- HP Switch User Manual

Manuals Brands HP Manuals Switch PROCURVE 8212ZL

Release Notes:

Version K.13.49 Software

for the ProCurve Series 3500yl, 6200yl, 5400zl, and 8212zl Switches

These release notes include information on the following:

■ Downloading switch software and documentation from the Web (page 2)

■ Best practices for major software updates, including contingency procedures for rolling back

to previous software versions and configurations. Please read before updating software

versions from K.12.xx to K.13.xx (page 7).

■ Notes for ROM updates required for all yl and zl switches running K.13.45 or earlier (page 17)

■ Clarifications for certain software features (page 20)

■ A listing of software enhancements in recent releases (page 26)

■ A listing of software fixes included in releases K.11.11 through K.13.49 (page 145)

■ Support Notes and Known Issues in releases K.11.11 through K.13.49 (page 17)—includes

"Security notes about SNMP access to the hpSwitchAuth MIB objects" and other topics.

Support Notices:

WARNING. Updating to Version K.13.xx: . It is important that you update to K.13.xx from a

configuration that has not been previously converted from a pre-K.13.xx format (e.g. a K.11.xx or

K.12.xx configuration). If you have previously updated to K.13.xx and rolled back to K.12.xx to

workaround an issue, you should load a saved K.12.xx configuration to the switch and boot to it prior

to updating to K.13 again.

Performing major software updates: Before updating your software version from K.12.xx to

K.13.xx, read the recommended best practices for performing major software updates (page 7).

Restriction in number of ACL mirror destinations: The K.13.01 software introduced a new

restriction to a single ACL mirror destination. For more information, see "Restriction in number of

ACL mirror destinations (page 24) .

PIM-SM: PIM-SM users should make sure ProCurve switches that run K software should all be on

the either pre-K.13.21 or post-K.13.21 versions of software due to a bug fix in K.13.21 that changes

the way a rendezvous point is chosen.

Summary of content (219 pages)

PAGE 1

Release Notes: Version K.13.49 Software for the ProCurve Series 3500yl, 6200yl, 5400zl, and 8212zl Switches These release notes include information on the following: ■ Downloading switch software and documentation from the Web (page 2) ■ Best practices for major software updates, including contingency procedures for rolling back to previous software versions and configurations. Please read before updating software versions from K.12.xx to K.13.xx (page 7).
PAGE 3

Contents Software Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1 Premium License Switch Software Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Download Switch Documentation and Software from the Web . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 4

Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26 Release K.11.12 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Release K.11.13 through K.11.32 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Release K.11.33 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 5

Release K.12.10 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Show VLAN ports CLI Command Enhancement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Release K.12.11 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Release K.12.12 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 6

Release K.12.51 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Release K.12.52 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Release K.12.53 through K.12.55 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Release K.12.56 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 7

Enabling Customized Web Authentication Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Dynamic IP Lockdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Release K.13.20 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 8

Release K.11.34 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Release K.11.35 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Release K.11.36 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Release K.11.37 . . . . . . . . . . .
PAGE 9

Release K.12.09 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Release K.12.10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Release K.12.11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Release K.12.12 . . . . . . . . . . .
PAGE 10

Release K.12.51 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 Release K.12.52 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Release K.12.53 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Release K.12.54 . . . . . . . . . . .
PAGE 11

Release K.13.26 through K.13.39 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Release K.13.40 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Release K.13.41 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 Release K.13.42 . . . . . . . . . . . . . . . . . .
PAGE 12

Software Management Premium License Switch Software Features Software Management Premium License Switch Software Features The ProCurve 3500yl and 5400zl switches ship with the ProCurve Intelligent Edge software feature set. The additional Premium License switch software features for the 3500yl and 5400zl switches can be acquired by purchasing the optional Premium License and installing it on the Intelligent Edge version of these switches.
PAGE 13

Software Management Download Switch Documentation and Software from the Web Download Switch Documentation and Software from the Web You can download software updates and the corresponding product documentation from the ProCurve Networking Web site as described below. View or Download the Software Manual Set Go to: www.procurve.com/manuals You may want to bookmark this Web page for easy access in the future.
PAGE 14

Software Management Download Switch Documentation and Software from the Web TFTP Download from a Server Syntax:copy tftp flash [ < primary | secondary > ] Note that if you do not specify the flash destination, the TFTP download defaults to the primary flash. For example, to download a software file named K_11_1x.swi from a TFTP server with the IP address of 10.28.227.103: 1. Execute the copy command as shown below: ProCurve # copy tftp flash 10.28.227.103 K_11_1x.
PAGE 15

Software Management Download Switch Documentation and Software from the Web Syntax: copy xmodem flash [< primary | secondary >] 1. To reduce the download time, you may want to increase the baud rate in your terminal emulator and in the switch to a value such as 115200 bits per second. (The baud rate must be the same in both devices.
PAGE 16

Software Management Download Switch Documentation and Software from the Web Using USB to Download Switch Software To use the USB port on the switch to download a software version from a USB flash drive: ■ The software version must be stored on the USB flash drive, and you must know the file name (such as K_12_10.swi). ■ The USB flash drive must be properly installed in the USB port on the switch. Note Some USB flash drives may not be supported on your switch.
PAGE 17

Software Management Saving Configurations While Using the CLI Saving Configurations While Using the CLI The switch operates with two configuration files: ■ Running-Config File: Exists in volatile memory and controls switch operation. Rebooting the switch erases the current running-config file and replaces it with an exact copy of the current startup-config file. To save a configuration change, you must save the running configuration to the startup-config file.
PAGE 18

Software Management Best Practices for Major Software Updates Best Practices for Major Software Updates Major software updates contain new features and enhancements, and are designated by an increment to the major release version number. That is, K.12.xx represents a major update to software version(s) K.11.xx, and K.13.xx represents a major update to K.12.xx, and so forth.
PAGE 19

Software Management Best Practices for Major Software Updates Note: You might opt to use a different methodology in which the new software will be installed as the secondary and not the primary image, in which case you would use the commands boot system flash secondary, and/or boot set-default flash secondary to change the location of the default boot.
PAGE 20

Software Management Best Practices for Major Software Updates b. Create a backup configuration file and verify the change. Switch1# copy config config1 config config2 Switch1# show config files Configuration files: id | act pri sec | name ---+-------------+---------------------------------------------1 | * * * | config1 2 | | config2 3 | | 3. Save the current config to a tftp server using the copy tftp command. For example: Switch1# copy startup-config tftp 10.1.1.60 Switch1_config_K_12_57.
PAGE 21

Software Management Best Practices for Major Software Updates Note This step will enable you to revert from K_13_05 to your previous image with your previous configuration just by invoking the command boot system flash secondary. 6. Download the new primary image. Switch1# copy tftp flash 192.168.1.60 K_13_06.swi primary The Primary OS Image will be deleted, continue [y/n]? At the prompt, answer y, for yes, and the new image will be downloaded and written to the File system.
PAGE 22

Software Management Best Practices for Major Software Updates 8. Reload the new switch image. Switch1# reload System will be rebooted from primary image. Do you want to continue [y/n]? y At the prompt, answer y, for yes, and the switch will boot with the new image. Note: As an additional step, ProCurve advises saving the startup-config to a tftp server using the copy tftp command. For example: Switch1# copy startup-config tftp 10.1.1.60 Switch1_config_K_13_06.
PAGE 23

Software Management Best Practices for Major Software Updates 1 | 2 | 3 | 2. * * * | config1 | config2 | Boot the switch using the secondary image (with config2). Switch1# boot system flash secondary System will be rebooted from secondary image. Do you want to continue [y/n]? y Answer y, for yes, and the switch will boot from the secondary image (K.12.57, in this example) with the corresponding configuration for that software version (Config2).
PAGE 24

Software Management Best Practices for Major Software Updates And later, the configuration that was created on K.12.57 is viewed while the switch is running K.13.06: ProCurve5406zl-onK1306# show config K1257config The command output will show how the K.12.57 config would be interpreted, if it were to be used by the K.13.06 software. Copying the K1257config to a TFTP server would similarly trigger an interpretation by the software performing the file transfer.
PAGE 25

Software Management ProCurve Switch, Routing Switch, and Router Software Keys ProCurve Switch, Routing Switch, and Router Software Keys Software Letter ProCurve Networking Products C 1600M, 2400M, 2424M, 4000M, and 8000M CY Switch 8100fl Series (8108fl and 8116fl) E Switch 5300xl Series (5304xl, 5308xl, 5348xl, and 5372xl) F Switch 2500 Series (2512 and 2524), Switch 2312, and Switch 2324 G Switch 4100gl Series (4104gl, 4108gl, and 4148gl) H Switch 2600 Series, Switch 2600-PWR Series: H.07.
PAGE 26

Software Management OS/Web/Java Compatibility Table OS/Web/Java Compatibility Table The switch Web agent supports the following combinations of OS browsers and Java Virtual Machines: Operating System Internet Explorer Windows NT 4.0 SP6a 5.00, 5.01 5.01, SP1 6.0, SP1 Windows 2000 Pro SP4 5.05, SP2 6.0, SP1 Windows XP Pro SP2 6.0, SP2 and 7.0 Windows Server SE 2003 SP2 Java Sun Java 2 Runtime Environment: – Version 1.3.1.12 – Version 1.4.2.05 Sun Java 2 Runtime Environment: – Version 1.5.
PAGE 27

Software Management Minimum Software Versions ProCurve Device Product Number Minimum Supported Software Version Switch 5400zl 4p 10-GbE CX4 Module J8708A K.11.33 Switch 6200yl-24G-mGBIC J8992A K.11.33 Switch 3500yl 2p 10GbE X2 + 2p CX4 Module J8694A K.11.
PAGE 28

Support Notes Minimum Software Versions Support Notes ROM Update Required! All yl and zl switches running K.12.45 system software or earlier, will have the BootROM updated by this new version of system software. This software download will boot the switch twice, first to update the BootROM to version K.12.14, and then to load the system software. Following file copy to the switch flash and initiation of the reload, no additional user intervention is needed.
PAGE 29

Support Notes Minimum Software Versions ProCurve(config)# snmp-server mib hpswitchauthmib excluded For more information on the above topic, refer to "Using SNMP To View and Configure Switch Authentication Features" in the "RADIUS Authentication and Accounting" chapter of the Access Security Guide for your switch. For an overview of the security features available on the switch, refer to chapter 1, "Security Overview", in the Access Security Guide for your switch.
PAGE 30

Support Notes Minimum Software Versions Management and Configuration Guide for ProCurve Wireless Edge Services zl Module here: ftp://ftp.hp.com/pub/networking/software/WESM-zl-MgmtCfg-Aug2007-59918626.pdf). Network administrators who do not wish to have the radio ports moved to the auto-provisioned VLAN should disable this feature with the command "no lldp auto-proision" at the CLI. CAUTION: Updating to Version K.13.xx It is important that you update to K.13.
PAGE 31

Clarifications Minimum Software Versions Clarifications The following clarification or updates apply to documentation for the ProCurve Series 3500yl, 6200yl, 5400zl, and 8212zl Switches as of July 2008. ■ Maximum Number of VLANs Supported in Hardware for PIM-S — Page 4-5 in the Multicast and Routing Guide dated January 2008 for switches running version K software incorrectly states that up to 2048 flows are supported in hardware across a maximum of 512 VLANs.
PAGE 32

Clarifications Minimum Software Versions ■ Maximum UDP Broadcast Forwarding Entries: The number of UDP broadcast entries and IP helper addresses combined can be up to 16 per VLAN, with an overall maximum of 2048 on the switch. An earlier version of the Multicast and Routing Guide (page 5-142) had incorrectly stated that the overall maximum is 256. ■ Reload Command Description Syntax: Reload This command boots the switch from the currently active flash image and startup-config file.
PAGE 33

Known Issues Minimum Software Versions Known Issues Release K.13.25 The following problems are known issues as of release K.13.25. SFTP/SCP (PR_0000008270) — An SFTP or SCP client session may not close after a config download session ends. The work-around is to close the client manually. Release K.13.23 The following problems are known issues in release K.13.23 or newer.
PAGE 34

Known Issues Minimum Software Versions ■ Web (PR_1000761014) — The Web interface truncates 16 character passwords to 15 characters. Workaround: configure 16 character passwords via the CLI. ■ ICMP (PR_1000764033) — ICMP TTL expired messages are being sent with a source address of the interface the message leaves from rather than the interface that receives the expired packet. ■ Auto-TFTP/Config (PR_0000001410) — Auto-TFTP configuration is lost during the update from K.12.xx to K.13.03.
PAGE 35

Known Issues Release K.13.02 ■ Config Transfer (PR_1000781004) — The switch allows a config file transfer to set an invalid speed-duplex setting on a 100FX SFP. ■ Config Transfer (PR_1000781031) — When the valid port setting 'auto-1000' is configured for a 10/100/1000 interface and the configuration gets copied to the switch, the port setting is altered to 'auto.' ■ Config Transfer (PR_1000781011) — A config file copied to the switch allows an entry to enable flow control on a half-duplex interface.
PAGE 36

Known Issues Release K.13.
PAGE 37

Enhancements Release K.11.12 Enhancements Enhancements Unless otherwise noted, each new release includes the enhancements added in all previous releases. Enhancements are listed in chronological order, oldest to newest software release. To review a summary of enhancements included since the last general release that was published, begin with “Release K.13.01 Enhancements” on page 69. Descriptions and detailed instructions for enhancements included in Release K.13.
PAGE 38

Enhancements Release K.11.35 Enhancements ■ CLI-configured sFlow with multiple instances: In earlier software releases, the only method for configuring sFlow on the switch was via SNMP using only a single sFlow instance. Beginning with software release K.11.34, sFlow can also be configured via the CLI for up to three distinct sFlow instances.
PAGE 39

Enhancements Release K.11.41 Enhancements Release K.11.41 Enhancements Release K.11.43 includes the following enhancement: ■ Added support for Unidirectional Fiber Break Detection (UDLD). Release K.11.42 Enhancements No enhancements, software fixes only. Release K.11.43 Enhancements Release K.11.43 includes the following enhancement: ■ 802.1X Controlled Directions enhancement. With this change, Administrators can use “Wake-on-LAN” with computers that are connected to ports configured for 802.
PAGE 40

Enhancements Release K.11.60 through K.11.63 Enhancements Release K.11.60 through K.11.63 Enhancements No enhancements, software fixes only. ■ Versions K.11.50 through K.11.59 were never built. ■ Version K.11.60 was never released. Release K.11.64 Enhancements Release K.11.64 includes the following enhancement: ■ Loop Protection feature additions, including packet authentication, loop detected trap, and receiver port configuration.
PAGE 41

Enhancements Release K.12.01 Enhancements Release K.12.01 Enhancements Release K.12.01 is a major software update containing many new features and enhancements to existing features. The following updates have been documented in the latest revisions to the manuals (February 2007). Refer to the manuals for additional details.
PAGE 42

Enhancements Release K.12.01 Enhancements Software Manual/ Enhancements Description Advanced Traffic Management Guide Qos Queue Config: Allows you to reduce the number of outbound queues that all switch ports will use to buffer packets for 802.1p user priorities. Number of Default VLANs: In the factory default state, support has been increased from 8 VLANs to 256 VLANs. (You can reconfigure the switch to support up to 2048 (vids up to 4094) VLANs.
PAGE 43

Enhancements Release K.12.02 Enhancements Software Manual/ Enhancements Description Controlled Directions Allows you to use the aaa port-access controlled-directions command to Web/MAC Auth: configure how a port transmits traffic before it successfully authenticates a client and enters the authenticated state. This feature is available for both 802.1X and Web/MAC authorization.
PAGE 44

Enhancements Release K.12.04 Enhancements For more information, refer to “QoS TCP/UDP Priority” in the Advanced Traffic Management Guide. Release K.12.04 Enhancements Release K.12.04 includes the following enhancement: ■ Enhancement MSTP (PR_1000369492) — Update of MSTP implementation to the latest IEEE P802.1Q-REV/D5.0 specification to stay in compliance with the protocol evolution.
PAGE 45

Enhancements Release K.12.04 Enhancements [admin-edge-port] Enables admin-edge-port for RSTP/MSTP. If a bridge or switch is detected on the segment, the port automatically operates as non-edge, not enabled. (Default: No - disabled) If admin-edge-port is disabled on a port and auto-edge-port has not been disabled, the auto-edge-port setting controls the behavior of the port. The no spanning-tree < port-list > admin-edge-port command disables admin-edge-port operation on the specified ports.
PAGE 46

Enhancements Release K.12.04 Enhancements Syntax: spanning-tree < port-list > < hello-time | path-cost | point-to-point-mac | priority > [hello-time < global | 1 - 10 > When the switch is the CIST root, this parameter specifies the interval (in seconds) between periodic BPDU transmissions by the designated ports. This interval also applies to all ports in all switches downstream from each port in the < port-list >.
PAGE 47

Enhancements Release K.12.05 Enhancements priority < 0.15 > MSTP uses this parameter to determine the port(s) to use for forwarding. The port with the lowest assigned value has the highest priority. While the actual priority range is 0 to 240, this command specifies the priority as a multiplier (0-15) of 16. That is, when you specify a priority multiplier of 0-15, the actual priority assigned to the switch is: (priority-multiplier) x 16 = priority The default priority-multiplier value is 8.
PAGE 48

Enhancements Release K.12.05 Enhancements Note You can use 802.1X (port-based or client-based) authentication and either Web or MAC authentication at the same time on a port, with a maximum of 32 clients allowed on the port. (The default is one client.) Web authentication and MAC authentication are mutually exclusive on the same port. Also, you must disable LACP on ports configured for any of these authentication methods.
PAGE 49

Enhancements Release K.12.05 Enhancements If the dynamic VLAN does not exist or if you have not enabled the use of a dynamic VLAN for authentication sessions on the switch, the authentication fails. ■ To enable the use of a GVRP-learned (dynamic) VLAN as the untagged VLAN used in an authentication session, enter the aaa port-access gvrp-vlans command, as described in “Enabling the Use of GVRP-Learned Dynamic VLANs in Authentication Sessions” on page 42.
PAGE 50

Enhancements Release K.12.05 Enhancements Therefore, on a port where one or more authenticated client sessions are already running, all such clients are on the same untagged VLAN. If a RADIUS server subsequently authenticates a new client, but attempts to re-assign the port to a different, untagged VLAN than the one already in use for the previously existing, authenticated client sessions, the connection for the new client will fail. For more on this topic, refer to “802.
PAGE 51

Enhancements Release K.12.05 Enhancements In the show command output, port A2 is temporarily configured as untagged on VLAN 22 for an 802.1X session. This temporary configuration change is necessary to accommodate an 802.1X client’s access, authenticated by a RADIUS server, in which the server included an instruction to assign the client session to VLAN 22. Note: In the current VLAN configuration ( Figure 1), port A2 is only listed as a member of VLAN 22 in show vlan 22 output when an 802.
PAGE 52

Enhancements Release K.12.05 Enhancements When the 802.1X client session on port A2 ends, the port removes the temporary untagged VLAN membership. The static VLAN (VLAN 33) that is “permanently” configured as untagged on the port becomes available again. Therefore, when the RADIUS-authenticated 802.1X session on port A2 ends, VLAN 22 access on port A2 also ends, and the untagged VLAN 33 access on port A2 is restored as shown in Figure 4. When the 802.
PAGE 53

Enhancements Release K.12.05 Enhancements Enabling the Use of GVRP-Learned Dynamic VLANs in Authentication Sessions Syntax: aaa port-access gvrp-vlans Enables the use of dynamic VLANs (learned through GVRP) in the temporary untagged VLAN assigned by a RADIUS server on an authenticated port in an 802.1X, MAC, or Web authentication session. Enter the no form of this command to disable the use of GVRP-learned VLANs in an authentication session.
PAGE 54

Enhancements Release K.12.06 Enhancements Release K.12.06 Enhancements Release K.12.06 includes the following enhancement: ■ Enhancement (PR_1000308332) — Passwords (hashed) can be saved to the configuration file. Saving Security Credentials in a Configuration File In software release K.12.06 and greater, you can store and view the following security settings in the running-config file associated with the current software image by entering the include-credentials command.
PAGE 55

Enhancements Release K.12.06 Enhancements ■ By storing different security settings in different files, you can test different security configurations when you first download a new software version that supports multiple configuration files by changing the configuration file used when you reboot the switch.
PAGE 56

Enhancements Release K.12.06 Enhancements In software release K.12.06 and greater, you cannot view the configured local password settings in plain text.
PAGE 57

Enhancements Release K.12.06 Enhancements ■ The parameter specifies the type of algorithm (if any) used to hash the password. Valid values are plaintext or sha-1. ■ The parameter is the clear ASCII text string or SHA-1 hash of the password. You can enter a manager/operator password in clear ASCII text or hashed format, while the port-access password must be clear ASCII text only.
PAGE 58

Enhancements Release K.12.06 Enhancements is the hashed authentication password used with the configured authentication method. priv “” is the (optional) hashed privacy password used by a privacy protocol to encrypt SNMPv3 messages between the switch and the station.
PAGE 59

Enhancements Release K.12.06 Enhancements After you enter the complete password port-access command syntax, the password is set. You are not prompted to enter the password a second time. TACACS+ Encryption Key Authentication You can use TACACS+ servers to authenticate users who request access to a switch through Telnet (remote) or console (local) sessions.
PAGE 60

Enhancements Release K.12.06 Enhancements In software release K.12.06 and greater, RADIUS shared secret (encryption) keys can be saved in a configuration file with the following syntax: radius-server key Where: is the encryption key (in clear text) used for secure communication with all or a specific RADIUS server. SSH Client Public-Key Authentication Secure Shell version 2 (SSHv2) is used by ProCurve switches to provide remote access to SSH-enabled management stations.
PAGE 61

Enhancements Release K.12.06 Enhancements If the keystring contains double-quotes, it can be quoted with single quotes ('keystring'). The following restrictions for a keystring apply: ■ A keystring cannot contain both single and double quotes. ■ A keystring cannot have extra characters, such as a blank space or a new line. However, to improve readability, you can add a backlash at the end of each line. Note In software release K.12.
PAGE 62

Enhancements Release K.12.06 Enhancements ...
PAGE 63

Enhancements Release K.12.06 Enhancements Enabling the Storage and Display of Security Credentials To enable the security settings described in “Security Settings that Can Be Saved” on page 44 to be included and viewed in the running configuration on the switch, enter the include-credentials command. Syntax: [no] include-credentials Enables the inclusion and display of the currently configured manager and operator usernames and passwords, RADIUS shared secret keys, SNMP and 802.
PAGE 64

Enhancements Release K.12.06 Enhancements Operating Notes Caution ■ When you first enter the include-credentials command to save the additional security credentials to the running configuration, these settings are moved from internal storage on the switch to the running-config file. You are prompted by a warning message to perform a write memory operation to save the security credentials to the startup configuration.
PAGE 65

Enhancements Release K.12.06 Enhancements ■ After you permanently save security configurations to the current startup-config file using the write memory command, you can view and manage security settings with the following commands: • show config: Displays the configuration settings in the current startup-config file.
PAGE 66

Enhancements Release K.12.06 Enhancements ■ ■ 55 If you upgrade ProCurve software on a switch from an earlier software release to software release K.12.06 or greater and then enter the include-credentials command, security passwords are managed as follows: • The manager password (if any) in the earlier software version is copied into the running configuration. The other two configuration files, if configured, will not have a manager password configured.
PAGE 67

Enhancements Release K.12.06 Enhancements Restrictions The following restrictions apply when you enable security credentials to be stored in the running configuration with the include-credentials command: ■ The private keys of an SSH host cannot be stored in the running configuration. Only the public keys used to authenticate SSH clients can be stored. An SSH host’s private key is only stored internally; for example, on the switch or on an SSH client device.
PAGE 68

Enhancements Release K.12.07 Enhancements Note that the password port-access values are configured separately from local operator username and passwords that are configured with the password operator command and used for management access to the switch. For more information about how to use the password port-access command to configure operator passwords and usernames for 802.1X authentication, refer to the “Configuring Port-Based and Client-Based Access Control (802.
PAGE 69

Enhancements Release K.12.09 Enhancements Release K.12.09 Enhancements No enhancements, software fixes only. Release K.12.10 Enhancements Release K.12.10 includes the following enhancement: ■ Enhancement (PR_1000419653) — The show vlan ports command was enhanced to display each port in the VLAN separately, display the friendly port name (if configured), and display the VLAN mode (tagged/untagged) for each port. See “Show VLAN ports CLI Command Enhancement” below.
PAGE 70

Enhancements Release K.12.10 Enhancements Voice: Indicates whether a (port-based) VLAN is configured as a voice VLAN. Jumbo: Indicates whether a VLAN is configured for Jumbo packets. For more on jumbos, refer to the chapter titled “Port Traffic Controls” in the Management and Configuration Guide for your switch. Mode: Indicates whether a VLAN is tagged or untagged. The following examples illustrate the displayed output depending on whether the detail option is used.
PAGE 71

Enhancements Release K.12.11 Enhancements Release K.12.11 Enhancements No enhancements, software never released. Release K.12.12 Enhancements No enhancements, software fixes only. Release K.12.13 Enhancements No enhancements, software never released. Release K.12.14 Enhancements No enhancements, software fixes only. Release K.12.15 Enhancements Release K.12.
PAGE 72

Enhancements Release K.12.15 Enhancements To enable SNMP informs, enter this command: Syntax: [no] snmp-server enable informs Enables or disables the informs option for SNMP. Default: Disabled To configure SNMP informs request options, use the following commands. Syntax: [no] snmp-server informs [retries] [timeout] [pending ] Allows you to configure options for SNMP informs requests. retries: Maximum number of times to resend an informs request.
PAGE 73

Enhancements Release K.12.16 Enhancements You can see if informs are enabled or disabled with the show snmp-server command as shown in Figure 9.
PAGE 74

Enhancements Release K.12.19 Enhancements ■ Enhancement (PR_1000428213) — This software enhancement adds the ability to configure a secondary authentication method to be used when the RADIUS server is unavailable for the primary port access method. For more information, see the ProCurve Access Security Guide.
PAGE 75

Enhancements Release K.12.22 Enhancements Release K.12.22 Enhancements Release K.12.22 includes the following enhancement: ■ Enhancement (PR_1000443026) — Support for the new revision "C" Mini-GBICs was added to the CLI and the "show tech" command. ■ Enhancement (PR_1000444415) — OSPF Passive Interface support was added. For more information, see the ProCurve Multicast and Routing Guide. Release K.12.23 Enhancements Release K.12.
PAGE 76

Enhancements Release K.12.33 through K.12.40 Enhancements ■ Enhancement — Merged all of the K.12.24 and earlier software fixes and enhancements with the ProCurve switch 8212zl support. Release K.12.33 through K.12.40 Enhancements No enhancements; Never built. Release K.12.41 through K.12.42 Enhancements No enhancements; Never released. Release K.12.43 Enhancements Release K.12.43 includes the following enhancement: ■ Enhancement — Support for the following ProCurve products was added.
PAGE 77

Enhancements Release K.12.45 Enhancements Release K.12.45 Enhancements No enhancements; Never released. Release K.12.46 Enhancements No enhancements; Never released. Release K.12.47 Enhancements Release K.12.47 includes the following enhancement: ■ Enhancement Removed (PR_1000468258) — The PC attached to IP telephone enhancement was removed. Release K.12.48 Enhancements Release K.12.
PAGE 78

Enhancements Release K.12.52 Enhancements ■ Enhancement (PR_10004570598) — An improved version of the MSTP-VLAN mapping enhancement referenced in PR_1000457691 was added. This enhancement allows the mapping of all theoretically available VLAN IDs (1-4094) to an MSTP instance, even if some of the VLANs are not currently configured on the switch. For more information, see the ProCurve Management and Configuration Guide.
PAGE 79

Enhancements Release K.12.57 Enhancements ■ Enhancement (PR_1000464170) — This feature provides support for adding the LLDP VLAN Name TLV to LLDP advertisements generated by ProCurve switches. For more information, see the ProCurve Management and Configuration Guide. Release K.12.57 Enhancements Release K.12.57 includes the following enhancement: ■ Enhancement (PR_1000713394) — Adjustable IGMP Querier interval. For more information, see the ProCurve Management and Configuration Guide. Release K.12.
PAGE 80

Enhancements Release K.13.01 Enhancements Release K.13.01 Enhancements Release K.13.01 is a major software update containing many new features and enhancements to existing features, including IPv6 host and application layer features (see “IPv6 Configuration Guide for 2900/3500/5400/6200/8200” on page 71 for details). The following enhancements have been documented in the latest revisions to the manuals (January 2008). Refer to the indicated manuals for additional details.
PAGE 81

Enhancements Release K.13.01 Enhancements Software Manual/ Enhancements Description STP Diagnostics: Adds more diagnostic functions to resolve STP issues. See the section on “Troubleshooting an MSTP configuration” in the chapter on Multiple Instance Spanning-Tree Operation. Routing and Multicast Guide Host-based OSPF-ECMP: Allows OSPF to add routes with multiple next-hop addresses and with equal costs to a given destination IP address.
PAGE 82

Enhancements Release K.13.02 Enhancements Software Manual/ Enhancements Description Note on Manual Updates: In addition to the above updates to the manuals, with this release the 8212zl software manuals and 3500/5400/6200 software manuals have been combined into a single manual set.
PAGE 83

Enhancements Release K.13.02 Enhancements When OSPF is Also Enabled on the VRRP Routers When OSPF is enabled on the routers and a Fail-back event occurs, the Owner router immediately takes control of the virtual IP address and provides the default gateway functionality. If OSPF has not converged, the route table in the Owner router may not be completely populated. When the hosts send packets to the default gateway, the Owner router may not know where to send them and packets may be dropped.
PAGE 84

Enhancements Release K.13.02 Enhancements where VID = 16 VRID = 23 PDT = 12 seconds VRRP Preempt Mode with LACP and Older ProCurve Devices There can be an issue with VRRP Preempt Mode if an older ProCurve device (2524, 2650, 2848, 3400cl, or 5300) is the intermediate device connecting to a VRRP router and has LACP set in “enable, passive” mode. This mode is set by default on older ProCurve devices, whereas it is disabled by default on later models such as the ProCurve Series 5400zl.
PAGE 85

Enhancements Release K.13.02 Enhancements There are trade-offs between selecting a small advertisement value and a large preempt delay time. A small advertisement value results in a faster failover to the Backup router. A larger PDT value allows OSPF to converge before the Owner router takes back control of its virtual IP address.
PAGE 86

Enhancements Release K.13.03 Enhancements Error Messages Error Error Message Attempting to assign the preempt delay time to the Virtual Router before declaring it as an Owner or Backup The Virtual Router must be defined as an Owner or Backup router first. Attempting to assign an out of range preempt delay time Invalid input: to the Virtual Router instance. Attempting to change the preempt delay time value when the Virtual Router is active.
PAGE 87

Enhancements Release K.13.04 Enhancements Release K.13.04 Enhancements Release K.13.04 includes the following enhancements. ■ Enhancement (PR_ 0000000081) — The CLI clear module command allows you to remove module configuration information from the configuration file. Clear Module Configuration Overview Because of the hot-swap capabilities of the modules, when a module is removed from the chassis of a ProCurve series 5400 switch, the module configuration remains in the configuration file.
PAGE 88

Enhancements Release K.13.04 Enhancements ■ Enhancement (PR_ 0000000082) — The CLI track interface command allows you to configure tracking for a port or list of ports, or a trunk or list of trunks. VRRP—Dynamic Priority Change Overview This enhancement provides the ability to dynamically change the priority of the virtual router (VR) when certain events occur. The Backup VR releases virtual IP address control by reducing its priority when tracked entities such as ports, trunks, or VLANs go down.
PAGE 89

Enhancements Release K.13.04 Enhancements Note A Backup VR switches to priority zero instead of its configured value when all its tracked entities go down. An Owner VR always uses priority 255 and never relinquishes control voluntarily. CLI Commands The following commands are used for this enhancement. Note You can only configure tracked interfaces or VLANs on the Backup router.
PAGE 90

Enhancements Release K.13.04 Enhancements Configuring Track VLAN The track vlan command allows you to specify a VLAN or range of VLANs to be tracked by the VR. Notes VR operation must be down before executing this command. Use the no enable command to disable VR operation. The VRs operating VLAN can’t be configured as a tracking VLAN for that VR. Syntax: [no] track vlan Allows you to specify a VLAN or range of VLANs that will be tracked by this virtual router.
PAGE 91

Enhancements Release K.13.04 Enhancements Syntax: no track The command allows you to remove tracking for all configured track entities (ports, trunks, and VLANs). The command is executed in VRID instance context. For example: ProCurve(vlan-25-vrid-1)# no track Failover Operation Failover operation involves handing off of the VRs control of the virtual IP to another VR. Once a failover command is issued, the VR begins sending advertisements with priority zero instead of the configured priority.
PAGE 92

Enhancements Release K.13.04 Enhancements Displaying the VRRP Configuration You can display the VRRP tracked entities by entering the command shown in Figure 11. ProCurve(vlan-25-vrid-1)# show vrrp tracked-entities VRRP Tracked entities VLAN ID ---------25 25 25 25 25 VR ID ---------1 1 1 1 1 Type ---------port port port port vlan ID -----------------------------7 12 13 14 1 Figure 11.
PAGE 93

Enhancements Release K.13.04 Enhancements • The VRs operating VLAN can’t be configured as a tracking VLAN for that VR. • Ports that are part of a trunk can’t be tracked. • A port that is tracked can’t be included in a trunk. • Trunks that are tracked can’t be removed; you are not able to remove the last port from the trunk. • LACP (active or passive) cannot be enabled on a port that is being tracked.
PAGE 94

Enhancements Release K.13.04 Enhancements Enhancement (PR_ 0000000084) — DHCP Option 66 provides a way to automatically download and initially boot from a configuration that is different from the factory-shipped configuration. ■ DHCP Option 66 Automatic Configuration Update Overview ProCurve switches are initially booted up with the factory-shipped configuration file. This enhancement provides a way to automatically download a different configuration file from a TFTP server using DHCP Option 66.
PAGE 95

Enhancements Release K.13.04 Enhancements Possible Scenarios for Updating the Configuration File The following table shows various network configurations and how Option 66 is handled. Scenario Behavior Single Server serving Multiple VLANs • Each DHCP-enabled VLAN interface initiates DHCPDISCOVER message, receives DHCPOFFER from the server, and send DHCPREQUEST to obtain the offered parameters.
PAGE 96

Enhancements Release K.13.04 Enhancements • DHCP is preferred over BootP • If two BootP offers are received, the first one is selected • For two DHCP offers: – The offer from an authoritative server is selected – If there is no authoritative server, the offer with the longest lease is selected Log Messages The file transfer is implemented by the existing TFTP module.
PAGE 97

Enhancements Release K.13.04 Enhancements If the IP address has not already been configured on the interface (VLAN), you will see the message shown in Figure 14. ProCurve# config ProCurve(config)# vlan 1 ProCurve(vlan-1)# ip bootp-gateway 10.10.10.1 The IP address 10.10.10.1 is not configured on this VLAN. Figure 14.
PAGE 98

Enhancements Release K.13.04 Enhancements Operating Notes ■ • If the configured BOOTP gateway address becomes invalid, DHCP relay agent returns to the default behavior (assigning the lowest-numbered IP address). • If you try to configure an IP address that is not assigned to that interface, the configuration will fail and the previously configured address (if there is one) or the default address is used.
PAGE 99

Enhancements Release K.13.04 Enhancements ProCurve(config)# int 3 ProCurve(eth-3)# rate-limit bcast in percent 50 ProCurve 3500(eth-3)# show rate-limit bcast Broadcast-Traffic Rate Limit Maximum % Port ----1 2 3 4 5 | + | | | | | Inbound Limit ------------Disabled Disabled 50 Disabled Disabled Mode --------Disabled Disabled % Disabled Disabled Radius Override --------------No-override No-override No-override No-override No-override Figure 1.
PAGE 100

Enhancements Release K.13.04 Enhancements ProCurve(eth-3)# no rate-limit mcast in ProCurve(eth-3)# show rate-limit mcast Multicast-Traffic Rate Limit Maximum % Port ----1 2 3 4 | + | | | | Inbound Limit ------------Disabled Disabled Disabled Disabled Mode --------Disabled Disabled Disabled Disabled Radius Override --------------No-override No-override No-override No-override Figure 3.
PAGE 101

Enhancements Release K.13.04 Enhancements For example, if the host “Labswitch” is in the domain abc.com, you can enter the following command and the destination is resolved to “Labswitch.abc.com”. ProCurve(config)# telnet Labswitch You can also enter the full domain name in the command: ProCurve(config)# telnet Labswitch.abc.com You can use the show telnet command to display the resolved IP address.
PAGE 102

Enhancements Release K.13.04 Enhancements Syntax: show modules [details] Displays information about the installed modules, including: • The slot in which the module is installed • The module description • The serial number • The System Support Module description, serial number, and status (8212zl only) Additionally, the part number (J number) and serial number of the chassis is displayed.
PAGE 103

Enhancements Release K.13.04 Enhancements Note On ProCurve 3500yl and 6200yl series switches, the mini-GBIC information does not display as the ports are fixed and not part of any module. ■ Enhancement (PR_ 0000000101) — This enhancement adds a vrrp option to the debug command. VRRP Option with Debug Command This enhancement adds a vrrp option to the debug command. This option turns on the tracing of the incoming and outgoing VRRP packets.
PAGE 104

Enhancements Release K.13.
PAGE 105

Enhancements Release K.13.05 through K.13.15 Enhancements : specify the source of the data. It can be tftp, xmodem, command, usb, or any of the following switch data files: • • • • • • • running-config startup-config crash-log [a|b|c|d|e|f|g|h|master] crash-data event-log flash command-output Note: When using command output, place the desired CLI command in double quotes, for example, “show system”. : specify the copy target.
PAGE 106

Enhancements Release K.13.16 Enhancements Syntax: console inactivity-timer If the console port has no activity for the number of minutes configured, the switch terminates the session. A value of zero indicates the inactivity timer is disabled. Default: 0 (zero) For example: ProCurve(config)# console inactivity-timer 20 ■ Enhancement (PR_1000780247) — This enhancement provides hpicf Download MIB support for transferring configuration files both to and from a TFTP server.
PAGE 107

Enhancements Release K.13.16 Enhancements Setting the Management Access Method—CLI Enter the following command to configure the management access method using the CLI. Syntax: [no] ip authorized-managers > access [manager | operator] access-method [all | ssh | telnet | web | snmp | tftp] [no] ipv6 authorized-managers access [manager | operator] access-method [all | ssh | telnet | web | snmp | tftp] Configures one or more authorized IP addresses.
PAGE 108

Enhancements Release K.13.16 Enhancements ProCurve 22-Apr-2008 20:17:53 ==========================- CONSOLE - MANAGER MODE -============================ Switch Configuration - IP Managers Authorized Manager IP ---------------------10.10.240.2 10.10.245.3 10.10.246.200 10.10.245.30 Actions-> Back Add IP Mask ---------------------255.255.255.255 255.255.255.255 255.255.255.255 255.255.255.
PAGE 109

Enhancements Release K.13.16 Enhancements Figure 9. Example of Configuring Authorized Manager Access Method in the Web Interface See “Using Authorized IP Managers” in the Access Security Guide for your switch for more information about authorized IP managers. ■ Enhancement (PR_0000000090) — This enhancement allows you to choose which information to display when you enter the show interfaces command.
PAGE 110

Enhancements Release K.13.16 Enhancements Syntax: show interfaces custom [port-list] column-list Select the information that you want to display.
PAGE 111

Enhancements Release K.13.16 Enhancements ProCurve(config)# show int custom 1-4 port name:4 type vlan intrusion speed enabled mdi Status and Counters - Custom Port Status Port ---1 2 3 4 Name ---------Acco Huma Deve Lab1 Type ---------100/1000T 100/1000T 100/1000T 100/1000T VLAN ----1 1 1 1 Intrusion Alert --------No No No No Speed ------1000FDx 1000FDx 1000FDx 1000FDx Enabled ------Yes Yes Yes Yes MDI-mode -------Auto Auto Auto Auto Figure 20.
PAGE 112

Enhancements Release K.13.16 Enhancements Note on Using Pattern Matching with the “Show Interfaces Custom” Command If you have included a pattern matching command to search for a field in the output of the show int custom command and the show int custom command produces an error, the error message may not be visible and the output is empty.
PAGE 113

Enhancements Release K.13.16 Enhancements Syntax: [no] interface monitor all mirror [no-tag-added] Assigns a mirroring source to a previously configured mirroring session on a source switch. It specifies the port, trunk, and/or mesh source to use, the direction of traffic to mirror, and the session identifier. Note: If configuring a mesh, designate it using the literal string “mesh”.
PAGE 114

Enhancements Release K.13.16 Enhancements ProCurve# show monitor 1 Network Monitoring Session: 1 Session Name: ACL: no ACL relationship exists Mirror Destination: Untagged traffic : Monitoring Sources -----------------Port: 3 48 untagged Direction --------Both Indicates the no-tag-added option is configured. Figure 23.
PAGE 115

Enhancements Release K.13.16 Enhancements SHOULD save the change to non-volatile storage.” DEFVAL { 2 } ::= { hpicfBridgeMirrorSessionEntry 2 } Operating Notes ■ • The specified port can be a physical port, a trunk port, or a mesh port. • Only a single logical port (physical port or trunk) can be associated with a mirror session when the no-tag-added option is specified. No other combination of ACL mirroring, VLAN mirroring, or port mirroring can be associated with the mirror session.
PAGE 116

Enhancements Release K.13.16 Enhancements • Web and MAC authentications are not allowed on the same port if unauthenticated VLAN (that is, a guest VLAN) is enabled for MAC authentication. An unauthenticated VLAN can’t be enabled for MAC authentication if Web and MAC authentication are both enabled on the port. • Hitless re-authentication must be of the same type (MAC) that was used for the initial authentication. Non-hitless re-authentication can be of any type.
PAGE 117

Enhancements Release K.13.16 Enhancements Syntax: [no] ip ssh [cipher ] Cipher types that can be used for connection by clients. Valid types are: • aes128-cbc • 3des-cbc • aes192-cbc • aes256-cbc • rijndael-cbc@lysator.liu.se • aes128-ctr • aes192-ctr • aes256-ctr Default: All cipher types are available. Use the no form of the command to disable a cipher type. ProCurve(config)# no ip ssh cipher 3des-cbc Figure 24.
PAGE 118

Enhancements Release K.13.16 Enhancements Table 1. RSA/DSA Values for Various ProCurve Switches Platform Maximum RSA Key Size (in bits) DSA Key Size (in bits) 5400/3500/6200/8200/2900 1024, 2048, 3072 Default: 2048 1024 2610 1024, 2048 Default: 1024 1024 Message Authentication Code (MAC) Support This enhancement allows configuration of the set of MACs that are available for selection. Syntax: [no] ip ssh [mac ] Allows configuration of the set of MACs that can be selected.
PAGE 119

Enhancements Release K.13.16 Enhancements ProCurve(config)# show ip ssh SSH Enabled TCP Port Number IP Version Host Key Type : : : : No 22 IPv4orIPv6 RSA Secure Copy Enabled : No Timeout (sec) : 120 Host Key Size : 1024 Ciphers : aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc, rijndael-cbc@lysator.liu.
PAGE 120

Enhancements Release K.13.17 Enhancements • debug • debug2 • debug3 Release K.13.17 Enhancements No enhancements; Bug fixes only. Release K.13.18 Enhancements Release K.13.18 includes the following enhancements: ■ Enhancement (PR_1000406763) — New commands were added to the CLI response to the show tech command. Release K.13.19 Enhancements Release K.13.
PAGE 121

Enhancements Release K.13.19 Enhancements Creates a shortcut alias name to use in place of a commonly used command. The alias command is executed from the current config context. name: Specifies the new command name to use to simplify keystrokes and aid memory. command: Specifies an existing command to be aliased. The command must be enclosed in quotes. Use the no form of the command to remove the alias.
PAGE 122

Enhancements Release K.13.19 Enhancements Note Remember to enclose the command being aliased in quotes. Command parameters for the aliased command can be added at the end of the alias command string. For example: ProCurve(config)# alias shoconfig “show config” ProCurve(config)# shoconfig status To change the command that is aliased, re-execute the alias name with new command options. The new options are used when the alias is executed.
PAGE 123

Enhancements Release K.13.19 Enhancements Note See the section “Command Differences for the ProCurve Series 2600/2800/3400cl/6400cl Switches” on page 113 for command differences on these switches. Adding a Description for a Syslog Server You can associate a user-friendly description with each of the IP addresses (IPv4 only) configured for syslog using the CLI or SNMP.
PAGE 124

Enhancements Release K.13.19 Enhancements Syntax: logging priority-descr no logging priority-descr Provides a user-friendly description for the combined filter values of severity and system module. If no description is entered, this is blank. If contains white space, use quotes around the string. Use the no form of the command to remove the description. Limit: 255 characters ProCurve(config)# logging priority-descr severe-pri Figure 11.
PAGE 125

Enhancements Release K.13.19 Enhancements ■ • If the default severity value is in effect, all messages that have severities greater than the default value are passed to syslog. For example, if the default severity is “debug”, all messages that have severities greater than debug are passed to syslog. • There is a limit of six syslog servers. All syslog servers are sent the same messages using the same filter parameters. • An error is generated for an attempt to add more than six syslog servers.
PAGE 126

Enhancements Release K.13.19 Enhancements • You can use up to three Web servers in your network to store and display customized Web pages for Web Authentication login. • To configure a Web server on your network, follow the instructions in the documentation provided with the server. • Before you enable custom Web Authentication pages, you should: Determine the IP address or host name of the Web server(s) that will host your custom pages.
PAGE 127

Enhancements Release K.13.19 Enhancements Customizable HTML Templates The sample HTML files described in the following sections are customizable templates. To help you create your own set HTML files, a set of the templates can be found on the download page for ‘K’ software. File Name Page index.html 116 accept.html 118 authen.html 119 reject_unauthvlan.html 120 timout.html 122 retry_login.html 123 sslredirect.html 124 rejectnovlan.html 126 User Login Page (index.html) Figure 12.
PAGE 128

Enhancements Release K.13.19 Enhancements User Login
User Login

In order to access this network, you must first log in.
PAGE 129

Enhancements Release K.13.19 Enhancements Access Granted Page (accept.html) Figure 14. Access Granted Page The accept.html file is the Web page used to confirm a valid client login. This Web page is displayed after a valid username and password are entered and accepted. The client device is then granted access to the network. To configure the VLAN used by authorized clients, specify a VLAN ID with the aaa port-access web-based auth-vid command parameter when you enable Web Authentication. The accept.
PAGE 130

Enhancements Release K.13.19 Enhancements Access Granted
Access Granted

You have been authenticated.
PAGE 131

Enhancements Release K.13.19 Enhancements The authen.html file is the Web page used to process a client login and is refreshed while user credentials are checked and verified. Authenticating
Authenticating...

Please wait while your credentials are verified.
PAGE 132

Enhancements Release K.13.19 Enhancements The reject_unauthvlan.html file is the Web page used to display login failures in which an unauthenticated client is assigned to the VLAN configured for unauthorized client sessions. You can configure the VLAN used by unauthorized clients with the aaa port-access web-based unauth-vid command when you enable Web Authentication.
PAGE 133

Enhancements Release K.13.19 Enhancements Timeout Page (timeout.html) Figure 20. Timeout Page The timeout.html file is the Web page used to return an error message if the RADIUS server is not reachable. You can configure the time period (in seconds) that the switch waits for a response from the RADIUS server used to verify client credentials with the aaa port-access web-based server-timeout command when you enable Web Authentication.
PAGE 134

Enhancements Release K.13.19 Enhancements Retry Login Page (retry_login.html) Figure 22. Retry Login Page The retry_login.html file is the Web page displayed to a client that has entered an invalid username and/or password, and is given another opportunity to log in. The WAUTHRETRIESLEFTGET ESI displays the number of login retries that remain for a client that entered invalid login credentials.
PAGE 135

Enhancements Release K.13.19 Enhancements Invalid Credentials
Invalid Credentials

Your credentials were not accepted. You have retries left. Please try again.
Figure 23.
PAGE 136

Enhancements Release K.13.19 Enhancements The sslredirect file is the Web page displayed when a client is redirected to an SSL server to enter credentials for Web Authentication. If you have enabled SSL on the switch, you can enable secure SSL-based Web Authentication by entering the aaa port-access web-based ssl-login command when you enable Web Authentication. The WAUTHSSLSRVGET ESI inserts the URL that redirects a client to an SSL-enabled port on a server to verify the client’s username and password.
PAGE 137

Enhancements Release K.13.19 Enhancements Access Denied Page (reject_novlan.html) Figure 26. Access Denied Page The reject_novlan file is the Web page displayed after a client login fails and no VLAN is configured for unauthorized clients. The WAUTHQUIETTIMEGET ESI inserts the time period used to block an unauthorized client from attempting another login.
PAGE 138

Enhancements Release K.13.19 Enhancements Access Denied
Access Denied

Your credentials were not accepted. Please wait seconds to retry.
PAGE 139

Enhancements Release K.13.
PAGE 140

Enhancements Release K.13.19 Enhancements show port-access web-based config Syntax: show port-access web-based config [] Displays the currently configured Web Authentication settings for all ports or specified ports, including web-specific settings for password retries, SSL login status, and a redirect URL, if specified. ProCurve Switch (config)# show port-access web-based 47 config Port Access Web-Based Configuration DHCP Base Address : 192.168.0.0 DHCP Subnet Mask : 255.255.255.
PAGE 141

Enhancements Release K.13.19 Enhancements Protection Against IP Source Address Spoofing Many network attacks occur when an attacker injects packets with forged IP source addresses into the network. Also, some network services use the IP source address as a component in their authentication schemes. For example, the BSD “r” protocols (rlogin, rcp, rsh) rely on the IP source address for packet authentication. SNMPv1 and SNMPv2c also frequently use authorized IP address lists to limit management access.
PAGE 142

Enhancements Release K.13.19 Enhancements Prerequisite: DHCP Snooping Dynamic IP lockdown requires that you enable DHCP snooping as a prerequisite for its operation on ports and VLAN traffic: • Dynamic IP lockdown only enables traffic for clients whose leased IP addresses are already stored in the lease database created by DHCP snooping or added through a static configuration of an IP-to-MAC binding.
PAGE 143

Enhancements Release K.13.19 Enhancements In this example, the following DHCP leases have been learned by DHCP snooping on port 5. VLANs 2 and 5 are enabled for DHCP snooping. IP Address MAC Address VLAN ID 10.0.8.5 001122-334455 2 10.0.8.7 001122-334477 2 10.0.10.3 001122-334433 5 Figure 28. Sample DHCP Snooping Entries The following example shows an IP-to-MAC address and VLAN binding that have been statically configured in the lease database on port 5. IP Address MAC Address VLAN ID 10.
PAGE 144

Enhancements Release K.13.19 Enhancements Enabling Dynamic IP Lockdown To enable dynamic IP lockdown on all ports or specified ports, enter the ip source-lockdown command at the global configuration level. Use the no form of the command to disable dynamic IP lockdown. Syntax: [no] ip source-lockdown [port-list] Enables dynamic IP lockdown globally on all ports or on specified ports on the routing switch.
PAGE 145

Enhancements Release K.13.19 Enhancements • Remove the trusted-port configuration. ■ You can configure dynamic IP lockdown only from the CLI; this feature cannot be configured from the Web management or menu interface. ■ If you enable dynamic IP lockdown on a port, you cannot add the port to a trunk. ■ Dynamic IP lockdown must be removed from a trunk before the trunk is removed.
PAGE 146

Enhancements Release K.13.19 Enhancements Adding a Static Binding To add the static configuration of an IP-to-MAC binding for a port to the lease database, enter the ip source-binding command at the global configuration level. Use the no form of the command to remove the IP-to-MAC binding from the database.
PAGE 147

Enhancements Release K.13.19 Enhancements An example of the show ip source-lockdown status command output is shown in Figure 31. Note that the operational status of all switch ports is displayed. This information indicates whether or not dynamic IP lockdown is supported on a port.
PAGE 148

Enhancements Release K.13.19 Enhancements ProCurve(config)# show ip source-lockdown bindings Dynamic IP Lockdown (DIPLD) Bindings Mac Address ----------001122-334455 005544-332211 . . . . . . . . Figure 32. IP Address VLAN Port -----------------10.10.10.1 1111 X11 10.10.10.2 2222 Trk11 . . . . . . . . . . . . . . . . Not in HW --------YES . . .
PAGE 149

Enhancements Release K.13.20 Enhancements ProCurve(config)# debug dynamic-ip-lockdown DIPLD (PORT DIPLD (PORT DIPLD (PORT DIPLD (PORT DIPLD (PORT DIPLD (PORT DIPLD (PORT DIPLD (PORT DIPLD (PORT DIPLD (PORT DIPLD (PORT DIPLD (PORT DIPLD (PORT 01/01/90 00:01:25 4) -> 192.168.2.1 01/01/90 00:06:25 4) -> 192.168.2.1 01/01/90 00:11:25 4) -> 192.168.2.1 01/01/90 00:16:25 4) -> 192.168.2.1 01/01/90 00:21:25 4) -> 192.168.2.1 01/01/90 00:26:25 4) -> 192.168.2.1 01/01/90 00:31:25 4) -> 192.168.2.
PAGE 150

Enhancements Release K.13.21 Enhancements Release K.13.21 Enhancements No enhancements; Bug fixes only. Release K.13.22 Enhancements No enhancements; Bug fixes only. Release K.13.23 Enhancements No enhancements; Bug fixes only. Release K.13.24 through K.13.25 Enhancements No enhancements; Bug fixes only. Release K.13.26 through K.13.39 Enhancements No enhancements; Software never built. Release K.13.40 Enhancements Release K.13.
PAGE 151

Enhancements Release K.13.40 Enhancements disabled (1), active (2), passive (3) } ACCESS read-write STATUS mandatory DESCRIPTION “Used to set administrative status of LACP on all the ports. A Port can have one of the three administrative status of LACP. Active/Passive/Disabled are the three states.
PAGE 152

Enhancements Release K.13.40 Enhancements SNMP displays the counter and statistics totals accumulated since the last reboot; it is not affected by the clear statistics global command or the clear statistics command. An SNMP trap is sent whenever the statistics are cleared. Note The clearing of statistics cannot be uncleared. ■ Enhancement (PR_0000003718) — The MAC Lockout limit was increased.
PAGE 153

Enhancements Release K.13.40 Enhancements Adding a Description for a Syslog Server You can associate a user-friendly description with each of the IP addresses (IPv4 only) configured for syslog using the CLI or SNMP. The CLI command is: Syntax: logging control-descr ] no logging [control-descr] An optional user-friendly description that can be associated with a server IP address. If no description is entered, this is blank.
PAGE 154

Enhancements Release K.13.41 Enhancements ProCurve(config)# logging priority-descr severe-pri Figure 35. Example of the Logging Command with a Priority Description Note A notification is sent to the SNMP agent if there are any changes to the syslog parameters either through the CLI or with SNMP. Operating Notes • Duplicate IP addresses are not stored in the list of syslog servers.
PAGE 155

Enhancements Release K.13.44 Enhancements Release K.13.44 Enhancements No enhancements; Bug fixes only. (Not a public release) Release K.13.45 Enhancements The following problems were resolved in release K.13.45. ■ Enhancement (PR_0000010783) — Support was added for the following products. J9099B - ProCurve 100-BX-D SFP-LC Transceiver J9100B - ProCurve 100-BX-U SFP-LC Transceiver J9142B - ProCurve 1000-BX-D SFP-LC Mini-GBIC J9143B – ProCurve 1000-BX-U SFP-LC Mini-GBIC Release K.13.46 through K.13.
PAGE 156

Software Fixes in Release K.11.12 - K.13.49 Release K.11.12 Software Fixes in Release K.11.12 - K.13.49 Software fixes are listed in chronological order, oldest to newest. Unless otherwise noted, each new release includes the software fixes added in all previous releases. Release K.11.11 was the first production software release for the ProCurve 3500yl, 6200yl, and 5400zl Series switches. Release K.11.69 is the last release of the K.11.xx software.
PAGE 157

Software Fixes in Release K.11.12 - K.13.49 Release K.11.13 ■ MSTP Enhancement (PR_1000310463) — Implementation of legacy path cost MIB and CLI option for MSTP. ■ RSTP (PR_1000307278) — Replacing an 802.1D bridge device with an end node (non-STP device) on the same Switch port, can result in the RSTP Switch sending TCNs. ■ Web UI (PR_1000303371) — In the Web User Interface, the QOS Device Priority window scroll bar does not allow sufficient scrolling to view all entries.
PAGE 158

Software Fixes in Release K.11.12 - K.13.49 Release K.11.16 ■ CLI (PR_1000315256) — Inconsistent error message, "Resource unavailable," when configuring more than the maximum number of allowed static IP routes. ■ Crash (PR_1000322009)— The Switch may crash with a message similar to: Software exception in ISR at queues.c:123. ■ Menu (PR_1000318531) — When using the Menu interface, the Switch hostname may be displayed incorrectly. Release K.11.16 The following problems were resolved in release K.11.
PAGE 159

Software Fixes in Release K.11.12 - K.13.49 Release K.11.32 Software exception at ldbal_cost.c:1577 -- in 'eDrvPoll', task ID = 0x1760650-> ASSERT: failed. ■ Crash (PR_1000314305) — The switch may crash with a message similar to: Software exception at ipamMApi.c:1592/1594 -- in 'eRouteCtrl' ■ Crash (PR_1000323759) — The Switch may crash with a message similar to: TLB Miss: Virtual Addr=0x00000185 IP=0x8027ae04 Task='mLACPCtrl' Task ID=0x81597410 fp:0x00000000 sp:0x815972d0 ra:0x8027aa90 sr:0x1000fc01.
PAGE 160

Software Fixes in Release K.11.12 - K.13.49 Release K.11.32 ■ Crash (PR_1000335430) — The Switch may crash with a message similar to: "Cam range reservation error" crash at aqSlaveRanges.c:172. ■ Event Log (PR_1000308669) — After a Switch reset, the event log does not display correct information. ■ Event Log (PR_1000310958) — Unsupported modules do not produce an event log message in the Switch. ■ Fault LED (PR_1000314005) — Upon a fan fault, the fault LED does not indicate an error.
PAGE 161

Software Fixes in Release K.11.12 - K.13.49 Release K.11.33 ■ Module (PR_1000330312) — Booting up the Switch with an unsupported module installed may cause all existing modules to fail. ■ MSTP Enhancement (PR_1000331792) — Implementation of Spanning-tree BPDU Filter and SNMP Traps. ■ Power Supply (PR_1000310159) — After power supply failovers, the Switch incorrectly reports power being available on ports that are actually powered down.
PAGE 162

Software Fixes in Release K.11.12 - K.13.49 Release K.11.34 "Software exception at alloc_free.c:422 -- in 'eDrvPoll'...-> No msg buffer", when Switch is configured for ACL logging. ■ Module J8705A (PR_1000336281) — The Switch 5400zl 20P 10/100/1000 + 4 mini GBIC module (J8705A) may stop forwarding packets. Release K.11.34 The following problems were resolved in release K.11.
PAGE 163

Software Fixes in Release K.11.12 - K.13.49 Release K.11.36 ■ MIB (PR_1000307831) — The MIB value for ipAddrTable is not populated. ■ RIP (PR_1000331536) — RIP does not send a route poison update in response to a failed route. ■ Show tech (PR_1000294072) — Show Tech statistics displays incorrect port names for fixed ports. Release K.11.36 The following problems were resolved in release K.11.
PAGE 164

Software Fixes in Release K.11.12 - K.13.49 Release K.11.40 Software Exception at rt_table.c.758 -- in 'eRouteCtrl', task ID = 0x8a d6b30 -> Routing Task: Route Destinations exceeded Release K.11.40 The following problems were resolved in release K.11.40 (not a general release) ■ CLI (PR_1000353548) — Use of the command show span incorrectly displays an error, "STP version was changed. To activate the change you must save the configuration to flash and reboot the device.
PAGE 165

Software Fixes in Release K.11.12 - K.13.49 Release K.11.44 The following problems were resolved in release K.11.43 (not a general release) ■ Crash (PR_1000307842) — When deleting/removing CLI ACLs, IDM ACLs, management VLAN, or virus throttle lockouts, switch crashes with error similar to: "Delete virtual meter with nonzero rule RefCount". ■ Crash (PR_1000334982) — When Web authentication is used with open VLANs, a software exception may occur, with the switch reporting something similar to this.
PAGE 166

Software Fixes in Release K.11.12 - K.13.49 Release K.11.47 Release K.11.47 The following problems were resolved in release K.11.47 (not a general release) ■ Management VLAN (PR_1000299387) — The management VLAN does not allow connectivity from valid addresses. ■ SNMP (PR_1000358129) — The command line interface (CLI) becomes unresponsive after running RMON traps code. Release K.11.48 The following problems were resolved in release K.11.
PAGE 167

Software Fixes in Release K.11.12 - K.13.49 Release K.11.61 ■ sFlow (PR_1000361604) — Changed the maximum sFlow skipcount to 24 bits. Release K.11.61 Versions K.11.50 through K.11.59 were never built. Version K.11.60 was never released. The following problems were resolved in release K.11.61 (not a general release) ■ 802.1X (PR_1000367404) — Increased the maximum number of 802.1X users per port to 32.
PAGE 168

Software Fixes in Release K.11.12 - K.13.49 Release K.11.63 Release K.11.63 The following problems were resolved in release K.11.63 ■ 802.1p QoS (PR_1000368188) — 802.1p prioritization may not work once a trunk is enabled on a module, unless the user issues the commands "qos type-of service ip-precedence" or "qos type-of service diff-services". ■ Crash (PR_1000368540) — The switch may crash with a message similar to: Software exception at parser.
PAGE 169

Software Fixes in Release K.11.12 - K.13.49 Release K.11.65 Release K.11.65 The following problems were resolved in release K.11.65 (not a general release) ■ Alarms/Log (PR_1000371908) — The ambient temperature measured by the 5406zl chassis is 4 degrees C too high, causing the generation of false high temperature alarms. ■ CLI (PR_1000377318) — The output from the CLI command, 'show dhcp-relay' is truncated.
PAGE 170

Software Fixes in Release K.11.12 - K.13.49 Release K.11.67 ■ Web/RADIUS (PR_1000368520) — Web Authentication doesn't authenticate clients due to a failure to send RADIUS requests to the configured server. ■ WebUI (PR_1000371598) — Unable to Access Stack Members through Commander WebUI. Use of the WebUI "stack access" drop-down list on the stacking commander returns a "Page not found" error. Release K.11.67 The following problems were resolved in release K.11.
PAGE 171

Software Fixes in Release K.11.12 - K.13.49 Release K.11.69 Release K.11.69 The following problems were resolved in release K.11.69 ■ Routing (PR_1000392086) — The switch learns a bogus MAC address when the next hop address is unknown, causing the switch to stop forwarding traffic. Release K.11.69 is the last release of the K.11.xx software. The 3500yl, 6200yl, and 5400zl switch series software code was rolled to the K.12.0x code branch with no intervening releases. Release K.12.
PAGE 172

Software Fixes in Release K.11.12 - K.13.49 Release K.12.02 ■ Enhancement (PR_1000298920) — A ping request issued to a VLAN which is down will now return a more specific message; instead of "request timed out", the message "The destination address is unreachable" will be displayed. ■ Enhancement (PR_1000373226) — Support was added for the ProCurve 100-FX SFP-LC Transceiver (J9054B).
PAGE 173

Software Fixes in Release K.11.12 - K.13.49 Release K.12.03 ■ Crash (PR_1000392863) — Switch may crash when setmib tcpConnState is used, with a message similar to: NMI event SW:IP=0x0079f4a0 MSR:0x00029210 LR:0x006dca60 Task='eTelnetd' Task ID=0x8a7cbb0 cr: 0x20000042 sp:0x08a7c870 ■ Daylight savings (PR_1000364740) — Due to the passage of the Energy Policy Act of 2005, Pub. L. no.
PAGE 174

Software Fixes in Release K.11.12 - K.13.49 Release K.12.04 ■ Enhancement (PR_1000398393) — For the interface speed-duplex command, added the auto-10-100 configuration option to constrain a link to 10/100 Mbps speed and allow a more rapid linkup process when 1000 Mbps operation is not possible. ■ Enhancement (PR_1000404544) — Provides TCP/UDP port range prioritization in the qos command; the range option assigns an 802.
PAGE 175

Software Fixes in Release K.11.12 - K.13.49 Release K.12.05 Release K.12.05 The following problems were resolved in release K.12.05. ■ BootROM (PR_1000402707) — BootROM does not update to latest version when updating code to primary flash. ■ CLI (PR_1000309998) — Management module is incorrectly displayed as J8627A rather than the correct J8726A product number in response to the show modules command. ■ Enhancement (PR_1000408960) — RADIUS-Assigned GVRP VLANs enhancement.
PAGE 176

Software Fixes in Release K.11.12 - K.13.49 Release K.12.08 Release K.12.08 Software never released. ■ Enhancement (PR_1000413764) — Increase the size of the sysLocation and sysContact entries from 48 to 255 characters. For more information, see “Release K.12.08 Enhancements” on page 57. Release K.12.09 The following problem was resolved in release K.12.09 (Not a general release).
PAGE 177

Software Fixes in Release K.11.12 - K.13.49 Release K.12.11 ■ SNMP (PR_1000374893) — When retrieving the switch serial number via SNMP, the management module serial number is returned instead of the chassis serial number. ■ SNMP (PR_1000422129) — HP Fault Finder doesn't send the interface index with the SNMP trap, even though it is listed in the system log. Release K.12.11 Software never released. Release K.12.12 The following problems were resolved in release K.12.12 (Not a general release).
PAGE 178

Software Fixes in Release K.11.12 - K.13.49 Release K.12.15 ■ Hotswap (PR_1000422714) — Hotswapping a module may result in a false module self-test failure.
PAGE 179

Software Fixes in Release K.11.12 - K.13.49 Release K.12.16 ■ Rate-Limiting (PR_1000420720) — Rate limiting is broken beyond 9.5 Mbps. For any rate limit set to more than 9.5 Mbps, the actual rate drops to 1 Mbps. Release K.12.16 The following problems were resolved in release K.12.16.
PAGE 180

Software Fixes in Release K.11.12 - K.13.49 Release K.12.18 Release K.12.18 The following problems were resolved in release K.12.18. ■ CLI (PR_1000419379) — The “interface” command does not exist in the VLAN context, resulting in an inability to shift to the interface configuration context directly from the VLAN context. ■ Hang (PR_1000434809) — The switch may hang, causing all the port LEDs to remain lit, and stop transmitting traffic.
PAGE 181

Software Fixes in Release K.11.12 - K.13.49 Release K.12.20 ■ 10-GbE Log (PR_1000424384) — The switch is not checking for the presence of the J8694A ProCurve yl 10G X2-CX4 module early enough in the boot process, triggering a log message when the check is executed. Release K.12.20 The following problems were resolved in release K.12.20 (Never released.) Release K.12.21 The following problems were resolved in release K.12.21 (never released).
PAGE 182

Software Fixes in Release K.11.12 - K.13.49 Release K.12.22 ■ Routing (PR_1000432449) — If the switch is configured with both port security and routing, a physical port transition on the host may cause the switch to stop transmitting routed traffic to that host. Clearing the ARP cache resolves this problem until another port transition occurs.
PAGE 183

Software Fixes in Release K.11.12 - K.13.49 Release K.12.24 ■ MSTP (PR_1000439775) — The switch generates a topology change when a port goes off-line. With MSTP enabled and all ports left at default (auto-edge-port), when a port transitions to offline, a TC will be generated, and the topology change counter increases. ■ Multicast (PR_1000436118) — Multicast forwarding with IGMP is slow and causes an unacceptable delay in servicing.
PAGE 184

Software Fixes in Release K.11.12 - K.13.49 Release K.12.26 through K.12.29 Release K.12.26 through K.12.29 Software never built. Release K.12.30 Software never released. Release K.12.31 The following problems were resolved in release K.12.31. ■ Enhancement — Support for the following ProCurve product was added. J9091A / J8715A (bundle) for the ProCurve switch 8212zl Release K.12.32 Never released. The following problems were resolved in build K.12.32. ■ Enhancement — Merged all of the K.12.
PAGE 185

Software Fixes in Release K.11.12 - K.13.49 Release K.12.44 Release K.12.44 Not a general release. ■ Enhancement (PR_1000457691) — This enhancement allows the mapping of all theoretically available VLAN IDs (1-4094) to an MSTP instance, even if some of the VLANs are not currently configured on the switch. For more information, see “Release K.12.44 Enhancements” on page 65. ■ Enhancement (PR_1000457868) — Local Proxy ARP enhancement. For more information, see “Release K.12.44 Enhancements” on page 65.
PAGE 186

Software Fixes in Release K.11.12 - K.13.49 Release K.12.46 ■ SNMP (PR_1000444744) — An snmp set of hpicfDot1xPaePortauth or an snmp set hpicfDot1xPaePortSupp of an invalid value may cause the switch to crash with a message similar to the following: ASSERT at aaa8021x_dyn_reconfig.c. ■ SSH (PR_1000461002) — Issue with authentication when SSH is configured. Release K.12.46 The following problems were resolved in build K.12.46. (Never Released.
PAGE 187

Software Fixes in Release K.11.12 - K.13.49 Release K.12.48 Release K.12.48 The following problems were resolved in release K.12.48. ■ Enhancement Removed (PR_1000470136) — Removal of the enhancement that allows the mapping of all theoretically available VLAN IDs (1-4094) to an MSTP instance, even if some of the VLANs are not currently configured on the switch. The initial implementation of this enhancement did not allow smooth migration of pre-existing MSTP configurations.
PAGE 188

Software Fixes in Release K.11.12 - K.13.49 Release K.12.52 ■ Routing (PR_1000424308) — A static route that points to a deleted VLAN may cause other routing table errors. ■ CLI (PR_1000473468) — Removing a VLAN range from an MSTP instance (e.g., no spanning-tree instance 2 vlan 10-20) fails to delete the VLANs. Listing individually the VLANs desired for deletion will correctly remove the VLANs. Release K.12.52 The following problems were resolved in release K.12.52 (never released).
PAGE 189

Software Fixes in Release K.11.12 - K.13.49 Release K.12.54 Release K.12.54 The following problems were resolved in release K.12.54. ■ Connection Rate Filter (PR_1000440871) — Some types of traffic could result in connection rate filtering (CRF) that blocks the switch management IP address. ■ Connection Rate Filter (PR_1000716601) — Connection Rate Filtering does not remove throttled entries when filtering is disabled. The throttled host remains permanently blocked.
PAGE 190

Software Fixes in Release K.11.12 - K.13.49 Release K.12.55 Release K.12.55 The following problems were resolved in release K.12.55 (never released). ■ DARPP (PR_1000736402) — The last port on the switch will not be initialized with Dynamic ARP Protection (DARPP) characteristics if the last two ports are DARPP configured. For example, if the switch has 24 ports and ports 23 and 24 have DARPP characteristics, the DARPP characteristics for port 24 will not be initialized.
PAGE 191

Software Fixes in Release K.11.12 - K.13.49 Release K.12.57 3) The SSH client application does not get a command prompt (or equivalent) back from the switch until the OS is verified and burned to flash. 4) The show flash command incorrectly shows an OS image present in flash before the OS has completely copied to flash.
PAGE 192

Software Fixes in Release K.11.12 - K.13.49 Release K.13.02 Release K.13.02 The following problems were resolved in release K.13.02. ■ Enhancement (PR_1000458124) — VRRP Preemptive Delay Timer. For more information, see “Release K.13.02 Enhancements” on page 71. ■ CLI (PR_1000307590) — Tab-help error in the spanning-tree instance vlan command context. ■ CLI (PR_1000330684) — Help text in the spanning-tree context was updated.
PAGE 193

Software Fixes in Release K.11.12 - K.13.49 Release K.13.03 ■ CLI (PR_1000455370) — Commands that display portmaps may yield corrupted output. For example, a single port may be displayed as a port range. ■ RIP (PR_1000751858) — Some static routes may not be correctly distributed by RIPv1 or RIPv2. ■ PIM (PR_1000714322) — A new multicast stream may not get forwarded by the switch.
PAGE 194

Software Fixes in Release K.11.12 - K.13.49 Release K.13.04 ■ Crash (PR_1000763409) — When entering and deleting ACLs, the switch may crash with a message similar to: PPC Data Storage (Bus Error) exception vector 0x300: Stack Frame=0x087a1ba8 HW Addr=0x1f89d420 IP=0x005e62e0 Task=’mSess2’ Task ID=0x87a3cd0.fp: 0x00000005 sp:0x087a1c68 lr:0x005e6340. ■ DHCP Relay (PR_1000751623) — If the IP address on a VLAN interface is changed, any previously configured IP Helper address stops working. Release K.13.
PAGE 195

Software Fixes in Release K.11.12 - K.13.49 Release K.13.04 ■ Enhancement (PR_ 0000000081) — The CLI clear module command allows you to remove module configuration information from the configuration file. For more information, see “Release K.13.04 Enhancements” on page 76. ■ Enhancement (PR_ 0000000082) — The CLI track interface command allows you to configure tracking for a port or list of ports, or a trunk or list of trunks. For more information, see “Release K.13.04 Enhancements” on page 76.
PAGE 196

Software Fixes in Release K.11.12 - K.13.49 Release K.13.04 ■ 185 CLI (PR_0000000476) — Various CLI parameters are rejected by the switch as invalid when the administrator is trying to configure ports of transceivers/modules that have not yet been inserted into the switch. Affected commands include ip source-binding; interface power; interface unknown-vlans block; output from the command, show vlans; interface monitor; and mirror port .
PAGE 197

Software Fixes in Release K.11.12 - K.13.49 Release K.13.05 Release K.13.05 The following problems were resolved in release K.13.05 (not a public release). ■ Link/Config (PR_1000771549) — On a ProCurve 3500yl Series Switch, a link will not come up after configuring the port mode from MDI to AUTOMDIX (on one side of the link). ■ Static Route/Config (PR_1000785177) — The VLAN ID for the static route configuration is changed from its original value after updating from K.12.xx to K.13.03.
PAGE 198

Software Fixes in Release K.11.12 - K.13.49 Release K.13.06 ■ UDLD (PR_0000001433) — After the switch is rebooted, UDLD may continue to keep switch ports in a blocked state. ■ VLAN Mirroring/Config (PR_0000001240) — The VLAN Mirroring configuration is changed from its original value after updating from K.12.xx to K.13.03. ■ Bootup/Flash (PR_1000785118) — During the write-to-flash process, the OS file may become truncated if the switch is interrupted (by crash or power outage, for example).
PAGE 199

Software Fixes in Release K.11.12 - K.13.49 Release K.13.
PAGE 200

Software Fixes in Release K.11.12 - K.13.49 Release K.13.09 Release K.13.09 The following problems were resolved in release K.13.09. ■ Crash (PR_0000001689a) — A switch running software version K.13.04 or higher may crash during configuration of broadcast rate limiting. Event log messages may be similar to the following.
PAGE 201

Software Fixes in Release K.11.12 - K.13.49 Release K.13.11 ■ RADIUS/Jumbo (PR_ 1000779048) — When an 802.1X-enabled port belongs to a VLAN that is jumbo enabled, the Access-Request will specify a value of Framed-MTU of 9182 bytes. When the RADIUS server replies with a large frame, the switch does not respond, causing the authentication process to halt. ■ RADIUS (0000001164) — The switch drops RADIUS messages with EAP-packets larger than 1496 bytes.
PAGE 202

Software Fixes in Release K.11.12 - K.13.49 Release K.13.12 ■ 802.1X (PR_0000002036) — 802.1X with Funk Steel Belted RADIUS server causes the switch to fail to assign the VLAN that it was sent with the "Tunnel-Private-Group-Id" parameter. ■ Module Selftest (PR 0000001273) — After a reboot, ports 1-24 or ports 25-48 on the ProCurve 3500yl, or ports 1-24 on the 6200yl switches, may become unresponsive followed by green and amber port LEDs remaining lit. The ports recover automatically.
PAGE 203

Software Fixes in Release K.11.12 - K.13.49 Release K.13.13 .iso.org.dod.internet.mgmt.mib2.entityMIB.entityMIBObjects.entityPhysical.entPhysicalTable.entPhys calEntry.entPhysicalSerialNum .iso.org.dod.internet.mgmt.mib2.entityMIB.entityMIBObjects.entityPhysical.entPhysicalTable.entPhys calEntry.entPhysicalModelName Release K.13.13 The following problems were resolved in release K.13.13 (never released). ■ 802.1X (PR_1000446227) — Switch 802.
PAGE 204

Software Fixes in Release K.11.12 - K.13.49 Release K.13.15 Release K.13.15 The following problems were resolved in release K.13.15 (never released). No enhancements; No bug fixes. Release K.13.16 The following problems were resolved in release K.13.16 (not a public release). ■ Enhancement (PR_0000001641) — This enhancement allows the user to set the console inactivity time out without reboot. For more information, see “Release K.13.16 Enhancements” on page 94.
PAGE 205

Software Fixes in Release K.11.12 - K.13.49 Release K.13.17 A new configuration option provides the ability to configure which MACs a client is permitted to use; Feedback information; and, SSH CLI show command information enhancements. For more information, see “Release K.13.16 Enhancements” on page 94. ■ Config (PR_0000000741) — When the rate limit for broadcast or multicast inbound is set to 0% (i.e.
PAGE 206

Software Fixes in Release K.11.12 - K.13.49 Release K.13.18 ■ SNMP (PR_1000761379) — When an SNMP get is used to gather statistics, the interface B1 on a J8702A module only updates its SNMP counters on every other query. ■ SNMP (PR_0000001807) — Use of a correctly configured third party utility to connect to the switch via SNMPv3 may result in the following event log message.
PAGE 207

Software Fixes in Release K.11.12 - K.13.49 Release K.13.19 ■ Wake-On-LAN (PR_0000004794) — Wake-On-LAN does not always work successfully. ■ IP Phone (PR_0000004803) — A tandem IP phone may stop talking to the switch after a connected PC login failure and reboot. ■ PIM-SM (PR_0000005219) — When the switch sends a “Register-Stop” message, it will use an incorrect source IP address in the packet header of the message.
PAGE 208

Software Fixes in Release K.11.12 - K.13.49 Release K.13.21 ■ X2 Transceivers (PR_0000004758) — Some ProCurve SR and ER X2-10GbE (J8436A, J8437A) transceivers have a timing issue that prevents the transceivers from being correctly identified either when hot swapped or during a cold boot. ■ LEDs (PR_0000005623) — Upon insertion of a removable transceiver – either X2 or SFP - the link LED fails to light for the 2 second-long indication of insertion confirmation.
PAGE 209

Software Fixes in Release K.11.12 - K.13.49 Release K.13.22 ■ Config (PR_1000781031) — When the valid port setting ‘auto-1000’ is configured for any 10/100/1000 interface in an external configuration file and the configuration file is copied to the switch, the system returns the port setting to the default value, changing ‘auto-1000’ to ‘auto.’ ■ CLI (PR_0000004687) — The CLI command ip access-list resequence does not accept a number for the ACL title as it should.
PAGE 210

Software Fixes in Release K.11.12 - K.13.49 Release K.13.24 ■ Authentication (PR_0000007209) — A PC behind a tandem IP phone is not able to authenticate. Release K.13.24 The following problems were resolved in release K.13.24 (not a public release). ■ OSPF (PR_0000006183a) — OSPF ECMP may drop up to 50% of the traffic destined for its next hop. This fix adds to that implemented in K.13.22 via the same PR.
PAGE 211

Software Fixes in Release K.11.12 - K.13.49 Release K.13.26 through K.13.39 ■ GVRP/RADIUS (PR_0000006051) — RADIUS-assigned VLANs are not propagated correctly in GVRP. Please see “Note: This fix is associated with some new switch behavior: ” for a description of the behavior change with this fix.
PAGE 212

Software Fixes in Release K.11.12 - K.13.49 Release K.13.41 Release K.13.41 The following problems were resolved in release K.13.41 (Not a public release). ■ AAA (PR_0000008409) — The CLI commands aaa authentication and aaa accounting return a resource unavailable error. ■ PCM (PR_0000008113) — Repeated ProCurve Manager Config Scans may trigger subsequent Config Scan failure. Release K.13.42 The following problems were resolved in release K.13.42 (Never released).
PAGE 213

Software Fixes in Release K.11.12 - K.13.49 Release K.13.43 ■ CLI (PR_0000004042) — The CLI command snmp-server response-source dst-ip-of-request does not work as expected when the destination IP address of the SNMP Request is the Loopback IP. The source IP address of the SNMP Response should be the destination IP of the SNMP Request, but instead the switch uses the IP address of the active interface from which the SNMP Response was sent.
PAGE 214

Software Fixes in Release K.11.12 - K.13.49 Release K.13.45 ■ CLI (PR_1000803731) — If the "|" character exists in the banner text of a configuration file downloaded via TFTP transfer, the banner text may become corrupted, or the TFTP transfer may fail with a corrupted download file error message. ■ Hang (PR_0000007806) — Using the CLI command no arp on ARP entries that do not exist may cause the switch to hang.
PAGE 215

Software Fixes in Release K.11.12 - K.13.49 Release K.13.46 J9143B – ProCurve 1000-BX-U SFP-LC Mini-GBIC For more information, see “Release K.13.45 Enhancements” on page 144. ■ Transceivers (PR_0000010525) — Intermittent self test failure may occur if transceivers are hot-swapped in and out of the switch in too short a time frame. Note that even with this fix, transceivers should always be allowed to initialize fully prior to removal and subsequent re-insertion.
PAGE 216

Software Fixes in Release K.11.12 - K.13.49 Release K.13.46 password operator sha-1 "lsadkjlkjfsd..." Example of what that line might look like after the fix: password operator sha0 "lsadkjlkjfsd...” No switch administrator intervention is required for the forward configuration translation to occur. Support Note: This fix has implications for rolling back the software.
PAGE 217

Software Fixes in Release K.11.12 - K.13.49 Release K.13.47 Release K.13.47 The following problems were resolved in release K.13.47. (Never released.) ■ OSPF ECMP (PR_0000004798) — Some IP subnets which are multiple hops away are not reachable from certain clients despite the presence of the target subnet in the switch routing table. Workaround: Initiate a traceroute from the switch to the client PC. Release K.13.48 The following problems were resolved in release K.13.48. (Never released.
PAGE 218

Software Fixes in Release K.11.12 - K.13.49 Release K.13.49 Release K.13.49 The following problems were resolved in release K.13.49. ■ 207 Auto-TFTP (PR_0000014646/0000013552) — Certain software file names may trigger auto-tftp to reload the same software file repeatedly.
PAGE 219

© 2006 - 2008 Hewlett-Packard Development Company, LP. The information contained herein is subject to change without notice.