HP ProCurve Switch Software Management and Configuration Guide 3500 switches 3500yl switches 5400zl switches 6200yl switches 6600 switches 8200zl switches Software version K.14.
HP ProCurve 3500 Switches 3500yl Switches 5400zl Switches 6200yl Switch 6600 Switches 8200zl Switches September 2009 K.14.
© Copyright 2005–2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change with out notice. All Rights Reserved. Disclaimer This document contains proprietary information, which is protected by copyright. No part of this document may be photocopied, reproduced, or translated into another language without the prior written consent of HewlettPackard.
Contents Product Documentation About Your Switch Manual Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv Printed Publications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv Electronic Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv Software Feature Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvi 1 Getting Started Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2 Selecting a Management Interface Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Understanding Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Advantages of Using the Menu Interface . . . . . . . . . . . . . . . . . . . . . . . . 2-3 Advantages of Using the CLI . . . . . . . . . . . . . .
4 Using the Command Line Interface (CLI) Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Entering a User Name and Password . . . . . . . . . . . . . . . . . . . . . . 5-11 Using a User Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11 If You Lose the Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11 Online Help for the Web Browser Interface . . . . . . . . . . . . . . . . . . . . 5-12 Support/Mgmt URLs Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13 Support URL . . . . . . . . . . . . . . . . . . .
Rebooting the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-19 Operating Notes about Booting . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-19 Boot and Reload Command Comparison . . . . . . . . . . . . . . . . . . . 6-20 Setting the Default Flash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-21 Booting from the Default Flash (Primary or Secondary) . . . . . . 6-22 Booting from a Specified Flash . . . . . . . . . . . . . . . . . . . . .
7 Interface Access and System Information Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Interface Access: Console/Serial Link, Web, and Inbound Telnet . 7-3 Menu: Modifying the Interface Access . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 CLI: Modifying the Interface Access . . . . . . . . . . . . . . . .
Configuring a Single Source IP Address . . . . . . . . . . . . . . . . . . . . . . . 8-25 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-25 Specifying the Source IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-25 The Source IP Selection Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-26 Displaying the Source IP Interface Information . . . . . . . . . . . . . . . . . 8-29 Error Messages . . . . . . . . . . .
Viewing the Current TimeP Configuration . . . . . . . . . . . . . . . . . . 9-29 Configuring (Enabling or Disabling) the TimeP Mode . . . . . . . . 9-30 SNTP Unicast Time Polling with Multiple SNTP Servers . . . . . . . . 9-35 Displaying All SNTP Server Addresses Configured on the Switch . . 9-35 Adding and Deleting SNTP Server Addresses . . . . . . . . . . . . . . . . . . . 9-36 Menu: Operation with Multiple SNTP Server Addresses Configured . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Transceivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-31 Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-31 Clearing the Module Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-31 Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-32 Uni-Directional Link Detection (UDLD) . . . . . . . . . . . . . . . . . . . . . . 10-33 Configuring UDLD . .
Displaying the Switch’s Global PoE Power Status . . . . . . . . . . . . . 11-19 Displaying PoE Status on All Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-21 Displaying the PoE Status on Specific Ports . . . . . . . . . . . . . . . . . . . 11-23 Planning and Implementing a PoE Configuration . . . . . . . . . . . . . . 11-25 Power Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-25 Assigning PoE Ports to VLANs . . . . . . . . . . . . . . . . . . .
Forwarding Traffic with Distributed Trunking and Spanning Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-32 Forwarding Unicast Traffic Upstream . . . . . . . . . . . . . . . . . . . . 12-32 Forwarding Broadcast, Multicast, and Unknown Traffic Upstream . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-33 Forwarding Unicast Traffic Downstream (to the Server) . . . .
Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-22 GMB Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-22 Impacts of QoS Queue Configuration on GMB Operation . . . . 13-24 Configuring Guaranteed Minimum Bandwidth for Outbound Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-25 Displaying the Current Guaranteed Minimum Bandwidth Configuration . . . . . . . . . .
Menu: Viewing and Configuring non-SNMP version 3 Communities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-13 CLI: Viewing and Configuring SNMP Community Names . . . . 14-15 SNMP Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-17 Supported Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-17 General Steps for Configuring SNMP Notifications . . . . . . . . .
Configuring Support for Port Speed and Duplex Advertisements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-56 LLDP-MED (Media-Endpoint-Discovery) . . . . . . . . . . . . . . . . . . . . . 14-57 LLDP-MED Topology Change Notification . . . . . . . . . . . . . . . . . 14-60 LLDP-MED Fast Start Control . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-62 Advertising Device Capability, Network Policy, PoE Status and Location Data . . . . . . . . . . . . . . . . . . . .
When the Standby Module is not Available . . . . . . . . . . . . . . . . 15-16 Hotswapping In a Management Module . . . . . . . . . . . . . . . . . . . . . . . 15-16 Software Version Mismatch Between Active and Hotswapped Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-16 Downloading a New Software Version . . . . . . . . . . . . . . . . . . . . . . . . 15-17 File Synchronization after Downloading . . . . . . . . . . . . . . . . . . . . . .
Active (Actv) LED Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-40 Standby Led Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-40 Logging Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-41 Log File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-41 Crash Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using USB to Download Switch Software . . . . . . . . . . . . . . . . . A-23 Switch-to-Switch Download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-24 Menu: Switch-to-Switch Download to Primary Flash . . . . . . . . A-25 CLI: Switch-To-Switch Downloads . . . . . . . . . . . . . . . . . . . . . . . A-26 Using PCM+ to Update Switch Software . . . . . . . . . . . . . . . . . . . . . . A-27 Copying Software Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using USB Autorun . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-47 How It Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-47 Security Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-48 Troubleshooting Autorun Operations . . . . . . . . . . . . . . . . . . . . . A-49 Configuring Autorun on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . A-50 Enabling Secure Mode . . . . .
CLI Access for MAC Address Views and Searches . . . . . . . . . . B-22 Spanning Tree Protocol (MSTP) Information . . . . . . . . . . . . . . . . . . B-23 CLI Access to MSTP Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-23 Internet Group Management Protocol (IGMP) Status . . . . . . . . . . . B-24 VLAN Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-25 Web Browser Interface Status Information . . . . . . . . . . . . . . . . . . . .
Selecting Inbound Traffic Using an ACL (Deprecated) . . . . . . . . . . B-62 Selecting Inbound/Outbound Traffic Using a MAC Address . . . . . B-63 Selecting Inbound Traffic Using Advanced Classifier-Based Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-66 Classifier-Based Mirroring Configuration . . . . . . . . . . . . . . . . . . B-67 Viewing a Classifier-Based Mirroring Configuration . . . . . . . . . B-73 Classifier-Based Mirroring Restrictions . . . . . . . . . . . . . . .
IGMP-Related Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-14 LACP-Related Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-14 Mesh-Related Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-15 Port-Based Access Control (802.1X)-Related Problems . . . . . . . . . C-15 QoS-Related Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-18 Radius-Related Problems . . . . . . . .
Adding a Priority Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-58 Configuring the Severity Level for Event Log Messages Sent to a Syslog Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-59 Configuring the System Module Used to Select the Event Log Messages Sent to a Syslog Server . . . . . . . . . . . . . . . . . . . . . . . . C-60 Operating Notes for Debug and Syslog . . . . . . . . . . . . . . . . . . . . . . . C-60 Diagnostic Tools . . . . . . . . . . . . .
Event Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-95 Locator LED (Locating a Switch) . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-96 D MAC Address Management Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-2 Determining MAC Addresses . . . . . . . . . . . . . . .
Show Savepower Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-6 J Network Out-of-Band Management (OOBM) for the 6600 Switch Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-1 Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-2 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Product Documentation About Your Switch Manual Set Note For the latest version of all ProCurve switch documentation, including Release Notes covering recently added features, please visit the ProCurve Networking Web site at www.procurve.com/manuals. Printed Publications The two publications listed below are printed and shipped with your switch. The latest version of each is also available in PDF format on the ProCurve Web site, as described in the Note at the top of this page.
Software Feature Index For the software manual set supporting your 3500/3500yl/5400zl/6200yl/6600/ 8200zl switch model, this feature index indicates which manual to consult for information on a given software feature. Note This Index does not cover IPv6 capable software features. For information on IPv6 protocol operations and features (such as DHCPv6, DNS for IPv6, Ping6, and MLD Snooping), refer to the IPv6 Configuration Guide. Intelligent Edge Software Features.
Intelligent Edge Software Features Manual Management Advanced and Traffic Configuration Management Multicast and Routing Access Security Guide 802.
Intelligent Edge Software Features Manual Management Advanced and Traffic Configuration Management Factory Default Settings X Flow Control (802.
Intelligent Edge Software Features Manual Management Advanced and Traffic Configuration Management Multiple Configuration Files X Network Management Applications (SNMP) X Out-of-Band Management (OOBM) X OpenView Device Management X Multicast and Routing Passwords and Password Clear Protection X ProCurve Manager (PCM) X Ping X Port Configuration X Port Monitoring X Port Security X Port Status X Port Trunking (LACP) X Port-Based Access Control (802.
Intelligent Edge Software Features Manual Management Advanced and Traffic Configuration Management sFlow X SFTP X SNMPv3 X Software Downloads (SCP/SFTP, TFPT, Xmodem) X Multicast and Routing Source-Port Filters Access Security Guide X Spanning Tree (STP, RSTP, MSTP) X SSHv2 (Secure Shell) Encryption X SSL (Secure Socket Layer) X Stacking (3500/3500yl/6200yl/6600 switches only) X Syslog X System Information X TACACS+ Authentication X Telnet Access X TFTP X Time Protocols (Time
Intelligent Edge Software Features Manual Management Advanced and Traffic Configuration Management Web-based Authentication Web UI Multicast and Routing Access Security Guide X X xxxi
xxxii
1 Getting Started Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Command Syntax Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Command Prompts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 Screen Simulations . . . . . . . . . . . . . . . . .
Getting Started Introduction Introduction This guide is intended for use with the following ProCurve switches: ■ 8200zl switches ■ 6600 switches ■ 5400zl switches ■ 3500, 3500yl and 6200yl switches It describes how to use the command line interface (CLI), Menu interface, and web browser to configure, manage, monitor, and troubleshoot switch opera tion. For an overview of product documentation for the above switches, refer to “Product Documentation” on page xiii.
Getting Started Conventions Syntax: aaa port-access authenticator < port-list > Command Prompts In the default configuration, your switch displays a CLI prompt similar to the following example: ProCurve 8212zl# To simplify recognition, this guide uses ProCurve to represent command prompts for all switch models. For example: ProCurve# (You can use the hostname command to change the text in the CLI prompt.) Screen Simulations Displayed Text.
Getting Started Sources for More Information Sources for More Information For information about switch operation and features not covered in this guide, consult the following sources: ■ Note Feature Index—For information on which manual to consult for a given software feature, refer to the “Software Feature Index” on page xiv.
Getting Started Sources for More Information • ■ Advanced Traffic Management Guide—Use this guide for information on topics such as: • ■ ■ ■ file transfers, switch monitoring, troubleshooting, and MAC address management VLANs: Static port-based and protocol VLANs, and dynamic GVRP VLANs • spanning-Tree: 802.1D (STP), 802.1w (RSTP), and 802.
Getting Started Sources for More Information Getting Documentation From the Web To obtain the latest versions of documentation and release notes for your switch, go to the ProCurve Networking manuals web page at www.hp.com/go/ procurve/manuals. Online Help Menu Interface If you need information on specific parameters in the menu interface, refer to the online help provided in the interface. For example: Online Help for Menu Figure 1-2.
Getting Started Sources for More Information Command Line Interface If you need information on a specific command in the CLI, type the command name followed by help. For example: Figure 1-3. Example of CLI Help Web Browser Interface If you need information on specific features in the HP ProCurve Web Browser Interface (hereafter referred to as the “web browser interface”), use the online Help.
Getting Started Need Only a Quick Start? Need Only a Quick Start? IP Addressing If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, ProCurve recommends that you use the Switch Setup screen to quickly configure IP addressing. To do so, do one of the following: ■ Enter setup at the CLI Manager level prompt. Procurve# setup ■ In the Main Menu of the Menu interface, select 8.
Selecting a Management Interface Contents 2 Selecting a Management Interface Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Understanding Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Advantages of Using the Menu Interface . . . . . . . . . . . . . . . . . . . . . . . . 2-3 Advantages of Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 General Benefits . . .
Selecting a Management Interface Overview Overview This chapter describes the following: ■ Management interfaces for the switches covered in this guide ■ Advantages of using each interface Understanding Management Interfaces Management interfaces enable you to reconfigure the switch and to monitor switch status and performance.
Selecting a Management Interface Advantages of Using the Menu Interface To use ProCurve Manager or ProCurve Manager Plus, refer to the Getting Started Guide and the Administrator’s Guide, which are available electron ically with the software for these applications. For more information, visit the ProCurve Networking web site at www.procurve.com. Advantages of Using the Menu Interface Figure 2-1.
Selecting a Management Interface Advantages of Using the CLI ■ Enables Telnet (in-band) access to the menu functionality. ■ Allows faster navigation, avoiding delays that occur with slower display of graphical objects over a web browser interface. ■ Provides more security; configuration information and passwords are not seen on the network.
Selecting a Management Interface Advantages of Using the Web Browser Interface ■ To perform specific procedures (such as configuring IP addressing or VLANs), use the Contents listing at the front of the manual to locate the information you need. ■ For monitoring and analyzing switch operation, refer to Appendix B. ■ For information on individual CLI commands, refer to the Index or to the online Help provided in the CLI interface. Advantages of Using the Web Browser Interface Figure 2-3.
Selecting a Management Interface Advantages of Using the Web Browser Interface 2-6 ■ More visual cues, using colors, status bars, device icons, and other graphical objects instead of relying solely on alphanumeric values ■ Display of acceptable ranges of values available in configuration list boxes
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus Advantages of Using ProCurve Manager or ProCurve Manager Plus You can operate ProCurve Manager and ProCurve Manager Plus (PCM and PCM+) from a PC on the network to monitor traffic, manage your hubs and switches, and proactively recommend network changes to increase network uptime and optimize performance. Easy to install and use, PCM and PCM+ are the answers to your management challenges. Figure 2-4.
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus PCM and PCM+ enable greater control, uptime, and performance in your network: ■ ■ 2-8 Features and benefits of ProCurve Manager: • Network Status Summary: Upon boot-up, a network status screen displays high-level information on network devices, end nodes, events, and traffic levels. From here, users can research any one of these areas to get more details.
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus • Device Software Updates: This feature automatically obtains new device software images from ProCurve and updates devices, allowing users to download the latest version or choose the desired version. Updates can be scheduled easily across large groups of devices, all at user-specified times.
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus clears the banner window and prompts the user for a password (if configured). Following entry of the correct username/password information (or if no username/password is required), the switch then displays either the Registra tion page or the switch’s home page.
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus Example of Configuring and Displaying a Banner Suppose a system operator wanted to configure the following banner message on her company’s switches: This is a private system maintained by the Allied Widget Corporation.
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus Shows the current banner configuration. Figure 2-7. The Current Banner Appears in the Switch’s Running-Config File The next time someone logs onto the switch’s management CLI, the following appears: The login screen displays the configured banner. Entering a correct password clears the banner and displays the CLI prompt. Figure 2-8.
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus If someone uses a Web browser to log in to the switch interface, the following message appears: Figure 2-9. Example of Web Browser Interface Result of the Login Banner Configuration Operating Notes ■ The default banner appears only when the switch is in the factory default configuration. Using no banner motd deletes the currently configured banner text and blocks display of the default banner.
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus 2-14
3 Using the Menu Interface Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Starting and Ending a Menu Session . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 How To Start a Menu Interface Session . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 How To End a Menu Session and Exit from the Console: . . . . . . . . . . 3-5 Main Menu Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using the Menu Interface Overview Overview This chapter describes the following features: ■ Overview of the Menu Interface (page 3-2) ■ Starting and ending a Menu session (page 3-3) ■ The Main Menu (page 3-7) ■ Screen structure and navigation (page 3-9) ■ Rebooting the switch (page 3-12) The menu interface operates through the switch console to provide you with a subset of switch commands in an easy-to-use menu format enabling you to: ■ Perform a “quick configuration” of basic parameters, such a
Using the Menu Interface Starting and Ending a Menu Session Note If the switch has neither a Manager nor an Operator password, anyone having access to the console interface can operate the console with full manager privileges. Also, if you configure only an Operator password, entering the Operator password enables full manager privileges. For more information on passwords, refer to the Access Security Guide for your switch. Menu Interaction with Other Interfaces.
Using the Menu Interface Starting and Ending a Menu Session How To Start a Menu Interface Session In its factory default configuration, the switch console starts with the CLI prompt. To use the menu interface with Manager privileges, go to the Manager level prompt and enter the menu command. 1. 2. 3. Use one of these methods to connect to the switch: • A PC terminal emulator or terminal • Telnet Do one of the following: • If you are using Telnet, go to step 3.
Using the Menu Interface Starting and Ending a Menu Session Figure 3-1. Example of the Main Menu with Manager Privileges For a description of Main Menu features, see “Main Menu Features” on page 3-7. Note To configure the switch to start with the menu interface instead of the CLI, go to the Manager level prompt in the CLI, enter the setup command, and in the resulting display, change the Logon Default parameter to Menu.
Using the Menu Interface Starting and Ending a Menu Session Asterisk indicates a configuration change that requires a reboot to activate. Figure 3-2. Example Indication of a Configuration Change Requiring a Reboot 1. In the current session, if you have not made configuration changes that require a switch reboot to activate, return to the Main Menu and press [0] (zero) to log out. Then just exit from the terminal program, turn off the terminal, or quit the Telnet session. 2.
Using the Menu Interface Main Menu Features Main Menu Features Figure 3-3. The Main Menu View with Manager Privileges The Main Menu gives you access to these Menu interface features: ■ Status and Counters: Provides access to display screens showing switch information, port status and counters, and port and VLAN address tables. (Refer to Appendix B, “Monitoring and Analyzing Switch Opera tion”.
Using the Menu Interface Main Menu Features 3-8 ■ Command Line (CLI): Selects the Command Line Interface at the same level (Manager or Operator) that you are accessing in the Menu interface. (Refer to Chapter 4, “Using the Command Line Interface (CLI)”.) ■ Reboot Switch: Performs a “warm” reboot of the switch, which clears most temporary error conditions, resets the network activity counters to zero, and resets the system up-time to zero.
Using the Menu Interface Screen Structure and Navigation Screen Structure and Navigation Menu interface screens include these three elements: ■ Parameter fields and/or read-only information such as statistics ■ Navigation and configuration actions, such as Save, Edit, and Cancel ■ Help line to describe navigation options, individual parameters, and readonly data For example, in the following System Information screen: Screen title – identifies the location within the menu structure Parameter fields
Using the Menu Interface Screen Structure and Navigation Table 3-1. 3-10 How To Navigate in the Menu Interface Task: Actions: Execute an action from the “Actions –>” list at the bottom of the screen: Use either of the following methods: • Use the arrow keys ([<], or [>]) to highlight the action you want to execute, then press [Enter]. • Press the key corresponding to the capital letter in the action name.
Using the Menu Interface Screen Structure and Navigation To get Help on individual parameter descriptions. In most screens there is a Help option in the Actions line. Whenever any of the items in the Actions line is highlighted, press [H], and a separate help screen is displayed. For example: Pressing [H] or highlighting Help and pressing [Enter] displays Help for the parameters listed in the upper part of the screen Highlight on any item in the Actions line indicates that the Actions line is active.
Using the Menu Interface Rebooting the Switch Rebooting the Switch Rebooting the switch from the menu interface ■ Terminates all current sessions and performs a reset of the operating system ■ Activates any menu interface configuration changes that require a reboot ■ Resets statistical counters to zero (Note that statistical counters can be reset to zero without rebooting the switch.) To Reboot the switch, use the Reboot Switch option in the Main Menu.
Using the Menu Interface Rebooting the Switch Rebooting To Activate Configuration Changes. Configuration changes for most parameters in the menu interface become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the Maximum VLANs to support parameter. (To access this parameter, go to the Main Menu and select: 2. Switch Configuration 8. VLAN Menu 1. VLAN Support.
Using the Menu Interface Menu Features List Menu Features List Status and Counters • General System Information • Switch Management Address Information • Port Status • Port Counters • Address Table • Port Address Table Switch Configuration • System Information • Port/Trunk Settings • Network Monitoring Port • IP Configuration • SNMP Community Names • IP authorized Managers • VLAN Menu Console Passwords Event Log Command Line (CLI) Reboot Switch Download OS (Download Switch Softwar
Using the Menu Interface Where To Go From Here Where To Go From Here This chapter provides an overview of the menu interface and how to use it. The following table indicates where to turn for detailed information on how to use the individual features available through the menu interface. Option: Turn to: To use the Run Setup option Refer to the Installation and Getting Started Guide shipped with the switch.
Using the Menu Interface Where To Go From Here 3-16
4 Using the Command Line Interface (CLI) Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Privilege Levels at Logon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using the Command Line Interface (CLI) Overview Overview The CLI is a text-based command interface for configuring and monitoring the switch. The CLI gives you access to the switch’s full set of commands while providing the same password protection that is used in the web browser interface and the menu interface. Accessing the CLI Like the menu interface, the CLI is accessed through the switch console, and in the switch’s factory default state, is the default interface when you start a console session.
Using the Command Line Interface (CLI) Using the CLI When you use the CLI to make a configuration change, the switch writes the change to the Running-Config file in volatile memory. This allows you to test your configuration changes before making them permanent. To make changes permanent, you must use the write memory command to save them to the Startup-Config file in non-volatile memory.
Using the Command Line Interface (CLI) Using the CLI Caution ProCurve strongly recommends that you configure a Manager password. If a Manager password is not configured, then the Manager level is not passwordprotected, and anyone having in-band or out-of-band access to the switch may be able to reach the Manager level and compromise switch and network security. Note that configuring only an Operator password does not prevent access to the Manager level by intruders who have the Operator password.
Using the Command Line Interface (CLI) Using the CLI Manager Privileges Manager privileges give you three additional levels of access: Manager, Global Configuration, and Context Configuration. A “#” character delimits any Man ager prompt. For example: ProCurve#_ ■ Example of the Manager prompt. Manager level: Provides all Operator level privileges plus the ability to perform system-level actions that do not require saving changes to the system configuration file.
Using the Command Line Interface (CLI) Using the CLI Table 4-1. Privilege Level Hierarchy Privilege Level Example of Prompt and Permitted Operations Operator Privilege Operator Level ProCurve> show < command > setup View status and configuration information. ping < argument > link-test < argument > Perform connectivity tests. enable Move from the Operator level to the Manager level. menu Move from the CLI interface to the menu interface.
Using the Command Line Interface (CLI) Using the CLI How To Move Between Levels Change in Levels Example of Prompt, Command, and Result Operator level to Manager level ProCurve> enable Password:_ After you enter enable, the Password prompt appears.
Using the Command Line Interface (CLI) Using the CLI For example, if you use the menu interface to configure an IP address of “X” for VLAN 1 and later use the CLI to configure a different IP address of “Y” for VLAN 1, then “Y” replaces “X” as the IP address for VLAN 1 in the running config file. If you subsequently execute write memory in the CLI, then the switch also stores “Y” as the IP address for VLAN 1 in the startup-config file.
Using the Command Line Interface (CLI) Using the CLI Typing ? at the Manager level produces this listing: When - - MORE - - appears, use the Space bar or [Return] to list additional commands. Figure 4-4.Example of the Manager-Level Command Listing When - - MORE - - appears, there are more commands in the listing. To list the next screenfull of commands, press the Space bar. To list the remaining commands one-by-one, repeatedly press [Enter].
Using the Command Line Interface (CLI) Using the CLI As mentioned above, if you type part of a command word and press [Tab], the CLI completes the current word (if you have typed enough of the word for the CLI to distinguish it from other possibilities), including hyphenated exten sions. For example: ProCurve(config)# port-[Tab] ProCurve(config)# port-security _ Pressing [Tab] after a completed command word lists the further options for that command.
Using the Command Line Interface (CLI) Using the CLI Displaying CLI “Help” CLI Help provides two types of context-sensitive information: ■ Command list with a brief summary of each command’s purpose ■ Detailed information on how to use individual commands Displaying Command-List Help. Syntax: help Displays a listing of command Help summaries for all commands available at the current privilege level.
Using the Command Line Interface (CLI) Using the CLI Figure 4-7.Example of How To Display Help for a Specific Command Note that trying to list the help for an individual command from a privilege level that does not include that command results in an error message.
Using the Command Line Interface (CLI) Using the CLI Configuration Commands and the Context Configuration Modes You can execute any configuration command in the global configuration mode or in selected context modes. However, using a context mode enables you to execute context-specific commands faster, with shorter command strings. The switch offers interface (port or trunk group) and VLAN context configu ration modes: Port or Trunk-Group Context.
Using the Command Line Interface (CLI) Using the CLI In the port context, the first block of commands in the “?” listing show the context-specific commands that will affect only ports C3-C6. The remaining commands in the listing are Manager, Operator, and context commands. Figure 4-8.
Using the Command Line Interface (CLI) Using the CLI VLAN Context . Includes VLAN-specific commands that apply only to the selected VLAN, plus Manager and Operator commands. The prompt for this mode includes the VLAN ID of the selected VLAN. For example, if you had already configured a VLAN with an ID of 100 in the switch: ProCurve(config)# vlan 100 Command executed at configuration level to enter VLAN 100 context. ProCurve(vlan-100)# Resulting prompt showing VLAN 100 context.
Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing Executing a Prior Command—Redo The redo command executes a prior command in the history list. Syntax: redo [number | command-str] Re-executes a command from history. Executes the last command by default. number: The position of the command to execute in the history list. When number is specified, the nth command starting from the most recent command in the history is executed.
Using the Command Line Interface (CLI) CLI Control and Editing Syntax: repeat [cmdlist] [count] [delay] Repeats execution of a previous command. Repeats the last command by default until a key is pressed. cmdlist: If a number or range of numbers is specified, the command repeats the nth most recent commands (where “n” is the position in the history list). count: Repeats the command for the number of times specified. delay: The command repeats execution after a delay for the number of seconds specified.
Using the Command Line Interface (CLI) CLI Control and Editing Using a Command Alias You can create a simple command alias to use in place of a command name and its options. Choose an alias name that is not an existing CLI command already. Existing CLI commands are searched before looking for an alias command; an alias that is identical to an existing command will not be executed. The alias command is executed from the current configuration context (oper ator, manager, or global).
Using the Command Line Interface (CLI) CLI Control and Editing ProCurve(config)# show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi Status and Counters - Custom Port Status Port ---1 2 3 4 Name ---------Acco Huma Deve Lab1 Type ---------100/1000T 100/1000T 100/1000T 100/1000T VLAN ----1 1 1 1 Intrusion Alert --------No No No No Speed ------1000FDx 1000FDx 1000FDx 1000FDx Enabled ------Yes Yes Yes Yes MDI-mode ------Auto Auto Auto Auto ProCurve(config)# alias sic “show int custom
Using the Command Line Interface (CLI) CLI Control and Editing ProCurve(config)# show alias Name -------------- ----sc sic Command -----------------------------show config show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi Figure 4-13. Example of Alias Commands and Their Configurations CLI Shortcut Keystrokes Keystrokes Function [Ctrl] [A] Jumps to the first character of the command line. [Ctrl] [B] or [<] Moves the cursor back one character.
5 Using the ProCurve Web Browser Interface Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 General Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Starting a Web Browser Interface Session with the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4 Using a Standalone Web Browser in a PC or UNIX Workstation . . . .
Using the ProCurve Web Browser Interface Contents Status Indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-22 Setting Fault Detection Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using the ProCurve Web Browser Interface Overview Overview The ProCurve web browser interface built into the switch lets you easily access the switch from a browser-based PC on your network. This lets you do the following: ■ Optimize your network uptime by using the Alert Log and other diagnostic tools ■ Make configuration changes to the switch ■ Maintain security by configuring usernames and passwords This chapter covers the following: ■ General features (page 5-4).
Using the ProCurve Web Browser Interface General Features General Features The web browser interface includes these features: Switch Identity and Status: • General system data • Software version • Redundant Management Module software version • IP address • Status Overview • Port utilization • Port counters • Port status • Redundancy Status • Alert log Switch Configuration: • Device view • Port configuration • VLAN configuration • Fault detection • Quality of service (QoS) • Port monitoring (mirroring) • Sy
Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Switch Starting a Web Browser Interface Session with the Switch You can start a web browser session in the following ways: ■ ■ Using a standalone web browser on a network connection from a PC or UNIX workstation: • Directly connected to your network • Connected through remote access to your network Using a network management station running ProCurve Manager on your network Using a Standalone Web Browser in a P
Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Switch Using ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+) ProCurve Manager and ProCurve Manager Plus are designed for installation on a network management workstation. For this reason, the system require ments are different from the system requirements for accessing the switch’s web browser interface from a non-management PC or workstation.
Using the ProCurve Web Browser Interface Starting a Web Browser Interface Session with the Switch First time install alert Figure 5-1.
Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Tasks for Your First ProCurve Web Browser Interface Session The first time you access the web browser interface, there are three tasks you should perform: ■ Review the “First Time Install” window ■ Set Manager and Operator passwords ■ Set access to the web browser interface online help Viewing the “First Time Install” Window When you access the switch’s web browser interface for the first time, the Al
Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session This window is the launching point for the basic configuration you need to perform to set web browser interface passwords for maintaining security and a fault detection policy, which determines the types of messages that the Alert Log displays. To set web browser interface passwords, click on secure access to the device to display the Device Passwords screen, and then go to the next page.
Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Figure 5-3.The Device Passwords Window To set the passwords: 1. 2. Access the Device Passwords screen by one of the following methods: • If the Alert Log includes a “First Time Install” event entry, double click on this event, then, in the resulting display, click on the secure access to the device link. • Select the Security tab.
Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session Entering a User Name and Password Figure 5-4. Example of the Password Prompt in the Web Browser Interface The manager and operator passwords are used to control access to all switch interfaces. Once set, you will be prompted to supply the password every time you try to access the switch through any of its interfaces.
Using the ProCurve Web Browser Interface Tasks for Your First ProCurve Web Browser Interface Session The Clear button is provided for your convenience, but its presence means that if you are concerned with the security of the switch configuration and operation, you should make sure the switch is installed in a secure location, such as a locked wiring closet.
Using the ProCurve Web Browser Interface Support/Mgmt URLs Feature Support/Mgmt URLs Feature The Support/Mgmt URLs window enables you to change the World Wide Web Universal Resource Locator (URL) for two functions: ■ Support URL – A support information site for your switch ■ Management Server URL – The web site for web browser online Help 1. Click Here 2. Click Here 3.
Using the ProCurve Web Browser Interface Support/Mgmt URLs Feature Support URL This is the site the switch accesses when you click on the Support tab on the web browser interface. The default URL is: www.procurve.com which is the World Wide Web site for ProCurve networking products. Click on technical support on that page to get support information regarding your switch, including white papers, software updates, and more.
Using the ProCurve Web Browser Interface Support/Mgmt URLs Feature In the default configuration, the switch uses the URL for accessing the web browser interface help files on the ProCurve World Wide Web site. Figure 5-7. How To Access Web Browser Interface Online Help Using the PCM Server for Switch Web Help For ProCurve devices that support the “Web Help” feature, you can use the PCM server to host the switch help files for devices that do not have HTTP access to the ProCurve Support Web site. 1.
Using the ProCurve Web Browser Interface Support/Mgmt URLs Feature 3. Add an entry, or edit the existing entry in the Discovery portion of the global properties (globalprops.prp) in PCM to redirect the switches to the help files on the PCM server. For example: Global { TempDir=data/temp ... Discovery{ ... ... DeviceHelpUrlRedirect=http://15.29.37.12.8040/rnd/device_help ... } } You will enter the IP address for your PCM server. 8040 is the standard port number to use. 4.
Using the ProCurve Web Browser Interface Status Reporting Features Status Reporting Features Browser elements covered in this section include: ■ The Overview window (below) ■ Port utilization and status (page 5-18) ■ The Alert log (page 5-21) ■ The Status bar (page 5-23) The Overview Window The Overview Window is the home screen for any entry into the web browser interface.The following figure identifies the various parts of the screen.
Using the ProCurve Web Browser Interface Status Reporting Features Policy Management and Configuration. PCM can perform network-wide policy management and configuration of your switch. The Management Server URL field (page 5-14) shows the URL for the management station performing that function. For more information, refer to the documentation provided with the PCM software.
Using the ProCurve Web Browser Interface Status Reporting Features ■ % Error Pkts Rx: All error packets received by the port. (This indicator is a reddish color on many systems.) Although errors received on a port are not propagated to the rest of the network, a consistently high number of errors on a specific port may indicate a problem on the device or network segment connected to the indicated port.
Using the ProCurve Web Browser Interface Status Reporting Features Figure 5-11. Display of Numerical Values for the Bar Port Status Port Status Indicators Legend Figure 5-12. The Port Status Indicators and Legend The Port Status indicators show a symbol for each port that indicates the general status of the port. There are four possible statuses: 5-20 ■ Port Connected – the port is enabled and is properly connected to an active network device.
Using the ProCurve Web Browser Interface Status Reporting Features The Alert Log The web browser interface Alert Log, shown in the lower half of the screen, shows a list of network occurrences, or alerts, that were detected by the switch. Typical alerts are Broadcast Storm, indicating an excessive number of broadcasts received on a port, and Problem Cable, indicating a faulty cable. A full list of alerts is shown in the table on page 5-22. Figure 5-13.
Using the ProCurve Web Browser Interface Status Reporting Features Alert Types and Detailed Views As of June, 2007, the web browser interface generates the following alert types: • • • • • • • • • Note Auto Partition Backup Transition Excessive broadcasts Excessive CRC/alignment errors Excessive jabbering Excessive late collisions First Time Install Full-Duplex Mismatch Half-Duplex Mismatch • • • • • • • • High collision or drop rate Loss of Link Mis-Configured SQE Network Loop Polarity Reversal Securi
Using the ProCurve Web Browser Interface Status Reporting Features Figure 5-14. Example of Alert Log Detail View Status Indicators The status indicators use icons to show the severity of alerts in the current display of the Alert Log. This indicator can be one of four shapes and colors, as shown below. Table 5-1. Status Indicator Key Color Blue Green Switch Status Normal Activity; “First time installation” information available in the Alert log.
Using the ProCurve Web Browser Interface Status Reporting Features Setting Fault Detection Policy One of the powerful features in the web browser interface is the Fault Detection facility. For your switch, this feature controls the types of alerts reported to the Alert Log based on their level of severity. Set this policy in the Fault Detection window (figure 5-15). Figure 5-15.
Using the ProCurve Web Browser Interface Status Reporting Features To provide the most information on network problems in the Alert Log, the recommended sensitivity level for Log Network Problems is High Sensitivity. The Fault Detection settings are: ■ High Sensitivity. This policy directs the switch to send all alerts to the Alert Log. This setting is most effective on networks that have none or few problems. ■ Medium Sensitivity.
Using the ProCurve Web Browser Interface Status Reporting Features 5-26
6 Switch Memory and Configuration Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 Configuration File Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 Using the CLI To Implement Configuration Changes . . . . . . . . . . . . 6-6 Using the Menu and Web Browser Interfaces To Implement Configuration Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Switch Memory and Configuration Contents Changing or Overriding the Reboot Configuration Policy . . . . . . . . . 6-31 Managing Startup-Config Files in the Switch . . . . . . . . . . . . . . . . . . . 6-33 Renaming an Existing Startup-Config File . . . . . . . . . . . . . . . . . . 6-34 Creating a New Startup-Config File . . . . . . . . . . . . . . . . . . . . . . . . 6-34 Erasing a Startup-Config File . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Switch Memory and Configuration Overview Overview This chapter describes: ■ How switch memory manages configuration changes ■ How the CLI implements configuration changes ■ How the menu interface and web browser interface implement configu ration changes ■ How the switch provides software options through primary/secondary flash images ■ How to use the switch’s primary and secondary flash options, including displaying flash information, booting or restarting the switch, and other topics Configura
Switch Memory and Configuration Configuration File Management ■ Startup-config File: Exists in flash (non-volatile) memory and is used to preserve the most recently-saved configuration as the “permanent” configuration. Booting the switch replaces the current running-config file with a new run ning-config file that is an exact copy of the current startup-config file.
Switch Memory and Configuration Configuration File Management The above command disables port 5 in the running-config file, but not in the startup-config file. Port 5 remains disabled only until the switch reboots. If you want port 5 to remain disabled through the next reboot, use write memory to save the current running-config file to the startup-config file in flash memory.
Switch Memory and Configuration Using the CLI To Implement Configuration Changes Using the CLI To Implement Configuration Changes The CLI offers these capabilities: ■ Access to the full set of switch configuration features ■ The option of testing configuration changes before making them perma nent How To Use the CLI To View the Current Configuration Files. Use show commands to view the configuration for individual features, such as port status or Spanning Tree Protocol.
Switch Memory and Configuration Using the CLI To Implement Configuration Changes 3. Observe the switch’s performance with the new parameter settings to verify the effect of your changes. 4. When you are satisfied that you have the correct parameter settings, use the write memory command to copy the changes to the startup-config file. Syntax: write memory Saves the running configuration file to the startup-config. The saved configuration becomes the boot-up configuration of the switch on the next boot.
Switch Memory and Configuration Using the CLI To Implement Configuration Changes How To Cancel Changes You Have Made to the Running-Config File. If you use the CLI to change parameter settings in the running-config file, and then decide that you don’t want those changes to remain, you can use either of the following methods to remove them: ■ Manually enter the earlier values you had for the changed settings.
Switch Memory and Configuration Using the CLI To Implement Configuration Changes Note If you use the CLI to make a change to the running-config file, you should either use the write memory command or select the save option allowed during a reboot (figure 6-6-2, above) to save the change to the startup-config file.
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Using the Menu and Web Browser Interfaces To Implement Configuration Changes The menu and web browser interfaces offer these advantages: ■ Quick, easy menu or window access to a subset of switch configuration features ■ Viewing several related configuration parameters in the same screen, with their default and current settings ■ Immediately changing both the running-config file and the startup-
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes To save and implement the changes for all parameters in this screen, press the [Enter] key, then press [S] (for Save). To cancel all changes, press the [Enter] key, then press [C] (for Cancel) Figure 6-4.
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Optional Reboot Switch Command Figure 6-5. The Reboot Switch Option in the Main Menu Rebooting To Activate Configuration Changes. Configuration changes for most parameters become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the Maximum VLANs to support parameter. (To access these parameters, go to the Main menu and select 2.
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Asterisk indicates a configuration change that requires a reboot in order to take effect. Reminder to reboot the switch to activate configuration changes. Figure 6-6.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Using Primary and Secondary Flash Image Options The switches covered in this guide feature two flash memory locations for storing switch software image files: ■ Primary Flash: The default storage for a switch software image. ■ Secondary Flash: The additional storage for either a redundant or an alternate switch software image.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options For example, if the switch is using a software version of K.12.XX stored in Primary flash, show version produces the following: ProCurve(config)# show version Image stamp: Boot Image: Figure 6-7. /su/code/build/info(s01) Dec 01 2006 10:50:26 K.12.XX 1223 Primary Example Showing the Identity of the Current Flash Image Determining Whether the Flash Images Are Different Versions.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options 1. In this example show version indicates the switch has version K.12.02 in primary flash. 2. After the boot system command, show version indicates that version K.12.01 is in secondary flash. Figure 6-9.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Local Switch Software Replacement and Removal This section describes commands for erasing a software version and copying an existing software version between primary and secondary flash. Note It is not necessary to erase the content of a flash location before downloading another software file. The process automatically overwrites the previous file with the new file.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options For example, to copy the image in secondary flash to primary flash: 1. Verify that there is a valid flash image in the secondary flash location. The following figure indicates that a software image is present in secondary flash. (If you are unsure whether the image is secondary flash is valid, try booting from it before you proceed, by using boot system flash secondary.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options The prompt shows which flash location will be erased. Figure 6-11. Example of Erase Flash Prompt 3. Type y at the prompt to complete the flash erase. 4. Use show flash to verify erasure of the selected software flash image The “0” here shows that primary flash has been erased. Figure 6-12.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options tures. For example, suppose you have just downloaded a software upgrade that includes new features that are not supported in the software you used to create the current startup-config file. In this case, the software simply assigns factory-default values to the parameters controlling the new features.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Table 6-2. Comparing the Boot and Reload Commands Actions Included In Boot? Included In Reload Note Save all configuration changes since the last boot or reload Optional, with prompt Optional with reload , when prompt displays. Not saved with reload at/after commands; No prompt is displayed. Config changes saved to the startup-config file if “y” is selected (reload command).
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Booting from the Default Flash (Primary or Secondary) The boot command boots the switch from the flash image that you are currently booted on, or the flash image that was set either by the boot setdefault command or by the last executed boot system flash command. This command also executes the complete set of subsystem selftests. You have the option of specifying a configuration file.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options ProCurve(config)# show flash Image Size(Bytes) Date Version Build # -------------- -------- ------- ------Primary Image : 7497114 03/29/07 K.12.XX 57 Secondary Image : 7497114 03/29/07 K.12.XX 57 Boot Rom Version: K.12.03 Default Boot : Primary The next boot is from primary Set to secondary flash ProCurve(config)# boot set-default flash secondary This command changes the location of the default boot.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Using the Fastboot feature. The fastboot command allows a boot sequence that skips the internal power-on self-tests, resulting in a faster boot time. When using redundant management and fastboot is enabled, it is saved to the standby management module when the config files are synchronized. Fastboot is used during the next bootup on either management module.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Scheduled Reload. Beginning with software release K.11.34, additional parameters have been added to the reload command to allow for a scheduled reboot of the switch via the CLI. Syntax: [no] reload [after <[dd:]hh:]mm> | at []] Enables a scheduled warm reboot of the switch. The switch boots up with the same startup config file and using the same flash image as before the reload.
Switch Memory and Configuration Multiple Configuration Files ProCurve(config)# reload after 04:14:00 Reload scheduled in 4 days, 14 hours, 0 minutes This command will cause a switchover at the scheduled time to the other management module which may not be running the same software image and configurations. Do you want to continue [y/n]? Figure 6-18.
Switch Memory and Configuration Multiple Configuration Files While you can still use remote storage for startup-config files, you can now maintain multiple startup-config files on the switch and choose which version to use for a reboot policy or an individual reboot.
Switch Memory and Configuration Multiple Configuration Files Changing the Startup-Config File. When the switch reboots, the startup config file supplies the configuration for the running-config file the switch uses to operate. Making changes to the running-config file and then executing a write-mem command (or, in the Menu interface, the Save command) are written back to the startup-config file used at the last reboot.
Switch Memory and Configuration Multiple Configuration Files ■ Erase the active startup-config file. This generates a new, default startup config file that always results when the switch automatically reboots after deletion of the currently active startup-config file. (Refer to “Erasing a Startup-Config File” on page 6-35.
Switch Memory and Configuration Multiple Configuration Files Listing and Displaying Startup-Config Files Command Page show config files show config < filename > Below 6-31 Viewing the Startup-Config File Status with Multiple Configuration Enabled Rebooting the switch automatically enables the multiple configuration fea ture. Syntax: show config files This command displays the available startup-config files on the switch and the current use of each file.
Switch Memory and Configuration Multiple Configuration Files Displaying the Content of A Specific Startup-Config File With Multiple Configuration enabled, the switch can have up to three startup config files. Because the show config command always displays the content of the currently active startup-config file, the command extension shown below is needed to allow viewing the contents of any other startup-config files stored in the switch.
Switch Memory and Configuration Multiple Configuration Files Syntax: startup-default [ primary | secondary ] config < filename > Specifies a boot configuration policy option: [ primary | secondary ] config < filename >: Designates the startup-config file to use in a reboot with the software version stored in a specific flash location. Use this option to change the reboot policy for either primary or secondary flash, or both.
Switch Memory and Configuration Multiple Configuration Files ProCurve(config)# startup-default pri config minconfig ProCurve(config) # startup-default sec config newconfig. Overriding the Default Reboot Configuration Policy. This command provides a method for manually rebooting with a specific startup-config file other than the file specified in the default reboot configuration policy.
Switch Memory and Configuration Multiple Configuration Files Renaming an Existing Startup-Config File Syntax: rename config < current-filename > < newname-str > This command changes the name of an existing startup config file. A file name can include up to 63, alphanumeric characters. Blanks are allowed in a file name enclosed in quotes (“ “ or ‘ ‘). (File names are not case-sensitive.
Switch Memory and Configuration Multiple Configuration Files For example, suppose both primary and secondary flash memory contain software release “A” and use a startup-config file named config1: Figure 6-22. Example of Using One Startup-Config File for Both Primary and Secondary Flash If you wanted to experiment with configuration changes to the software version in secondary flash, you could create and assign a separate startup config file for this purpose.
Switch Memory and Configuration Multiple Configuration Files In a redundant management system, this command erases the config or startup config file on both the active and the standby management modules as long as redundancy has not been disabled. If the standby management module is not in standby mode or has failed selftest, the config or startup config file is not erased. Syntax: erase < config < filename >> | startup-config > config < filename >: This option erases the specified startup config file.
Switch Memory and Configuration Multiple Configuration Files Figure 6-24 illustrates using erase config < filename > to remove a startup-config file. Figure 6-24. Example of Erasing a Non-Active Startup-Config File With the same memory configuration as is shown in the bottom portion of figure 6-24, executing erase startup-config boots the switch from primary flash, resulting in a new file named minconfig in the same memory slot.
Switch Memory and Configuration Multiple Configuration Files Pressing Clear + Reset: – Replaces all startup-config files with a single file named config1 that contains the default configuration for the software version in primary flash. – Resets the Active, Primary, and Secondary assignments as shown here. Figure 6-25.
Switch Memory and Configuration Multiple Configuration Files For example, the following command copies a startup-config file named test 01 from the switch to a (UNIX) TFTP server at IP address 10.10.28.14: ProCurve(config)# copy config test-01 tftp 10.10.28.14 test-01.txt unix TFTP: Copying a Configuration File from a Remote Host Syntax: copy tftp config < dest-file > < ip-addr > < remote-file > < pc | unix >[oobm] This is an addition to the copy tftp command options.
Switch Memory and Configuration Multiple Configuration Files Xmodem: Copying a Configuration File to a Serially Connected Host Syntax: copy config < filename > xmodem < pc | unix > This is an addition to the copy < config > xmodem command options. Use this command to upload a configuration file from the switch to an Xmodem host. For more on using Xmodem to copy a file to a serially connected host, refer to “Xmodem: Copying a Configuration File to a Serially Connected PC or UNIX Workstation” on page A-33.
Switch Memory and Configuration Automatic Configuration Update with DHCP Option 66 Automatic Configuration Update with DHCP Option 66 ProCurve switches are initially booted up with the factory-shipped configura tion file. This feature provides a way to automatically download a different configuration file from a TFTP server using DHCP Option 66.
Switch Memory and Configuration Automatic Configuration Update with DHCP Option 66 Possible Scenarios for Updating the Configuration File The following table shows various network configurations and how Option 66 is handled. Scenario Behavior Single Server serving Multiple VLANs • Each DHCP-enabled VLAN interface initiates DHCPDISCOVER message, receives DHCPOFFER from the server, and send DHCPREQUEST to obtain the offered parameters.
Switch Memory and Configuration Automatic Configuration Update with DHCP Option 66 Global DHCP Parameters: Global parameters are processed only if received on the primary VLAN. Best Offer: The “Best Offer” is the best DHCP or BootP offer sent by the DHCP server in response to the DHCPREQUEST sent by the switch.
Switch Memory and Configuration Automatic Configuration Update with DHCP Option 66 6-44
7 Interface Access and System Information Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Interface Access: Console/Serial Link, Web, and Inbound Telnet . 7-3 Menu: Modifying the Interface Access . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 CLI: Modifying the Interface Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5 Denying Interface Access by Terminating Remote Management Sessions . . . . . . . . .
Interface Access and System Information Overview Overview This chapter describes how to: ■ View and modify the configuration for switch interface access ■ Use the CLI kill command to terminate a remote session ■ View and modify switch system information For help on how to actually use the interfaces built into the switch, refer to: ■ Chapter 3, “Using the Menu Interface” ■ Chapter 4, “Using the Command Line Interface (CLI)” ■ Chapter 5, “Using the ProCurve Web Browser Interface” Why Configure I
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access Features Feature Inactivity Time Inbound Telnet Access Outbound Telnet Access Web Browser Interface Access Terminal type Event Log event types to list (Displayed Events) Baud Rate Flow Control Default Menu CLI Web 0 Minutes (disabled) page 7-4 page 7-9 — Enabled page 7-4 page 7-5 — n/a — page 7-6 — Enabled pa
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Menu: Modifying the Interface Access The menu interface enables you to modify these parameters: ■ Inactivity Timeout ■ Inbound Telnet Enabled ■ Web Agent Enabled To Access the Interface Access Parameters: 1. From the Main Menu, Select... 2. Switch Configuration... 1. System Information Interface Access Parameters Figure 7-1.
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet CLI: Modifying the Interface Access Interface Access Commands Used in This Section show console below [no] telnet-server below [no] web-management page 7-8 console page 7-9 Listing the Current Console/Serial Link Configuration. This com mand lists the current interface access parameter settings. Syntax: show console This example shows the switch’s default console/serial configuration.
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Syntax: [no] telnet-server [listen ] Enables or disables inbound Telnet access on a switch. Use the no version of the command to disable inbound Telnet access. The listen parameter is available only on switches that have a separate out-of-band management port.
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Syntax: telnet [oobm] Initiates an outbound telnet session to another network device.
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet ProCurve(config)# show telnet Telnet Activity ------------------------------------------------------Session : ** 1 Privilege: Manager From : Console To : ------------------------------------------------------Session : ** 2 Privilege: Manager From : 12.13.14.10 To : 15.33.66.
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet To disable web browser access: ProCurve(config)# no web-management To re-enable web browser access: ProCurve(config)# web-management Reconfigure the Console/Serial Link Settings. You can reconfigure one or more console parameters with one console command.
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet The switch implements the Event Log change immediately. The switch implements the other console changes after executing write memory and reload. Figure 7-4. Example of Executing the Console Command with Multiple Parameters Note When using redundant management, console settings, such as mode, flowcontrol and baud-rate, are the same on both management modules.
Interface Access and System Information Denying Interface Access by Terminating Remote Management Sessions Denying Interface Access by Terminating Remote Management Sessions The switch supports up to five management sessions. You can use show ip ssh to list the current management sessions, and kill to terminate a currently running remote session. (Kill does not terminate a Console session on the serial port, either through a direct connection or via a modem.
Interface Access and System Information System Information System Information System Information Features Feature Default Menu CLI Web System Name switch product name page 7-13 page 7-15 page 7-18 System Contact n/a page 7-13 page 7-15 page 7-18 System Location n/a page 7-13 page 7-15 page 7-18 MAC Age Time 300 seconds page 7-13 page 7-17 — Time Sync Method None See Chapter 9, “Time Protocols”.
Interface Access and System Information System Information Time Zone: The number of minutes your time zone location is to the West (+) or East (-) of Coordinated Universal Time (formerly GMT). The default 0 means no time zone is configured. For example, the time zone for Berlin, Germany is + 60 (minutes) and the time zone for Vancouver, Canada is - 480 (minutes). Daylight Time Rule: Specifies the daylight savings time rule to apply for your location. The default is None.
Interface Access and System Information System Information 2. Press [E] (for Edit). The cursor moves to the System Name field. 3. Refer to the online help provided with this screen for further information on configuration options for these features. 4. When you have finished making changes to the above parameters, press [Enter], then press [S] (for Save) and return to the Main Menu.
Interface Access and System Information System Information Configure a System Name, Contact, and Location for the Switch. To help distinguish one switch from another, configure a plain-language identity for the switch. Syntax: hostname < name-string > snmp-server [contact ] [location ] Each field allows up to 255 characters.
Interface Access and System Information System Information MENU ProCurve Switch 5406zl 24-Oct-2006 12:41:47 ===========================- TELNET - MANAGER MODE =========================== Switch Configuration - System Information System Name : Blue Switch System Contact : Bill_Smith System Location : + characters of the location are missing. It’s too long.
Interface Access and System Information System Information Figure 7-11. System Location and System Contact in the Web Browser Reconfigure the MAC Age Time for Learned MAC Addresses. This command corresponds to the MAC Age Interval in the menu interface, and is expressed in seconds. Syntax: mac-age-time < 10 - 1000000 > (seconds) Allows you to set the MAC address table’s age-out interval.
Interface Access and System Information System Information For example, the time zone setting for Berlin, Germany is +60 (zone +1, or 60 minutes), and the time zone setting for Vancouver, Canada is -480 (zone -8, or -480 minutes). To configure the time zone and daylight time rule for Vancouver, Canada: ProCurve(config)# time timezone -480 daylight-time-rule continental-us-and-canada Configure the Time and Date. The switch uses the time command to con figure both the time of day and the date.
8 Configuring IP Addressing Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 Just Want a Quick Start with IP Addressing? . . . . . . . . . . . . . . . . . . . . 8-4 IP Addressing with Multiple VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring IP Addressing Overview Overview You can configure IP addressing through all of the switch’s interfaces. You can also: ■ Easily edit a switch configuration file to allow downloading the file to multiple switches without overwriting each switch’s unique gateway and VLAN 1 IP addressing. ■ Assign up to 32 IP addresses to a VLAN (multinetting). ■ Select an IP address to use as the source address for all outgoing traffic generated by a specified software application on the switch.
Configuring IP Addressing IP Configuration IP Address and Subnet Mask. Configuring the switch with an IP address expands your ability to manage the switch and use its features. By default, the switch is configured to automatically receive IP addressing on the default VLAN from a DHCP/Bootp server that has been configured correctly with information to support the switch. (Refer to “DHCP/Bootp Operation” on page 8-12 for information on setting up automatic configuration from a server.
Configuring IP Addressing IP Configuration Just Want a Quick Start with IP Addressing? If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, ProCurve recommends that you use the Switch Setup screen to quickly configure IP addressing. To do so, do one of the following: ■ Enter setup at the CLI Manager level prompt. ProCurve# setup ■ Select 8. Run Setup in the Main Menu of the menu interface.
Configuring IP Addressing IP Configuration ■ The IP addressing used in the switch should be compatible with your network. That is, the IP address must be unique and the subnet mask must be appropriate for your IP network. ■ If you change the IP address through either Telnet access or the web browser interface, the connection to the switch will be lost. You can reconnect by either restarting Telnet with the new IP address or entering the new address as the URL in your web browser.
Configuring IP Addressing IP Configuration For descriptions of these parameters, see the online Help for this screen. Before using the DHCP/ Bootp option, refer to “DHCP/Bootp Operation” on page 8-12. Figure 8-1. Example of the IP Service Configuration Screen without Multiple VLANs Configured 8-6 2. Press [E] (for Edit). 3. If the switch needs to access a router, for example, to reach off-subnet destinations, select the Default Gateway field and enter the IP address of the gateway router. 4.
Configuring IP Addressing IP Configuration CLI: Configuring IP Address, Gateway, and Time-ToLive (TTL) IP Commands Used in This Section show ip Page 8-7 ip address < mask-length > 8-8, 8-9 ip address /< mask-bits > 8-8, 8-9 ip default-gateway 8-10 ip ttl 8-11 Viewing the Current IP Configuration. Syntax: show ip This command displays the IP addressing for each VLAN configured in the switch. If only the DEFAULT_VLAN exists, then its IP configuration applies to all ports in the switch.
Configuring IP Addressing IP Configuration With multiple VLANs and some other features configured, show ip provides additional information: A Switch with IP Addressing and VLANs Configured Figure 8-3. Example of Show IP Listing with Non-Default IP Addressing Configured Configure an IP Address and Subnet Mask. The following command includes both the IP address and the subnet mask.
Configuring IP Addressing IP Configuration Configure Multiple IP Addresses on a VLAN (Multinetting). The fol lowing is supported: ■ Up to 2000 IP addresses for the switch ■ Up to 32 IP addresses for the same VLAN ■ Up to 512 IP VLANs, that is, VLANs on which you can configure IP addresses ■ Each IP address on a VLAN must be for a separate subnet, whether on the same VLAN or different VLANs.
Configuring IP Addressing IP Configuration Figure 8-5. Example of Multinetting on the Default VLAN Note The Internet (IP) Service screen in the Menu interface (figure 8-1 on page 8-6) displays the first IP address for each VLAN. You must use the CLI show ip command to display the full IP address listing for multinetted VLANs. Removing or Replacing IP Addresses in a Multinetted VLAN. To remove an IP address from a multinetted VLAN, use the no form of the IP address command shown on page 8-9.
Configuring IP Addressing IP Configuration Note The switch uses the IP default gateway only while operating as a Layer 2 device. While routing is enabled on the switch, the IP default gateway is not used. Thus, to avoid loss of Telnet access to off-subnet management stations, you should use the ip route command to configure a static (default) route before enabling routing. For more information, refer to the chapter titled “IP Routing Features” in the Multicast and Routing Guide for your switch.
Configuring IP Addressing IP Configuration Table 8-1. Features Available With and Without IP Addressing on the Switch Features Available Without an IP Address Additional Features Available with an IP Address and Subnet Mask • Direct-connect access to the CLI and the menu interface.
Configuring IP Addressing IP Configuration The DHCP/Bootp Process. Whenever the IP Config parameter in the switch or in an individual VLAN in the switch is configured to DHCP/Bootp (the default), or when the switch is rebooted with this configuration: Note 1. DHCP/Bootp requests are automatically broadcast on the local network. (The switch sends one type of request to which either a DHCP or Bootp server can respond.) 2.
Configuring IP Addressing IP Configuration Bootp Operation. When a Bootp server receives a request it searches its Bootp database for a record entry that matches the MAC address in the Bootp request from the switch. If a match is found, the configuration data in the associated database record is returned to the switch. For many Unix systems, the Bootp database is contained in the /etc/bootptab file. In contrast to DHCP operation, Bootp configurations are always the same for a specific receiving device.
Configuring IP Addressing IP Configuration Note lg TFTP server address (source of final configuration file) T144 is the vendor-specific “tag” identifying the configuration file to download. vm is a required entry that specifies the Bootp report format. Use rfc1048 for the switches covered in this guide. The above Bootp table entry is a sample that will work for the switch when the appropriate addresses and file names are used.
Configuring IP Addressing Loopback Interfaces Loopback Interfaces This section describes how to configure and use user-defined loopback inter faces on the switch. Introduction By default, each switch has an internal loopback interface (lo0) with the IP address 127.0.0.1. This IP address is used only for internal traffic transmitted within the switch and is not used in packet headers in egress traffic sent to network devices.
Configuring IP Addressing Loopback Interfaces For more information about how to configure a loopback IP address to participate in an OSPF broadcast area, refer to the section titled “(Optional) Assigning Loopback Addresses to an Area” in the Multicast and Routing Guide.
Configuring IP Addressing Loopback Interfaces For example, if you configure a VLAN with IP address 172.16.100.8/24, you cannot configure a loopback interface with IP address 172.16.100.8. In the same way, if you configure a loopback interface (lo1) with IP address 172.16.101.8, you cannot configure another loopback interface (lo2) with IP address 172.16.101.8. ■ You can configure multiple IP addresses on a loopback interface (lo0 to lo7).
Configuring IP Addressing Loopback Interfaces ProCurve> show ip Internet (IP) Service IP Routing : Enabled Default TTL : 64 ARP Age : 20 VLAN IP Config IP Address Subnet Mask Proxy ARP ---------------- ---------- ---------- ------DEFAULT_VLAN Manual 10.0.8.121 255.255.0.0 No VLAN2 Manual 192.168.12.1 255.255.255.0 No VLAN3 Disabled Loopback -------lo1 lo2 lo2 Loopback Addresses IP Config IP Address Subnet Mask ---------- -----------------------Manual 172.16.110.2 255.255.255.255 Manual 172.16.112.2 255.
Configuring IP Addressing Loopback Interfaces To display the loopback interfaces configured on the switch in a list of IP routing entries displayed according to destination IP address, enter the show ip route command. The following example displays the configuration of the default loopback interface (lo0) and one user-defined loopback interface (lo2).
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads For the switches covered in this guide, IP Preserve enables you to copy a configuration file to multiple switches while retaining the individual IP address and subnet mask on VLAN 1 in each switch, and the Gateway IP address assigned to the switch.
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads Enabling IP Preserve To set up IP Preserve, enter the ip preserve statement at the end of a configu ration file. (Note that you do not execute IP Preserve by entering a command from the CLI). Entering “ip preserve” in the last line of a configuration file implements IP Preserve when the file is downloaded to the switch and the switch reboots. Figure 8-9.
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads ProCurve(config)# show run Running configuration: ; J8715A Configuration Editor; Created on release #K.12.07 hostname "ProCurve" module 1 type J8702A module 2 type J8705A trunk A11-A12 Trk1 Trunk ip default-gateway 10.10.10.
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads ProCurve# show run Running configuration: ; J8715A Configuration Editor; Created on release #K.12.07 hostname "ProCurve" module 1 type J8702A module 2 type J8705A trunk A11-A12 Trk1 Trunk ip default-gateway 10.10.10.115 snmp-server community "public" Unrestricted vlan 1 name "DEFAULT_VLAN" untagged A1,A7-A10,A13-A24,B1-B24,Trk1 ip address 10.12.17.175 255.255.255.
Configuring IP Addressing Configuring a Single Source IP Address Configuring a Single Source IP Address Overview This feature applies to the following software applications: • TACACS • RADIUS • System Logging applications The above IP-based software applications use a client-server communication model, that is, the client’s source IP address is used for unique client identifi cation.
Configuring IP Addressing Configuring a Single Source IP Address . Syntax: [no] ip source-interface | vlan address > Determines the source IP address used by the specified software application when transmitting IP packets. The all parameter can be used to set one IP address for all the listed applications, in this case, RADIUS, TACACS, and System Logging.
Configuring IP Addressing Configuring a Single Source IP Address ■ Configured IP Address—the specific IP address that is used as the source IP address. This address is configured on one of the switch’s IP interfaces, either a VLAN interface or a Loopback interface. ■ Configured IP Interface—the IP address from the specific IP interface (VLAN or Loopback) is used as the source IP address. If there are multiple IP addresses assigned (multinetting, for example), the lowest IP address is used.
Configuring IP Addressing Configuring a Single Source IP Address ProCurve(config)# ip source-interface radius address 10.10.10.2 ProCurve(config)# show ip source-interface radius Source-IP Configuration Information Protocol | Admin Selection Policy IP Interface IP Address -------- + ----------------------- -------------- -------------Radius | Configured IP Address vlan 3 10.10.10.2 Figure 8-14.
Configuring IP Addressing Configuring a Single Source IP Address Displaying the Source IP Interface Information There are several show commands that can be used to display information about the source IP interface status. Syntax: show ip source-interface status [radius | tacacs | syslog] Displays the operational status information for the source IP address selection policy. Both the administratively-assigned source IP selection policy and the operational source IP selection policy are displayed.
Configuring IP Addressing Configuring a Single Source IP Address The show ip source-interface detail command displays detailed information about the configured policies, source IP address, and interface state for each protocol. Syntax: show ip source-interface detail [radius | tacacs | syslog] Displays detailed operational status information for the source IP address selection policy. Information about the configured policies, source IP address and interface state are displayed.
Configuring IP Addressing Configuring a Single Source IP Address ProCurve(config)# show radius Status and Counters - General RADIUS Information Deadtime(min) : 0 Timeout(secs) : 5 Retransmit Attempts : Global Encryption Key Dynamic Authorization Source IP Selection : 3 : UDP Port : 3799 Configured IP address Source IP Selection for the specified application protocol is displayed. Figure 8-20.
Configuring IP Addressing Configuring a Single Source IP Address Error Messages The following error messages may appear when configuring source IP selec tion if the interface does not exist, is not configured for IP, or is down. Error Message Description Warning: Specified IP address is not configured on any inter- The IP address specified has not been assigned to any face interface on the switch. Warning: Specified IP interface is not configured The IP interface has not been configured.
9 Time Protocols Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2 TimeP Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2 SNTP Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2 Selecting a Time Synchronization Protocol or Turning Off Time Protocol Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Time Protocols Contents Viewing the Current TimeP Configuration . . . . . . . . . . . . . . . . . . 9-28 Configuring (Enabling or Disabling) the TimeP Mode . . . . . . . . 9-29 SNTP Unicast Time Polling with Multiple SNTP Servers . . . . . . . . 9-34 Displaying All SNTP Server Addresses Configured on the Switch . . 9-34 Adding and Deleting SNTP Server Addresses . . . . . . . . . . . . . . . . . . . 9-35 Menu: Operation with Multiple SNTP Server Addresses Configured . . . . . . . . . . . . . . . . . . . . .
Time Protocols Overview Overview This chapter describes: ■ SNTP Time Protocol Operation ■ Timep Time Protocol Operation Using time synchronization ensures a uniform time among interoperating devices. This helps you to manage and troubleshoot switch operation by attaching meaningful time data to event and error messages. The switch offers TimeP and SNTP (Simple Network Time Protocol) and a timesync command for changing the time protocol selection (or turning off time protocol operation).
Time Protocols Selecting a Time Synchronization Protocol or Turning Off Time Protocol Operation Note To use Broadcast mode, the switch and the SNTP server must be in the same subnet. ■ Unicast Mode: The switch requests a time update from the config ured SNTP server. (You can configure one server using the menu interface, or up to three servers using the CLI sntp server command.
Time Protocols SNTP: Viewing, Selecting, and Configuring Disabling Time Synchronization You can use either of the following methods to disable time synchronization without changing the Timep or SNTP configuration: ■ In the System Information screen of the Menu interface, set the Time Synch Method parameter to None, then press [Enter], then [S] (for Save). ■ In the Global config level of the CLI, execute no timesync.
Time Protocols SNTP: Viewing, Selecting, and Configuring Table 9-1. SNTP Parameters SNTP Parameter Operation Time Sync Method Used to select either SNTP, TIMEP, or None as the time synchronization method. SNTP Mode Disabled The Default. SNTP does not operate, even if specified by the Menu interface Time Sync Method parameter or the CLI timesync command. Unicast Directs the switch to poll a specific server for SNTP time synchronization. Requires at least one server address.
Time Protocols SNTP: Viewing, Selecting, and Configuring ==========================- CONSOLE - MANAGER MODE -======================== Switch Configuration - System Information System Name : ProCurve System Contact : System Location : Inactivity Timeout (min) [0] : 0 Inbound Telnet Enabled [Yes] : Yes Time Sync Method [None] : TIMEP TimeP Mode [Disabled] : Disabled Tftp-enable [Yes] : Yes Time Zone [0] : 0 Daylight Time Rule [None] : None Actions-> Cancel Edit MAC Age Time (sec) [300] : 300 Web Agent En
Time Protocols SNTP: Viewing, Selecting, and Configuring Note: This step replaces any previously configured server IP address. If you will be using backup SNTP servers (requires use of the CLI), then refer to “SNTP Unicast Time Polling with Multiple SNTP Servers” on page 9-35. iii. Press [v] to move the cursor to the Server Version field. Enter the value that matches the SNTP server version running on the device you specified in the preceding step (step ii).
Time Protocols SNTP: Viewing, Selecting, and Configuring CLI: Viewing and Configuring SNTP CLI Commands Described in this Section SNTP Command show sntp Page 9-9 [no] timesync 9-11 and ff., 9-15 sntp broadcast 9-12 sntp unicast 9-12 sntp server 9-12 and ff. Protocol Version 9-14 Priority 9-15 poll-interval 9-15 no sntp 9-16 This section describes how to use the CLI to view, enable, and configure SNTP parameters.
Time Protocols SNTP: Viewing, Selecting, and Configuring ProCurve(config)# show sntp SNTP Configuration Time Sync Mode: Sntp SNTP Mode : Unicast Poll Interval (sec) [720] : 719 Priority -------1 2 3 SNTP Server Address ---------------------------------------------2001:db8::215:60ff:fe79:8980 10.255.5.24 fe80::123%vlan10 Protocol Version --------------7 3 3 Figure 9-4.
Time Protocols SNTP: Viewing, Selecting, and Configuring ProCurve(config)# show management Status and Counters - Management Address Information Time Server Address : fe80::215:60ff:fe7a:adc0%vlan10 Priority -------1 2 3 SNTP Server Address ---------------------------------------------2001:db8::215:60ff:fe79:8980 10.255.5.24 fe80::123%vlan10 Default Gateway VLAN Name -----------DEFAULT_VLAN VLAN10 Protocol Version --------------7 3 3 : 10.0.9.
Time Protocols SNTP: Viewing, Selecting, and Configuring Enabling SNTP in Broadcast Mode. Because the switch provides an SNTP polling interval (default: 720 seconds), you need only these two commands for minimal SNTP broadcast configuration: Syntax: timesync sntp Selects SNTP as the time synchronization method. Syntax: sntp broadcast Configures broadcast as the SNTP mode.
Time Protocols SNTP: Viewing, Selecting, and Configuring second or third server, you must use the CLI. For more on SNTP operation with multiple servers, refer to “SNTP Unicast Time Polling with Multiple SNTP Servers” on page 9-35. Syntax: timesync sntp Selects SNTP as the time synchronization method. sntp unicast Configures the SNTP mode for Unicast operation. Syntax: [no] sntp server priority <1-3> [oobm] [version] Use the no version of the command to disable SNTP.
Time Protocols SNTP: Viewing, Selecting, and Configuring ProCurve(config)# sntp server 10.28.227.141 Specifies the SNTP server and accepts the current SNTP server version (default: 3). . ProCurve(config)# show sntp SNTP Configuration Time Sync Mode: Sntp SNTP Mode : Unicast Poll Interval (sec) [720] : 720 Priority -------1 2 3 In this example, the Poll Interval and the Protocol Version appear at their default settings. Both IPv4 and IPv6 addresses are displayed.
Time Protocols SNTP: Viewing, Selecting, and Configuring Changing the SNTP Poll Interval. Syntax: sntp poll-interval < 30..720 > Specifies how long the switch waits between time polling intervals. The default is 720 seconds and the range is 30 to 720 seconds. (This parameter is separate from the poll inter val parameter used for Timep operation.) For example, to change the poll interval to 300 seconds: ProCurve(config)# sntp poll-interval 300 Changing the Priority.
Time Protocols SNTP: Viewing, Selecting, and Configuring Figure 9-10. Example of SNTP with Time Synchronization Disabled Disabling the SNTP Mode. If you want to prevent SNTP from being used even if selected by timesync (or the Menu interface’s Time Sync Method param eter), configure the SNTP mode as disabled. Syntax: no sntp Disables SNTP by changing the SNTP mode configuration to Disabled. For example, if the switch is running SNTP in Unicast mode with an SNTP server at 10.28.227.
Time Protocols SNTP: Viewing, Selecting, and Configuring This feature provides support for SNTP client authentication on HP ProCurve switches, which addresses security considerations when deploying SNTP in a network. Requirements The following must be configured to enable SNTP client authentication on the switch. SNTP Client Authentication Support ■ Timesync mode must be SNTP. Use the timesync sntp command. (SNTP is disabled by default.) ■ SNTP must be in unicast or broadcast mode.
Time Protocols SNTP: Viewing, Selecting, and Configuring The following must be performed on the SNTP server: ■ The same authentication key-identifier, trusted key, authentication mode and key-value that were configured on the SNTP client must also be configured on the SNTP server. ■ SNTP server authentication must be enabled on the server. If any of the parameters on the server are changed, the parameters have to be changed on all the SNTP clients in the network as well.
Time Protocols SNTP: Viewing, Selecting, and Configuring Configuring a Trusted Key Trusted keys are used in SNTP authentication. In unicast mode, a trusted key must be associated with a specific NTP/SNTP server. That key is used for authenticating the SNTP packet. In unicast mode, a specific server is configured on the switch so that the SNTP client communicates with the specified server to get the date and time.
Time Protocols SNTP: Viewing, Selecting, and Configuring Associating a Key with an SNTP Server After a key is configured, it must be associated with a specific server. Syntax: [no] sntp server priority <1-3> [key-id <1-4,294,967,295>] Configures a key-id to be associated with a specific server. The key itself must already be configured on the switch. The no version of the command disassociates the key from the server. This does not remove the authentication key.
Time Protocols SNTP: Viewing, Selecting, and Configuring Configuring Unicast and Broadcast Mode To enable authentication, either unicast or broadcast mode must be config ured. When authentication is enabled, changing the mode from unicast to broadcast or vice versa is not allowed. You must disable authentication and then change the mode. To set the SNTP mode or change from one mode to the other, enter the appropriate command.
Time Protocols SNTP: Viewing, Selecting, and Configuring ProCurve(config)# show sntp SNTP Configuration SNTP Time SNTP Poll Authentication : Enabled Sync Mode: Sntp Mode : Unicast Interval (sec) [720] : 720 Priority -------1 2 SNTP Server Address --------------------------------------10.10.10.2 fe80::200:24ff:fec8:4ca8 Protocol Version ---------------3 3 KeyId ----55 55 Figure 9-14.
Time Protocols SNTP: Viewing, Selecting, and Configuring ProCurve(config)# show sntp statistics SNTP Statistics Received Packets Sent Packets Dropped Packets : 0 : 3 : 0 SNTP Server Address --------------------------------------10.10.10.1 fe80::200:24ff:fec8:4ca8 Auth Failed Pkts --------------0 0 Figure 9-16.
Time Protocols SNTP: Viewing, Selecting, and Configuring ProCurve(config)# show config Startup configuration: . . . timesync sntp SNTP authentication has been sntp broadcast enabled and a key-id of 55 has been created. sntp 50 sntp authentication sntp server priority 1 10.10.10.2 3 key-id 55 sntp server priority 2 fe80::200:24ff:fec8:4ca8 4 key-id 55 . . . Figure 9-17.
Time Protocols SNTP: Viewing, Selecting, and Configuring If include-credentials is configured, the SNTP authentication configuration is saved in the configuration file. When the show config command is entered, all of the information that has been configured for SNTP authentication displays, including the key-values. ProCurve(config)# show config Startup configuration: . Include-credentials is configured. . .
Time Protocols TimeP: Viewing, Selecting, and Configuring TimeP: Viewing, Selecting, and Configuring TimeP Feature Menu CLI Web view the Timep time synchronization configuration n/a page 9-27 page 9-29 — select Timep as the time synchronization method TIMEP page 9-16 pages 9-31 ff.
Time Protocols TimeP: Viewing, Selecting, and Configuring Menu: Viewing and Configuring TimeP To View, Enable, and Modify the TimeP Protocol: 1. From the Main Menu, select: 2. Switch Configuration... 1.
Time Protocols TimeP: Viewing, Selecting, and Configuring Use the Space bar to select the Manual mode. • i. Press [>] to move the cursor to the Server Address field. ii. Enter the IP address of the TimeP server you want the switch to use for time synchronization. Note: This step replaces any previously configured TimeP server IP address. iii. Press [>] to move the cursor to the Poll Interval field, then go to step 6. 5.
Time Protocols TimeP: Viewing, Selecting, and Configuring Viewing the Current TimeP Configuration Using different show commands, you can display either the full TimeP config uration or a combined listing of all TimeP, SNTP, and VLAN IP addresses configured on the switch. Syntax: show timep This command lists both the time synchronization method (TimeP, SNTP, or None) and the TimeP configuration, even if SNTP is not the selected time protocol.
Time Protocols TimeP: Viewing, Selecting, and Configuring ProCurve(config)# show management Status and Counters - Management Address Information Time Server Address : 10.10.28.100 Priority -------1 2 3 SNTP Server Address ---------------------------------------------10.10..28.101 10.255.5.24 fe80::123%vlan10 Default Gateway VLAN Name -----------DEFAULT_VLAN VLAN10 Protocol Version ---------------3 3 3 : 10.0.9.
Time Protocols TimeP: Viewing, Selecting, and Configuring Enabling TimeP in DHCP Mode. Because the switch provides a TimeP polling interval (default: 720 minutes), you need only these two commands for a minimal TimeP DHCP configuration: Syntax: timesync timep Selects TimeP as the time synchronization method. Syntax: ip timep dhcp Configures DHCP as the TimeP mode. For example, suppose: ■ Time synchronization is configured for SNTP. ■ You want to: 1.View the current time synchronization. 2.
Time Protocols TimeP: Viewing, Selecting, and Configuring Enabling Timep in Manual Mode. Like DHCP mode, configuring TimeP for Manual mode enables TimeP. However, for manual operation, you must also specify the IP address of the TimeP server. (The switch allows only one TimeP server.) To enable the TimeP protocol: Syntax: timesync timep Selects Timep. Syntax: ip timep manual < ip-addr > [oobm] Activates TimeP in Manual mode with a specified TimeP server.
Time Protocols TimeP: Viewing, Selecting, and Configuring Figure 9-25. Example of Configuring Timep for Manual Operation Changing the TimeP Poll Interval. This command lets you specify how long the switch waits between time polling intervals. The default is 720 minutes and the range is 1 to 9999 minutes. (This parameter is separate from the poll interval parameter used for SNTP operation.
Time Protocols TimeP: Viewing, Selecting, and Configuring Figure 9-26. Example of TimeP with Time Synchronization Disabled Disabling the TimeP Mode. Disabling the TimeP mode means to configure it as disabled. (Disabling TimeP prevents the switch from using it as the time synchronization protocol, even if it is the selected Time Sync Method option.) Syntax: no ip timep Disables TimeP by changing the TimeP mode configuration to Disabled.
Time Protocols SNTP Unicast Time Polling with Multiple SNTP Servers SNTP Unicast Time Polling with Multiple SNTP Servers When running SNTP unicast time polling as the time synchronization method, the switch requests a time update from the server you configured with either the Server Address parameter in the menu interface, or the primary server in a list of up to three SNTP servers configured using the CLI.
Time Protocols SNTP Messages in the Event Log Adding and Deleting SNTP Server Addresses Adding Addresses. As mentioned earlier, you can configure one SNTP server address using either the Menu interface or the CLI. To configure a second and third address, you must use the CLI. To configure the remaining two addresses, you would do the following: ProCurve(config)# sntp server 2001:db8::215:60ff:fe79:8980 ProCurve(config)# sntp server 10.255.5.24 Figure 9-29.
10 Port Status and Configuration Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3 Viewing Port Status and Configuring Port Parameters . . . . . . . . . . 10-3 Menu: Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6 CLI: Viewing Port Status and Configuring Port Parameters . . . . . . . 10-8 Viewing Port Status and Configuration . . . . . . . . . . . . . . . . . . . . .
Port Status and Configuration Contents Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-32 Uni-Directional Link Detection (UDLD) . . . . . . . . . . . . . . . . . . . . . . 10-33 Configuring UDLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-34 Enabling UDLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-35 Changing the Keepalive Interval . . . . . . . . . . . . . . . . . . . . . . . .
Port Status and Configuration Overview Overview This chapter describes how to view the current port configuration and how to configure ports to non-default settings, including ■ Enable/Disable ■ Mode (speed and duplex) ■ Flow Control ■ Broadcast Limit ■ Friendly Port Names ■ Uni-directional Link Detection (UDLD) Viewing Port Status and Configuring Port Parameters Port Status and Configuration Features Feature Default Menu CLI Web viewing port status n/a page 10-6 page 10-8 page 10-24
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Table 10-1. Status and Parameters for Each Port Type Status or Parameter Description Enabled Yes (default): The port is ready for a network connection. No: The port will not operate, even if properly connected in a network. Use this setting, for example, if the port needs to be shut down for diagnostic purposes or while you are making topology changes. Status (read-only) Up: The port senses a link beat.
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Status or Parameter Description — Continued From Previous Page — Gigabit Fiber-Optic Ports (Gigabit-SX, Gigabit-LX, and Gigabit-LH): • 1000FDx: 1000 Mbps (1 Gbps), Full Duplex only • Auto (default): The port operates at 1000FDx and auto-negotiates flow control with the device connected to the port.
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Menu: Port Configuration From the menu interface, you can view and change the port configuration. Using the Menu To View Port Configuration. The menu interface dis plays the configuration for ports and (if configured) any trunk groups. From the Main Menu, select: 1. Status and Counters 4. Port Status In this example, ports A7 and A8 have previously been configured as a trunk group. Figure 10-1.
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Using the Menu To Configure Ports. You can configure and view the port settings by using the menu. Note The menu interface uses the same screen for configuring both individual ports and port trunk groups. For information on port trunk groups, refer to Chapter 12, “Port Trunking” . 1. From the Main Menu, Select: 2. Switch Configuration... 2. Port/Trunk Settings An example of the Menu display is shown below.
Port Status and Configuration Viewing Port Status and Configuring Port Parameters CLI: Viewing Port Status and Configuring Port Parameters From the CLI, you can configure and view all port parameter settings and view all port status indicators.
Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)# show interfaces brief Status and Counters - Port Status Port ----B1 B2 B3 B4 B5 B6 Type --------100/1000T 100/1000T 100/1000T 100/1000T 100/1000T 100/1000T | | + | | | | | | Intrusion Alert --------No No No No No No Enabled ------Yes Yes Yes Yes Yes Yes Status -----Down Down Down Down Down Down Mode ---------Auto-10-100 1000FDx 1000FDx 1000FDx 1000FDx 1000FDx MDI Mode ----Auto Auto Auto Auto Auto Aut
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Syntax: show interfaces display Initiates the dynamic update of a command. The output is the same as the equivalent “show” command.The information is updated every 3 seconds. Note: Select “Back” to exit the display. For example: ProCurve# show interfaces display Dynamically updates Figure 10-5.
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Syntax: show interfaces custom [port-list] column-list Select the information that you want to display.
Port Status and Configuration Viewing Port Status and Configuring Port Parameters ProCurve(config)# show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi Status and Counters - Custom Port Status Port ---1 2 3 4 Name ---------Acco Huma Deve Lab1 Type ---------100/1000T 100/1000T 100/1000T 100/1000T VLAN ----1 1 1 1 Intrusion Alert --------No No No No Speed ------1000FDx 1000FDx 1000FDx 1000FDx Enabled ------Yes Yes Yes Yes MDI-mode ------Auto Auto Auto Auto Figure 10-6.
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Note on Using Pattern Matching with the “Show Interfaces Custom” Command If you have included a pattern matching command to search for a field in the output of the show int custom command and the show int custom command produces an error, the error message may not be visible and the output is empty.
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Operating Notes: ■ For each port on the switch, the command provides a real-time display of the rate at which data is received (Rx) and transmitted (Tx) in terms of kilobits per second (KBits/s), number of packets per second (Pkts/ s), and utilization (Util) expressed as a percentage of the total band width available.
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Operating Notes: ■ The following information is displayed for each installed transceiver: • Port number on which transceiver is installed. • Type of transceiver. • Product number—Includes revision letter, such as A, B, or C. If no revision letter follows a product number, this means that no revision is available for the transceiver.
Port Status and Configuration Viewing Port Status and Configuring Port Parameters speed-duplex < auto-10 |10-full | 10-half | 100-full | 100-half |auto| auto 100 | 1000-full >] Specifies the port’s data transfer speed and mode. Does not use the no form of the command. ([Default: auto.) Note that in the above syntax you can substitute an “int” for “interface”; that is: int < port-list >.
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Enabling or Disabling the USB Port This feature allows configuration of the USB port with either the CLI or SNMP. To enable/disable the USB port with the CLI: Syntax: usb-port no usb-port Enables the USB port. The no form of the command disables the USB port and any access to the device. To display the status of the USB port: Syntax: show usb-port Displays the status of the USB port.
Port Status and Configuration Viewing Port Status and Configuring Port Parameters The autorun feature only works when a USB device is inserted and the USB port is enabled. Behavior of Autorun When USB Port is Disabled Software Versions K.13.XX Operation. When using software version K.13.58, if the USB port is disabled (no usb-port command), the USB autorun function does not work in the USB port until the USB port is enabled, the config file is saved, and the switch is rebooted.
Port Status and Configuration Viewing Port Status and Configuring Port Parameters To disable flow control on some ports, while leaving it enabled on other ports, just disable it on the individual ports you want to exclude. Syntax: [ no ]interface < port-list > flow-control Enables or disables flow control packets on the port. The “no” form of the command disables flow control on the individual ports. (Default: Disabled.) For example, suppose that: 1. You want to enable flow control on ports A1-A6. 2.
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Disables per-port flow control on ports A5 and A6. Figure 10-13. Example Continued from Figure 10-12 Disables per-port flow control on ports A1 through A4 . Flow control is now disabled on the switch. Ports formerly configured for flow control. Figure 10-14. Example Continued from Figure 10-13 Configuring a Broadcast Limit on the Switch Broadcast-Limit on switches covered in this guide is configured on a per-port basis.
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Syntax: broadcast-limit <0-99> Enables or disables broadcast limiting for outbound broadcasts on a selected port on the switch. The value selected is the percentage of traffic allowed, for example, broadcast-limit 5 allows 5% of the maximum amount of traffic for that port. A value of zero disables broadcast limiting for that port. Note: You must switch to port context level before issuing the broadcast-limit command.
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Using the above ports: ■ If you connect a copper port using a straight-through cable on a switch to a port on another switch or hub that uses MDI-X ports, the switch port automatically operates as an MDI port. ■ If you connect a copper port using a straight-through cable on a switch to a port on an end node, such as a server or PC, that uses MDI ports, the switch port automatically operates as an MDI-X port.
Port Status and Configuration Viewing Port Status and Configuring Port Parameters The Auto-MDIX features apply only to copper port switches using twisted-pair copper Ethernet cables. Syntax: interface < port-list > mdix-mode < auto-mdix | mdi | mdix > auto-mdix is the automatic, default setting. This configures the port for automatic detection of the cable (either straight-through or crossover).
Port Status and Configuration Viewing Port Status and Configuring Port Parameters Per-Port MDI Configuration Figure 10-15. Example of Displaying the Current MDI Configuration Per-Port MDI Operating Mode Figure 10-16. Example of Displaying the Current MDI Operating Mode Web: Viewing Port Status and Configuring Port Parameters In the web browser interface: 1. Click on the Configuration tab. 2. Click on [Port Configuration]. 3. Select the ports you want to modify and click on [Modify Selected Ports].
Port Status and Configuration Using Friendly (Optional) Port Names Using Friendly (Optional) Port Names Feature Configure Friendly Port Names Display Friendly Port Names Default Menu CLI Web Standard Port Numbering n/a page 26 n/a n/a n/a page 27 n/a This feature enables you to assign alphanumeric port names of your choosing to augment automatically assigned numeric port names.
Port Status and Configuration Using Friendly (Optional) Port Names ■ To retain friendly port names across reboots, you must save the current running-configuration to the startup-config file after entering the friendly port names. (In the CLI, use the write memory command.) Configuring Friendly Port Names Syntax: interface < port-list > name < port-name-string > Assigns a port name to port-list. Syntax: no interface < port-list > name Deletes the port name from port-list. Configuring a Single Port Name.
Port Status and Configuration Using Friendly (Optional) Port Names Configuring the Same Name for Multiple Ports. Suppose that you want to use ports A5 through A8 as a trunked link to a server used by a drafting group. In this case you might configure ports A5 through A8 with the name “Draft-Server:Trunk”. Figure 10-18.
Port Status and Configuration Using Friendly (Optional) Port Names To List All Ports or Selected Ports with Their Friendly Port Names. This command lists names assigned to a specific port. Syntax: show name [ port-list ] Lists the friendly port name with its corresponding port number and port type. The show name command without a port list shows this data for all ports on the switch. For example: Ports Without “Friendly” Friendly port names assigned in previous examples. Figure 10-19.
Port Status and Configuration Using Friendly (Optional) Port Names Including Friendly Port Names in Per-Port Statistics Listings. A friendly port name configured to a port is automatically included when you display the port’s statistics output. Syntax: show interface < port-number > Includes the friendly port name with the port’s traffic statistics listing. For example, if you configure port A1 with the name “O’Connor_10.25.101.
Port Status and Configuration Using Friendly (Optional) Port Names For example, if you configure port A1 with a friendly port name: This command sequence saves the friendly port name for port A1 in the startup config file. The name entered for port A2 is not saved because it was executed after write memory. Listing includes friendly port name for port A1 only. In this case, show config lists only port A1.
Port Status and Configuration Using Friendly (Optional) Port Names Configuring Transceivers and Modules That Haven’t Been Inserted Transceivers Previously, a port had to be valid and verified for the switch to allow it to be configured. Transceivers are removable ports and considered invalid when not present in the switch, so they cannot be configured unless they are already in the switch.
Port Status and Configuration Using Friendly (Optional) Port Names Syntax: [no] module Allows removal of the module configuration in the configura tion file after the module has been removed. Enter an integer between 1 and 12 for . For example: ProCurve(config)# no module 3 Note This does not change how hot-swap works.
Port Status and Configuration Uni-Directional Link Detection (UDLD) Uni-Directional Link Detection (UDLD) Uni-directional Link Detection (UDLD) monitors a link between two ProCurve switches and blocks the ports on both ends of the link if the link fails at any point between the two devices. This feature is particularly useful for detecting failures in fiber links and trunks. Figure 10-23 shows an example. Scenario 1 (No UDLD): Without UDLD, the switch ports remain enabled despite the link failure.
Port Status and Configuration Uni-Directional Link Detection (UDLD) connected ports. UDLD-enabled ports; however, will prevent traffic from being sent across a bad link by blocking the ports in the event that either the individual transmitter or receiver for that connection fails. Ports enabled for UDLD exchange health-check packets once every five seconds (the link-keepalive interval).
Port Status and Configuration Uni-Directional Link Detection (UDLD) Syntax: link-keepalive interval Determines the time interval to send UDLD control packets. The parameter specifies how often the ports send a UDLD packet. You can specify from 10 – 100, in 100 ms increments, where 10 is 1 second, 11 is 1.1 seconds, and so on. Default: 50 (5 seconds) Syntax: link-keepalive retries Determines the maximum number of retries to send UDLD control packets.
Port Status and Configuration Uni-Directional Link Detection (UDLD) Changing the Keepalive Interval By default, ports enabled for UDLD send a link health-check packet once every 5 seconds. You can change the interval to a value from 10 – 100 deciseconds, where 10 is 1 second, 11 is 1.1 seconds, and so on.
Port Status and Configuration Uni-Directional Link Detection (UDLD) ■ To re-assign a VLAN ID, re-enter the command with the new VLAN ID number. The new command will overwrite the previous command setting. ■ When configuring UDLD for tagged ports, you may receive a warning message if there are any inconsistencies with the port’s VLAN config uration (see page 39 for potential problems). Viewing UDLD Information The following show commands allow you to display UDLD configuration and status via the CLI.
Port Status and Configuration Uni-Directional Link Detection (UDLD) To display detailed UDLD information for specific ports, enter the show link keepalive statistics command. For example: Ports 1 and 2 are UDLD-enabled and show the number of health check packets sent and received on each port.
Port Status and Configuration Uni-Directional Link Detection (UDLD) Configuration Warnings and Event Log Messages Warning Messages. The following table shows the warning messages that may be issued and their possible causes, when UDLD is configured for tagged ports. Table 10-3. Warning Messages caused by configuring UDLD for Tagged Ports CLI Command Example Warning Message Possible Problem link-keepalive 6 Possible configuration problem detected on port 6.
Port Status and Configuration Uni-Directional Link Detection (UDLD) 10-40
11 Power Over Ethernet (PoE/PoE+) Operation Contents Introduction to PoE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2 PoE Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2 PoE Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-4 Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-4 PD Support . . . . . . . .
Power Over Ethernet (PoE/PoE+) Operation Contents PoE Event Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-27 “Informational” PoE Event-Log Messages . . . . . . . . . . . . . . . . . 11-27 “Warning” PoE Event-Log Messages . . . . . . . . . . . . . . . . . . . . . .
Power Over Ethernet (PoE/PoE+) Operation Introduction to PoE Introduction to PoE PoE technology allows IP telephones, wireless LAN access points, and other appliances to receive power and transfer data over existing ethernet LAN cabling. For more information about PoE technology, refer to the PoE Plan ning and Implementation Guide, which is available on the ProCurve Net working web site at www.procurve.com. Select Support and then click on Manuals.
Power Over Ethernet (PoE/PoE+) Operation Introduction to PoE 11-4 Term Use in this Manual port-number priority Refers to the type of power prioritization where, within a priority class, a PoE module assigns the highest priority to the lowest-numbered port in the module, the second-highest priority to the second lowest-numbered port in the module, and so on. Note that power priority rules apply only if PoE provisioning on the module becomes oversubscribed.
Power Over Ethernet (PoE/PoE+) Operation PoE Operation PoE Operation Using the commands described in this chapter, you can: ■ Enable or disable PoE operation on individual ports. ■ Monitor PoE status and performance per module. ■ Configure a non-default power threshold for SNMP and Event Log reporting of PoE consumption on either all PoE ports on the switch or on all PoE ports in one or more PoE modules.
Power Over Ethernet (PoE/PoE+) Operation PoE Operation Note The ports support standard networking links and PoE links. You can connect either a non-PoE device or a PD to a port enabled for PoE without reconfig uring the port. PD Support To best utilize the allocated PoE power, spread your connected PoE devices as evenly as possible across modules.
Power Over Ethernet (PoE/PoE+) Operation PoE Operation For PoE+, there must be 33 watts available for the module to begin supplying power to a port with a PD connected. A slot in a zl chassis can provide a maximum of 370 watts of PoE/PoE+ power to a module. Disconnecting a PD from a PoE port causes the module to stop providing PoE power to that port and makes the power available to any other PoE ports that have PDs connected and waiting for power.
Power Over Ethernet (PoE/PoE+) Operation Configuring PoE Operation Configuring PoE Operation In the default configuration, PoE support is enabled on the ports in a PoE module installed on the switch. The default priority for all ports is Low and the default power notification threshold is 80 (%).
Power Over Ethernet (PoE/PoE+) Operation Configuring PoE Operation Configuring the PoE Port Priority Level Syntax: interface < port-list > power-over-ethernet [ critical | high | low ] Reconfigures the PoE priority level on . For a given level, ports are prioritized by port number in ascending order. For example, if ports A1-A24 have a priority level of critical, port A1 has priority over ports A2-A24.
Power Over Ethernet (PoE/PoE+) Operation Configuring PoE Operation Table 11-1. Example of PoE Priority Operation on a PoE Module Port Priority Setting C3 - C17 Critical Configuration Command1 and Resulting Operation with PDs connected to Ports C3 Through C24 In this example, the following CLI command sets ports C3-C17 to Critical: ProCurve(config)# interface c3-c17 power-over-ethernet critical The Critical priority class always receives power.
Power Over Ethernet (PoE/PoE+) Operation Configuring PoE Operation allocated starting with module A, then B, C, and the remaining modules in order. Any remaining power is allocated in the same manner for the Low priority ports, beginning with module A though the remaining modules. If there is not enough PoE power for all the PDs connected to PoE modules in the switch, power is allocated according to priority class across modules. For example: All ports on module C are prioritized as Critical.
Power Over Ethernet (PoE/PoE+) Operation Configuring PoE Operation Controlling PoE Allocation The default option for PoE allocation is usage, which is what a PD attached to the port is allocated. You can override this value by specifying the amount of power allocated to a port by using the class or value options. Syntax: [no] int poe-allocate-by [usage | class | value] Allows you to manually allocate the amount of PoE power for a port by either its class or a defined value.
Power Over Ethernet (PoE/PoE+) Operation Configuring PoE Operation Manually Configuring PoE Power Levels You can specify a power level (in watts) allocated for a port by using the value option. This is the maximum amount of power that will be delivered.
Power Over Ethernet (PoE/PoE+) Operation Configuring PoE Operation ProCurve(config)# int A7 poe-value 4 ProCurve(config)# show power-over-ethernet A7 Status and Counters - Port Power Status for port A7 Power Enable : Yes Priority : low AllocateBy : value Detection Status : fault LLDP Detect Configured Type Value Power Class : enabled : : 4 W : 2 Over Current Cnt Power Denied Cnt : 1 : 2 MPS Absent Cnt Short Cnt : 0 : 0 Voltage Power : 55.1 V : 8.4 W Current : 154 mA Figure 11-2.
Power Over Ethernet (PoE/PoE+) Operation Configuring PoE Operation Changing the Threshold for Generating a Power Notice You can configure one of the following thresholds: ■ A global power threshold that applies to all modules on the switch. This setting acts as a trigger for sending a notice when the PoE power consumption on any PoE module installed in the switch crosses the configured global threshold level.
Power Over Ethernet (PoE/PoE+) Operation Configuring PoE Operation Syntax: power-over-ethernet [slot < slot-id-range >] threshold < 1 - 99 > This command specifies the PoE usage level (as a percentage of the PoE power available on a module) at which the switch generates a power usage notice. This notice appears as an SNMP trap and a corresponding Event Log message, and occurs when a PoE module’s power consumption crosses the configured threshold value.
Power Over Ethernet (PoE/PoE+) Operation Configuring PoE Operation Syntax: power-over-ethernet [slot ] threshold <1 - 99 > (Continued) To continue the preceding example, if the PoE power usage on the PoE module in slot B drops below 70%, another SNMP trap is generated and you will see this message in the Event Log: Slot B POE usage is below threshold of 70%. For a message listing, refer to “” on page 11-28. (Default Global PoE Power Threshold: 80).
Power Over Ethernet (PoE/PoE+) Operation PoE/PoE+ Allocation Using LLDP Information PoE/PoE+ Allocation Using LLDP Information LLDP with PoE When using PoE, enabling poe-lldp-detect allows automatic power configura tion if the link partner supports PoE. When LLDP is enabled, the information about the power usage of the PD is available and the switch can then comply with or ignore this information. You can configure PoE on each port according to the PD (IP phone, wireless device, etc.
Power Over Ethernet (PoE/PoE+) Operation Displaying the Switch’s Global PoE Power Status Displaying the Switch’s Global PoE Power Status Syntax: show power-over-ethernet [brief | [ethernet] |[slot | all>]] Displays the switch’s global PoE power status, including: • Total Available Power: Lists the maximum PoE wattage available to provision active PoE ports on the switch. This is the amount of usable power for PDs.
Power Over Ethernet (PoE/PoE+) Operation Displaying the Switch’s Global PoE Power Status ProCurve(config)# show power-over-ethernet Status and Counters - System Power Status Pre-standard Detect System Power Status PoE Power Status : On : No redundancy : No redundancy Chassis power-over-ethernet: Total Total Total Total Total Available Power Failover Power Redundancy Power used Power Remaining Power : : : : : 600 300 0 9 591 W W W W +/- 6W W Internal Power 1 300W/POE /Connected.
Power Over Ethernet (PoE/PoE+) Operation Displaying the Switch’s Global PoE Power Status Displaying PoE Status on All Ports Syntax: show power-over-ethernet brief Displays the following port power status: • PoE Port: Lists all PoE-capable ports on the switch. • Power Enable: Shows Yes for ports enabled to support PoE (the default) and No for ports on which PoE is disabled. • Power Priority: Lists the power priority (Low, High, and Critical) configured on ports enabled for PoE.
Power Over Ethernet (PoE/PoE+) Operation Displaying the Switch’s Global PoE Power Status For example, show power-over-ethernet brief displays this output: ProCurve(config)# show power-over-ethernet brief Status and Counters - Port Power Status System Power Status PoE Power Status : No redundancy : No redundancy Available: 600 W Used: 9 W Remaining: 591 W Module A Power Available: 408 W Used: 9 W Remaining: 399 W PoE Port -----A1 A2 A3 A4 A5 A6 A7 A8 A9 | | + | | | | | | | | | Power Enable ------
Power Over Ethernet (PoE/PoE+) Operation Displaying the Switch’s Global PoE Power Status Displaying the PoE Status on Specific Ports Syntax: show power-over-ethernet Displays the following PoE status and statistics (since the last reboot) for each port in : • Power Enable: Shows Yes for ports enabled to support PoE (the default) and No for ports on which PoE is disabled.
Power Over Ethernet (PoE/PoE+) Operation Displaying the Switch’s Global PoE Power Status • Power Class: Shows the power class of the PD detected on the indicated port. Classes include: 0: 0.44w to 12.95w 1: 0.44w to 3.84w 2: 3.84w to 6.49w 4: For PoE+; 3: 6.49w to 12.95w up to 25.5 watts can be drawn by the PD • MPS Absent Cnt: This value shows the number of times a detected PD has no longer requested power from the port. Each occurrence generates an Event Log message.
Power Over Ethernet (PoE/PoE+) Operation Planning and Implementing a PoE Configuration Planning and Implementing a PoE Configuration This section provides an overview of some considerations for planning a PoE application. For additional information on this topic, refer to the HP ProCurve PoE Planning and Implementation Guide which is available on the ProCurve Networking web site at www.procurve.com. Select Support, and then click on Manuals.
Power Over Ethernet (PoE/PoE+) Operation Planning and Implementing a PoE Configuration For example, if the 5406zl has two 24-port PoE modules (J8702A) installed, and all ports are using 15.4 watts, then the total wattage used is 739.2 watts (48 x 15.4). To supply the necessary PoE wattage a J8713A power supply is installed in one of the power supply slots. To gain redundant power, a second J8713A must be installed in the second power supply slot.
Power Over Ethernet (PoE/PoE+) Operation Planning and Implementing a PoE Configuration Table 11-3. Classifiers for Prioritizing Outbound Packets Priority QoS Classifier 1 UDP/TCP Application Type (port) 2 Device Priority (destination or source IP address) 3 IP Type of Service (ToS) field (IP packets only) 4 VLAN Priority 5 Incoming source-port on the switch 6 Incoming 802.
Power Over Ethernet (PoE/PoE+) Operation PoE Event Log Messages PoE Event Log Messages PoE operation generates these Event Log messages. You can also configure the switch to send these messages to a configured debug destination (terminal device or SyslogD server). “Informational” PoE Event-Log Messages Message Meaning I < MM/DD/YY > < HH:MM:SS > Message header, with severity, date, system time, and system module type (chassis or ports).
Power Over Ethernet (PoE/PoE+) Operation PoE Event Log Messages “Warning” PoE Event-Log Messages Message Meaning W < MM/DD/YY > < HH:MM:SS > chassis Message header, with severity, date, system time, and system module type. For more information on Event Log operation, including severity indicators, refer to “Using the Event Log for Troubleshooting Switch Problems” on page C 27“.
Power Over Ethernet (PoE/PoE+) Operation PoE Event Log Messages 11-30
12 Port Trunking Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3 Port Trunk Features and Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5 Trunk Configuration Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-6 Menu: Viewing and Configuring a Static Trunk Group . . . . . . . . . 12-10 CLI: Viewing and Configuring Port Trunk Groups . . . . . . . . . . . . .
Port Trunking Contents Forwarding Broadcast, Multicast, and Unknown Traffic Downstream (to the Server) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-33 Distributed Trunking Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-35 Trunk Group Operation Using the “Trunk” Option . . . . . . . . . . . . 12-36 How the Switch Lists Trunk Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-37 Outbound Traffic Distribution Across Trunked Links . . . . . . . . .
Port Trunking Overview Overview This chapter describes creating and modifying port trunk groups. This includes non-protocol trunks and LACP (802.3ad) trunks.
Port Trunking Overview Port Connections and Configuration: All port trunk links must be pointto-point connections between a switch and another switch, router, server, or workstation configured for port trunking. No intervening, non-trunking devices are allowed. It is important to note that ports on both ends of a port trunk group must have the same mode (speed and duplex) and flow control settings. Note Link Connections.
Port Trunking Port Trunk Features and Operation Port Trunk Features and Operation The switches covered in this guide offer these options for port trunking: ■ LACP: IEEE 802.3ad—page 12-19 ■ Trunk: Non-Protocol—page 12-36 Up to 144 trunk groups are supported on the switches covered in this guide. The actual maximum depends on the number of ports available on the switch and the number of links in each trunk.
Port Trunking Trunk Configuration Methods Trunk Configuration Methods Dynamic LACP Trunk: The switch automatically negotiates trunked links between LACP-configured ports on separate devices, and offers one dynamic trunk option: LACP. To configure the switch to initiate a dynamic LACP trunk with another device, use the interface command in the CLI to set the default LACP option to Active on the ports you want to use for the trunk.
Port Trunking Trunk Configuration Methods Table 12-2. Trunk Configuration Protocols Protocol Trunking Options LACP (802.3ad) Provides dynamic and static LACP trunking options. • Dynamic LACP — Use the switch-negotiated dynamic LACP trunk when: – The port on the other end of the trunk link is configured for Active or Passive LACP. – You want fault-tolerance for high-availability applications.
Port Trunking Trunk Configuration Methods Table 12-3. General Operating Rules for Port Trunks Media: For proper trunk operation, all ports on both ends of a trunk group must have the same media type and mode (speed and duplex). (For the switches covered in this guide, ProCurve recommends leaving the port Mode setting at Auto or, in networks using Cat 3 cabling, Auto-10.
Port Trunking Trunk Configuration Methods Spanning Tree: 802.1D (STP) and 802.1w (RSTP) Spanning Tree operate as a global setting on the switch (with one instance of Spanning Tree per switch). 802.1s (MSTP) Spanning Tree operates on a per-instance basis (with multiple instances allowed per switch). For each Spanning Tree instance, you can adjust Spanning Tree parameters on a per-port basis.
Port Trunking Menu: Viewing and Configuring a Static Trunk Group Menu: Viewing and Configuring a Static Trunk Group Important Configure port trunking before you connect the trunked links to another switch, routing switch, or server. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured. Refer to “Enabling or Disabling Ports and Configuring Port Mode” on page 10-15.
Port Trunking Menu: Viewing and Configuring a Static Trunk Group • For proper trunk operation, all ports in a trunk must have the same media type and mode (such as 10/100TX set to 100FDx, or 100FX set to 100FDx). The flow control settings must also be the same for all ports in a given trunk. To verify these settings, refer to “Viewing Port Status and Configuring Port Parameters” on page 10-3. • You can configure the trunk group with up to eight ports per trunk.
Port Trunking CLI: Viewing and Configuring Port Trunk Groups 8. Connect the trunked ports on the switch to the corresponding ports on the opposite device. If you previously disabled any of the trunked ports on the switch, enable them now. (Refer to “Viewing Port Status and Configuring Port Parameters” on page 10-3.) Check the Event Log (“Using the Event Log for Troubleshooting Switch Problems” on page C-27) to verify that the trunked ports are operating prop erly.
Port Trunking CLI: Viewing and Configuring Port Trunk Groups Using a port list specifies, for switch ports in a static trunk group, only the ports you want to view. In this case, the command specifies ports A5 through A7. However, because port A6 is not in a static trunk group, it does not appear in the resulting listing: Port A5 appears with an example of a name that you can optionally assign using the Friendly Port Names feature. (Refer to “Using Friendly (Optional) Port Names” on page 10-25.
Port Trunking CLI: Viewing and Configuring Port Trunk Groups Listing Static LACP and Dynamic LACP Trunk Data. Syntax: show lacp Lists data for only the LACP-configured ports.. In the following example, ports A1 and A2 have been previously configured for a static LACP trunk. (For more on the “Active” parameter, see table 12-5 on page 12-22.) Figure 12-8. Example of a Show LACP Listing (For a description of each of the above-listed data types, refer to table 12-5, “LACP Port Status Data” on page 12-22.
Port Trunking CLI: Viewing and Configuring Port Trunk Groups “Up” Links Standby Link Figure 12-9. Example of a Dynamic LACP Trunk with One Standby Link Using the CLI To Configure a Static or Dynamic Trunk Group Important Configure port trunking before you connect the trunked links between switches. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured.
Port Trunking CLI: Viewing and Configuring Port Trunk Groups Configuring a Static Trunk or Static LACP Trunk Group. Syntax: trunk < port-list > < trk1 ... trk144> < trunk | lacp > Configures the specified static trunk type. This example uses ports C4 - C6 to create a non-protocol static trunk group with the group name of Trk2. ProCurve(config)# trunk c4-c6 trk2 trunk Removing Ports from a Static Trunk Group. This command removes one or more ports from an existing Trkx trunk group.
Port Trunking CLI: Viewing and Configuring Port Trunk Groups Switch “A” with ports set to LACP passive. Switch “B” with ports set to LACP passive. Dynamic LACP trunk cannot automatically form because both ends of the links are LACP passive. (In this case spanning-tree blocking is needed to prevent a loop. Switch “A” with ports set to LACP active. Switch “B” with ports set to LACP passive. Dynamic LACP trunk automatically forms because both ends of the links are LACP and at least one end is LACP active.
Port Trunking Web: Viewing Existing Port Trunk Groups Caution Unless spanning tree is running on your network, removing a port from a trunk can result in a loop. To help prevent a broadcast storm when you remove a port from a trunk where spanning tree is not in use, ProCurve recommends that you first disable the port or disconnect the link on that port. Syntax: no interface < port-list > lacp Removes < port-list > from any dynamic LACP trunk and returns the ports in < port-list > to passive LACP.
Port Trunking Trunk Group Operation Using LACP Trunk Group Operation Using LACP The switch can automatically configure a dynamic LACP trunk group or you can manually configure a static LACP trunk group. Note LACP requires full-duplex (FDx) links of the same media type (10/100Base-T, 100FX, etc.) and the same speed, and enforces speed and duplex conformance across a trunk group. For most installations, ProCurve recommends that you leave the port Mode settings at Auto (the default).
Port Trunking Trunk Group Operation Using LACP Table 12-4. LACP Trunk Types LACP Port Trunk Operation Configuration Dynamic LACP This option automatically establishes an 802.3ad-compliant trunk group, with LACP for the port Type parameter and DynX for the port Group name, where X is an automatically assigned value from 1 to 144, depending on how many dynamic and static trunks are currently on the switch. (The switch allows a maximum of 144 trunk groups in any combination of static and dynamic trunks.
Port Trunking Trunk Group Operation Using LACP LACP Port Trunk Operation Configuration Static LACP Provides a manually configured, static LACP trunk to accommodate these conditions: • The port on the other end of the trunk link is configured for a static LACP trunk. • You want to configure non-default spanning tree or IGMP parameters on an LACP trunk group. • You want an LACP trunk group to operate in a VLAN other than the default VLAN and GVRP is disabled. (Refer to “VLANs and Dynamic LACP” on page 12-24.
Port Trunking Trunk Group Operation Using LACP Default Port Operation In the default configuration, LACP is disabled for all ports. If LACP is not configured as Active on at least one end of a link, then the port does not try to detect a trunk configuration and operates as a standard, untrunked port. Table 12-5 lists the elements of per-port LACP operation. To display this data for a switch, execute the following command in the CLI: ProCurve> show lacp Table 12-5.
Port Trunking Trunk Group Operation Using LACP Status Name Meaning LACP Partner Yes: LACP is enabled on both ends of the link. No: LACP is enabled on the switch, but either LACP is not enabled or the link has not been detected on the opposite device. LACP Status Success: LACP is enabled on the port, detects and synchronizes with a device on the other end of the link, and can move traffic across the link.
Port Trunking Trunk Group Operation Using LACP The switch will not allow you to configure LACP on a port on which port security is enabled. For example: ProCurve(config)# int a17 lacp passive Error configuring port A17: LACP and port security cannot be run together. ProCurve(config)# To restore LACP to the port, you must remove port security and re-enable LACP active or passive. Changing Trunking Methods. To convert a trunk from static to dynamic, you must first eliminate the static trunk.
Port Trunking Trunk Group Operation Using LACP ProCurve(eth-B1-B8)# show lacp LACP PORT NUMB ---B1 B2 B3 B4 B5 B6 B7 B8 LACP ENABLED ------Active Active Active Active Active Active Active Active TRUNK GROUP ------Dyn1 Dyn1 Dyn1 Dyn1 Dyn1 Dyn1 B7 B8 PORT STATUS -----Up Up Up Up Blocked Blocked Down Down LACP PARTNER ------Yes Yes Yes Yes Yes Yes No No LACP STATUS ------Success Success Success Success Failure Failure Success Success Figure 12-11.
Port Trunking Trunk Group Operation Using LACP Spanning Tree and IGMP. If Spanning Tree and/or IGMP is enabled in the switch, a dynamic LACP trunk operates only with the default settings for these features and does not appear in the port listings for these features. Half-Duplex and/or Different Port Speeds Not Allowed in LACP Trunks. The ports on both sides of an LACP trunk must be configured for the same speed and for full-duplex (FDx). The 802.
Port Trunking Distributed Trunking Distributed Trunking Overview The IEEE standard 802.3ad requires that all the links in a trunk group originate from the same switch. Distributed Trunking uses a proprietary protocol that allows two or more port trunk links distributed across two switches to create a trunk group. The grouped links appear to the downstream device as if they are from a single device. This allows third party devices to interoperate with the Distributed Trunking switches (DTSs) seamlessly.
Port Trunking Distributed Trunking ISC Link S w itc h 5 4 0 6 z l J 8 69 9 A Po E P ro C u v r e S w tc i h 5 4 0 0 zl M a n a g e me n tM o d u e l Mg mt F h s la mp e T Ac t 3 4 ProCurve Networking P ro C u rv e Sa tu s Po E A J 8 72 6 A HPInnovat ion 1 C B D G S w itc h 5 4 0 6 z l J 8 6 9 9 A Po E H I J Dx PE F o Re t s Ce rl a t s e T Ch s a D IM M F n a 1 2 2 In e rn t la P o E P o we r Pwr E F K L Mo d u e s l Sp d U rs E D Mo L e d Po r Cu v r e S w tc i h 5 4 0 0 zl M a
Port Trunking Distributed Trunking InterSwitch-Connect (ISC) Distributed Trunk Switch Remote Distributed Trunk Switch Local ISC ports DT ports DT ports Trunk Trunk Trunk Server 1 Server 2 Server 3 DTD DTD DTD Figure 12-14.Example of Distributed Trunking Distributed Trunking Interconnect Protocol (DTIP) Distributed trunking uses the Distributed Trunking Interconnect Protocol (DTIP), which sends and receives proprietary protocol frames between two DT switches.
Port Trunking Distributed Trunking Configuring Distributed Trunking ISC Port Configuration You must configure the ISC ports before you can configure the trunks for distributed trunking. To configure an ISC port, enter this command: Syntax: switch-interconnect no switch-interconnect Configures an InterSwitch-Connection (ISC) port. The variable is the interconnect inter face that connects two distributed trunking switches.
Port Trunking Distributed Trunking ProCurve Switch Local(config)# switch-interconnect a7 ProCurve Switch Remote(config)# switch-interconnect a8 ProCurve Switch Local(config)# trunk a9-a10 trk10 dt-lacp ProCurve Switch Remote(config)# trunk a5-a6 trk10 dt-lacp Figure 12-15.Example of Configuring Distributed Trunking Displaying Distributed Trunking Information To display information about the distributed trunks, enter the show lacp distributed command.
Port Trunking Distributed Trunking Maximum DT Trunks and Links Supported Table 12-1 shows the maximum number of DT trunks and DT links that are supported. Table 12-1.
Port Trunking Distributed Trunking Unicast frames are only forwarded by one of the DT switches unless the MAC address is reachable only through the other DT switch, for example, a host on DT2 sends or receives frames directly through the DT2 switch.
Port Trunking Distributed Trunking STP Root C D B A I3 I2 I1 I4 DT2 DT1 ISC Port Running MSTP Server STP Blocked Upstream Unicast Traffic Downstream Unicast Traffic Upstream Bcast/Mcast/Unknown DA Downstream Bcast/Mcast/Unknown DA Figure 12-17.
Port Trunking Distributed Trunking Distributed Trunking Restrictions There are several restrictions with distributed trunking. ■ The port trunk links should be configured manually (manual LACP). Dynamic linking across switches is not supported. ■ Only servers are supported as Distributed Trunking Devices (DTDs). ■ A distributed trunk can span a maximum of two switches. ■ A maximum total of 60 servers can be connected to two DT switches.
Port Trunking Trunk Group Operation Using the “Trunk” Option Trunk Group Operation Using the “Trunk” Option This method creates a trunk group that operates independently of specific trunking protocols and does not use a protocol exchange with the device on the other end of the trunk. With this choice, the switch simply uses the SA/DA method of distributing outbound traffic across the trunked ports without regard for how that traffic is handled by the device at the other end of the trunked links.
Port Trunking How the Switch Lists Trunk Data How the Switch Lists Trunk Data Static Trunk Group: Appears in the menu interface and the output from the CLI show trunk and show interfaces commands. Dynamic LACP Trunk Group: Appears in the output from the CLI show lacp command.
Port Trunking Outbound Traffic Distribution Across Trunked Links The load-balancing is done on a per communication basis. Otherwise, traffic is transmitted across the same path as shown in figure 12-18. That is, if Client A attached to Switch 1 sends five packets of data to Server A attached to Switch 2, the same link is used to send all five packets. The SA/DA address pair for the traffic is the same.
Port Trunking Outbound Traffic Distribution Across Trunked Links Table 12-1.
Port Trunking Outbound Traffic Distribution Across Trunked Links 12-40
13 Port Traffic Controls Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-3 Rate-Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-4 All Traffic Rate-Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-4 Configuring Rate-Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Port Traffic Controls Contents Jumbo Frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-30 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-30 Operating Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-31 Configuring Jumbo Frame Operation . . . . . . . . . . . . . . . . . . . . . . . . . 13-32 Overview . . . . . . . . . . . . . . . . . . . . . . . . . .
Port Traffic Controls Overview Overview Feature Default Menu CLI Web None n/a 13-4 n/a Per Queue (1-8 order): 2%-3%-30%-10%-10% 10%-15%-20% n/a 13-22 n/a Disabled n/a 13-30 n/a Rate-Limiting Guaranteed Minimum Bandwidth Jumbo Packets This chapter includes: ■ Note Rate-Limiting: Enables a port to limit the amount of bandwidth a user or device may utilize for traffic on the switch.
Port Traffic Controls Rate-Limiting Rate-Limiting Feature rate-limit all show rate-limit all rate-limit icmp show rate-limit icmp Default Menu CLI Web none n/a page 13-5 n/a n/a n/a page 13-6 n/a none n/a page 13-13 n/a n/a n/a page 13-14 n/a All Traffic Rate-Limiting Rate-limiting for all traffic operates on a per-port basis to allow only the specified bandwidth to be used for inbound or outbound traffic. When traffic exceeds the configured limit, it is dropped.
Port Traffic Controls Rate-Limiting Configuring Rate-Limiting Note The mode using bits per second (bps) in releases before K.12.XX has been replaced by the kilobits per second (kbps) mode. Switches that have config urations with bps values will be automatically converted when you update your software to the new version. However, an older config file with bps values must be updated manually to kbps values or it will not load successfully onto a switch running later versions of the software (K.12.
Port Traffic Controls Rate-Limiting • Kbps rate-limiting is done in segments of 1% of the lowest corresponding media speed. For example, if the media speed is 100 Kbps, the value would be 1 Mbps. A 1-100 Kbps rate-limit is implemented as a limit of 100 Kbps; a limit of 100-199 Kbps is also implemented as a limit of 100 Kbps, a limit of 200-299 Kbps is implemented as a limit of 200 Kbps, and so on. • Percentage limits are based on link speed.
Port Traffic Controls Rate-Limiting ProCurve# show rate-limit all a1-a6 Ports A1-A4 are configured with an outbound rate limit of 200 Kbps; Port A5 is configured with an inbound rate limit of 20%. (Port A6 is not configured for rate-limiting.
Port Traffic Controls Rate-Limiting ProCurve(config)# show config Startup configuration: ; J8697A Configuration Editor; Created on release #K.14.01 hostname "ProCurve Switch 8212zl" module 1 type J8705A snmp-server community "public" Unrestricted vlan 1 name "DEFAULT_VLAN" untagged A1-A24 Ports A1-A4 are configured with an ip address dhcp-bootp outbound rate limit of 200 kbps.
Port Traffic Controls Rate-Limiting ■ rate-limiting on the port while it is in the trunk. Attempting to configure rate-limiting on a port that already belongs to a trunk generates the following message: < port-list >: Operation is not allowed for a trunked port. Rate-limiting for inbound and outbound traffic are separate features: The rate limits for each direction of traffic flow on the same port are configured separately—even the specified limits can be different.
Port Traffic Controls Rate-Limiting ■ Note on Testing Rate-Limiting Optimum rate-limiting operation: Optimum rate-limiting occurs with 64-byte packet sizes. Traffic with larger packet sizes can result in performance somewhat below the configured bandwidth. This is to ensure the strictest possible rate-limiting of all sizes of packets. Rate-limiting is applied to the available bandwidth on a port, and not to any specific applications running through the port.
Port Traffic Controls Rate-Limiting messages to an extent where no other traffic can get through. (ICMP messages themselves can also be misused as virus carriers). Such malicious misuses of ICMP can include a high number of ping packets that mimic a valid source IP address and an invalid destination IP address (spoofed pings), and a high number of response messages (such as Destination Unreachable error mes sages) generated by the network.
Port Traffic Controls Rate-Limiting Spoofed Ping: An ICMP echo request packet intentionally generated with a valid source IP address and an invalid destination IP address. Spoofed pings are often created with the intent to oversubscribe network resources with traffic having invalid destinations. Guidelines for Configuring ICMP Rate-Limiting Apply ICMP rate-limiting on all connected interfaces on the switch to effec tively throttle excessive ICMP messaging from any source.
Port Traffic Controls Rate-Limiting Configuring ICMP Rate-Limiting The rate-limit icmp command controls inbound usage of a port by setting a limit on the bandwidth available for inbound ICMP traffic. Syntax: [no] int < port- list > rate-limit icmp | kbps <0-10000000>> Configures inbound ICMP traffic rate limiting. You can configure a rate limit from either the global configuration level (as shown above) or from the interface context level.
Port Traffic Controls Rate-Limiting Using Both ICMP Rate-Limiting and All-Traffic Rate-Limiting on the Same Interface ICMP and all-traffic rate-limiting can be configured on the same interface. All-traffic rate-limiting applies to all inbound or outbound traffic (including ICMP traffic), while ICMP rate-limiting applies only to inbound ICMP traffic.
Port Traffic Controls Rate-Limiting For example, if you wanted to view the rate-limiting configuration on the first six ports in the module in slot “B”: ProCurve(config)# show rate-limit icmp b1-b6 Inbound ICMP Rate Limit Maximum Percentage Port ----B1 B2 B3 B4 B5 B6 | | + | | | | | | Mode -------Disabled kbps % % % Disabled Rate Limit ------Disabled 100 5 1 1 Disabled Figure 13-4.
Port Traffic Controls Rate-Limiting 0.5 Mbps of inbound traffic. If an interface experiences an inbound flow of ICMP traffic in excess of its configured limit, the switch generates a log message and an SNMP trap (if an SNMP trap receiver is configured). 13-16 ■ ICMP rate-limiting is port-based: ICMP rate-limiting reflects the available percentage of an interface’s entire inbound bandwidth.
Port Traffic Controls Rate-Limiting Note on Testing ICMP Rate-Limiting ICMP rate-limiting is applied to the available bandwidth on an interface. If the total bandwidth requested by all ICMP traffic is less than the available, configured maximum rate, then no ICMP rate-limit can be applied. That is, an interface must be receiving more inbound ICMP traffic than the configured bandwidth limit allows.
Port Traffic Controls Rate-Limiting The switch does not send more traps or Event Log messages for excess ICMP traffic on the affected port until the system operator resets the port’s ICMP trap function. The reset can be done through SNMP from a network manage ment station or through the CLI with the following setmib command. Syntax: setmib hpIcmpRatelimitPortAlarmflag.
Port Traffic Controls Rate-Limiting To match the port’s external slot/number to the internal port number, use the walkmib ifDescr command, as shown in the following figure: ProCurve# walkmib ifDescr ifDescr.1 = A1 ifDescr.2 = A2 ifDescr.3 = A3 . . . ifDescr.23 = A23 ifDescr.24 = A24 ifDescr.27 = B1 ifDescr.28 = B2 ifDescr.29 = B3 . . . ifDescr.48 = B22 ifDescr.49 = B23 ifDescr.50 = B24 . . .
Port Traffic Controls Rate-Limiting Syntax: rate-limit < bcast | mcast > in percent <0-100> no rate-limit in Enables rate-limiting and sets limits for the specified inbound broadcast or multicast traffic. Only the amount of traffic specified by the percent is forwarded.
Port Traffic Controls Rate-Limiting ProCurve(eth-3)# rate-limit mcast in percent 20 ProCurve(eth-3)# show rate-limit mcast Multicast-Traffic Rate Limit Maximum % Port ----1 2 3 4 | + | | | | Inbound Limit ------------Disabled Disabled 20 Disabled Mode --------Disabled Disabled % Disabled Radius Override -------------No-override No-override No-override No-override Figure 13-7.
Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Guaranteed Minimum Bandwidth (GMB) Feature bandwidth-min output show bandwidth output [ port-list ] Default Menu CLI Web Per-Queue: 2%-3%-30%-10% 10%-10%-15%-20% n/a page 13-25 n/a n/a n/a page 13-28 n/a Introduction Guaranteed Minimum Bandwidth (GMB) provides a method for ensuring that each of a given port’s outbound traffic priority queues has a specified mini mum consideration for sending traffic out on the link to another device.
Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Table 13-1. Per-Port Outbound Priority Queues 802.1p Priority Settings in Tagged VLAN Packets* 1 (low) Outbound Priority Queue for a Given Port 1 2 (low) 2 0 (normal) 3 3 (normal) 4 4 (medium) 5 5 (medium) 6 6 (high) 7 7 (high) 8 *The switch processes outbound traffic from an untagged port at the "0" (normal) priority level.
Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Note For a given port, when the demand on one or more outbound queues exceeds the minimum bandwidth configured for those queues, the switch apportions unallocated bandwidth to these queues on a priority basis. As a result, speci fying a minimum bandwidth for a high-priority queue but not specifying a minimum for lower-priority queues can starve the lower-priority queues dur ing periods of high demand on the high priority queue.
Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Note For more information on queue configuration and the associated default minimum bandwidth settings, refer to the chapter titled “Quality of Service (QoS): Managing Bandwidth More Effectively” in the Advanced Traffic Management Guide for your switch.
Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Syntax: [ no ] int < port-list > bandwidth-min output [ < queue1% > < queue2% > < queue3% > < queue4% > ] For ports in < port-list >, specifies the minimum outbound bandwidth as a percent of the total bandwidth for each outbound queue. The queues receive service in descending order of priority.
Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Notes: Configuring 0% for a queue can result in that queue being starved if any higher queue becomes over subscribed and is then given all unused bandwidth. The switch applies the bandwidth calculation to the link speed the port is currently using. For example, if a 10/100 Mbs port negotiates to 10 Mbps on the link, then it bases its GMB calculations on 10 Mbps; not 100 Mbps.
Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) Either of the following commands configures ports A1 through A5 with bandwidth settings: ProCurve(config)#int a1-a5 bandwidth-min output 2 3 30 10 10 10 15 20 ProCurve(eth-A1-A5)#bandwidth-min output 2 3 30 10 10 10 15 20 Displaying the Current Guaranteed Minimum Bandwidth Configuration This command displays the per-port GMB configuration in the running-config file.
Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) This is how the preceding listing of the GMB configuration would appear in the startup-config file. The outbound port priority queues 1 - 8 for ports A1-A5 are configured with the indicated Guaranteed Minimum Bandwidth percentages. Figure 13-10. Example of GMB Settings Listed in the “show config” Output GMB Operating Notes Impact of QoS Queue Configuration on GMB commands.
Port Traffic Controls Jumbo Frames Jumbo Frames Feature display VLAN jumbo status configure jumbo VLANs Default Menu CLI Web n/a — 13-33 — Disabled — 13-35 — The Maximum Transmission Unit (MTU) is the maximum size IP frame the switch can receive for Layer 2 frames inbound on a port. The switch drops any inbound frames larger than the MTU allowed on the port.
Port Traffic Controls Jumbo Frames MTU (Maximum Transmission Unit): This is the maximum-size IP frame the switch can receive for Layer 2 frames inbound on a port. The switch allows jumbo frames of up to 9220 bytes. Standard MTU: An IP frame of 1522 bytes in size. (This size includes 4 bytes for the VLAN tag.
Port Traffic Controls Jumbo Frames Configuring Jumbo Frame Operation Command Page show vlans 13-33 show vlans ports < port-list > 13-34 show vlans < vid > 13-35 jumbo 13-35 jumbo max-frame-size 13-35 Overview 13-32 1. Determine the VLAN membership of the ports or trunks through which you want the switch to accept inbound jumbo traffic. For operation with GVRP enabled, refer to the GVRP topic under “Operating Rules”, above. 2.
Port Traffic Controls Jumbo Frames Viewing the Current Jumbo Configuration Syntax: show vlans Lists the static VLANs configured on the switch and includes a Jumbo column to indicate which VLANs are configured to support inbound jumbo traffic. All ports belonging to a jumbo-enabled VLAN can receive jumbo traffic. (For more information refer to “Configuring a Maximum Frame Size” on page 13-35.) See Figure 13-11, below. Indicates which static VLANs are configured to enable jumbo frames. Figure 13-11.
Port Traffic Controls Jumbo Frames Indicates which static VLANs are configured to enable jumbo frames. Figure 13-12. Example of Listing the VLAN Memberships for a Range of Ports Syntax: show vlans < vid > This command shows port membership and jumbo configuration for the specified < vid >. Lists the ports belonging to VLAN 100 and whether the VLAN is enabled for jumbo frame traffic. Figure 13-13.
Port Traffic Controls Jumbo Frames Enabling or Disabling Jumbo Traffic on a VLAN Syntax: vlan < vid > jumbo [ no ] vlan < vid > jumbo Configures the specified VLAN to allow jumbo frames on all ports on the switch that belong to that VLAN. If the VLAN is not already configured on the switch, vlan < vid > jumbo also creates the VLAN.
Port Traffic Controls Jumbo Frames Configuring IP MTU Note The following feature is available on the switches covered in this guide. Jumbos support is required. On switches that do not support this command, the IP MTU value is derived from the maximum frame size and is not config urable. You can set the IP MTU globally by entering this command. The value of maxframe-size must be greater than or equal to 18 bytes more than the value selected for ip-mtu.
Port Traffic Controls Jumbo Frames Displaying the Maximum Frame Size Use the show jumbos command to display the globally configured untagged maximum frame size for the switch. ProCurve(config)# show jumbos Jumbos Global Values Configured : In Use : MaxFrameSize : 9216 MaxFrameSize : 9216 Ip-MTU : 9198 Ip-MTU : 9198 Figure 14. Displaying the Maximum Frame Size and IP MTU Values Operating Notes for Maximum Frame Size ■ When you set a maximum frame size for Jumbo frames, it must be on a global level.
Port Traffic Controls Jumbo Frames ■ When the switch applies the default MTU (1522-bytes) to a VLAN, all ports in the VLAN can receive incoming frames of up to 1522 bytes in length. When the switch applies the jumbo MTU (9220 bytes) to a VLAN, all ports in that VLAN can receive incoming frames of up to 9220 bytes in length.
Port Traffic Controls Jumbo Frames can occur in situations where a non-jumbo VLAN includes some ports that do not belong to another, jumbo-enabled VLAN and some ports that do belong to another, jumbo-enabled VLAN. In this case, ports capable of receiving jumbo frames can forward them to the ports in the VLAN that do not have jumbo capability. 1 2 3 4 5 6 Jumbo-Enabled VLAN Non-Jumbo VLAN VLAN 10 VLAN 20 Port 3 belongs to both VLAN 10 and VLAN 20.
Port Traffic Controls Jumbo Frames Troubleshooting A VLAN is configured to allow jumbo frames, but one or more ports drops all inbound jumbo frames. The port may not be operating at a min imum of 10 Mbps on the ProCurve 3500 switches or 1 Gbps on the other switches covered in this guide. Regardless of a port’s configuration, if it is actually operating at a speed lower than 10 Mbps for ProCurve 3500 switches or 1 Gbps for the other switches, it drops inbound jumbo frames.
14 Configuring for Network Management Applications Contents Using SNMP Tools To Manage the Switch . . . . . . . . . . . . . . . . . . . . . 14-2 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-2 SNMP Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-3 Configuring for SNMP version 1 and 2c Access to the Switch . . . . . 14-3 Configuring for SNMP Version 3 Access to the Switch . . . . . . . . . . .
Configuring for Network Management Applications Contents CLI-Configured sFlow with Multiple Instances . . . . . . . . . . . . . . . . . 14-33 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-33 Configuring sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-34 Viewing sFlow Configuration and Status . . . . . . . . . . . . . . . . . . 14-34 LLDP (Link-Layer Discovery Protocol) . . . . . . . . . . . . . . . . . . . . . . .
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Using SNMP Tools To Manage the Switch Overview You can manage the switch via SNMP from a network management station running an application such as ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+). For more on PCM and PCM+, visit the ProCurve Networking web site at: www.procurve.com Click on products index in the sidebar, then click on the appropriate link appearing under the Network Management heading.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Management Features SNMP management features on the switch include: ■ SNMP version 1, version 2c, or version 3 over IP ■ Security via configuration of SNMP communities (page 14-11) ■ Security via authentication and privacy for SNMP Version 3 access ■ Event reporting via SNMP • Version 1 traps • RMON: groups 1, 2, 3, and 9 ■ ProCurve Manager/Plus support ■ Flow sampling using sFlow ■ Standard MIBs, suc
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch If you want to restrict access to one or more specific nodes, you can use the switch’s IP Authorized Manager feature. (Refer to the Access Security Guide for your switch.) Caution For ProCurve Manager (PCM) version 1.5 or earlier (or any TopTools version), deleting the “public” community disables some network management functions (such as traffic monitoring, SNMP trap generation, and threshold setting).
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Version 3 Commands SNMP version 3 (SNMPv3) adds some new commands to the CLI for configuring SNMPv3 functions. To enable SMNPv3 operation on the switch, use the snmpv3 enable command. An initial user entry will be generated with MD5 authentication and DES privacy. You may (optionally) restrict access to only SNMPv3 agents by using the snmpv3 only command.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Enabling SNMPv3 The snmpv3 enable command allows the switch to: ■ Receive SNMPv3 messages. ■ Configure initial users. ■ Restrict non-version 3 messages to “read only” (optional). Figure 14-1 shows an example of how to use the snmpv3 enable command. Note: SNMP Ve r s i o n 3 Initial Users To create new users, most SNMPv3 management software requires an initial user record to clone.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Caution 1. Configure users in the User Table with the snmpv3 user command. To view the list of configured users, enter the show snmpv3 user command (see “Adding Users” on page 14-8). 2. Assign users to Security Groups based on their security model with the snmpv3 group command (see “Assigning Users to Groups” on page 14-10).
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMPv3 User Commands Syntax: [no] snmpv3 user Adds or deletes a user entry for SNMPv3. Authorization and privacy are optional, but to use privacy, you must use authorization. When you delete a user, only the is required. [auth ] With authorization, you can set either MD5 or SHA authentication.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Assigning Users to Groups. Then you must set the group access level for the user by assigning the user to a group. This is done with the snmpv3 group command. For more details on the MIBs access for a given group refer to “Group Access Levels” on page 14-11.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Group Access Levels The switch supports eight predefined group access levels. There are four levels for use with version 3 users and four are used for access by version 2c or version 1 management applications.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: [no] snmpv3 community This command maps or removes a mapping of a community name to a group access level. To remove a mapping you, only need to specify the index_name parameter. index This is an index number or title for the mapping. The values of 1-5 are reserved and can not be mapped. name This is the community name that is being mapped to a group access level.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Community Features Feature Default show SNMP communities configure identity information Menu CLI n/a page 14-13 page 14-15 none — page 14-16 configure community names public MIB view for a community name manager (operator, manager) write access for default community name unrestricted page 14-13 “ “ “ page 14-16 “ “ “ “ Web — — Use SNMP communities to restrict access to the switch by SNMP management st
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Note: This screen gives an overview of the SNMP communities that are currently configured. All fields in this screen are readonly. Add and Edit options are used to modify the SNMP options. See Figure 8-2. Figure 14-5. The SNMP Communities Screen (Default Values) 2. Press [A] (for Add) to display the following screen: If you are adding a community, the fields in this screen are blank.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch CLI: Viewing and Configuring SNMP Community Names Community Name Commands Page show snmp-server [] 14-15 [no] snmp-server 14-16 [community ] 14-16 [host ] [] 14-19 [enable traps 14-27 [enable traps link-change ] 14-28 Listing Community Names and Values.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring Community Names and Values. The snmp-server command enables you to add SNMP communities with either default or specific access attributes, and to delete specific communities. Syntax: [no] snmp-server community < community-name > Configures a new community name. If you do not also specify operator or manager, the switch automatically assigns the community to the operator MIB view.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Notifications The switches covered in this guide support: ■ SNMP version 1 or SNMP version 2c traps ■ SNMPv2c informs ■ SNMPv3 notification process, including traps This section describes how to configure a switch to send network security and link-change notifications to configured trap receivers.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch ■ ■ ■ Advance Traffic Management Guide: • Loop protection • Spanning Tree (STP, RSTP, MSTP) Access Security Guide: • MAC lockdown • MAC lockout • Uni-Directional Link Detection (UDLD) • Virus throttling Multicast and Routing Guide: • OSPF • PIM • Virtual Router Redundancy Protocol (VRRP) General Steps for Configuring SNMP Notifications To configure SNMP notifications, follow these general steps: 1.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMPv1 and SNMPv2c Traps The switches covered in this guide support the following functionality from earlier SNMP versions (SNMPv1 and SNMPv2c): ■ Trap receivers: A trap receiver is a management station to which the switch sends SNMP traps and (optionally) event log messages sent from the switch. From the CLI you can configure up to ten SNMP trap receivers to receive SNMP traps from the switch.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: snmp-server host Configures a destination network management station to receive SNMPv1/v2c traps, and (optionally) event log messages sent as traps from the switch, using the specified community name and destination IPv4 or IPv6 address. You can specify up to ten trap receivers (network management stations). The default community name is public.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch For example, to configure a trap receiver in a community named "red-team" with an IP address of 10.28.227.130 to receive only "critical" event log messages, you can enter the following command: ProCurve(config)# snmp-server host 10.28.227.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Note The retries and timeout values are not used to send trap requests. To verify the configuration of SNMPv2c informs, enter the show snmp-server command: ProCurve Switch 5406zl(config)# show snmp-server SNMP Communities Community Name MIB View Write Access ---------------- -------- ----------public Manager Unrestricted Trap Receivers Link-Change Traps Enabled on Ports [All] : All ...
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring SNMPv3 Notifications The SNMPv3 notification process allows messages that are passed via SNMP between the switch and a network management station to be authenticated and encrypted. To configure SNMPv3 notifications, follow these steps: 1. Enable SNMPv3 operation on the switch by entering the snmpv3 enable command (see “SNMP Version 3 Commands” on page 14-6).
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch 5. Configure the target address of the SNMPv3 management station to which SNMPv3 informs and traps are sent by entering the snmpv3 targetaddress command. Syntax: [no] snmpv3 targetaddress < ipv4-addr | ipv6-addr> < name > Configures the IPv4 or IPv6 address, name, and configuration filename of the SNMPv3 management station to which notification messages are sent.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: [no] snmpv3 targetaddress < ipv4-addr | ipv6-addr> < name > —Continued— [timeout < value >] (Optional) Time (in millisecond increments) allowed to receive a response from the target before notification packets are retransmitted. Range: 0-2147483647. Default: 1500 (15 seconds). [max-msg-size] (Optional) Maximum number of bytes supported in a notification message to the specified target. Default: 1472 6.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch An example of how to configure SNMPv3 notification is shown here: Params _name value in the snmpv3 targetaddress command matches the params _name value in the snmpv3 params command. The tag _name value in snmpv3 notify command matches the tag _name value in the snmpv3 targetaddress command. Configuring the security model ver3 requires you to configure message processing ver3 and a security service level. Figure 14-9.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch To enable or disable notification/traps for network security failures and other security events, enter the snmp-server enable traps command. Syntax: [no] snmp-server enable traps [snmp-auth | password-change-mgr | loginfailure-mgr | port-security | auth-server-fail | dhcp-snooping | arp-protect] Enables or disables sending one of the security notification types listed below to configured trap receivers.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch ProCurve(config)# show snmp-server traps Link-change trap setting Trap Receivers Link-Change Traps Enabled on Ports [All] : A1-A24 Traps Category -----------------------------SNMP Authentication Password change Login failures Port-Security Authorization Server Contact DHCP Snooping Dynamic ARP Protection Dynamic IP Lockdown Address ---------------------15.255.5.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring the Source IP Address for SNMP Notifications The switch uses an interface IP address as the source IP address in IP headers when sending SNMP notifications (traps and informs) or responses to SNMP requests. For multi-netted interfaces, the source IP address is the IP address of the outbound interface of the SNMP reply, which may differ from the destination IP address in the IP header of the received request.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch To configure the switch to use a specified source IP address in generated trap PDUs, enter the snmp-server trap-source command. Syntax: [no] snmp-server trap-source [ | loopback<0-7>] Specifies the source IP address to be used for a trap PDU. The no form of the command resets the switch to the default behavior (compliant with rfc-1517). Default: Use the interface IP address in generated trap PDUs.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch ProCurve(config)# show snmp-server SNMP Communities Community Name MIB View Write Access ---------------- -------- ----------public Manager Unrestricted Trap Receivers Link-Change Traps Enabled on Ports [All] : All ... Excluded MIBs Snmp Response Pdu Source-IP Information Selection Policy : dstIpOfRequest Trap Pdu Source-IP Information Selection Policy : Configured IP Ip Address : 10.10.10.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch In the following example, the show snmp-server command output shows that the switch has been configured to send SNMP traps and notifications to management stations that belong to the “public”, “red-team”, and “blue-team” communities.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring Listening Mode For switches that have a separate out-of-band management port, you can specify whether a configured SNMP server listens for SNMP queries over the out-of-band management interface, the data interface, or both. By default, the switch listens over both interfaces. This option is not available for switches that do not have a separate out-of band management port.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Advanced Management: RMON The switch supports RMON (Remote Monitoring) on all connected network segments. This allows for troubleshooting and optimizing your network. The following RMON groups are supported: ■ ■ ■ ■ Ethernet Statistics (except the numbers of packets of different frame sizes) Alarm History (of the supported Ethernet statistics) Event The RMON agent automatically runs in the switch.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Configuring sFlow The following sFlow commands allow you to configure sFlow instances via the CLI. Syntax: [no] sflow destination [udp-port-num] Enables an sFlow receiver/destination. The receiver-instance number must be a 1, 2, or 3. By default, the udp destination port number is 6343. To disable an sFlow receiver/destination, enter no sflow .
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch The show sflow agent command displays read-only switch agent information. The version information shows the sFlow version, MIB support and software versions; the agent address is typically the ip address of the first vlan config ured on the switch. ProCurve# show sflow agent Version Agent Address 1.3;HP;K.11.40 10.0.10.228 Figure 14-13.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch The show sflow sampling-polling [port-list] command displays infor mation about sFlow sampling and polling on the switch. You can specify a list or range of ports for which to view sampling information. ProCurve# show sflow 2 sampling-polling A1-A4 Number denotes the sampling/polling instance to which the receiver is coupled.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP (Link-Layer Discovery Protocol) To standardize device discovery on all ProCurve switches, LLDP will be implemented while offering limited read-only support for CDP as documented in this manual. For the latest information on your switch model, consult the Release Notes (available on the ProCurve Networking web site).
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP-MED (LLDP Media Endpoint Discovery): Provides an extension to LLDP and is designed to support VoIP deployments. Note LLDP-MED is an extension for LLDP, and the switch requires that LLDP be enabled as a prerequisite to LLDP-MED operation. An SNMP utility can progressively discover LLDP devices in a network by: 1.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP Neighbor: An LLDP device that is either directly connected to another LLDP device or connected to that device by another, non-LLDP Layer 2 device (such as a hub) Note that an 802.1D-compliant switch does not forward LLDP data packets even if it is not LLDP-aware. LLDPDU (LLDP Data Unit): LLDP data packet are transmitted on active links and include multiple TLVs containing global and per-port switch information.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) TLV (Type-Length-Value): A data unit that includes a data type field, a data unit length field (in bytes), and a field containing the actual data the unit is designed to carry (as an alphanumeric string, a bitmap, or a subgroup of information). Some TLVs include subelements that occur as separate data points in displays of information maintained by the switch for LLDP advertisements.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Configuration Options Enable or Disable LLDP on the Switch. In the default configuration, LLDP is globally enabled on the switch. To prevent transmission or receipt of LLDP traffic, you can disable LLDP operation (page 14-42) Enable or Disable LLDP-MED. In the default configuration for the switches covered in this guide, LLDP-MED is enabled by default. (Requires that LLDP is also enabled.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) SNMP Notification. You can enable the switch to send a notification to any configured SNMP trap receiver(s) when the switch detects a remote LLDP data change on an LLDP-enabled port (page 14-52). Per-Port (Outbound) Data Options. The following table lists the information the switch can include in the per-port, outbound LLDP packets it generates.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Data Type Configuration Options Default Description 1The Packet Time-to-Live value is included in LLDP data packets. (Refer to “Changing the Time-to-Live for Transmitted Advertisements” on page 14-50.) Subelement of the Chassis ID TLV. 3 Subelement of the Port ID TLV. 4Subelement of the Remote-Management-Address TLV. 5Subelement of the System Capability TLV. 6Populated with data captured internally by the switch.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ■ RFC 2737 (Entity MIB) ■ RFC 2863 (Interfaces MIB) ■ ANSI/TIA-1057/D6 (LLDP-MED; refer to “LLDP-MED (Media-EndpointDiscovery)” on page 14-57.) LLDP Operating Rules (For additional information specific to LLDP-MED operation, refer to “LLDP MED (Media-Endpoint-Discovery)” on page 14-57.) Port Trunking. LLDP manages trunked ports individually.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Spanning-Tree Blocking. Spanning tree does not prevent LLDP packet transmission or receipt on STP-blocked links. 802.1X Blocking. Ports blocked by 802.1X operation do not allow transmission or receipt of LLDP packets. Configuring LLDP Operation In the default configuration, LLDP is enabled and in both transmit and receive mode on all active ports.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displays the LLDP global configuration, LLDP port status, and SNMP notification status. For information on port admin status, refer to “Configuring Per-Port Transmit and Receive Modes” on page 14-53. For example, show lldp config produces the following display when the switch is in the default LLDP configuration: Note: This value corresponds to the lldp refresh-interval command (page 14-49).
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying Port Configuration Details. This command displays the portspecific configuration, including. Syntax show lldp config < port-list > Displays the LLDP port-specific configuration for all ports in < port-list >, including which optional TLVs and any non-default IP address that are included in the port’s outbound advertisements.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ■ Add entries to its neighbors table based on data read from incoming LLDP advertisements. Syntax [ no ] lldp run Enables or disables LLDP operation on the switch. The no form of the command, regardless of individual LLDP port configurations, prevents the switch from transmitting outbound LLDP advertisements, and causes the switch to drop all LLDP advertisements received from other devices.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Changing the Time-to-Live for Transmitted Advertisements. The Time-to-Live value (in seconds) for all LLDP advertisements transmitted from a switch is controlled by the switch that generates the advertisement, and determines how long an LLDP neighbor retains the advertised data before discarding it. The Time-to-Live value is the result of multiplying the refreshinterval by the holdtime-multiplier described below.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax setmib lldpTxDelay.0 -i < 1 - 8192 > Uses setmib to change the minimum time (delay-interval) any LLDP port will delay advertising successive LLDP advertisements due to a change in LLDP MIB content. (Default: 2; Range: 1 - 8192) Note: The LLDP refresh-interval (transmit interval) must be greater than or equal to (4 x delay-interval).
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) delay interval delays the port’s ability to reinitialize and generate LLDP traffic following an LLDP disable/enable cycle. Syntax setmib lldpReinitDelay.0 -i < 1 - 10 > Uses setmib to change the minimum time (reinitialization delay interval) an LLDP port will wait before reinitializing after receiving an LLDP disable command followed closely by a txonly or tx_rx command.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Changing the Minimum Interval for Successive Data Change Notifications for the Same Neighbor. If LLDP trap notification is enabled on a port, a rapid succession of changes in LLDP information received in advertisements from one or more neighbors can generate a high number of traps. To reduce this effect, you can globally change the interval between successive notifications of neighbor data change.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Configuring Basic LLDP Per-Port Advertisement Content In the default LLDP configuration, outbound advertisements from each port on the switch include both mandatory and optional data. Mandatory Data. An active LLDP port on the switch always includes the mandatory data in its outbound advertisements.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) For example, if port 3 belongs to a subnetted VLAN that includes an IP address of 10.10.10.100 and you wanted port 3 to use this secondary address in LLDP advertisements, you would need to execute the following command: ProCurve(config)# lldp config 3 ipAddrEnable 10.10.10.100 Optional Data. You can configure an individual port or group of ports to exclude one or more of these data types from outbound LLDP advertisements.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) system_cap For outbound advertisements, this TLV includes a bitmask of supported system capabilities (device functions). Also includes information on whether the capabilities are enabled.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax: [ no ] lldp config < port-list > dot3TlvEnable macphy_config For outbound advertisements, this TLV includes the (local) switch port’s current speed and duplex settings, the range of speed and duplex settings the port supports, and the method required for reconfiguring the speed and duplex settings on the device (auto-negotiation during link initialization, or manual configuration).
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ■ Power over Ethernet (PoE) status and troubleshooting support via SNMP ■ support for IP telephony network troubleshooting of call quality issues via SNMP This section describes how to configure and use LLDP-MED features in the switches to support VoIP network edge devices (Media Endpoint Devices) such as: ■ IP phones ■ voice/media gateways ■ media servers ■ IP communications controllers ■ other VoIP devices or
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ■ able to use the following network policy elements configured on the client port • voice VLAN ID • 802.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ■ Class 3 (Communication Devices): These devices are typically IP phones or end-user devices that otherwise support IP media and offer all Class 1 and Class 2 features, plus location identification and emergency 911 capability, Layer 2 switch support, and device infor mation management. LLDP-MED Operational Support.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax: lldp top-change-notify < port-list > Topology change notification, when enabled on an LLDP port, causes the switch to send an SNMP trap if it detects LLDP MED endpoint connection or disconnection activity on the port, or an age-out of the LLDP-MED neighbor on the port.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP-MED Fast Start Control Syntax: lldp fast-start-count < 1 - 10 > An LLDP-MED device connecting to a switch port may use the data contained in the MED TLVs from the switch to configure itself. However, the lldp refresh-interval setting (default: 30 seconds) for transmitting advertisements can cause an unacceptable delay in MED device configuration.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note LLDP-MED operation requires the macphy_config TLV subelement—enabled by default—that is optional for IEEE 802.1AB LLDP operation. Refer to the dot3TlvEnable macphy_config command on page 14-57. Network Policy Advertisements. Network policy advertisements are intended for real-time voice and video applications, and include these TLV subelements: ■ Layer 2 (802.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Notes A codepoint must have an 802.1p priority before you can configure it for use in prioritizing packets by VLAN-ID. If a codepoint you want to use shows No Override in the Priority column of the DSCP policy table (display with show qos dscp map, then use qos-dscp map < codepoint > priority < 0 - 7 > to configure a priority before proceeding.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) network-policy This TLV enables the switch port to advertise its configured network policies (voice VLAN, Layer 2 QoS, Layer 3 QoS), and allows LLDP-MED endpoint devices to auto-configure the voice network policy advertised by the switch. This also enables the use of SNMP applications to troubleshoot statically configured endpoint network policy mismatches.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) PoE Advertisements. These advertisements inform an LLDP-MED endpoint of the power (PoE) configuration on switch ports. Similar advertisements from an LLDP-MED endpoint inform the switch of the endpoint’s power needs and provide information that can be used to identify power priority mismatches.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ■ ELIN (Emergency Location Identification Number): an emergency number typically assigned to MLTS (Multiline Telephone System Opera tors) in North America ■ coordinate-based location: attitude, longitude, and altitude informa tion (Requires configuration via an SNMP application.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) — Continued— Type/Value Pairs (CA-TYPE and CA-VALUE): This is a series of data pairs, each composed of a location data “type” specifier and the corresponding location data for that type. That is, the first value in a pair is expected to be the civic address “type” number (CA TYPE), and the second value in a pair is expected to be the corresponding civic address data (CA-VALUE).
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note: A switch port allows one instance of any given CA TYPE. For example, if a type/value pair of 6 Atlantic (to specify “Atlantic” as a street name) is configured on port A5 and later another type/value pair of 6 Pacific is configured on the same port, then Pacific replaces Atlantic in the civic address location configured for port A5.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Table 14-4.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Figure 14-20 shows the commands for configuring and displaying the above data. Figure 14-20.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying Switch Information Available for Outbound Advertisements These commands display the current switch information that will be used to populate outbound LLDP advertisements. Syntax show lldp info local-device [ port-list ] Without the [ port-list ] option, this command displays the global switch information and the per-port information currently available for populating outbound LLDP advertisements.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) The Management Address field displays only the LLDP-configurable IP addresses on the switch. (Only manually-configured IP addresses are LLDP-configurable.) If the switch has only an IP address from a DHCP or Bootp server, then the Management Address field is empty (because there are no LLDP configurable IP addresses available). For more on this topic, refer to “Remote Management Address” on page 14-44. Figure 14-21.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) information on displaying the currently configured port speed and duplex on an LLDP-MED endpoint, refer to “Displaying the Current Port Speed and Duplex Configuration on a Switch Port” on page 14-73. Syntax: show interfaces brief < port-list > Includes port speed and duplex configuration in the Mode column of the resulting display. Displaying Advertisements Currently in the Neighbors MIB.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Figure 14-23. Example of a Global Listing of Discovered Devices Indicates the policy configured on the telephone. A configuration mismatch occurs if the supporting port is configured differently. Figure 14-24.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying LLDP Statistics LLDP statistics are available on both a global and a per-port levels. Rebooting the switch resets the LLDP statistics counters to zero. Disabling the transmit and/or receive capability on a port “freezes” the related port counters at their current values.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) — Continued — Per-Port LLDP Counters: NumFramesRecvd: Shows the total number of valid, inbound LLDP advertisements received from any neighbor(s) on < portlist >. Where multiple neighbors are connected to a port through a hub, this value is the total number of LLDP advertisements received from all sources. NumFramesSent: Shows the total number of LLDP advertisements sent from < port-list >.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Counters showing frames sent on a port but no frames received on that port indicates an active link with a device that either has LLDP disabled on the link or is not LLDPaware. Figure 14-25. Example of a Global LLDP Statistics Display Figure 14-26. Example of a Per-Port LLDP Statistics Display LLDP Operating Notes Neighbor Maximum.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP Packet Forwarding: An 802.1D-compliant switch does not forward LLDP packets, regardless of whether LLDP is globally enabled or disabled on the switch. One IP Address Advertisement Per-Port: LLDP advertises only one IP address per-port, even if multiple IP addresses are configured by lldp config < port-list > ipAddrEnable on a given port. 802.1Q VLAN Information. LLDP packets do not include 802.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ProCurve# walkmib ifDescr ifDescr.1 = A1 ifDescr.2 = A2 ifDescr.3 = A3 . . . ifDescr.23 = A23 ifDescr.24 = A24 ifDescr.27 = B1 ifDescr.28 = B2 ifDescr.29 = B3 . . . ifDescr.48 = B22 ifDescr.49 = B23 ifDescr.50 = B24 . . . Beginning and Ending of Port Number Listing for Slot A Beginning and Ending of Port Number Listing for Slot B Figure 14-27.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note ■ If the switch receives both LLDP and CDP advertisements on the same port from the same neighbor the switch stores this information as two separate entries if the advertisements have differences chassis ID and port ID information. ■ If the chassis and port ID information are the same, the switch stores this information as a single entry.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Protocol State Packet Generation Inbound Data Management Inbound Packet Forwarding CDP Enabled1 n/a Store inbound CDP data. CDP Disabled n/a No storage of CDP data from Floods inbound CDP packets neighbor devices. from connected devices to outbound ports. No forwarding of inbound CDP packets. LLDP Enabled1 Generates and Store inbound LLDP data. transmits LLDP packets out all ports on the switch.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note Command Page show cdp 14-83 show cdp neighbors [< port-list > detail] [detail < port-list >] 14-84 [no] cdp run 14-85 [no] cdp enable < port-list > 14-85 For details on how to use an SNMP utility to retrieve information from the switch’s CDP Neighbors table maintained in the switch’s MIB (Management Information Base), refer to the documentation provided with the particular SNMP utility.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Viewing the Switch’s Current CDP Neighbors Table. Devices are listed by the port on which they were detected. Syntax: show cdp neighbors Lists the neighboring CDP devices the switch detects, with a subset of the information collected from the device’s CDP packet. [ [e] port-numb [detail] ] Lists the CDP device connected to the specified port. (Allows only one port at a time.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Disabling CDP Operation. Disabling CDP operation clears the switch’s CDP Neighbors table and causes the switch to drop inbound CDP packets from other devices without entering the data in the CDP Neighbors table. Syntax: [no] cdp run Enables or disables CDP read-only operation on the switch.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) 14-86
15 Redundancy (Switches 8200zl) Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-2 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-2 How the Management Modules Interact . . . . . . . . . . . . . . . . . . . . . . . 15-3 Using Redundant Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-4 Displaying Redundancy Status . . . . . . . . . . . . . . .
Redundancy (Switches 8200zl) Contents Disabling Redundancy with Two Modules Present . . . . . . . . . . . . . 15-20 Disabling Redundancy With Only One Module Present . . . . . . . . . . 15-21 Displaying Management Information . . . . . . . . . . . . . . . . . . . . . . . . . 15-22 Active Management Module Commands . . . . . . . . . . . . . . . . . . . . . . 15-22 Show Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-22 Show Redundancy . . . . . . . . . . . . . . .
Redundancy (Switches 8200zl) Overview Overview Redundancy provides the ability to keep your switch operating by using dual management modules, one active module and one standby module. In the event of a failure, the currently active management module will switchover to the standby management module, which then becomes the active management module.
Redundancy (Switches 8200zl) Overview Secondary Image. The software version stored in secondary flash on each management module. Selftest. A test performed at boot to ensure the management module is functioning correctly. If the module fails selftest, it does not go into active or standby mode. If both modules fail selftest, the switch does not boot. Switchover. When the other management module becomes the active management module.
Redundancy (Switches 8200zl) Using Redundant Management Using Redundant Management There are new CLI commands for redundant management as well as modifications to existing commands.
Redundancy (Switches 8200zl) Using Redundant Management ProCurve(config)# show redundancy Settings -------Mgmt Redundancy : enabled Statistics ---------Failovers : 0 Last Failover : Slot ---1 2 Module Description ---------------------------------------ProCurve J9092A Management Module 8200zl ProCurve J9092A Management Module 8200zl Status -------Active Standby 1 2 ProCurve J9093A F2 Fabric Module 8200zl ProCurve J9093A F2 Fabric Module 8200zl Enabled Enabled SW Version ---------K.12.XX K.12.
Redundancy (Switches 8200zl) Using Redundant Management ProCurve(config)# redundancy management-module All configuration files and software images on the off-line management module will be overwritten with the data from the current active management module.
Redundancy (Switches 8200zl) Using Redundant Management ProCurve(config)# no redundancy management-module The other management module will no longer be used for system redundancy except in the case of a hardware failure of the active management module.
Redundancy (Switches 8200zl) Using Redundant Management ProCurve(config)# redundancy switchover This management module will now reboot from primary image and will become the standby module! You will need to use the other management module's console interface. Do you want to continue [y/n]? y ROM information: Build directory: /sw/rom/build/bmrom(t2g) Build date: Mar 15 2007 Build time: 08:24:27 Build version: K.12.02 Build number: 13040 Select profile (primary): Booting Primary Software Image... . . .
Redundancy (Switches 8200zl) Using Redundant Management If the specified management module is not there or is in failed mode, this message displays: The is not present or is in failed state. Figure 15-5 shows an example of setting management module 2 to be the active management module. ProCurve(config)# redundancy active-management management-module2 On the next system boot, the management-module2 will become active. ProCurve(config)# boot system (boot occurs...
Redundancy (Switches 8200zl) Using Redundant Management ProCurve(config)# show redundancy Settings ------Mgmt Redundancy : Disabled Redundancy disabled Statistics --------Failovers : 0 Last Failover : Slot ---1 2 Module Description ---------------------------------------ProCurve J9092A Management Module 8200zl ProCurve J9092A Management Module 8200zl Status -------Active Offline 1 2 ProCurve J9093A Fabric Module 8200zl ProCurve J9093A Fabric Module 8200zl Enabled Enabled SW Version ----------K.12.
Redundancy (Switches 8200zl) Using Redundant Management Enabling and Disabling Fabric Modules The fabric modules can be enabled or disabled even if they are not present in the switch. You cannot disable both fabric modules at the same time; one must be enabled. Use this command to enable or disable the redundant fabric modules. Disabling one fabric module reduces the overall switching capacity of the 8200zl series switches.
Redundancy (Switches 8200zl) Management Module Switchover Management Module Switchover Events that Cause a Switchover There are a number of events that can cause the active management module to switchover to the standby management module when redundancy is enabled: ■ The active management module crashes ■ The standby management module does not receive a heartbeat from the active management module ■ The redundancy switchover command is executed ■ The active management module is hotswapped out ■ The
Redundancy (Switches 8200zl) Management Module Switchover ■ Learned routes (from routing protocols) ■ MAC addresses ■ IGMP, LACP, GVRP, LLDP, CDP, 802.1X, STP, VRRP, PIM learned data ■ Web auth and MAC auth connections ■ IDM data ■ AAA accounting data ■ Telnet connection to the switch ■ SNMP sample rates Resetting the Management Module The MM Reset button found on each management module reboots its management module.
Redundancy (Switches 8200zl) Hotswapping Management Modules Hotswapping Management Modules Hotswapping Out the Active Management Module You can hotswap out the active management module and have switch operations taken over by the standby management module by following the correct shutdown procedure on the active module using the MM Shutdown button.
Redundancy (Switches 8200zl) Hotswapping Management Modules When the Standby Module is not Available If you have disabled redundancy with the no redundancy management-module command, or the standby module failed selftest, the Dwn LED will not turn green to indicate it is OK to hotswap out the active management module.
Redundancy (Switches 8200zl) Downloading a New Software Version Downloading a New Software Version File Synchronization after Downloading After downloading a new software version to either the primary or secondary flash of the active management module, the software version is immediately copied to the corresponding flash (primary or secondary) of the standby module unless the standby module failed selftest or redundancy was disabled with the no redundancy management-module command.
Redundancy (Switches 8200zl) Downloading a New Software Version (you can verify this using the show redundancy command), you can now switch over to the management module running the newer software with this command: ProCurve# redundancy switchover This causes a switchover to the management module that received the new software version, which becomes the active management module. This method incurs the least amount of network downtime for booting. If downtime is not an issue, use the boot system command.
Redundancy (Switches 8200zl) Downloading a New Software Version Caution If you have booted one module out of primary flash and one module out of secondary flash, and the secondary flash is running a prior software version because the latest version was never copied over from the primary flash, you will have an software version mismatch. The configuration file may not work with that software version. See “Software Version Mismatch Between Active and Hotswapped Module” on page 15-16 for more information.
Redundancy (Switches 8200zl) Downloading a New Software Version ProCurve(config)# show version Management Module 1: Active Image stamp: /sw/code/build/btm(t2g) Mar 15 2007 12:28:32 K.12.30 64 Boot Image: Primary Mismatch exists Management Module 2: Standby Image stamp: /sw/code/build/btm(t2g) Mar 21 2007 14:24:38 K.12.
Redundancy (Switches 8200zl) Downloading a Software Version Serially if the Management Module is Corrupted Downloading a Software Version Serially if the Management Module is Corrupted If the software version on a management module becomes corrupted, you may need to do a serial download to restore the affected module. The noncorrupted management module becomes the active module. You can then use the serial port on the corrupted management module to download a new software version.
Redundancy (Switches 8200zl) Turning Off Redundant Management Note Even if redundancy has been disabled, the specified management module will become the active management module at the next system boot if you use the redundancy active-management command. You are warned that you may not be using current configurations. See “Setting the Active Management Module for Next Boot” on page 15-9.
Redundancy (Switches 8200zl) Displaying Management Information The currently active module remains active on boot (assuming no selftest failure) unless you make the newly inserted management module active using this command: ProCurve(config)# redundancy active-management standby The standby management module becomes the active management module.
Redundancy (Switches 8200zl) Displaying Management Information ProCurve(config)# show modules details Status and Counters - Module Information Chassis: 8212zl J8715A Serial Number: SG560TN124 Slot Module Description Serial Number ------------------ ---------------------------------------MM1 ProCurve J9092A Management Module 8200zl AD722BX88F SSM ProCurve J8784A System Support Module AF988DC78G 446S2BX007 C ProCurve J8750A 20p +4 Mini-GBIC Module GBIC 1: J4859B 1GB LX-LC 4720347DFED734 4720347DFED735 GBIC 2
Redundancy (Switches 8200zl) Displaying Management Information Show Flash The show flash command displays which software version is in each flash image. The Default Boot field displays which flash image will be used for the next boot. ProCurve(config)# show flash Image Size(Bytes) Date -------------- -------Primary Image : 7463821 03/05/07 Secondary Image : 7463821 03/05/07 Boot Rom Version: K.12.01 Default Boot : Primary Version ------K.12.XX K.12.
Redundancy (Switches 8200zl) Displaying Management Information ProCurve(config)# show version Management Module 1: Redundancy and Synchronization has been disabled: enable with the ‘redundancy’ command. Management Module 2: Active Image stamp: /sw/code/build/btm(t2g) Mar 5 2007 13:20:59 K.12.XX 351 Boot Image: Primary Figure 15-17. Example of show version Command when Redundancy is Disabled Show Log The show log command displays the status of the switch and its management modules.
Redundancy (Switches 8200zl) Displaying Management Information Standby Management Module Commands The standby management module, by design, has very little console capability. You can use three commands—show flash, show version, and show redundancy. The show redundancy command displays when a management module is in standby mode. Show Redundancy Use the show redundancy command to display redundancy status on the standby module, as shown in Figure 15-19.
Redundancy (Switches 8200zl) Displaying Management Information Standby Console> show flash Image Size(Bytes) Date Version -------------- -------- ------Primary Image : 7493854 03/21/07 K.12.XX Secondary Image : 7463821 03/05/07 K.12.XX Boot Rom Version: K.12.03 Default Boot : Primary Build # ------1617 351 Will boot from primary flash on the next boot. Figure 15-20.
Redundancy (Switches 8200zl) Existing CLI Commands Affected by Redundant Management Existing CLI Commands Affected by Redundant Management Several existing commands have changes related to redundant management. Boot Command In redundant management systems, the boot or boot active command causes a switchover to the standby management module as long as the standby module is in standby mode.
Redundancy (Switches 8200zl) Existing CLI Commands Affected by Redundant Management Command Action Boot active Boots the active management module. The switch starts to boot from the default flash image. You can select which image to boot from during the boot process itself. See Figure 15-22. The switch will switchover to the standby management module. If a second management module is not present in the switch, the system is rebooted. Boot standby Boots the standby management module.
Redundancy (Switches 8200zl) Existing CLI Commands Affected by Redundant Management ProCurve(config)# boot set-default flash secondary This command changes the location of the default boot. This command will change the default flash image to boot from secondary. Hereafter, ‘reload’ and ‘boot’ commands will boot from secondary.
Redundancy (Switches 8200zl) Existing CLI Commands Affected by Redundant Management ProCurve(config)# show flash Image Size(Bytes) Date -------------- -------Primary Image : 7463821 03/05/07 Secondary Image : 7463821 03/05/07 Boot Rom Version: K.12.01 Default Boot : Primary Version ------K.12.XX K.12.XX Build # ------351 351 ProCurve(config)# boot set-default flash secondary This command changes the location of the default boot. This command will change the default flash image to boot from secondary.
Redundancy (Switches 8200zl) Existing CLI Commands Affected by Redundant Management Command Action reload Boots (warm reboot) the active management module. Switchover to the standby management module occurs if redundancy is enabled. If redundancy is disabled or there is no standby management module, the reload command boots the system. Note: If the running config file is different from the stored config file, you will be prompted to save the config file.
Redundancy (Switches 8200zl) Existing CLI Commands Affected by Redundant Management Additional Commands Affected by Redundant Management The other existing commands operate with redundant management as shown below. 15-34 Command Action auto-tftp If a new image is downloaded using auto-tftp, the active management module downloads the new software version to both the active and standby modules. Rebooting after the auto-tftp completes reboots the entire system.
Redundancy (Switches 8200zl) Existing CLI Commands Affected by Redundant Management Command Action fastboot When fastboot is enabled, this information is saved to the standby management module when the config files are sync’d. The fastboot value is used during the next boot on both modules. front-panel-security factory-reset password-clear password-recovery This command and its options only affects the active management module.
Redundancy (Switches 8200zl) Using the Web Browser for Redundant Management Using the Web Browser for Redundant Management The web browser interface can be used to display information about the active and standby management modules. To learn more about using the web browser interface on your switch, see the chapter “Using the ProCurve Web Browser Interface” in this guide. Online Help is available for the web browser interface.
Redundancy (Switches 8200zl) Using the Web Browser for Redundant Management Overview Page To view status information about the management modules select the Status tab, and then the Overview button. The following information is shown: ■ Which module is the active module and which is the standby module ■ Version of software running on each management module ■ The SystemUp Time since the last reboot. Figure 15-27.
Redundancy (Switches 8200zl) Using the Web Browser for Redundant Management Figure 15-28.Redundancy Status Page Showing Information about the Active and Standby Modules Device View Page The Device View page displays a graphical representation of the switch. Select the Configuration tab and then the Device View button.
Redundancy (Switches 8200zl) Using the Web Browser for Redundant Management Figure 15-29.
Redundancy (Switches 8200zl) Management Module LED Behavior Management Module LED Behavior Active (Actv) LED Behavior The Actv (Active) LED shows the LED behavior for various states on the active and standby management modules. See Table 15-2 for the available states and what they indicate. Refer to the Installation and Getting Started Guide for your switch for more information about LEDs. Figure 15-30. The Actv LED on the Management Module Table 15-2.
Redundancy (Switches 8200zl) Logging Messages Logging Messages Log File The log file displays messages about the activities and status of the management modules. Enter this command to display the messages: Syntax: show logging Displays log events. For more information on command options available with the show logging command, see “CLI: Displaying the Event Log” in the “Troubleshooting” chapter of this guide. An example of the log file listing is shown in Figure 15-31.
Redundancy (Switches 8200zl) Logging Messages Crash Files Crash logs for all modules are always available on the active management module. The copy crash-log and copy crash-data commands can be used to copy the information to a file of your choice. Syntax: copy crash-log [ | mm] tftp Copies both the active and standby management modules’ crash logs to a user-specified file. If no parameter is specified, files from all modules (management and interface) are concatenated.
Redundancy (Switches 8200zl) Logging Messages ProCurve Switch 8200zl$ show boot-history Mgmt Module 1 -- Saved Crash Information (most recent first): ============================================================= Mgmt Module 1 in Active Mode went down: 11/07/05 14:48:36 Operator warm reload from CONSOLE session. Mgmt Module 1 in Active Mode went down: 11/07/05 11:43:10 Operator cold reboot from CONSOLE session.
Redundancy (Switches 8200zl) Notes on How the Active Module is Determined Notes on How the Active Module is Determined Both management modules run selftest routines to determine which module becomes the active management module and which becomes the standby management module. The module that was last active in the chassis is given precedence and becomes the “active” module. This module will be the one that is booted going forward.
Redundancy (Switches 8200zl) Notes on How the Active Module is Determined Diagram of Decision Process Both management modules start to boot Switch fails to boot Yes Both modules fail selftest No Module passing selftest becomes active Yes One module fails selftest No Module last booted in chassis becomes active module Yes One module booted In chassis Both modules were booted In this chassis No No Module 1 becomes active module Yes Yes Module 1 booted most recently No Module 2 becomes ac
Redundancy (Switches 8200zl) Event Log Messages Event Log Messages # System Message Severity Description 1 Mgmt module [1 or 2] went down without saving crash information info The specified management module went down without saving the crash information. RMON_BOOT_NO_CRASH_RECORD 2 Mgmt module [1 or 2] went down info The specified management module was rebooted. RMON_BOOT_CRASH_RECORD0 4 Boot-up selftest failed fatal The boot up selftest of the management module failed.
Redundancy (Switches 8200zl) Event Log Messages # System Message Severity Description 15 Mgmt Module [1 or 2] - Running different version of SW info The specified management module is running a different version of software from the other management module. RMON_SYSTEM_MGMT_OS_DIFF 16 Mgmt Module [1 or 2] - Failover occurred warn Switchover occurred.
Redundancy (Switches 8200zl) Event Log Messages # System Message Severity Description 24 Initial active to standby sync started info Indicates the beginning of the initial synchronization of the active management module’s flash image to the standby management module. RMON_SYSTEM_SYNC_BEGIN 25 Initial active to standby sync complete info Indicates the end of the initial synchronization of the active management module’s flash image to the standby management module.
A File Transfers Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3 Downloading Switch Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3 General Software Download Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4 Using TFTP To Download Software from a Server . . . . . . . . . . . . . . A-4 Menu: TFTP Download from a Server to Primary Flash . . . . . . .
File Transfers Contents TFTP: Copying a Software Image to a Remote Host . . . . . . . . . A-27 Xmodem: Copying a Software Image from the Switch to a Serially Connected PC or UNIX Workstation . . . . . . . . . . . . . . . A-27 USB: Copying a Software Image to a USB Device . . . . . . . . . . . A-28 Transferring Switch Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . A-28 TFTP: Copying a Configuration File to a Remote Host . . . . . . .
File Transfers Contents Operating Notes and Restrictions . . . . . . . . . . . . . . . . . . . . . . . . A-50 Autorun and Configuring Passwords . . . . . . . . . . . . . . . . . . . . . . A-50 Viewing Autorun Configuration Information . . . . . . . . . . . . . . . . . . .
File Transfers Overview Overview The switches covered in this guide support several methods for transferring files to and from a physically connected device, or via the network, including TFTP, Xmodem, and USB. This appendix explains how to download new switch software, upload or download switch configuration files and software images, and upload command files for configuring Access Control Lists (ACLs).
File Transfers Downloading Switch Software General Software Download Rules Note ■ Switch software that you download via the menu interface always goes to primary flash. ■ After a software download, you must reboot the switch to implement the new software. Until a reboot occurs, the switch continues to run on the software it was using before the download commenced. Downloading new switch software does not change the current switch con figuration.
File Transfers Downloading Switch Software Menu: TFTP Download from a Server to Primary Flash Note that the menu interface accesses only the primary flash. 1. In the console Main Menu, select Download OS to display the screen in figure A-1. (The term “OS”, or “operating system” refers to the switch software): Figure A-1. 2. Press [E] (for Edit). 3. Ensure that the Method field is set to TFTP (the default). 4.
File Transfers Downloading Switch Software A “progress” bar indicates the progress of the download. When the entire software file has been received, all activity on the switch halts and you will see Validating and writing system software to FLASH... 7. After the primary flash memory has been updated with the new software, you must reboot the switch to implement the newly downloaded software. Return to the Main Menu and press [6] (for Reboot Switch).
File Transfers Downloading Switch Software To find more information on the cause of a download failure, examine the messages in the switch’s Event Log by executing the show log tftp command from the CLI. Also: ■ For more on the Event Log, see “Using the Event Log for Troubleshooting Switch Problems” on page C-27. ■ For descriptions of individual Event Log messages, refer to the latest version of the Event Log Message Reference Guide for your switch, available on the ProCurve website.
File Transfers Downloading Switch Software For example, to download a switch software file named k0800.swi from a TFTP server with the IP address of 10.28.227.103 to primary flash: 1. Execute copy as shown below: Dynamic counter continually displays the number of bytes transferred. Figure A-4. 2. This message means that the image you want to upload will replace the image currently in primary flash.
File Transfers Downloading Switch Software Enabling TFTP TFTP is enabled by default on the switch. If TFTP operation has been disabled, you can re-enable it by specifying TFTP client or server functionality with the tftp command at the global configuration level.
File Transfers Downloading Switch Software Using Auto-TFTP The auto-tftp command allows you to configure the switch to download software automatically from a TFTP server. How It Works. At switch startup, the auto-TFTP feature automatically downloads a specified software image to the switch from a specified TFTP server, then reboots the switch.
File Transfers Downloading Switch Software Using Secure Copy and SFTP For some situations you may want to use a secure method to issue commands or copy files to the switch. By opening a secure, encrypted SSH session and enabling ip ssh file transfer, you can then use a third-party software application to take advantage of Secure Copy (SCP) and Secure ftp (SFTP).
File Transfers Downloading Switch Software Protocol major versions differ: 2 vs. 1 Connection closed Protocol major versions differ: 1 vs. 2 Connection closed Received disconnect from < ip-addr >: /usr/local/ libexec/sftp-server: command not supported Connection closed SCP (secure copy) is an implementation of the BSD rcp (Berkeley UNIX remote copy) command tunneled through an SSH connection. SCP is used to copy files to and from the switch when security is required. SCP works with both SSH v1 and SSH v2.
File Transfers Downloading Switch Software Disable TFTP and Auto-TFTP for Enhanced Security Using the ip ssh filetransfer command to enable Secure FTP (SFTP) automat ically disables TFTP and auto-TFTP (if either or both are enabled). ProCurve(config)# ip ssh filetransfer Tftp and auto-tftp have been disabled. ProCurve(config)# sho run Enabling SFTP automatically disables TFTP and auto-tftp and displays this message. Running configuration: ; J8697 Configuration Editor; Created on release #K.11.
File Transfers Downloading Switch Software Enables/Disables TFTP. Note: If SFTP is enabled, this field will be set to No. You cannot use this field to enable TFTP if SFTP is enabled. Attempting to do so produces an Inconsistent value message in the banner below the Actions line. Figure A-6. Using the Menu Interface To Disable TFTP ■ While SFTP is enabled, TFTP and auto-TFTP cannot be enabled from the CLI.
File Transfers Downloading Switch Software Note As a matter of policy, administrators should not enable the SSHv1-only or the SSHv1-or-v2 advertisement modes. SSHv1 is supported on only some legacy switches (such as the ProCurve Series 2500 switches). To confirm that SSH is enabled type in the command ProCurve(config)# show ip ssh Once you have confirmed that you have enabled an SSH session (with the show ip ssh command), enter ip ssh filetransfer so that SCP and/or SFTP can run.
File Transfers Downloading Switch Software ■ When an SFTP client connects, the switch provides a file system display ing all of its available files and folders. No file or directory creation is permitted by the user. Files may only be uploaded or downloaded, accord ing to the permissions mask. All of the necessary files the switch will need are already in place on the switch. You do not need to (nor can you create) new files. ■ The switch supports one SFTP session or one SCP session at a time.
File Transfers Downloading Switch Software | authorized_keys \---oper_keys authorized_keys \---core (this directory is not available on the 8212zl) | mm1.cor management module or management function | im_a.cor interface module (chassis switches only) | im_b.cor interface module (chassis switches only) | im_1.cor interface module (chassis switches only) | port_1-24.cor core-dump for ports 1-24 (stackable switches only) | port_25-48.
File Transfers Downloading Switch Software ssh: read error Bad file number, session aborted I 01/ 01/90 00:06:11 00636 ssh: sftp session from ::ffff:10.0.12.35 W 01/01/90 00:06:26 00641 ssh: sftp read error Bad file number, session aborted I 01/ 01/90 00:09:54 00637 ssh: scp session from ::ffff:10.0.12.35 W 01/01/90 ssh: scp read error Bad file number, session aborted Note The Bad file number is from the system error value and may differ depending on the cause of the failure.
File Transfers Downloading Switch Software Using Xmodem to Download Switch Software From a PC or UNIX Workstation This procedure assumes that: ■ The switch is connected via the Console RS-232 port to a PC operating as a terminal. (Refer to the Installation and Getting Started Guide you received with the switch for information on connecting a PC as a terminal and running the switch console interface.) ■ The switch software is stored on a disk drive in the PC.
File Transfers Downloading Switch Software 6. After the primary flash memory has been updated with the new software, you must reboot the switch to implement the newly downloaded software. Return to the Main Menu and press [6] (for Reboot Switch). You will then see the following prompt: Continue reboot of system? : No Press the space bar once to change No to Yes, then press [Enter] to begin the reboot. 7. To confirm that the software downloaded correctly: a. From the Main Menu, select 1.
File Transfers Downloading Switch Software c. In the Protocol field, select Xmodem. d. Click on the [Send] button. The download can take several minutes, depending on the baud rate used in the transfer. 3. When the download finishes, you must reboot the switch to implement the newly downloaded software. To do so, use one of the following commands: Syntax: boot system flash Reboots from the selected flash. Syntax: reload Reboots from the flash image currently in use.
File Transfers Downloading Switch Software Note ■ To view the contents of a USB flash drive, use the dir command. This will list all files and directories at the root. To view the contents of a directory, you must specify the subdirectory name (that is, dir ). ■ The USB port supports connection to a single USB device. USB hubs to add more ports are not supported. Some USB flash drives may not be supported on your switch.
File Transfers Downloading Switch Software For example, to copy a switch software file named k0800.swi from a USB device to primary flash: 1. Execute copy as shown below: This message means that the image you want to upload will replace the image currently in primary flash. Figure A-7. 2.
File Transfers Downloading Switch Software Menu: Switch-to-Switch Download to Primary Flash Using the menu interface, you can download a switch software file from either the primary or secondary flash of one switch to the primary flash of another switch of the same series. 1. From the switch console Main Menu in the switch to receive the down load, select 7. Download OS screen. 2. Ensure that the Method parameter is set to TFTP (the default). 3.
File Transfers Downloading Switch Software CLI: Switch-To-Switch Downloads Where two switches in your network belong to the same series, you can download a software image between them by initiating a copy tftp command from the destination switch. The options for this CLI feature include: ■ Copy from primary flash in the source to either primary or secondary in the destination. ■ Copy from either primary or secondary flash in the source to either primary or secondary flash in the destination.
File Transfers Downloading Switch Software Syntax: copy tftp flash < ip-addr > < /os/primary > | < /os/secondary > [ primary | secondary ] [oobm] This command (executed in the destination switch) gives you the most options for downloading between switches. If you do not specify either a primary or secondary flash location for the destination, the download automatically goes to primary flash.
File Transfers Copying Software Images Copying Software Images Using the CLI commands described in this section, you can copy software images from the switch to another device using tftp, xmodem, or usb. Note For details on how switch memory operates, including primary and secondary flash, refer to Chapter 6, “Switch Memory and Configuration”.
File Transfers Transferring Switch Configurations For example, to copy the primary flash image to a serially connected PC: 1. Execute the following command: Procurve# copy xmodem flash Press ‘Enter’ and start XMODEM on your host... 2. After you see the above prompt, press [Enter]. 3. Execute the terminal emulator commands to begin the file transfer. USB: Copying a Software Image to a USB Device To use this method, a USB flash memory device must be connected to the switch’s USB port.
File Transfers Transferring Switch Configurations Using the CLI commands described in this section, you can copy switch configurations to and from a switch, or copy a software image to configure or replace an ACL in the switch configuration. Note For greater security, you can perform all TFTP operations using SFTP as described in the section on Using Secure Copy and SFTP on page A-12.
File Transfers Transferring Switch Configurations TFTP: Copying a Configuration File from a Remote Host Syntax: copy tftp < startup-config | running-config > < ip-address > < remote-file > [ pc | unix ] [oobm] copy tftp config < filename > < ip-address > < remote-file > [ pc | unix ] [oobm] This command can copy a configuration from a remote host to a designated config file in the switch. For more on multiple configuration files, refer to “Multiple Configuration Files” on page 6-26.
File Transfers Transferring Switch Configurations Syntax: copy tftp show-tech [oobm] Copy a customized command file to the switch. For switches that have a separate out-of-band management port, the oobm parameter specifies that the transfer will be through the out-of-band management interface. If this param eter is not specified, the transfer will be through the data interface.
File Transfers Transferring Switch Configurations Xmodem: Copying a Configuration File to a Serially Connected PC or UNIX Workstation To use this method, the switch must be connected via the serial port to a PC or UNIX workstation. You will need to: ■ Determine a filename to use. ■ Know the directory path you will use to store the configuration file.
File Transfers Transferring Switch Configurations Syntax: copy xmodem startup-config < pc | unix > copy xmodem config < filename > < pc | unix > Copies a configuration file from a serially connected PC or UNIX workstation to a designated configuration file on the switch. For more on multiple configuration files, refer to “Multiple Configuration Files” on page 6-26. For example, to copy a configuration file from a PC serially connected to the switch: 1. Execute the following command: 2.
File Transfers Transferring Switch Configurations USB: Copying a Configuration File to a USB Device To use this method, a USB flash memory device must be connected to the switch’s USB port. Syntax: copy startup-config usb < filename> copy running-config usb < filename > Uses the USB port to copy a designated configuration file from the switch to a USB flash memory device. For more on multiple configuration files, refer to “Multiple Configuration Files” on page 6-26.
File Transfers Transferring ACL Command Files Transferring ACL Command Files This section describes how to upload and execute a command file to the switch for configuring or replacing an Access Control List (ACL) in the switch configuration. Such files should contain only ACE (Access Control Entry) commands.
File Transfers Transferring ACL Command Files For example, suppose you: 1. Created an ACL command file named vlan10_in.txt to update an existing ACL. 2. Copied the file to a TFTP server at 18.38.124.16. Using a PC workstation, you then execute the following from the CLI to upload the file to the switch and implement the ACL commands it contains: ProCurve(config)# copy tftp command-file 18.38.124.16 vlan10_in.
File Transfers Transferring ACL Command Files Xmodem: Uploading an ACL Command File from a Serially Connected PC or UNIX Workstation Syntax: copy xmodem command-file < unix | pc > Uses Xmodem to copy and executes an ACL command from a PC or Unix workstation. Depending on the ACL commands used, this action does one of the following in the running config file: ■ Creates a new ACL. ■ Replaces an existing ACL.
File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation Using a PC workstation, you then execute the following from the CLI to upload the file to the switch and implement the ACL commands it contains: ProCurve(config)# copy usb command-file vlan10_in.txt pc The switch displays this message: Running configuration may change, do you want to continue [y/n]? To continue with the upload, press the [Y] key. To abort the upload, press the [N] key.
File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation Copying Command Output to a Destination Device Syntax: copy command-output < “cli-command” > tftp < ip-address > < filepath filename > [oobm] copy command-output < “cli-command” > usb < filename > copy command-output <“cli-command”> xmodem These commands direct the displayed output of a CLI command to a remote host, attached USB device, or to a serially connected PC or UNIX workstation.
File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation Copying Event Log Output to a Destination Device Syntax: copy event-log tftp < ip-address > < filepath_filename > [oobm] copy event-log usb < filename > copy event-log xmodem These commands copy the Event Log content to a remote host, attached USB device, or to a serially connected PC or UNIX workstation.
File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation Syntax: copy crash-data [] tftp [oobm] copy crash-data [] usb copy crash-data [] xmodem where: slot-id = mm oobm a - h, and retrieves the crash log or crash data from the processor on the module in the specified slot. Retrieves crash log or crash data from the switch’s chassis processor.
File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation slot-id: retrieves the crash data from the module in the specified slot. mm: retrieves the crash data from both management modules and concatenates them. oobm: For switches that have a separate out-of-band management port, specifies that the transfer will be through the out-of-band management interface. (Default is transfer through the data interface.
File Transfers Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation At this point, press [Enter] and start the Xmodem command sequence in your terminal emulator. Figure A-16. Example of sending a Crash Log for Slot C to a File on an Attached PC Copying Crash Logs with Redundant Management. When you are using redundant management, the copy crash-log command operates somewhat differently.
File Transfers Enabling or Disabling the USB Port Enabling or Disabling the USB Port This feature allows configuration of the USB port with either the CLI or SNMP. To enable/disable the USB port with the CLI: Syntax: usb-port no usb-port Enables the USB port. The no form of the command disables the USB port and any access to the device. To display the status of the USB port: Syntax: show usb-port Displays the status of the USB port. It can be enabled, disabled, or not present.
File Transfers Enabling or Disabling the USB Port The autorun feature only works when a USB device is inserted and the USB port is enabled. Behavior of Autorun When USB Port is Disabled Software Versions K.13.XX Operation When using software version K.13.58, if the USB port is disabled (no usb-port command), the USB autorun function does not work in the USB port until the USB port is enabled, the config file is saved, and the switch is rebooted.
File Transfers Using USB Autorun Using USB Autorun USB autorun helps ease the configuration of ProCurve switches by providing a way to auto-execute CLI commands from a USB flash drive. Using this solution, you can create a command file (also known as an AutoRun file), write it to a USB storage device, and then execute the file simply by inserting the USB device in to the switch’s ‘Auxiliary Port’.
File Transfers Using USB Autorun d. determine if the file will be ‘run once’ (moved to a ‘processed’ direc tory on execution) or ‘run many’ (kept in the root directory of the flash drive from where it can be executed again). 2. Deploy the AutoRun file to a USB flash drive. 3. (If required) Enable the autorun feature on the switch (autorun is enabled by default unless an operator or manager password has been set—see “Autorun and Configuring Passwords” on page A-51). 4.
File Transfers Using USB Autorun Troubleshooting Autorun Operations You can verify autorun operations by checking the following items: USB Auxiliary Port LEDs. The following table shows LED indications on the Auxiliary Port that allow you to identify the different USB operation states. Color State Meaning Green Slow Blinking Switch is processing USB AutoRun file. Green Solid Switch has finished processing USB AutoRun file.
File Transfers Using USB Autorun Event Log or Syslog. For details on how to use the switch’s event log or syslog for help in isolating autorun-related problems, see “Using the Event Log for Troubleshooting Switch Problems” on page C-27. Configuring Autorun on the Switch To enable/disable the autorun feature on the switch, the following commands can be executed from configuration mode in the CLI. Syntax: [no] autorun [encryption-key | secure-mode] Enables/disables USB autorun on the switch.
File Transfers Using USB Autorun Operating Notes and Restrictions ■ Autorun is enabled by default, until passwords are set on the device. ■ Secure-mode and encryption-key are disabled by default. ■ To enable secure mode both an encryption key and trusted certificate must be set. ■ If secure-mode is enabled, the following conditions apply: • the encryption-key cannot be removed/un-configured; • the key-pair cannot be removed.
File Transfers Using USB Autorun Viewing Autorun Configuration Information The show autorun command displays autorun configuration status information as shown in the following example.
B Monitoring and Analyzing Switch Operation Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3 Status and Counters Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-4 Menu Access To Status and Counters . . . . . . . . . . . . . . . . . . . . . . . . . B-5 General System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-6 Menu Access . . . . . . . . . . . . . . . . . . . . . .
Monitoring and Analyzing Switch Operation Contents Web Browser Interface Status Information . . . . . . . . . . . . . . . . . . . . B-26 Traffic Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-27 Mirroring Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-29 Mirrored Traffic Destinations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-32 Local Destinations . . . . . . . . . . . . . . . . . . . . . . .
Monitoring and Analyzing Switch Operation Contents Viewing a Classifier-Based Mirroring Configuration . . . . . . . . . B-72 Classifier-Based Mirroring Restrictions . . . . . . . . . . . . . . . . . . . B-72 Applying Multiple Mirroring Sessions to an Interface . . . . . . . . B-74 Displaying a Mirroring Configuration . . . . . . . . . . . . . . . . . . . . . . . . . B-75 Displaying All Mirroring Sessions Configured on the Switch . B-75 Displaying the Remote Endpoints Configured on the Switch .
Monitoring and Analyzing Switch Operation Overview Overview The switches covered in this guide have several built-in tools for monitoring, analyzing, and troubleshooting switch and network operation: Note B-4 ■ Status: Includes options for displaying general switch information, man agement address data, port status, port and trunk group statistics, MAC addresses detected on each port or VLAN, and STP, IGMP, and VLAN data (page B-5).
Monitoring and Analyzing Switch Operation Status and Counters Data Status and Counters Data This section describes the status and counters screens available through the switch console interface and/or the web browser interface. Note Status or Counters Type You can access all console screens from the web browser interface via Telnet to the console. Telnet access to the switch is available in the Device View window under the Configuration tab.
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access To Status and Counters Beginning at the Main Menu, display the Status and Counters menu by select ing: 1. Status and Counters Figure B-1. The Status and Counters Menu Each of the above menu items accesses the read-only screens described on the following pages. Refer to the online help for a description of the entries displayed in these screens.
Monitoring and Analyzing Switch Operation Status and Counters Data General System Information Menu Access From the console Main Menu, select: 1. Status and Counters 1. General System Information Figure B-2. Example of General Switch Information This screen dynamically indicates how individual switch resources are being used. Refer to the online Help for details.
Monitoring and Analyzing Switch Operation Status and Counters Data CLI Access to System Information The show system command displays general system information about the switch. Syntax: show system [chassislocate| information | power-supply | temperature | fans] Displays global system information and operational parameters for the switch. chassislocate Displays the chassisLocator LED status. Possible values are ON, Off, or Blink.
Monitoring and Analyzing Switch Operation Status and Counters Data ProCurve(config)# show system fans Fan Information Num | State | Failures -------+-------------+---------Sys-1 | Fan OK | 0 0 / 1 Fans in Failure State 0 / 1 Fans have been in Failure State Figure B-4.
Monitoring and Analyzing Switch Operation Status and Counters Data Syntax: [no] task-monitor cpu Allows the collection of processor utilization data. Only manager logins can execute this command. The settings are not persistent, that is, there are no changes to the configura tion.
Monitoring and Analyzing Switch Operation Status and Counters Data Figure B-7. Example of Management Address Information with VLANs Configured This screen displays addresses that are important for management of the switch. If multiple VLANs are not configured, this screen displays a single IP address for the entire switch. Refer to the online Help for details. Note As shown in figure B-7, all VLANs on the switches use the same MAC address.
Monitoring and Analyzing Switch Operation Status and Counters Data Module Information Use this feature to determine which slots have modules installed and which type(s) of modules are installed. Menu: Displaying Port Status From the Main Menu, select: 1. Status and Counters … 3. Module Information Figure B-8.
Monitoring and Analyzing Switch Operation Status and Counters Data CLI Access The CLI show modules command will display additional component informa tion for the following: ■ System Support Modules (SSM)—identification, including serial number ■ Mini-GBICS—a list of installed mini-GBICs displaying the type, “J” number, and serial number (when available) Syntax: show modules [details] Displays information about the installed modules, including: • The slot in which the module is installed • The module d
Monitoring and Analyzing Switch Operation Status and Counters Data ProCurve(config)# show modules details Status and Counters - Module Information Chassis: 8212zl J8715A Serial Number: SG560TN124 Slot Module Description Serial Number ------------------ ---------------------------------------MM1 ProCurve J9092A Management Module 8200zl AD722BX88F SSM ProCurve J8784A System Support Module AF988DC78G 446S2BX007 C ProCurve J8750A 20p +4 Mini-GBIC Module GBIC 1: J4859B 1GB LX-LC 4720347DFED734 4720347DFED735 GB
Monitoring and Analyzing Switch Operation Status and Counters Data Figure B-11. Example of Port Status on the Menu Interface CLI Access Syntax: show interfaces brief Web Access 1. Click on the Status tab. 2. Click on [Port Status].
Monitoring and Analyzing Switch Operation Status and Counters Data These features enable you to determine the traffic patterns for each port since the last reboot or reset of the switch. You can display: ■ A general report of traffic on all LAN ports and trunk groups in the switch, along with the per-port flow control status (On or Off). ■ A detailed summary of traffic on a selected port or trunk group. You can also reset the counters for a specific port.
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to Port and Trunk Statistics To access this screen from the Main Menu, select: 1. Status and Counters … 4. Port Counters Figure B-12. Example of Port Counters on the Menu Interface To view details about the traffic on a particular port, use the [v] key to highlight that port number, then select Show Details. For example, selecting port A2 displays a screen similar to figure B-13, below. Figure B-13.
Monitoring and Analyzing Switch Operation Status and Counters Data CLI Access To Port and Trunk Group Statistics To Display the Port Counter Summary Report. Syntax: show interfaces This command provides an overview of port activity for all ports on the switch. To Display a Detailed Traffic Summary for Specific Ports. . Syntax: show interfaces < port-list > This command provides traffic details for the port(s) you specify To Reset the Port Counters.
Monitoring and Analyzing Switch Operation Status and Counters Data Note The clearing of statistics cannot be uncleared. Web Browser Access To View Port and Trunk Group Statistics Note 1. Click on the Status tab. 2. Click on [Port Counters]. 3. To refresh the counters for a specific port, click anywhere in the row for that port, then click on [Refresh]. To reset the port counters to zero, you must reboot the switch.
Monitoring and Analyzing Switch Operation Status and Counters Data 1. From the Main Menu, select: 1. Status and Counters 5. VLAN Address Table 2. The switch then prompts you to select a VLAN. 3. Use the Space bar to select the VLAN you want, then press [Enter]. The switch then displays the MAC address table for that VLAN: Figure B-14. Example of the Address Table To page through the listing, use Next page and Prev page. Finding the Port Connection for a Specific Device on a VLAN.
Monitoring and Analyzing Switch Operation Status and Counters Data 2. Type the MAC address you want to locate and press [Enter]. The address and port number are highlighted if found. If the switch does not find the MAC address on the currently selected VLAN, it leaves the MAC address listing empty. Located MAC Address and Corresponding Port Number Figure B-15. Example of Menu Indicating Located MAC Address 3. Press [P] (for Prev page) to return to the full address table listing.
Monitoring and Analyzing Switch Operation Status and Counters Data Determining Whether a Specific Device Is Connected to the Selected Port. Proceeding from step 2, above: 1. Press [S] (for Search), to display the following prompt: Enter MAC address: _ 2. Type the MAC address you want to locate and press [Enter]. The address is highlighted if found. If the switch does not find the address, it leaves the MAC address listing empty. 3. Press [P] (for Prev page) to return to the previous per-port listing.
Monitoring and Analyzing Switch Operation Status and Counters Data Spanning Tree Protocol (MSTP) Information CLI Access to MSTP Data This option lists the MSTP configuration, root data, and per-port data (cost, priority, state, and designated bridge). Syntax: show spanning-tree This command displays the switch’s global and regional spanning-tree status, plus the per-port spanning-tree operation at the regional level.
Monitoring and Analyzing Switch Operation Status and Counters Data Internet Group Management Protocol (IGMP) Status The switch uses the CLI to display the following IGMP status on a per-VLAN basis: Show Command Output show ip igmp Global command listing IGMP status for all VLANs configured in the switch: • VLAN ID (VID) and name • Active group addresses per VLAN • Number of report and query packets per group • Querier access port per VLAN show ip igmp Per-VLAN command listing above IGMP stat
Monitoring and Analyzing Switch Operation Status and Counters Data VLAN Information The switch uses the CLI to display the following VLAN status: Show Command Output show vlan Lists: • Maximum number of VLANs to support • Existing VLANs • Status (static or dynamic) • Primary VLAN show vlan For the specified VLAN, lists: • Name, VID, and status (static/dynamic) • Per-Port mode (tagged, untagged, forbid, no/auto) • “Unknown VLAN” setting (Learn, Block, Disable) • Port status (up/down) For ex
Monitoring and Analyzing Switch Operation Status and Counters Data Listing the VLAN ID (VID) and Status for Specific Ports. Because ports A1 and A2 are not members of VLAN 44, it does not appear in this listing. Figure B-20. Example of VLAN Listing for Specific Ports Listing Individual VLAN Status. Figure B-21.
Monitoring and Analyzing Switch Operation Status and Counters Data Web Browser Interface Status Information The “home” screen for the web browser interface is the Status Overview screen, as shown below. As the title implies, it provides an overview of the status of the switch, including summary graphs indicating the network utili zation on each of the switch ports, symbolic port status indicators, and the Alert Log, which informs you of any problems that may have occurred on the switch.
Monitoring and Analyzing Switch Operation Traffic Mirroring Traffic Mirroring Mirror Features Feature Mirror CLI Quick Reference Default n/a Menu CLI n/a B-45, B-47 Configure Mirror Source disabled page B-39 page B-49 Configure Mirror Destination at Source disabled page B-39 page B-52 Configure Remote Mirroring at Destination disabled Display Mirror Configuration n/a n/a page B-50 page B-39 page B-76 Starting in software release K.12.
Monitoring and Analyzing Switch Operation Traffic Mirroring Mirroring sources and sessions. Traffic mirroring supports the configura tion of port and VLAN interfaces as mirroring sources in up to four mirroring sessions on a switch. Each session can have one or more sources (ports and/or static trunks, a mesh, or a VLAN interface) that monitor traffic entering and/or leaving the switch. Configuration Notes Using the CLI, you can make full use of the switch’s local and remote mirroring capabilities.
Monitoring and Analyzing Switch Operation Traffic Mirroring The following commands have been deprecated: ■ interface monitor ip access-group in mirror < 1 - 4 | name-str > ■ vlan < vid-# > monitor ip access-group in mirror < 1 - 4 | name-str > After you install and boot release K.14.01 or greater, ACL-based local and remote mirroring sessions configured on a port or VLAN interface are auto matically converted to classifier-based mirroring policies.
Monitoring and Analyzing Switch Operation Traffic Mirroring A1 Switch A Network Switch B A2 B7 A15 Traffic Analyzer 1 Local mirroring session: Source Switch: Switch A Monitored interface: Port A2 Exit port: A15 Destination/Host: Traffic analyzer 1 Traffic Analyzer 2 Remote mirroring session: Source Switch: Switch A Monitored interface: Port A1 Remote exit switch: Switch B Remote exit port: B7 Destination/Host: Traffic analyzer 2 Figure B-23.
Monitoring and Analyzing Switch Operation Traffic Mirroring Caution An exit port should be connected only to a network analyzer, IDS, or other network edge device that has no connection to other network resources. Connecting a mirroring exit port to a network can result in serious network performance problems, and is strongly discouraged by ProCurve Networking. Exit Switch: The switch with the exit port to which a destination device is connected.
Monitoring and Analyzing Switch Operation Traffic Mirroring Mirrored Traffic Destinations Local Destinations A local mirroring traffic destination is a port on the same switch as the source of the traffic being mirrored. Remote Destinations A remote mirroring traffic destination is a ProCurve switch configured to operate as the exit switch for mirrored traffic sessions originating on other ProCurve switches.
Monitoring and Analyzing Switch Operation Traffic Mirroring Criteria for Selecting Mirrored Traffic On the monitored sources listed above, you can configure the following criteria to select the traffic you want to mirror: ■ Direction of traffic movement (entering or leaving the switch, or both) ■ Type of IPv4 or IPv6 traffic entering the switch, as defined by a classifierbased service policy (see “Selecting Inbound Traffic Using Advanced Classifier-Based Mirroring” on page B-66) In software release K.
Monitoring and Analyzing Switch Operation Traffic Mirroring ■ ■ You can reduce the risk of oversubscribing a single exit port by: • Directing traffic from different session sources to multiple exit ports • Configuring an exit port with a higher bandwidth than the monitored source port You can segregate traffic by type, direction, or source. Mirroring Configuration Table B-1 shows the different types of mirroring that you can configure using the CLI, Menu, and SNMP interfaces. Table B-1.
Monitoring and Analyzing Switch Operation Traffic Mirroring Configuration Notes Using the CLI, you can configure all mirroring options on a switch. Using the Menu or Web interface, you can configure only session 1 and only local mirroring in session 1 for traffic in both directions on specified inter faces.
Monitoring and Analyzing Switch Operation Traffic Mirroring • Directing traffic from different session sources to multiple exit ports • Configuring an exit port with a higher bandwidth than the monitored source port Migration to Release K.12.xx On a switch that is running a software release earlier than K.12.xx with one or more mirroring sessions configured, when you download and boot release K.12.
Monitoring and Analyzing Switch Operation Traffic Mirroring Figures B-24 and B-25 show how ACL-based selection criteria in a mirroring session are converted to a classifier-based policy and class configuration when you install release K.14.01 or greater on a switch. ProCurve(config)# show run Running configuration: Configuration of ACL 100 that is used to select mirrored traffic in session 1 . . . ip access-list extended "100" 10 permit icmp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.
Monitoring and Analyzing Switch Operation Traffic Mirroring Using the Menu or Web Interface To Configure Local Mirroring Menu and Web Interface Limits The Menu and Web interfaces can be used to quickly configure or reconfigure local mirroring on session 1, and allow one of the following two mirroring source options: ■ any combination of source port(s), trunk(s), and/or a mesh ■ one static, source VLAN interface The Menu and Web interfaces also have these limits: ■ Configure and display only session 1
Monitoring and Analyzing Switch Operation Traffic Mirroring Configuration Steps Notes If mirroring has already been enabled on the switch, the Menu screens will appear differently than shown in this section. 1. From the Main Menu, Select: 2. Switch Configuration... 3. Network Monitoring Port Enable mirroring by setting this parameter to “Yes”. Figure B-26. The Default Network Mirroring Configuration Screen B-40 2. In the Actions menu, press [E] (for Edit). 3.
Monitoring and Analyzing Switch Operation Traffic Mirroring Move the cursor to the Monitoring Port parameter, then use the Space bar to select the local exit port. Figure B-27. How To Select a Local Exit Port 5. Use the Space bar to select the port to use for sending mirrored traffic to a locally connected traffic analyzer or IDS. (The selected interface must be a single port. It cannot be a trunk or mesh.) In this example, port 5 is selected as the local exit port. 6.
Monitoring and Analyzing Switch Operation Traffic Mirroring 8. Use the down arrow key to move the cursor to the Action column for the individual port interfaces and position the cursor at a port, trunk, or mesh you want to mirror. Use the down arrow key to select the interface(s) whose traffic you want to mirror to the local exit port. 9. Press the Space bar to select Monitor for the port(s) and/or trunk(s) and/ or mesh that you want mirrored.
Monitoring and Analyzing Switch Operation Traffic Mirroring CLI: Configuring Local and Remote Mirroring Command Page Quick Reference Local Mirroring Commands Remote Mirroring Commands B-45 B-47 Configuring a Remote Mirroring Destination On the remote switch: mirror endpoint ip < src-ip > < src-udp-port > < dst-ip > < exit-port > On the local switch: mirror < session > remote ip < src-ip > < src-udp-port > < dst-ip > Configuring a Local Mirroring Destination On the local switch: mirror < session > port
Monitoring and Analyzing Switch Operation Traffic Mirroring ■ “Local Mirroring Overview” on page B-44 ■ “Remote Mirroring Overview” on page B-46 (The remote switch must be a ProCurve switch offering the full mirroring capabilities described in this chapter.) For a detailed description of each step in a mirroring configuration, refer to: “1. Determine the Mirroring Session and Destination” on page B-49 “2. Configure a Mirroring Destination on a Remote Switch” on page B-50 “3.
Monitoring and Analyzing Switch Operation Traffic Mirroring 3. 4. Determine the traffic to be selected for mirroring by any of the following methods and the appropriate configuration level (VLAN, port, mesh, trunk, switch): a. Direction: inbound, outbound, or both b. Classifier-based mirroring policy: inbound only for IPv4 or IPv6 traffic c. MAC source and/or destination address: inbound, outbound, or both Enter the monitor command to assign one or more source interfaces to the session.
Monitoring and Analyzing Switch Operation Traffic Mirroring Configure a Mirroring Policy to Select Inbound Traffic (Page B-66) class < ipv4 | ipv6 > < classname > [no] [seq-number] < match | ignore > < ip-protocol > < source-address > [ precedence precedence-value ] [ tos tos-value ] [ ip-dscp codepoint ] [ vlan vlan-id ] policy mirror < policy-name > [no] [seq-number] class < ipv4 | ipv6 > action mirror [action mirror < session > ...
Monitoring and Analyzing Switch Operation Traffic Mirroring 2. On the remote destination (endpoint) switch, enter the mirror endpoint command with the information from step 1 to configure a mirroring session for a specific exit port. 3. Determine the session (1 - 4) and (optional) alphanumeric name to use on the source switch. 4. Determine the traffic to be filtered by any of the following selection methods and the appropriate configuration level (VLAN, port, mesh, trunk, global): 5. a.
Monitoring and Analyzing Switch Operation Traffic Mirroring Configure the Mirroring Destination on a Remote Switch (Page B-50): IP Address and UDP Port on Source Switch IP Address and Exit Port on Remote Switch mirror endpoint ip < src-ip-addr > < src-udp-port > < dst-ip-addr > port < exit-port > Enter this command on a remote switch to configure the exit port to use in a remote mirroring session. You will configure the mirroring source on the local switch in the next step.
Monitoring and Analyzing Switch Operation Traffic Mirroring Configure a Mirroring Policy to Select Inbound Traffic (Page B-66) class < ipv4 | ipv6 > < classname > [no] [seq-number] < match | ignore > < ip-protocol > < source-address > < destination-address > [ precedence precedence-value ] [ tos tos-value ] [ ip-dscp codepoint ] [ vlan vlan-id ] policy mirror < policy-name > [no] [seq-number] class < ipv4 | ipv6 > < classname > action mirror [ action mirror < session > ...
Monitoring and Analyzing Switch Operation Traffic Mirroring Caution ■ The IP address of the VLAN or subnet on which the mirrored traffic enters or leaves the source switch ■ The unique UDP port number to use for the session on the source switch (The recommended port range is from 7933 to 65535.) Although the switch supports the use of UDP port numbers from 1 to 65535, UDP port numbers below 7933 are reserved for various IP applications.
Monitoring and Analyzing Switch Operation Traffic Mirroring Caution When configuring a remote mirroring session, always configure the destina tion switch first. Configuring the source switch first can result in a large volume of mirrored, IPv4-encapsulated traffic arriving at the destination without an exit path, which can slow switch performance.
Monitoring and Analyzing Switch Operation Traffic Mirroring Syntax: mirror endpoint ip < src-ip > < src-udp-port > < dst-ip > < exit-port-# > no mirror endpoint ip < src-ip > < src-udp-port > < dst-ip > — Continued — < src-udp-port >: This parameter must exactly match the value you configure on the source switch for the remote session. The recommended port range is 7933 to 65535.
Monitoring and Analyzing Switch Operation Traffic Mirroring Configuring a Source Switch in a Local Mirroring Session. For a local mirroring session, enter the mirror port command on the source switch to configure an exit port on the same switch. To create the mirroring session, use the information gathered in “1. Determine the Mirroring Session and Destination” on page B-49.
Monitoring and Analyzing Switch Operation Traffic Mirroring as described in “2. Configure a Mirroring Destination on a Remote Switch” on page B-50, before using the mirror remote ip command in this section to configure the mirroring source for the same session. Syntax: [no] mirror < 1 - 4 > [name < name-str >] remote ip < src-ip > < src-udp-port > < dst-ip > This command is used on the source switch to uniquely associate the mirrored traffic in the specified session with a remote destination switch.
Monitoring and Analyzing Switch Operation Traffic Mirroring Syntax: [no] mirror < 1 - 4 > [name < name-str >] remote ip < src-ip > < src-udp-port > < dst-ip > < src-udp-port >: This parameter associates the remote session with a UDP port number. When multiple sessions have the same source IP address < src-ip > and destination IP address < dst-ip >, the UDP port number must be unique in each session. The UDP port number used for a given session should be in the range of 7933 - 65535.
Monitoring and Analyzing Switch Operation Traffic Mirroring ■ ■ Interface type • Port, trunk, and/or mesh • VLAN • Switch (global configuration level) Traffic direction and selection criteria • All inbound and/or outbound traffic on a port or VLAN interface • Only inbound IP traffic selected with an ACL (deprecated in software release K.14.
Monitoring and Analyzing Switch Operation Traffic Mirroring Selecting All Inbound/Outbound Traffic to Mirror Use the commands in this section to configure all inbound and/or outbound traffic on specified VLAN, port, or trunk interfaces for a local or remote mirroring session.
Monitoring and Analyzing Switch Operation Traffic Mirroring monitor all < in | out | both >: For the interface specified by < port/trunk/mesh >, selects traffic to mirror based on whether the traffic is entering or leaving the switch on the interface. in: Mirrors entering traffic. out: Mirrors exiting traffic. both: Mirrors traffic entering and exiting.
Monitoring and Analyzing Switch Operation Traffic Mirroring Untagged Mirrored Packets Although a VLAN tag is added (by default) to the mirrored copy of untagged outbound packets to indicate the source VLAN of the packet, it is sometimes desirable to have mirrored packets look exactly like the original packet. The no-tag-added parameter gives you the option of not tagging mirrored copies of outbound packets.
Monitoring and Analyzing Switch Operation Traffic Mirroring of the mirror’ed copy; ‘disabled’ does put the VLAN tag in the mirror’ed copy. Only one logical port is allowed. This object is persistent and when written the entity SHOULD save the change to non-volatile storage.” DEFVAL { 2 } ::= { hpicfBridgeMirrorSessionEntry 2 } Operating Notes. The following conditions apply for the no-tag-added option: ■ The specified port can be a physical port, trunk port, or mesh port.
Monitoring and Analyzing Switch Operation Traffic Mirroring VLAN Interface with Traffic Direction as the Selection Criteria Use the following command to select all traffic on a VLAN interface for mirroring according to traffic direction (inbound and/or outbound): Syntax: vlan < vid-# > monitor all < in | out | both > mirror < 1 - 4 | name-str > [< 1 - 4 | name-str > < 1 - 4 | name-str > < 1 - 4 | name-str >] This command assigns a monitored VLAN source to a previously configured mirroring session on a sour
Monitoring and Analyzing Switch Operation Traffic Mirroring < 1 - 4 >: Configures the selected VLAN traffic to be mirrored in the specified session number. [ name < name-str >]: Optional; configures the selected port traffic to be mirrored in the specified session name. The string can be used interchangeably with the session number when using this command to assign a mirroring source to a session.
Monitoring and Analyzing Switch Operation Traffic Mirroring Selecting Inbound/Outbound Traffic Using a MAC Address Use the monitor mac mirror command at the global configuration level to apply a source and/or destination MAC address as the selection criteria used in a local or remote mirroring session.
Monitoring and Analyzing Switch Operation Traffic Mirroring To configure a MAC address to filter mirrored traffic on an interface, enter the monitor mac mirror command at the global configuration level. Syntax: [no] monitor mac mirror < 1 - 4 | name-str > [< 1 - 4 | name-str >] [< 1 - 4 | name-str >] [< 1 - 4 | name-str >] Use this command to configure a source and/or destination MAC address as criteria for selecting traffic in one or more mirroring sessions on the switch.
Monitoring and Analyzing Switch Operation Traffic Mirroring Depending on how many sessions are configured on the switch, you can use the same command to configure a MAC address as mirroring criteria in up to four sessions. To identify a session, you can enter either its name or number; for example: mirror 1 2 3 traffsrc4 Refer to “Mirroring-Source Restrictions” on page B-56 for the restrictions on how many mirroring source criteria you can configure in the same session.
Monitoring and Analyzing Switch Operation Traffic Mirroring The following commands are not supported: monitor mac 111111-222222 src mirror 3 monitor mac 111111-222222 dest mirror 4 In addition, if you enter the monitor mac 111111-222222 both mirror 1 com mand, you cannot use the MAC address 111111-222222 in any other monitor mac mirror configuration commands on the switch.
Monitoring and Analyzing Switch Operation Traffic Mirroring Deprecation of ACL-based Tr a f f i c Selection In software release K.14.01 or greater, advanced classifier-based policies replace ACL-based traffic selection in mirroring configurations. Like ACL-based traffic-selection criteria, classifier-based service policies apply only to inbound traffic flows and are configured on a per-port or perVLAN basis.
Monitoring and Analyzing Switch Operation Traffic Mirroring 2. Create an IPv4 or IPv6 traffic class using the class command to select the packets that you want to mirror in a session on a preconfigured local or remote destination device. Context: Global configuration Syntax: [no] class < ipv4 | ipv6 > Defines the name of a traffic class and specifies whether a policy is to be applied to IPv4 or IPv6 packets, where < classname > is a text string (64 characters maximum).
Monitoring and Analyzing Switch Operation Traffic Mirroring Context: Class configuration Syntax: [no] [seq-number ] < match | ignore > < ip-protocol > < source-address > < destination-address > [ ip-dscp codepoint ] [ precedence precedence-value ] [ tos tos-value ] [ vlan vlan-id ] For detailed information about how to enter match and ignore commands to configure a traffic class, refer to the “Creating a Traffic Class” section in the “Classifier-Based Software Configuration” in the Advanced Traffic Man
Monitoring and Analyzing Switch Operation Traffic Mirroring • [seq-number] — The (optional) seq-number parameter sequentially orders the mirroring actions that you enter in a policy configuration. Actions are executed on matching packets in numerical order. Default: Mirroring action statements are numbered in increments of 10, starting at 10.
Monitoring and Analyzing Switch Operation Traffic Mirroring To manage packets that do not match the match or ignore criteria in any class in the policy, and therefore have no mirroring actions performed on them, you can enter an optional default class. The default class is placed at the end of a policy configuration and specifies the mirroring actions to perform on packets that are neither matched nor ignored. 4.
Monitoring and Analyzing Switch Operation Traffic Mirroring For this reason, ProCurve strongly recommends that you first configure the exit switch in a remote mirroring session, as described in “2. Configure a Mirroring Destination on a Remote Switch” on page B-50 and “3. Configure a Mirroring Session on the Source Switch” on page B-52, before you apply a mirroring service policy on a port or VLAN interface.
Monitoring and Analyzing Switch Operation Traffic Mirroring For more information about how to apply a mirroring policy to an interface, refer to the “Applying a Service Policy to an Interface” section in the “Classi fier-Based Software Configuration” chapter in the Advanced Traffic Manage ment Guide.
Monitoring and Analyzing Switch Operation Traffic Mirroring ■ If a mirroring session is configured with a classifier-based mirroring policy on a port or VLAN interface, no other traffic-selection criteria (MAC-based or all inbound and/or outbound traffic) can be added to the session. Switch-B(config)# mirror endpoint 10.10.40.4 9200 10.10.50.5 port a1 ... Switch-A(config)# mirror 1 remote ip 10.10.40.4 9200 10.10.50.5 Caution: Please configure destination switch first.
Monitoring and Analyzing Switch Operation Traffic Mirroring Applying Multiple Mirroring Sessions to an Interface You can apply a mirroring policy to an interface that is already configured with another traffic-selection method (MAC-based or all inbound and/or outbound traffic) for a different mirroring session. The classifier-based policy provides a finer level of granularity that allows you to zoom in on a subset of port or VLAN traffic and select it for local or remote mirroring.
Monitoring and Analyzing Switch Operation Traffic Mirroring Displaying a Mirroring Configuration Displaying All Mirroring Sessions Configured on the Switch Use the show monitor command to display information on the currently con figured status, traffic-selection criteria, and number of monitored interfaces in each mirroring session on a switch. The exit ports configured on the switch for remote mirroring sessions (remote endpoints) are also displayed.
Monitoring and Analyzing Switch Operation Traffic Mirroring Syntax: show monitor Type: Indicates whether the mirroring session is local (port), remote (IPv4), or MAC-based (mac) for local or remote sessions. Sources: Indicates how many monitored source interfaces are configured for each mirroring session. Policy: Indicates whether the source is using a classifier-based mirroring policy to select inbound IPv4 or IPv6 traffic for mirroring.
Monitoring and Analyzing Switch Operation Traffic Mirroring Displaying the Remote Endpoints Configured on the Switch Syntax: show monitor endpoint This command displays the remote mirroring endpoints configured on the switch. Information on local sessions configured on the switch is not displayed. (To view the configuration of a local session, use the show monitor [< 1-4 | name < name-str >] command as described on pages B-76 and B-79.
Monitoring and Analyzing Switch Operation Traffic Mirroring Displaying the Mirroring Configuration for a Specific Session Syntax: show monitor < 1 - 4 | name < name-str > Use this command to display detailed configuration information for a specified local or remote mirroring session on a source switch. Session: Displays the number of the specified session. Session Name: Displays the name of the session, if configured.
Monitoring and Analyzing Switch Operation Traffic Mirroring Syntax: show monitor < 1 - 4 | name < name-str > Direction: For the selected interface, indicates whether mirrored traffic is entering the switch (in), leaving the switch (out), or both. Displaying a Remote Mirroring Session. After you configure session 2 for remote mirroring (Figure B-35), you can enter the show monitor 2 command to verify the configuration (Figure B-36). ProCurve(config)# mirror 2 name test-10 remote ip 10.10.10.1 8010 10.10.30.
Monitoring and Analyzing Switch Operation Traffic Mirroring ProCurve_8200(config)# show monitor 3 Network Monitoring Session: 3 Session Name: Policy: no policy relationship exists Mirror Destination: A1 (Port) Monitoring Sources Direction ------------------ -------MAC: 112233-445566 Source The MAC address used to select packets in a local mirroring session is displayed in these columns. Figure B-38. Displaying a MAC-based Mirroring Session Displaying a Local Mirroring Session.
Monitoring and Analyzing Switch Operation Traffic Mirroring Displaying Information on a Classifier-Based Mirroring Session. In the following example, a classifier-based mirroring policy (mirrorAdminTraffic) mirrors selected inbound IPv4 packets on VLAN 5 to the destination device configured for mirroring session 3. ProCurve(config)# mirror 3 port c1 Caution: Please configure destination switch first.
Monitoring and Analyzing Switch Operation Traffic Mirroring Use the following show commands to display information about: ■ A classifier-based mirroring configuration (show class and show policy) ■ Statistics on one or more mirroring policies (show statistics policy) ■ Hardware resources used by all mirroring policies currently configured on the switch (show policy resources).
Monitoring and Analyzing Switch Operation Traffic Mirroring Syntax: show statistics policy [ mirror-policy-name ] [ interface | vlan ] in Displays statistics for the specified mirroring policies configured on one or more port or VLAN interfaces. ProCurve# show statistics policy MirrorAdminTraffic vlan 30 in HitCounts for Policy MirrorAdminTraffic 10 class ipv4 "AdminTraffic" action mirror 3 (5244) (9466) 10 match ip 15.29.16.1 0.63.255.255 0.0.0.0 255.255.255.255 20 match ip 0.0.
Monitoring and Analyzing Switch Operation Traffic Mirroring ProCurve# show policy resources Includes the hardware resources used by classifierbased local and remote mirroring policies that are currently applied to interfaces on the switch.
Monitoring and Analyzing Switch Operation Traffic Mirroring Viewing the Mirroring Configurations in the Running Configuration File Using the show run command, you can view the current mirroring configura tions on the switch. In the show run command output, information about mirroring sources in configured sessions begins with the mirror keyword; monitored source interfaces are listed per-interface.
Monitoring and Analyzing Switch Operation Traffic Mirroring Mirroring Configuration Examples Example: Local Mirroring Using Traffic-Direction Criteria An administrator wants to mirror the inbound traffic from workstation “X” on port A5 and workstation “Y” on port B17 to a traffic analyzer connected to port C24. In this case, the administrator chooses “1” as the session number. (Any unused session number from 1 to 4 is valid.
Monitoring and Analyzing Switch Operation Traffic Mirroring Example: Remote Mirroring Using a Classifier-Based Policy In the network shown in Figure B-50, an administrator has connected a traffic analyzer to port A15 (in VLAN 30) on switch C to monitor the TCP traffic to the server at 10.10.30.153 from workstations connected to switches A and B. Remote mirroring sessions are configured on switches A and B, and a remote mirroring endpoint on switch C.
Monitoring and Analyzing Switch Operation Traffic Mirroring 2. On source switch A, configure an association between the remote mirror ing endpoint on switch C and a mirroring session on switch A (as described in “3. Configure a Mirroring Session on the Source Switch” on page B-52). 3. On switch A, configure a classifier-based mirroring policy to select inbound TCP traffic destined to the server at 10.10.30.
Monitoring and Analyzing Switch Operation Traffic Mirroring b. Configure a classifier-based mirroring policy to select inbound TCP traffic destined to the server at 10.10.30.153, and apply the policy to a VLAN interface for VLAN 20. Because the remote session has mirroring sources on different switches, you can use the same session number (1) for both sessions.
Monitoring and Analyzing Switch Operation Traffic Mirroring Switch A VLAN 10 10.10.10.119 C12 Network Server 10.10.30.153 Switch B VLAN 20 10.10.20.145 Switch C VLAN 30 10.10.30.2 A20 Traffic Analyzer 2 A15 VLAN 40 10.10.40.1 Traffic Analyzer 1 B10 10.20.40.7 Figure B-54. Sample Topology for Remote Mirroring from a Port Interface To configure this remote mirroring session using a directional-based traffic selection on a port interface, the operator must take the following steps: 1.
Monitoring and Analyzing Switch Operation Traffic Mirroring IP address of source switch and UDP port number used in session 2 1 2 IP address of remote destination switch Switch-A(config)# mirror 2 remote ip 10.10.10.119 9400 10.10.40.1 Caution: Please configure destination switch first.
Monitoring and Analyzing Switch Operation Traffic Mirroring Enabling Jumbo Frames To Increase the Mirroring Path MTU On 1 Gbps and 10 Gbps ports in the mirroring path, you can reduce the number of dropped frames by enabling jumbo frames on all intermediate switches and routers. (The maximum transmission unit—MTU—on the switches covered by this manual is 9220 bytes for frames having an 802.1Q VLAN tag, and 9216 bytes for untagged frames.
Monitoring and Analyzing Switch Operation Traffic Mirroring Effect of Downstream VLAN Tagging on Untagged, Mirrored Traffic In a remote mirroring application, if mirrored traffic leaves the switch without 802.1Q VLAN tagging, but is forwarded through a downstream device that adds 802.1Q VLAN tags, the MTU for untagged mirrored frames leaving the source switch is reduced below the values shown in Table B-2.
Monitoring and Analyzing Switch Operation Traffic Mirroring Operating Notes for Traffic Mirroring ■ Mirroring Dropped Traffic: When an interface is configured to mirror traffic to a local or remote destination, packets are mirrored regardless of whether the traffic is dropped while on the interface.
Monitoring and Analyzing Switch Operation Traffic Mirroring B-96 ■ Intercepted or Injected Traffic: The mirroring feature does not protect against either mirrored traffic being intercepted or traffic being injected into a mirrored stream by an intermediate host. ■ Inbound Mirrored IPv4-Encapsulated Frames are Not Mirrored: The switch does not mirror IPv4-encapsulated mirrored frames that it receives on an interface.
Monitoring and Analyzing Switch Operation Traffic Mirroring Troubleshooting Traffic Mirroring If mirrored traffic does not reach the configured remote destination (end point) switch or remote exit port, check the following configurations: Caution • In a remote mirroring session, the mirror remote ip command parame ters configured on the source switch for source IP address, source UDP port, and destination IP address must be identical to the same parameters configured with the mirror endpoint ip comman
Monitoring and Analyzing Switch Operation Traffic Mirroring B-98
C Troubleshooting Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-4 Troubleshooting Approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-5 Browser or Telnet Access Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . C-6 Unusual Network Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-8 General Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting Contents Using Log Throttling to Reduce Duplicate Event Log and SNMP Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-37 Log Throttle Periods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-38 Example of Log Throttling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-38 Example of Event Counter Operation . . . . . . . . . . . . . . . . . . . . . C-40 Debug/Syslog Operation . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting Contents Customizing show tech Command Output . . . . . . . . . . . . . . . . . C-74 CLI: Viewing More Information on Switch Operation . . . . . . . . . . . C-78 Pattern Matching When Using the Show Command . . . . . . . . . C-79 CLI: Useful Commands for Troubleshooting Sessions . . . . . . . . . . . C-82 Restoring the Factory-Default Configuration . . . . . . . . . . . . . . . . . C-83 CLI: Resetting to the Factory-Default Configuration . . . . . . . . . . . .
Troubleshooting Overview Overview This appendix addresses performance-related network problems that can be caused by topology, switch configuration, and the effects of other devices or their configurations on switch operation. (For switch-specific information on hardware problems indicated by LED behavior, cabling requirements, and other potential hardware-related problems, refer to the Installation Guide you received with the switch.
Troubleshooting Troubleshooting Approaches Troubleshooting Approaches Use these approaches to diagnose switch problems: ■ Check the ProCurve Networking web site for software updates that may have solved your problem: www.procurve.com ■ Check the switch LEDs for indications of proper switch operation: • Each switch port has a Link LED that should light whenever an active network device is connected to the port.
Troubleshooting Browser or Telnet Access Problems Browser or Telnet Access Problems Cannot access the web browser interface: ■ Access may be disabled by the Web Agent Enabled parameter in the switch console. Check the setting on this parameter by selecting: 2. Switch Configuration … 1. System Information ■ The switch may not have the correct IP address, subnet mask or gateway. Verify by connecting a console to the switch’s Console port and selecting: 2. Switch Configuration … 5.
Troubleshooting Browser or Telnet Access Problems Cannot Telnet into the switch console from a station on the network: ■ Off subnet management stations can lose Telnet access if you enable routing without first configuring a static (default) route. That is, the switch uses the IP default gateway only while operating as a Layer 2 device. While routing is enabled on the switch, the IP default gateway is not used.
Troubleshooting Unusual Network Activity Unusual Network Activity Network activity that fails to meet accepted norms may indicate a hardware problem with one or more of the network components, possibly including the switch. Such problems can also be caused by a network loop or simply too much traffic for the network as it is currently designed and implemented.
Troubleshooting Unusual Network Activity This can also happen, for example, if the server is first configured to issue IP addresses with an unlimited duration, then is subsequently configured to issue IP addresses that will expire after a limited duration. One solution is to configure “reservations” in the DHCP server for specific IP addresses to be assigned to devices having specific MAC addresses. For more information, refer to the documentation for the DHCP server.
Troubleshooting Unusual Network Activity S Indicates that routing is enabled; a require ment for ACL operation. (There is an exception. Refer to the Note, below.) Figure C-1. Indication that Routing Is Enabled Note If an ACL assigned to a VLAN includes an ACE referencing an IP address on the switch itself as a packet source or destination, the ACE screens traffic to or from this switch address regardless of whether IP routing is enabled.
Troubleshooting Unusual Network Activity Error (Invalid input) when entering an IP address. When using the “host” option in the command syntax, ensure that you are not including a mask in either dotted decimal or CIDR format. Using the “host” option implies a specific host device and therefore does not permit any mask entry. Correct. Incorrect. No mask needed to specify a single host. Figure C-2. Examples of Correctly and Incorrectly Specifying a Single Host Apparent failure to log all “Deny” Matches.
Troubleshooting Unusual Network Activity common mistake is to either not explicitly permit the switch’s IP address as a DA or to use a wildcard ACL mask in a deny statement that happens to include the switch’s IP address. For an example of this problem, refer to the section titled “General ACL Operating Notes” in the “Access Control Lists (ACLs)” chapter of the latest Access Security Guide for your switch.
Troubleshooting Unusual Network Activity Switch 2 10 Net -- VLAN 1 IP: 10.0.8.16 (Deflt. G’way = 10.0.8.1) 8212zl 10 Net -- VLAN 1 IP: 10.08.15 (Deflt. G’Way = 10.0.8.1) Switch 1 20 Net -- VLAN 2 IP: 20.0.8.21 (Deflt. G’way = 20.0.8.1) 20 Net VLAN 2 IP: 20.0.8.1 (Deflt. G’way for20.0.8.1) Switch 1 cannot access the 30 Net on Router X because ACL 101 on the Switch 8212zl denies routed, outbound IP traffic to the 10 Net. Router X 10 Net IP: 10.0.8.1 30 Net IP: 30.29.16.1 (Deflt. Gateway) 30.29.16.
Troubleshooting Unusual Network Activity IGMP-Related Problems IP Multicast (IGMP) Traffic That Is Directed By IGMP Does Not Reach IGMP Hosts or a Multicast Router Connected to a Port. IGMP must be enabled on the switch and the affected port must be configured for “Auto” or “Forward” operation. IP Multicast Traffic Floods Out All Ports; IGMP Does Not Appear To Filter Traffic.
Troubleshooting Unusual Network Activity Mesh-Related Problems Traffic on a dynamic VLAN does not get through the switch mesh . GVRP enables dynamic VLANs. Ensure that all switches in the mesh have GVRP enabled. Port-Based Access Control (802.1X)-Related Problems Note To list the 802.1X port-access Event Log messages stored on the switch, use show log 802. See also “Radius-Related Problems” on page C-18. The switch does not receive a response to RADIUS authentication requests.
Troubleshooting Unusual Network Activity VLAN as untagged on the port to support the client access, as specified in the response from the RADIUS server. Refer to “How 802.1X Authentication Affects VLAN Operation” in the Access Security Guide for your switch. The switch appears to be properly configured as a supplicant, but cannot gain access to the intended authenticator port on the switch to which it is connected.
Troubleshooting Unusual Network Activity RADIUS server fails to respond to a request for service, even though the server’s IP address is correctly configured in the switch. Use show radius to verify that the encryption key (RADIUS secret key) the switch is using is correct for the server being contacted. If the switch has only a global key configured, then it either must match the server key or you must configure a server-specific key.
Troubleshooting Unusual Network Activity QoS-Related Problems Loss of communication when using VLAN-tagged traffic. If you cannot communicate with a device in a tagged VLAN environment, ensure that the device either supports VLAN tagged traffic or is connected to a VLAN port that is configured as Untagged. Radius-Related Problems The switch does not receive a response to RADIUS authentication requests.
Troubleshooting Unusual Network Activity Global RADIUS Encryption Key Unique RADIUS Encryption Key for the RADIUS server at 10.33.18.119 Figure C-7. Examples of Global and Unique Encryption Keys Spanning-Tree Protocol (MSTP) and Fast-Uplink Problems Caution If you enable MSTP, it is recommended that you leave the remainder of the MSTP parameter settings at their default values until you have had an oppor tunity to evaluate MSTP performance in your network.
Troubleshooting Unusual Network Activity Fast-Uplink Troubleshooting. Some of the problems that can result from incorrect usage of Fast-Uplink MSTP include temporary loops and generation of duplicate packets. Problem sources can include: ■ Fast-Uplink is configured on a switch that is the MSTP root device. ■ Either the Hello Time or the Max Age setting (or both) is too long on one or more switches.
Troubleshooting Unusual Network Activity Switch does not detect a client’s public key that does appear in the switch’s public key file (show ip client-public-key). The client’s public key entry in the public key file may be preceded by another entry that does not terminate with a new line (CR). In this case, the switch interprets the next sequential key entry as simply a comment attached to the preceding key entry.
Troubleshooting Unusual Network Activity TACACS-Related Problems Event Log. When troubleshooting TACACS+ operation, check the switch’s Event Log for indications of problem areas. All Users Are Locked Out of Access to the Switch. If the switch is func tioning properly, but no username/password pairs result in console or Telnet access to the switch, the problem may be due to how the TACACS+ server and/or the switch are configured.
Troubleshooting Unusual Network Activity ■ The encryption key configured in the server does not match the encryption key configured in the switch (by using the tacacs-server key command). Verify the key in the server and compare it to the key configured in the switch. (Use show tacacs-server to list the global key. Use show config or show config running to list any server-specific keys.) ■ The accessible TACACS+ servers are not configured to provide service to the switch.
Troubleshooting Unusual Network Activity TimeP, SNTP, or Gateway Problems The Switch Cannot Find the Time Server or the Configured Gateway . TimeP, SNTP, and Gateway access are through the primary VLAN, which in the default configuration is the DEFAULT_VLAN. If the primary VLAN has been moved to another VLAN, it may be disabled or does not have ports assigned to it. VLAN-Related Problems Monitor Port.
Troubleshooting Unusual Network Activity Link supporting VLAN_1 and VLAN_2 Switch “X” Port X-3 Switch “Y” Port Y- 7 VLAN Port Assignment VLAN Port Assignment Port VLAN_1 Port VLAN_1 X-3 VLAN_2 Untagged Tagged Y-7 VLAN_2 Untagged Tagged Figure C-8. Example of Correct VLAN Port Assignments on a Link 1. If VLAN_1 (VID=1) is configured as “Untagged” on port 3 on switch “X”, then it must also be configured as “Untagged” on port 7 on switch “Y”.
Troubleshooting Unusual Network Activity Server MAC Address “A”; VLAN 1 MAC Address “A”; VLAN 2 8212zl Switch (Multiple Forwarding Database) VLAN 1 VLAN 2 Switch with Single Forwarding Database Problem: This switch detects continual moves of MAC address “A” between ports. Figure C-9. Example of Duplicate MAC Address Fan Failure When two or more fans fail, a tow-minute timer starts. After two minutes, the switch is powered down and must be rebooted to restart it.
Troubleshooting Using the Event Log for Troubleshooting Switch Problems Using the Event Log for Troubleshooting Switch Problems The Event Log records operating events in single- or double-line entries and serves as a tool to isolate and troubleshoot problems. Starting in software release K.13.xx, the maximum number of entries supported in the Event Log is increased from 1000 to 2000 entries. Entries are listed in chronological order, from the oldest to the most recent.
Troubleshooting Using the Event Log for Troubleshooting Switch Problems I (information) provides information on normal switch operation. D (debug) is reserved for ProCurve internal diagnostic information. Date is the date in the format mm/dd/yy when an entry is recorded in the log. Time is the time in the format hh:mm:ss when an entry is recorded in the log. Event Number is the number assigned to an event. You can turn event numbering on and off with the [no] log-number command.
Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Module Description Documented in ProCurve Hardware/ Software guide cdp Cisco Discovery Protocol: Supports reading CDP packets Management and Configuration Guide received from neighbor devices, enabling a switch to learn about adjacent CDP devices. ProCurve switches do not support the transmission of CDP packets to neighbor devices.
Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Module Description Documented in ProCurve Hardware/ Software guide dma — Direct Access Memory (DMA): Transmits and receives packets between the CPU and the switch. Not used for logging messages in software release K.13.xx. fault Fault Detection facility, including response policy and the Management and Configuration Guide sensitivity level at which a network problem should generate an alert.
Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Module Description Documented in ProCurve Hardware/ Software guide kms Key Management System: Configures and maintains security Access Security Guide information (keys) for all routing protocols, including a timing mechanism for activating and deactivating an individual protocol. lacp LACP trunks: The switch can either automatically establish an Management and Configuration Guide 802.
Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Module Description Documented in ProCurve Hardware/ Software guide mld Multicast Listener Discovery (MLD): IPv6 protocol used by a Multicast and Routing Guide router to discover the presence of multicast listeners. MLD can also optimize IPv6 multicast traffic flow with the snooping feature. mtm Multicast Traffic Manager (MTM): Controls and coordinates L3 multicast traffic for upper layer protocols.
Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Module Description Documented in ProCurve Hardware/ Software guide snmp Simple Network Management Protocol: Allows you to manage Management and Configuration Guide the switch from a network management station, including support for security features, event reporting, flow sampling, and standard MIBs. sntp Simple Network Time Protocol: Synchronizes and ensures a uniform time among interoperating devices.
Troubleshooting Using the Event Log for Troubleshooting Switch Problems System Module Description Documented in ProCurve Hardware/ Software guide telnet Session established on the switch from a remote device through the Telnet virtual terminal protocol. tftp Trivial File Transfer Protocol: Supports the download of files to Management and Configuration Guide the switch from a TFTP network server. timep Time Protocol: Synchronizes and ensures a uniform time among interoperating devices.
Troubleshooting Using the Event Log for Troubleshooting Switch Problems Menu: Displaying and Navigating in the Event Log To display the Event Log from the Main Menu, select Event Log. Figure C-11 shows a sample event log display. ProCurve Switch 5406zl 25-Oct-2007 18:02:52 ==========================-CONSOLE - MANAGER MODE -============================ M 10/25/07 16:30:02 sys: 'Operator cold reboot from CONSOLE session.
Troubleshooting Using the Event Log for Troubleshooting Switch Problems Key Action [^] Rolls back display by one event (up one line). [E] Advances to the end of the log. [H] Displays Help for the Event Log. CLI: Displaying the Event Log To display messages recorded in the event log from the CLI, enter the show logging command. Keyword searches are supported.
Troubleshooting Using the Event Log for Troubleshooting Switch Problems To redisplay all hidden entries, including Event Log entries recorded prior to the last reboot, enter the show logging -a command. Syntax: clear logging Removes all entries from the event log display output.
Troubleshooting Using the Event Log for Troubleshooting Switch Problems Log Throttle Periods The length of the log throttle period differs according to an event’s severity level: Severity Level Log Throttle Period I (Information) 6000 Seconds W (Warning) 600 Seconds D (Debug) 60 Seconds M (Major) 6 Seconds Example of Log Throttling For example, suppose that you configure VLAN 100 on the switch to support PIM operation, but do not configure an IP address.
Troubleshooting Using the Event Log for Troubleshooting Switch Problems If PIM operation caused the same event to occur six more times during the initial log throttle period, there would be no further entries in the Event Log. However, if the event occurred again after the log throttle period expired, the switch would repeat the message (with an updated counter) and start a new log throttle period. This message indicates the original instance of the event (since the last switch reboot).
Troubleshooting Using the Event Log for Troubleshooting Switch Problems Example of Event Counter Operation Suppose the switch detects the following after a reboot: ■ Three duplicate instances of the PIM “Send error” during the first log throttle period for this event ■ Five more instances of the same Send error during the second log throttle period for this event ■ Four instances of the same Send error during the third log throttle period for this event In this case, the duplicate message would appea
Troubleshooting Debug/Syslog Operation Debug/Syslog Operation While the Event Log records switch-level progress, status, and warning messages on the switch, the Debug/System Logging (Syslog) feature provides a way to record Event Log and debug messages on a remote device. For example, you can send messages about routing misconfigurations and other network protocol details to an external device, and later use them to debug network-level problems.
Troubleshooting Debug/Syslog Operation A Debug/Syslog destination device can be a Syslog server and/or a console session. You can configure debug and logging messages to be sent to: ■ Up to six Syslog servers ■ A CLI session through a direct RS-232 console connection, or a Telnet or SSH session Debug/Syslog Configuration Commands Event Notification Logging logging Command debug Command — Enables Syslog messaging to be sent to the specified IP address.
Troubleshooting Debug/Syslog Operation event ip Sends standard Event Log messages to configured debug destinations. (The same messages are also sent to the switch’s Event Log, regardless of whether you enable this option.) forwarding: Sends IPv4 forwarding messages to the debug destination(s). ospf: Sends OSPF event logging to the debug destination(s). packet: Sends IPv4 packet messages to the debug destination(s). rip: Sends RIP event logging to the debug destination(s).
Troubleshooting Debug/Syslog Operation ■ Series 3500yl switches ■ Series 3400cl switches ■ Series 2900 switches ■ Series 2800 switches ■ Series 2610 switches ■ Series 2600 switches and the Switch 6108 (software release H.07.30 or greater) For the latest feature information on ProCurve switches, visit the ProCurve Networking web site and check the latest release notes for the switch products you use.
Troubleshooting Debug/Syslog Operation 2. 3. To use a CLI session on a destination device for debug messaging: a. Set up a serial, Telnet, or SSH connection to access the switch’s CLI. b. Enter the debug destination session command at the manager level.
Troubleshooting Debug/Syslog Operation saved after a system reboot (power cycle or reboot) and re-activated on the switch. As a result, after switch startup, one of the following situations may occur: ■ Only a partial set of Event Log messages may be sent to configured debug destinations. ■ Messages may be sent to a previously configured Syslog server used in an earlier debugging session.
Troubleshooting Debug/Syslog Operation messages sent to the Syslog server, specify a set of messages by entering the logging severity and logging system-module commands. ProCurve(config)# show debug Debug Logging Destination: None Enabled debug types: None are enabled Displays the default debug configuration. (No Syslog server IP addresses or debug types are configured.) ProCurve(config)# logging 10.28.38.
Troubleshooting Debug/Syslog Operation Example. The next example shows how to configure: ■ Debug logging of ACL and IP-OSPF packet messages on a Syslog server at 18.38.64.164 (with user as the default logging facility). ■ Display of these messages in the CLI session of your terminal device’s management access to the switch. ■ Blocking Event Log messages from being sent from the switch to the Syslog server and a CLI session.
Troubleshooting Debug/Syslog Operation ProCurve# config ProCurve(config)# logging 10.38.64.164 ProCurve(config)# show debug Debug Logging Destination: Logging -10.38.64.164 Facility=user Severity=debug System module=all-pass Enabled debug types: event Configure a Syslog server IP address. (No other Syslog servers are configured on the switch.) The server address serves as an active debug destination for any configured debug types.) Display the new debug configuration.
Troubleshooting Debug/Syslog Operation Debug Command At the manager level, use the debug command to perform two main functions: ■ Specifies the types of event messages to be sent to an external destination. ■ Specifies the destinations to which selected message types are sent. By default, no debug destination is enabled and only Event Log messages are enabled to be sent. Note To configure a Syslog server, use the logging command.
Troubleshooting Debug/Syslog Operation Syntax: [no] debug < debug-type > (Continued) event Event Log messages are automatically enabled to be sent to debug destinations in these conditions: • If no Syslog server address is configured and you enter the logging command to configure a destination address. • If at least one Syslog server address is configured in the startup configuration and the switch is rebooted or reset.
Troubleshooting Debug/Syslog Operation ipv6 [dhcpv6-client [events | packet ]] [forwarding | nd | packet] When no debug options are included, displays debug messages for all IPv6 debug options. dhcpv6-client [events | packet]: Displays DHCPv6 client event and packet data. [forwarding]: Displays IPv6 forwarding messages. [nd]: Displays debug messages for IPv6 neighbor discovery. [packet]: Displays IPv6 packet messages. lldp Enables all LLDP message types for the configured destina tions.
Troubleshooting Debug/Syslog Operation session Enables transmission of event notification messages to the CLI session that most recently executed this command. The session can be on any one terminal emulation device with serial, Telnet, or SSH access to the CLI at the Manager level prompt (ProCurve#_ ). If more than one terminal device has a console session with the CLI, you can redirect the desti nation from the current device to another device.
Troubleshooting Debug/Syslog Operation Logging Command At the global configuration level, the logging command allows you to enable debug logging on specified Syslog servers and select a subset of Event Log messages to send for debugging purposes according to: ■ Severity level ■ System module By specifying both a severity level and system module, you can use both configured settings to filter the Event Log messages you want to use to troubleshoot switch or network error conditions.
Troubleshooting Debug/Syslog Operation Configuring a Syslog Server Syslog is a client-server logging tool that allows a client switch to send event notification messages to a networked device operating with Syslog server software. Messages sent to a Syslog server can be stored to a file for later debugging analysis. To use the Syslog feature, you must install and configure a Syslog server application on a networked host accessible to the switch.
Troubleshooting Debug/Syslog Operation Syntax: [no] logging < syslog-ip-addr > Enables or disables Syslog messaging to the specified IP address. You can configure up to six addresses. If you configure an address when none are already configured, this command enables destination logging (Syslog) and the Event debug type. Therefore, at a minimum, the switch begins sending Event Log messages to configured Syslog servers.
Troubleshooting Debug/Syslog Operation Syntax: [no] logging facility < facility-name > The logging facility specifies the destination subsystem used in a configured Syslog server. (All configured Syslog servers must use the same subsystem.) ProCurve recommends the default (user) subsystem unless your application specifically requires another subsystem.
Troubleshooting Debug/Syslog Operation The CLI command is: Syntax: logging control-descr ] no logging [control-descr] An optional user-friendly description that can be associated with a server IP address. If no description is entered, this is blank. If contains white space, use quotes around the string. IPv4 addresses only. Use the no form of the command to remove the description.
Troubleshooting Debug/Syslog Operation ProCurve(config)# logging priority-descr severe-pri Figure C-20. Example of the Logging Command with a Priority Description Note A notification is sent to the SNMP agent if there are any changes to the syslog parameters either through the CLI or with SNMP.
Troubleshooting Debug/Syslog Operation Configuring the System Module Used to Select the Event Log Messages Sent to a Syslog Server Event Log messages contain the name of the system module that reported the event. Using the logging system-module command, you can select a set of Event Log messages according to the originating system module and send them to a Syslog server. To configure a Syslog server, see “Configuring a Syslog Server” on page C-55.
Troubleshooting Debug/Syslog Operation ■ Debug Option Effect of a Reboot or Reset ACL (debug type) Disabled. All (debug type) Disabled. event (debug type) If a Syslog server IP address is configured in the startup config file, the sending of Event Log messages is reset to enabled, regardless of the last active setting. If no Syslog server is configured, the sending of Event Log messages is disabled. IP (debug type) Disabled. Debug commands do not affect normal message output to the Event Log.
Troubleshooting Diagnostic Tools Diagnostic Tools Diagnostic Features Feature C-62 Default Menu CLI Web Port Auto negotiation n/a — — — Ping test n/a — page C-65 page C-64 Link test n/a — page C-65 page C-64 Traceroute operation n/a — page C-67 View switch configuration files n/a — page C-71 View switch (show tech) operation n/a — page C-72 — View crash information and command history n/a — page C-78 — View system information and software version n/a — page C-78 —
Troubleshooting Diagnostic Tools Port Auto-Negotiation When a link LED does not light (indicating loss of link between two devices), the most common reason is a failure of port auto-negotiation between the connecting ports. If a link LED fails to light when you connect the switch to a port on another device, do the following: 1. Ensure that the switch port and the port on the attached end-node are both set to Auto mode. 2.
Troubleshooting Diagnostic Tools Web: Executing Ping or Link Tests 1. Click here. 2. Click here. 3. Select Ping Test (the default) or Link Test 4. For a Ping test, enter the IP address of the target device. For a Link test, enter the MAC address of the target device. 6. Click on Start to begin the test. 5. Select the number of tries (packets) and the timeout for each try from the drop-down menus. Figure C-21.
Troubleshooting Diagnostic Tools Number of Packets to Send is the number of times you want the switch to attempt to test a connection. Timeout in Seconds is the number of seconds to allow per attempt to test a connection before determining that the current attempt has failed. To halt a Link or Ping test before it concludes, click on the Stop button. To reset the screen to its default settings, click on the Defaults button.
Troubleshooting Diagnostic Tools source Source IP address or hostname. The source IP address must be owned by the router. If a VLAN is specified, the IP address associated with the specified VLAN is used. data-size <0-65471> Size of packet sent. Default: 0 (zero) data-fill <0-1024> The data pattern in the packet. Default: Zero length string Basic Ping Operation Ping with Repetitions Ping with Repetitions and Timeout Ping Failure Figure C-22.
Troubleshooting Diagnostic Tools Basic Link Test Link Test with Repetitions Link Test with Repetitions and Timeout Link Test Over a Specific VLAN Link Test Over a Specific VLAN; Test Fail Figure C-23. Example of Link Tests Traceroute Command The traceroute command enables you to trace the route from the switch to a host address. This command outputs information for each (router) hop between the switch and the destination address.
Troubleshooting Diagnostic Tools The IP address or hostname of the device to which to send the traceroute. [minttl < 1-255 >] For the current instance of traceroute, changes the minimum number of hops allowed for each probe packet sent along the route. If minttl is greater than the actual number of hops, then the output includes only the hops at and above the minttl threshold. (The hops below the threshold are not listed.
Troubleshooting Diagnostic Tools Intermediate router hops with the time taken for the switch to receive acknowledgement of each probe reaching each router. Destination IP Address Figure C-24. Example of a Completed Traceroute Enquiry Continuing from the previous example (Figure C-24, above), executing traceroute with an insufficient maxttl for the actual hop count produces an output similar to this: Traceroute does not reach destination IP address because of low maxttl setting.
Troubleshooting Diagnostic Tools If A Network Condition Prevents Traceroute from Reaching the Destination. Common reasons for Traceroute failing to reach a destination include: ■ Timeouts (indicated by one asterisk per probe, per hop; refer to Figure C-25, above.
Troubleshooting Viewing Switch Configuration and Operation Viewing Switch Configuration and Operation In some troubleshooting scenarios, you may need to view the switch config uration to diagnose a problem. The complete switch configuration is con tained in a file that you can browse from either the web browser interface or the CLI using the commands described in this section.
Troubleshooting Viewing Switch Configuration and Operation CLI: Viewing a Summary of Switch Operational Data Syntax: show tech By default, the show tech command displays a single output of switch operat ing and running-configuration data from several internal switch sources, including: C-72 ■ Image stamp (software version data) ■ Running configuration ■ Event Log listing ■ Boot History ■ Port settings ■ Status and counters — port status ■ IP routes ■ Status and counters — VLAN informati
Troubleshooting Viewing Switch Configuration and Operation Figure C-27 shows sample output from the show tech command. ProCurve# show tech show system Status and Counters - General System Information : 5400_1 : : System Name System Contact System Location MAC Age Time (sec) : 300 Time Zone : 0 Daylight Time Rule : None Software revision ROM Version : K.14.XX : K.12.
Troubleshooting Viewing Switch Configuration and Operation For example, if your terminal emulator is the Hyperterminal application available with Microsoft® Windows® software, you can copy the show tech output to a file and then use either Microsoft Word or Notepad to display the data. (In this case, Microsoft Word provides the data in an easier-to-read format.) The following example uses the Microsoft Windows terminal emulator.
Troubleshooting Viewing Switch Configuration and Operation 5. Click on Transfer | Capture Text | Stop in HyperTerminal to stop copying data and save the text file. If you do not stop HyperTerminal from copying command output into the text file, additional unwanted data can be copied from the HyperTerminal screen. 6. To access the file, open it in Microsoft Word, Notepad, or a similar text editor.
Troubleshooting Viewing Switch Configuration and Operation . Syntax: copy show- tech crash-log [slot-id | master]: Includes the crash logs from all management and interface modules in show tech command output. To limit the amount of crash-log data displayed, specify an installed module or management modules, where: slot-id: Includes the crash log from an installed module. Valid slot IDs are the letters a through h. master: Includes the crash log from both management modules.
Troubleshooting Viewing Switch Configuration and Operation . Syntax: copy show- tech usb config < startup-config < filename > | command-file < acl filename.txt > Copies the contents of a configuration file or ACL command file from a USB flash drive to show tech command output, where: startup-config : Specifies the name of a startup configuration file on the USB drive. command-file : Specifies the name of an ACL command file on the USB drive.
Troubleshooting Viewing Switch Configuration and Operation CLI: Viewing More Information on Switch Operation Use the following commands to display additional information on switch operation for troubleshooting purposes. Syntax: show boot-history Displays the crash information saved for each management module on the switch (see “Displaying Saved Crash Information” in the “Redundancy (Switch 8212zl)” chapter). show history Displays the current command history.
Troubleshooting Viewing Switch Configuration and Operation Pattern Matching When Using the Show Command The pattern matching option with the show command provides the ability to do searches for specific text. Selected portions of the output are displayed depending on the parameters chosen. Syntax: show | Use matching pattern searches to display selected portions of the output from a show command.
Troubleshooting Viewing Switch Configuration and Operation ProCurve(config)# show run | exclude ipv6 Running configuration: ; J8697A Configuration Editor; Created on release #K.14.06 hostname "ProCurve Switch 5406zl" module 1 type J8702A module 2 type J8705A snmp-server community "notpublic" Unrestricted vlan 1 name "DEFAULT_VLAN" untagged A1-A24,B1-B20 Displays all lines that don’t contain “ipv6”.
Troubleshooting Viewing Switch Configuration and Operation ProCurve(config)# show run | begin ipv6 ipv6 enable no untagged B21-B24 Displays the running config beginning at the first line that contains “ipv6”. exit vlan 20 name "VLAN20" untagged B21-B24 ipv6 enable no ip address exit policy qos "michael" exit ipv6 access-list "EH-01" sequence 10 deny tcp 2001:db8:255::/48 2001:db8:125::/48 exit no autorun password manager ProCurve(config)# Figure C-32.
Troubleshooting Viewing Switch Configuration and Operation CLI: Useful Commands for Troubleshooting Sessions Use the following commands in a troubleshooting session to more accurately display the information you need to diagnose a problem. For more information on other these CLI practices, refer to chapter 4, “Using the Command Line Interface (CLI)”. Syntax: alias Creates a shortcut alias name for commonly used commands and command options.
Troubleshooting Restoring the Factory-Default Configuration Restoring the Factory-Default Configuration As part of your troubleshooting process, it may become necessary to return the switch configuration to the factory default settings.
Troubleshooting Restoring a Flash Image 2. Continue to press the Clear button while releasing the Reset button. 3. When the Self Test LED begins to flash, release the Clear button. The switch will then complete its self test and begin operating with the configuration restored to the factory default settings.
Troubleshooting Restoring a Flash Image Enter h or ? for help. => 4. Since the OS file is large, you can increase the speed of the download by changing the switch console and terminal emulator baud rates to a high speed. For example: a. Change the switch baud rate to 115,200 Bps. => sp 115200 b. 5. Change the terminal emulator baud rate to match the switch speed: i. In HyperTerminal, select Call | Disconnect. ii. Select File | Properties. iii. Click on Configure. iv. Change the baud rate to 115200. v.
Troubleshooting Restoring a Flash Image Figure C-34. Example of Xmodem Download in Progress 8. C-86 When the download completes, the switch reboots from primary flash using the OS image you downloaded in the preceding steps, plus the most recent startup-config file.
Troubleshooting DNS Resolver DNS Resolver The Domain Name System (DNS) resolver is designed for use in local network domains where it enables use of a host name or fully qualified domain name with DNS-compatible switch CLI commands. (At software release K.13.01, the DNS-compatible commands include ping and traceroute.) Beginning with software release K.13.01, DNS operation supports both IPv4 and IPv6 DNS resolution and multiple, prioritized DNS servers.
Troubleshooting DNS Resolver Basic Operation ■ When the switch is configured with only the IP address of a DNS server available to the switch, then a DNS-compatible command, executed with a fully qualified domain name, can reach a device found in any domain accessible through the configured DNS server.
Troubleshooting DNS Resolver Note that if the target host is in a domain other than the domain configured on the switch, then: ■ The host’s domain must be reachable from the switch. This requires that the DNS server for the switch must be able to communicate with the DNS server(s) in the path to the domain in which the target host operates.
Troubleshooting DNS Resolver c. The domain name for an accessible domain in which there are hosts you want to reach with a DNS-compatible command. (This is the domain suffix in the fully qualified domain name for a given host operating in the selected domain. Refer to “Terminology” on page C 87.) Note that if a domain suffix is not configured, fully qualified domain names can be used to resolve DNS-compatible commands. d.
Troubleshooting DNS Resolver Syntax: [no] ip dns domain-name < domain-name-suffix > This optional DNS command configures the domain suffix that is automatically appended to the host name entered with a DNS-compatible command. When the domain suffix and the IP address for a DNS server that can access that domain are both configured on the switch, you can execute a DNS-compatible command using only the host name of the desired target. (For an example, refer to Figure C-35 on page C-88.
Troubleshooting DNS Resolver Configuring switch “A” with the domain name and the IP address of a DNS server for the domain enables the switch to use host names assigned to IP addresses in the domain to perform ping and traceroute actions on the devices in the domain. To summarize: Entity: Identity: DNS Server IP Address 10.28.229.10 Domain Name (and Domain Suffix for Hosts in the Domain) pubs.outdoors.com Host Name Assigned to 10.28.229.
Troubleshooting DNS Resolver As mentioned under “Basic Operation” on page C-88, if the DNS entry config ured in the switch does not include the domain suffix for the desired target, then you must use the target host’s fully qualified domain name with DNScompatible commands. For example, using the document server in Figure C 37 as a target: ProCurve# ping docservr.pubs.outdoors.com 10.28.229.219 is alive, time = 1 ms Target’s Fully Qualified Domain Name ProCurve# traceroute docservr.pubs.outdoors.
Troubleshooting DNS Resolver Operating Notes C-94 ■ Configuring another IP address for a priority that has already been assigned to an IP address is not allowed. To replace one IP address at a given priority level with another address having the same priority, you must first use the no form of the command to remove the unwanted address. Also, only one instance of a given server address is allowed in the server list.
Troubleshooting DNS Resolver Event Log Messages Message Meaning DNS server address not configured The switch does not have an IP address configured for the DNS server. DNS server not responding The DNS server failed to respond or is unreachable. An incorrect server IP address can produce this result. Unknown host < host-name > The host name did not resolve to an IP address. Some reasons for this occurring include: • The host name was not found. • The named domain was not found.
Troubleshooting Locator LED (Locating a Switch) Locator LED (Locating a Switch) To locate where a particular switch is physically installed, use the chassislo cate command to activate the blue Locator LED on the switch’s front panel. Syntax: chassislocate [blink | on | off] Locates a switch by using the blue Locate LED on the front panel. blink <1-1440> Blinks the chassis Locate LED for a specified number of minutes (Default: 30 minutes).
D MAC Address Management Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-2 Determining MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-3 Menu: Viewing the Switch’s MAC Addresses . . . . . . . . . . . . . . . . . . . . D-4 CLI: Viewing the Port and VLAN MAC Addresses . . . . . . . . . . . . . . . . D-5 Viewing the MAC Addresses of Connected Devices . . . . . . . . . . . . .
MAC Address Management Overview Overview The switch assigns MAC addresses in these areas: ■ For management functions, one Base MAC address is assigned to the default VLAN (VID = 1). (All VLANs on the switches covered in this guide use the same MAC address.) ■ For internal switch operations: One MAC address per port (Refer to “CLI: Viewing the Port and VLAN MAC Addresses” on page D-5.) MAC addresses are assigned at the factory.
MAC Address Management Determining MAC Addresses Determining MAC Addresses MAC Address Viewing Methods Feature Menu CLI Web view switch’s base (default vlan) MAC address n/a and the addressing for any added VLANs D-4 D-5 — view port MAC addresses (hexadecimal format) n/a — D-5 — ■ Note Default Use the menu interface to view the switch’s base MAC address and the MAC address assigned to any VLAN you have configured on the switch.
MAC Address Management Determining MAC Addresses Menu: Viewing the Switch’s MAC Addresses The Management Address Information screen lists the MAC addresses for: ■ Base switch (default VLAN; VID = 1) ■ Any additional VLANs configured on the switch. Also, the Base MAC address appears on a label on the back of the switch. Note The Base MAC address is used by the first (default) VLAN in the switch.
MAC Address Management Determining MAC Addresses CLI: Viewing the Port and VLAN MAC Addresses The MAC address assigned to each switch port is used internally by such features as Flow Control and the spanning-tree protocol. Using the walkmib command to determine the MAC address assignments for individual ports can sometimes be useful when diagnosing switch operation. Switch Series MAC Address Allocation 8212zl The switch allots 24 MAC addresses per slot.
MAC Address Management Determining MAC Addresses ProCurve# walkmib ifphysaddress ifPhysAddress.1 = 00 12 79 88 b1 ff ifPhysAddress.2 = 00 12 79 88 b1 fe ifPhysAddress.3 = 00 12 79 88 b1 fd ifPhysAddress.4 = 00 12 79 88 b1 fc ifPhysAddress.49 = 00 12 79 88 b1 cf ifPhysAddress.50 = 00 12 79 88 b1 ce ifPhysAddress.51 = 00 12 79 88 b1 cd ifPhysAddress.52 = 00 12 79 88 b1 cc ifPhysAddress.53 = 00 12 79 88 b1 cb ifPhysAddress.54 = 00 12 79 88 b1 ca ifPhysAddress.55 = 00 12 79 88 b1 c9 ifPhysAddress.
MAC Address Management Viewing the MAC Addresses of Connected Devices Viewing the MAC Addresses of Connected Devices Syntax: show mac-address [ | mac-addr | Lists the MAC addresses of the devices the switch has detected, along with the number of the specific port on which each MAC address was detected. [ port-list ] Lists the MAC addresses of the devices the switch has detected, on the specified port(s). [ mac-addr ] Lists the port on which the switch detects the specified MAC address.
MAC Address Management Viewing the MAC Addresses of Connected Devices D-8
E Monitoring Resources Contents Viewing Information on Resource Usage . . . . . . . . . . . . . . . . . . . . . . . E-2 Policy Enforcement Engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-2 Displaying Current Resource Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . E-4 When Insufficient Resources Are Available . . . . . . . . . . . . . . . . . . . .
Monitoring Resources Viewing Information on Resource Usage Viewing Information on Resource Usage The switch allows you to view information about the current usage and availability of resources in the Policy Enforcement engine, including the following software features: ■ Access control lists (ACL) ■ Quality-of-service (QoS), including device and application port priority, ICMP rate-limiting, and QoS policies ■ Dynamic assignment of per-port or per-user ACLs and QoS through RADIUS authentication design
Monitoring Resources Viewing Information on Resource Usage ■ ■ When the following features are configured globally or per-VLAN, resource usage is applied across all port groups or all slots with installed modules: • ACLs • QoS configurations that use the following commands: – QoS device priority (IP Address) through the CLI using the qos device-priority command – QoS application port through the CLI using qos tcp-port or qos udp-port – VLAN QoS Policies through the CLI using service-policy • Manageme
Monitoring Resources Viewing Information on Resource Usage Displaying Current Resource Usage To display current resource usage in the switch, enter the show resources command. The show resources command output allows you to view current resource usage and, if necessary, prioritize and reconfigure software features to free resources reserved for less important features.
Monitoring Resources Viewing Information on Resource Usage ProCurve# show qos resources Resource usage in Policy Enforcement Engine | Rules | Rules Used Ports | Available | ACL | QoS | IDM | VT | Mirror | Other | ------+-------------+-------+-------+-------+-------+--------+-------| 1-24 | 3014 | 15 | 11 | 0 | 1 | 0 | 3 | 25-48 | 3005 | 15 | 10 | 10 | 1 | 0 | 3 | A | 3017 | 15 | 8 | 0 | 1 | 0 | 3 | | Meters | Meters Used Ports | Available | ACL | QoS | IDM | VT | Mirror | Other | ------+-------------+-----
Monitoring Resources Viewing Information on Resource Usage Usage Notes for show resources Output E-6 ■ A 1:1 mapping of internal rules to configured policies in the switch does not necessarily exist. As a result, displaying current resource usage is the most reliable method for keeping track of available resources. Also, because some internal resources are used by multiple features, deleting a feature configuration may not increase the amount of available resources.
Monitoring Resources When Insufficient Resources Are Available When Insufficient Resources Are Available The switch has ample resources for configuring features and supporting: Note ■ RADIUS-authenticated clients (with or without the optional IDM applica tion) ■ Virus throttling and blocking on individual clients. Virus throttling does not operate on IPv6 traffic.
Monitoring Resources When Insufficient Resources Are Available E-8
F Daylight Savings Time on ProCurve Switches This information applies to the following ProCurve switches: • • • • • • • 212M 224M 1600M 2400M 2424M 4000M 8000M • • • • • • • • • • • Series 2500 Series 2510 Series 2600 Series 2610 Series 2800 Switch 2910 Series 3400cl Series 3500 Series 3500yl Series 4100gl Series 4200vl • • • • • • • • Series 5300xl Series 5400zl Switch 6108 Switch 6200yl Series 6400cl Switch 6600 Series 8200zl ProCurve AdvanceStack Switches • ProCurve AdvanceStack Routers ProCurve s
Daylight Savings Time on ProCurve Switches Middle Europe and Portugal: • Begin DST at 2am the first Sunday on or after March 25th. • End DST at 2am the first Sunday on or after September 24th. Southern Hemisphere: • Begin DST at 2am the first Sunday on or after October 25th. • End DST at 2am the first Sunday on or after March 1st. Western Europe: • Begin DST at 2am the first Sunday on or after March 23rd. • End DST at 2am the first Sunday on or after October 23rd.
Daylight Savings Time on ProCurve Switches Before configuring a “User defined” Daylight Time Rule, it is important to understand how the switch treats the entries. The switch knows which dates are Sundays, and uses an algorithm to determine on which date to change the system clock, given the configured “Beginning day” and “Ending day”: ■ If the configured day is a Sunday, the time changes at 2am on that day.
Daylight Savings Time on ProCurve Switches F-4
G Scalability: IP Address, VLAN, and Routing Maximum Values The following table lists the switch scalability values for the areas of VLANs, ACLs, hardware, ARP, and routing.
Scalability: IP Address, VLAN, and Routing Maximum Values Subject Maximum ARP ARP entries 10,000 packets held for ARP resolution 25 Routing Protocol G-2 RIP interfaces 128 OSPF passive interfaces OSPF active interfaces 512 (minus OSPF active interfaces) 128 OSPF areas 16 ECMP next hops 4
H Switch Licensing Switch software licensing enables advanced features in certain ProCurve switches. The following table shows the software licenses available for the switches covered by this manual.
Switch Licensing The procedure for installing a licensed feature into a switch is: 1. Locate the registration ID. When you purchase a software license, you receive a folded license registration card. The registration ID is located on the inside of the card, in the upper left corner. 2. Get the switch’s hardware ID. Establish a console connection to the switch CLI and enter Manager level, using the enable command if neces sary and the switch password if required.
I Power-Saving Features Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-2 Configuring the Power-Saving Options . . . . . . . . . . . . . . . . . . . . . . . . . I-3 Configuring the Savepower module Option . . . . . . . . . . . . . . . . . . I-3 Configuring the Savepower LED Option . . . . . . . . . . . . . . . . . . . . . I-4 Configuring the Savepower port-low-pwr Option . . . . . . . . . . . . . I-6 Show Savepower Commands . . . . .
Power-Saving Features Overview There are several power-saving features that can be configured for the indi cated switches and modules. The power-saving features include the ability to: ■ Turn slot power on or off ■ Turn LED power on or off using a timer ■ Slot auto low power mode The modules support the power-saving features as indicated in the table below.
Power-Saving Features Configuring the Power-Saving Options The savepower command provides configurable power-saving options. Syntax: [no] savepower Configures power-saving features. module [slot-id]: Turns power-saving options on or off for all modules or a specified module. The no form of the command powers on all the slots if they are powered off already.
Power-Saving Features You can verify the status of the savepower command by using the show modules command or by checking the log messages (for 8200zl and 5400zl switches). Note If a savepower module or savepower all command is immediately followed by a no savepower module or no savepower all command, the first slot in the list is powered down and then brought up.
Power-Saving Features duration <[HH:]MM>: The amount of time the LEDs remain turned off. Optional. If the duration value is zero, when the timer starts the LEDs are turned off indefinitely until the timer is canceled or the command is overridden with another command. Default: 0 (zero) recur: Optional. If specified, the LEDs are turned off on a daily basis at the configured time. The recur option is ignored if the duration is configured as zero. Default: disabled.
Power-Saving Features Configuring the Savepower port-low-pwr Option The port-low-pwr option puts the slots into auto low power mode if they are not linked. If a particular slot is specified, only that slot goes into auto low power mode. Specifying all puts all the slots into auto low power mode. The ports in low power mode periodically monitor to determine if the link has become active.
Power-Saving Features ProCurve(config)# show savepower module Module Save Power Information Slot ---A B C D E | + | | | | | Status ------Disabled Disabled Enabled Disabled Disabled Figure I-4. Example of Output for show savepower module Command Show Savepower Port-low-pwr. To display the status of the power-down feature for the slots, use the show savepower port-low-pwr command. For the stackable switches, the output shows if the feature is enabled or not enabled.
Power-Saving Features ProCurve(config)# show savepower led Led Save Power Information Alarm Start Time : 06/01/09 12:01:07 Alarm Duration (HH:MM) : 12:00 Recurrent Status : Enabled Led Save Power Information Slot ---A B C D E | + | | | | | Status ------Enabled Enabled Enabled Enabled Enabled Figure I-6.
J Network Out-of-Band Management (OOBM) for the 6600 Switch Contents Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-2 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-4 OOBM and Switch Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-5 Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Network Out-of-Band Management (OOBM) for the 6600 Switch Concepts Concepts Management communications with a managed switch can be: ■ in band—through the networked data ports of the switch ■ out of band—through a dedicated management port (or ports) separate from the data ports Out-of-band ports have typically been serial console ports using DB-9 or specially wired 8-pin modular (RJ-style) connectors. Some recent HP ProCurve switches have added networked out-of-band management ports.
Network Out-of-Band Management (OOBM) for the 6600 Switch Concepts improved switch security: a properly configured switch can limit management access to the management port only, preventing malicious attempts to gain access via the data ports. Network OOBM typically occurs on a management network that connects multiple switches.
Network Out-of-Band Management (OOBM) for the 6600 Switch Concepts Example In a typical data center installation, top-of-rack switches connect servers to the data network, while the management ports of those switches connect to a physically and logically separate management network. This allows network administrators to manage the switches even if operation on the data network is disrupted.
Network Out-of-Band Management (OOBM) for the 6600 Switch Concepts OOBM and Switch Applications The table below shows the switch applications that are supported on the OOBM interface as well as on the data interfaces. In this list, some applications are client-only, some are server-only, and some are both.
Network Out-of-Band Management (OOBM) for the 6600 Switch Tasks Tasks OOBM Configuration OOBM Context OOBM configuration commands can be issued from the global configuration context (config) or from a specific OOBM configuration context (oobm). To enter the OOBM configuration context from the general configuration context, use the oobm command. Syntax: oobm Enters the OOBM context from the general configuration context.
Network Out-of-Band Management (OOBM) for the 6600 Switch Tasks OOBM Enable/disable To enable or disable network OOBM, use the enable or disable command. Network OOBM is enabled by default. Syntax: From the OOBM context: enable disable From the general configuration context: oobm enable oobm disable Enables or disables networked out-of-band-management on the switch. OOBM is not compatible with either a management VLAN or stacking.
Network Out-of-Band Management (OOBM) for the 6600 Switch Tasks OOBM Port Enable/disable The OOBM interface command enables or disables the OOBM interface (the OOBM port, as opposed to the OOBM function). Syntax: From the OOBM context: interface [enable | disable] From the general configuration context: oobm interface [enable | disable] Enables or disables the networked OOBM interface (port).
Network Out-of-Band Management (OOBM) for the 6600 Switch Tasks OOBM Port Speed Control The OOBM port operates at 10 Mbps or 100 Mbps, half or full duplex. These can be set explicitly or they can be automatically negotiated using the auto setting.Set the port speed using the interface command.
Network Out-of-Band Management (OOBM) for the 6600 Switch Tasks OOBM IPv4 Address Configuration Configuring an IPv4 address for the OOBM interface is similar to VLAN IP address configuration, but it is accomplished within the OOBM context. Syntax: From the OOBM context: [no] ip address [dhcp-bootp | ip-address/mask-length] From the general configuration context: [no] oobm ip address [dhcp-bootp | ip-address/mask-length] Configures an IPv4 address for the switch’s OOBM interface.
Network Out-of-Band Management (OOBM) for the 6600 Switch Tasks OOBM Show Commands The show commands for OOBM are similar to the analogous commands for the data plane. Note that you must always include the oobm parameter to see the information for the OOBM interface, regardless of the context. For instance, even from the OOBM context the show ip command displays the IP configuration for the data plane; to see the IP configuration of the OOBM interface you need to use show oobm ip.
Network Out-of-Band Management (OOBM) for the 6600 Switch Tasks Show OOBM IP Configuration Use show oobm ip to see the IP configuration of the OOBM interface. Syntax: show oobm ip Summarizes the IP configuration of the OOBM interface. This command displays the status of IPv4 (enabled/disabled), the IPv4 default gateway, and the IPv4 address configured for the interface. You can issue this command from any context.
Network Out-of-Band Management (OOBM) for the 6600 Switch Tasks Application Server Commands Application servers (as described in OOBM and Server Applications in the Concepts section above) have added a listen keyword with oobm|data|both options to specify which interface(s) is(are) active. Default value is both for all servers.
Network Out-of-Band Management (OOBM) for the 6600 Switch Tasks The show servers command shows the listen mode of the servers. ProCurve# show servers Server listen mode Server Listen mode ----------------------------Telnet | both Ssh | both Tftp | both Web-management | both Snmp | both Application Client Commands CLI commands for client applications have added the oobm keyword to allow you to specify that the outgoing request be issued from the OOBM interface.
Network Out-of-Band Management (OOBM) for the 6600 Switch Tasks Ping: ping [...] [source < ip-address | vlan-id | oobm>] Management and Configuration Guide, page C-65 Traceroute: traceroute [...] [source ] Management and Configuration Guide, page C-67 Example This example shows setup and use of network OOBM using the commands described above. Assume that the figure below describes how you want to set up your data center. Figure J-3.
Network Out-of-Band Management (OOBM) for the 6600 Switch Tasks The CLI commands that follow would accomplish those tasks. (The first time through the process you might easily make the omission shown near the end of the example.) Switch Switch Switch Switch Switch 41# config 41(config)# vlan 1 41(vlan-1)# ip address 10.1.129.
Index Symbols => prompt … C-84 Numerics 802.1X effect, LLDP … 14-79 LLDP blocked … 14-46 802.1X access control authentication failure, SNMP notification … 14-26 SNMP notification of authentication failure … 14-26 A access manager … 14-13 operator … 14-13 out-of-band … 2-3 access control list See ACL. ACL debug messages … C-42 See also debug command.
disabled … A-11 download to a redundant management system … A-9 downloading software images … A-11 B bandwidth displaying port utilization … 10-13 displaying utilization … 5-18 guaranteed minimum See guaranteed minimum bandwidth. banner configuring … 2-11 default … 2-9 non-default … 2-10 operation … 2-9 redundant management … 2-10 Best Offer … 6-43 blue locator LED … C-96 boot See also reboot.
copy tftp oobm … A-31 config files oobm … 6-38 config files, SCP/SFTP transfer … 6-40 configuration Bootp … 8-14 clearing module … 10-31 comparing startup to running … 6-6 console … 7-3 copying … A-29 DHCP Option 66 … 6-41 DHCP, Best Offer … 6-43 factory default … 6-9, 8-2 file update with Option 66 … 6-41 file updating with Option 66 … 6-42 impacts of software download on … A-5 IP … 8-2 Option 67 … 6-42 permanent … 6-7 permanent change defined … 6-4 port … 10-1 port trunk group … 12-1 port, duplex … 10-15
features … 2-3 Help … 3-9, 3-11 inactivity-timer … 7-9 Main Menu interface … 3-7 meaning of asterisk … 3-10, 3-13 measuring network activity … C-8 navigation … 3-9, 3-10 operation … 3-10 starting a session … 3-4 statistics, clear counters … 3-12 status and counters access … 3-7 status and counters menu … B-6 troubleshooting access problems … C-6 context level global config … 4-5, 8-10 manager level … 4-5 moving between contexts … 4-7 port or trunk-group … 4-13 VLAN-specific … 4-15 copy command output … A-40
PoE … 11-8 PoE allocation, usage … 11-12 PoE power threshoold, 80 … 11-17 PoE pre-std-detect, enabled … 11-8 PoE prioirty, low … 11-10 PoE value, 17W … 11-21 port speed, auto … 10-16 security … A-48 SNTP … 9-5 sntp poll interval, 720 seconds … 9-11 Support/Mgmnt URL window … 5-13 system information features … 7-12 system name, switch product name … 7-12 Telnet access, enabled … 7-3 terminal type, VT-100 … 7-3 TFTP, enabled … A-10 tiime sync method, none … 7-12 time synchronization protocol, TimeP … 9-4 time
See MAC address. Dyn1 See LACP.
starving queues … 13-24 H Help for CLI … 1-7, 4-11 for menu interface … 1-6, 3-9, 3-11 for web browser interface … 1-7, 5-14 online, inoperable … 5-14 hop, router … 8-11 hotswapping mgmt module … 15-15 HP Auto-MDIX feature … 10-21 web browser interface … 2-5 I ICMP resources … E-4 ICMP rate-limiting all-traffic See rate-limiting.
single source … 8-25 source IP address … 8-26 source IP with debug debug source IP address … 8-31 source IP with radius … 8-31 source IP with tacacs … 8-31 source-interface option … 8-26 IP Preserve DHCP server … 8-21 overview … 8-21 rules, operating … 8-21 summary of effect … 8-24 IP routing debug messages … C-42 IPv6 debug dhcpv6 messages … C-43 match criteria classifier … B-34, B-56, B-66 IPX broadcast traffic … 10-5, 10-21 network number … B-11 J jumbo frames configuration … 13-32 excessive inbound … 1
802.1X blocking … 14-46 802.
trap receiver, data change notice … 14-52 TTL … 14-42, 14-44 txonly … 14-53 VLAN, untagged … 14-79 walkmib … 14-44 with PoE … 11-18 LLDP-MED displaying speed … 14-73 ELIN … 14-67 enable or disable … 14-42 endpoint support … 14-58 fast start control … 14-62 location data … 14-66 medTlvenable … 14-64 Neighbors MIB … 14-74 topology change notification … 14-60 Voice over IP … 14-57 load balancing See port trunk.
ACL criteria (deprecated) … B-29, B-35, B-37, B-56, B-62 ACLs converted to classifier-based policies in K.14.xx and later … B-30, B-62 ACLs replaced by classifier-based criteria … B-29, B-67 ARP request … B-96 booting pre-K.12.
rate … B-36 remote session configuration steps … B-46 defined … B-32 disabling … B-48 exit port … B-31 first release supported … B-28 quick reference … B-47 supported switches … B-33 restrictions classifier-based … B-67, B-72, B-73 local sessions … B-28 remote sessions … B-28 source switch … B-56 session 1, legacy configuration … B-37 session limits … B-34 show commands … B-76, B-78, B-79, B-86 simultaneous source/destination … B-34 SNMP … B-36, B-39 SNMP for no-tag-added mirroring … B-59 source switch … B-
oobm address config … J-10 client commands … J-14 command … J-6 copy command output … A-40 copy config to remote host … A-30 copy crash-data … A-42, A-43 copy crash-log … A-43, A-44 copy event-log tftp … A-41 copy show-tech … A-32 copy tftp command-file … A-36 copy tftp config … A-31 copy tftp flash … A-26 default gateway config … J-10 enable/disable … J-7, J-8 server commands … J-13 show arp … J-12 show commands … J-11 show config … J-12 SNTP … 9-13 speed-duplex … J-9 telnet … 7-7 telnet-server … 7-6 tftp
absent cnt … 11-24 defined … 11-3 needed power for PoE+ … 11-7 other fault … 11-23 over current cnt … 11-23 oversubscribed … 11-3 overview of status … 11-21 PD support … 11-6 PD, defined … 11-3 poe-lldp-detect command … 11-18 port-number priority … 11-7 port-number priority, defined … 11-4 power denied cnt … 11-23 power, provisioning … 11-5 prioritizing power … 11-7 priority class … 11-4, 11-7 defined … 11-3 priority critical … 11-10 priority high … 11-10 priority low … 11-10 priority policies … 11-26 prior
menu access to static trunk … 12-10 mirroring … B-28 monitor port restrictions … 12-9 nonconsecutive ports … 12-3 port security restriction … 12-9 removing port from static trunk … 12-16 requirements … 12-8 SA/DA … 12-37 spanning tree protocol … 12-9 static trunk … 12-8 static trunk, overview … 12-6 static/dynamic limit … 12-20 STP … 12-9 STP operation … 12-8 traffic distribution … 12-8 Trk1 … 12-8 trunk (non-protocol) option … 12-7 trunk option described … 12-36 types … 12-7 UDLD configuration … 10-34 VLAN
how measured … 13-9 ICMP See ICMP rate-limiting. intended use … 13-4 mcast command … 13-19 multicast traffic … 13-19 note on testing … 13-10, 13-17 operating notes … 13-8 optimum packet size … 13-10, 13-16 per-port only … 13-4 purpose … 13-4 traffic filters … 13-9 reboot actions causing … 6-4 faster boot time … 6-24 from secondary flash … 6-23 obtaining faster reboot time … 6-20 scheduling remotely … 6-25 via menu console … 3-8 via menu interface … 3-10, 3-12 See also boot.
viewing … 6-6 See also configuration. S savepower command … I-3 led option … I-4 port-low-pwr … I-6 show led … I-7 show module … I-6 show port-low-pwr … I-7 scalability … G-1 scheduled reboot … 6-25 SCP/SFTP enabling … A-13 session limit … A-17, A-19 transfer of config files … 6-40 troubleshooting … A-18 secure copy See SCP/SFTP. secure FTP See SCP/SFTP. secure management VLAN See VLAN.
configuring trap receivers … 14-19 configusing trap receivers … 14-19 DHCP snooping events … 14-17 different versions … 14-17 enabling informs … 14-21 enabling network security traps … 14-27 enabling SNMPv3 … 14-23 fixed traps … 14-19 invalid password in login … 14-17 IP … 14-3 link-change traps … 14-17, 14-28 manager password change … 14-17 mirroring … B-36 network security notification … 14-26 no-tag-added mirroring … B-59 notification, LLDP SNMP notification … 14-43 public community … 14-5, 14-13 support
startup-config viewing … 6-6 See also configuration. statistics … 3-7 clearing … B-18 SNTP … 9-22 statistics, clear counters … 6-11 status and counters access from console … 3-7 status overview screen … 5-7 subnet … 8-9 VLAN, mirroring exit port … B-34, B-46, B-48, B-49, B-90, B-97 subnet mask … 8-5, 8-6 See also IP masks. support changing default URL … 5-14 URL … 5-13 URL Window … 5-13 switch console See console.
terminal type … 7-3 terminate remote session … 7-11 TFTP auto-TFTP … A-11 auto-TFTP feature … A-11 auto-TFTP, disable … A-11, A-14 copy command output … A-40 copy crash data … A-41 copy crash log … A-43 copy event log output … A-41 copying a configuration file … A-31 copying software image … A-28 disable … A-14 disabled … A-11 download software using CLI … A-8 downloading software using console … A-6 enable client or server … A-10 enabling client functionality … A-10 enabling server functionality … A-10 swi
See also notification. snmp-authentication … 14-27 threshold … 14-19 troubleshooting ACL … C-9 approaches … C-5 browsing the configuration file … C-71 configuring debug destinations … C-42 console access problems … C-6 diagnosing unusual network activity … C-8 diagnostics tools … C-62 displaying switch operation … C-72, C-75 DNS See DNS.
copy crash log … A-43 copy event log output … A-41 copy software image to a USB device … A-29 devices with secure partitions not supported … A-22 flash drives must be formatted … A-22 supported capabilities … A-22 uploading an ACL command file … A-38 using to copy switch software … A-22 viewing flash drive contents … A-22, A-23 usb enable port … 10-17 usb configuration … 10-17 usb-port … 10-17 user name using for browser or console access … 5-9, 5-11 users, SNMPv3 See SNMPv3.
features … 2-5 first-time install … 5-8 first-time tasks … 5-8 Java applets, enabling … 5-5 main screen … 5-17 online help … 5-14 online help location specifying … 5-14 online help, inoperable … 5-14 overview … 5-17 Overview window … 5-17 password lost … 5-11 password, setting … 5-10 port status … 5-20 port utilization … 5-18 port utilization and status displays … 5-18 screen elements … 5-17 security … 5-3, 5-9 standalone … 5-5 status indicators … 5-23 status overview screen … 5-7 system requirements … 5-5
24 – Index
ProCurve 5400zl Switches Installation and Getting Startd Guide Technology for better business outcomes To learn more, visit www.hp.com/go/procurve/ © Copyright 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
