ProCurve Series 6120 Blade Switches Management and Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP 6120G/XG Ethernet Blade Switch

August 2009

ProCurve Series 6120 Switches

Management and Configuration Guide

Summary of content (589 pages)

PAGE 1
ProCurve Series 6120 Switches Management and Configuration Guide August 2009
PAGE 2
© Copyright 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. All Rights Reserved. Warranty This document contains proprietary information, which is protected by copyright. No part of this document may be photocopied, reproduced, or translated into another language without the prior written consent of HewlettPackard.
PAGE 3
ii
PAGE 4
Contents Product Documentation About Your Switch Manual Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi Printed Publications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi Electronic Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi Software Feature Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxii 1 Getting Started Contents . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 5
Understanding Physical Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Understanding Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 Advantages of Using the Menu Interface . . . . . . . . . . . . . . . . . . . . . . . . 2-4 Advantages of Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5 General Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5 Information on Using the CLI .
PAGE 6
Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Privilege Levels at Logon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 Privilege Level Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Operator Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 7
Online Help for the Web Browser Interface . . . . . . . . . . . . . . . . . . . . 5-11 Support/Mgmt URLs Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-12 Support URL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13 Help and the Management Server URL . . . . . . . . . . . . . . . . . . . . . . . . 5-13 Using the PCM Server for Switch Web Help . . . . . . . . . . . . . . . . . . . . 5-14 Status Reporting Features . . . . . . . . .
PAGE 8
Setting the Default Flash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-21 Booting from the Default Flash (Primary or Secondary) . . . . . . 6-22 Booting from a Specified Flash . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-22 Using Reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-23 Multiple Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-25 General Operation . . . . . . . . . . . . . . .
PAGE 9
Interface Access: Console/Serial Link, Web, and Inbound Telnet . 7-3 Menu: Modifying the Interface Access . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 CLI: Modifying the Interface Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5 Denying Interface Access by Terminating Remote Management Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11 System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 10
General Steps for Running a Time Protocol on the Switch: . . . . . . . . 9-3 Disabling Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3 SNTP: Viewing, Selecting, and Configuring . . . . . . . . . . . . . . . . . . . . . 9-4 Menu: Viewing and Configuring SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . 9-5 CLI: Viewing and Configuring SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-8 Viewing the Current SNTP Configuration . . . . . . . . . . . . .
PAGE 11
Configuring a Broadcast Limit on the Switch . . . . . . . . . . . . . . . . . . 10-18 Configuring ProCurve Auto-MDIX . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-19 Web: Viewing Port Status and Configuring Port Parameters . . . . . 10-22 Using Friendly (Optional) Port Names . . . . . . . . . . . . . . . . . . . . . . . 10-23 Configuring and Operating Rules for Friendly Port Names . . . . . . . 10-23 Configuring Friendly Port Names . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 12
Default Port Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-21 LACP Notes and Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-22 Trunk Group Operation Using the “Trunk” Option . . . . . . . . . . . . 11-26 How the Switch Lists Trunk Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-27 Outbound Traffic Distribution Across Trunked Links . . . . . . . . . 11-27 12 Port Traffic Controls Contents . . . . . . . . . . . . . . . .
PAGE 13
Group Access Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-12 SNMPv3 Communities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-12 Menu: Viewing and Configuring non-SNMP version 3 Communities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-14 CLI: Viewing and Configuring SNMP Community Names . . . . 13-16 SNMP Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 14
LLDP-MED Topology Change Notification . . . . . . . . . . . . . . . . . 13-58 LLDP-MED Fast Start Control . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-60 Advertising Device Capability, Network Policy, PoE Status and Location Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-60 Configuring Location Data for LLDP-MED Devices . . . . . . . . . 13-63 Displaying Advertisement Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 15
CLI: Xmodem Download from a PC or UNIX Workstation to Primary or Secondary Flash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-21 Switch-to-Switch Download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-22 Menu: Switch-to-Switch Download to Primary Flash . . . . . . . . A-22 CLI: Switch-To-Switch Downloads . . . . . . . . . . . . . . . . . . . . . . . A-23 Using PCM+ to Update Switch Software . . . . . . . . . . . . . . . . . . . . . . A-24 Copying Software Images . . . . .
PAGE 16
Menu Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-8 CLI Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-9 Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-10 Menu: Displaying Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-10 CLI Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 17
Traffic Selection Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-36 Mirroring-Source Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . B-36 Selecting All Inbound/Outbound Traffic to Mirror . . . . . . . . . . . . . . B-36 Displaying a Mirroring Configuration . . . . . . . . . . . . . . . . . . . . . . . . . B-38 Displaying the Mirroring Configuration Summary . . . . . . . . . . B-38 Viewing Mirroring in the Current Configuration File . . . . . . . .
PAGE 18
Event Log Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-24 Menu: Displaying and Navigating in the Event Log . . . . . . . . . . . . . C-31 CLI: Displaying the Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-32 CLI: Clearing Event Log Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-32 CLI: Turning Event Numbering On . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 19
Viewing Switch Configuration and Operation . . . . . . . . . . . . . . . . . C-65 CLI: Viewing the Startup or Running Configuration File . . . . . . . . . C-65 Web: Viewing the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . C-65 CLI: Viewing a Summary of Switch Operational Data . . . . . . . . . . . C-65 Saving show tech Command Output to a Text File . . . . . . . . . . C-67 Customizing show tech Command Output . . . . . . . . . . . . . . . . .
PAGE 20
Viewing Information on Resource Usage . . . . . . . . . . . . . . . . . . . . . . . E-2 Policy Enforcement Engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-2 When Insufficient Resources Are Available . . . . . . . . . . . . . . . . . . . . E-3 F Daylight Savings Time on ProCurve Switches G Network Out-of-Band Management (OOBM) Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-1 Concepts . . . . . . . . . . . . .
PAGE 21
xx
PAGE 22
Product Documentation About Your Switch Manual Set Note For the latest version of switch documentation, please visit any of the following websites: www.procurve.com/manuals www.hp.com/go/bladesystem/documentation h18004.www1.hp.com/products/blades/components/c-class-tech-installing.html Printed Publications The publication listed below is printed and shipped with your switch. The latest version is also available in PDF format, as described in the Note at the top of this page.
PAGE 23
Software Feature Index This feature index indicates which manual to consult for information on a given software feature. Note This Index does not cover IPv6 capable software features. For information on IPv6 protocol operations and features (such as DHCPv6, DNS for IPv6, and Ping6), refer to the IPv6 Configuration Guide. Intelligent Edge Software Features. These features are automatically included on all switches.
PAGE 24
Intelligent Edge Software Features Manual Management Advanced and Traffic Configuration Management Downloading Software X Event Log X Factory Default Settings X Flow Control (802.
PAGE 25
Intelligent Edge Software Features Manual Management Advanced and Traffic Configuration Management Port Monitoring Multicast and Routing Access Security Guide X Port Security X Port Status X Port Trunking (LACP) X Port-Based Access Control (802.
PAGE 26
Intelligent Edge Software Features Manual Management Advanced and Traffic Configuration Management VLANs Multicast and Routing Access Security Guide X Web Authentication RADIUS Support X Web-based Authentication X Web UI X xxv
PAGE 27
1 Getting Started Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Command Syntax Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Command Prompts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Screen Simulations . . . . . . . . . . . . . . . . .
PAGE 28
Getting Started Introduction Introduction This guide is intended for use with the HP ProCurve 6120G/XG and 6120GX switches. It describes how to use the command line interface (CLI), Menu interface, and web browser to configure, manage, monitor, and troubleshoot switch operation. For an overview of product documentation for the above switches, refer to “Product Documentation” on page xiii. You can download documentation from the following web sites: www.procurve.com/manuals www.hp.
PAGE 29
Getting Started Conventions Command Prompts In the default configuration, your switch displays a CLI prompt similar to the following examples: ProCurve 6120G/XG Blade Switch# ProCurve 6120XG Blade Switch# To simplify recognition, this guide uses ProCurve to represent command prompts. For example: ProCurve# (You can use the hostname command to change the text in the CLI prompt.) Screen Simulations Displayed Text.
PAGE 30
Getting Started Sources for More Information Sources for More Information For information about switch operation and features not covered in this guide, consult the following sources: ■ Note Feature Index—For information on which manual to consult for a given software feature, refer to the “Software Feature Index” on page xiv.
PAGE 31
Getting Started Sources for More Information • ■ ■ Advanced Traffic Management Guide—Use this guide for information on topics such as: • VLANs: Static port-based and protocol VLANs, and dynamic GVRP VLANs • spanning-Tree: 802.1D (STP), 802.1w (RSTP), and 802.
PAGE 32
Getting Started Sources for More Information Getting Documentation From the Web To obtain the latest versions of documentation and release notes for your switch, go to any of the following web sites: www.procurve.com/manuals www.hp.com/go/bladesystem/documentation h18004.www1.hp.com/products/blades/components/c-class-tech-installing.html Online Help Menu Interface If you need information on specific parameters in the menu interface, refer to the online help provided in the interface.
PAGE 33
Getting Started Sources for More Information Command Line Interface If you need information on a specific command in the CLI, type the command name followed by help. For example: Figure 1-3. Example of CLI Help Web Browser Interface If you need information on specific features in the HP ProCurve Web Browser Interface (hereafter referred to as the “web browser interface”), use the online Help.
PAGE 34
Getting Started Need Only a Quick Start? The Help Button Figure 1-5. Button for Onboard Administrator Interface Online Help Need Only a Quick Start? IP Addressing If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, ProCurve recommends that you use the Switch Setup screen to quickly configure IP addressing. To do so, do one of the following: ■ Enter setup at the CLI Manager level prompt.
PAGE 35
Getting Started To Set Up and Install the Switch in Your Network ■ Instructions for physically installing the switch in your network ■ Quickly assigning an IP address and subnet mask, set a Manager password, and (optionally) configure other basic features. ■ Interpreting LED behavior. For the latest version of the Installation and Getting Started Guide for your switch, refer to “Getting Documentation From the Web” on page 1-6.
PAGE 36
Selecting a Management Interface Contents 2 Selecting a Management Interface Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Understanding Physical Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Understanding Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 Advantages of Using the Menu Interface . . . . . . . . . . . . . . . . . . . . . . . . 2-4 Advantages of Using the CLI .
PAGE 37
Selecting a Management Interface Overview Overview This chapter describes the following: ■ Physical Interfaces ■ Management interfaces ■ Advantages of using each interface Understanding Physical Interfaces Physical interfaces on the switch and the C-class enclosure it is installed in provide the following options for accessing the management interfaces described in the next section: 2-2 ■ Data ports on the switch console provide networked in-band access ■ Dedicated serial connection to the C-cla
PAGE 38
Selecting a Management Interface Understanding Management Interfaces Note The switches covered in this guide allow up to 6 console connections. Console session 1 always belongs to the serial console, console session 2 always belongs to the USB serial console, and the remaining 4 can be used via ssh or telnet from a network connection. Understanding Management Interfaces Management interfaces enable you to reconfigure the switch and to monitor switch status and performance.
PAGE 39
Selecting a Management Interface Advantages of Using the Menu Interface Advantages of Using the Menu Interface Figure 2-1.
PAGE 40
Selecting a Management Interface Advantages of Using the CLI Advantages of Using the CLI ProCurve> Prompt for Operator Level ProCurve# Prompt for Manager Level ProCurve(config)# Prompt for Global Configuration Level ProCurve()# Prompt for Context Configuration Levels For example: ProCurve(eth-1-5)# ProCurve(vlan-1)# Figure 2-2. Command Prompt Examples General Benefits ■ Provides access to the complete set of the switch configuration, performance, and diagnostic features.
PAGE 41
Selecting a Management Interface Advantages of Using the Web Browser Interface Advantages of Using the Web Browser Interface Figure 2-3.
PAGE 42
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus Advantages of Using ProCurve Manager or ProCurve Manager Plus You can operate ProCurve Manager and ProCurve Manager Plus (PCM and PCM+) from a PC on the network to monitor traffic, manage your hubs and switches, and proactively recommend network changes to increase network uptime and optimize performance. Easy to install and use, PCM and PCM+ are the answers to your management challenges. Figure 2-4.
PAGE 43
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus PCM and PCM+ enable greater control, uptime, and performance in your network: ■ ■ 2-8 Features and benefits of ProCurve Manager: • Network Status Summary: Upon boot-up, a network status screen displays high-level information on network devices, end nodes, events, and traffic levels. From here, users can research any one of these areas to get more details.
PAGE 44
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus • Device Software Updates: This feature automatically obtains new device software images from ProCurve and updates devices, allowing users to download the latest version or choose the desired version. Updates can be scheduled easily across large groups of devices, all at user-specified times.
PAGE 45
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus clears the banner window and prompts the user for a password (if configured). Following entry of the correct username/password information (or if no username/password is required), the switch then displays either the Registration page or the switch’s home page.
PAGE 46
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus Example of Configuring and Displaying a Banner Suppose a system operator wanted to configure the following banner message on her company’s switches: This is a private system maintained by the Allied Widget Corporation.
PAGE 47
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus ProCurve (config)# show running Running configuration: ; 498358-B21 #Z.14.04 Configuration Editor; Created on release hostname "ProCurve 6120 Blade Switch" vlan 1 name "DEFAULT_VLAN" untagged D1-4,S1-S2,X1-X2,C1 ip address dhcp-bootp exit banner motd "This is a private system maintained by the Allied Widget Corporation.
PAGE 48
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus If someone uses a Web browser to log in to the switch interface, the following message appears: Figure 2-9. Example of Web Browser Interface Result of the Login Banner Configuration Operating Notes ■ The default banner appears only when the switch is in the factory default configuration. Using no banner motd deletes the currently configured banner text and blocks display of the default banner.
PAGE 49
3 Using the Menu Interface Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Starting and Ending a Menu Session . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 How To Start a Menu Interface Session . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 How To End a Menu Session and Exit from the Console: . . . . . . . . . . 3-5 Main Menu Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 50
Using the Menu Interface Overview Overview This chapter describes the following features: ■ Overview of the Menu Interface (page 3-2) ■ Starting and ending a Menu session (page 3-3) ■ The Main Menu (page 3-7) ■ Screen structure and navigation (page 3-9) ■ Rebooting the switch (page 3-12) The menu interface operates through the switch console to provide you with a subset of switch commands in an easy-to-use menu format enabling you to: ■ Perform a “quick configuration” of basic parameters, such a
PAGE 51
Using the Menu Interface Starting and Ending a Menu Session Note If the switch has neither a Manager nor an Operator password, anyone having access to the console interface can operate the console with full manager privileges. Also, if you configure only an Operator password, entering the Operator password enables full manager privileges. For more information on passwords, refer to the Access Security Guide for your switch. Menu Interaction with Other Interfaces.
PAGE 52
Using the Menu Interface Starting and Ending a Menu Session How To Start a Menu Interface Session In its factory default configuration, the switch console starts with the CLI prompt. To use the menu interface with Manager privileges, go to the Manager level prompt and enter the menu command. 1. 2. 3. Use one of these methods to connect to the switch: • A PC terminal emulator or terminal • Telnet Do one of the following: • If you are using Telnet, go to step 3.
PAGE 53
Using the Menu Interface Starting and Ending a Menu Session Figure 3-1. Example of the Main Menu with Manager Privileges For a description of Main Menu features, see “Main Menu Features” on page 3-7. Note To configure the switch to start with the menu interface instead of the CLI, go to the Manager level prompt in the CLI, enter the setup command, and in the resulting display, change the Logon Default parameter to Menu.
PAGE 54
Using the Menu Interface Starting and Ending a Menu Session Asterisk indicates a configuration change that requires a reboot to activate. Figure 3-2. Example Indication of a Configuration Change Requiring a Reboot 1. In the current session, if you have not made configuration changes that require a switch reboot to activate, return to the Main Menu and press [0] (zero) to log out. Then just exit from the terminal program, turn off the terminal, or quit the Telnet session. 2.
PAGE 55
Using the Menu Interface Main Menu Features Main Menu Features Figure 3-3. The Main Menu View with Manager Privileges The Main Menu gives you access to these Menu interface features: ■ Status and Counters: Provides access to display screens showing switch information, port status and counters, and port and VLAN address tables. (Refer to Appendix B, “Monitoring and Analyzing Switch Operation”.
PAGE 56
Using the Menu Interface Main Menu Features 3-8 ■ Command Line (CLI): Selects the Command Line Interface at the same level (Manager or Operator) that you are accessing in the Menu interface. (Refer to Chapter 4, “Using the Command Line Interface (CLI)”.) ■ Reboot Switch: Performs a “warm” reboot of the switch, which clears most temporary error conditions, resets the network activity counters to zero, and resets the system up-time to zero.
PAGE 57
Using the Menu Interface Screen Structure and Navigation Screen Structure and Navigation Menu interface screens include these three elements: ■ Parameter fields and/or read-only information such as statistics ■ Navigation and configuration actions, such as Save, Edit, and Cancel ■ Help line to describe navigation options, individual parameters, and readonly data For example, in the following System Information screen: Screen title – identifies the location within the menu structure Parameter fields
PAGE 58
Using the Menu Interface Screen Structure and Navigation Table 3-1. 3-10 How To Navigate in the Menu Interface Task: Actions: Execute an action from the “Actions –>” list at the bottom of the screen: Use either of the following methods: • Use the arrow keys ([<], or [>]) to highlight the action you want to execute, then press [Enter]. • Press the key corresponding to the capital letter in the action name.
PAGE 59
Using the Menu Interface Screen Structure and Navigation To get Help on individual parameter descriptions. In most screens there is a Help option in the Actions line. Whenever any of the items in the Actions line is highlighted, press [H], and a separate help screen is displayed. For example: Pressing [H] or highlighting Help and pressing [Enter] displays Help for the parameters listed in the upper part of the screen Highlight on any item in the Actions line indicates that the Actions line is active.
PAGE 60
Using the Menu Interface Rebooting the Switch Rebooting the Switch Rebooting the switch from the menu interface ■ Terminates all current sessions and performs a reset of the operating system ■ Activates any menu interface configuration changes that require a reboot ■ Resets statistical counters to zero (Note that statistical counters can be reset to zero without rebooting the switch.) To Reboot the switch, use the Reboot Switch option in the Main Menu.
PAGE 61
Using the Menu Interface Rebooting the Switch Rebooting To Activate Configuration Changes. Configuration changes for most parameters in the menu interface become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the Maximum VLANs to support parameter. (To access this parameter, go to the Main Menu and select: 2. Switch Configuration 8. VLAN Menu 1. VLAN Support.
PAGE 62
Using the Menu Interface Menu Features List Menu Features List Status and Counters • General System Information • Switch Management Address Information • Port Status • Port Counters • Address Table • Port Address Table Switch Configuration • System Information • Port/Trunk Settings • Network Monitoring Port • IP Configuration • SNMP Community Names • IP authorized Managers • VLAN Menu Console Passwords Event Log Command Line (CLI) Reboot Switch Download OS (Download Switch Softwar
PAGE 63
Using the Menu Interface Where To Go From Here Where To Go From Here This chapter provides an overview of the menu interface and how to use it. The following table indicates where to turn for detailed information on how to use the individual features available through the menu interface. Option: Turn to: To use the Run Setup option Refer to the Installation and Getting Started Guide.
PAGE 64
4 Using the Command Line Interface (CLI) Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Privilege Levels at Logon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 65
Using the Command Line Interface (CLI) Overview Overview The CLI is a text-based command interface for configuring and monitoring the switch. The CLI gives you access to the switch’s full set of commands while providing the same password protection that is used in the web browser interface and the menu interface. Accessing the CLI Like the menu interface, the CLI is accessed through the switch console, and in the switch’s factory default state, is the default interface when you start a console session.
PAGE 66
Using the Command Line Interface (CLI) Using the CLI When you use the CLI to make a configuration change, the switch writes the change to the Running-Config file in volatile memory. This allows you to test your configuration changes before making them permanent. To make changes permanent, you must use the write memory command to save them to the Startup-Config file in non-volatile memory.
PAGE 67
Using the Command Line Interface (CLI) Using the CLI Caution ProCurve strongly recommends that you configure a Manager password. If a Manager password is not configured, then the Manager level is not passwordprotected, and anyone having in-band or out-of-band access to the switch may be able to reach the Manager level and compromise switch and network security. Note that configuring only an Operator password does not prevent access to the Manager level by intruders who have the Operator password.
PAGE 68
Using the Command Line Interface (CLI) Using the CLI Manager Privileges Manager privileges give you three additional levels of access: Manager, Global Configuration, and Context Configuration. A “#” character delimits any Manager prompt. For example: ProCurve#_ ■ Example of the Manager prompt. Manager level: Provides all Operator level privileges plus the ability to perform system-level actions that do not require saving changes to the system configuration file.
PAGE 69
Using the Command Line Interface (CLI) Using the CLI Table 4-1. Privilege Level Hierarchy Privilege Level Example of Prompt and Permitted Operations Operator Privilege Operator Level ProCurve> show < command > setup View status and configuration information. ping < argument > link-test < argument > Perform connectivity tests. enable Move from the Operator level to the Manager level. menu Move from the CLI interface to the menu interface.
PAGE 70
Using the Command Line Interface (CLI) Using the CLI How To Move Between Levels Change in Levels Example of Prompt, Command, and Result Operator level to Manager level ProCurve> enable Password:_ After you enter enable, the Password prompt appears.
PAGE 71
Using the Command Line Interface (CLI) Using the CLI For example, if you use the menu interface to configure an IP address of “X” for VLAN 1 and later use the CLI to configure a different IP address of “Y” for VLAN 1, then “Y” replaces “X” as the IP address for VLAN 1 in the runningconfig file. If you subsequently execute write memory in the CLI, then the switch also stores “Y” as the IP address for VLAN 1 in the startup-config file.
PAGE 72
Using the Command Line Interface (CLI) Using the CLI Typing ? at the Manager level produces this listing: When - - MORE - - appears, use the Space bar or [Return] to list additional commands. Figure 4-4.Example of the Manager-Level Command Listing When - - MORE - - appears, there are more commands in the listing. To list the next screenfull of commands, press the Space bar. To list the remaining commands one-by-one, repeatedly press [Enter].
PAGE 73
Using the Command Line Interface (CLI) Using the CLI As mentioned above, if you type part of a command word and press [Tab], the CLI completes the current word (if you have typed enough of the word for the CLI to distinguish it from other possibilities), including hyphenated extensions. For example: ProCurve(config)# port-[Tab] ProCurve(config)# port-security _ Pressing [Tab] after a completed command word lists the further options for that command.
PAGE 74
Using the Command Line Interface (CLI) Using the CLI Displaying CLI “Help” CLI Help provides two types of context-sensitive information: ■ Command list with a brief summary of each command’s purpose ■ Detailed information on how to use individual commands Displaying Command-List Help. Syntax: help Displays a listing of command Help summaries for all commands available at the current privilege level.
PAGE 75
Using the Command Line Interface (CLI) Using the CLI Figure 4-7.Example of How To Display Help for a Specific Command Note that trying to list the help for an individual command from a privilege level that does not include that command results in an error message.
PAGE 76
Using the Command Line Interface (CLI) Using the CLI Configuration Commands and the Context Configuration Modes You can execute any configuration command in the global configuration mode or in selected context modes. However, using a context mode enables you to execute context-specific commands faster, with shorter command strings. The switch offers interface (port or trunk group) and VLAN context configuration modes: Port or Trunk-Group Context.
PAGE 77
Using the Command Line Interface (CLI) Using the CLI In the port context, the first block of commands in the “?” listing show the context-specific commands that will affect only ports C3-C6. The remaining commands in the listing are Manager, Operator, and context commands. Figure 4-8.
PAGE 78
Using the Command Line Interface (CLI) Using the CLI VLAN Context . Includes VLAN-specific commands that apply only to the selected VLAN, plus Manager and Operator commands. The prompt for this mode includes the VLAN ID of the selected VLAN. For example, if you had already configured a VLAN with an ID of 100 in the switch: ProCurve(config)# vlan 100 Command executed at configuration level to enter VLAN 100 context. ProCurve(vlan-100)# Resulting prompt showing VLAN 100 context.
PAGE 79
Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing Executing a Prior Command—Redo The redo command executes a prior command in the history list. Syntax: redo [number | command-str] Re-executes a command from history. Executes the last command by default. number: The position of the command to execute in the history list. When number is specified, the nth command starting from the most recent command in the history is executed.
PAGE 80
Using the Command Line Interface (CLI) CLI Control and Editing Syntax: repeat [cmdlist] [count] [delay] Repeats execution of a previous command. Repeats the last command by default until a key is pressed. cmdlist: If a number or range of numbers is specified, the command repeats the nth most recent commands (where “n” is the position in the history list). count: Repeats the command for the number of times specified. delay: The command repeats execution after a delay for the number of seconds specified.
PAGE 81
Using the Command Line Interface (CLI) CLI Control and Editing Using a Command Alias You can create a simple command alias to use in place of a command name and its options. Choose an alias name that is not an existing CLI command already. Existing CLI commands are searched before looking for an alias command; an alias that is identical to an existing command will not be executed. The alias command is executed from the current configuration context (operator, manager, or global).
PAGE 82
Using the Command Line Interface (CLI) CLI Control and Editing ProCurve(config)# show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi Status and Counters - Custom Port Status Port ---1 2 3 4 Name ---------Acco Huma Deve Lab1 Type ---------100/1000T 100/1000T 100/1000T 100/1000T VLAN ----1 1 1 1 Intrusion Alert --------No No No No Speed ------1000FDx 1000FDx 1000FDx 1000FDx Enabled ------Yes Yes Yes Yes MDI-mode -------Auto Auto Auto Auto ProCurve(config)# alias sic “show int custo
PAGE 83
Using the Command Line Interface (CLI) CLI Control and Editing ProCurve(config)# show alias Name -------------------sc sic Command -----------------------------show config show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi Figure 4-13. Example of Alias Commands and Their Configurations CLI Shortcut Keystrokes Keystrokes Function [Ctrl] [A] Jumps to the first character of the command line. [Ctrl] [B] or [<] Moves the cursor back one character.
PAGE 84
5 Using the ProCurve Web Browser Interface Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 General Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Starting a Web Browser Interface Session with the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4 Using a Standalone Web Browser in a PC or UNIX Workstation . . . .
PAGE 85
Using the ProCurve Web Browser Interface Overview Overview The ProCurve web browser interface built into the switch lets you easily access the switch from a browser-based PC on your network. This lets you do the following: ■ Optimize your network uptime by using the Alert Log and other diagnostic tools ■ Make configuration changes to the switch ■ Maintain security by configuring usernames and passwords This chapter covers the following: ■ General features (page 5-3).
PAGE 86
Using the ProCurve Web Browser Interface General Features General Features The web browser interface includes these features: Switch Identity and Status: • General system data • Software version • IP address • Status Overview • Port utilization • Port counters • Port status • Alert log Switch Configuration: • Device view • Port configuration • VLAN configuration • Fault detection • Quality of service (QoS) • Port monitoring (mirroring) • System information • IP configuration • Support and management server
PAGE 87
Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Switch Starting a Web Browser Interface Session with the Switch You can start a web browser session in the following ways: ■ ■ Using a standalone web browser on a network connection from a PC or UNIX workstation: • Directly connected to your network • Connected through remote access to your network Using a network management station running ProCurve Manager on your network Using a Standalone Web Browser in a P
PAGE 88
Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Switch Using ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+) ProCurve Manager and ProCurve Manager Plus are designed for installation on a network management workstation. For this reason, the system requirements are different from the system requirements for accessing the switch’s web browser interface from a non-management PC or workstation.
PAGE 89
Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Switch First time install alert Figure 5-1.
PAGE 90
Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Tasks for Your First ProCurve Web Browser Interface Session The first time you access the web browser interface, there are three tasks you should perform: ■ Review the “First Time Install” window ■ Set Manager and Operator passwords ■ Set access to the web browser interface online help Viewing the “First Time Install” Window When you access the switch’s web browser interface for the first time, the Al
PAGE 91
Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session This window is the launching point for the basic configuration you need to perform to set web browser interface passwords for maintaining security and a fault detection policy, which determines the types of messages that the Alert Log displays. To set web browser interface passwords, click on secure access to the device to display the Device Passwords screen, and then go to the next page.
PAGE 92
Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Figure 5-3. The Device Passwords Window To set the passwords: 1. 2. Access the Device Passwords screen by one of the following methods: • If the Alert Log includes a “First Time Install” event entry, double click on this event, then, in the resulting display, click on the secure access to the device link. • Select the Security tab.
PAGE 93
Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Entering a User Name and Password Figure 5-4. Example of the Password Prompt in the Web Browser Interface The manager and operator passwords are used to control access to all switch interfaces. Once set, you will be prompted to supply the password every time you try to access the switch through any of its interfaces.
PAGE 94
Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session The Clear button is provided for your convenience, but its presence means that if you are concerned with the security of the switch configuration and operation, you should make sure the switch is installed in a secure location, such as a locked wiring closet.
PAGE 95
Using the ProCurve Web Browser Interface Support/Mgmt URLs Feature Support/Mgmt URLs Feature The Support/Mgmt URLs window enables you to change the World Wide Web Universal Resource Locator (URL) for two functions: ■ Support URL – A support information site for your switch ■ Management Server URL – The web site for web browser online Help 1. Click Here 2. Click Here 3.
PAGE 96
Using the ProCurve Web Browser Interface Support/Mgmt URLs Feature Support URL For technical support, go to: www.hp.com/#Support. Help and the Management Server URL The Management Server URL field specifies the URL the switch uses to find online Help for the web browser interface. ■ If you install PCM (ProCurve Manager) in your network, the PCM management station acts as the web browser Help server for the switch and automatically inserts the necessary URL in this field.
PAGE 97
Using the ProCurve Web Browser Interface Support/Mgmt URLs Feature Using the PCM Server for Switch Web Help For ProCurve devices that support the “Web Help” feature, you can use the PCM server to host the switch help files for devices that do not have HTTP access to the ProCurve Support Web site. 1. Go to the ProCurve Support web site to get the Device Help files: www.hp.com//rnd/device_help/ 2.
PAGE 98
Using the ProCurve Web Browser Interface Support/Mgmt URLs Feature 3. Add an entry, or edit the existing entry in the Discovery portion of the global properties (globalprops.prp) in PCM to redirect the switches to the help files on the PCM server. For example: Global { TempDir=data/temp ... Discovery{ ... ... DeviceHelpUrlRedirect=http://15.29.37.12.8040/rnd/device_help ... } } You will enter the IP address for your PCM server. 8040 is the standard port number to use. 4.
PAGE 99
Using the ProCurve Web Browser Interface Status Reporting Features Status Reporting Features Browser elements covered in this section include: ■ The Overview window (below) ■ Port utilization and status (page 5-17) ■ The Alert log (page 5-20) ■ The Status bar (page 5-22) The Overview Window The Overview Window is the home screen for any entry into the web browser interface.The following figure identifies the various parts of the screen.
PAGE 100
Using the ProCurve Web Browser Interface Status Reporting Features Policy Management and Configuration. PCM can perform network-wide policy management and configuration of your switch. The Management Server URL field (page 5-13) shows the URL for the management station performing that function. For more information, refer to the documentation provided with the PCM software.
PAGE 101
Using the ProCurve Web Browser Interface Status Reporting Features ■ % Error Pkts Rx: All error packets received by the port. (This indicator is a reddish color on many systems.) Although errors received on a port are not propagated to the rest of the network, a consistently high number of errors on a specific port may indicate a problem on the device or network segment connected to the indicated port.
PAGE 102
Using the ProCurve Web Browser Interface Status Reporting Features Figure 5-11. Display of Numerical Values for the Bar Port Status Port Status Indicators Legend Figure 5-12. The Port Status Indicators and Legend The Port Status indicators show a symbol for each port that indicates the general status of the port. There are four possible statuses: ■ Port Connected – the port is enabled and is properly connected to an active network device.
PAGE 103
Using the ProCurve Web Browser Interface Status Reporting Features The Alert Log The web browser interface Alert Log, shown in the lower half of the screen, shows a list of network occurrences, or alerts, that were detected by the switch. Typical alerts are Broadcast Storm, indicating an excessive number of broadcasts received on a port, and Problem Cable, indicating a faulty cable. A full list of alerts is shown in the table on page 5-21. Figure 5-13.
PAGE 104
Using the ProCurve Web Browser Interface Status Reporting Features Alert Types and Detailed Views As of June, 2007, the web browser interface generates the following alert types: • • • • • • • • • Note Auto Partition Backup Transition Excessive broadcasts Excessive CRC/alignment errors Excessive jabbering Excessive late collisions First Time Install Full-Duplex Mismatch Half-Duplex Mismatch • • • • • • • • High collision or drop rate Loss of Link Mis-Configured SQE Network Loop Polarity Reversal Securi
PAGE 105
Using the ProCurve Web Browser Interface Status Reporting Features Figure 5-14. Example of Alert Log Detail View The Status Bar The Status Bar appears in the upper left corner of the web browser interface window. Figure 5-15 shows an expanded view of the status bar. Status Indicator Most Critical Alert Description Product Name Figure 5-15.
PAGE 106
Using the ProCurve Web Browser Interface Status Reporting Features The Status bar includes four objects: ■ Status Indicator. Indicates, by icon, the severity of the most critical alert in the current display of the Alert Log. This indicator can be one of four shapes and colors, as shown below. Table 5-1. Status Indicator Key Color Blue Green Switch Status Normal Activity; “First time installation” information available in the Alert log.
PAGE 107
Using the ProCurve Web Browser Interface Status Reporting Features Setting Fault Detection Policy One of the powerful features in the web browser interface is the Fault Detection facility. For your switch, this feature controls the types of alerts reported to the Alert Log based on their level of severity. Set this policy in the Fault Detection window (figure 5-16). Figure 5-16.
PAGE 108
Using the ProCurve Web Browser Interface Status Reporting Features To provide the most information on network problems in the Alert Log, the recommended sensitivity level for Log Network Problems is High Sensitivity. The Fault Detection settings are: ■ High Sensitivity. This policy directs the switch to send all alerts to the Alert Log. This setting is most effective on networks that have none or few problems. ■ Medium Sensitivity.
PAGE 109
6 Switch Memory and Configuration Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 Configuration File Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 Using the CLI To Implement Configuration Changes . . . . . . . . . . . . 6-6 Using the Menu and Web Browser Interfaces To Implement Configuration Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 110
Switch Memory and Configuration Contents Changing or Overriding the Reboot Configuration Policy . . . . . . . . . 6-30 Managing Startup-Config Files in the Switch . . . . . . . . . . . . . . . . . . . 6-32 Renaming an Existing Startup-Config File . . . . . . . . . . . . . . . . . . 6-33 Creating a New Startup-Config File . . . . . . . . . . . . . . . . . . . . . . . . 6-33 Erasing a Startup-Config File . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 111
Switch Memory and Configuration Overview Overview This chapter describes: ■ How switch memory manages configuration changes ■ How the CLI implements configuration changes ■ How the menu interface and web browser interface implement configuration changes ■ How the switch provides software options through primary/secondary flash images ■ How to use the switch’s primary and secondary flash options, including displaying flash information, booting or restarting the switch, and other topics Configurati
PAGE 112
Switch Memory and Configuration Configuration File Management ■ Startup-config File: Exists in flash (non-volatile) memory and is used to preserve the most recently-saved configuration as the “permanent” configuration. Booting the switch replaces the current running-config file with a new running-config file that is an exact copy of the current startup-config file.
PAGE 113
Switch Memory and Configuration Configuration File Management The above command disables port 5 in the running-config file, but not in the startup-config file. Port 5 remains disabled only until the switch reboots. If you want port 5 to remain disabled through the next reboot, use write memory to save the current running-config file to the startup-config file in flash memory.
PAGE 114
Switch Memory and Configuration Using the CLI To Implement Configuration Changes Using the CLI To Implement Configuration Changes The CLI offers these capabilities: ■ Access to the full set of switch configuration features ■ The option of testing configuration changes before making them permanent How To Use the CLI To View the Current Configuration Files. Use show commands to view the configuration for individual features, such as port status or Spanning Tree Protocol.
PAGE 115
Switch Memory and Configuration Using the CLI To Implement Configuration Changes 3. Observe the switch’s performance with the new parameter settings to verify the effect of your changes. 4. When you are satisfied that you have the correct parameter settings, use the write memory command to copy the changes to the startup-config file. Syntax: write memory Saves the running configuration file to the startup-config. The saved configuration becomes the boot-up configuration of the switch on the next boot.
PAGE 116
Switch Memory and Configuration Using the CLI To Implement Configuration Changes How To Cancel Changes You Have Made to the Running-Config File. If you use the CLI to change parameter settings in the running-config file, and then decide that you don’t want those changes to remain, you can use either of the following methods to remove them: ■ Manually enter the earlier values you had for the changed settings.
PAGE 117
Switch Memory and Configuration Using the CLI To Implement Configuration Changes Note If you use the CLI to make a change to the running-config file, you should either use the write memory command or select the save option allowed during a reboot (figure 6-6-2, above) to save the change to the startup-config file.
PAGE 118
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Using the Menu and Web Browser Interfaces To Implement Configuration Changes The menu and web browser interfaces offer these advantages: ■ Quick, easy menu or window access to a subset of switch configuration features ■ Viewing several related configuration parameters in the same screen, with their default and current settings ■ Immediately changing both the running-config file and the startup-
PAGE 119
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes To save and implement the changes for all parameters in this screen, press the [Enter] key, then press [S] (for Save). To cancel all changes, press the [Enter] key, then press [C] (for Cancel) Figure 6-4.
PAGE 120
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Optional Reboot Switch Command Figure 6-5. The Reboot Switch Option in the Main Menu Rebooting To Activate Configuration Changes. Configuration changes for most parameters become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the Maximum VLANs to support parameter. (To access these parameters, go to the Main menu and select 2.
PAGE 121
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Asterisk indicates a configuration change that requires a reboot in order to take effect. Reminder to reboot the switch to activate configuration changes. Figure 6-6.
PAGE 122
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Using Primary and Secondary Flash Image Options The switches covered in this guide feature two flash memory locations for storing switch software image files: ■ Primary Flash: The default storage for a switch software image. ■ Secondary Flash: The additional storage for either a redundant or an alternate switch software image.
PAGE 123
Switch Memory and Configuration Using Primary and Secondary Flash Image Options For example, if the switch is using a software version of K.12.XX stored in Primary flash, show version produces the following: ProCurve(config)# show version Image stamp: /sw/code/build/vern(t4br) Jul 27 2009 13:42:40 Z.14.04 1037 Boot Image: Primary Build Options: QA Watchdog: ENABLED Figure 6-7. Example Showing the Identity of the Current Flash Image Determining Whether the Flash Images Are Different Versions.
PAGE 124
Switch Memory and Configuration Using Primary and Secondary Flash Image Options switch from the opposite flash image and using show version again, you can determine the version(s) of switch software in both flash sources. For example: 1. In this example show version indicates the switch has version Z.14.04 in primary flash. ProCurve(config)# show version Image stamp: Boot Image: 2. After the boot system command, show version indicates that version Z.14.04 is in secondary flash.
PAGE 125
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Note xmodem should not be used over the OA serial console. It should only be used over the USB serial console connection. Download Interruptions. In most cases, if a power failure or other cause interrupts a flash image download, the switch reboots with the image previously stored in primary flash.
PAGE 126
Switch Memory and Configuration Using Primary and Secondary Flash Image Options flash image in RAM. Do not reboot the switch. Instead, immediately download another valid flash image to primary or secondary flash. Otherwise, if the switch is rebooted without a software image in either primary or secondary flash, the temporary flash image in RAM will be cleared and the switch will go down. To recover, refer to “Restoring a Flash Image” on page C-77 (in the “Troubleshooting” Appendix).
PAGE 127
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Syntax: erase flash < primary | secondary > For example, to erase the software image in primary flash, do the following: 1. First verify that a usable flash image exists in secondary flash. The most reliable way to ensure this is to reboot the switch from the flash image you want to retain.
PAGE 128
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Image does not exist Operation aborted. Interaction of Primary and Secondary Flash Images with the Current Configuration. The switch has one startup-config file (page 6-3), which it always uses for reboots, regardless of whether the reboot is from primary or secondary flash. Also, for rebooting purposes, it is not necessary for the software image and the startup-config file to support identical software features.
PAGE 129
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Table 6-2. Comparing the Boot and Reload Commands Actions Included In Boot? Included In Reload Note Save all configuration changes since the last boot or reload Optional, with prompt Optional with reload , when prompt displays. Not saved with reload at/after commands; No prompt is displayed. Config changes saved to the startup-config file if “y” is selected (reload command).
PAGE 130
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Booting from the Default Flash (Primary or Secondary) The boot command boots the switch from the flash image that you are currently booted on, or the flash image that was set either by the boot setdefault command or by the last executed boot system flash command. This command also executes the complete set of subsystem selftests. You have the option of specifying a configuration file.
PAGE 131
Switch Memory and Configuration Using Primary and Secondary Flash Image Options ProCurve(config)# boot system flash secondary System will be rebooted from secondary image. Do you want to continue [y/n]? Figure 6-15. Example of Boot Command with Secondary Flash Option In the above example, typing either a y or n at the second prompt initiates the reboot operation. Using the Fastboot feature.
PAGE 132
Switch Memory and Configuration Using Primary and Secondary Flash Image Options ProCurve(config)# max-vlans 12 Command will take effect after saving configuration and reboot. ProCurve(config)# reload This command will cause a switchover to the other management module which may not be running the same software image and configurations. Do you want to continue [y/n]? y Figure 6-16. Using Reload with Redundant Management and Pending Configuration Changes Scheduled Reload.
PAGE 133
Switch Memory and Configuration Multiple Configuration Files Multiple Configuration Files Action Page Listing and Displaying Startup-Config Files 6-29 Changing or Overriding the Reboot Configuration Policy 6-30 Managing Startup-Config Files Renaming Startup-Config Files 6-33 Copying Startup-Config Files 6-33 Erasing Startup-Config Files 6-35 Effect of Using the Clear + Reset Buttons 6-37 Copying Startup-Config Files to or from a Remote Server 6-37 This method of operation means that you can
PAGE 134
Switch Memory and Configuration Multiple Configuration Files ■ Transitions from one software release to another can be performed while maintaining a separate configuration for the different software release versions.
PAGE 135
Switch Memory and Configuration Multiple Configuration Files 2. Use the CLI to make configuration changes in the running-config file, and then execute write mem. The result is that the startup-config file used to reboot the switch is modified by the actions in step 2.
PAGE 136
Switch Memory and Configuration Multiple Configuration Files ■ Saves a copy of the existing startup-config file in memory slot 2 with the filename workingConfig. ■ Assigns the workingConfig file as the active configuration and the default configuration for all subsequent reboots using either primary or secondary flash. Figure 6-19.
PAGE 137
Switch Memory and Configuration Multiple Configuration Files Listing and Displaying Startup-Config Files Command Page show config files show config < filename > Below 6-30 Viewing the Startup-Config File Status with Multiple Configuration Enabled Rebooting the switch automatically enables the multiple configuration feature. Syntax: show config files This command displays the available startup-config files on the switch and the current use of each file.
PAGE 138
Switch Memory and Configuration Multiple Configuration Files Displaying the Content of A Specific Startup-Config File With Multiple Configuration enabled, the switch can have up to three startupconfig files. Because the show config command always displays the content of the currently active startup-config file, the command extension shown below is needed to allow viewing the contents of any other startup-config files stored in the switch.
PAGE 139
Switch Memory and Configuration Multiple Configuration Files Syntax: startup-default [ primary | secondary ] config < filename > Specifies a boot configuration policy option: [ primary | secondary ] config < filename >: Designates the startup-config file to use in a reboot with the software version stored in a specific flash location. Use this option to change the reboot policy for either primary or secondary flash, or both.
PAGE 140
Switch Memory and Configuration Multiple Configuration Files ProCurve(config)# startup-default pri config minconfig ProCurve(config) # startup-default sec config newconfig. Overriding the Default Reboot Configuration Policy. This command provides a method for manually rebooting with a specific startup-config file other than the file specified in the default reboot configuration policy.
PAGE 141
Switch Memory and Configuration Multiple Configuration Files Renaming an Existing Startup-Config File Syntax: rename config < current-filename > < newname-str > This command changes the name of an existing startupconfig file. A file name can include up to 63, alphanumeric characters. Blanks are allowed in a file name enclosed in quotes (“ “ or ‘ ‘). (File names are not case-sensitive.
PAGE 142
Switch Memory and Configuration Multiple Configuration Files This command makes a local copy of an existing startupconfig file by copying the contents of an existing startupconfig file in one memory slot to a new startup-config file in another, empty memory slot. This enables you to use a separate configuration file to experiment with configuration changes, while preserving the source file unchanged.
PAGE 143
Switch Memory and Configuration Multiple Configuration Files If you wanted to experiment with configuration changes to the software version in secondary flash, you could create and assign a separate startupconfig file for this purpose. The first two commands copy the config1 startup-config file to config2, and then make config2 the default startup-config file for booting from secondary flash. Figure 6-21.
PAGE 144
Switch Memory and Configuration Multiple Configuration Files Note: Where a file is assigned to either the primary or the secondary flash, but is not the currently active startupconfig file, erasing the file does not remove the flash assignment from the memory slot for that file. Thus, if the switch boots using a flash location that does not have an assigned startup-config, then the switch creates a new, default startup-config file and uses this file in the reboot.
PAGE 145
Switch Memory and Configuration Multiple Configuration Files With the same memory configuration as is shown in the bottom portion of figure 6-22, executing erase startup-config boots the switch from primary flash, resulting in a new file named minconfig in the same memory slot. The new file contains the default configuration for the software version currently in primary flash.
PAGE 146
Switch Memory and Configuration Multiple Configuration Files copy config < src-file > xmodem < pc | unix > [oobm] 6-40 copy xmodem config < dest-file > < pc | unix > [oobm] 6-40 TFTP: Copying a Configuration File to a Remote Host Syntax: copy config < src-file > tftp < ip-addr > < remote-file > < pc | unix > [oobm] This is an addition to the copy tftp command options. Use this command to upload a configuration file from the switch to a TFTP server.
PAGE 147
Switch Memory and Configuration Multiple Configuration Files TFTP: Copying a Configuration File from a Remote Host Syntax: copy tftp config < dest-file > < ip-addr > < remote-file > < pc | unix > [oobm] This is an addition to the copy tftp command options. Use this command to download a configuration file from a TFTP server to the switch. The oobm parameter specifies that the copy operation will go out from the out-of-band management interface.
PAGE 148
Switch Memory and Configuration Multiple Configuration Files Xmodem: Copying a Configuration File to a Serially Connected Host Syntax: copy config < filename > xmodem < pc | unix > [oobm] This is an addition to the copy < config > xmodem command options. Use this command to upload a configuration file from the switch to an Xmodem host. The oobm parameter specifies that the copy operation will go out from the out-of-band management interface.
PAGE 149
Switch Memory and Configuration Automatic Configuration Update with DHCP Option 66 Operating Notes for Multiple Configuration Files ■ SFTP/SCP: The configuration files are available for sftp/scp transfer as /cfg/< filename >. Automatic Configuration Update with DHCP Option 66 ProCurve switches are initially booted up with the factory-shipped configuration file. This feature provides a way to automatically download a different configuration file from a TFTP server using DHCP Option 66.
PAGE 150
Switch Memory and Configuration Automatic Configuration Update with DHCP Option 66 Possible Scenarios for Updating the Configuration File The following table shows various network configurations and how Option 66 is handled. Scenario Behavior Single Server serving Multiple VLANs • Each DHCP-enabled VLAN interface initiates DHCPDISCOVER message, receives DHCPOFFER from the server, and send DHCPREQUEST to obtain the offered parameters.
PAGE 151
Switch Memory and Configuration Automatic Configuration Update with DHCP Option 66 Global DHCP Parameters: Global parameters are processed only if received on the primary VLAN. Best Offer: The “Best Offer” is the best DHCP or BootP offer sent by the DHCP server in response to the DHCPREQUEST sent by the switch.
PAGE 152
7 Interface Access and System Information Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Interface Access: Console/Serial Link, Web, and Inbound Telnet . 7-3 Menu: Modifying the Interface Access . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 CLI: Modifying the Interface Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5 Denying Interface Access by Terminating Remote Management Sessions . . . . . . . . .
PAGE 153
Interface Access and System Information Overview Overview This chapter describes how to: ■ View and modify the configuration for switch interface access ■ Use the CLI kill command to terminate a remote session ■ View and modify switch system information For help on how to actually use the interfaces built into the switch, refer to: ■ Chapter 3, “Using the Menu Interface” ■ Chapter 4, “Using the Command Line Interface (CLI)” ■ Chapter 5, “Using the ProCurve Web Browser Interface” Why Configure I
PAGE 154
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access Features Feature Inactivity Time Inbound Telnet Access Outbound Telnet Access Web Browser Interface Access Terminal type Event Log event types to list (Displayed Events) Baud Rate Flow Control Default Menu CLI Web 0 Minutes (disabled) page 7-4 page 7-8 — Enabled page 7-4 page 7-5 — n/a — page 7-6 — Enabled pa
PAGE 155
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Menu: Modifying the Interface Access The menu interface enables you to modify these parameters: ■ Inactivity Timeout ■ Inbound Telnet Enabled ■ Web Agent Enabled To Access the Interface Access Parameters: 1. From the Main Menu, Select... 2. Switch Configuration... 1. System Information Interface Access Parameters Figure 7-1.
PAGE 156
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet CLI: Modifying the Interface Access Interface Access Commands Used in This Section show console below [no] telnet-server below [no] web-management page 7-7 console page 7-8 Listing the Current Console/Serial Link Configuration. This command lists the current interface access parameter settings. Syntax: show console This example shows the switch’s default console/serial configuration.
PAGE 157
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Outbound Telnet to Another Device. This feature operates independently of the telnet-server status and enables you to Telnet to another device that has an IP address. Syntax: telnet [oobm] Initiates an outbound telnet session to another network device.
PAGE 158
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet ProCurve(config)# show telnet Telnet Activity -------------------------------------------------------Session : ** 1 Privilege: Manager From : Console To : ------------------------------------------------------Session : ** 2 Privilege: Manager From : 12.13.14.10 To : 15.33.66.
PAGE 159
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet To disable web browser access: ProCurve(config)# no web-management To re-enable web browser access: ProCurve(config)# web-management Reconfigure the Console/Serial Link Settings. You can reconfigure one or more console parameters with one console command.
PAGE 160
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Note If you change the Baud Rate or Flow Control settings for the switch, you should make the corresponding changes in your console access device. Otherwise, you may lose connectivity between the switch and your terminal emulator due to differences between the terminal and switch settings for these two parameters.
PAGE 161
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet You can also execute a series of console commands and then save the configuration and boot the switch. For example: Configure the individual parameters. Save the changes. Boot the switch. Figure 7-5.
PAGE 162
Interface Access and System Information Denying Interface Access by Terminating Remote Management Sessions Denying Interface Access by Terminating Remote Management Sessions The switch supports up to five management sessions. You can use show ip ssh to list the current management sessions, and kill to terminate a currently running remote session. (Kill does not terminate a Console session on the serial port, either through a direct connection or via a modem.
PAGE 163
Interface Access and System Information System Information System Information System Information Features Feature Default Menu CLI Web System Name switch product name page 7-13 page 7-15 page 7-19 System Contact n/a page 7-13 page 7-15 page 7-19 System Location n/a page 7-13 page 7-15 page 7-19 MAC Age Time 300 seconds page 7-13 page 7-17 — Time Sync Method None See Chapter 9, “Time Protocols”.
PAGE 164
Interface Access and System Information System Information Time Zone: The number of minutes your time zone location is to the West (+) or East (-) of Coordinated Universal Time (formerly GMT). The default 0 means no time zone is configured. For example, the time zone for Berlin, Germany is + 60 (minutes) and the time zone for Vancouver, Canada is - 480 (minutes). Daylight Time Rule: Specifies the daylight savings time rule to apply for your location. The default is None.
PAGE 165
Interface Access and System Information System Information 2. Press [E] (for Edit). The cursor moves to the System Name field. 3. Refer to the online help provided with this screen for further information on configuration options for these features. 4. When you have finished making changes to the above parameters, press [Enter], then press [S] (for Save) and return to the Main Menu.
PAGE 166
Interface Access and System Information System Information Listing the System Enclosure Information. This command lists the system enclosure information. Syntax: show system enclosure This example shows the switch’s enclosure configuration. ProCurve# show system enclosure Rack and Enclosure Information Rack Name Rack Unique ID Enclosure Name Enclosure Serial Number : : : : Donner_Bldg5U Default RUID 2XX81401UP 2XX81401UP Figure 7-9.
PAGE 167
Interface Access and System Information System Information New hostname, contact, and location data from previous commands. Additional System Information Figure 7-10. System Information Listing After Executing the Preceding Commands The menu interface will only display up to 47 characters although you can specify a name up to 255 characters in length. A message beginning with “+” displays if the name exceeds 47 characters.
PAGE 168
Interface Access and System Information System Information MENU ProCurve Switch 6120 24-Oct-2008 12:41:47 ===========================- TELNET - MANAGER MODE =========================== Switch Configuration - System Information System Name : Blue Switch System Contact : Bill_Smith System Location : + characters of the location are missing. It’s too long.
PAGE 169
Interface Access and System Information System Information Syntax: mac-age-time < 10 - 1000000 > (seconds) Allows you to set the MAC address table’s age-out interval. An address is aged out if the switch does not receive traffic from that MAC address for the age-out interval, measured in seconds. Default: 300 seconds. For example, to configure the age time to seven minutes: ProCurve(config)# mac-age-time 420 Configure the Time Zone and Daylight Time Rule.
PAGE 170
Interface Access and System Information System Information Web: Configuring System Parameters In the web browser interface, you can enter the following system information: ■ System Name ■ System Location ■ System Contact For access to the MAC Age Interval and the Time parameters, use the menu interface or the CLI. Configure System Parameters in the Web Browser Interface. 1. Click on the Configuration tab. 2. Click on [System Info]. 3. Enter the data you want in the displayed fields. 4.
PAGE 171
8 Configuring IP Addressing Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 Just Want a Quick Start with IP Addressing? . . . . . . . . . . . . . . . . . . . . 8-3 IP Addressing with Multiple VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 172
Configuring IP Addressing Overview Overview You can configure IP addressing through all of the switch’s interfaces. You can also: ■ Easily edit a switch configuration file to allow downloading the file to multiple switches without overwriting each switch’s unique gateway and VLAN 1 IP addressing. ■ Assign up to 32 IP addresses to a VLAN (multinetting).
PAGE 173
Configuring IP Addressing IP Configuration use the menu interface or the CLI to manually configure the initial IP values. After you have network access to a device, you can use the web browser interface to modify the initial IP configuration if needed. For information on how IP addressing affects switch operation, refer to “How IP Addressing Affects Switch Operation” on page 8-11. Multinetting: Assigning Multiple IP Addresses to a VLAN. For a given VLAN you can assign up to 32 IP addresses.
PAGE 174
Configuring IP Addressing IP Configuration For more on using the Switch Setup screen, refer to the Installation and Getting Started Guide you received with the switch. IP Addressing with Multiple VLANs In the factory-default configuration, the switch has one, permanent default VLAN (named DEFAULT_VLAN) that includes all ports on the switch.
PAGE 175
Configuring IP Addressing IP Configuration Menu: Configuring IP Address, Gateway, and Time-ToLive (TTL) Do one of the following: ■ To manually enter an IP address, subnet mask, set the IP Config parameter to Manual and then manually enter the IP address and subnet mask values you want for the switch. ■ To use DHCP or Bootp, use the menu interface to ensure that the IP Config parameter is set to DHCP/Bootp, then refer to “DHCP/Bootp Operation” on page 8-12. To Configure IP Addressing. 1.
PAGE 176
Configuring IP Addressing IP Configuration 3. If the switch needs to access a router, for example, to reach off-subnet destinations, select the Default Gateway field and enter the IP address of the gateway router. 4. If you need to change the packet Time-To-Live (TTL) setting, select Default TTL and type in a value between 2 and 255. 5.
PAGE 177
Configuring IP Addressing IP Configuration (You can also use the show management command to display the IP addressing and time server IP addressing configured on the switch. Refer to figure 9-6 on page 9-10.) For example, in the factory-default configuration (no IP addressing assigned), the switch’s IP addressing appears as: The Default IP Configuration Figure 8-2.
PAGE 178
Configuring IP Addressing IP Configuration Note The default IP address setting for the DEFAULT_VLAN is DHCP/Bootp. On additional VLANs you create, the default IP address setting is Disabled. Syntax: [ no ] vlan < vlan-id > ip address or [ no ] vlan < vlan-id > ip address < ip-address > < mask-bits > or vlan < vlan-id > ip address dhcp-bootp This example configures IP addressing on the default VLAN with the subnet mask specified in mask bits.
PAGE 179
Configuring IP Addressing IP Configuration 1. Go to VLAN 20. 2. Configure two additional IP addresses on VLAN 20. 3. Display IP addressing. Figure 8-4. Example of Configuring and Displaying a Multinetted VLAN If you then wanted to multinet the default VLAN, you would do the following: Figure 8-5. Example of Multinetting on the Default VLAN Note The Internet (IP) Service screen in the Menu interface (figure 8-1 on page 8-5) displays the first IP address for each VLAN.
PAGE 180
Configuring IP Addressing IP Configuration Removing or Replacing IP Addresses in a Multinetted VLAN. To remove an IP address from a multinetted VLAN, use the no form of the IP address command shown on page 8-8. Generally, to replace one IP address with another, you should first remove the address you want to replace, and then enter the new address. Configure the Optional Default Gateway. Using the Global configuration level, you can manually assign one default gateway to the switch.
PAGE 181
Configuring IP Addressing IP Configuration 3. If you need further information on using the web browser interface, click on [?] to access the web-based help available for the switch. How IP Addressing Affects Switch Operation Without an IP address and subnet mask compatible with your network, the switch can be managed only through a direct terminal device connection to the OA console connection or the USB serial console.
PAGE 182
Configuring IP Addressing IP Configuration DHCP/Bootp Operation Overview. DHCP/Bootp is used to provide configuration data from a DHCP or Bootp server to the switch. This data can be the IP address, subnet mask, default gateway, Timep Server address, and TFTP server address. If a TFTP server address is provided, this allows the switch to TFTP a previously saved configuration file from the TFTP server to the switch.
PAGE 183
Configuring IP Addressing IP Configuration DHCP Operation. A significant difference between a DHCP configuration and a Bootp configuration is that an IP address assignment from a DHCP server is automatic. Depending on how the DHCP server is configured, the switch may receive an IP address that is temporarily leased. Periodically the switch may be required to renew its lease of the IP configuration.
PAGE 184
Configuring IP Addressing IP Configuration gw=10.66.77.1:\ lg=10.22.33.44:\ T144=”switch.cfg”:\ vm=rfc1048 where: Note 6120switch is a user-defined symbolic name to help you find the correct section of the bootptab file. If you have multiple switches that will be using Bootp to get their IP configuration, you should use a unique symbolic name for each switch. ht is the “hardware type”. For the switches covered in this guide, enter ether (for Ethernet). This tag must precede the ha tag.
PAGE 185
Configuring IP Addressing IP Configuration Note Designating a primary VLAN other than the default VLAN affects the switch’s use of information received via DHCP/Bootp. For more on this topic, refer to the chapter describing VLANs in the Advanced Traffic Management Guide for your switch.
PAGE 186
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads For the switches covered in this guide, IP Preserve enables you to copy a configuration file to multiple switches while retaining the individual IP address and subnet mask on VLAN 1 in each switch, and the Gateway IP address assigned to the switch.
PAGE 187
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads Enabling IP Preserve To set up IP Preserve, enter the ip preserve statement at the end of a configuration file. (Note that you do not execute IP Preserve by entering a command from the CLI). Entering “ip preserve” in the last line of a configuration file implements IP Preserve when the file is downloaded to the switch and the switch reboots. Figure 8-6.
PAGE 188
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads ProCurve(config)# show run Running configuration: ; 498358-B21 Configuration Editor; Created on release #Z.14.04 hostname "ProCurve" module 1 type J8702A module 2 type J8705A trunk A11-A12 Trk1 Trunk ip default-gateway 10.10.10.
PAGE 189
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads ProCurve# show run Running configuration: ; J8715A Configuration Editor; hostname "ProCurve" module 1 type J8702A module 2 type J8705A trunk A11-A12 Trk1 Trunk ip default-gateway 10.10.10.115 snmp-server community "public" Unrestricted vlan 1 name "DEFAULT_VLAN" untagged A1,A7-A10,A13-A24,B1-B24,Trk1 ip address 10.12.17.175 255.255.255.
PAGE 190
9 Time Protocols Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2 TimeP Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2 SNTP Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2 Selecting a Time Synchronization Protocol or Turning Off Time Protocol Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 191
Time Protocols Overview Overview This chapter describes: ■ SNTP Time Protocol Operation ■ Timep Time Protocol Operation Using time synchronization ensures a uniform time among interoperating devices. This helps you to manage and troubleshoot switch operation by attaching meaningful time data to event and error messages. The switch offers TimeP and SNTP (Simple Network Time Protocol) and a timesync command for changing the time protocol selection (or turning off time protocol operation).
PAGE 192
Time Protocols Selecting a Time Synchronization Protocol or Turning Off Time Protocol Operation Note To use Broadcast mode, the switch and the SNTP server must be in the same subnet. ■ Unicast Mode: The switch requests a time update from the configured SNTP server. (You can configure one server using the menu interface, or up to three servers using the CLI sntp server command.
PAGE 193
Time Protocols SNTP: Viewing, Selecting, and Configuring ■ In the System Information screen of the Menu interface, set the Time Synch Method parameter to None, then press [Enter], then [S] (for Save). ■ In the Global config level of the CLI, execute no timesync. SNTP: Viewing, Selecting, and Configuring SNTP Feature Default CLI Web view the SNTP time synchronization configuration n/a page 9-5 page 9-8 — select SNTP as the time synchronization method timep page 9-6 page 9-10 ff.
PAGE 194
Time Protocols SNTP: Viewing, Selecting, and Configuring Table 9-1. SNTP Parameters SNTP Parameter Operation Time Sync Method Used to select either SNTP, TIMEP, or None as the time synchronization method. SNTP Mode Disabled The Default. SNTP does not operate, even if specified by the Menu interface Time Sync Method parameter or the CLI timesync command. Unicast Directs the switch to poll a specific server for SNTP time synchronization. Requires at least one server address.
PAGE 195
Time Protocols SNTP: Viewing, Selecting, and Configuring ==========================- CONSOLE - MANAGER MODE -======================== Switch Configuration - System Information System Name : ProCurve System Contact : System Location : Inactivity Timeout (min) [0] : 0 Inbound Telnet Enabled [Yes] : Yes Time Sync Method [None] : TIMEP TimeP Mode [Disabled] : Disabled Tftp-enable [Yes] : Yes Time Zone [0] : 0 Daylight Time Rule [None] : None Actions-> Cancel Edit MAC Age Time (sec) [300] : 300 Web Agent En
PAGE 196
Time Protocols SNTP: Viewing, Selecting, and Configuring Note: This step replaces any previously configured server IP address. If you will be using backup SNTP servers (requires use of the CLI), then refer to “SNTP Unicast Time Polling with Multiple SNTP Servers” on page 9-25. iii. Press [v] to move the cursor to the Server Version field. Enter the value that matches the SNTP server version running on the device you specified in the preceding step (step ii).
PAGE 197
Time Protocols SNTP: Viewing, Selecting, and Configuring CLI: Viewing and Configuring SNTP CLI Commands Described in this Section SNTP Command show sntp Page 9-8 [no] timesync 9-10 and ff., 9-14 sntp broadcast 9-11 sntp unicast 9-11 sntp server 9-11 and ff. Protocol Version 9-13 Priority 9-14 poll-interval 9-14 no sntp 9-15 This section describes how to use the CLI to view, enable, and configure SNTP parameters.
PAGE 198
Time Protocols SNTP: Viewing, Selecting, and Configuring ProCurve(config)# show sntp SNTP Configuration Time Sync Mode: Sntp SNTP Mode : Unicast Poll Interval (sec) [720] : 719 Priority -------1 2 3 SNTP Server Address ------------------------------2001:db8::215:60ff:fe79:8980 10.255.5.24 fe80::123%vlan10 OOBM Protocol Version ------------- ---------------No 7 Yes 3 Yes 3 Figure 9-4.
PAGE 199
Time Protocols SNTP: Viewing, Selecting, and Configuring ProCurve(config)# show management Status and Counters - Management Address Information Time Server Address : fe80::215:60ff:fe7a:adc0%vlan10 Priority -------1 2 3 SNTP Server Address ---------------------------------------------2001:db8::215:60ff:fe79:8980 10.255.5.24 fe80::123%vlan10 Default Gateway VLAN Name -----------DEFAULT_VLAN VLAN10 Protocol Version ---------------7 3 3 : 10.0.9.
PAGE 200
Time Protocols SNTP: Viewing, Selecting, and Configuring Enabling SNTP in Broadcast Mode. Because the switch provides an SNTP polling interval (default: 720 seconds), you need only these two commands for minimal SNTP broadcast configuration: Syntax: timesync sntp Selects SNTP as the time synchronization method. Syntax: sntp broadcast Configures broadcast as the SNTP mode.
PAGE 201
Time Protocols SNTP: Viewing, Selecting, and Configuring second or third server, you must use the CLI. For more on SNTP operation with multiple servers, refer to “SNTP Unicast Time Polling with Multiple SNTP Servers” on page 9-25. Syntax: timesync sntp Selects SNTP as the time synchronization method. Syntax: sntp unicast Configures the SNTP mode for Unicast operation. Syntax: sntp server [version] Specifies the SNTP server. Server version values are between 1 and 7.
PAGE 202
Time Protocols SNTP: Viewing, Selecting, and Configuring ProCurve(config)# sntp unicast Activates SNTP in Unicast mode. ProCurve(config)# sntp server 10.28.227.141 Specifies the SNTP server and accepts the current SNTP server version (default: 3). . ProCurve(config)# show sntp SNTP Configuration Time Sync Mode: Sntp SNTP Mode : Unicast Poll Interval (sec) [720] : 720 Priority -------1 2 3 In this example, the Poll Interval and the Protocol Version appear at their default settings.
PAGE 203
Time Protocols SNTP: Viewing, Selecting, and Configuring Changing the SNTP Poll Interval. Syntax: sntp poll-interval < 30..720 > Specifies how long the switch waits between time polling intervals. The default is 720 seconds and the range is 30 to 720 seconds. (This parameter is separate from the poll interval parameter used for Timep operation.) For example, to change the poll interval to 300 seconds: ProCurve(config)# sntp poll-interval 300 Changing the Priority.
PAGE 204
Time Protocols SNTP: Viewing, Selecting, and Configuring Figure 9-10. Example of SNTP with Time Synchronization Disabled Disabling the SNTP Mode. If you want to prevent SNTP from being used even if selected by timesync (or the Menu interface’s Time Sync Method parameter), configure the SNTP mode as disabled. Syntax: no sntp Disables SNTP by changing the SNTP mode configuration to Disabled. For example, if the switch is running SNTP in Unicast mode with an SNTP server at 10.28.227.
PAGE 205
Time Protocols TimeP: Viewing, Selecting, and Configuring TimeP: Viewing, Selecting, and Configuring TimeP Feature Default Menu CLI Web view the Timep time synchronization configuration n/a page 9-17 page 9-19 — select Timep as the time synchronization method TIMEP page 9-15 pages 9-21 ff.
PAGE 206
Time Protocols TimeP: Viewing, Selecting, and Configuring Menu: Viewing and Configuring TimeP To View, Enable, and Modify the TimeP Protocol: 1. From the Main Menu, select: 2. Switch Configuration... 1.
PAGE 207
Time Protocols TimeP: Viewing, Selecting, and Configuring ii. Enter the IP address of the TimeP server you want the switch to use for time synchronization. Note: This step replaces any previously configured TimeP server IP address. iii. Press [>] to move the cursor to the Poll Interval field, then go to step 6. 5. In the Poll Interval field, enter the time in minutes that you want for a TimeP Poll Interval.
PAGE 208
Time Protocols TimeP: Viewing, Selecting, and Configuring Viewing the Current TimeP Configuration Using different show commands, you can display either the full TimeP configuration or a combined listing of all TimeP, SNTP, and VLAN IP addresses configured on the switch. Syntax: show timep This command lists both the time synchronization method (TimeP, SNTP, or None) and the TimeP configuration, even if SNTP is not the selected time protocol.
PAGE 209
Time Protocols TimeP: Viewing, Selecting, and Configuring Syntax: show management This command can help you to easily examine and compare the IP addressing on the switch. It lists the IP addresses for all time servers configured on the switch, plus the IP addresses and default gateway for all VLANs configured on the switch. ProCurve(config)# show management Status and Counters - Management Address Information Time Server Address : 10.10.28.
PAGE 210
Time Protocols TimeP: Viewing, Selecting, and Configuring Enabling TimeP in DHCP Mode. Because the switch provides a TimeP polling interval (default: 720 minutes), you need only these two commands for a minimal TimeP DHCP configuration: Syntax: timesync timep Selects TimeP as the time synchronization method. Syntax: ip timep dhcp Configures DHCP as the TimeP mode. For example, suppose: ■ Time synchronization is configured for SNTP. ■ You want to: 1. View the current time synchronization. 2.
PAGE 211
Time Protocols TimeP: Viewing, Selecting, and Configuring Enabling Timep in Manual Mode. Like DHCP mode, configuring TimeP for Manual mode enables TimeP. However, for manual operation, you must also specify the IP address of the TimeP server. (The switch allows only one TimeP server.) To enable the TimeP protocol: Syntax: timesync timep Selects Timep. Syntax: ip timep manual < ip-addr > [oobm] Activates TimeP in Manual mode with a specified TimeP server.
PAGE 212
Time Protocols TimeP: Viewing, Selecting, and Configuring Figure 9-17. Example of Configuring Timep for Manual Operation Changing the TimeP Poll Interval. This command lets you specify how long the switch waits between time polling intervals. The default is 720 minutes and the range is 1 to 9999 minutes. (This parameter is separate from the poll interval parameter used for SNTP operation.
PAGE 213
Time Protocols TimeP: Viewing, Selecting, and Configuring Figure 9-18. Example of TimeP with Time Synchronization Disabled Disabling the TimeP Mode. Disabling the TimeP mode means to configure it as disabled. (Disabling TimeP prevents the switch from using it as the time synchronization protocol, even if it is the selected Time Sync Method option.) Syntax: no ip timep Disables TimeP by changing the TimeP mode configuration to Disabled.
PAGE 214
Time Protocols SNTP Unicast Time Polling with Multiple SNTP Servers SNTP Unicast Time Polling with Multiple SNTP Servers When running SNTP unicast time polling as the time synchronization method, the switch requests a time update from the server you configured with either the Server Address parameter in the menu interface, or the primary server in a list of up to three SNTP servers configured using the CLI.
PAGE 215
Time Protocols SNTP Messages in the Event Log Adding and Deleting SNTP Server Addresses Adding Addresses. As mentioned earlier, you can configure one SNTP server address using either the Menu interface or the CLI. To configure a second and third address, you must use the CLI. To configure the remaining two addresses, you would do the following: ProCurve(config)# sntp server 2001:db8::215:60ff:fe79:8980 ProCurve(config)# sntp server 10.255.5.24 Figure 9-21.
PAGE 216
10 Port Status and Configuration Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3 Viewing Port Status and Configuring Port Parameters . . . . . . . . . . 10-3 Menu: Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6 CLI: Viewing Port Status and Configuring Port Parameters . . . . . . . 10-8 Viewing Port Status and Configuration . . . . . . . . . . . . . . . . . . . . .
PAGE 217
Port Status and Configuration Contents Configuring UDLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-32 Enabling UDLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-33 Changing the Keepalive Interval . . . . . . . . . . . . . . . . . . . . . . . . . 10-34 Changing the Keepalive Retries . . . . . . . . . . . . . . . . . . . . . . . . . . 10-34 Configuring UDLD for Tagged Ports . . . . . . . . . . . . . . . . . . . . . .
PAGE 218
Port Status and Configuration Overview Overview This chapter describes how to view the current port configuration and how to configure ports to non-default settings, including ■ Enable/Disable ■ Mode (speed and duplex) ■ Flow Control ■ Broadcast Limit ■ Friendly Port Names ■ Uni-directional Link Detection (UDLD) Viewing Port Status and Configuring Port Parameters Port Status and Configuration Features Feature Default Menu CLI Web viewing port status n/a page 10-6 page 10-8 page 10-22
PAGE 219
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Table 10-1. Status and Parameters for Each Port Type Status or Parameter Description Enabled Yes (default): The port is ready for a network connection. No: The port will not operate, even if properly connected in a network. Use this setting, for example, if the port needs to be shut down for diagnostic purposes or while you are making topology changes. Status (read-only) Up: The port senses a link beat.
PAGE 220
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Status or Parameter Description — Continued From Previous Page — Gigabit Fiber-Optic Ports (Gigabit-SX, Gigabit-LX, and Gigabit-LH): • 1000FDx: 1000 Mbps (1 Gbps), Full Duplex only • Auto (default): The port operates at 1000FDx and auto-negotiates flow control with the device connected to the port.
PAGE 221
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Menu: Port Configuration From the menu interface, you can view and change the port configuration. Using the Menu To View Port Configuration. The menu interface displays the configuration for ports and (if configured) any trunk groups. From the Main Menu, select: 1. Status and Counters 4. Port Status In this example, ports A7 and A8 have previously been configured as a trunk group. Figure 10-1.
PAGE 222
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Using the Menu To Configure Ports. You can configure and view the port settings by using the menu. Note The menu interface uses the same screen for configuring both individual ports and port trunk groups. For information on port trunk groups, refer to Chapter 11, “Port Trunking” . 1. From the Main Menu, Select: 2. Switch Configuration... 2. Port/Trunk Settings An example of the Menu display is shown below.
PAGE 223
Port Status and Configuration Viewing Port Status and Configuring Port Parameters CLI: Viewing Port Status and Configuring Port Parameters From the CLI, you can configure and view all port parameter settings and view all port status indicators.
PAGE 224
Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)# show interfaces brief Status and Counters - Port Status Port ----B1 B2 B3 B4 B5 B6 Type --------100/1000T 100/1000T 100/1000T 100/1000T 100/1000T 100/1000T | | + | | | | | | Intrusion Alert --------No No No No No No Enabled ------Yes Yes Yes Yes Yes Yes Status -----Down Down Down Down Down Down Mode ---------Auto-10-100 1000FDx 1000FDx 1000FDx 1000FDx 1000FDx MDI Mode ----Auto Auto Auto Auto Auto Aut
PAGE 225
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Syntax: show interfaces display Initiates the dynamic update of a command. The output is the same as the equivalent “show” command.The information is updated every 3 seconds. Note: Select “Back” to exit the display. For example: ProCurve# show interfaces display Dynamically updates Figure 10-5.
PAGE 226
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Syntax: show interfaces custom [port-list] column-list Select the information that you want to display.
PAGE 227
Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)# show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi Status and Counters - Custom Port Status Port ---1 2 3 4 Name ---------Acco Huma Deve Lab1 Type ---------100/1000T 100/1000T 100/1000T 100/1000T VLAN ----1 1 1 1 Intrusion Alert --------No No No No Speed ------1000FDx 1000FDx 1000FDx 1000FDx Enabled ------Yes Yes Yes Yes MDI-mode -------Auto Auto Auto Auto Figure 10-6.
PAGE 228
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Note on Using Pattern Matching with the “Show Interfaces Custom” Command If you have included a pattern matching command to search for a field in the output of the show int custom command and the show int custom command produces an error, the error message may not be visible and the output is empty.
PAGE 229
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Operating Notes: ■ For each port on the switch, the command provides a real-time display of the rate at which data is received (Rx) and transmitted (Tx) in terms of kilobits per second (KBits/s), number of packets per second (Pkts/ s), and utilization (Util) expressed as a percentage of the total bandwidth available.
PAGE 230
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Operating Notes: ■ The following information is displayed for each installed transceiver: • Port number on which transceiver is installed. • Type of transceiver. • Product number—Includes revision letter, such as A, B, or C. If no revision letter follows a product number, this means that no revision is available for the transceiver.
PAGE 231
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Specifies the port’s data transfer speed and mode. Does not use the no form of the command. ([Default: auto.) Note that in the above syntax you can substitute an “int” for “interface”; that is: int < port-list >. The 10/100 auto-negotiation feature allows a port to establish a link with a port at the other end at either 10 Mbps or 100 Mbps, using the highest mutual speed and duplex mode available.
PAGE 232
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Enabling or Disabling Flow Control Note Flow control is enabled by default on the downlink ports. You must enable flow control on the uplink ports in a given link. Otherwise, flow control does not operate on the link, and appears as Off in the show interfaces brief port listing, even if flow control is configured as enabled on the port in the switch. (Refer to Figure 10-3 on page 10-9.
PAGE 233
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Disables per-port flow control on ports A5 and A6. Figure 10-11. Example Continued from Figure 10-10 Disables per-port flow control on ports A1 through A4. Flow control is now disabled on the switch. Ports formerly configured for flow control. Figure 10-12. Example Continued from Figure 10-11 Configuring a Broadcast Limit on the Switch Broadcast-Limit on switches covered in this guide is configured on a per-port basis.
PAGE 234
Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)#int B1 ProCurve(int B1)# broadcast-limit 1 Broadcast-Limit. Syntax: broadcast-limit <0-99> Enables or disables broadcast limiting for inbound broadcasts on a selected port on the switch. The value selected is the percentage of traffic allowed, for example, broadcast-limit 5 allows 5% of the maximum amount of traffic for that port. A value of zero disables broadcast limiting for that port.
PAGE 235
Port Status and Configuration Viewing Port Status and Configuring Port Parameters ■ 100/1000-T xl module ports ■ 10/100/1000-T xl module ports Using the above ports: ■ If you connect a copper port using a straight-through cable on a switch to a port on another switch or hub that uses MDI-X ports, the switch port automatically operates as an MDI port.
PAGE 236
Port Status and Configuration Viewing Port Status and Configuring Port Parameters The Auto-MDIX features apply only to copper port switches using twisted-pair copper Ethernet cables. Syntax: interface < port-list > mdix-mode < auto-mdix | mdi | mdix > auto-mdix is the automatic, default setting. This configures the port for automatic detection of the cable (either straight-through or crossover).
PAGE 237
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Per-Port MDI Configuration Figure 10-13. Example of Displaying the Current MDI Configuration Per-Port MDI Operating Mode Figure 10-14. Example of Displaying the Current MDI Operating Mode Web: Viewing Port Status and Configuring Port Parameters In the web browser interface: 1. Click on the Configuration tab. 2. Click on [Port Configuration]. 3. Select the ports you want to modify and click on [Modify Selected Ports].
PAGE 238
Port Status and Configuration Using Friendly (Optional) Port Names Using Friendly (Optional) Port Names Feature Configure Friendly Port Names Display Friendly Port Names Default Menu CLI Web Standard Port Numbering n/a page 24 n/a n/a n/a page 25 n/a This feature enables you to assign alphanumeric port names of your choosing to augment automatically assigned numeric port names.
PAGE 239
Port Status and Configuration Using Friendly (Optional) Port Names ■ To retain friendly port names across reboots, you must save the current running-configuration to the startup-config file after entering the friendly port names. (In the CLI, use the write memory command.) Configuring Friendly Port Names Syntax: interface < port-list > name < port-name-string > Assigns a port name to port-list. Syntax: no interface < port-list > name Deletes the port name from port-list. Configuring a Single Port Name.
PAGE 240
Port Status and Configuration Using Friendly (Optional) Port Names Configuring the Same Name for Multiple Ports. Suppose that you want to use ports A5 through A8 as a trunked link to a server used by a drafting group. In this case you might configure ports A5 through A8 with the name “Draft-Server:Trunk”. Figure 10-16.
PAGE 241
Port Status and Configuration Using Friendly (Optional) Port Names Syntax: show name [ port-list ] Lists the friendly port name with its corresponding port number and port type. The show name command without a port list shows this data for all ports on the switch. For example: Ports Without “Friendly” Friendly port names assigned in previous examples. Figure 10-17.
PAGE 242
Port Status and Configuration Using Friendly (Optional) Port Names Syntax: show interface < port-number > Includes the friendly port name with the port’s traffic statistics listing. For example, if you configure port A1 with the name “O’Connor_10.25.101.43”, the show interface output for this port appears similar to the following: Friendly Port Name Figure 10-19.
PAGE 243
Port Status and Configuration Using Friendly (Optional) Port Names For example, if you configure port A1 with a friendly port name: This command sequence saves the friendly port name for port A1 in the startupconfig file. The name entered for port A2 is not saved because it was executed after write memory. ; 498358-B21 Configuration Editor; Created on release #Z.14.04 Listing includes friendly port name for port A1 only. In this case, show config lists only port A1.
PAGE 244
Port Status and Configuration Using Friendly (Optional) Port Names Configuring Transceivers and Modules That Haven’t Been Inserted Transceivers Previously, a port had to be valid and verified for the switch to allow it to be configured. Transceivers are removable ports and considered invalid when not present in the switch, so they cannot be configured unless they are already in the switch.
PAGE 245
Port Status and Configuration Using Friendly (Optional) Port Names Syntax: [no] module Allows removal of the module configuration in the configuration file after the module has been removed. Enter an integer between 1 and 12 for . For example: ProCurve(config)# no module 3 Note This does not change how hot-swap works.
PAGE 246
Port Status and Configuration Uni-Directional Link Detection (UDLD) Uni-Directional Link Detection (UDLD) Uni-directional Link Detection (UDLD) monitors a link between two ProCurve switches and blocks the ports on both ends of the link if the link fails at any point between the two devices. This feature is particularly useful for detecting failures in fiber links and trunks. Figure 10-21 shows an example. Scenario 1 (No UDLD): Without UDLD, the switch ports remain enabled despite the link failure.
PAGE 247
Port Status and Configuration Uni-Directional Link Detection (UDLD) connected ports. UDLD-enabled ports; however, will prevent traffic from being sent across a bad link by blocking the ports in the event that either the individual transmitter or receiver for that connection fails. Ports enabled for UDLD exchange health-check packets once every five seconds (the link-keepalive interval).
PAGE 248
Port Status and Configuration Uni-Directional Link Detection (UDLD) Syntax: link-keepalive interval Determines the time interval to send UDLD control packets. The parameter specifies how often the ports send a UDLD packet. You can specify from 10 – 100, in 100 ms increments, where 10 is 1 second, 11 is 1.1 seconds, and so on. Default: 50 (5 seconds) Syntax: link-keepalive retries Determines the maximum number of retries to send UDLD control packets.
PAGE 249
Port Status and Configuration Uni-Directional Link Detection (UDLD) Changing the Keepalive Interval By default, ports enabled for UDLD send a link health-check packet once every 5 seconds. You can change the interval to a value from 10 – 100 deciseconds, where 10 is 1 second, 11 is 1.1 seconds, and so on.
PAGE 250
Port Status and Configuration Uni-Directional Link Detection (UDLD) ■ To re-assign a VLAN ID, re-enter the command with the new VLAN ID number. The new command will overwrite the previous command setting. ■ When configuring UDLD for tagged ports, you may receive a warning message if there are any inconsistencies with the port’s VLAN configuration (see page 37 for potential problems). Viewing UDLD Information The following show commands allow you to display UDLD configuration and status via the CLI.
PAGE 251
Port Status and Configuration Uni-Directional Link Detection (UDLD) To display detailed UDLD information for specific ports, enter the show linkkeepalive statistics command. For example: Ports 1 and 2 are UDLD-enabled and show the number of health check packets sent and received on each port.
PAGE 252
Port Status and Configuration Uni-Directional Link Detection (UDLD) Configuration Warnings and Event Log Messages Warning Messages. The following table shows the warning messages that may be issued and their possible causes, when UDLD is configured for tagged ports. Table 10-3. Warning Messages caused by configuring UDLD for Tagged Ports CLI Command Example Warning Message Possible Problem link-keepalive 6 Possible configuration problem detected on port 6.
PAGE 253
11 Port Trunking Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3 Port Trunk Features and Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-5 Trunk Configuration Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-5 Menu: Viewing and Configuring a Static Trunk Group . . . . . . . . . 11-10 CLI: Viewing and Configuring Port Trunk Groups . . . . . . . . . . . . .
PAGE 254
Port Trunking Overview Overview This chapter describes creating and modifying port trunk groups. This includes non-protocol trunks and LACP (802.3ad) trunks.
PAGE 255
Port Trunking Overview Port Connections and Configuration: All port trunk links must be pointto-point connections between a switch and another switch, router, server, or workstation configured for port trunking. No intervening, non-trunking devices are allowed. It is important to note that ports on both ends of a port trunk group must have the same mode (speed and duplex) and flow control settings. Note Link Connections.
PAGE 256
Port Trunking Port Trunk Features and Operation Port Trunk Features and Operation The switches covered in this guide offer these options for port trunking: ■ LACP: IEEE 802.3ad—page 11-18 ■ Trunk: Non-Protocol—page 11-26 Up to 60 trunk groups are supported on the switches covered in this guide. The actual maximum depends on the number of ports available on the switch and the number of links in each trunk.
PAGE 257
Port Trunking Trunk Configuration Methods ProCurve(config) int c1-c4 lacp active Note that the preceding example works if the ports are not already operating in a trunk. To change the LACP option on ports already operating as a trunk, you must first remove them from the trunk. For example, if ports C1 - C4 were LACP-active and operating in a trunk with another device, you would do the following to change them to LACP-passive: ProCurve(config)# no int c1-c4 lacp Removes the ports from the trunk.
PAGE 258
Port Trunking Trunk Configuration Methods Table 11-2. Trunk Configuration Protocols Protocol Trunking Options LACP (802.3ad) Provides dynamic and static LACP trunking options. • Dynamic LACP — Use the switch-negotiated dynamic LACP trunk when: – The port on the other end of the trunk link is configured for Active or Passive LACP. – You want fault-tolerance for high-availability applications.
PAGE 259
Port Trunking Trunk Configuration Methods Table 11-3. General Operating Rules for Port Trunks Media: For proper trunk operation, all ports on both ends of a trunk group must have the same media type and mode (speed and duplex). (For the switches covered in this guide, ProCurve recommends leaving the port Mode setting at Auto or, in networks using Cat 3 cabling, Auto-10.
PAGE 260
Port Trunking Trunk Configuration Methods Spanning Tree: 802.1D (STP) and 802.1w (RSTP) Spanning Tree operate as a global setting on the switch (with one instance of Spanning Tree per switch). 802.1s (MSTP) Spanning Tree operates on a per-instance basis (with multiple instances allowed per switch). For each Spanning Tree instance, you can adjust Spanning Tree parameters on a per-port basis.
PAGE 261
Port Trunking Menu: Viewing and Configuring a Static Trunk Group Menu: Viewing and Configuring a Static Trunk Group Important Configure port trunking before you connect the trunked links to another switch, routing switch, or server. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured. Refer to “Enabling or Disabling Ports and Configuring Port Mode” on page 10-15.
PAGE 262
Port Trunking Menu: Viewing and Configuring a Static Trunk Group • For proper trunk operation, all ports in a trunk must have the same media type and mode (such as 10/100TX set to 100FDx, or 100FX set to 100FDx). The flow control settings must also be the same for all ports in a given trunk. To verify these settings, refer to “Viewing Port Status and Configuring Port Parameters” on page 10-3. • You can configure the trunk group with up to eight ports per trunk.
PAGE 263
Port Trunking CLI: Viewing and Configuring Port Trunk Groups 8. Connect the trunked ports on the switch to the corresponding ports on the opposite device. If you previously disabled any of the trunked ports on the switch, enable them now. (Refer to “Viewing Port Status and Configuring Port Parameters” on page 10-3.) Check the Event Log (“Using the Event Log for Troubleshooting Switch Problems” on page C-24) to verify that the trunked ports are operating properly.
PAGE 264
Port Trunking CLI: Viewing and Configuring Port Trunk Groups Using a port list specifies, for switch ports in a static trunk group, only the ports you want to view. In this case, the command specifies ports A5 through A7. However, because port A6 is not in a static trunk group, it does not appear in the resulting listing: Port A5 appears with an example of a name that you can optionally assign using the Friendly Port Names feature. (Refer to “Using Friendly (Optional) Port Names” on page 10-23.
PAGE 265
Port Trunking CLI: Viewing and Configuring Port Trunk Groups Listing Static LACP and Dynamic LACP Trunk Data. Syntax: show lacp Lists data for only the LACP-configured ports.. In the following example, ports A1 and A2 have been previously configured for a static LACP trunk. (For more on the “Active” parameter, see table 11-5 on page 11-21.) Figure 11-8. Example of a Show LACP Listing (For a description of each of the above-listed data types, refer to table 11-5, “LACP Port Status Data” on page 11-21.
PAGE 266
Port Trunking CLI: Viewing and Configuring Port Trunk Groups “Up” Links Standby Link Figure 11-9. Example of a Dynamic LACP Trunk with One Standby Link Using the CLI To Configure a Static or Dynamic Trunk Group Important Configure port trunking before you connect the trunked links between switches. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured.
PAGE 267
Port Trunking CLI: Viewing and Configuring Port Trunk Groups Configuring a Static Trunk or Static LACP Trunk Group. Syntax: trunk < port-list > < trk1 ... trk60 > < trunk | lacp > Configures the specified static trunk type. This example uses ports C4 - C6 to create a non-protocol static trunk group with the group name of Trk2. ProCurve(config)# trunk c4-c6 trk2 trunk Removing Ports from a Static Trunk Group. This command removes one or more ports from an existing Trkx trunk group.
PAGE 268
Port Trunking CLI: Viewing and Configuring Port Trunk Groups Switch “A” with ports set to LACP passive. Switch “B” with ports set to LACP passive. Dynamic LACP trunk cannot automatically form because both ends of the links are LACP passive. (In this case spanning-tree blocking is needed to prevent a loop. Switch “A” with ports set to LACP active. Switch “B” with ports set to LACP passive. Dynamic LACP trunk automatically forms because both ends of the links are LACP and at least one end is LACP active.
PAGE 269
Port Trunking Web: Viewing Existing Port Trunk Groups Caution Unless spanning tree is running on your network, removing a port from a trunk can result in a loop. To help prevent a broadcast storm when you remove a port from a trunk where spanning tree is not in use, ProCurve recommends that you first disable the port or disconnect the link on that port. Syntax: no interface < port-list > lacp Removes < port-list > from any dynamic LACP trunk and returns the ports in < port-list > to passive LACP.
PAGE 270
Port Trunking Trunk Group Operation Using LACP Trunk Group Operation Using LACP The switch can automatically configure a dynamic LACP trunk group or you can manually configure a static LACP trunk group. Note LACP requires full-duplex (FDx) links of the same media type (10/100Base-T, 100FX, etc.) and the same speed, and enforces speed and duplex conformance across a trunk group. For most installations, ProCurve recommends that you leave the port Mode settings at Auto (the default).
PAGE 271
Port Trunking Trunk Group Operation Using LACP Table 11-4. LACP Trunk Types LACP Port Trunk Operation Configuration Dynamic LACP This option automatically establishes an 802.3ad-compliant trunk group, with LACP for the port Type parameter and DynX for the port Group name, where X is an automatically assigned value from 1 to 60, depending on how many dynamic and static trunks are currently on the switch. (The switch allows a maximum of 60 trunk groups in any combination of static and dynamic trunks.
PAGE 272
Port Trunking Trunk Group Operation Using LACP LACP Port Trunk Operation Configuration Static LACP 11-20 Provides a manually configured, static LACP trunk to accommodate these conditions: • The port on the other end of the trunk link is configured for a static LACP trunk. • You want to configure non-default spanning tree or IGMP parameters on an LACP trunk group. • You want an LACP trunk group to operate in a VLAN other than the default VLAN and GVRP is disabled.
PAGE 273
Port Trunking Trunk Group Operation Using LACP Default Port Operation In the default configuration, LACP is disabled for all ports. If LACP is not configured as Active on at least one end of a link, then the port does not try to detect a trunk configuration and operates as a standard, untrunked port. Table 11-5 lists the elements of per-port LACP operation. To display this data for a switch, execute the following command in the CLI: ProCurve> show lacp Table 11-5.
PAGE 274
Port Trunking Trunk Group Operation Using LACP Status Name Meaning LACP Status Success: LACP is enabled on the port, detects and synchronizes with a device on the other end of the link, and can move traffic across the link. Failure: LACP is enabled on a port and detects a device on the other end of the link, but is not able to synchronize with this device, and therefore not able to send LACP packets across the link.
PAGE 275
Port Trunking Trunk Group Operation Using LACP ProCurve(config)# int a17 lacp passive Error configuring port A17: LACP and port security cannot be run together. ProCurve(config)# To restore LACP to the port, you must remove port security and re-enable LACP active or passive. Changing Trunking Methods. To convert a trunk from static to dynamic, you must first eliminate the static trunk. Static LACP Trunks.
PAGE 276
Port Trunking Trunk Group Operation Using LACP ProCurve(eth-B1-B8)# show lacp LACP PORT NUMB ---B1 B2 B3 B4 B5 B6 B7 B8 LACP ENABLED ------Active Active Active Active Active Active Active Active TRUNK GROUP ------Dyn1 Dyn1 Dyn1 Dyn1 Dyn1 Dyn1 B7 B8 PORT STATUS ------Up Up Up Up Blocked Blocked Down Down LACP PARTNER ------Yes Yes Yes Yes Yes Yes No No LACP STATUS ------Success Success Success Success Failure Failure Success Success Figure 11-11.
PAGE 277
Port Trunking Trunk Group Operation Using LACP Spanning Tree and IGMP. If Spanning Tree and/or IGMP is enabled in the switch, a dynamic LACP trunk operates only with the default settings for these features and does not appear in the port listings for these features. Half-Duplex and/or Different Port Speeds Not Allowed in LACP Trunks. The ports on both sides of an LACP trunk must be configured for the same speed and for full-duplex (FDx). The 802.
PAGE 278
Port Trunking Trunk Group Operation Using the “Trunk” Option Trunk Group Operation Using the “Trunk” Option This method creates a trunk group that operates independently of specific trunking protocols and does not use a protocol exchange with the device on the other end of the trunk. With this choice, the switch simply uses the SA/DA method of distributing outbound traffic across the trunked ports without regard for how that traffic is handled by the device at the other end of the trunked links.
PAGE 279
Port Trunking How the Switch Lists Trunk Data How the Switch Lists Trunk Data Static Trunk Group: Appears in the menu interface and the output from the CLI show trunk and show interfaces commands. Dynamic LACP Trunk Group: Appears in the output from the CLI show lacp command.
PAGE 280
Port Trunking Outbound Traffic Distribution Across Trunked Links The load-balancing is done on a per communication basis. Otherwise, traffic is transmitted across the same path as shown in figure 11-13. That is, if Client A attached to Switch 1 sends five packets of data to Server A attached to Switch 2, the same link is used to send all five packets. The SA/DA address pair for the traffic is the same.
PAGE 281
Port Trunking Outbound Traffic Distribution Across Trunked Links Table 11-6.
PAGE 282
12 Port Traffic Controls Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2 Jumbo Frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2 Operating Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 283
Port Traffic Controls Overview Overview Feature Default Menu CLI Web Jumbo Packets Disabled n/a 12-2 n/a This chapter includes: ■ Jumbo Frames: Enables ports operating at 1 Gbps or 10 Gbps speeds to accept inbound frames of up to 9220 bytes when configured for jumbo traffic.
PAGE 284
Port Traffic Controls Jumbo Frames Jumbo VLAN: A VLAN configured to allow inbound jumbo traffic. All ports belonging to a jumbo and operating at 1 Gbps or higher can receive jumbo frames from external devices. If the switch is in a meshed domain, then all meshed ports (operating at 1 Gbps or higher) on the switch will accept jumbo traffic from other devices in the mesh. MTU (Maximum Transmission Unit): This is the maximum-size IP frame the switch can receive for Layer 2 frames inbound on a port.
PAGE 285
Port Traffic Controls Jumbo Frames Configuring Jumbo Frame Operation Command Page show vlans 12-5 show vlans ports < port-list > 12-6 show vlans < vid > 12-7 jumbo 12-7 jumbo max-frame-size 12-7 Overview 12-4 1. Determine the VLAN membership of the ports or trunks through which you want the switch to accept inbound jumbo traffic. For operation with GVRP enabled, refer to the GVRP topic under “Operating Rules”, above. 2.
PAGE 286
Port Traffic Controls Jumbo Frames Viewing the Current Jumbo Configuration Syntax: show vlans Lists the static VLANs configured on the switch and includes a Jumbo column to indicate which VLANs are configured to support inbound jumbo traffic. All ports belonging to a jumbo-enabled VLAN can receive jumbo traffic. (For more information refer to “Configuring a Maximum Frame Size” on page 12-7.) See Figure 12-1, below. Indicates which static VLANs are configured to enable jumbo frames. Figure 12-1.
PAGE 287
Port Traffic Controls Jumbo Frames Indicates which static VLANs are configured to enable jumbo frames. Figure 12-2. Example of Listing the VLAN Memberships for a Range of Ports Syntax: show vlans < vid > This command shows port membership and jumbo configuration for the specified < vid >. Lists the ports belonging to VLAN 100 and whether the VLAN is enabled for jumbo frame traffic. Figure 12-3.
PAGE 288
Port Traffic Controls Jumbo Frames Enabling or Disabling Jumbo Traffic on a VLAN Syntax: vlan < vid > jumbo [ no ] vlan < vid > jumbo Configures the specified VLAN to allow jumbo frames on all ports on the switch that belong to that VLAN. If the VLAN is not already configured on the switch, vlan < vid > jumbo also creates the VLAN.
PAGE 289
Port Traffic Controls Jumbo Frames Jumbo IP MTU. The IP MTU for Jumbos is supported with the following proprietary MIB object: hpSwitchIpMTU OBJECT-TYPE This is the value of the global Jumbos IP MTU (or L3 MTU) supported by the switch. The default value is set to 9198 bytes (a value that is 18 bytes less than the largest possible maximum frame size of 9216 bytes). This object can only be used in switches which support max-frame-size and ip-mtu configuration.
PAGE 290
Port Traffic Controls Jumbo Frames Operating Notes for Jumbo Traffic-Handling ■ ProCurve does not recommend configuring a voice VLAN to accept jumbo frames. Voice VLAN frames are typically small, and allowing a voice VLAN to accept jumbo frame traffic can degrade the voice transmission performance. ■ You can configure the default, primary, and/or (if configured) the management VLAN to accept jumbo frames on all ports belonging to the VLAN.
PAGE 291
Port Traffic Controls Jumbo Frames If there are security concerns with grouping the ports as shown for VLAN 300, you can either use source-port filtering to block unwanted traffic paths or create separate jumbo VLANs, one for ports 6 and 7, and another for ports 12 and 13. ■ Outbound Jumbo Traffic. Any port operating at 1 Gbps or higher can transmit outbound jumbo frames through any VLAN, regardless of the jumbo configuration.
PAGE 292
Port Traffic Controls Jumbo Frames Troubleshooting A VLAN is configured to allow jumbo frames, but one or more ports drops all inbound jumbo frames. The port may not be operating at 1 gigabit or higher. Regardless of a port’s configuration, if it is actually operating at a speed lower than 1 gigabit, it drops inbound jumbo frames.
PAGE 293
13 Configuring for Network Management Applications Contents Using SNMP Tools To Manage the Switch . . . . . . . . . . . . . . . . . . . . . . 13-3 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-3 SNMP Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-5 Configuring for SNMP version 1 and 2c Access to the Switch . . . . . 13-5 Configuring for SNMP Version 3 Access to the Switch . . . . . . . . . . .
PAGE 294
Configuring for Network Management Applications Contents LLDP (Link-Layer Discovery Protocol) . . . . . . . . . . . . . . . . . . . . . . . 13-36 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-37 General LLDP Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-39 LLDP-MED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-39 Packet Boundaries in a Network Topology . . . . . . . .
PAGE 295
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Using SNMP Tools To Manage the Switch Overview You can manage the switch via SNMP from a network management station running an application such as ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+). For more on PCM and PCM+, visit the ProCurve Networking web site at: www.procurve.com Click on products index in the sidebar, then click on the appropriate link appearing under the Network Management heading.
PAGE 296
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch VLAN feature, refer to the section titled “The Secure Management VLAN” in the “Static Virtual LANs (VLANs)” chapter of the Advanced Traffic Management Guide for your switch.
PAGE 297
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Management Features SNMP management features on the switch include: ■ SNMP version 1, version 2c, or version 3 over IP ■ Security via configuration of SNMP communities (page 13-12) ■ Security via authentication and privacy for SNMP Version 3 access ■ Event reporting via SNMP • Version 1 traps • RMON: groups 1, 2, 3, and 9 ■ ProCurve Manager/Plus support ■ Standard MIBs, such as the Bridge MIB (RFC 1493)
PAGE 298
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch If you want to restrict access to one or more specific nodes, you can use the switch’s IP Authorized Manager feature. (Refer to the Access Security Guide for your switch.) Caution For ProCurve Manager (PCM) version 1.5 or earlier (or any TopTools version), deleting the “public” community disables some network management functions (such as traffic monitoring, SNMP trap generation, and threshold setting).
PAGE 299
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Version 3 Commands SNMP version 3 (SNMPv3) adds some new commands to the CLI for configuring SNMPv3 functions. To enable SMNPv3 operation on the switch, use the snmpv3 enable command. An initial user entry will be generated with MD5 authentication and DES privacy. You may (optionally) restrict access to only SNMPv3 agents by using the snmpv3 only command.
PAGE 300
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Enabling SNMPv3 The snmpv3 enable command allows the switch to: ■ Receive SNMPv3 messages. ■ Configure initial users. ■ Restrict non-version 3 messages to “read only” (optional). Figure 13-1 shows an example of how to use the snmpv3 enable command. Note: SNMP Ve r s i o n 3 Initial Users To create new users, most SNMPv3 management software requires an initial user record to clone.
PAGE 301
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Caution 1. Configure users in the User Table with the snmpv3 user command. To view the list of configured users, enter the show snmpv3 user command (see “Adding Users” on page 13-9). 2. Assign users to Security Groups based on their security model with the snmpv3 group command (see “Assigning Users to Groups” on page 13-11).
PAGE 302
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMPv3 User Commands Syntax: [no] snmpv3 user Adds or deletes a user entry for SNMPv3. Authorization and privacy are optional, but to use privacy, you must use authorization. When you delete a user, only the is required. [auth ] With authorization, you can set either MD5 or SHA authentication.
PAGE 303
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Assigning Users to Groups. Then you must set the group access level for the user by assigning the user to a group. This is done with the snmpv3 group command. For more details on the MIBs access for a given group refer to “Group Access Levels” on page 13-12.
PAGE 304
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Group Access Levels The switch supports eight predefined group access levels. There are four levels for use with version 3 users and four are used for access by version 2c or version 1 management applications.
PAGE 305
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: [no] snmpv3 community This command maps or removes a mapping of a community name to a group access level. To remove a mapping you, only need to specify the index_name parameter. index This is an index number or title for the mapping. The values of 1-5 are reserved and can not be mapped. name This is the community name that is being mapped to a group access level.
PAGE 306
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Community Features Feature Default show SNMP communities configure identity information Menu CLI n/a page 13-14 page 13-16 none — page 13-17 public configure community names MIB view for a community name manager (operator, manager) write access for default community name unrestricted page 13-14 “ “ “ page 13-17 “ “ “ “ Web — — Use SNMP communities to restrict access to the switch by SNMP management st
PAGE 307
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Note: This screen gives an overview of the SNMP communities that are currently configured. All fields in this screen are readonly. Add and Edit options are used to modify the SNMP options. See Figure 8-2. Figure 13-5. The SNMP Communities Screen (Default Values) 2. Press [A] (for Add) to display the following screen: If you are adding a community, the fields in this screen are blank.
PAGE 308
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch CLI: Viewing and Configuring SNMP Community Names Community Name Commands Page show snmp-server [] 13-16 [no] snmp-server 13-17 [community ] 13-17 [host ] [] 13-20 [enable traps 13-28 [enable traps link-change ] 13-29 Listing Community Names and Values.
PAGE 309
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring Community Names and Values. The snmp-server command enables you to add SNMP communities with either default or specific access attributes, and to delete specific communities. Syntax: [no] snmp-server community < community-name > Configures a new community name. If you do not also specify operator or manager, the switch automatically assigns the community to the operator MIB view.
PAGE 310
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Notifications The switches covered in this guide support: ■ SNMP version 1 or SNMP version 2c traps ■ SNMPv2c informs ■ SNMPv3 notification process, including traps This section describes how to configure a switch to send network security and link-change notifications to configured trap receivers.
PAGE 311
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch ■ ■ Advance Traffic Management Guide: • Loop protection • Spanning Tree (STP, RSTP, MSTP) Access Security Guide: • MAC lockdown • MAC lockout • Uni-Directional Link Detection (UDLD) General Steps for Configuring SNMP Notifications To configure SNMP notifications, follow these general steps: 1. Determine the versions of SNMP notifications that you want to use in your network.
PAGE 312
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMPv1 and SNMPv2c Traps The switches covered in this guide support the following functionality from earlier SNMP versions (SNMPv1 and SNMPv2c): ■ Trap receivers: A trap receiver is a management station to which the switch sends SNMP traps and (optionally) event log messages sent from the switch. From the CLI you can configure up to ten SNMP trap receivers to receive SNMP traps from the switch.
PAGE 313
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: snmp-server host Configures a destination network management station to receive SNMPv1/v2c traps, and (optionally) event log messages sent as traps from the switch, using the specified community name and destination IPv4 or IPv6 address. You can specify up to ten trap receivers (network management stations). The default community name is public.
PAGE 314
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch For example, to configure a trap receiver in a community named "red-team" with an IP address of 10.28.227.130 to receive only "critical" event log messages, you can enter the following command: ProCurve(config)# snmp-server host 10.28.227.
PAGE 315
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Note The retries and timeout values are not used to send trap requests. To verify the configuration of SNMPv2c informs, enter the show snmp-server command: ProCurve(config)# show snmp-server SNMP Communities Community Name MIB View Write Access ---------------- -------- -----------public Manager Unrestricted Trap Receivers Link-Change Traps Enabled on Ports [All] : All ...
PAGE 316
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring SNMPv3 Notifications The SNMPv3 notification process allows messages that are passed via SNMP between the switch and a network management station to be authenticated and encrypted. To configure SNMPv3 notifications, follow these steps: 1. Enable SNMPv3 operation on the switch by entering the snmpv3 enable command (see “SNMP Version 3 Commands” on page 13-7).
PAGE 317
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch 5. Configure the target address of the SNMPv3 management station to which SNMPv3 informs and traps are sent by entering the snmpv3 targetaddress command. Syntax: [no] snmpv3 targetaddress < ipv4-addr | ipv6-addr> < name > Configures the IPv4 or IPv6 address, name, and configuration filename of the SNMPv3 management station to which notification messages are sent.
PAGE 318
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: [no] snmpv3 targetaddress < ipv4-addr | ipv6-addr> < name > [timeout < value >] (Optional) Time (in millisecond increments) allowed to receive a response from the target before notification packets are retransmitted. Range: 0-2147483647. Default: 1500 (15 seconds). [max-msg-size] (Optional) Maximum number of bytes supported in a notification message to the specified target.
PAGE 319
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch An example of how to configure SNMPv3 notification is shown here: Params _name value in the snmpv3 targetaddress command matches the params _name value in the snmpv3 params command. The tag _name value in snmpv3 notify command matches the tag _name value in the snmpv3 targetaddress command. Configuring the security model ver3 requires you to configure message processing ver3 and a security service level. Figure 13-9.
PAGE 320
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch To enable or disable notification/traps for network security failures and other security events, enter the snmp-server enable traps command.
PAGE 321
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch ProCurve(config)# show snmp-server traps Link-change trap setting Trap Receivers Link-Change Traps Enabled on Ports [All] : A1-A24 Trap Category -----------------------------SNMP Authentication Password change Login failures Port-Security Authorization Server Contact ARP Protection DHCP Snooping Address --------------15.255.5.
PAGE 322
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring the Source IP Address for SNMP Notifications The switch uses an interface IP address as the source IP address in IP headers when sending SNMP notifications (traps and informs) or responses to SNMP requests. For multi-netted interfaces, the source IP address is the IP address of the outbound interface of the SNMP reply, which may differ from the destination IP address in the IP header of the received request.
PAGE 323
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch To configure the switch to use a specified source IP address in generated trap PDUs, enter the snmp-server trap-source command. Syntax: [no] snmp-server trap-source [] Specifies the source IP address to be used for a trap PDU. The no form of the command resets the switch to the default behavior (compliant with rfc-1517). Default: Use the interface IP address in generated trap PDUs.
PAGE 324
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch ProCurve(config)# show snmp-server SNMP Communities Community Name MIB View Write Access ---------------- -------- -----------public Manager Unrestricted Trap Receivers Link-Change Traps Enabled on Ports [All] : All ... Excluded MIBs Snmp Response Pdu Source-IP Information Selection Policy : dstIpOfRequest Trap Pdu Source-IP Information Selection Policy : Configured IP Ip Address : 10.10.10.
PAGE 325
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch In the following example, the show snmp-server command output shows that the switch has been configured to send SNMP traps and notifications to management stations that belong to the “public”, “red-team”, and “blue-team” communities.
PAGE 326
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring Listening Mode For switches that have a separate out-of-band management port, you can specify whether a configured SNMP server listens for SNMP queries over the out-of-band management interface, the data interface, or both. By default, the switch listens over both interfaces. This option is not available for switches that do not have a separate out-ofband management port.
PAGE 327
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Advanced Management: RMON The switch supports RMON (Remote Monitoring) on all connected network segments. This allows for troubleshooting and optimizing your network. The following RMON groups are supported: ■ ■ ■ ■ Ethernet Statistics (except the numbers of packets of different frame sizes) Alarm History (of the supported Ethernet statistics) Event The RMON agent automatically runs in the switch.
PAGE 328
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP (Link-Layer Discovery Protocol) To standardize device discovery on all ProCurve switches, LLDP will be implemented while offering limited read-only support for CDP as documented in this manual. For the latest information on your switch model, consult the Release Notes (available on the ProCurve Networking web site).
PAGE 329
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP-MED (LLDP Media Endpoint Discovery): Provides an extension to LLDP and is designed to support VoIP deployments. Note LLDP-MED is an extension for LLDP, and the switch requires that LLDP be enabled as a prerequisite to LLDP-MED operation. An SNMP utility can progressively discover LLDP devices in a network by: 1.
PAGE 330
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP Neighbor: An LLDP device that is either directly connected to another LLDP device or connected to that device by another, non-LLDP Layer 2 device (such as a hub) Note that an 802.1D-compliant switch does not forward LLDP data packets even if it is not LLDP-aware. LLDPDU (LLDP Data Unit): LLDP data packet are transmitted on active links and include multiple TLVs containing global and per-port switch information.
PAGE 331
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) TLV (Type-Length-Value): A data unit that includes a data type field, a data unit length field (in bytes), and a field containing the actual data the unit is designed to carry (as an alphanumeric string, a bitmap, or a subgroup of information). Some TLVs include subelements that occur as separate data points in displays of information maintained by the switch for LLDP advertisements.
PAGE 332
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Configuration Options Enable or Disable LLDP on the Switch. In the default configuration, LLDP is globally enabled on the switch. To prevent transmission or receipt of LLDP traffic, you can disable LLDP operation (page 13-40) Enable or Disable LLDP-MED. In the default configuration for the switches covered in this guide, LLDP-MED is enabled by default. (Requires that LLDP is also enabled.
PAGE 333
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) SNMP Notification. You can enable the switch to send a notification to any configured SNMP trap receiver(s) when the switch detects a remote LLDP data change on an LLDP-enabled port (page 13-50). Per-Port (Outbound) Data Options. The following table lists the information the switch can include in the per-port, outbound LLDP packets it generates.
PAGE 334
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Data Type Configuration Options Default Description 1The Packet Time-to-Live value is included in LLDP data packets. (Refer to “Changing the Time-to-Live for Transmitted Advertisements” on page 13-48.) Subelement of the Chassis ID TLV. 3 Subelement of the Port ID TLV. 4 Subelement of the Remote-Management-Address TLV. 5 Subelement of the System Capability TLV. 6 Populated with data captured internally by the switch.
PAGE 335
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ■ RFC 2737 (Entity MIB) ■ RFC 2863 (Interfaces MIB) ■ ANSI/TIA-1057/D6 (LLDP-MED; refer to “LLDP-MED (Media-EndpointDiscovery)” on page 13-55.) LLDP Operating Rules (For additional information specific to LLDP-MED operation, refer to “LLDPMED (Media-Endpoint-Discovery)” on page 13-55.) Port Trunking. LLDP manages trunked ports individually.
PAGE 336
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Spanning-Tree Blocking. Spanning tree does not prevent LLDP packet transmission or receipt on STP-blocked links. 802.1X Blocking. Ports blocked by 802.1X operation do not allow transmission or receipt of LLDP packets. Configuring LLDP Operation In the default configuration, LLDP is enabled and in both transmit and receive mode on all active ports.
PAGE 337
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displays the LLDP global configuration, LLDP port status, and SNMP notification status. For information on port admin status, refer to “Configuring Per-Port Transmit and Receive Modes” on page 13-51. For example, show lldp config produces the following display when the switch is in the default LLDP configuration: Note: This value corresponds to the lldp refresh-interval command (page 13-47).
PAGE 338
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying Port Configuration Details. This command displays the portspecific configuration, including. Syntax show lldp config < port-list > Displays the LLDP port-specific configuration for all ports in < port-list >, including which optional TLVs and any non-default IP address that are included in the port’s outbound advertisements.
PAGE 339
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ■ Add entries to its neighbors table based on data read from incoming LLDP advertisements. Syntax [ no ] lldp run Enables or disables LLDP operation on the switch. The no form of the command, regardless of individual LLDP port configurations, prevents the switch from transmitting outbound LLDP advertisements, and causes the switch to drop all LLDP advertisements received from other devices.
PAGE 340
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Changing the Time-to-Live for Transmitted Advertisements. The Time-to-Live value (in seconds) for all LLDP advertisements transmitted from a switch is controlled by the switch that generates the advertisement, and determines how long an LLDP neighbor retains the advertised data before discarding it. The Time-to-Live value is the result of multiplying the refreshinterval by the holdtime-multiplier described below.
PAGE 341
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax setmib lldpTxDelay.0 -i < 1 - 8192 > Uses setmib to change the minimum time (delay-interval) any LLDP port will delay advertising successive LLDP advertisements due to a change in LLDP MIB content. (Default: 2; Range: 1 - 8192) Note: The LLDP refresh-interval (transmit interval) must be greater than or equal to (4 x delay-interval).
PAGE 342
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) delay interval delays the port’s ability to reinitialize and generate LLDP traffic following an LLDP disable/enable cycle. Syntax setmib lldpReinitDelay.0 -i < 1 - 10 > Uses setmib to change the minimum time (reinitialization delay interval) an LLDP port will wait before reinitializing after receiving an LLDP disable command followed closely by a txonly or tx_rx command.
PAGE 343
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Changing the Minimum Interval for Successive Data Change Notifications for the Same Neighbor. If LLDP trap notification is enabled on a port, a rapid succession of changes in LLDP information received in advertisements from one or more neighbors can generate a high number of traps. To reduce this effect, you can globally change the interval between successive notifications of neighbor data change.
PAGE 344
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Configuring Basic LLDP Per-Port Advertisement Content In the default LLDP configuration, outbound advertisements from each port on the switch include both mandatory and optional data. Mandatory Data. An active LLDP port on the switch always includes the mandatory data in its outbound advertisements.
PAGE 345
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) For example, if port 3 belongs to a subnetted VLAN that includes an IP address of 10.10.10.100 and you wanted port 3 to use this secondary address in LLDP advertisements, you would need to execute the following command: ProCurve(config)# lldp config 3 ipAddrEnable 10.10.10.100 Optional Data. You can configure an individual port or group of ports to exclude one or more of these data types from outbound LLDP advertisements.
PAGE 346
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) system_cap For outbound advertisements, this TLV includes a bitmask of supported system capabilities (device functions). Also includes information on whether the capabilities are enabled.
PAGE 347
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax: [ no ] lldp config < port-list > dot3TlvEnable macphy_config For outbound advertisements, this TLV includes the (local) switch port’s current speed and duplex settings, the range of speed and duplex settings the port supports, and the method required for reconfiguring the speed and duplex settings on the device (auto-negotiation during link initialization, or manual configuration).
PAGE 348
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ■ Power over Ethernet (PoE) status and troubleshooting support via SNMP ■ support for IP telephony network troubleshooting of call quality issues via SNMP This section describes how to configure and use LLDP-MED features in the switches to support VoIP network edge devices (Media Endpoint Devices) such as: ■ IP phones ■ voice/media gateways ■ media servers ■ IP communications controllers ■ other VoIP devices or
PAGE 349
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ■ Note able to use the following network policy elements configured on the client port • voice VLAN ID • 802.
PAGE 350
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ■ Class 3 (Communication Devices): These devices are typically IP phones or end-user devices that otherwise support IP media and offer all Class 1 and Class 2 features, plus location identification and emergency 911 capability, Layer 2 switch support, and device information management. LLDP-MED Operational Support.
PAGE 351
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax: lldp top-change-notify < port-list > Topology change notification, when enabled on an LLDP port, causes the switch to send an SNMP trap if it detects LLDPMED endpoint connection or disconnection activity on the port, or an age-out of the LLDP-MED neighbor on the port.
PAGE 352
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP-MED Fast Start Control Syntax: lldp fast-start-count < 1 - 10 > An LLDP-MED device connecting to a switch port may use the data contained in the MED TLVs from the switch to configure itself. However, the lldp refresh-interval setting (default: 30 seconds) for transmitting advertisements can cause an unacceptable delay in MED device configuration.
PAGE 353
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note LLDP-MED operation requires the macphy_config TLV subelement—enabled by default—that is optional for IEEE 802.1AB LLDP operation. Refer to the dot3TlvEnable macphy_config command on page 13-55. Network Policy Advertisements. Network policy advertisements are intended for real-time voice and video applications, and include these TLV subelements: ■ Layer 2 (802.
PAGE 354
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Notes A codepoint must have an 802.1p priority before you can configure it for use in prioritizing packets by VLAN-ID. If a codepoint you want to use shows No Override in the Priority column of the DSCP policy table (display with show qosdscp map, then use qos-dscp map < codepoint > priority < 0 - 7 > to configure a priority before proceeding.
PAGE 355
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) network-policy This TLV enables the switch port to advertise its configured network policies (voice VLAN, Layer 2 QoS, Layer 3 QoS), and allows LLDP-MED endpoint devices to auto-configure the voice network policy advertised by the switch. This also enables the use of SNMP applications to troubleshoot statically configured endpoint network policy mismatches.
PAGE 356
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax: [ no ] lldp config < port-list > medPortLocation < Address-Type > Configures location or emergency call data the switch advertises per port in the location_id TLV. This TLV is for use by LLDPMED endpoints employing location-based applications. Note: The switch allows one medPortLocation entry per port (without regard to type).
PAGE 357
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) — Continued— Type/Value Pairs (CA-TYPE and CA-VALUE): This is a series of data pairs, each composed of a location data “type” specifier and the corresponding location data for that type. That is, the first value in a pair is expected to be the civic address “type” number (CATYPE), and the second value in a pair is expected to be the corresponding civic address data (CA-VALUE).
PAGE 358
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note: A switch port allows one instance of any given CATYPE. For example, if a type/value pair of 6 Atlantic (to specify “Atlantic” as a street name) is configured on port A5 and later another type/value pair of 6 Pacific is configured on the same port, then Pacific replaces Atlantic in the civic address location configured for port A5.
PAGE 359
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Table 13-4.
PAGE 360
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ProCurve(config)# lldp config d1 medportlocation civic-addr US 2 1 C A ProCurve(config)# show lldp config d1 LLDP Port Configuration Detail Port : D1 AdminStatus [Tx_Rx] : disable NotificationEnabled [False] : False Med Topology Trap Enabled [False] : False Country Name What Ca-Type Ca-Length Ca-Value : : : : : US 2 1 2 CA TLVS Advertised: * port_descr * system_name * system_descr * system_cap * * * * capabilities netw
PAGE 361
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying Switch Information Available for Outbound Advertisements These commands display the current switch information that will be used to populate outbound LLDP advertisements. Syntax show lldp info local-device [ port-list ] Without the [ port-list ] option, this command displays the global switch information and the per-port information currently available for populating outbound LLDP advertisements.
PAGE 362
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ProCurve# show lldp info local-device LLDP Local Device Information Chassis Type : mac-address Chassis Id : 00 24 81 b0 09 21 System Name : ProCurve 6120 Blade Switch System Description : ProCurve 498358-B21 6120 Blade Switch, revision ... System Capabilities Supported:bridge System Capabilities Enabled:bridge Management Address : Type:ipv4 Address:16.93.40.251 LLDP Port Information Port -------D1 D2 D3 D4 D5 D6 . . .
PAGE 363
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) an LLDP-MED endpoint, refer to “Displaying the Current Port Speed and Duplex Configuration on a Switch Port” on page 13-70. Syntax: show interfaces brief < port-list > Includes port speed and duplex configuration in the Mode column of the resulting display. Displaying Advertisements Currently in the Neighbors MIB. These commands display the content of the inbound LLDP advertisements received from other LLDP devices.
PAGE 364
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ProCurve# show lldp info remote-device LLDP Remote Devices Information LocalPort --------1 1 1 1 1 1 1 1 1 1 | + | | | | | | | | | | ChassisId ------------------------HP ProCurve Switch 282... HP ProCurve Switch 252... HP ProCurve Switch 282... Switch FOX110613GF(casl-ssw31... HP ProCurve Switch 530... HP ProCurve Switch 265... HP ProCurve Switch 252... HP ProCurve Switch 252...
PAGE 365
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying LLDP Statistics LLDP statistics are available on both a global and a per-port levels. Rebooting the switch resets the LLDP statistics counters to zero. Disabling the transmit and/or receive capability on a port “freezes” the related port counters at their current values.
PAGE 366
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) — Continued — Per-Port LLDP Counters: NumFramesRecvd: Shows the total number of valid, inbound LLDP advertisements received from any neighbor(s) on < portlist >. Where multiple neighbors are connected to a port through a hub, this value is the total number of LLDP advertisements received from all sources. NumFramesSent: Shows the total number of LLDP advertisements sent from < port-list >.
PAGE 367
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Counters showing frames sent on a port but no frames received on that port indicates an active link with a device that either has LLDP disabled on the link or is not LLDPaware. Figure 13-22. Example of a Global LLDP Statistics Display Figure 13-23. Example of a Per-Port LLDP Statistics Display LLDP Operating Notes Neighbor Maximum.
PAGE 368
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) One IP Address Advertisement Per-Port: LLDP advertises only one IP address per-port, even if multiple IP addresses are configured by lldp config < port-list > ipAddrEnable on a given port. 802.1Q VLAN Information. LLDP packets do not include 802.1Q header information, and are always handled as untagged packets. Effect of 802.1X Operation. If 802.
PAGE 369
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ProCurve# walkmib ifDescr ifDescr.1 = D1 ifDescr.2 = D2 ifDescr.3 = D3 . . . ifDescr.23 = X1 ifDescr.24 = X2 ifDescr.25 = C1 ifDescr.75 = DEFAULT_VLAN . . . Figure 13-24.
PAGE 370
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note • The LLDP “System Descr” field maps to CDP’s “Version” and “Platform” fields. • The switch assigns “ChassisType” and “PortType” fields as “local” for both the LLDP and the CDP advertisements it receives. • Both LLDP and CDP support the “System Capability” TLV.
PAGE 371
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Protocol State Packet Generation Inbound Data Management Inbound Packet Forwarding 1Both CDP data collection and LLDP transmit/receive are enabled in the default configuration.
PAGE 372
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note Command Page show cdp 13-80 show cdp neighbors [< port-list > detail] [detail < port-list >] 13-81 [no] cdp run 13-81 [no] cdp enable < port-list > 13-82 For details on how to use an SNMP utility to retrieve information from the switch’s CDP Neighbors table maintained in the switch’s MIB (Management Information Base), refer to the documentation provided with the particular SNMP utility.
PAGE 373
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Viewing the Switch’s Current CDP Neighbors Table. Devices are listed by the port on which they were detected. Syntax: show cdp neighbors Lists the neighboring CDP devices the switch detects, with a subset of the information collected from the device’s CDP packet. [ [e] port-numb [detail] ] Lists the CDP device connected to the specified port. (Allows only one port at a time.
PAGE 374
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) For example, to disable CDP read-only on the switch: ProCurve(config)# no cdp run When CDP is disabled: ■ show cdp neighbors displays an empty CDP Neighbors table ■ show cdp displays Global CDP information Enable CDP [Yes]: No Enabling or Disabling CDP Operation on Individual Ports. In the factory-default configuration, the switch has all ports enabled to receive CDP packets.
PAGE 375
A File Transfers Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3 Downloading Switch Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3 General Software Download Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3 Using TFTP To Download Software from a Server . . . . . . . . . . . . . . A-4 Menu: TFTP Download from a Server to Primary Flash . . . . . . .
PAGE 376
File Transfers Contents Transferring Switch Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . A-25 TFTP: Copying a Configuration File to a Remote Host . . . . . . . A-25 TFTP: Copying a Configuration File from a Remote Host . . . . A-26 TFTP: Copying a Customized Command File to a Switch . . . . A-26 Xmodem: Copying a Configuration File to a USB Serial Console Connected PC or UNIX Workstation . . . . . . . . . . . . . . . . . . . . . .
PAGE 377
File Transfers Overview Overview The switches covered in this guide support several methods for transferring files to and from a physically connected device, or via the network, including TFTP, Xmodem, and USB. This appendix explains how to download new switch software, and upload or download switch configuration files and software images.
PAGE 378
File Transfers Downloading Switch Software General Software Download Rules Note ■ Switch software that you download via the menu interface always goes to primary flash. ■ After a software download, you must reboot the switch to implement the new software. Until a reboot occurs, the switch continues to run on the software it was using before the download commenced. Downloading new switch software does not change the current switch configuration.
PAGE 379
File Transfers Downloading Switch Software Menu: TFTP Download from a Server to Primary Flash Note that the menu interface accesses only the primary flash. 1. In the console Main Menu, select Download OS to display the screen in figure A-1. (The term “OS”, or “operating system” refers to the switch software): ===========================-TELNET - MANAGER MODE -============================ Download OS Current Software revision : Z.14.
PAGE 380
File Transfers Downloading Switch Software A “progress” bar indicates the progress of the download. When the entire software file has been received, all activity on the switch halts and you will see Validating and writing system software to FLASH... 7. After the primary flash memory has been updated with the new software, you must reboot the switch to implement the newly downloaded software. Return to the Main Menu and press [6] (for Reboot Switch).
PAGE 381
File Transfers Downloading Switch Software To find more information on the cause of a download failure, examine the messages in the switch’s Event Log by executing the show log tftp command from the CLI. Also: ■ For more on the Event Log, see “Using the Event Log for Troubleshooting Switch Problems” on page C-24. ■ For descriptions of individual Event Log messages, refer to the latest version of the Event Log Message Reference Guide for your switch.
PAGE 382
File Transfers Downloading Switch Software This command automatically downloads a switch software file to primary or secondary flash. Note that if you do not specify the flash destination, the TFTP download defaults to primary flash. For switches that have a separate out-of-band management port, the oobm parameter specifies that the traffic will go through the out-of-band management interface. If this parameter is not specified, the traffic goes through the data interface.
PAGE 383
File Transfers Downloading Switch Software 4. To confirm that the software downloaded correctly, execute show system and check the Firmware revision line. For information on primary/secondary flash memory and the boot commands, refer to “Using Primary and Secondary Flash Image Options” on page 6-14. Note If you use auto-tftp to download a new image in a redundant management system, the active management module downloads the new image to both the active and standby modules.
PAGE 384
File Transfers Downloading Switch Software The no tftp command does not disable auto-TFTP operation. To disable an auto-TFTP command configured on the switch, use the no autotftp command described on page A-11 to remove the command entry from the switch’s configuration. For information on how to configure TFTP file transfers on an IPv6 network, refer to the “IPv6 Management Features” chapter in the IPv6 Configuration Guide for your switch.
PAGE 385
File Transfers Downloading Switch Software Using Auto-TFTP The auto-tftp command allows you to configure the switch to download software automatically from a TFTP server. How It Works. At switch startup, the auto-TFTP feature automatically downloads a specified software image to the switch from a specified TFTP server, then reboots the switch.
PAGE 386
File Transfers Downloading Switch Software Using Secure Copy and SFTP For some situations you may want to use a secure method to issue commands or copy files to the switch. By opening a secure, encrypted SSH session and enabling ip ssh file transfer, you can then use a third-party software application to take advantage of Secure Copy (SCP) and Secure ftp (SFTP).
PAGE 387
File Transfers Downloading Switch Software Protocol major versions differ: 2 vs. 1 Connection closed Protocol major versions differ: 1 vs. 2 Connection closed Received disconnect from < ip-addr >: /usr/local/ libexec/sftp-server: command not supported Connection closed SCP (secure copy) is an implementation of the BSD rcp (Berkeley UNIX remote copy) command tunneled through an SSH connection. SCP is used to copy files to and from the switch when security is required. SCP works with both SSH v1 and SSH v2.
PAGE 388
File Transfers Downloading Switch Software Disable TFTP and Auto-TFTP for Enhanced Security Using the ip ssh filetransfer command to enable Secure FTP (SFTP) automatically disables TFTP and auto-TFTP (if either or both are enabled). ProCurve(config)# ip ssh filetransfer Tftp and auto-tftp have been disabled. ProCurve(config)# sho run Enabling SFTP automatically disables TFTP and auto-tftp and displays this message. Running configuration: ; 498358-B21 Configuration Editor; Created on release #Z.14.
PAGE 389
File Transfers Downloading Switch Software Enables/Disables TFTP. Note: If SFTP is enabled, this field will be set to No. You cannot use this field to enable TFTP if SFTP is enabled. Attempting to do so produces an Inconsistent value message in the banner below the Actions line. Figure A-6. Using the Menu Interface To Disable TFTP ■ While SFTP is enabled, TFTP and auto-TFTP cannot be enabled from the CLI.
PAGE 390
File Transfers Downloading Switch Software Note As a matter of policy, administrators should not enable the SSHv1-only or the SSHv1-or-v2 advertisement modes. SSHv1 is supported on only some legacy switches (such as the HP ProCurve 2500 switches). To confirm that SSH is enabled type in the command ProCurve(config)# show ip ssh Once you have confirmed that you have enabled an SSH session (with the show ip ssh command), enter ip ssh filetransfer so that SCP and/or SFTP can run.
PAGE 391
File Transfers Downloading Switch Software ■ When an SFTP client connects, the switch provides a file system displaying all of its available files and folders. No file or directory creation is permitted by the user. Files may only be uploaded or downloaded, according to the permissions mask. All of the necessary files the switch will need are already in place on the switch. You do not need to (nor can you create) new files. ■ The switch supports one SFTP session or one SCP session at a time.
PAGE 392
File Transfers Downloading Switch Software | authorized_keys \---oper_keys authorized_keys ■ When using SFTP to copy a software image onto the switch, the command return takes only a few seconds. However, this does not mean that the transfer is complete, because the switch requires additional time (typically more than one minute) to write the image to flash in the background.
PAGE 393
File Transfers Downloading Switch Software Note The Bad file number is from the system error value and may differ depending on the cause of the failure. In the third example, the device file to read was closed as the device read was about to occur. Attempt to Start a Session During a Flash Write. If you attempt to start an SCP (or SFTP) session while a flash write is in progress, the switch will not allow the SCP or SFTP session to start.
PAGE 394
File Transfers Downloading Switch Software Menu: Xmodem Download to Primary Flash Note that the menu interface accesses only the primary flash. 1. From the console Main Menu, select 7. Download OS 2. Press [E] (for Edit). 3. Use the Space bar to select XMODEM in the Method field. 4. Press [Enter], then [X] (for eXecute) to begin the software download. The following message then appears: Press enter and then initiate Xmodem transfer from the attached computer..... 5.
PAGE 395
File Transfers Downloading Switch Software CLI: Xmodem Download from a PC or UNIX Workstation to Primary or Secondary Flash Using Xmodem and a terminal emulator, you can download a software file to either primary or secondary flash. Syntax: copy xmodem flash [< primary | secondary >] Downloads a software file to primary or secondary flash. If you do not specify the flash destination, the Xmodem download defaults to primary flash. For example, to download a switch software file named E0822.
PAGE 396
File Transfers Downloading Switch Software 4. To confirm that the software downloaded correctly: ProCurve> show system Check the Firmware revision line. It should show the software version that you downloaded in the preceding steps. If you need information on primary/secondary flash memory and the boot commands, refer to “Using Primary and Secondary Flash Image Options” on page 6-14. Switch-to-Switch Download You can use TFTP to transfer a software image between two switches of the same series.
PAGE 397
File Transfers Downloading Switch Software 7. After the primary flash memory has been updated with the new software, you must reboot the switch to implement the newly downloaded software. Return to the Main Menu and press [6] (for Reboot Switch). You will then see this prompt: Continue reboot of system? : No Press the space bar once to change No to Yes, then press [Enter] to begin the reboot. 8. To confirm that the software downloaded correctly: a.
PAGE 398
File Transfers Downloading Switch Software Running Total of Bytes Downloaded Figure A-7. Switch-To-Switch, from Primary in Source to Either Flash in Destination Downloading from Either Flash in the Source Switch to Either Flash in the Destination Switch. Syntax: copy tftp flash < ip-addr > < /os/primary > | < /os/secondary > [ primary | secondary ] This command (executed in the destination switch) gives you the most options for downloading between switches.
PAGE 399
File Transfers Copying Software Images Copying Software Images Using the CLI commands described in this section, you can copy software images from the switch to another device using tftp, xmodem, or usb. Note For details on how switch memory operates, including primary and secondary flash, refer to Chapter 6, “Switch Memory and Configuration”. TFTP: Copying a Software Image to a Remote Host Syntax: copy flash tftp < ip-addr > < filename > This command copies the primary flash image to a TFTP server.
PAGE 400
File Transfers Transferring Switch Configurations Transferring Switch Configurations Transfer Features Feature Page Use TFTP to copy from a remote host to a config file A-27 Use TFTP to copy a config file to a remote host A-28 Use Xmodem to copy a configuration from a serially connected host to a config file A-28 Use Xmodem to copy a config file to a serially connected host A-29 Using the CLI commands described in this section, you can copy switch configurations to and from a switch.
PAGE 401
File Transfers Transferring Switch Configurations TFTP: Copying a Configuration File from a Remote Host Syntax: copy tftp < startup-config | running-config > < ip-address > < remote-file > [ pc | unix ] copy tftp config < filename > < ip-address > < remote-file > [ pc | unix ] This command can copy a configuration from a remote host to a designated config file in the switch. For more on multiple configuration files, refer to “Multiple Configuration Files” on page 6-25.
PAGE 402
File Transfers Transferring Switch Configurations Syntax: show tech custom Executes the commands found in a custom file instead of the hard-coded list. Note: Exit the global config mode (if needed) before executing show tech commands. You can include show tech commands in the custom file, with the exception of show tech custom. For example, you can include the command show tech all. If no custom file is found, a message displays stating “No SHOW-TECH file found.
PAGE 403
File Transfers Transferring Switch Configurations 2. Execute the following command: 3. After you see the above prompt, press [Enter]. 4. Execute the terminal emulator commands to begin the file transfer. Xmodem: Copying a Configuration File from a Serially Connected PC or UNIX Workstation To use this method, the switch must be connected via the serial port to a PC or UNIX workstation on which is stored the configuration file you want to copy.
PAGE 404
File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation Syntax: boot system flash [ primary | secondary ] boot system flash [ config < filename > Switches boot from the designated configuration file. For more on multiple configuration files, refer to “Multiple Configuration Files” on page 6-25. Syntax: reload Reboots from the flash image currently in use. (For more on these commands, refer to “Rebooting the Switch” on page 6-19.
PAGE 405
File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation Copying Command Output to a Destination Device Syntax: copy command-output < “cli-command” > tftp < ip-address > < filepathfilename > copy command-output < “cli-command” > usb < filename > copy command-output <“cli-command”> xmodem These commands direct the displayed output of a CLI command to a remote host, attached USB device, or to a serially connected PC or UNIX workstation.
PAGE 406
File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation At this point, press [Enter] and start the Xmodem command sequence in your terminal emulator. Figure A-12. Example of Sending Event Log Content to a File on an Attached PC Copying Crash Data Content to a Destination Device This command uses TFTP, USB, or Xmodem to copy the Crash Data content to a destination device. You can copy individual slot information or the management module’s switch information.
PAGE 407
File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation Copying Crash Log Data Content to a Destination Device Syntax: copy crash-log [mm>] tftp copy crash-log [mm>] usb copy crash-log [mm>] xmodem where: mm Retrieves the crash log from the switch’s chassis processor. When mm is specified, crash files from both management modules are copied.
PAGE 408
B Monitoring and Analyzing Switch Operation Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3 Status and Counters Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-4 Menu Access To Status and Counters . . . . . . . . . . . . . . . . . . . . . . . . . B-5 General System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-6 Menu Access . . . . . . . . . . . . . . . . . . . . . .
PAGE 409
Monitoring and Analyzing Switch Operation Contents Mirroring Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-24 Mirrored Traffic Destinations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-26 Local Destinations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-26 Monitored Traffic Sources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-26 Criteria for Selecting Mirrored Traffic . . . . . . . . . . . . .
PAGE 410
Monitoring and Analyzing Switch Operation Overview Overview The switches covered in this guide have several built-in tools for monitoring, analyzing, and troubleshooting switch and network operation: Note ■ Status: Includes options for displaying general switch information, management address data, port status, port and trunk group statistics, MAC addresses detected on each port or VLAN, and STP, IGMP, and VLAN data (page B-4).
PAGE 411
Monitoring and Analyzing Switch Operation Status and Counters Data Status and Counters Data This section describes the status and counters screens available through the switch console interface and/or the web browser interface. Note Status or Counters Type You can access all console screens from the web browser interface via Telnet to the console. Telnet access to the switch is available in the Device View window under the Configuration tab.
PAGE 412
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access To Status and Counters Beginning at the Main Menu, display the Status and Counters menu by selecting: 1. Status and Counters Figure B-1. The Status and Counters Menu Each of the above menu items accesses the read-only screens described on the following pages. Refer to the online help for a description of the entries displayed in these screens.
PAGE 413
Monitoring and Analyzing Switch Operation Status and Counters Data General System Information Menu Access From the console Main Menu, select: 1. Status and Counters 1. General System Information Figure B-2. Example of General Switch Information This screen dynamically indicates how individual switch resources are being used. Refer to the online Help for details.
PAGE 414
Monitoring and Analyzing Switch Operation Status and Counters Data CLI Access to System Information The show system command displays general system information about the switch. Syntax: show system [information | enclosure] Displays global system information and operational parameters for the switch. information Displays global system information and operational parameters for the switch. enclosure Shows rack and enclosure information.
PAGE 415
Monitoring and Analyzing Switch Operation Status and Counters Data Task Monitor—Collecting Processor Data The task monitor feature allows you to enable or disable the collection of processor utilization data. The task-monitor cpu command is equivalent to the existing debug mode command “taskusage -d”. (The taskUsageShow command is available as well.) When the task-monitor command is enabled, the show cpu command summarizes the processor usage by protocol and system functions.
PAGE 416
Monitoring and Analyzing Switch Operation Status and Counters Data Figure B-5. Example of Management Address Information with VLANs Configured This screen displays addresses that are important for management of the switch. If multiple VLANs are not configured, this screen displays a single IP address for the entire switch. Refer to the online Help for details. Note As shown in figure B-5, all VLANs on the switches use the same MAC address.
PAGE 417
Monitoring and Analyzing Switch Operation Status and Counters Data Port Status The web browser interface and the console interface show the same port status data. Menu: Displaying Port Status From the Main Menu, select: 1. Status and Counters … 4. Port Status Figure B-6. Example of Port Status on the Menu Interface CLI Access Syntax: show interfaces brief Web Access B-10 1. Click on the Status tab. 2. Click on [Port Status].
PAGE 418
Monitoring and Analyzing Switch Operation Status and Counters Data Viewing Port and Trunk Group Statistics and Flow Control Status Feature Default Menu CLI Web viewing port and trunk statistics for all ports, and flow control status n/a page B-12 page B-13 page B-13 viewing a detailed summary for a particular port or trunk n/a page B-12 page B-13 page B-13 resetting counters n/a page B-12 page B-13 page B-13 These features enable you to determine the traffic patterns for each port since
PAGE 419
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to Port and Trunk Statistics To access this screen from the Main Menu, select: 1. Status and Counters … 4. Port Counters Figure B-7. Example of Port Counters on the Menu Interface To view details about the traffic on a particular port, use the [v] key to highlight that port number, then select Show Details. For example, selecting port A2 displays a screen similar to figure B-8, below. Figure B-8.
PAGE 420
Monitoring and Analyzing Switch Operation Status and Counters Data CLI Access To Port and Trunk Group Statistics To Display the Port Counter Summary Report. Syntax: show interfaces This command provides an overview of port activity for all ports on the switch. To Display a Detailed Traffic Summary for Specific Ports. Syntax: show interfaces < port-list > This command provides traffic details for the port(s) you specify To Reset the Port Counters for a Specific Port.
PAGE 421
Monitoring and Analyzing Switch Operation Status and Counters Data Viewing the Switch’s MAC Address Tables Note The 6120G/XG supports a maximum of 16,000 MAC address entries. The 6120XG supports a maximum of 32,000 MAC address entries.
PAGE 422
Monitoring and Analyzing Switch Operation Status and Counters Data Figure B-9. Example of the Address Table To page through the listing, use Next page and Prev page. Finding the Port Connection for a Specific Device on a VLAN. This feature uses a device’s MAC address that you enter to identify the port used by that device. 1. Proceeding from figure B-9, press [S] (for Search), to display the following prompt: Enter MAC address: _ 2. Type the MAC address you want to locate and press [Enter].
PAGE 423
Monitoring and Analyzing Switch Operation Status and Counters Data Port-Level MAC Address Viewing and Searching. This feature displays and searches for MAC addresses on the specified port instead of for all ports on the switch. 1. From the Main Menu, select: 1. Status and Counters 7. Port Address Table Prompt for Selecting the Port To Search Figure B-11. Listing MAC Addresses for a Specific Port 2.
PAGE 424
Monitoring and Analyzing Switch Operation Status and Counters Data CLI Access for MAC Address Views and Searches Syntax: show mac-address [ vlan < vlan-id >] [< port-list >] [< mac-addr >] To List All Learned MAC Addresses on the Switch, with The Port Number on Which Each MAC Address Was Learned. ProCurve> show mac-address To List All Learned MAC Addresses on one or more ports, with Their Corresponding Port Numbers.
PAGE 425
Monitoring and Analyzing Switch Operation Status and Counters Data Spanning Tree Protocol (MSTP) Information CLI Access to MSTP Data This option lists the MSTP configuration, root data, and per-port data (cost, priority, state, and designated bridge). Syntax: show spanning-tree This command displays the switch’s global and regional spanning-tree status, plus the per-port spanning-tree operation at the regional level.
PAGE 426
Monitoring and Analyzing Switch Operation Status and Counters Data Internet Group Management Protocol (IGMP) Status The switch uses the CLI to display the following IGMP status on a per-VLAN basis: Show Command Output show ip igmp Global command listing IGMP status for all VLANs configured in the switch: • VLAN ID (VID) and name • Active group addresses per VLAN • Number of report and query packets per group • Querier access port per VLAN show ip igmp Per-VLAN command listing above IGMP stat
PAGE 427
Monitoring and Analyzing Switch Operation Status and Counters Data VLAN Information The switch uses the CLI to display the following VLAN status: Note The 6120G/XG supports a maximum of 256 VLANs. The 6120XG supports a maximum of 1,024 VLANs.
PAGE 428
Monitoring and Analyzing Switch Operation Status and Counters Data Figure B-14. Example of VLAN Listing for the Entire Switch Listing the VLAN ID (VID) and Status for Specific Ports. Because ports A1 and A2 are not members of VLAN44, it does not appear in this listing. Figure B-15. Example of VLAN Listing for Specific Ports Listing Individual VLAN Status. Figure B-16.
PAGE 429
Monitoring and Analyzing Switch Operation Status and Counters Data Web Browser Interface Status Information The “home” screen for the web browser interface is the Status Overview screen, as shown below. As the title implies, it provides an overview of the status of the switch, including summary graphs indicating the network utilization on each of the switch ports, symbolic port status indicators, and the Alert Log, which informs you of any problems that may have occurred on the switch.
PAGE 430
Monitoring and Analyzing Switch Operation Traffic Mirroring Traffic Mirroring Mirror Features Feature Mirror CLI Quick Reference Default n/a Menu CLI n/a B-34 Configure Mirror Source disabled page B-29 page B-35 Configure Mirror Destination at Source disabled page B-29 page B-35 n/a page B-29 page B-38 Display Mirror Configuration Traffic mirroring (Intelligent Mirroring) allows you to mirror (send a copy of) network traffic received or transmitted on a switch interface to a local destinatio
PAGE 431
Monitoring and Analyzing Switch Operation Traffic Mirroring ■ All traffic: Monitors all traffic entering or leaving the switch on one or more interfaces (inbound and outbound). Mirroring Terminology Figure B-18 shows an example of the terms used to describe the configuration of a sample local mirroring session: ■ In the local session, inbound traffic entering Switch A is monitored on port C2 and mirrored to a destination (host), traffic analyzer 1, through exit port A15 on the switch.
PAGE 432
Monitoring and Analyzing Switch Operation Traffic Mirroring Caution An exit port should be connected only to a network analyzer, IDS, or other network edge device that has no connection to other network resources. Connecting a mirroring exit port to a network can result in serious network performance problems, and is strongly discouraged by ProCurve Networking. Host: Used in this chapter to refer to a traffic analyzer or intrusion detection system (IDS). IDS: Intrusion Detection System.
PAGE 433
Monitoring and Analyzing Switch Operation Traffic Mirroring Mirrored Traffic Destinations Local Destinations A local mirrored traffic destination is a port on the same switch as the source of the traffic being mirrored. Caution Configuring a mirroring source switch with the destination and traffic selection criteria for a given mirroring session causes the switch to immediately begin mirroring traffic to that destination.
PAGE 434
Monitoring and Analyzing Switch Operation Traffic Mirroring Mirroring Configuration Table B-1 shows the different types of mirroring that you can configure using the CLI, Menu, and SNMP interfaces. Table B-1.
PAGE 435
Monitoring and Analyzing Switch Operation Traffic Mirroring Configuration Notes Using the CLI, you can configure all mirroring options on a switch. Using the Menu or Web interface, you can configure session 1 local mirroring for traffic in both directions on specified interfaces.
PAGE 436
Monitoring and Analyzing Switch Operation Traffic Mirroring Using the Menu or Web Interface To Configure Local Mirroring Menu and Web Interface Limits The Menu and Web interfaces can be used to quickly configure or reconfigure local mirroring on session 1, and allow the following mirroring source option: ■ any combination of source port(s), and/or trunk(s) The Menu and Web interfaces also have these limits: ■ Configure and display session 1 as a local mirroring session for traffic in both directions on
PAGE 437
Monitoring and Analyzing Switch Operation Traffic Mirroring Configuration Steps Notes If mirroring has already been enabled on the switch, the Menu screens will appear differently than shown in this section. 1. From the Main Menu, select: 2. Switch Configuration... 3. Network Monitoring Port Switch Configuration - Network Monitoring Port Monitoring Enabled [No] : No Actions-> Cancel Edit Enable mirroring by setting this parameter to “Yes”. Save Help Select whether to enable traffic monitoring.
PAGE 438
Monitoring and Analyzing Switch Operation Traffic Mirroring Switch Configuration - Network Monitoring Port Move the cursor to the Monitoring Port parameter, then use the Space bar to select the local exit port.
PAGE 439
Monitoring and Analyzing Switch Operation Traffic Mirroring Switch Configuration - Network Monitoring Port Monitoring Enabled [No] : Yes Monitoring Port : D5 Monitor : Ports Port ---D1 D2 D3 D4 D5 D6 D7 D8 Type --------1000X 1000X 1000X 1000X 1000X 1000X 1000X 1000X Actions-> Action + ------| | | | | | | | Cancel Edit | | | | | | | | | | Use the down arrow key to select the interface(s) whose traffic you want to mirror to the local exit port.
PAGE 440
Monitoring and Analyzing Switch Operation Traffic Mirroring CLI: Configuring Local Mirroring Command Page Quick Reference Local Mirroring Commands B-34 Configuring a Local Mirroring Destination On the local switch: mirror < session > port < exit-port > B-35 Configuring Monitored Traffic1 interface < port/trunk > monitor B-36 Display Commands show monitor B-38 Mirroring Examples B-41 Maximum Frame Size B-42 Operating Notes B-45 Using the CLI, you can configure a mirroring session for a desti
PAGE 441
Monitoring and Analyzing Switch Operation Traffic Mirroring 1. Determine the session and local destination port: • Session number (1-4) and (optional) alphanumeric name • Exit port (any port on the switch except a monitored interface used to mirror traffic) 2. Enter the mirror < session-# > [ name < session-name >] port < port-# > command to configure the session. 3.
PAGE 442
Monitoring and Analyzing Switch Operation Traffic Mirroring 1. Determine the Mirroring Session and Destination For a Local Mirroring Session. Determine the port number for the exit port (such as A5, B10, etc.), then go to “3. Configure the Monitored Traffic in a Mirror Session” on page B-35. 2. Configure a Mirroring Session on the Source Switch To configure local mirroring, only a session number and exit port number are required.
PAGE 443
Monitoring and Analyzing Switch Operation Traffic Mirroring Traffic Selection Options To configure traffic mirroring, you must specify the source interface, traffic direction, and criteria to be used to select the traffic to be mirrored using the following options: ■ Interface type • Port and/or trunk • Switch (global configuration level) Mirroring-Source Restrictions In a mirroring session, you can configure any of the following sources of mirrored traffic: ■ Multiple port and trunk interfaces Sele
PAGE 444
Monitoring and Analyzing Switch Operation Traffic Mirroring This command assigns a mirroring source to a previously configured mirroring session on a source switch. It specifies the port and/or trunk source(s) to use, the direction of traffic to mirror, and the session identifier. The no form of the command removes a mirroring source assigned to the session, but does not remove the session itself.
PAGE 445
Monitoring and Analyzing Switch Operation Traffic Mirroring Displaying a Mirroring Configuration Displaying the Mirroring Configuration Summary Use the show monitor command to display information on the currently configured status, traffic-selection criteria, and number of monitored interfaces in each mirroring session on a switch. Local Mirroring Source: • Session 1 is performing local mirroring using a classifier-based policy for traffic-selection criteria. • Sessions 2, 3, and 4 are not configured.
PAGE 446
Monitoring and Analyzing Switch Operation Traffic Mirroring Syntax: show monitor Policy: Indicates whether the source is using a classifier-based mirroring policy to select inbound IPv4 or IPv6 traffic for mirroring.
PAGE 447
Monitoring and Analyzing Switch Operation Traffic Mirroring Viewing Mirroring in the Current Configuration File Using the show run command, you can view the current mirroring configuration on the switch. Source mirroring session entries begin with the mirror keyword and the mirroring sources are listed per-interface. For example: ProCurve(config)# show run Running configuration: ; 498358-B21 Configuration Editor; Created on release #Z.14.04 max-vlans 300 ip access-list extended "100" 10 permit icmp 0.0.0.
PAGE 448
Monitoring and Analyzing Switch Operation Traffic Mirroring Mirroring Configuration Examples Local Mirroring Using Traffic-Direction Criteria Example of Local Mirroring Configuration. An administrator wants to mirror the inbound traffic from workstation “X” on port A5 and workstation “Y” on port B17 to a traffic analyzer connected to port C24. In this case, the administrator chooses “1” as the session number. (Any unused session number from 1 to 4 is valid.
PAGE 449
Monitoring and Analyzing Switch Operation Traffic Mirroring Maximum Supported Frame Size The IPv4 encapsulation of mirrored traffic adds a 54-byte header to each mirrored frame. If a resulting frame exceeds the MTU (Maximum Transmission Unit) allowed in the network, the frame is dropped. Note Mirroring does not truncate frames, and oversized mirroring frames will be dropped.
PAGE 450
Monitoring and Analyzing Switch Operation Traffic Mirroring Enabling Jumbo Frames To Increase Mirroring Path MTU On 1 Gbps and 10 Gbps ports in the mirroring path, you can reduce the number of dropped frames by enabling jumbo frames on all intermediate switches and routers. (The maximum transmission unit—MTU—on the switches covered by this manual is 9220 bytes for frames having an 802.1Q VLAN tag, and 9216 bytes for untagged frames.
PAGE 451
Monitoring and Analyzing Switch Operation Traffic Mirroring Effect of Downstream VLAN Tagging on Untagged, Mirrored Traffic In a mirroring application, if mirrored traffic leaves the switch without 802.1Q VLAN tagging, but is forwarded through a downstream device that adds 802.1Q VLAN tags, then the MTU for untagged, mirrored frames leaving the source switch is reduced below the values shown in table B-2.
PAGE 452
Monitoring and Analyzing Switch Operation Traffic Mirroring Operating Notes ■ Mirroring Dropped Traffic: Where an interface is configured to mirroring traffic to a destination, it does so regardless of whether the traffic is dropped while on the interface. ■ Mirroring and Spanning Tree: Mirroring is done regardless of the spanning-tree (STP) state of a port or trunk.
PAGE 453
Monitoring and Analyzing Switch Operation Traffic Mirroring ports B5, B6, and B7 is being mirrored through port B7 to a network analyzer, the mirrored frames from traffic on ports B5 and B6 will not be mirrored a second time as they pass through port B7. B-46 ■ Switch Operation as Both Destination and Source: A switch configured as remote destination switch can also be configured to mirror traffic to one of its own ports (local mirroring).
PAGE 454
Monitoring and Analyzing Switch Operation Traffic Mirroring Troubleshooting Mirroring Mirrored traffic does not reach configured remote destination switch or remote exit port. Caution • For a given mirroring session, the mirror command parameters configured on the source switch for source IP address, source UDP port, and destination IP address must be identical to their counterparts in the mirror endpoint command configured on the destination switch.
PAGE 455
C Troubleshooting Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-4 Troubleshooting Approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-5 Browser or Telnet Access Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . C-7 Unusual Network Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-9 General Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 456
Troubleshooting Contents Using Log Throttling to Reduce Duplicate Event Log and SNMP Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-33 Log Throttle Periods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-34 Example of Log Throttling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-34 Example of Event Counter Operation . . . . . . . . . . . . . . . . . . . . . C-36 Debug/Syslog Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 457
Troubleshooting Contents Customizing show tech Command Output . . . . . . . . . . . . . . . . . C-69 CLI: Viewing More Information on Switch Operation . . . . . . . . . . . C-72 Pattern Matching When Using the Show Command . . . . . . . . . C-73 CLI: Useful Commands for Troubleshooting Sessions . . . . . . . . . . . C-76 Restoring the Factory-Default Configuration . . . . . . . . . . . . . . . . . C-77 CLI: Resetting to the Factory-Default Configuration . . . . . . . . . . . .
PAGE 458
Troubleshooting Overview Overview This appendix addresses performance-related network problems that can be caused by topology, switch configuration, and the effects of other devices or their configurations on switch operation. (For switch-specific information on hardware problems indicated by LED behavior, cabling requirements, and other potential hardware-related problems, refer to the Installation and Getting Started Guide you received with the switch.
PAGE 459
Troubleshooting Troubleshooting Approaches Troubleshooting Approaches Use these approaches to diagnose switch problems: ■ Check the HP support web site for software updates that may have solved your problem: www.hp.com/#support ■ Check the switch LEDs for indications of proper switch operation: • Each switch port has a Link LED that should light whenever an active network device is connected to the port.
PAGE 460
Troubleshooting Troubleshooting Approaches ■ C-6 For the downlink and ISL ports, troubleshooting can be done from the OA Web interface. These ports are controlled from both the OA and the switch configuration. A port state is a combination of OA Enable/Disable state and the switch Enable/Disable state. The port is not Enabled until both the OA and the switch agree that it is Enabled.
PAGE 461
Troubleshooting Browser or Telnet Access Problems Browser or Telnet Access Problems Cannot access the web browser interface: ■ Access may be disabled by the Web Agent Enabled parameter in the switch console. Check the setting on this parameter by selecting: 2. Switch Configuration … 1. System Information ■ The switch may not have the correct IP address, subnet mask or gateway. Verify by connecting a console to the switch’s Console port and selecting: 2. Switch Configuration … 5.
PAGE 462
Troubleshooting Browser or Telnet Access Problems Cannot Telnet into the switch console from a station on the network: ■ Telnet access may be disabled by the Inbound Telnet Enabled parameter in the System Information screen of the menu interface: 2. Switch Configuration 1. System Information ■ The switch may not have the correct IP address, subnet mask, or gateway. Verify by connecting a console to the switch’s Console port and selecting: 2. Switch Configuration 5.
PAGE 463
Troubleshooting Unusual Network Activity Unusual Network Activity Network activity that fails to meet accepted norms may indicate a hardware problem with one or more of the network components, possibly including the switch. Such problems can also be caused by a network loop or simply too much traffic for the network as it is currently designed and implemented.
PAGE 464
Troubleshooting Unusual Network Activity This can also happen, for example, if the server is first configured to issue IP addresses with an unlimited duration, then is subsequently configured to issue IP addresses that will expire after a limited duration. One solution is to configure “reservations” in the DHCP server for specific IP addresses to be assigned to devices having specific MAC addresses. For more information, refer to the documentation for the DHCP server.
PAGE 465
Troubleshooting Unusual Network Activity IP Multicast Traffic Floods Out All Ports; IGMP Does Not Appear To Filter Traffic. The IGMP feature does not operate if the switch or VLAN does not have an IP address configured manually or obtained through DHCP/Bootp. To verify whether an IP address is configured for the switch or VLAN, do either of the following: ■ Try Using the Web Browser Interface: If you can access the web browser interface, then an IP address is configured.
PAGE 466
Troubleshooting Unusual Network Activity The switch does not receive a response to RADIUS authentication requests. In this case, the switch will attempt authentication using the secondary method configured for the type of access you are using (console, Telnet, or SSH). There can be several reasons for not receiving a response to an authentication request. Do the following: ■ Use ping to ensure that the switch has access to the configured RADIUS servers.
PAGE 467
Troubleshooting Unusual Network Activity The supplicant statistics listing shows multiple ports with the same authenticator MAC address. The link to the authenticator may have been moved from one port to another without the supplicant statistics having been cleared from the first port. Refer to “Note on Supplicant Statistics” in the chapter on Port-Based and User-Based Access Control in the Access Security Guide for your switch.
PAGE 468
Troubleshooting Unusual Network Activity Global RADIUS Encryption Key Unique RADIUS Encryption Key for the RADIUS server at 10.33.18.119 Figure C-2. Displaying Encryption Keys Also, ensure that the switch port used to access the RADIUS server is not blocked by an 802.1X configuration on that port. For example, show portaccess authenticator < port-list > gives you the status for the specified ports. Also, ensure that other factors, such as port security or any 802.
PAGE 469
Troubleshooting Unusual Network Activity Radius-Related Problems The switch does not receive a response to RADIUS authentication requests. In this case, the switch will attempt authentication using the secondary method configured for the type of access you are using (console, Telnet, or SSH). There can be several reasons for not receiving a response to an authentication request. Do the following: ■ Use ping to ensure that the switch has access to the configured RADIUS server.
PAGE 470
Troubleshooting Unusual Network Activity Spanning-Tree Protocol (MSTP) and Fast-Uplink Problems Caution If you enable MSTP, it is recommended that you leave the remainder of the MSTP parameter settings at their default values until you have had an opportunity to evaluate MSTP performance in your network. Because incorrect MSTP settings can adversely affect network performance, you should avoid making changes without having a strong understanding of how MSTP operates.
PAGE 471
Troubleshooting Unusual Network Activity SSH-Related Problems Switch access refused to a client. Even though you have placed the client’s public key in a text file and copied the file (using the copy tftp pub-keyfile command) into the switch, the switch refuses to allow the client to have access. If the source SSH client is an SSHv2 application, the public key may be in the PEM format, which the switch (SSHv1) does not interpret.
PAGE 472
Troubleshooting Unusual Network Activity Switch does not detect a client’s public key that does appear in the switch’s public key file (show ip client-public-key). The client’s public key entry in the public key file may be preceded by another entry that does not terminate with a new line (CR). In this case, the switch interprets the next sequential key entry as simply a comment attached to the preceding key entry.
PAGE 473
Troubleshooting Unusual Network Activity TACACS-Related Problems Event Log. When troubleshooting TACACS+ operation, check the switch’s Event Log for indications of problem areas. All Users Are Locked Out of Access to the Switch. If the switch is functioning properly, but no username/password pairs result in console or Telnet access to the switch, the problem may be due to how the TACACS+ server and/or the switch are configured.
PAGE 474
Troubleshooting Unusual Network Activity ■ The encryption key configured in the server does not match the encryption key configured in the switch (by using the tacacs-server key command). Verify the key in the server and compare it to the key configured in the switch. (Use show tacacs-server to list the global key. Use show config or show config running to list any server-specific keys.) ■ The accessible TACACS+ servers are not configured to provide service to the switch.
PAGE 475
Troubleshooting Unusual Network Activity TimeP, SNTP, or Gateway Problems The Switch Cannot Find the Time Server or the Configured Gateway . TimeP, SNTP, and Gateway access are through the primary VLAN, which in the default configuration is the DEFAULT_VLAN. If the primary VLAN has been moved to another VLAN, it may be disabled or does not have ports assigned to it. VLAN-Related Problems Monitor Port.
PAGE 476
Troubleshooting Unusual Network Activity Link supporting VLAN_1 and VLAN_2 Switch “X” Port X-3 Switch “Y” Port Y- 7 VLAN Port Assignment VLAN Port Assignment Port VLAN_1 Port VLAN_1 X-3 VLAN_2 Untagged Tagged Y-7 VLAN_2 Untagged Tagged Figure C-4. Example of Correct VLAN Port Assignments on a Link 1. If VLAN_1 (VID=1) is configured as “Untagged” on port 3 on switch “X”, then it must also be configured as “Untagged” on port 7 on switch “Y”.
PAGE 477
Troubleshooting Unusual Network Activity Server MAC Address “A”; VLAN 1 MAC Address “A”; VLAN 2 8212zl Switch (Multiple Forwarding Database) VLAN 1 VLAN 2 Switch with Single Forwarding Database Problem: This switch detects continual moves of MAC address “A” between ports. Figure C-5.
PAGE 478
Troubleshooting Using the Event Log for Troubleshooting Switch Problems Using the Event Log for Troubleshooting Switch Problems The Event Log records operating events in single- or double-line entries and serves as a tool to isolate and troubleshoot problems. Starting in software release K.13.xx, the maximum number of entries supported in the Event Log is increased from 1000 to 2000 entries. Entries are listed in chronological order, from the oldest to the most recent.
PAGE 479
Troubleshooting Using the Event Log for Troubleshooting Switch Problems D (debug) is reserved for ProCurve internal diagnostic information. Date is the date in the format mm/dd/yy when an entry is recorded in the log. Time is the time in the format hh:mm:ss when an entry is recorded in the log. Event Number is the number assigned to an event. You can turn event numbering on and off with the [no] log-number command.
PAGE 480
Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Module Description Documented in ProCurve Hardware/ Software guide cos Class of Service (CoS): Provides priority handling of packets Advanced Traffic Management Guide traversing the switch, based on the IEEE 802.1p priority carried by each packet. CoS messages also include Quality of Service (QoS) events.
PAGE 481
Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Module Description Documented in ProCurve Hardware/ Software guide igmp Internet Group Management Protocol: Reduces unnecessary Multicast and Routing Guide bandwidth usage for multicast traffic transmitted from multimedia applications on a per-port basis.
PAGE 482
Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Module Description Documented in ProCurve Hardware/ Software guide maclock Access Security Guide MAC lockdown and MAC lockout • MAC lockdown prevents station movement and MAC address “hijacking” by requiring a MAC address to be used only an assigned port on the switch. MAC Lockdown also restricts the client device to a specific VLAN.
PAGE 483
Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Module Description Documented in ProCurve Hardware/ Software guide stp Advanced Traffic Management Guide Multiple-instance spanning tree protocol/MSTP (802.1s): Ensures that only one active path exists between any two nodes in a group of VLANs in the network. MSTP operation is designed to avoid loops and broadcast storms of duplicate messages that can bring down the network.
PAGE 484
Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Module Description Documented in ProCurve Hardware/ Software guide vlan Static 802.1Q VLAN operations, including port-and protocol- Advanced Traffic Management Guide based configurations that group users by logical function instead of physical location • A port -based VLAN creates a layer-2 broadcast domain comprised of member ports that bridge IPv4 traffic among themselves.
PAGE 485
Troubleshooting Using the Event Log for Troubleshooting Switch Problems Menu: Displaying and Navigating in the Event Log To display the Event Log from the Main Menu, select Event Log. Figure C-6 shows a sample event log display. ProCurve Switch 5406zl 25-Oct-2007 18:02:52 ==========================-CONSOLE - MANAGER MODE -============================ M 10/25/07 16:30:02 sys: 'Operator cold reboot from CONSOLE session.
PAGE 486
Troubleshooting Using the Event Log for Troubleshooting Switch Problems Key Action [^] Rolls back display by one event (up one line). [E] Advances to the end of the log. [H] Displays Help for the Event Log. CLI: Displaying the Event Log To display messages recorded in the event log from the CLI, enter the show logging command. Keyword searches are supported.
PAGE 487
Troubleshooting Using the Event Log for Troubleshooting Switch Problems To redisplay all hidden entries, including Event Log entries recorded prior to the last reboot, enter the show logging -a command. Syntax: clear logging Removes all entries from the event log display output.
PAGE 488
Troubleshooting Using the Event Log for Troubleshooting Switch Problems Log Throttle Periods The length of the log throttle period differs according to an event’s severity level: Severity Level Log Throttle Period I (Information) 6000 Seconds W (Warning) 600 Seconds D (Debug) 60 Seconds M (Major) 6 Seconds Example of Log Throttling For example, suppose that you configure VLAN 100 on the switch to support PIM operation, but do not configure an IP address.
PAGE 489
Troubleshooting Using the Event Log for Troubleshooting Switch Problems If PIM operation caused the same event to occur six more times during the initial log throttle period, there would be no further entries in the Event Log. However, if the event occurred again after the log throttle period expired, the switch would repeat the message (with an updated counter) and start a new log throttle period. This message indicates the original instance of the event (since the last switch reboot).
PAGE 490
Troubleshooting Using the Event Log for Troubleshooting Switch Problems Example of Event Counter Operation Suppose the switch detects the following after a reboot: ■ Three duplicate instances of the PIM “Send error” during the first log throttle period for this event ■ Five more instances of the same Send error during the second log throttle period for this event ■ Four instances of the same Send error during the third log throttle period for this event In this case, the duplicate message would appea
PAGE 491
Troubleshooting Debug/Syslog Operation Debug/Syslog Operation While the Event Log records switch-level progress, status, and warning messages on the switch, the Debug/System Logging (Syslog) feature provides a way to record Event Log and debug messages on a remote device. For example, you can send messages about routing misconfigurations and other network protocol details to an external device, and later use them to debug network-level problems.
PAGE 492
Troubleshooting Debug/Syslog Operation A Debug/Syslog destination device can be a Syslog server and/or a console session. You can configure debug and logging messages to be sent to: ■ Up to six Syslog servers ■ A CLI session through a direct RS-232 console connection, or a Telnet or SSH session Debug/Syslog Configuration Commands Event Notification Logging logging Command debug Command — Enables Syslog messaging to be sent to the specified IP address.
PAGE 493
Troubleshooting Debug/Syslog Operation ipv6 dhcpv6-client: Sends DHCPv6 client debug messages to the configured debug destination. nd: Sends IPv6 debug messages for IPv6 neighbor discovery to the configured debug destination(s). packet: Sends IPv6 packet messages to the debug destination(s). lldp Sends LLDP debug logging to the debug destination(s). ssh Sends SSH debug messages at the specified level to the debug destination. The levels are fatal, error, info, verbose, debug, debug2, and debug3.
PAGE 494
Troubleshooting Debug/Syslog Operation b. 2. 3. Re-enter the logging command in Step “a” to configure additional Syslog servers. You can configure up to a total of six servers. (When multiple server IP addresses are configured, the switch sends the debug message types that you configure in Step 3 to all IP addresses.) To use a CLI session on a destination device for debug messaging: a. Set up a serial, Telnet, or SSH connection to access the switch’s CLI. b.
PAGE 495
Troubleshooting Debug/Syslog Operation Caution If you configure a severity-level, system-module, logging destination, or logging facility value and save the settings to the startup configuration (for example, by entering the write memory command), the debug settings are saved after a system reboot (power cycle or reboot) and re-activated on the switch.
PAGE 496
Troubleshooting Debug/Syslog Operation messages sent to the Syslog server, specify a set of messages by entering the logging severity and logging system-module commands. ProCurve(config)# show debug Debug Logging Destination: None Enabled debug types: None are enabled Displays the default debug configuration. (No Syslog server IP addresses or debug types are configured.) ProCurve(config)# logging 10.28.38.
PAGE 497
Troubleshooting Debug/Syslog Operation Example. The next example shows how to configure: ■ Debug logging of IP-OSPF packet messages on a Syslog server at 18.38.64.164 (with user as the default logging facility). ■ Display of these messages in the CLI session of your terminal device’s management access to the switch. ■ Blocking Event Log messages from being sent from the switch to the Syslog server and a CLI session.
PAGE 498
Troubleshooting Debug/Syslog Operation ProCurve# config ProCurve(config)# logging 10.38.64.164 ProCurve(config)# show debug Debug Logging Destination: Logging -10.38.64.164 Facility=user Severity=debug System module=all-pass Enabled debug types: event Configure a Syslog server IP address. (No other Syslog servers are configured on the switch.) The server address serves as an active debug destination for any configured debug types.) Display the new debug configuration.
PAGE 499
Troubleshooting Debug/Syslog Operation Debug Command At the manager level, use the debug command to perform two main functions: ■ Specifies the types of event messages to be sent to an external destination. ■ Specifies the destinations to which selected message types are sent. By default, no debug destination is enabled and only Event Log messages are enabled to be sent. Note To configure a Syslog server, use the logging command.
PAGE 500
Troubleshooting Debug/Syslog Operation ip [ ospf < adj | event | flood | lsa-generation | packet [ packet-type ] | retransmission | spf > ] For the configured debug destination(s): ospf < adj | event | flood | lsa-generation | packet [ packet-type ] | retransmission | spf > — Enables the specified IP-OSPF message type. adj — Adjacency changes. event — OSPF events. flood — Information on flood messages. lsa-generation — New LSAs added to database.
PAGE 501
Troubleshooting Debug/Syslog Operation Debug Destinations Use the debug destination command to enable (and disable) Syslog messaging on a Syslog server or to a CLI session for specified types of debug and Event Log messages. Syntax: [no] debug destination < logging | session | buffer | debug-console> logging Enables Syslog logging to configured Syslog servers so that the debug message types specified by the debug command (see “Debug Messages” on page C-45) are sent.
PAGE 502
Troubleshooting Debug/Syslog Operation Logging Command At the global configuration level, the logging command allows you to enable debug logging on specified Syslog servers and select a subset of Event Log messages to send for debugging purposes according to: ■ Severity level ■ System module By specifying both a severity level and system module, you can use both configured settings to filter the Event Log messages you want to use to troubleshoot switch or network error conditions.
PAGE 503
Troubleshooting Debug/Syslog Operation Configuring a Syslog Server Syslog is a client-server logging tool that allows a client switch to send event notification messages to a networked device operating with Syslog server software. Messages sent to a Syslog server can be stored to a file for later debugging analysis. To use the Syslog feature, you must install and configure a Syslog server application on a networked host accessible to the switch.
PAGE 504
Troubleshooting Debug/Syslog Operation Syntax: [no] logging < syslog-ip-addr > [oobm] Enables or disables Syslog messaging to the specified IP address. You can configure up to six addresses. If you configure an address when none are already configured, this command enables destination logging (Syslog) and the Event debug type. Therefore, at a minimum, the switch begins sending Event Log messages to configured Syslog servers.
PAGE 505
Troubleshooting Debug/Syslog Operation To disable Syslog logging on the switch without deleting configured server addresses, enter the no debug destination logging command. Note that, unlike the case in which no Syslog servers are configured, if one or more Syslog servers are already configured and Syslog messaging is disabled, configuring a new server address does not re-enable Syslog messaging. To reenable Syslog messaging, you must enter the debug destination logging command.
PAGE 506
Troubleshooting Debug/Syslog Operation The CLI command is: Syntax: logging control-descr ] no logging [control-descr] An optional user-friendly description that can be associated with a server IP address. If no description is entered, this is blank. If contains white space, use quotes around the string. IPv4 addresses only. Use the no form of the command to remove the description.
PAGE 507
Troubleshooting Debug/Syslog Operation ProCurve(config)# logging priority-descr severe-pri Figure C-10. Example of the Logging Command with a Priority Description Note A notification is sent to the SNMP agent if there are any changes to the syslog parameters either through the CLI or with SNMP.
PAGE 508
Troubleshooting Debug/Syslog Operation Configuring the System Module Used to Select the Event Log Messages Sent to a Syslog Server Event Log messages contain the name of the system module that reported the event. Using the logging system-module command, you can select a set of Event Log messages according to the originating system module and send them to a Syslog server. To configure a Syslog server, see “Configuring a Syslog Server” on page C-49.
PAGE 509
Troubleshooting Debug/Syslog Operation ■ Debug Option Effect of a Reboot or Reset All (debug type) Disabled. event (debug type) If a Syslog server IP address is configured in the startupconfig file, the sending of Event Log messages is reset to enabled, regardless of the last active setting. If no Syslog server is configured, the sending of Event Log messages is disabled. IP (debug type) Disabled. Debug commands do not affect normal message output to the Event Log.
PAGE 510
Troubleshooting Diagnostic Tools Diagnostic Tools Diagnostic Features Feature C-56 Default Menu CLI Web Port Auto negotiation n/a — — — Ping test n/a — page C-59 page C-58 Link test n/a — page C-59 page C-58 Traceroute operation n/a — page C-61 View switch configuration files n/a — page C-65 View switch (show tech) operation n/a — page C-65 — View crash information and command history n/a — page C-71 — View system information and software version n/a — page C-71 —
PAGE 511
Troubleshooting Diagnostic Tools Port Auto-Negotiation When a link LED does not light (indicating loss of link between two devices), the most common reason is a failure of port auto-negotiation between the connecting ports. If a link LED fails to light when you connect the switch to a port on another device, do the following: 1. Ensure that the switch port and the port on the attached end-node are both set to Auto mode. 2.
PAGE 512
Troubleshooting Diagnostic Tools Web: Executing Ping or Link Tests 1. Click here. 2. Click here. 3. Select Ping Test (the default) or Link Test 4. For a Ping test, enter the IP address of the target device. For a Link test, enter the MAC address of the target device. 6. Click on Start to begin the test. 5. Select the number of tries (packets) and the timeout for each try from the drop-down menus. Figure C-11.
PAGE 513
Troubleshooting Diagnostic Tools Number of Packets to Send is the number of times you want the switch to attempt to test a connection. Timeout in Seconds is the number of seconds to allow per attempt to test a connection before determining that the current attempt has failed. To halt a Link or Ping test before it concludes, click on the Stop button. To reset the screen to its default settings, click on the Defaults button.
PAGE 514
Troubleshooting Diagnostic Tools source Source IP address, VLAN ID, or oobm. The source IP address must be owned by the router. If a VLAN is specified, the IP address associated with the specified VLAN is used. For switches that have a separate out-of-band management (OOBM) port, oobm specifies that the traffic originates from the out-of-band management port. data-size <0-65471> Size of packet sent. Default: 0 (zero) data-fill <0-1024> The data pattern in the packet.
PAGE 515
Troubleshooting Diagnostic Tools Syntax: link < mac-address > [repetitions < 1 - 999 >] [timeout < 1 - 256 >] [vlan < vlan-id >] Basic Link Test Link Test with Repetitions Link Test with Repetitions and Timeout Link Test Over a Specific VLAN Link Test Over a Specific VLAN; Test Fail Figure C-13. Example of Link Tests Traceroute Command The traceroute command enables you to trace the route from the switch to a host address.
PAGE 516
Troubleshooting Diagnostic Tools Lists the IP address or hostname of each hop in the route, plus the time in microseconds for the traceroute packet reply to the switch for each hop. To halt an ongoing traceroute search, press the [Ctrl] [C] keys. Note: For information about traceroute6, see the “IPv6 Configuration Guide” for your switch. The IP address or hostname of the device to which to send the traceroute.
PAGE 517
Troubleshooting Diagnostic Tools [source | oobm] The source IP address or VLAN. The source IP address must be owned by the router. If a VLAN is specified, the IP address associated with the specified VLAN is used. For switches that have a separate out-of-band management (OOBM) port, oobm specifies that the traffic originates from the out-ofband management port. A Low Maxttl Causes Traceroute To Halt Before Reaching the Destination Address.
PAGE 518
Troubleshooting Diagnostic Tools If A Network Condition Prevents Traceroute from Reaching the Destination. Common reasons for Traceroute failing to reach a destination include: ■ Timeouts (indicated by one asterisk per probe, per hop; refer to Figure C-15, above.
PAGE 519
Troubleshooting Viewing Switch Configuration and Operation Viewing Switch Configuration and Operation In some troubleshooting scenarios, you may need to view the switch configuration to diagnose a problem. The complete switch configuration is contained in a file that you can browse from either the web browser interface or the CLI using the commands described in this section.
PAGE 520
Troubleshooting Viewing Switch Configuration and Operation ■ Image stamp (software version data) ■ Running configuration ■ Event Log listing ■ Boot History ■ Port settings ■ Status and counters — port status ■ IP routes ■ Status and counters — VLAN information ■ GVRP support ■ Load balancing (trunk and LACP) Figure C-17 shows sample output from the show tech command.
PAGE 521
Troubleshooting Viewing Switch Configuration and Operation Saving show tech Command Output to a Text File When you enter the show tech command, a summary of switch operational data is sent to your terminal emulator. You can use your terminal emulator’s text capture features to save the show tech data to a text file for viewing, printing, or sending to an associate to diagnose a problem.
PAGE 522
Troubleshooting Viewing Switch Configuration and Operation ProCurve# show tech The show tech command output is copied into the text file and displayed on the terminal emulator screen. When the command output stops and displays -- MORE --, press the Space bar to display and copy more information. The CLI prompt appears when the command output finishes. 5. Click on Transfer | Capture Text | Stop in HyperTerminal to stop copying data and save the text file.
PAGE 523
Troubleshooting Viewing Switch Configuration and Operation Syntax: copy show- tech crash-log [slot-id | master]: Includes the crash logs from all management and interface modules in show tech command output. event-log Copies the contents of the Event Log to show tech command output. running-config Includes the contents of the running configuration file in show tech command output. startup-config Includes the contents of the startup configuration file in show tech command output.
PAGE 524
Troubleshooting Viewing Switch Configuration and Operation Syntax: copy show- tech Copies the contents of a configuration file from a serially connected PC or UNIX workstation to show tech command output, where: startup-config: Specifies the name of the startup configuration file on the connected device. config : Specifies the pathname of a configuration file on the connected device. pc | unix: Specifies whether the connected device is a DOSbased PC or UNIX workstation.
PAGE 525
Troubleshooting Viewing Switch Configuration and Operation CLI: Viewing More Information on Switch Operation Use the following commands to display additional information on switch operation for troubleshooting purposes. Syntax: show boot-history Displays the crash information saved for each management module on the switch (see “Displaying Saved Crash Information” in the “Redundancy (Switch 8212zl)” chapter). See also “Example of Traceroute Failing to Reach the Destination Address” on page C-64.
PAGE 526
Troubleshooting Viewing Switch Configuration and Operation Pattern Matching When Using the Show Command The pattern matching option with the show command provides the ability to do searches for specific text. Selected portions of the output are displayed depending on the parameters chosen. Syntax: show | Use matching pattern searches to display selected portions of the output from a show command.
PAGE 527
Troubleshooting Viewing Switch Configuration and Operation ProCurve(config)# show run | exclude ipv6 Running configuration: ; J8697A Configuration Editor; Created on release #K.14.06 hostname "ProCurve Switch 5406zl" module 1 type J8702A module 2 type J8705A snmp-server community "notpublic" Unrestricted vlan 1 name "DEFAULT_VLAN" untagged A1-A24,B1-B20 Displays all lines that don’t contain “ipv6”.
PAGE 528
Troubleshooting Viewing Switch Configuration and Operation ProCurve(config)# show run | begin ipv6 ipv6 enable no untagged B21-B24 Displays the running config beginning at the first line that contains “ipv6”. exit vlan 20 name "VLAN20" untagged B21-B24 ipv6 enable no ip address exit ipv6 access-list "EH-01" sequence 10 deny tcp 2001:db8:255::/48 2001:db8:125::/48 exit no autorun password manager ProCurve(config)# Figure C-22.
PAGE 529
Troubleshooting Viewing Switch Configuration and Operation CLI: Useful Commands for Troubleshooting Sessions Use the following commands in a troubleshooting session to more accurately display the information you need to diagnose a problem. For more information on other CLI practices, refer to chapter 4, “Using the Command Line Interface (CLI)”. Syntax: alias Creates a shortcut alias name for commonly used commands and command options.
PAGE 530
Troubleshooting Restoring the Factory-Default Configuration Restoring the Factory-Default Configuration As part of your troubleshooting process, it may become necessary to return the switch configuration to the factory default settings. This process momentarily interrupts the switch operation, clears any passwords, clears the console Event Log, resets the network counters to zero, performs a complete self test, and reboots the switch into its factory default configuration including deleting an IP address.
PAGE 531
Troubleshooting Restoring a Flash Image 3. When the Self Test LED begins to flash, release the Clear button. The switch will then complete its self test and begin operating with the configuration restored to the factory default settings. Restoring a Flash Image The switch can lose its operating system if either the primary or secondary flash image location is empty or contains a corrupted OS file and an operator uses the erase flash command to erase a good OS image file from the opposite flash location.
PAGE 532
Troubleshooting Restoring a Flash Image Make sure that the switch automatically boots into ROM first. 4. Start the Console Download utility by typing do at the => prompt and pressing [Enter]: => do 5. You will then see this prompt: 6. At the above prompt: a. Type y (for Yes) b. Select Transfer | File in HyperTerminal. c. Enter the appropriate filename and path for the OS image. d. Select the Xmodem protocol (and not the 1k Xmodem protocol). e. Click on [Send].
PAGE 533
Troubleshooting DNS Resolver DNS Resolver The Domain Name System (DNS) resolver is designed for use in local network domains where it enables use of a host name or fully qualified domain name with DNS-compatible switch CLI commands. (At software release K.13.01, the DNS-compatible commands include ping and traceroute.) Beginning with software release K.13.01, DNS operation supports both IPv4 and IPv6 DNS resolution and multiple, prioritized DNS servers.
PAGE 534
Troubleshooting DNS Resolver Basic Operation ■ When the switch is configured with only the IP address of a DNS server available to the switch, then a DNS-compatible command, executed with a fully qualified domain name, can reach a device found in any domain accessible through the configured DNS server.
PAGE 535
Troubleshooting DNS Resolver Note that if the target host is in a domain other than the domain configured on the switch, then: ■ The host’s domain must be reachable from the switch. This requires that the DNS server for the switch must be able to communicate with the DNS server(s) in the path to the domain in which the target host operates.
PAGE 536
Troubleshooting DNS Resolver c. The domain name for an accessible domain in which there are hosts you want to reach with a DNS-compatible command. (This is the domain suffix in the fully qualified domain name for a given host operating in the selected domain. Refer to “Terminology” on page C79.) Note that if a domain suffix is not configured, fully qualified domain names can be used to resolve DNS-compatible commands. d.
PAGE 537
Troubleshooting DNS Resolver Syntax: [no] ip dns domain-name < domain-name-suffix > This optional DNS command configures the domain suffix that is automatically appended to the host name entered with a DNS-compatible command. When the domain suffix and the IP address for a DNS server that can access that domain are both configured on the switch, you can execute a DNS-compatible command using only the host name of the desired target. (For an example, refer to Figure C-25 on page C-80.
PAGE 538
Troubleshooting DNS Resolver Configuring switch “A” with the domain name and the IP address of a DNS server for the domain enables the switch to use host names assigned to IP addresses in the domain to perform ping and traceroute actions on the devices in the domain. To summarize: Entity: Identity: DNS Server IP Address 10.28.229.10 Domain Name (and Domain Suffix for Hosts in the Domain) pubs.outdoors.com Host Name Assigned to 10.28.229.
PAGE 539
Troubleshooting DNS Resolver As mentioned under “Basic Operation” on page C-80, if the DNS entry configured in the switch does not include the domain suffix for the desired target, then you must use the target host’s fully qualified domain name with DNScompatible commands. For example, using the document server in Figure C27 as a target: ProCurve# ping docservr.pubs.outdoors.com 10.28.229.219 is alive, time = 1 ms Target’s Fully Qualified Domain Name ProCurve# traceroute docservr.pubs.outdoors.
PAGE 540
Troubleshooting DNS Resolver Operating Notes C-86 ■ Configuring another IP address for a priority that has already been assigned to an IP address is not allowed. To replace one IP address at a given priority level with another address having the same priority, you must first use the no form of the command to remove the unwanted address. Also, only one instance of a given server address is allowed in the server list.
PAGE 541
Troubleshooting DNS Resolver Event Log Messages Message Meaning DNS server address not configured The switch does not have an IP address configured for the DNS server. DNS server not responding The DNS server failed to respond or is unreachable. An incorrect server IP address can produce this result. Unknown host < host-name > The host name did not resolve to an IP address. Some reasons for this occurring include: • The host name was not found. • The named domain was not found.
PAGE 542
D MAC Address Management Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-2 Determining MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-3 Menu: Viewing the Switch’s MAC Addresses . . . . . . . . . . . . . . . . . . . . D-4 CLI: Viewing the Port and VLAN MAC Addresses . . . . . . . . . . . . . . . . D-5 Viewing the MAC Addresses of Connected Devices . . . . . . . . . . . . .
PAGE 543
MAC Address Management Overview Overview The switch assigns MAC addresses in these areas: ■ For management functions, one Base MAC address is assigned to the default VLAN (VID = 1). (All VLANs on the switches covered in this guide use the same MAC address.) ■ For internal switch operations: One MAC address per port (Refer to “CLI: Viewing the Port and VLAN MAC Addresses” on page D-5.) MAC addresses are assigned at the factory.
PAGE 544
MAC Address Management Determining MAC Addresses Determining MAC Addresses MAC Address Viewing Methods Feature Menu CLI Web view switch’s base (default vlan) MAC address n/a and the addressing for any added VLANs D-4 D-5 — view port MAC addresses (hexadecimal format) n/a — D-5 — ■ Note Default Use the menu interface to view the switch’s base MAC address and the MAC address assigned to any VLAN you have configured on the switch.
PAGE 545
MAC Address Management Determining MAC Addresses Menu: Viewing the Switch’s MAC Addresses The Management Address Information screen lists the MAC addresses for: ■ Base switch (default VLAN; VID = 1) ■ Any additional VLANs configured on the switch. Also, the Base MAC address appears on a label on the back of the switch. Note The Base MAC address is used by the first (default) VLAN in the switch.
PAGE 546
MAC Address Management Determining MAC Addresses CLI: Viewing the Port and VLAN MAC Addresses The MAC address assigned to each switch port is used internally by such features as Flow Control and the spanning-tree protocol. Using the walkmib command to determine the MAC address assignments for individual ports can sometimes be useful when diagnosing switch operation.
PAGE 547
MAC Address Management Determining MAC Addresses ProCurve# walkmib ifphysaddress ifPhysAddress.1 = 00 12 79 88 b1 ff ifPhysAddress.2 = 00 12 79 88 b1 fe ifPhysAddress.3 = 00 12 79 88 b1 fd ifPhysAddress.4 = 00 12 79 88 b1 fc ifPhysAddress.49 = 00 12 79 88 b1 cf ifPhysAddress.50 = 00 12 79 88 b1 ce ifPhysAddress.51 = 00 12 79 88 b1 cd ifPhysAddress.52 = 00 12 79 88 b1 cc ifPhysAddress.53 = 00 12 79 88 b1 cb ifPhysAddress.54 = 00 12 79 88 b1 ca ifPhysAddress.55 = 00 12 79 88 b1 c9 ifPhysAddress.
PAGE 548
MAC Address Management Viewing the MAC Addresses of Connected Devices Viewing the MAC Addresses of Connected Devices Syntax: show mac-address [ | mac-addr | Lists the MAC addresses of the devices the switch has detected, along with the number of the specific port on which each MAC address was detected. [ port-list ] Lists the MAC addresses of the devices the switch has detected, on the specified port(s). [ mac-addr ] Lists the port on which the switch detects the specified MAC address.
PAGE 549
E Monitoring Resources Contents Viewing Information on Resource Usage . . . . . . . . . . . . . . . . . . . . . . . E-2 Policy Enforcement Engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-2 When Insufficient Resources Are Available . . . . . . . . . . . . . . . . . . . .
PAGE 550
Monitoring Resources Viewing Information on Resource Usage Viewing Information on Resource Usage The switch allows you to view information about the current usage and availability of resources in the Policy Enforcement engine, including the following software features: ■ QoS through RADIUS authentication designated as “IDM”, with or without the optional identity-driven management (IDM) application ■ Virus throttling (VT) using connection-rate filtering ■ Mirror policies.
PAGE 551
Monitoring Resources When Insufficient Resources Are Available When Insufficient Resources Are Available The switch has ample resources for configuring features and supporting: Note ■ RADIUS-authenticated clients (with or without the optional IDM application) ■ Virus throttling and blocking on individual clients. Virus throttling does not operate on IPv6 traffic.
PAGE 552
F Daylight Savings Time on ProCurve Switches ProCurve switches provide a way to automatically adjust the system clock for Daylight Savings Time (DST) changes. To use this feature you define the month and date to begin and to end the change from standard time.
PAGE 553
Daylight Savings Time on ProCurve Switches Middle Europe and Portugal: • Begin DST at 2am the first Sunday on or after March 25th. • End DST at 2am the first Sunday on or after September 24th. Southern Hemisphere: • Begin DST at 2am the first Sunday on or after October 25th. • End DST at 2am the first Sunday on or after March 1st. Western Europe: • Begin DST at 2am the first Sunday on or after March 23rd. • End DST at 2am the first Sunday on or after October 23rd.
PAGE 554
Daylight Savings Time on ProCurve Switches Before configuring a “User defined” Daylight Time Rule, it is important to understand how the switch treats the entries. The switch knows which dates are Sundays, and uses an algorithm to determine on which date to change the system clock, given the configured “Beginning day” and “Ending day”: ■ If the configured day is a Sunday, the time changes at 2am on that day.
PAGE 555
G Network Out-of-Band Management (OOBM) Contents Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-2 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-5 OOBM and Switch Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-6 Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 556
Network Out-of-Band Management (OOBM) Concepts Concepts Management communications with a managed switch can be either: ■ in band — through the networked data ports of the switch or: ■ out of band — through a dedicated management port (or ports) separate from the data ports Out-of-band ports have typically been serial console ports using DB-9 or specially wired 8-pin modular (RJ-style) connectors.
PAGE 557
Network Out-of-Band Management (OOBM) Concepts management port (networked, out of band) Figure D-1. C-class enclosure OA Management port Out-of-band management (OOBM) operates on a “management plane” that is separate from the “data plane” used by data traffic on the switch and by inband management traffic. That separation means that out-of-band management can continue to function even during periods of traffic congestion, equipment malfunction, or attacks on the network.
PAGE 558
Network Out-of-Band Management (OOBM) Concepts In Band Networked Out Of Band Directly connected Networked Advantages allows centralized management not affected by events on data network, shows boot sequence not affected by events on data network; allows centralized management; allows improved security Disadvantages can be affected by events on data network; does not show boot sequence requires PC to directly connect to USB connector; networked terminal server needs to be attached to OA serial port
PAGE 559
Network Out-of-Band Management (OOBM) Concepts Example In a typical data center installation, blade switches in a C-class enclosure connect servers to the data network, while the management port of the OA module in the C-class enclosure connects the switches to a physically and logically separate management network. This allows network administrators to manage the switches even if operation on the data network is disrupted.
PAGE 560
Network Out-of-Band Management (OOBM) Concepts OOBM and Switch Applications The table below shows the switch applications that are supported on the OOBM interface as well as on the data interfaces. In this list, some applications are client-only, some are server-only, and some are both.
PAGE 561
Network Out-of-Band Management (OOBM) Tasks Tasks OOBM Configuration OOBM context OOBM configuration commands can be issued from the global configuration context (config) or from a specific OOBM configuration context (oobm). To enter the OOBM configuration context from the general configuration context, use the oobm command. Syntax: oobm Enters the OOBM context from the general configuration context.
PAGE 562
Network Out-of-Band Management (OOBM) Tasks OOBM enable/disable To enable or disable network OOBM, use the enable or disable command. Network OOBM is enabled by default. Syntax: From the OOBM context: enable disable From the general configuration context: oobm enable oobm disable Enables or disables networked out-of-band-management on the switch. OOBM is not compatible with either a management VLAN or stacking.
PAGE 563
Network Out-of-Band Management (OOBM) Tasks OOBM port enable/disable The OOBM interface command enables or disables the OOBM interface (the OOBM port, as opposed to the OOBM function). Syntax: From the OOBM context: interface [enable | disable] From the general configuration context: oobm interface [enable | disable] Enables or disables the networked OOBM interface (port).
PAGE 564
Network Out-of-Band Management (OOBM) Tasks OOBM IPv4 address configuration Configuring an IPv4 address for the OOBM interface is similar to VLAN IP address configuration, but it is accomplished within the OOBM context. Syntax: From the OOBM context: [no] ip address [dhcp-bootp | ip-address/mask-length] From the general configuration context: [no] oobm ip address [dhcp-bootp | ip-address/mask-length] Configures an IPv4 address for the switch’s OOBM interface.
PAGE 565
Network Out-of-Band Management (OOBM) Tasks OOBM Show Commands The show commands for OOBM are similar to the analogous commands for the data plane. Note that you must always include the oobm parameter to see the information for the OOBM interface, regardless of the context. For instance, even from the OOBM context the show ip command displays the IP configuration for the data plane; to see the IP configuration of the OOBM interface you need to use show oobm ip.
PAGE 566
Network Out-of-Band Management (OOBM) Tasks Show OOBM IP configuration Use show oobm ip to see the IP configuration of the OOBM interface. Syntax: show oobm ip Summarizes the IP configuration of the OOBM interface. This command displays the status of IPv4 (enabled/disabled), the IPv4 default gateway, and the IPv4 address configured for the interface. You can issue this command from any context.
PAGE 567
Network Out-of-Band Management (OOBM) Tasks Application Server Commands Application servers (as described in OOBM and Server Applications in the Concepts section above) have added a listen keyword with oobm|data|both options to specify which interface(s) is(are) active. Default value is both for all servers.
PAGE 568
Network Out-of-Band Management (OOBM) Tasks The show servers command shows the listen mode of the servers.
PAGE 569
Network Out-of-Band Management (OOBM) Tasks Application Client Commands CLI commands for client applications have added the oobm keyword to allow you to specify that the outgoing request be issued from the OOBM interface. If you do not specify the oobm keyword, the request will be issued from the appropriate in-band data interface. Command syntax is: Telnet: telnet [oobm] Management and Configuration Guide, page 7-6 TFTP: copy tftp ... ...
PAGE 570
Network Out-of-Band Management (OOBM) Tasks Example This example shows setup and use of network OOBM using the commands described above. Assume that the figure below describes how you want to set up your data center. Figure D-3. Example data center Assume that you are configuring the switch in the left-hand rack to communicate on both the data and management networks. You might do the following: ■ Configure an IP address on the data network. ■ Verify that out-of-band management is enabled.
PAGE 571
Network Out-of-Band Management (OOBM) Tasks Switch Switch Switch Switch Switch 41# config 41(config)# vlan 1 41(vlan-1)# ip address 10.1.129.7/20 41(vlan-1)# end 41# show oobm Global Configuration OOBM Enabled OOBM Port Type OOBM Interface Status OOBM Port OOBM Port Speed : : : : : Yes 10/100TX Up Enabled Auto Set up IP address on data network. Exit back to manager context. Look at default OOBM configuration. Defaults look appropriate.
PAGE 572
Index Symbols => prompt … C-77 Numerics 802.1X effect, LLDP … 13-76 LLDP blocked … 13-44 802.1X access control authentication failure, SNMP notification … 13-27 SNMP notification of authentication failure … 13-27 See also SNMP.
PAGE 573
broadcast storm … 11-3, C-16 broadcast traffic IPX … 10-5, 10-19 RIP … 10-5, 10-19 browser interface See web browser interface.
PAGE 574
policy, override … 6-32 power cycle … 6-31 primary boot path … 6-29 reboot policy options … 6-26 reboot policy, override … 6-30 reboot process … 6-27 reload … 6-32 rename config file … 6-33 reset … 6-31 running-config file … 6-27 running-config file operation … 6-26 secondary boot path … 6-29 show config file content … 6-30 show multiple files … 6-29 startup-config … 6-26 startup-config file … 6-27 transition to multiple files … 6-27 unable to copy … 6-34 workingConfig … 6-26, 6-27 xmodem from host … 6-40 x
PAGE 575
See also gateway. default settings auto-TFTP, disabled … A-11 banner … 2-9, 2-13 baud rate, speed sense … 7-3 boot flash, primary … 6-19 configuration file name, switch.
PAGE 576
server address, DHCP not used … C-86 server IP address … C-80, C-86 server-address configuration … C-82 three entries supported … C-82 three server entries supported … C-82 traceroute … C-79, C-81, C-84 VLAN, best route selection … C-86 documentation feature matrix … -xxii latest versions … -xxi printed in-box publication … -xxi release notes … -xxi Domain Name Server See DNS.
PAGE 577
H Help for CLI … 1-7, 4-11 for menu interface … 1-6, 3-9, 3-11 for web browser interface … 1-7, 5-13 online, inoperable … 5-13 hop, router … 8-10 HP Auto-MDIX feature … 10-19 web browser interface … 2-6 I IDM resource usage … E-2 resources … E-3 IDS … B-25 IEEE 802.1d … C-16 IEEE P802.
PAGE 578
L LACP 802.
PAGE 579
packet time-to-live … 13-42 packet-forwarding … 13-39, 13-75 packets not forwarded … 13-38 per-port counters … 13-74 port description … 13-53 port ID … 13-52 port speed … 13-54 port trunks … 13-43 port type … 13-52 refresh interval … 13-47 reinitialization delay … 13-49 remote management address … 13-42 remote manager address … 13-52 reset counters … 13-73 rxonly … 13-51 setmib, delay interval … 13-48 setmib, reinit delay … 13-50 show advertisement data … 13-68 show commands … 13-44, 13-46 show outbound adv
PAGE 580
configuration, display … 10-21 operation … 10-19 port mode, display … 10-21 media type, port trunk … 11-3 memory flash … 3-10, 6-3 startup configuration … 3-10 menu interface configuration changes, saving … 3-10 moving to or from the CLI … 4-7 See also console. mesh mirroring … B-23 MIB HP proprietary … 13-5 listing … 13-5 standard … 13-5 mini-USB … 2-2 mirroring 802.
PAGE 581
using MAC addresses … B-26 VLAN … B-31 VLAN rule, exit port … B-47 VLAN tag, frame size … B-43 VLAN tagging … B-45 Web interface … B-28 Web limits … B-29 MLTS … 13-38 module clearing the config … 10-29 CLI command … 10-29 configuring when not inserted … 10-29 pre-configuring … 10-29 remove configuration command … 10-30 monitoring links between ports … 10-31 status and counters screens … B-4 monitoring, traffic See mirroring.
PAGE 582
displaying resource usage … E-2 poll interval See TimeP. port address table … B-14 blocked by UDLD … 10-32 broadcast limit … 10-18 CLI access … 10-8 configuration … 10-1 configuring UDLD … 10-32 context level … 10-16 counters … B-11 counters, reset … B-11 duplex, view … 10-8 enabling UDLD … 10-33 fiber-optic … 10-5 MAC address … D-4, D-5 management … G-2 menu access … 10-6 mirroring See mirroring. mirroring, static LACP trunk … B-28 monitoring See mirroring.
PAGE 583
ProCurve Manager security concerns when deleting public community … 13-6 starting web browser … 5-4 updating switch software … A-24 using Java-enabled browser … 5-5 ProCurve, HP, URL … 13-5 prompt, => … C-77 PSAP … 13-38 PSE … 13-38 Public Safety Answering Point … 13-38 public SNMP community … 13-6, 13-14 Q QoS See Quality of Service.
PAGE 584
username and password … 5-8 web browser access, RADIUS … 5-8 Self Test LED behavior during factory default reset … C-77 serial number … B-6 setmib, delay interval … 13-48 setmib, reinit delay … 13-50 setup screen … 1-8 severity level event log … C-24 selecting Event Log messages for debugging … C-53 SHA authentication … 13-10 show custom option … 10-10 displaying specific output … C-72 exclude option show begin option … C-72 include option … C-72 interfaces brief … 10-8 interfaces config … 10-9 pattern matc
PAGE 585
selecting … 9-3 server priority … 9-14 show management … 9-9 unicast mode … 9-3, 9-11 unicast time polling … 9-25 unicast, deleting addresses … 9-26 unicast, replacing servers … 9-26 viewing … 9-4, 9-8 software See switch software. software image See switch software.
PAGE 586
task monitor … B-8 taskusage -d … B-8 taskUsageShow … B-8 Telnet connecting to switch … 3-4 enable/disable … 7-4 outbound … 7-6 terminate session, kill command … 7-11 troubleshooting access … C-8 telnet domain name address … 7-6 hostname … 7-6 ipv6 address … 7-6 show command … 7-6 switch-num … 7-6 terminal access, lose connectivity … 7-9 terminal type … 7-3 terminate remote session … 7-11 TFTP auto-TFTP … A-11 auto-TFTP feature … A-11 auto-TFTP, disable … A-11, A-14 copy command output … A-31 copy crash dat
PAGE 587
approaches … C-5 browsing the configuration file … C-65 configuring debug destinations … C-38 console access problems … C-7 diagnosing unusual network activity … C-9 diagnostics tools … C-56 displaying switch operation … C-65, C-68 DNS See DNS.
PAGE 588
ID … 4-15 IP addressing with multiple … 8-4 jumbo max frame size … 12-7 link blocked … C-16 MAC address … D-2, D-5 management and jumbo frames … 12-9 management VLAN, resource usage … E-2 management VLAN, SNMP block … 13-3 mirroring … B-3, B-23 multinet … 8-3 multinetting … 8-3, 8-8 multiple … 13-3 multiple IP addresses … 8-3, 8-8 port configuration … C-21 prerequisite, remote mirroring … B-26 primary … 8-3 reboot required … 3-8 same MAC, multiple VLANs … D-6 secure management VLAN, with DNS … C-86 subnet …
PAGE 589
ProCurve 5400zl Switches Installation and Technology for better business outcomes To learn more, visit www.hp.com/go/bladesystem/documentation/ © Copyright 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.