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4 Menu: Viewing and Configuring a Static Trunk Group . . . . . . . . . . 12-9 CLI: Viewing and Configuring Port Trunk Groups . . . . . . . . . . . . .
PAGE 282
Port Trunking Overview Overview This chapter describes creating and modifying port trunk groups. This includes non-protocol trunks and LACP (802.3ad) trunks.
PAGE 283
Port Trunking Overview Port Connections and Configuration: All port trunk links must be pointto-point connections between a switch and another switch, router, server, or workstation configured for port trunking. No intervening, non-trunking devices are allowed. It is important to note that ports on both ends of a port trunk group must have the same mode (speed and duplex) and flow control settings. Note Link Connections.
PAGE 284
Port Trunking Port Trunk Features and Operation Port Trunk Features and Operation The switches covered in this guide offer these options for port trunking: ■ LACP: IEEE 802.3ad—page 12-18 ■ Trunk: Non-Protocol—page 12-26 Up to 24 trunk groups are supported on the switches covered in this guide. The actual maximum depends on the number of ports available on the switch and the number of links in each trunk.
PAGE 285
Port Trunking Trunk Configuration Methods ProCurve(config) int c1-c4 lacp active Note that the preceding example works if the ports are not already operating in a trunk. To change the LACP option on ports already operating as a trunk, you must first remove them from the trunk. For example, if ports C1 - C4 were LACP-active and operating in a trunk with another device, you would do the following to change them to LACP-passive: ProCurve(config)# no int c1-c4 lacp Removes the ports from the trunk.
PAGE 286
Port Trunking Trunk Configuration Methods Table 12-2. Trunk Configuration Protocols Protocol Trunking Options LACP (802.3ad) Provides dynamic and static LACP trunking options. • Dynamic LACP — Use the switch-negotiated dynamic LACP trunk when: – The port on the other end of the trunk link is configured for Active or Passive LACP. – You want fault-tolerance for high-availability applications.
PAGE 287
Port Trunking Trunk Configuration Methods Table 12-3. General Operating Rules for Port Trunks Media: For proper trunk operation, all ports on both ends of a trunk group must have the same media type and mode (speed and duplex). (For the switches covered in this guide, ProCurve recommends leaving the port Mode setting at Auto or, in networks using Cat 3 cabling, Auto-10.
PAGE 288
Port Trunking Trunk Configuration Methods Spanning Tree: 802.1D (STP) and 802.1w (RSTP) Spanning Tree operate as a global setting on the switch (with one instance of Spanning Tree per switch). 802.1s (MSTP) Spanning Tree operates on a per-instance basis (with multiple instances allowed per switch). For each SpanningTree instance, you can adjust Spanning Tree parameters on a per-port basis.
PAGE 289
Port Trunking Menu: Viewing and Configuring a Static Trunk Group Menu: Viewing and Configuring a Static Trunk Group Important Configure port trunking before you connect the trunked links to another switch, routing switch, or server. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured. Refer to “Enabling or Disabling Ports and Configuring Port Mode” on page 10-13.
PAGE 290
Port Trunking Menu: Viewing and Configuring a Static Trunk Group • For proper trunk operation, all ports in a trunk must have the same media type and mode (such as 10/100TX set to 100FDx, or 100FX set to 100FDx). The flow control settings must also be the same for all ports in a given trunk. To verify these settings, refer to “Viewing Port Status and Configuring Port Parameters” on page 10-3. • You can configure the trunk group with up to eight ports per trunk.
PAGE 291
Port Trunking CLI: Viewing and Configuring Port Trunk Groups 8. Connect the trunked ports on the switch to the corresponding ports on the opposite device. If you previously disabled any of the trunked ports on the switch, enable them now. (Refer to “Viewing Port Status and Configuring Port Parameters” on page 10-3.) Check the Event Log (“Using the Event Log for Troubleshooting Switch Problems” on page C-26) to verify that the trunked ports are operating prop erly.
PAGE 292
Port Trunking CLI: Viewing and Configuring Port Trunk Groups Using a port list specifies, for switch ports in a static trunk group, only the ports you want to view. In this case, the command specifies ports A5 through A7. However, because port A6 is not in a static trunk group, it does not appear in the resulting listing: Port A5 appears with an example of a name that you can optionally assign using the Friendly Port Names feature. (Refer to “Using Friendly (Optional) Port Names” on page 10-22.
PAGE 293
Port Trunking CLI: Viewing and Configuring Port Trunk Groups Listing Static LACP and Dynamic LACP Trunk Data. Syntax: show lacp Lists data for only the LACP-configured ports.. In the following example, ports A1 and A2 have been previously configured for a static LACP trunk. (For more on the “Active” parameter, see table 12-5 on page 12-21.) Figure 12-8. Example of a Show LACP Listing (For a description of each of the above-listed data types, refer to table 12-5, “LACP Port Status Data” on page 12-21.
PAGE 294
Port Trunking CLI: Viewing and Configuring Port Trunk Groups “Up” Links Standby Link Figure 12-9. Example of a Dynamic LACP Trunk with One Standby Link Using the CLI To Configure a Static or Dynamic Trunk Group Important Configure port trunking before you connect the trunked links between switches. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured.
PAGE 295
Port Trunking CLI: Viewing and Configuring Port Trunk Groups Configuring a Static Trunk or Static LACP Trunk Group. Syntax: trunk < port-list > < trk1 ... trk24 > < trunk | lacp > Configures the specified static trunk type. This example uses ports C4 - C6 to create a non-protocol static trunk group with the group name of Trk2. ProCurve(config)# trunk c4-c6 trk2 trunk Removing Ports from a Static Trunk Group. This command removes one or more ports from an existing Trkx trunk group.
PAGE 296
Port Trunking CLI: Viewing and Configuring Port Trunk Groups Switch “A” with ports set to LACP passive. Switch “B” with ports set to LACP passive. Dynamic LACP trunk cannot automatically form because both ends of the links are LACP passive. (In this case spanning-tree blocking is needed to prevent a loop. Switch “A” with ports set to LACP active. Switch “B” with ports set to LACP passive. Dynamic LACP trunk automatically forms because both ends of the links are LACP and at least one end is LACP active.
PAGE 297
Port Trunking Web: Viewing Existing Port Trunk Groups Caution Unless spanning tree is running on your network, removing a port from a trunk can result in a loop. To help prevent a broadcast storm when you remove a port from a trunk where spanning tree is not in use, ProCurve recommends that you first disable the port or disconnect the link on that port. Syntax: no interface < port-list > lacp Removes < port-list > from any dynamic LACP trunk and returns the ports in < port-list > to passive LACP.
PAGE 298
Port Trunking Trunk Group Operation Using LACP Trunk Group Operation Using LACP The switch can automatically configure a dynamic LACP trunk group or you can manually configure a static LACP trunk group. Note LACP requires full-duplex (FDx) links of the same media type (10/100Base-T, 100FX, etc.) and the same speed, and enforces speed and duplex conformance across a trunk group. For most installations, ProCurve recommends that you leave the port Mode settings at Auto (the default).
PAGE 299
Port Trunking Trunk Group Operation Using LACP Table 12-4. LACP Trunk Types LACP Port Trunk Operation Configuration Dynamic LACP This option automatically establishes an 802.3ad-compliant trunk group, with LACP for the port Type parameter and DynX for the port Group name, where X is an automatically assigned value from 1 to 24, depending on how many dynamic and static trunks are currently on the switch. (The switch allows a maximum of 24 trunk groups in any combination of static and dynamic trunks.
PAGE 300
Port Trunking Trunk Group Operation Using LACP LACP Port Trunk Operation Configuration Static LACP 12-20 Provides a manually configured, static LACP trunk to accommodate these conditions: • The port on the other end of the trunk link is configured for a static LACP trunk. • You want to configure non-default spanning tree or IGMP parameters on an LACP trunk group. • You want an LACP trunk group to operate in a VLAN other than the default VLAN and GVRP is disabled.
PAGE 301
Port Trunking Trunk Group Operation Using LACP Default Port Operation In the default configuration, LACP is disabled for all ports. If LACP is not configured as Active on at least one end of a link, then the port does not try to detect a trunk configuration and operates as a standard, untrunked port. Table 12-5 lists the elements of per-port LACP operation. To display this data for a switch, execute the following command in the CLI: ProCurve> show lacp Table 12-5.
PAGE 302
Port Trunking Trunk Group Operation Using LACP Status Name Meaning LACP Status Success: LACP is enabled on the port, detects and synchronizes with a device on the other end of the link, and can move traffic across the link. Failure: LACP is enabled on a port and detects a device on the other end of the link, but is not able to synchronize with this device, and therefore not able to send LACP packets across the link.
PAGE 303
Port Trunking Trunk Group Operation Using LACP The switch will not allow you to configure LACP on a port on which port security is enabled. For example: ProCurve(config)# int a17 lacp passive Error configuring port A17: LACP and port security cannot be run together. ProCurve(config)# To restore LACP to the port, you must remove port security and re-enable LACP active or passive. Changing Trunking Methods. To convert a trunk from static to dynamic, you must first eliminate the static trunk.
PAGE 304
Port Trunking Trunk Group Operation Using LACP Blocked Ports with Older Devices. Some older devices are limited to four ports in a trunk. When eight LACP-enabled ports are connected to one of these older devices, four ports connect, but the other four ports are blocked. The LACP status of the blocked ports is shown as “Failure”. If one of the other ports becomes disabled, a blocked port will replace it (Port Status becomes “Up”).
PAGE 305
Port Trunking Trunk Group Operation Using LACP ■ If there are ports that you do not want on the default VLAN, ensure that they cannot become dynamic LACP trunk members. Otherwise a traffic loop can unexpectedly occur.
PAGE 306
Port Trunking Trunk Group Operation Using the “Trunk” Option Dynamic/Static LACP Interoperation: A port configured for dynamic LACP can properly interoperate with a port configured for static (TrkX) LACP, but any ports configured as standby LACP links will be ignored. Trunk Group Operation Using the “Trunk” Option This method creates a trunk group that operates independently of specific trunking protocols and does not use a protocol exchange with the device on the other end of the trunk.
PAGE 307
Port Trunking How the Switch Lists Trunk Data How the Switch Lists Trunk Data Static Trunk Group: Appears in the menu interface and the output from the CLI show trunk and show interfaces commands. Dynamic LACP Trunk Group: Appears in the output from the CLI show lacp command.
PAGE 308
Port Trunking Outbound Traffic Distribution Across Trunked Links The load-balancing is done on a per communication basis. Otherwise, traffic is transmitted across the same path as shown in figure 12-13. That is, if Client A attached to Switch 1 sends five packets of data to Server A attached to Switch 2, the same link is used to send all five packets. The SA/DA address pair for the traffic is the same.
PAGE 309
Port Trunking Outbound Traffic Distribution Across Trunked Links Table 12-6.
PAGE 310
Port Trunking Outbound Traffic Distribution Across Trunked Links 12-30
PAGE 311
13 Port Traffic Controls Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2 Rate-Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-3 All Traffic Rate-Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-3 Configuring Rate-Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 312
Port Traffic Controls Overview Overview Feature Rate-Limiting Jumbo Packets Default Menu CLI Web None n/a 13-3 n/a Disabled n/a 13-8 n/a This chapter includes: 13-2 ■ Rate-Limiting: Enables a port to limit the amount of bandwidth a user or device may utilize for traffic on the switch. ■ Jumbo Frames: Enables ports operating at 1 Gbps or 10 Gbps speeds to accept inbound frames of up to 9220 bytes when configured for jumbo traffic.
PAGE 313
Port Traffic Controls Rate-Limiting Rate-Limiting Feature rate-limit all show rate-limit all Default Menu CLI Web none n/a page 13-3 n/a n/a n/a page 13-5 n/a All Traffic Rate-Limiting Rate-limiting for all traffic operates on a per-port basis to allow only the specified bandwidth to be used for inbound or outbound traffic. When traffic exceeds the configured limit, it is dropped.
PAGE 314
Port Traffic Controls Rate-Limiting Syntax: [no] int rate-limit all in | kbps < 0-10000000>> Configures a traffic rate limit (on non-trunked ports) on the link. The "no" form of the command disables rate-limiting on the specified ports. (Default: Disabled.) Options include: • in — Specifies a traffic rate limit on inbound traffic passing through that port, or on outbound traffic.
PAGE 315
Port Traffic Controls Rate-Limiting Displaying the Current Rate-Limit Configuration The show rate-limit all command displays the per-port rate-limit configuration. Syntax: show rate-limit all [ port-list ] Without [ port-list ], this command lists the rate-limit configuration for all ports on the switch. With [ port-list ], this command lists the rate-limit configuration for the specified port(s). This command operates the same way in any CLI context.
PAGE 316
Port Traffic Controls Rate-Limiting 13-6 ■ Rate-limiting is visible as an outbound forwarding rate: Because inbound rate-limiting is performed on packets during packet-processing, it is not shown via the inbound drop counters. Instead, this limit is verifiable as the ratio of outbound traffic from an inbound rate-limited port versus the inbound rate.
PAGE 317
Port Traffic Controls Rate-Limiting Note on Testing Rate-Limiting Rate-limiting is applied to the available bandwidth on a port, and not to any specific applications running through the port. If the total bandwidth requested by all applications is less than the configured maximum rate, then no rate-limit can be applied. This situation occurs with a number of popular throughput-testing applications, as well as most regular network applications.
PAGE 318
Port Traffic Controls Jumbo Frames Jumbo Frames Feature display VLAN jumbo status configure jumbo VLANs Default Menu CLI Web n/a — 13-11 — Disabled — 13-13 — The Maximum Transmission Unit (MTU) is the maximum size IP frame the switch can receive for Layer 2 frames inbound on a port. The switch drops any inbound frames larger than the MTU allowed on the port. On ports operating at 10 Mbps or 100 Mbps, the MTU is fixed at 1522 bytes.
PAGE 319
Port Traffic Controls Jumbo Frames Operating Rules ■ Required Port Speed: This feature allows inbound and outbound jumbo frames on ports operating at speeds of 1 gigabit or higher. At lower port speeds, only standard (1522-byte or smaller) frames are allowed, regard less of the jumbo configuration. ■ Switch Meshing: If you enable jumbo traffic on a VLAN, then all meshed ports on the switch will be enabled to support jumbo traffic.
PAGE 320
Port Traffic Controls Jumbo Frames Configuring Jumbo Frame Operation Command Page show vlans 13-11 show vlans ports < port-list > 13-12 show vlans < vid > 13-13 jumbo 13-13 jumbo max-frame-size 13-13 Overview 13-10 1. Determine the VLAN membership of the ports or trunks through which you want the switch to accept inbound jumbo traffic. For operation with GVRP enabled, refer to the GVRP topic under “Operating Rules”, above. 2.
PAGE 321
Port Traffic Controls Jumbo Frames Viewing the Current Jumbo Configuration Syntax: show vlans Lists the static VLANs configured on the switch and includes a Jumbo column to indicate which VLANs are configured to support inbound jumbo traffic. All ports belonging to a jumbo-enabled VLAN can receive jumbo traffic. (For more information refer to “Configuring a Maximum Frame Size” on page 13-13.) See Figure 13-2, below. Indicates which static VLANs are configured to enable jumbo frames. Figure 13-2.
PAGE 322
Port Traffic Controls Jumbo Frames Indicates which static VLANs are configured to enable jumbo frames. Figure 13-3. Example of Listing the VLAN Memberships for a Range of Ports Syntax: show vlans < vid > This command shows port membership and jumbo configuration for the specified < vid >. Lists the ports belonging to VLAN 100 and whether the VLAN is enabled for jumbo frame traffic. Figure 13-4.
PAGE 323
Port Traffic Controls Jumbo Frames Enabling or Disabling Jumbo Traffic on a VLAN Syntax: vlan < vid > jumbo [ no ] vlan < vid > jumbo Configures the specified VLAN to allow jumbo frames on all ports on the switch that belong to that VLAN. If the VLAN is not already configured on the switch, vlan < vid > jumbo also creates the VLAN.
PAGE 324
Port Traffic Controls Jumbo Frames Configuring IP MTU Note The following feature is available on the switches covered in this guide. Jumbos support is required. On switches that do not support this command, the IP MTU value is derived from the maximum frame size and is not config urable. You can set the IP MTU globally by entering this command. The value of maxframe-size must be greater than or equal to 18 bytes more than the value selected for ip-mtu.
PAGE 325
Port Traffic Controls Jumbo Frames Displaying the Maximum Frame Size Use the show jumbos command to display the globally configured untagged maximum frame size for the switch. ProCurve(config)# show jumbos Jumbos Global Values Configured : In Use : MaxFrameSize : 9216 MaxFrameSize : 9216 Ip-MTU : 9198 Ip-MTU : 9198 Figure 13-5. Displaying the Maximum Frame Size and IP MTU Values Operating Notes for Maximum Frame Size ■ When you set a maximum frame size for Jumbo frames, it must be on a global level.
PAGE 326
Port Traffic Controls Jumbo Frames ■ When the switch applies the default MTU (1522-bytes) to a VLAN, all ports in the VLAN can receive incoming frames of up to 1522 bytes in length. When the switch applies the jumbo MTU (9220 bytes) to a VLAN, all ports in that VLAN can receive incoming frames of up to 9220 bytes in length.
PAGE 327
Port Traffic Controls Jumbo Frames can occur in situations where a non-jumbo VLAN includes some ports that do not belong to another, jumbo-enabled VLAN and some ports that do belong to another, jumbo-enabled VLAN. In this case, ports capable of receiving jumbo frames can forward them to the ports in the VLAN that do not have jumbo capability. 1 2 3 4 5 6 Jumbo-Enabled VLAN Non-Jumbo VLAN VLAN 10 VLAN 20 Port 3 belongs to both VLAN 10 and VLAN 20.
PAGE 328
Port Traffic Controls Jumbo Frames Troubleshooting A VLAN is configured to allow jumbo frames, but one or more ports drops all inbound jumbo frames. The port may not be operating at 1 giga bit or higher. Regardless of a port’s configuration, if it is actually operating at a speed lower than 1 gigabit, it drops inbound jumbo frames.
PAGE 329
14 Configuring for Network Management Applications Contents Using SNMP Tools To Manage the Switch . . . . . . . . . . . . . . . . . . . . . . 14-3 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-3 SNMP Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-4 Configuring for SNMP version 1 and 2c Access to the Switch . . . . . 14-4 Configuring for SNMP Version 3 Access to the Switch . . . . . . . . . . .
PAGE 330
Configuring for Network Management Applications Contents Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-33 Configuring sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-34 Viewing sFlow Configuration and Status . . . . . . . . . . . . . . . . . . 14-34 LLDP (Link-Layer Discovery Protocol) . . . . . . . . . . . . . . . . . . . . . . . 14-37 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 331
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Using SNMP Tools To Manage the Switch Overview You can manage the switch via SNMP from a network management station running an application such as ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+). For more on PCM and PCM+, visit the ProCurve Networking web site at: www.procurve.com Click on products index in the sidebar, then click on the appropriate link appearing under the Network Management heading.
PAGE 332
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Management Features SNMP management features on the switch include: ■ SNMP version 1, version 2c, or version 3 over IP ■ Security via configuration of SNMP communities (page 14-11) ■ Security via authentication and privacy for SNMP Version 3 access ■ Event reporting via SNMP • Version 1 traps • RMON: groups 1, 2, 3, and 9 ■ ProCurve Manager/Plus support ■ Flow sampling using sFlow ■ Standard MIBs, suc
PAGE 333
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch If you want to restrict access to one or more specific nodes, you can use the switch’s IP Authorized Manager feature. (Refer to the Access Security Guide for your switch.) Caution For ProCurve Manager (PCM) version 1.5 or earlier (or any TopTools version), deleting the “public” community disables some network management functions (such as traffic monitoring, SNMP trap generation, and threshold setting).
PAGE 334
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Version 3 Commands SNMP version 3 (SNMPv3) adds some new commands to the CLI for configuring SNMPv3 functions. To enable SMNPv3 operation on the switch, use the snmpv3 enable command. An initial user entry will be generated with MD5 authentication and DES privacy. You may (optionally) restrict access to only SNMPv3 agents by using the snmpv3 only command.
PAGE 335
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Enabling SNMPv3 The snmpv3 enable command allows the switch to: ■ Receive SNMPv3 messages. ■ Configure initial users. ■ Restrict non-version 3 messages to “read only” (optional). Figure 14-1 shows an example of how to use the snmpv3 enable command. Note: SNMP Ve r s i o n 3 Initial Users To create new users, most SNMPv3 management software requires an initial user record to clone.
PAGE 336
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Caution 1. Configure users in the User Table with the snmpv3 user command. To view the list of configured users, enter the show snmpv3 user command (see “Adding Users” on page 14-8). 2. Assign users to Security Groups based on their security model with the snmpv3 group command (see “Assigning Users to Groups” on page 14-10).
PAGE 337
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMPv3 User Commands Syntax: [no] snmpv3 user Adds or deletes a user entry for SNMPv3. Authorization and privacy are optional, but to use privacy, you must use authorization. When you delete a user, only the is required. [auth ] With authorization, you can set either MD5 or SHA authentication.
PAGE 338
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Assigning Users to Groups. Then you must set the group access level for the user by assigning the user to a group. This is done with the snmpv3 group command. For more details on the MIBs access for a given group refer to “Group Access Levels” on page 14-11.
PAGE 339
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Group Access Levels The switch supports eight predefined group access levels. There are four levels for use with version 3 users and four are used for access by version 2c or version 1 management applications.
PAGE 340
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: [no] snmpv3 community This command maps or removes a mapping of a community name to a group access level. To remove a mapping you, only need to specify the index_name parameter. index This is an index number or title for the mapping. The values of 1-5 are reserved and can not be mapped. name This is the community name that is being mapped to a group access level.
PAGE 341
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Community Features Feature Default show SNMP communities configure identity information Menu CLI n/a page 14-13 page 14-15 none — page 14-16 configure community names public MIB view for a community name manager (operator, manager) write access for default community name unrestricted page 14-13 “ “ “ page 14-16 “ “ “ “ Web — — Use SNMP communities to restrict access to the switch by SNMP management st
PAGE 342
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Note: This screen gives an overview of the SNMP communities that are currently configured. All fields in this screen are readonly. Add and Edit options are used to modify the SNMP options. See Figure 8-2. Figure 14-6. The SNMP Communities Screen (Default Values) 2. Press [A] (for Add) to display the following screen: If you are adding a community, the fields in this screen are blank.
PAGE 343
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch CLI: Viewing and Configuring SNMP Community Names Community Name Commands Page show snmp-server [] 14-15 [no] snmp-server 14-16 [community ] 14-16 [host ] [] 14-19 [enable traps 14-27 [enable traps link-change ] 14-28 Listing Community Names and Values.
PAGE 344
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring Community Names and Values. The snmp-server command enables you to add SNMP communities with either default or specific access attributes, and to delete specific communities. Syntax: [no] snmp-server community < community-name > Configures a new community name. If you do not also specify operator or manager, the switch automatically assigns the community to the operator MIB view.
PAGE 345
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Notifications The switches covered in this guide support: ■ SNMP version 1 or SNMP version 2c traps ■ SNMPv2c informs ■ SNMPv3 notification process, including traps This section describes how to configure a switch to send network security and link-change notifications to configured trap receivers.
PAGE 346
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch ■ ■ Advance Traffic Management Guide: • Loop protection • Spanning Tree (STP, RSTP, MSTP) Access Security Guide: • MAC lockdown • MAC lockout • Uni-Directional Link Detection (UDLD) General Steps for Configuring SNMP Notifications To configure SNMP notifications, follow these general steps: 1. Determine the versions of SNMP notifications that you want to use in your network.
PAGE 347
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMPv1 and SNMPv2c Traps The switches covered in this guide support the following functionality from earlier SNMP versions (SNMPv1 and SNMPv2c): ■ Trap receivers: A trap receiver is a management station to which the switch sends SNMP traps and (optionally) event log messages sent from the switch. From the CLI you can configure up to ten SNMP trap receivers to receive SNMP traps from the switch.
PAGE 348
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: snmp-server host Configures a destination network management station to receive SNMPv1/v2c traps, and (optionally) event log messages sent as traps from the switch, using the specified community name and destination IPv4 or IPv6 address. You can specify up to ten trap receivers (network management stations). The default community name is public.
PAGE 349
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch For example, to configure a trap receiver in a community named "red-team" with an IP address of 10.28.227.130 to receive only "critical" event log messages, you can enter the following command: ProCurve(config)# snmp-server host 10.28.227.
PAGE 350
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Note The retries and timeout values are not used to send trap requests. To verify the configuration of SNMPv2c informs, enter the show snmp-server command: ProCurve(config)# show snmp-server SNMP Communities Community Name MIB View Write Access ---------------- -------- ----------public Manager Unrestricted Trap Receivers Link-Change Traps Enabled on Ports [All] : All ...
PAGE 351
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring SNMPv3 Notifications The SNMPv3 notification process allows messages that are passed via SNMP between the switch and a network management station to be authenticated and encrypted. To configure SNMPv3 notifications, follow these steps: 1. Enable SNMPv3 operation on the switch by entering the snmpv3 enable command (see “SNMP Version 3 Commands” on page 14-6).
PAGE 352
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch 5. Configure the target address of the SNMPv3 management station to which SNMPv3 informs and traps are sent by entering the snmpv3 targetaddress command. Syntax: [no] snmpv3 targetaddress < ipv4-addr | ipv6-addr> < name > Configures the IPv4 or IPv6 address, name, and configuration filename of the SNMPv3 management station to which notification messages are sent.
PAGE 353
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: [no] snmpv3 targetaddress < ipv4-addr | ipv6-addr> < name > —Continued— [timeout < value >] (Optional) Time (in millisecond increments) allowed to receive a response from the target before notification packets are retransmitted. Range: 0-2147483647. Default: 1500 (15 seconds). [max-msg-size] (Optional) Maximum number of bytes supported in a notification message to the specified target. Default: 1472 6.
PAGE 354
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch An example of how to configure SNMPv3 notification is shown here: Params _name value in the snmpv3 targetaddress command matches the params _name value in the snmpv3 params command. The tag _name value in snmpv3 notify command matches the tag _name value in the snmpv3 targetaddress command. Configuring the security model ver3 requires you to configure message processing ver3 and a security service level. Figure 14-10.
PAGE 355
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch To enable or disable notification/traps for network security failures and other security events, enter the snmp-server enable traps command. Syntax: [no] snmp-server enable traps [snmp-auth | password-change-mgr | loginfailure-mgr | port-security | auth-server-fail | dhcp-snooping | arp-protect] Enables or disables sending one of the security notification types listed below to configured trap receivers.
PAGE 356
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch ProCurve(config)# show snmp-server traps Link-change trap setting Trap Receivers Link-Change Traps Enabled on Ports [All] : A1-A24 Traps Category -----------------------------SNMP Authentication Password change Login failures Port-Security Authorization Server Contact DHCP Snooping Dynamic ARP Protection Dynamic IP Lockdown Address ---------------------15.255.5.
PAGE 357
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring the Source IP Address for SNMP Notifications The switch uses an interface IP address as the source IP address in IP headers when sending SNMP notifications (traps and informs) or responses to SNMP requests. For multi-netted interfaces, the source IP address is the IP address of the outbound interface of the SNMP reply, which may differ from the destination IP address in the IP header of the received request.
PAGE 358
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch To configure the switch to use a specified source IP address in generated trap PDUs, enter the snmp-server trap-source command. Syntax: [no] snmp-server trap-source [ | loopback<0-7>] Specifies the source IP address to be used for a trap PDU. The no form of the command resets the switch to the default behavior (compliant with rfc-1517). Default: Use the interface IP address in generated trap PDUs.
PAGE 359
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch ProCurve_8212(config)# show snmp-server SNMP Communities Community Name MIB View Write Access ---------------- -------- ----------public Manager Unrestricted Trap Receivers Link-Change Traps Enabled on Ports [All] : All ... Excluded MIBs Snmp Response Pdu Source-IP Information Selection Policy : dstIpOfRequest Trap Pdu Source-IP Information Selection Policy : Configured IP Ip Address : 10.10.10.
PAGE 360
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch In the following example, the show snmp-server command output shows that the switch has been configured to send SNMP traps and notifications to management stations that belong to the “public”, “red-team”, and “blue-team” communities.
PAGE 361
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Advanced Management: RMON The switch supports RMON (Remote Monitoring) on all connected network segments. This allows for troubleshooting and optimizing your network. The following RMON groups are supported: ■ ■ ■ ■ Ethernet Statistics (except the numbers of packets of different frame sizes) Alarm History (of the supported Ethernet statistics) Event The RMON agent automatically runs in the switch.
PAGE 362
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring sFlow The following sFlow commands allow you to configure sFlow instances via the CLI. Syntax: [no] sflow destination [udp-port-num] Enables an sFlow receiver/destination. The receiver-instance number must be a 1, 2, or 3. By default, the udp destination port number is 6343. To disable an sFlow receiver/destination, enter no sflow .
PAGE 363
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch The show sflow agent command displays read-only switch agent information. The version information shows the sFlow version, MIB support and software versions; the agent address is typically the ip address of the first vlan config ured on the switch . ProCurve# show sflow agent Version Agent Address 1.3;HP;W.14.XX 10.0.10.228 Figure 14-14.
PAGE 364
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch The show sflow sampling-polling [port-list] command displays infor mation about sFlow sampling and polling on the switch. You can specify a list or range of ports for which to view sampling information. ProCurve# show sflow 2 sampling-polling A1-A4 Number denotes the sampling/polling instance to which the receiver is coupled.
PAGE 365
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP (Link-Layer Discovery Protocol) To standardize device discovery on all ProCurve switches, LLDP will be implemented while offering limited read-only support for CDP as documented in this manual. For the latest information on your switch model, consult the Release Notes (available on the ProCurve Networking web site).
PAGE 366
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP-MED (LLDP Media Endpoint Discovery): Provides an extension to LLDP and is designed to support VoIP deployments. Note LLDP-MED is an extension for LLDP, and the switch requires that LLDP be enabled as a prerequisite to LLDP-MED operation. An SNMP utility can progressively discover LLDP devices in a network by: 1.
PAGE 367
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP Neighbor: An LLDP device that is either directly connected to another LLDP device or connected to that device by another, non-LLDP Layer 2 device (such as a hub) Note that an 802.1D-compliant switch does not forward LLDP data packets even if it is not LLDP-aware. LLDPDU (LLDP Data Unit): LLDP data packet are transmitted on active links and include multiple TLVs containing global and per-port switch information.
PAGE 368
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) TLV (Type-Length-Value): A data unit that includes a data type field, a data unit length field (in bytes), and a field containing the actual data the unit is designed to carry (as an alphanumeric string, a bitmap, or a subgroup of information). Some TLVs include subelements that occur as separate data points in displays of information maintained by the switch for LLDP advertisements.
PAGE 369
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Configuration Options Enable or Disable LLDP on the Switch. In the default configuration, LLDP is globally enabled on the switch. To prevent transmission or receipt of LLDP traffic, you can disable LLDP operation (page 14-41) Enable or Disable LLDP-MED. In the default configuration for the switches covered in this guide, LLDP-MED is enabled by default. (Requires that LLDP is also enabled.
PAGE 370
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) SNMP Notification. You can enable the switch to send a notification to any configured SNMP trap receiver(s) when the switch detects a remote LLDP data change on an LLDP-enabled port (page 14-51). Per-Port (Outbound) Data Options. The following table lists the information the switch can include in the per-port, outbound LLDP packets it generates.
PAGE 371
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Data Type System capabilities enabled5, 6 Configuration Options Default Enable/Disable Enabled Description Identifies the primary switch functions that are enabled, such as routing. 1 The Packet Time-to-Live value is included in LLDP data packets. (Refer to “Changing the Time-to-Live for Transmitted Advertisements” on page 14-49.) 2Subelement of the Chassis ID TLV. 3Subelement of the Port ID TLV.
PAGE 372
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP and LLDP-MED Standards Compatibility The operation covered by this section is compatible with these standards: ■ IEEE P802.1AB ■ RFC 2922 (PTOPO, or Physical Topology MIB) ■ RFC 2737 (Entity MIB) ■ RFC 2863 (Interfaces MIB) ■ ANSI/TIA-1057/D6 (LLDP-MED; refer to “LLDP-MED (Media-EndpointDiscovery)” on page 14-56.
PAGE 373
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) advertisements. Attempting to use the CLI to configure LLDP with an IP address that is either not configured on a VLAN, or has been acquired by DHCP or Bootp results in the following error message. xxx.xxx.xxx.xxx: This IP address is not configured or is a DHCP address. Spanning-Tree Blocking. Spanning tree does not prevent LLDP packet transmission or receipt on STP-blocked links. 802.1X Blocking. Ports blocked by 802.
PAGE 374
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Viewing the Current Configuration Displaying the Global LLDP, Port Admin, and SNMP Notification Status. This command displays the switch’s general LLDP configuration status, including some per-port information affecting advertisement traffic and trap notifications. Syntax show lldp config Displays the LLDP global configuration, LLDP port status, and SNMP notification status.
PAGE 375
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying Port Configuration Details. This command displays the portspecific configuration, including. Syntax show lldp config < port-list > Displays the LLDP port-specific configuration for all ports in < port-list >, including which optional TLVs and any non-default IP address that are included in the port’s outbound advertisements.
PAGE 376
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Enabling or Disabling LLDP Operation on the Switch. Enabling LLDP operation (the default) causes the switch to: ■ Use active, LLDP-enabled ports to transmit LLDP packets describing itself to neighbor devices. ■ Add entries to its neighbors table based on data read from incoming LLDP advertisements. Syntax [ no ] lldp run Enables or disables LLDP operation on the switch.
PAGE 377
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Changing the Time-to-Live for Transmitted Advertisements. The Time-to-Live value (in seconds) for all LLDP advertisements transmitted from a switch is controlled by the switch that generates the advertisement, and determines how long an LLDP neighbor retains the advertised data before discarding it. The Time-to-Live value is the result of multiplying the refreshinterval by the holdtime-multiplier described below.
PAGE 378
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax setmib lldpTxDelay.0 -i < 1 - 8192 > Uses setmib to change the minimum time (delay-interval) any LLDP port will delay advertising successive LLDP advertisements due to a change in LLDP MIB content. (Default: 2; Range: 1 - 8192) Note: The LLDP refresh-interval (transmit interval) must be greater than or equal to (4 x delay-interval).
PAGE 379
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) delay interval delays the port’s ability to reinitialize and generate LLDP traffic following an LLDP disable/enable cycle. Syntax setmib lldpReinitDelay.0 -i < 1 - 10 > Uses setmib to change the minimum time (reinitialization delay interval) an LLDP port will wait before reinitializing after receiving an LLDP disable command followed closely by a txonly or tx_rx command.
PAGE 380
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Changing the Minimum Interval for Successive Data Change Notifications for the Same Neighbor. If LLDP trap notification is enabled on a port, a rapid succession of changes in LLDP information received in advertisements from one or more neighbors can generate a high number of traps. To reduce this effect, you can globally change the interval between successive notifications of neighbor data change.
PAGE 381
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Configuring Basic LLDP Per-Port Advertisement Content In the default LLDP configuration, outbound advertisements from each port on the switch include both mandatory and optional data. Mandatory Data. An active LLDP port on the switch always includes the mandatory data in its outbound advertisements.
PAGE 382
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) For example, if port 3 belongs to a subnetted VLAN that includes an IP address of 10.10.10.100 and you wanted port 3 to use this secondary address in LLDP advertisements, you would need to execute the following command: ProCurve(config)# lldp config 3 ipAddrEnable 10.10.10.100 Optional Data. You can configure an individual port or group of ports to exclude one or more of these data types from outbound LLDP advertisements.
PAGE 383
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) system_cap For outbound advertisements, this TLV includes a bitmask of supported system capabilities (device functions). Also includes information on whether the capabilities are enabled.
PAGE 384
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax: [ no ] lldp config < port-list > dot3TlvEnable macphy_config For outbound advertisements, this TLV includes the (local) switch port’s current speed and duplex settings, the range of speed and duplex settings the port supports, and the method required for reconfiguring the speed and duplex settings on the device (auto-negotiation during link initialization, or manual configuration).
PAGE 385
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ■ Power over Ethernet (PoE) status and troubleshooting support via SNMP ■ support for IP telephony network troubleshooting of call quality issues via SNMP This section describes how to configure and use LLDP-MED features in the switches to support VoIP network edge devices (Media Endpoint Devices) such as: ■ IP phones ■ voice/media gateways ■ media servers ■ IP communications controllers ■ other VoIP devices or
PAGE 386
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ■ able to use the following network policy elements configured on the client port • voice VLAN ID • 802.
PAGE 387
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ■ Class 3 (Communication Devices): These devices are typically IP phones or end-user devices that otherwise support IP media and offer all Class 1 and Class 2 features, plus location identification and emergency 911 capability, Layer 2 switch support, and device infor mation management. LLDP-MED Operational Support.
PAGE 388
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax: lldp top-change-notify < port-list > Topology change notification, when enabled on an LLDP port, causes the switch to send an SNMP trap if it detects LLDP MED endpoint connection or disconnection activity on the port, or an age-out of the LLDP-MED neighbor on the port.
PAGE 389
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP-MED Fast Start Control Syntax: lldp fast-start-count < 1 - 10 > An LLDP-MED device connecting to a switch port may use the data contained in the MED TLVs from the switch to configure itself. However, the lldp refresh-interval setting (default: 30 seconds) for transmitting advertisements can cause an unacceptable delay in MED device configuration.
PAGE 390
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note LLDP-MED operation requires the macphy_config TLV subelement—enabled by default—that is optional for IEEE 802.1AB LLDP operation. Refer to the dot3TlvEnable macphy_config command on page 14-56. Network Policy Advertisements. Network policy advertisements are intended for real-time voice and video applications, and include these TLV subelements: ■ Layer 2 (802.
PAGE 391
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Notes A codepoint must have an 802.1p priority before you can configure it for use in prioritizing packets by VLAN-ID. If a codepoint you want to use shows No Override in the Priority column of the DSCP policy table (display with show qos dscp map, then use qos-dscp map < codepoint > priority < 0 - 7 > to configure a priority before proceeding.
PAGE 392
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) network-policy This TLV enables the switch port to advertise its configured network policies (voice VLAN, Layer 2 QoS, Layer 3 QoS), and allows LLDP-MED endpoint devices to auto-configure the voice network policy advertised by the switch. This also enables the use of SNMP applications to troubleshoot statically configured endpoint network policy mismatches.
PAGE 393
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) PoE Advertisements. These advertisements inform an LLDP-MED endpoint of the power (PoE) configuration on switch ports. Similar advertisements from an LLDP-MED endpoint inform the switch of the endpoint’s power needs and provide information that can be used to identify power priority mismatches.
PAGE 394
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ■ ELIN (Emergency Location Identification Number): an emergency number typically assigned to MLTS (Multiline Telephone System Opera tors) in North America ■ coordinate-based location: attitude, longitude, and altitude informa tion (Requires configuration via an SNMP application.
PAGE 395
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) — Continued— Type/Value Pairs (CA-TYPE and CA-VALUE): This is a series of data pairs, each composed of a location data “type” specifier and the corresponding location data for that type. That is, the first value in a pair is expected to be the civic address “type” number (CA TYPE), and the second value in a pair is expected to be the corresponding civic address data (CA-VALUE).
PAGE 396
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note: A switch port allows one instance of any given CA TYPE. For example, if a type/value pair of 6 Atlantic (to specify “Atlantic” as a street name) is configured on port A5 and later another type/value pair of 6 Pacific is configured on the same port, then Pacific replaces Atlantic in the civic address location configured for port A5.
PAGE 397
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Table 14-4.
PAGE 398
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Figure 14-21 shows the commands for configuring and displaying the above data. Figure 14-21.
PAGE 399
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying Switch Information Available for Outbound Advertisements These commands display the current switch information that will be used to populate outbound LLDP advertisements. Syntax show lldp info local-device [ port-list ] Without the [ port-list ] option, this command displays the global switch information and the per-port information currently available for populating outbound LLDP advertisements.
PAGE 400
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) The Management Address field displays only the LLDP-configurable IP addresses on the switch. (Only manually-configured IP addresses are LLDP-configurable.) If the switch has only an IP address from a DHCP or Bootp server, then the Management Address field is empty (because there are no LLDP configurable IP addresses available). For more on this topic, refer to “Remote Management Address” on page 14-43. Figure 14-22.
PAGE 401
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) information on displaying the currently configured port speed and duplex on an LLDP-MED endpoint, refer to “Displaying the Current Port Speed and Duplex Configuration on a Switch Port” on page 14-72. Syntax: show interfaces brief < port-list > Includes port speed and duplex configuration in the Mode column of the resulting display. Displaying Advertisements Currently in the Neighbors MIB.
PAGE 402
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Figure 14-24. Example of a Global Listing of Discovered Devices Indicates the policy configured on the telephone. A configuration mismatch occurs if the supporting port is configured differently. Figure 14-25.
PAGE 403
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying LLDP Statistics LLDP statistics are available on both a global and a per-port levels. Rebooting the switch resets the LLDP statistics counters to zero. Disabling the transmit and/or receive capability on a port “freezes” the related port counters at their current values.
PAGE 404
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) — Continued — Per-Port LLDP Counters: NumFramesRecvd: Shows the total number of valid, inbound LLDP advertisements received from any neighbor(s) on < portlist >. Where multiple neighbors are connected to a port through a hub, this value is the total number of LLDP advertisements received from all sources. NumFramesSent: Shows the total number of LLDP advertisements sent from < port-list >.
PAGE 405
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Counters showing frames sent on a port but no frames received on that port indicates an active link with a device that either has LLDP disabled on the link or is not LLDPaware. Figure 14-26. Example of a Global LLDP Statistics Display Figure 14-27. Example of a Per-Port LLDP Statistics Display LLDP Operating Notes Neighbor Maximum.
PAGE 406
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP Packet Forwarding: An 802.1D-compliant switch does not forward LLDP packets, regardless of whether LLDP is globally enabled or disabled on the switch. One IP Address Advertisement Per-Port: LLDP advertises only one IP address per-port, even if multiple IP addresses are configured by lldp config < port-list > ipAddrEnable on a given port. 802.1Q VLAN Information. LLDP packets do not include 802.
PAGE 407
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ProCurve# walkmib ifDescr ifDescr.1 = A1 ifDescr.2 = A2 ifDescr.3 = A3 . . . ifDescr.23 = A23 ifDescr.24 = A24 ifDescr.27 = B1 ifDescr.28 = B2 ifDescr.29 = B3 . . . ifDescr.48 = B22 ifDescr.49 = B23 ifDescr.50 = B24 . . . Beginning and Ending of Port Number Listing for Slot A Beginning and Ending of Port Number Listing for Slot B Figure 14-28.
PAGE 408
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note ■ If the switch receives both LLDP and CDP advertisements on the same port from the same neighbor the switch stores this information as two separate entries if the advertisements have differences chassis ID and port ID information. ■ If the chassis and port ID information are the same, the switch stores this information as a single entry.
PAGE 409
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Protocol State Packet Generation Inbound Data Management Inbound Packet Forwarding CDP Enabled1 n/a Store inbound CDP data. CDP Disabled n/a No storage of CDP data from Floods inbound CDP packets neighbor devices. from connected devices to outbound ports. No forwarding of inbound CDP packets. LLDP Enabled1 Generates and Store inbound LLDP data. transmits LLDP packets out all ports on the switch.
PAGE 410
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note Command Page show cdp 14-82 show cdp neighbors [< port-list > detail] [detail < port-list >] 14-83 [no] cdp run 14-84 [no] cdp enable < port-list > 14-84 For details on how to use an SNMP utility to retrieve information from the switch’s CDP Neighbors table maintained in the switch’s MIB (Management Information Base), refer to the documentation provided with the particular SNMP utility.
PAGE 411
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Viewing the Switch’s Current CDP Neighbors Table. Devices are listed by the port on which they were detected. Syntax: show cdp neighbors Lists the neighboring CDP devices the switch detects, with a subset of the information collected from the device’s CDP packet. [ [e] port-numb [detail] ] Lists the CDP device connected to the specified port. (Allows only one port at a time.
PAGE 412
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Disabling CDP Operation. Disabling CDP operation clears the switch’s CDP Neighbors table and causes the switch to drop inbound CDP packets from other devices without entering the data in the CDP Neighbors table. Syntax: [no] cdp run Enables or disables CDP read-only operation on the switch.
PAGE 413
A File Transfers Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3 Downloading Switch Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3 General Software Download Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4 Using TFTP To Download Switch Software from a Server . . . . . . . . A-4 Menu: TFTP Download from a Server to Primary Flash . . . . . . .
PAGE 414
File Transfers Contents USB: Copying a Software Image to a USB Device . . . . . . . . . . . A-25 Transferring Switch Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . A-26 TFTP: Copying a Configuration File to a Remote Host . . . . . . . A-26 TFTP: Copying a Configuration File from a Remote Host . . . . A-27 TFTP: Copying a Customized Command File to a Switch . . . . A-27 Xmodem: Copying a Configuration File to a Serially Connected PC or UNIX Workstation . . . . . . . . . . . . . . . . . .
PAGE 415
File Transfers Overview Overview The switches covered in this guide support several methods for transferring files to and from a physically connected device, or via the network, including TFTP, Xmodem, and USB. This appendix explains how to download new switch software, upload or download switch configuration files and software images, and upload command files for configuring Access Control Lists (ACLs).
PAGE 416
File Transfers Downloading Switch Software General Software Download Rules Note ■ Switch software that you download via the menu interface always goes to primary flash. ■ After a software download, you must reboot the switch to implement the new software. Until a reboot occurs, the switch continues to run on the software it was using before the download commenced. Downloading new switch software does not change the current switch con figuration.
PAGE 417
File Transfers Downloading Switch Software Menu: TFTP Download from a Server to Primary Flash Note that the menu interface accesses only the primary flash. 1. In the console Main Menu, select Download OS to display the screen in figure A-1. (The term “OS”, or “operating system” refers to the switch software): Figure A-1. Example of a Download OS (Software) Screen (Default Values) 2. Press [E] (for Edit). 3. Ensure that the Method field is set to TFTP (the default). 4.
PAGE 418
File Transfers Downloading Switch Software A “progress” bar indicates the progress of the download. When the entire software file has been received, all activity on the switch halts and you will see Validating and writing system software to FLASH... 7. After the primary flash memory has been updated with the new software, you must reboot the switch to implement the newly downloaded software. Return to the Main Menu and press [6] (for Reboot Switch).
PAGE 419
File Transfers Downloading Switch Software To find more information on the cause of a download failure, examine the messages in the switch’s Event Log by executing the show log tftp command from the CLI. Also: ■ For more on the Event Log, see “Using the Event Log for Troubleshooting Switch Problems” on page C-26. ■ For descriptions of individual Event Log messages, refer to the latest version of the Event Log Message Reference Guide for your switch, available on the ProCurve website.
PAGE 420
File Transfers Downloading Switch Software For example, to download a switch software file named k0800.swi from a TFTP server with the IP address of 10.28.227.103 to primary flash: 1. Execute copy as shown below: Dynamic counter continually displays the number of bytes transferred. Figure A-4. 2. This message means that the image you want to upload will replace the image currently in primary flash.
PAGE 421
File Transfers Downloading Switch Software Using Secure Copy and SFTP For some situations you may want to use a secure method to issue commands or copy files to the switch. By opening a secure, encrypted SSH session you can then use a third-party software application to take advantage of Secure Copy (SCP) and Secure ftp (SFTP). SCP and SFTP provide a secure alternative to TFTP for transferring information that may be sensitive (like switch con figuration files) to and from the switch.
PAGE 422
File Transfers Downloading Switch Software Protocol major versions differ: 1 vs. 2 Connection closed Received disconnect from < ip-addr >: /usr/local/ libexec/sftp-server: command not supported Connection closed SCP (secure copy) is an implementation of the BSD rcp (Berkeley UNIX remote copy) command tunneled through an SSH connection. SCP is used to copy files to and from the switch when security is required. SCP works with both SSH v1 and SSH v2.
PAGE 423
File Transfers Downloading Switch Software Disable TFTP and Auto-TFTP for Enhanced Security Using the ip ssh filetransfer command to enable Secure FTP (SFTP) automat ically disables TFTP and auto-TFTP (if either or both are enabled). ProCurve(config)# ip ssh filetransfer Tftp and auto-tftp have been disabled. ProCurve(config)# sho run Enabling SFTP automatically disables TFTP and auto-tftp and displays this message. Running configuration: ; J9146A Configuration Editor; Created on release #W.14.
PAGE 424
File Transfers Downloading Switch Software Enables/Disables TFTP. Note: If SFTP is enabled, this field will be set to No. You cannot use this field to enable TFTP if SFTP is enabled. Attempting to do so produces an Inconsistent value message in the banner below the Actions line. Figure A-6. Using the Menu Interface To Disable TFTP ■ While SFTP is enabled, TFTP and auto-TFTP cannot be enabled from the CLI.
PAGE 425
File Transfers Downloading Switch Software Syntax: no tftp-enable This command disables all TFTP operation on the switch except for the auto-TFTP feature. To re-enable TFTP operation, use the tftp-enable command. When TFTP is disabled, the instances of tftp in the CLI copy command and the Menu interface “Download OS” screen become unavailable. Note: This command does not disable auto-TFTP operation.
PAGE 426
File Transfers Downloading Switch Software Authentication Switch memory allows up to ten public keys. This means the authentication and encryption keys you use for your third-party client SCP/SFTP software can differ from the keys you use for the SSH session, even though both SCP and SFTP use a secure SSH tunnel. Note SSH authentication is mutually exclusive with RADIUS servers. Some clients such as PSCP (PuTTY SCP) automatically compare switch host keys for you.
PAGE 427
File Transfers Downloading Switch Software ■ All files have read-write permission. Several SFTP commands, such as create or remove, are not allowed and return an error message.
PAGE 428
File Transfers Downloading Switch Software Troubleshooting SSH, SFTP, and SCP Operations You can verify secure file transfer operations by checking the switch’s event log, or by viewing the error messages sent by the switch that most SCP and SFTP clients will print out on their console. Note Messages that are sent by the switch to the client depend on the client software in use to display them on the user console. Broken SSH Connection.
PAGE 429
File Transfers Downloading Switch Software Received disconnect from 10.0.12.31: 2: Wait for previous session to complete lost connection Attempt to Start a Second Session. The switch supports only one SFTP session or one SCP session at a time. If a second session is initiated (for example, an SFTP session is running and then an SCP session is attempted), then the following error message may appear on the client console: Received disconnect from 10.0.12.
PAGE 430
File Transfers Downloading Switch Software 5. Press [Enter] and then execute the terminal emulator command(s) to begin Xmodem binary transfer. For example, using HyperTerminal: a. Click on Transfer, then Send File. b. Type the file path and name in the Filename field. c. In the Protocol field, select Xmodem. d. Click on the [Send] button. The download will then commence. It can take several minutes, depend ing on the baud rate set in the switch and in your terminal emulator. 6.
PAGE 431
File Transfers Downloading Switch Software 2. Execute the terminal emulator commands to begin the Xmodem transfer. For example, using HyperTerminal: a. Click on Transfer, then Send File. b. Type the file path and name in the Filename field. c. In the Protocol field, select Xmodem. d. Click on the [Send] button. The download can take several minutes, depending on the baud rate used in the transfer. 3.
PAGE 432
File Transfers Downloading Switch Software Operating rules and restrictions on USB usage are: Note ■ Unformatted USB flash drives must first be formatted on a PC (Windows FAT format). For devices with multiple partitions, only the first partition is supported. Devices with secure partitions are not supported. ■ If they already exist on the device, sub-directories are supported.
PAGE 433
File Transfers Downloading Switch Software For example, to copy a switch software file named k0800.swi from a USB device to primary flash: 1. Execute copy as shown below: This message means that the image you want to upload will replace the image currently in primary flash. Figure A-7. 2.
PAGE 434
File Transfers Downloading Switch Software Menu: Switch-to-Switch Download to Primary Flash Using the menu interface, you can download a switch software file from either the primary or secondary flash of one switch to the primary flash of another switch of the same series. 1. From the switch console Main Menu in the switch to receive the down load, select 7. Download OS screen. 2. Ensure that the Method parameter is set to TFTP (the default). 3.
PAGE 435
File Transfers Downloading Switch Software CLI: Switch-To-Switch Downloads Where two switches in your network belong to the same series, you can download a software image between them by initiating a copy tftp command from the destination switch. The options for this CLI feature include: ■ Copy from primary flash in the source to either primary or secondary in the destination. ■ Copy from either primary or secondary flash in the source to either primary or secondary flash in the destination.
PAGE 436
File Transfers Copying Software Images This command (executed in the destination switch) gives you the most options for downloading between switches. If you do not specify either a primary or secondary flash location for the destination, the download automatically goes to primary flash. For example, to download a software file from secondary flash in a switch with an IP address of 10.28.227.
PAGE 437
File Transfers Copying Software Images For example, to copy the primary flash to a TFTP server having an IP address of 10.28.227.105: ProCurve# copy flash tftp 10.28.227.105 k0800.swi where k0800.swi is the filename given to the flash image being copied. Xmodem: Copying a Software Image from the Switch to a Serially Connected PC or UNIX Workstation To use this method, the switch must be connected via the serial port to a PC or UNIX workstation.
PAGE 438
File Transfers Transferring Switch Configurations where k0800.swi is the name given to the primary flash image that is copied from the switch to the USB device. Transferring Switch Configurations Transfer Features Feature Page Use TFTP to copy from a remote host to a config file. A-27 Use TFTP to copy a config file to a remote host. A-28 Use Xmodem to copy a configuration from a serially connected host to a config file. A-28 Use Xmodem to copy a config file to a serially connected host.
PAGE 439
File Transfers Transferring Switch Configurations For example, to upload the current startup configuration to a file named sw8200 in the configs directory on drive “d” in a TFTP server having an IP address of 10.28.227.105: ProCurve# copy startup-config tftp 10.28.227.
PAGE 440
File Transfers Transferring Switch Configurations Figure A-10. Example of Using the copy tftp show-tech Command to Upload a Customized Command File Syntax: show tech custom Executes the commands found in a custom file instead of the hard-coded list. Note: Exit the global config mode (if needed) before executing show tech commands. You can include show tech commands in the custom file, with the exception of show tech custom. For example, you can include the command show tech all.
PAGE 441
File Transfers Transferring Switch Configurations 1. Determine the file name and directory location on the PC. 2. Execute the following command: 3. After you see the above prompt, press [Enter]. 4. Execute the terminal emulator commands to begin the file transfer.
PAGE 442
File Transfers Transferring Switch Configurations Syntax: boot system flash [ primary | secondary ] boot system flash [ config < filename > Switches boot from the designated configuration file. For more on multiple configuration files, refer to “Multiple Configuration Files” on page 6-23. Syntax: reload Reboots from the flash image currently in use. (For more on these commands, refer to “Rebooting the Switch” on page 6-18.
PAGE 443
File Transfers Transferring ACL Command Files USB: Copying a Configuration File from a USB Device To use this method, the switch must be connected via the USB port to a USB flash drive on which is stored the configuration file you want to copy. To execute the command, you will need to know the name of the file to copy. Syntax: copy usb startup-config < filename > Copies a configuration file from a USB device to the startup configuration file on the switch.
PAGE 444
File Transfers Transferring ACL Command Files where: < ip-addr > = The IP address of a TFTP server available to the switch < filename.txt > = A text file containing ACL commands and stored in the TFTP directory of the server identified by < ip-addr > < unix | pc > = The type of workstation used for serial, Telnet, or SSH access to the switch CLI This command copies and executes the named text file from the specified TFTP server address and executes the ACL commands in the file.
PAGE 445
File Transfers Transferring ACL Command Files This message indicates that “show running” command just above it is not an ACL command and will be ignored by the switch. Manually executing show running from the CLI indicates that the file was implemented, creating ACL 155 in the switch’s running configuration. Figure A-12.
PAGE 446
File Transfers Transferring ACL Command Files where: < filename.txt > = A text file containing ACL commands and stored in the USB flash drive. < unix | pc > = The type of workstation used to create the text file. This command copies and executes the named text file from a USB flash drive and executes the ACL commands in the file. Depending on the ACL commands used, this action does one of the following in the running-config file: ■ Creates a new ACL. ■ Replaces an existing ACL.
PAGE 447
File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation You can use the CLI to copy the following types of switch data to a text file in a destination device: ■ Command Output: Sends the output of a switch CLI command as a file on the destination device. ■ Event Log: Copies the switch’s Event Log into a file on the destination device.
PAGE 448
File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation At this point, press [Enter] and start the Xmodem command sequence in your terminal emulator. Indicates the operation is finished. Figure A-13. Example of Sending Command Output to a File on an Attached PC Note The command you specify must be enclosed in double-quote marks.
PAGE 449
File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation Syntax: copy crash-data [ | master] tftp copy crash-data [ | mm] usb copy crash-data [| mm] xmodem where: slot-id = mm a - h, and retrieves the crash log or crash data from the processor on the module in the specified slot. Retrieves crash log or crash data from the switch’s chassis processor.
PAGE 450
File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation These commands copy the Crash Log content to a remote host, attached USB device, or to a serially connected PC or UNIX workstation. You can copy individual slot information or the management module (mm) switch information. If you do not specify either, the command defaults to the mm data.
PAGE 451
File Transfers Using USB Autorun Using USB Autorun USB autorun helps ease the configuration of ProCurve switches by providing a way to auto-execute CLI commands from a USB flash drive. Using this solution, you can create a command file (also known as an AutoRun file), write it to a USB storage device, and then execute the file simply by inserting the USB device in to the switch’s ‘Auxiliary Port’.
PAGE 452
File Transfers Using USB Autorun d. determine if the file will be ‘run once’ (moved to a ‘processed’ direc tory on execution) or ‘run many’ (kept in the root directory of the flash drive from where it can be executed again). 2. Deploy the AutoRun file to a USB flash drive. 3. (If required) Enable the autorun feature on the switch (autorun is enabled by default unless an operator or manager password has been set—see “Autorun and Configuring Passwords” on page A-43). 4.
PAGE 453
File Transfers Using USB Autorun Troubleshooting Autorun Operations You can verify autorun operations by checking the following items: USB Auxiliary Port LEDs. The following table shows LED indications on the Auxiliary Port that allow you to identify the different USB operation states. Color State Meaning Green Slow Blinking Switch is processing USB AutoRun file. Green Solid Switch has finished processing USB AutoRun file.
PAGE 454
File Transfers Using USB Autorun Event Log or Syslog. For details on how to use the switch’s event log or syslog for help in isolating autorun-related problems, see “Using the Event Log for Troubleshooting Switch Problems” on page C-26. Configuring Autorun on the Switch To enable/disable the autorun feature on the switch, the following commands can be executed from configuration mode in the CLI. Syntax: [no] autorun [encryption-key | secure-mode] Enables/disables USB autorun on the switch.
PAGE 455
File Transfers Using USB Autorun Operating Notes and Restrictions ■ Autorun is enabled by default, until passwords are set on the device. ■ Secure-mode and encryption-key are disabled by default. ■ To enable secure mode both an encryption key and trusted certificate must be set. ■ If secure-mode is enabled, the following conditions apply: • the encryption-key cannot be removed/un-configured; • the key-pair cannot be removed.
PAGE 456
File Transfers Using USB Autorun Viewing Autorun Configuration Information The show autorun command displays autorun configuration status information as shown in the following example.
PAGE 457
B Monitoring and Analyzing Switch Operation Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3 Status and Counters Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-4 Menu Access To Status and Counters . . . . . . . . . . . . . . . . . . . . . . . . . B-5 General System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-6 Menu Access . . . . . . . . . . . . . . . . . . . . . .
PAGE 458
Monitoring and Analyzing Switch Operation Contents Interface Monitoring Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-24 Menu: Configuring Port and Static Trunk Monitoring . . . . . . . . . . . B-25 CLI: Configuring Port and Static Trunk Monitoring . . . . . . . . . . . . . B-27 Web: Configuring Port Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . B-30 Locating a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 459
Monitoring and Analyzing Switch Operation Overview Overview The switches covered in this guide have several built-in tools for monitoring, analyzing, and troubleshooting switch and network operation: Note ■ Status: Includes options for displaying general switch information, man agement address data, port status, port and trunk group statistics, MAC addresses detected on each port or VLAN, and STP, IGMP, and VLAN data (page B-4).
PAGE 460
Monitoring and Analyzing Switch Operation Status and Counters Data Status and Counters Data This section describes the status and counters screens available through the switch console interface and/or the web browser interface. Note Status or Counters Type You can access all console screens from the web browser interface via Telnet to the console. Telnet access to the switch is available in the Device View window under the Configuration tab.
PAGE 461
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access To Status and Counters Beginning at the Main Menu, display the Status and Counters menu by select ing: 1. Status and Counters Figure B-1. The Status and Counters Menu Each of the above menu items accesses the read-only screens described on the following pages. Refer to the online help for a description of the entries displayed in these screens.
PAGE 462
Monitoring and Analyzing Switch Operation Status and Counters Data General System Information Menu Access From the console Main Menu, select: 1. Status and Counters 1. General System Information ProCurve Switch 2-Jan-1990 22:14:32 ===========================- TELNET - MANAGER MODE -========================== Status and Counters - General System Information System Contact System Location :George :Buiding A Software revision ROM Version : W.14.XX : W.14.
PAGE 463
Monitoring and Analyzing Switch Operation Status and Counters Data CLI Access to System Information The show system command displays general system information about the switch. Syntax: show system [information | power-supply | temperature | fans] Displays global system information and operational parameters for the switch. information Displays global system information and operational parameters for the switch. power-supply Shows chassis power supply and settings.
PAGE 464
Monitoring and Analyzing Switch Operation Status and Counters Data ProCurve(config)# show system Status and Counters - General System Information System Name System Contact System Location : ProCurve Switch : : MAC Age Time (sec) : 300 Time Zone : 0 Daylight Time Rule : None Software revision ROM Version : T.13.XX : K.12.
PAGE 465
Monitoring and Analyzing Switch Operation Status and Counters Data ProCurve(config)# task-monitor cpu ProCurve(config)# show cpu 2 1 5 1 percent busy, from sec ave: 9 percent sec ave: 9 percent min ave: 1 percent 2865 sec ago busy busy busy % CPU | Description -------+------------------------99 | Idle Figure B-5. Example of the task-monitor cpu Command and show cpu Output Switch Management Address Information Menu Access From the Main Menu, select: 1 Status and Counters … 2.
PAGE 466
Monitoring and Analyzing Switch Operation Status and Counters Data Note As shown in figure B-6, all VLANs on the switches use the same MAC address. (This includes both the statically configured VLANs and any dynamic VLANs existing on the switch as a result of GVRP operation.) Also, the switches covered in this guide use a multiple forwarding database.
PAGE 467
Monitoring and Analyzing Switch Operation Status and Counters Data Figure B-7. Example of Port Status on the Menu Interface CLI Access Syntax: show interfaces brief Web Access 1. Click on the Status tab. 2. Click on [Port Status].
PAGE 468
Monitoring and Analyzing Switch Operation Status and Counters Data These features enable you to determine the traffic patterns for each port since the last reboot or reset of the switch. You can display: ■ A general report of traffic on all LAN ports and trunk groups in the switch, along with the per-port flow control status (On or Off). ■ A detailed summary of traffic on a selected port or trunk group. You can also reset the counters for a specific port.
PAGE 469
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to Port and Trunk Statistics To access this screen from the Main Menu, select: 1. Status and Counters … 4. Port Counters Figure B-8. Example of Port Counters on the Menu Interface To view details about the traffic on a particular port, use the [v] key to highlight that port number, then select Show Details. For example, selecting port A2 displays a screen similar to figure B-9, below. Figure B-9.
PAGE 470
Monitoring and Analyzing Switch Operation Status and Counters Data CLI Access To Port and Trunk Group Statistics To Display the Port Counter Summary Report. Syntax: show interfaces This command provides an overview of port activity for all ports on the switch. To Display a Detailed Traffic Summary for Specific Ports. Syntax: show interfaces < port-list > This command provides traffic details for the port(s) you specify To Reset the Port Counters for a Specific Port.
PAGE 471
Monitoring and Analyzing Switch Operation Status and Counters Data Viewing the Switch’s MAC Address Tables Feature Default Menu CLI Web viewing MAC addresses on all ports on a specific VLAN n/a page B-15 page B-18 — viewing MAC addresses on a specific port n/a page B-17 page B-18 — searching for a MAC address n/a page B-17 page B-18 — These features help you to view: ■ The MAC addresses that the switch has learned from network devices attached to the switch ■ The port on which each M
PAGE 472
Monitoring and Analyzing Switch Operation Status and Counters Data Figure B-10. Example of the Address Table To page through the listing, use Next page and Prev page. Finding the Port Connection for a Specific Device on a VLAN. This feature uses a device’s MAC address that you enter to identify the port used by that device. 1. Proceeding from figure B-10, press [S] (for Search), to display the following prompt: Enter MAC address: _ 2. Type the MAC address you want to locate and press [Enter].
PAGE 473
Monitoring and Analyzing Switch Operation Status and Counters Data Port-Level MAC Address Viewing and Searching. This feature displays and searches for MAC addresses on the specified port instead of for all ports on the switch. 1. From the Main Menu, select: 1. Status and Counters 7. Port Address Table Prompt for Selecting the Port To Search Figure B-12. Listing MAC Addresses for a Specific Port 2.
PAGE 474
Monitoring and Analyzing Switch Operation Status and Counters Data CLI Access for MAC Address Views and Searches Syntax: show mac-address [ vlan < vlan-id >] [< port-list >] [< mac-addr >] To List All Learned MAC Addresses on the Switch, with The Port Number on Which Each MAC Address Was Learned. ProCurve> show mac-address To List All Learned MAC Addresses on one or more ports, with Their Corresponding Port Numbers.
PAGE 475
Monitoring and Analyzing Switch Operation Status and Counters Data Spanning Tree Protocol (MSTP) Information CLI Access to MSTP Data This option lists the MSTP configuration, root data, and per-port data (cost, priority, state, and designated bridge). Syntax: show spanning-tree This command displays the switch’s global and regional spanning-tree status, plus the per-port spanning-tree operation at the regional level.
PAGE 476
Monitoring and Analyzing Switch Operation Status and Counters Data Internet Group Management Protocol (IGMP) Status The switch uses the CLI to display the following IGMP status on a per-VLAN basis: Show Command Output show ip igmp Global command listing IGMP status for all VLANs configured in the switch: • VLAN ID (VID) and name • Active group addresses per VLAN • Number of report and query packets per group • Querier access port per VLAN show ip igmp Per-VLAN command listing above IGMP stat
PAGE 477
Monitoring and Analyzing Switch Operation Status and Counters Data VLAN Information The switch uses the CLI to display the following VLAN status: Show Command Output show vlan Lists: • Maximum number of VLANs to support • Existing VLANs • Status (static or dynamic) • Primary VLAN show vlan For the specified VLAN, lists: • Name, VID, and status (static/dynamic) • Per-Port mode (tagged, untagged, forbid, no/auto) • “Unknown VLAN” setting (Learn, Block, Disable) • Port status (up/down) For ex
PAGE 478
Monitoring and Analyzing Switch Operation Status and Counters Data Because ports A1 and A2 are not members of VLAN 44, it does not appear in this listing. Figure B-16. Example of VLAN Listing for Specific Ports Figure B-17.
PAGE 479
Monitoring and Analyzing Switch Operation Status and Counters Data Web Browser Interface Status Information The “home” screen for the web browser interface is the Status Overview screen, as shown below. As the title implies, it provides an overview of the status of the switch, including summary graphs indicating the network utili zation on each of the switch ports, symbolic port status indicators, and the Alert Log, which informs you of any problems that may have occurred on the switch.
PAGE 480
Monitoring and Analyzing Switch Operation Interface Monitoring Features Interface Monitoring Features Port Monitoring Features Feature Default Menu CLI Web display monitoring configuration disabled page B-25 page B-27 page B-30 configure the monitor port(s) ports: none page B-25 page B-28 page B-30 selecting or removing ports page B-25 page B-29 page B-30 none selected You can designate monitoring of inbound and outbound traffic on: ■ Ports and static trunks: Allows monitoring of individual p
PAGE 481
Monitoring and Analyzing Switch Operation Interface Monitoring Features Menu: Configuring Port and Static Trunk Monitoring This procedure describes configuring the switch for monitoring when moni toring is disabled. (If monitoring has already been enabled, the screens will appear differently than shown in this procedure.) 1. From the Console Main Menu, Select: 2. Switch Configuration... 3. Network Monitoring Port Enable monitoring by setting this parameter to “Yes”. Figure B-19.
PAGE 482
Monitoring and Analyzing Switch Operation Interface Monitoring Features Move the cursor to the Monitoring Port Inbound Port and Trunk Monitoring (Only) on the Switch 4108 Figure B-20. How To Select a Monitoring Port 5. Use the Space bar to select the port to use for monitoring. 6. Highlight the Monitor field and use the Space bar to select the interfaces to monitor: Ports: Use for monitoring ports or static trunks. VLAN: Use for monitoring a VLAN. 7.
PAGE 483
Monitoring and Analyzing Switch Operation Interface Monitoring Features ii. Use the Space bar to select the VLAN you want to monitor. iii. Go to step 10. 8. Use the down arrow key to move the cursor to the Action column for the individual ports and position the cursor at a port you want to monitor. 9. Press the Space bar to select Monitor for each port and trunk that you want monitored. (Use the down arrow key to move from one interface to the next in the Action column.) 10.
PAGE 484
Monitoring and Analyzing Switch Operation Interface Monitoring Features Port receiving monitored traffic. Monitored Ports Figure B-21. Example of Monitored Port Listing Configuring the Monitor Port. Syntax: [no] mirror-port [< port-num >] This command assigns or removes a monitoring port, and must be executed from the global configuration level. Removing the monitor port disables port monitoring and resets the monitoring parameters to their factory-default settings.
PAGE 485
Monitoring and Analyzing Switch Operation Interface Monitoring Features Selecting or Removing Monitoring Source Interfaces. After you con figure a monitor port you can use either the global configuration level or the interface context level to select ports, static trunks, or VLANs as monitoring sources. You can also use either level to remove monitoring sources.
PAGE 486
Monitoring and Analyzing Switch Operation Interface Monitoring Features Configure monitoring of VLAN 20. Display current monitoring configuration: – Monitor port – Interface Being Monitored Figure B-23. Example of Configuring VLAN Monitoring These two commands show how to disable monitoring at the interface context level for a single port or all ports in an interface context level. These two commands show how to disable monitoring at the global config level for a single port or a group of ports.
PAGE 487
Monitoring and Analyzing Switch Operation Locating a Device Locating a Device If you are trying to locate a particular switch you can enter the chassislocate command. The blue Locator LED will light up on that switch. Syntax: chassislocate [ blink | on | off ] Locate a device by using the blue Locate LED on the front panel. blink <1-1440> Blinks the chassis Locate LED for a selected number of minutes (default is 30 minutes).
PAGE 488
Monitoring and Analyzing Switch Operation Locating a Device B-32
PAGE 489
C Troubleshooting Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-4 Troubleshooting Approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-5 Browser or Telnet Access Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . C-6 Unusual Network Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-8 General Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 490
Troubleshooting Contents Log Throttle Periods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-37 Example of Log Throttling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-37 Example of Event Counter Operation . . . . . . . . . . . . . . . . . . . . . C-39 Debug/Syslog Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-40 Debug/Syslog Messaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 491
Troubleshooting Contents System Failures: Core Dump Utility . . . . . . . . . . . . . . . . . . . . . . . . . . C-79 CLI: Enabling/Disabling Core Dump . . . . . . . . . . . . . . . . . . . . . . C-80 CLI: Transferring Core Dump Files . . . . . . . . . . . . . . . . . . . . . . . C-80 CLI: Displaying Core Dump Information . . . . . . . . . . . . . . . . . . C-81 CLI: Deleting Core Dump Files . . . . . . . . . . . . . . . . . . . . . . . . . . . C-81 Web: Enabling/Disabling Core Dump . . . . . . . . . . . .
PAGE 492
Troubleshooting Overview Overview This appendix addresses performance-related network problems that can be caused by topology, switch configuration, and the effects of other devices or their configurations on switch operation. (For switch-specific information on hardware problems indicated by LED behavior, cabling requirements, and other potential hardware-related problems, refer to the Installation Guide you received with the switch.
PAGE 493
Troubleshooting Troubleshooting Approaches Troubleshooting Approaches Use these approaches to diagnose switch problems: ■ Check the ProCurve Networking web site for software updates that may have solved your problem: www.procurve.com ■ Check the switch LEDs for indications of proper switch operation: • Each switch port has a Link LED that should light whenever an active network device is connected to the port.
PAGE 494
Troubleshooting Browser or Telnet Access Problems Browser or Telnet Access Problems Cannot access the web browser interface: ■ Access may be disabled by the Web Agent Enabled parameter in the switch console. Check the setting on this parameter by selecting: 2. Switch Configuration … 1. System Information ■ The switch may not have the correct IP address, subnet mask or gateway. Verify by connecting a console to the switch’s Console port and selecting: 2. Switch Configuration … 5.
PAGE 495
Troubleshooting Browser or Telnet Access Problems Cannot Telnet into the switch console from a station on the network: ■ Off subnet management stations can lose Telnet access if you enable routing without first configuring a static (default) route. That is, the switch uses the IP default gateway only while operating as a Layer 2 device. While routing is enabled on the switch, the IP default gateway is not used.
PAGE 496
Troubleshooting Unusual Network Activity Unusual Network Activity Network activity that fails to meet accepted norms may indicate a hardware problem with one or more of the network components, possibly including the switch. Such problems can also be caused by a network loop or simply too much traffic for the network as it is currently designed and implemented.
PAGE 497
Troubleshooting Unusual Network Activity This can also happen, for example, if the server is first configured to issue IP addresses with an unlimited duration, then is subsequently configured to issue IP addresses that will expire after a limited duration. One solution is to configure “reservations” in the DHCP server for specific IP addresses to be assigned to devices having specific MAC addresses. For more information, refer to the documentation for the DHCP server.
PAGE 498
Troubleshooting Unusual Network Activity S Indicates that routing is enabled; a require ment for ACL operation. (There is an exception. Refer to the Note, below.) Figure C-1. Indication that Routing Is Enabled Note If an ACL assigned to a VLAN includes an ACE referencing an IP address on the switch itself as a packet source or destination, the ACE screens traffic to or from this switch address regardless of whether IP routing is enabled.
PAGE 499
Troubleshooting Unusual Network Activity Error (Invalid input) when entering an IP address. When using the “host” option in the command syntax, ensure that you are not including a mask in either dotted decimal or CIDR format. Using the “host” option implies a specific host device and therefore does not permit any mask entry. Correct. Incorrect. No mask needed to specify a single host. Figure C-2. Examples of Correctly and Incorrectly Specifying a Single Host Apparent failure to log all “Deny” Matches.
PAGE 500
Troubleshooting Unusual Network Activity that happens to include the switch’s IP address. For an example of this problem, refer to the section titled “General ACL Operating Notes” in the “Access Control Lists (ACLs)” chapter of the latest Access Security Guide for your switch. Routing Through a Gateway on the Switch Fails Configuring a “deny” ACE that includes a gateway address can block traffic attempting to use the gateway as a next-hop. Remote Gateway Case.
PAGE 501
Troubleshooting Unusual Network Activity To avoid inadvertently blocking the remote gateway for authorized traffic from another network (such as the 20 Net in this example): 1. Configure an ACE that specifically permits authorized traffic from the remote network. 2. Configure narrowly defined ACEs to block unwanted IP traffic that would otherwise use the gateway. Such ACEs might deny traffic for a particular application, particular hosts, or an entire subnet. 3.
PAGE 502
Troubleshooting Unusual Network Activity LACP-Related Problems Unable to enable LACP on a port with the interface < port-number > lacp command. In this case, the switch displays the following message: Operation is not allowed for a trunked port. You cannot enable LACP on a port while it is configured as static Trunk port. To enable LACP on static-trunked port, first use the no trunk < port-number > command to disable the static trunk assignment, then execute interface < port-number > lacp.
PAGE 503
Troubleshooting Unusual Network Activity ■ Verify that the switch has the correct IP address for each RADIUS server. ■ Ensure that the radius-server timeout period is long enough for network conditions. The switch does not authenticate a client even though the RADIUS server is properly configured and providing a response to the authentication request. If the RADIUS server configuration for authenti cating the client includes a VLAN assignment, ensure that the VLAN exists as a static VLAN on the switch.
PAGE 504
Troubleshooting Unusual Network Activity Port A9 shows an “Open” status even though Access Control is set to Unauthorized (Force Auth). This is because the port-access authenticator has not yet been activated. Figure C-5. Authenticator Ports Remain “Open” Until Activated RADIUS server fails to respond to a request for service, even though the server’s IP address is correctly configured in the switch.
PAGE 505
Troubleshooting Unusual Network Activity Also, ensure that the switch port used to access the RADIUS server is not blocked by an 802.1X configuration on that port. For example, show portaccess authenticator < port-list > gives you the status for the specified ports. Also, ensure that other factors, such as port security or any 802.1X configura tion on the RADIUS server are not blocking the link. The authorized MAC address on a port that is configured for both 802.
PAGE 506
Troubleshooting Unusual Network Activity ■ Ensure that the radius-server timeout period is long enough for network conditions. ■ Verify that the switch is using the same UDP port number as the server. RADIUS server fails to respond to a request for service, even though the server’s IP address is correctly configured in the switch. Use show radius to verify that the encryption key the switch is using is correct for the server being contacted.
PAGE 507
Troubleshooting Unusual Network Activity Broadcast Storms Appearing in the Network. This can occur when there are physical loops (redundant links) in the topology.Where this exists, you should enable MSTP on all bridging devices in the topology in order for the loop to be detected. STP Blocks a Link in a VLAN Even Though There Are No Redundant Links in that VLAN. In 802.1Q-compliant switches MSTP blocks redundant physical links even if they are in separate VLANs.
PAGE 508
Troubleshooting Unusual Network Activity Executing IP SSH does not enable SSH on the switch. The switch does not have a host key. Verify by executing show ip host-public-key. If you see the message ssh cannot be enabled until a host key is configured (use 'crypto' command). then you need to generate an SSH key pair for the switch. To do so, execute crypto key generate.(Refer to “2. Generating the Switch’s Public and Private Key Pair” in the SSH chapter of the Access Security Guide for your switch.
PAGE 509
Troubleshooting Unusual Network Activity FAILURE response may fail when attempting to connect. Ensure that compression is turned off before attempting a connection to prevent this problem. TACACS-Related Problems Event Log. When troubleshooting TACACS+ operation, check the switch’s Event Log for indications of problem areas. All Users Are Locked Out of Access to the Switch.
PAGE 510
Troubleshooting Unusual Network Activity ■ The encryption key configured in the server does not match the encryption key configured in the switch (by using the tacacs-server key command). Verify the key in the server and compare it to the key configured in the switch. (Use show tacacs-server to list the global key. Use show config or show config running to list any server-specific keys.) ■ The accessible TACACS+ servers are not configured to provide service to the switch.
PAGE 511
Troubleshooting Unusual Network Activity TimeP, SNTP, or Gateway Problems The Switch Cannot Find the Time Server or the Configured Gateway . TimeP, SNTP, and Gateway access are through the primary VLAN, which in the default configuration is the DEFAULT_VLAN. If the primary VLAN has been moved to another VLAN, it may be disabled or does not have ports assigned to it. VLAN-Related Problems Monitor Port.
PAGE 512
Troubleshooting Unusual Network Activity Link supporting VLAN_1 and VLAN_2 Switch “X” Port X-3 Switch “Y” Port Y- 7 VLAN Port Assignment VLAN Port Assignment Port VLAN_1 Port VLAN_1 X-3 VLAN_2 Untagged Tagged Y-7 VLAN_2 Untagged Tagged Figure C-8. Example of Correct VLAN Port Assignments on a Link 1. If VLAN_1 (VID=1) is configured as “Untagged” on port 3 on switch “X”, then it must also be configured as “Untagged” on port 7 on switch “Y”.
PAGE 513
Troubleshooting Unusual Network Activity Server MAC Address “A”; VLAN 1 MAC Address “A”; VLAN 2 8212zl Switch (Multiple Forwarding Database) VLAN 1 VLAN 2 Switch with Single Forwarding Database Problem: This switch detects continual moves of MAC address “A” between ports. Figure C-9. Example of Duplicate MAC Address Fan Failure When two or more fans fail, a tow-minute timer starts. After two minutes, the switch is powered down and must be rebooted to restart it.
PAGE 514
Troubleshooting Using the Event Log for Troubleshooting Switch Problems Using the Event Log for Troubleshooting Switch Problems The Event Log records operating events in single- or double-line entries and serves as a tool to isolate and troubleshoot problems. Starting in software release K.13.xx, the maximum number of entries supported in the Event Log is increased from 1000 to 2000 entries. Entries are listed in chronological order, from the oldest to the most recent.
PAGE 515
Troubleshooting Using the Event Log for Troubleshooting Switch Problems D (debug) is reserved for ProCurve internal diagnostic information. Date is the date in the format mm/dd/yy when an entry is recorded in the log. Time is the time in the format hh:mm:ss when an entry is recorded in the log. Event Number is the number assigned to an event. You can turn event numbering on and off with the [no] log-number command.
PAGE 516
Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Module Description Documented in ProCurve Hardware/ Software guide cdp Cisco Discovery Protocol: Supports reading CDP packets Management and Configuration Guide received from neighbor devices, enabling a switch to learn about adjacent CDP devices. ProCurve switches do not support the transmission of CDP packets to neighbor devices.
PAGE 517
Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Module Description Documented in ProCurve Hardware/ Software guide dma — Direct Access Memory (DMA): Transmits and receives packets between the CPU and the switch. Not used for logging messages in software release K.13.xx. fault Fault Detection facility, including response policy and the Management and Configuration Guide sensitivity level at which a network problem should generate an alert.
PAGE 518
Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Module Description Documented in ProCurve Hardware/ Software guide kms Key Management System: Configures and maintains security Access Security Guide information (keys) for all routing protocols, including a timing mechanism for activating and deactivating an individual protocol. lacp LACP trunks: The switch can either automatically establish an Management and Configuration Guide 802.
PAGE 519
Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Module Description Documented in ProCurve Hardware/ Software guide mld Multicast Listener Discovery (MLD): IPv6 protocol used by a Multicast and Routing Guide router to discover the presence of multicast listeners. MLD can also optimize IPv6 multicast traffic flow with the snooping feature. mtm Multicast Traffic Manager (MTM): Controls and coordinates L3 multicast traffic for upper layer protocols.
PAGE 520
Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Module Description Documented in ProCurve Hardware/ Software guide ssh Secure Shell version 2 (SSHv2): Provides remote access to Access Security Guide management functions on a switch via encrypted paths between the switch and management station clients capable of SSH operation. SSH messages also include events from the Secure File Transfer Protocol (SFTP) feature.
PAGE 521
Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Module Description Documented in ProCurve Hardware/ Software guide udld Uni-directional Link Detection: Monitors a link between two switches and blocks the ports on both ends of the link if the link fails at any point between the two devices.
PAGE 522
Troubleshooting Using the Event Log for Troubleshooting Switch Problems Menu: Displaying and Navigating in the Event Log To display the Event Log from the Main Menu, select Event Log. Figure C-11 shows a sample event log display. ProCurve Switch 25-Oct-2007 18:02:52 ==========================-CONSOLE - MANAGER MODE -============================ M 10/25/07 16:30:02 sys: 'Operator cold reboot from CONSOLE session.
PAGE 523
Troubleshooting Using the Event Log for Troubleshooting Switch Problems Key Action [E] Advances to the end of the log. [H] Displays Help for the Event Log. CLI: Displaying the Event Log To display messages recorded in the event log from the CLI, enter the show logging command. Keyword searches are supported. Syntax: show logging [-a, -r] [] By default, the show logging command displays the log messages recorded since the last reboot in chronological order.
PAGE 524
Troubleshooting Using the Event Log for Troubleshooting Switch Problems To redisplay all hidden entries, including Event Log entries recorded prior to the last reboot, enter the show logging -a command. Syntax: clear logging Removes all entries from the event log display output.
PAGE 525
Troubleshooting Using the Event Log for Troubleshooting Switch Problems Log Throttle Periods The length of the log throttle period differs according to an event’s severity level: Severity Level Log Throttle Period I (Information) 6000 Seconds W (Warning) 600 Seconds D (Debug) 60 Seconds M (Major) 6 Seconds Example of Log Throttling For example, suppose that you configure VLAN 100 on the switch to support PIM operation, but do not configure an IP address.
PAGE 526
Troubleshooting Using the Event Log for Troubleshooting Switch Problems If PIM operation caused the same event to occur six more times during the initial log throttle period, there would be no further entries in the Event Log. However, if the event occurred again after the log throttle period expired, the switch would repeat the message (with an updated counter) and start a new log throttle period. This message indicates the original instance of the event (since the last switch reboot).
PAGE 527
Troubleshooting Using the Event Log for Troubleshooting Switch Problems Example of Event Counter Operation Suppose the switch detects the following after a reboot: ■ Three duplicate instances of a “Send error” during the first log throttle period for this event ■ Five more instances of the same Send error during the second log throttle period for this event ■ Four instances of the same Send error during the third log throttle period for this event In this case, the duplicate message would appear thre
PAGE 528
Troubleshooting Debug/Syslog Operation Debug/Syslog Operation While the Event Log records switch-level progress, status, and warning messages on the switch, the Debug/System Logging (Syslog) feature provides a way to record Event Log and debug messages on a remote device. For example, you can send messages about routing misconfigurations and other network protocol details to an external device, and later use them to debug network-level problems.
PAGE 529
Troubleshooting Debug/Syslog Operation A Debug/Syslog destination device can be a Syslog server and/or a console session. You can configure debug and logging messages to be sent to: ■ Up to six Syslog servers ■ A CLI session through a direct RS-232 console connection, or a Telnet or SSH session Debug/Syslog Configuration Commands Event Notification Logging logging Command debug Command — Automatically sends switch-level event messages to the switch’s Event Log.
PAGE 530
Troubleshooting Debug/Syslog Operation event ip Sends standard Event Log messages to configured debug destinations. (The same messages are also sent to the switch’s Event Log, regardless of whether you enable this option.) forwarding: Sends IPv4 forwarding messages to the debug destination(s). packet: Sends IPv4 packet messages to the debug destination(s). rip: Sends RIP event logging to the debug destination(s).
PAGE 531
Troubleshooting Debug/Syslog Operation ■ Series 2610 switches ■ Series 2600 switches and the Switch 6108 (software release H.07.30 or greater) For the latest feature information on ProCurve switches, visit the ProCurve Networking web site and check the latest release notes for the switch products you use. ■ Configure the switch to send Event Log messages to the current manage ment-access session (serial-connect CLI, Telnet CLI, or SSH).
PAGE 532
Troubleshooting Debug/Syslog Operation ProCurve# debug Repeat this step if necessary to enable multiple debug message types. By default, Event Log messages are sent to configured debug destination devices. To block Event Log messages from being sent, enter the no debug event command. 4.
PAGE 533
Troubleshooting Debug/Syslog Operation Displaying a Debug/Syslog Configuration Use the show debug command to display the currently configured settings for: ■ Debug message types and Event Log message filters (severity level and system module) sent to debug destinations ■ Debug destinations (Syslog servers or CLI session) and Syslog server facility to be used Syntax: show debug Displays the currently configured debug logging destinations and message types selected for debugging purposes.
PAGE 534
Troubleshooting Debug/Syslog Operation messages sent to the Syslog server, specify a set of messages by entering the logging severity and logging system-module commands. ProCurve(config)# show debug Debug Logging Destination: None Enabled debug types: None are enabled Displays the default debug configuration. (No Syslog server IP addresses or debug types are configured.) ProCurve(config)# logging 10.28.38.
PAGE 535
Troubleshooting Debug/Syslog Operation Example. The next example shows how to configure: ■ Debug logging of ACL packet messages on a Syslog server at 18.38.64.164 (with user as the default logging facility). ■ Display of these messages in the CLI session of your terminal device’s management access to the switch. ■ Blocking Event Log messages from being sent from the switch to the Syslog server and a CLI session.
PAGE 536
Troubleshooting Debug/Syslog Operation ProCurve# config ProCurve(config)# logging 10.38.64.164 ProCurve(config)# show debug Debug Logging Destination: Logging -10.38.64.164 Facility=user Severity=debug System module=all-pass Enabled debug types: event Configure a Syslog server IP address. (No other Syslog servers are configured on the switch.) The server address serves as an active debug destination for any configured debug types.) Display the new debug configuration.
PAGE 537
Troubleshooting Debug/Syslog Operation Debug Command At the manager level, use the debug command to perform two main functions: ■ Specifies the types of event messages to be sent to an external destination. ■ Specifies the destinations to which selected message types are sent. By default, no debug destination is enabled and only Event Log messages are enabled to be sent. Note To configure a Syslog server, use the logging command.
PAGE 538
Troubleshooting Debug/Syslog Operation Syntax: [no] debug < debug-type > (Continued) event Event Log messages are automatically enabled to be sent to debug destinations in these conditions: • If no Syslog server address is configured and you enter the logging command to configure a destination address. • If at least one Syslog server address is configured in the startup configuration and the switch is rebooted or reset.
PAGE 539
Troubleshooting Debug/Syslog Operation Debug Destinations Use the debug destination command to enable (and disable) Syslog messaging on a Syslog server or to a CLI session for specified types of debug and Event Log messages. Syntax: [no] debug destination < logging | session | buffer > logging Enables Syslog logging to configured Syslog servers so that the debug message types specified by the debug command (see “Debug Messages” on page C-49) are sent.
PAGE 540
Troubleshooting Debug/Syslog Operation Logging Command At the global configuration level, the logging command allows you to enable debug logging on specified Syslog servers and select a subset of Event Log messages to send for debugging purposes according to: ■ Severity level ■ System module By specifying both a severity level and system module, you can use both configured settings to filter the Event Log messages you want to use to troubleshoot switch or network error conditions.
PAGE 541
Troubleshooting Debug/Syslog Operation Configuring a Syslog Server Syslog is a client-server logging tool that allows a client switch to send event notification messages to a networked device operating with Syslog server software. Messages sent to a Syslog server can be stored to a file for later debugging analysis. To use the Syslog feature, you must install and configure a Syslog server application on a networked host accessible to the switch.
PAGE 542
Troubleshooting Debug/Syslog Operation Syntax: [no] logging < syslog-ip-addr > Enables or disables Syslog messaging to the specified IP address. You can configure up to six addresses. If you configure an address when none are already configured, this command enables destination logging (Syslog) and the Event debug type. Therefore, at a minimum, the switch begins sending Event Log messages to configured Syslog servers.
PAGE 543
Troubleshooting Debug/Syslog Operation Syntax: [no] logging facility < facility-name > The logging facility specifies the destination subsystem used in a configured Syslog server. (All configured Syslog servers must use the same subsystem.) ProCurve recommends the default (user) subsystem unless your application specifically requires another subsystem.
PAGE 544
Troubleshooting Debug/Syslog Operation Configuring the Severity Level for Event Log Messages Sent to a Syslog Server Event Log messages are entered with one of the following severity levels (from highest to lowest): Major: A fatal error condition has occurred on the switch. Error: An error condition has occurred on the switch. Warning: A switch service has behaved unexpectedly. Information: Information on a normal switch event. Debug: Reserved for ProCurve internal diagnostic information.
PAGE 545
Troubleshooting Debug/Syslog Operation Configuring the System Module Used to Select the Event Log Messages Sent to a Syslog Server Event Log messages contain the name of the system module that reported the event. Using the logging system-module command, you can select a set of Event Log messages according to the originating system module and send them to a Syslog server. To configure a Syslog server, see “Configuring a Syslog Server” on page C-53.
PAGE 546
Troubleshooting Debug/Syslog Operation ■ Debug Option Effect of a Reboot or Reset event (debug type) If a Syslog server IP address is configured in the startup config file, the sending of Event Log messages is reset to enabled, regardless of the last active setting. If no Syslog server is configured, the sending of Event Log messages is disabled. IP (debug type) Disabled. Debug commands do not affect normal message output to the Event Log.
PAGE 547
Troubleshooting Diagnostic Tools Diagnostic Tools Diagnostic Features Feature Default Menu CLI Web Port Auto negotiation n/a — — — Ping test n/a — page C-62 page C-61 Link test n/a — page C-62 page C-61 Traceroute operation n/a — page C-64 View switch configuration files n/a — page C-68 View switch (show tech) operation n/a — page C-68 — View crash information and command history n/a — page C-75 — View system information and software version n/a — page C-75 — Usef
PAGE 548
Troubleshooting Diagnostic Tools Port Auto-Negotiation When a link LED does not light (indicating loss of link between two devices), the most common reason is a failure of port auto-negotiation between the connecting ports. If a link LED fails to light when you connect the switch to a port on another device, do the following: 1. Ensure that the switch port and the port on the attached end-node are both set to Auto mode. 2.
PAGE 549
Troubleshooting Diagnostic Tools Web: Executing Ping or Link Tests 1. Click here. 2. Click here. 3. Select Ping Test (the default) or Link Test 4. For a Ping test, enter the IP address of the target device. For a Link test, enter the MAC address of the target device. 6. Click on Start to begin the test. 5. Select the number of tries (packets) and the timeout for each try from the drop-down menus. Figure C-19.
PAGE 550
Troubleshooting Diagnostic Tools Number of Packets to Send is the number of times you want the switch to attempt to test a connection. Timeout in Seconds is the number of seconds to allow per attempt to test a connection before determining that the current attempt has failed. To halt a Link or Ping test before it concludes, click on the Stop button. To reset the screen to its default settings, click on the Defaults button.
PAGE 551
Troubleshooting Diagnostic Tools source Source IP address or hostname. The source IP address must be owned by the router. If a VLAN is specified, the IP address associated with the specified VLAN is used. data-size <0-65471> Size of packet sent. Default: 0 (zero) data-fill <0-1024> The data pattern in the packet. Default: Zero length string Basic Ping Operation Ping with Repetitions Ping with Repetitions and Timeout Ping Failure Figure C-20.
PAGE 552
Troubleshooting Diagnostic Tools Basic Link Test Link Test with Repetitions Link Test with Repetitions and Timeout Link Test Over a Specific VLAN Link Test Over a Specific VLAN; Test Fail Figure C-21. Example of Link Tests Traceroute Command The traceroute command enables you to trace the route from the switch to a host address. This command outputs information for each (router) hop between the switch and the destination address.
PAGE 553
Troubleshooting Diagnostic Tools The IP address or hostname of the device to which to send the traceroute. [minttl < 1-255 >] For the current instance of traceroute, changes the minimum number of hops allowed for each probe packet sent along the route. If minttl is greater than the actual number of hops, then the output includes only the hops at and above the minttl threshold. (The hops below the threshold are not listed.
PAGE 554
Troubleshooting Diagnostic Tools Intermediate router hops with the time taken for the switch to receive acknowledgement of each probe reaching each router. Destination IP Address Figure C-22. Example of a Completed Traceroute Enquiry Continuing from the previous example (Figure C-22, above), executing traceroute with an insufficient maxttl for the actual hop count produces an output similar to this: Traceroute does not reach destination IP address because of low maxttl setting.
PAGE 555
Troubleshooting Diagnostic Tools If A Network Condition Prevents Traceroute from Reaching the Destination. Common reasons for Traceroute failing to reach a destination include: ■ Timeouts (indicated by one asterisk per probe, per hop; refer to Figure C-23, above.
PAGE 556
Troubleshooting Viewing Switch Configuration and Operation Viewing Switch Configuration and Operation In some troubleshooting scenarios, you may need to view the switch config uration to diagnose a problem. The complete switch configuration is con tained in a file that you can browse from either the web browser interface or the CLI using the commands described in this section.
PAGE 557
Troubleshooting Viewing Switch Configuration and Operation ■ Image stamp (software version data) ■ Running configuration ■ Event Log listing ■ Boot History ■ Port settings ■ Status and counters — port status ■ IP routes ■ Status and counters — VLAN information ■ GVRP support ■ Load balancing (trunk and LACP) Figure C-25 shows sample output from the show tech command.
PAGE 558
Troubleshooting Viewing Switch Configuration and Operation To specify the data displayed by the show tech command, use the copy show tech command as described in “Customizing show tech Command Output” on page C-71. Saving show tech Command Output to a Text File When you enter the show tech command, a summary of switch operational data is sent to your terminal emulator.
PAGE 559
Troubleshooting Viewing Switch Configuration and Operation 3. Click [Start] to create and open the text file. 4. From the global configuration context, enter the show tech command: ProCurve# show tech The show tech command output is copied into the text file and displayed on the terminal emulator screen. When the command output stops and displays -- MORE --, press the Space bar to display and copy more information. The CLI prompt appears when the command output finishes. 5.
PAGE 560
Troubleshooting Viewing Switch Configuration and Operation Syntax: copy show- tech Includes the output of a specified command in show-tech command output. Enter the command name between double-quotation marks; for example, copy “show system” show-tech. crash-data [slot-id | master]: Includes the crash data from all management and interface modules in show tech command output.
PAGE 561
Troubleshooting Viewing Switch Configuration and Operation Syntax: copy show- tech tftp config < startup-config | running-config > < ip-addr > < remote-file > < pc | unix > Downloads the contents of a configuration file from a remote host to show tech command output, where: ip-addr: Specifies the IP address of the remote host device. remote-file: Specifies the pathname on the remote host for the configuration file whose contents you want to include in the command output.
PAGE 562
Troubleshooting Viewing Switch Configuration and Operation Syntax: copy show- tech Copies the contents of a configuration file or ACL command file from a serially connected PC or UNIX workstation to show tech command output, where: startup-config: Specifies the name of the startup configuration file on the connected device. config : Specifies the pathname of a configuration file on the connected device. command-file
PAGE 563
Troubleshooting Viewing Switch Configuration and Operation CLI: Viewing More Information on Switch Operation Use the following commands to display additional information on switch operation for troubleshooting purposes. Syntax: show boot-history Displays the crash information saved for each management module on the switch (see “Displaying Saved Crash Information” in the “Redundancy (Switch 8212zl)” chapter). show history Displays the current command history.
PAGE 564
Troubleshooting Viewing Switch Configuration and Operation Syntax: show | Use matching pattern searches to display selected portions of the output from a show command. There is no limit to the number of characters that can be matched. Only regular expressions are permitted; symbols such as the asterisk cannot be substituted to perform more general matching.
PAGE 565
Troubleshooting Viewing Switch Configuration and Operation ProCurve(config)# show run | exclude ipv6 Running configuration: ; J9146A Configuration Editor; Created on release #W.14.06 hostname "ProCurve Switch" module 1 type J8702A module 2 type J8705A snmp-server community "notpublic" Unrestricted vlan 1 name "DEFAULT_VLAN" untagged A1-A24,B1-B20 Displays all lines that don’t contain “ipv6”.
PAGE 566
Troubleshooting Viewing Switch Configuration and Operation ProCurve(config)# show run | begin ipv6 ipv6 enable no untagged B21-B24 Displays the running config beginning at the first line that contains “ipv6”. exit vlan 20 name "VLAN20" untagged B21-B24 ipv6 enable no ip address exit policy qos "michael" exit ipv6 access-list "EH-01" sequence 10 deny tcp 2001:db8:255::/48 2001:db8:125::/48 exit no autorun password manager ProCurve(config)# Figure C-30.
PAGE 567
Troubleshooting Viewing Switch Configuration and Operation CLI: Useful Commands for Troubleshooting Sessions Use the following commands in a troubleshooting session to more accurately display the information you need to diagnose a problem. For more information on other these CLI practices, refer to chapter Chapter 4, “Using the Command Line Interface (CLI)”. Syntax: kill Terminates a currently running, remote troubleshooting session. Use the show ip ssh command to list the current management sessions.
PAGE 568
Troubleshooting Viewing Switch Configuration and Operation Note The core dump file contains non-readable data and must be transferred to HP ProCurve Customer Care for analysis, diagnostics and troubleshooting. For instructions on how to transfer the file from the switch, see “CLI: Transferring Core Dump Files” on page C-80. The core dump feature can be accessed via the CLI or via the Web browser interface (see table for details).
PAGE 569
Troubleshooting Viewing Switch Configuration and Operation / +---core | mm1.core management module or management function | port_1-24.core core dump for ports 1-24 (stackable switches only) | port_25-48.core core dump for ports 25-48 (stackable switches only) For more on using SFTP/SCP to transfer files, refer to the “File Transfers” appendix of the Management and Configuration Guide for your switch.
PAGE 570
Troubleshooting Viewing Switch Configuration and Operation Figure C-32. Web User Interface: Core Dump Window 2. To enable or disable core dump file captures, check/uncheck the Enabled check box. 3. Click the Save button to apply the changes. A window will appear to confirm the current status. Figure C-33. Enable/Disable Confirmation Window 4. C-82 Click the Back button to return to the previous window.
PAGE 571
Troubleshooting Viewing Switch Configuration and Operation Web UI: Downloading Core Dump Files To download a core dump file from the switch, follow the steps below: 1. Navigate to the Diagnostics -> Core Dump tab. 2. From the Download Core Dump File area, select the required core dump file from the drop-down box. 3. Click the Download button. A dialog box will appear opening the file. Figure C-34.Opening Core-File Window 4. Select Save to Disk, then click OK. 5.
PAGE 572
Troubleshooting Restoring the Factory-Default Configuration Note It is recommended that you add a date prefix using the format YYYYMMD and leave the rest of the file name and file extension unchanged (for example, 20090122-mm1.core). Once the file has been downloaded, it can be sent to HP ProCurve Customer Care for diagnosis and analysis of the system crash information contained within the file (see also “CLI: Transferring Core Dump Files” on page C-80).
PAGE 573
Troubleshooting Restoring a Flash Image Clear/Reset: Resetting to the Factory-Default Configuration To execute the factory default reset, perform these steps: 1. Using pointed objects, simultaneously press both the Reset and Clear buttons on the front of the switch. 2. Continue to press the Clear button while releasing the Reset button. 3. When the Self Test LED begins to flash, release the Clear button.
PAGE 574
Troubleshooting Restoring a Flash Image 2. 3. Ensure that the terminal program is configured as follows: ■ Baud rate: 9600 ■ 1 stop bit ■ No parity ■ No flow control ■ 8 Bits Use the Reset button to reset the switch. The following prompt should then appear in the terminal emulator: Enter h or ? for help. => 4. Since the OS file is large, you can increase the speed of the download by changing the switch console and terminal emulator baud rates to a high speed. For example: a.
PAGE 575
Troubleshooting Restoring a Flash Image If you are using HyperTerminal, you will see a screen similar to the following to indicate that the download is in progress: Figure C-35. Example of Xmodem Download in Progress 8. When the download completes, the switch reboots from primary flash using the OS image you downloaded in the preceding steps, plus the most recent startup-config file.
PAGE 576
Troubleshooting DNS Resolver DNS Resolver The Domain Name System (DNS) resolver is designed for use in local network domains where it enables use of a host name or fully qualified domain name with DNS-compatible switch CLI commands. (At software release K.13.01, the DNS-compatible commands include ping and traceroute.) Beginning with software release K.13.01, DNS operation supports both IPv4 and IPv6 DNS resolution and multiple, prioritized DNS servers.
PAGE 577
Troubleshooting DNS Resolver Basic Operation ■ When the switch is configured with only the IP address of a DNS server available to the switch, then a DNS-compatible command, executed with a fully qualified domain name, can reach a device found in any domain accessible through the configured DNS server.
PAGE 578
Troubleshooting DNS Resolver Note that if the target host is in a domain other than the domain configured on the switch, then: ■ The host’s domain must be reachable from the switch. This requires that the DNS server for the switch must be able to communicate with the DNS server(s) in the path to the domain in which the target host operates.
PAGE 579
Troubleshooting DNS Resolver c. The domain name for an accessible domain in which there are hosts you want to reach with a DNS-compatible command. (This is the domain suffix in the fully qualified domain name for a given host operating in the selected domain. Refer to “Terminology” on page C 88.) Note that if a domain suffix is not configured, fully qualified domain names can be used to resolve DNS-compatible commands. d.
PAGE 580
Troubleshooting DNS Resolver Syntax: [no] ip dns domain-name < domain-name-suffix > This optional DNS command configures the domain suffix that is automatically appended to the host name entered with a DNS-compatible command. When the domain suffix and the IP address for a DNS server that can access that domain are both configured on the switch, you can execute a DNS-compatible command using only the host name of the desired target. (For an example, refer to Figure C-36 on page C-89.
PAGE 581
Troubleshooting DNS Resolver Configuring switch “A” with the domain name and the IP address of a DNS server for the domain enables the switch to use host names assigned to IP addresses in the domain to perform ping and traceroute actions on the devices in the domain. To summarize: Entity: Identity: DNS Server IP Address 10.28.229.10 Domain Name (and Domain Suffix for Hosts in the Domain) pubs.outdoors.com Host Name Assigned to 10.28.229.
PAGE 582
Troubleshooting DNS Resolver As mentioned under “Basic Operation” on page C-89, if the DNS entry config ured in the switch does not include the domain suffix for the desired target, then you must use the target host’s fully qualified domain name with DNScompatible commands. For example, using the document server in Figure C 38 as a target: ProCurve# ping docservr.pubs.outdoors.com 10.28.229.219 is alive, time = 1 ms Target’s Fully Qualified Domain Name ProCurve# traceroute docservr.pubs.outdoors.
PAGE 583
Troubleshooting DNS Resolver Operating Notes ■ Configuring another IP address for a priority that has already been assigned to an IP address is not allowed. To replace one IP address at a given priority level with another address having the same priority, you must first use the no form of the command to remove the unwanted address. Also, only one instance of a given server address is allowed in the server list.
PAGE 584
Troubleshooting DNS Resolver Event Log Messages Message Meaning DNS server address not configured The switch does not have an IP address configured for the DNS server. DNS server not responding The DNS server failed to respond or is unreachable. An incorrect server IP address can produce this result. Unknown host < host-name > The host name did not resolve to an IP address. Some reasons for this occurring include: • The host name was not found. • The named domain was not found.
PAGE 585
D MAC Address Management Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-2 Determining MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-3 Menu: Viewing the Switch’s MAC Addresses . . . . . . . . . . . . . . . . . . . . D-4 CLI: Viewing the Port and VLAN MAC Addresses . . . . . . . . . . . . . . . . D-5 Viewing the MAC Addresses of Connected Devices . . . . . . . . . . . . .
PAGE 586
MAC Address Management Overview Overview The switch assigns MAC addresses in these areas: ■ For management functions, one Base MAC address is assigned to the default VLAN (VID = 1). (All VLANs on the switches covered in this guide use the same MAC address.) ■ For internal switch operations: One MAC address per port (Refer to “CLI: Viewing the Port and VLAN MAC Addresses” on page D-5.) MAC addresses are assigned at the factory.
PAGE 587
MAC Address Management Determining MAC Addresses Determining MAC Addresses MAC Address Viewing Methods Feature Menu CLI Web view switch’s base (default vlan) MAC address n/a and the addressing for any added VLANs D-4 D-5 — view port MAC addresses (hexadecimal format) n/a — D-5 — ■ Note Default Use the menu interface to view the switch’s base MAC address and the MAC address assigned to any VLAN you have configured on the switch.
PAGE 588
MAC Address Management Determining MAC Addresses Menu: Viewing the Switch’s MAC Addresses The Management Address Information screen lists the MAC addresses for: ■ Base switch (default VLAN; VID = 1) ■ Any additional VLANs configured on the switch. Also, the Base MAC address appears on a label on the back of the switch. Note The Base MAC address is used by the first (default) VLAN in the switch.
PAGE 589
MAC Address Management Determining MAC Addresses CLI: Viewing the Port and VLAN MAC Addresses The MAC address assigned to each switch port is used internally by such features as Flow Control and the spanning-tree protocol. Using the walkmib command to determine the MAC address assignments for individual ports can sometimes be useful when diagnosing switch operation. Switch Series MAC Address Allocation 8212zl The switch allots 24 MAC addresses per slot.
PAGE 590
MAC Address Management Determining MAC Addresses ProCurve# walkmib ifphysaddress ifPhysAddress.1 = 00 12 79 88 b1 ff ifPhysAddress.2 = 00 12 79 88 b1 fe ifPhysAddress.3 = 00 12 79 88 b1 fd ifPhysAddress.4 = 00 12 79 88 b1 fc ifPhysAddress.49 = 00 12 79 88 b1 cf ifPhysAddress.50 = 00 12 79 88 b1 ce ifPhysAddress.51 = 00 12 79 88 b1 cd ifPhysAddress.52 = 00 12 79 88 b1 cc ifPhysAddress.53 = 00 12 79 88 b1 cb ifPhysAddress.54 = 00 12 79 88 b1 ca ifPhysAddress.55 = 00 12 79 88 b1 c9 ifPhysAddress.
PAGE 591
MAC Address Management Viewing the MAC Addresses of Connected Devices Viewing the MAC Addresses of Connected Devices Syntax: show mac-address [ | mac-addr | Lists the MAC addresses of the devices the switch has detected, along with the number of the specific port on which each MAC address was detected. [ port-list ] Lists the MAC addresses of the devices the switch has detected, on the specified port(s). [ mac-addr ] Lists the port on which the switch detects the specified MAC address.
PAGE 592
MAC Address Management Viewing the MAC Addresses of Connected Devices D-8
PAGE 593
E Monitoring Resources Contents Viewing Information on Resource Usage . . . . . . . . . . . . . . . . . . . . . . . E-2 Policy Enforcement Engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-2 Displaying Current Resource Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . E-3 When Insufficient Resources Are Available . . . . . . . . . . . . . . . . . . . .
PAGE 594
Monitoring Resources Viewing Information on Resource Usage Viewing Information on Resource Usage The switch allows you to view information about the current usage and availability of resources in the Policy Enforcement engine, including the following software features: ■ Access control lists (ACL) ■ Quality-of-service (QoS), including device and application port priority, and QoS policies ■ Dynamic assignment of per-port ACLs and QoS through RADIUS authen tication designated as “IDM”, with or without
PAGE 595
Monitoring Resources Viewing Information on Resource Usage ■ ACLs ■ QoS configurations that use the following commands: • QoS device priority (IP Address) through the CLI using the qos device-priority command • QoS application port through the CLI using qos tcp-port or qos udp-port ■ Management VLAN configuration ■ DHCP snooping ■ Dynamic ARP protection ■ Jumbo IP-MTU Resource usage on the following features, which are configured per-port, applies only to the port group on which the feature i
PAGE 596
Monitoring Resources Viewing Information on Resource Usage RADIUS-based authentication, and other features (for an explanation of this output, refer to the notes on page E-5).
PAGE 597
Monitoring Resources Viewing Information on Resource Usage Notes on show resources command output: ■ A 1:1 mapping of internal rules to configured policies in the switch does not necessarily exist. As a result, displaying current resource usage is the most reliable method for keeping track of available resources. Also, because some internal resources are used by multiple features, deleting a feature configuration may not increase the amount of available resources.
PAGE 598
Monitoring Resources When Insufficient Resources Are Available When Insufficient Resources Are Available The switch has ample resources for configuring features and supporting: Note ■ RADIUS-authenticated clients (with or without the optional IDM applica tion) ■ Virus throttling and blocking on individual clients. Virus throttling does not operate on IPv6 traffic.
PAGE 599
F Daylight Savings Time on ProCurve Switches This information applies to the following ProCurve switches: • • • • • • • 212M 224M 1600M 2400M 2424M 4000M 8000M • • • • • • • • • Series 2500 Series 2600 Series 2800 Series 2900 Series 2910al Series 3400cl Series 3500yl Series 4100gl Series 4200vl • • • • • • • Series 5300xl Series 5400zl Switch 6108 Switch 6200yl Series 6400cl Switch 8212zl ProCurve AdvanceStack Switches • ProCurve AdvanceStack Routers ProCurve switches provide a way to automatically a
PAGE 600
Daylight Savings Time on ProCurve Switches Middle Europe and Portugal: • Begin DST at 2am the first Sunday on or after March 25th. • End DST at 2am the first Sunday on or after September 24th. Southern Hemisphere: • Begin DST at 2am the first Sunday on or after October 25th. • End DST at 2am the first Sunday on or after March 1st. Western Europe: • Begin DST at 2am the first Sunday on or after March 23rd. • End DST at 2am the first Sunday on or after October 23rd.
PAGE 601
Daylight Savings Time on ProCurve Switches Before configuring a “User defined” Daylight Time Rule, it is important to understand how the switch treats the entries. The switch knows which dates are Sundays, and uses an algorithm to determine on which date to change the system clock, given the configured “Beginning day” and “Ending day”: ■ If the configured day is a Sunday, the time changes at 2am on that day.
PAGE 602
Daylight Savings Time on ProCurve Switches F-4
PAGE 603
Index Symbols => prompt … C-85 Numerics 802.1X effect, LLDP … 14-78 LLDP blocked … 14-45 802.1X access control authentication failure, SNMP notification … 14-26 SNMP notification of authentication failure … 14-26 A access manager … 14-13 operator … 14-13, 2-3 access control list See ACL. ACL debug messages … C-41 See also debug command. … E-2 gateway fails … C-12 resource usage … E-2, E-3 transferring command files … A-31, C-9 ACLs See ACL.
PAGE 604
Bootp/DHCP, LLDP … 14-53 broadcast limit … 10-17 broadcast storm … 12-3, C-19 broadcast traffic IPX … 10-17 RIP … 10-17 browser interface See web browser interface.
PAGE 605
copy command output … A-35, A-36, A-37 event log output … A-36 multiple config file, tftp … 6-35 software images … A-24 tftp show-tech … A-27 copy show tech … C-71 copy tftp show-tech … A-27 core dump downloading files via Web … C-83 enabling/disabling via CLI … C-80, C-81 transferring files … C-80 used to diagnose system failures … C-79 CPU utilization … B-6 cpu utilization data … B-8 custom, show tech … A-28 D date format, events … C-27 date, configure … 7-16 debug acl messages … C-41 compared to event l
PAGE 606
TFTP … A-5 troubleshooting … A-6 Xmodem … A-17 See also switch software. duplex advertisements … 14-55 duplex information, displaying … 14-72 duplicate MAC address See MAC address. Dyn1 See LACP. dynamic ARP protection resource usage … E-2 flow control constraints … 10-15 effect on rate-limiting … 13-6 global … 10-15 jumbo frames … 13-16 per-port … 10-15 terminal … 7-3 flow control, status … B-11 flow sampling … 14-4 friendly port names See port names, friendly.
PAGE 607
inactivity timeout … 7-4 inactivity-timer … 7-8 Inbound Telnet Enabled parameter … C-7 informs sending to trap receiver … 14-20 SNMP … 14-21 IP … 8-7 CLI access … 8-6 configuration … 8-2 DHCP/Bootp … 8-2 duplicate address … C-8 effect when address not used … 8-11 features available with and without … 8-11 gateway … 8-3, 8-4 menu access … 8-5, 8-3, 8-8 subnet … 8-3, 8-8, 8-2, 8-6 time server address … 9-9, 9-19 Time-To-Live … 8-7, 8-10, 8-7, 8-10 using for web browser interface … 5-5 web access … 8-10 IP add
PAGE 608
chassis ID … 14-53, 14-75, 14-80, 14-41, 14-54 data options … 14-42, 14-43, 14-39, 14-43, C-41, C-42, 14-45 DHCP/Bootp operation … 14-44 disable, per-port … 14-52, 14-73 ELIN … 14-38 enable/disable, global … 14-48 features … 14-37 general operation … 14-40, 14-75 holdtime multiplier … 14-49, 14-40 IEEE P802.
PAGE 609
moving to or from the CLI … 4-7 See also console. mesh jumbo frames … 13-17 MIB HP proprietary … 14-4 listing … 14-4 standard … 14-4 mirroring See port monitoring. MLTS … 14-39 module CLI command … 10-28 configuring when not inserted … 10-27 pre-configuring … 10-27 monitoring links between ports … 10-29 See port monitoring. monitoring traffic … B-24 monitoring, port … B-24 MPS, defined … 11-4 Multiline Telephone system … 14-39 multinetting … 8-3, 8-8 See also ACLs.
PAGE 610
PD, defined … 11-4 port-number priority … 11-7, 11-4, 11-5, 11-4, 11-7, 11-8, 11-4, 11-27, 11-6, 11-7 PSE, defined … 11-4 QoS classifiers … 11-27 related publications … 11-3 RPS, defined … 11-4 security … 11-26, 14-61, 11-23, 11-10 terminology … 11-4, 11-6, 11-13 viewing status … 11-20 VLAN assignments … 11-26 policy enforcement engine described … E-2 poll interval See TimeP.
PAGE 611
Public Safety Answering Point … 14-39 public SNMP community … 14-5, 14-13 Q QoS See Quality of Service. Quality of Service resource usage … E-2, E-3 quick configuration … 3-8 quick start … 1-8 R RADIUS web browser access … 5-9 RADIUS-assigned ACLs resources … E-2 rate display for ports … 10-11 rate-limiting caution … 13-3 displaying configuration … 13-5 edge ports … 13-3, 13-6, 13-5 how measured … 13-6 ICMP See ICMP rate-limiting.
PAGE 612
web browser access, RADIUS … 5-9 Self Test LED behavior during factory default reset … C-85 serial number … B-6 setmib, delay interval … 14-49 setmib, reinit delay … 14-51 setup screen … 1-8 severity level event log … C-26 selecting Event Log messages for debugging … C-56 sFlow … 14-4 agent … 14-33 CLI-owned versus SNMP-owned configurations … 14-34 configuring via the CLI … 14-34 destination … 14-33 sampling-polling information … 14-36, 14-34 SHA authentication … 14-9 show displaying specific output … C-75
PAGE 613
SSH enabling or disabling … A-13 TACACS exclusion … A-14 troubleshooting … A-16, C-19 standard MIB … 14-4 starting a console session … 3-4 startup-config viewing … 6-6 See also configuration. statistics … 3-7, B-4 statistics, clear counters … 6-11 status and counters access from console … 3-7 status and counters menu … B-5 status overview screen … 5-7 subnet … 8-8 subnet mask … 8-4, 8-6 See also IP masks. support changing default URL … 5-14 URL … 5-13 switch console See console.
PAGE 614
timesync, disabling … 9-23 Time-To-Live … 8-3, 8-5, 8-6, 8-10 See also TTL. time-to-live, LLDP … 14-41 Time-To-Live, on primary VLAN … 8-4 TLV … 14-40 TLVs, mandatory … 14-78 traceroute … C-88, C-90, C-93 asterisk … C-66 blocked route … C-67 fails … C-65 traffic monitoring … 14-5, 14-13 See also sFlow and RMON.
PAGE 615
USB autorun … A-39–A-44 AutoRun file … A-39 command file … A-39, A-43, A-39 enabling or disabling … A-43 LED indications … A-41 report outputs … A-41, A-39 secure-mode … A-43, A-40 troubleshooting … A-41 viewing config information … A-44 … A-19, A-39, A-41 copy command output … A-35, A-30, A-36, A-37, A-36, A-25 devices with secure partitions not supported … A-20 flash drives must be formatted … A-20 supported capabilities … A-20 uploading an ACL command file … A-33, A-19 viewing flash drive contents … A-20
PAGE 616
X Xmodem copy command output … A-35, A-36, A-37, A-36, A-28, A-25 download to primary or secondary flash … A-18 uploading an ACL command file … A-33, A-17 14 – Index
PAGE 617