User's Manual

ManualsBrandsHP ManualsSwitchHP Switch 9304M

advanced

configuration and

management guide

www.hp.com/go/hpprocurve

hp procurve routing switches

9304m, 9308m, and 6308m-sx

and the hp procurve switch

6208m-sx

(software release

6.6.

and 7.1.

Summary of content (710 pages)

PAGE 1
advanced configuration and management guide hp procurve routing switches 9304m, 9308m, and 6308m-sx and the hp procurve switch 6208m-sx (software release 6.6.x and 7.1.x) www.hp.
PAGE 2
Book 2: Advanced Configuration and Management Guide for the HP ProCurve Routing Switches 9304M, 9308M, 6308M-SX and the HP ProCurve Switch 6208M-SX (Software Releases 6.6.X and 7.1.
PAGE 3
Copyright 2000 Hewlett-Packard Company All rights reserved. Reproduction, adaptation or translation without prior written permission is prohibited, except as allowed under the copyright laws. Safety Considerations Prior to the installation and use of this product, review all safety markings and instructions. Instruction Manual Symbol.
PAGE 4
Organization of Product Documentation Read Me First The “Read Me First” document includes software release information, a brief “Getting Started” section, an accessory parts list, troubleshooting tips, operating notes, and other information that is not included elsewhere in the product documentation. NOTE: HP periodically updates Read Me First. The latest version is available at http://www.hp.com/go/hpprocurve. (Click on Technical Support, then Manuals.
PAGE 5
iv
PAGE 6
Contents GETTING STARTED...................................................................................... 1-1 INTRODUCTION ...........................................................................................................................................1-1 AUDIENCE ..................................................................................................................................................1-1 NOMENCLATURE ................................................................
PAGE 7
Advanced Configuration and Management Guide USAGE GUIDELINES FOR ACCESS CONTROL LISTS (ACLS) ..........................................................................3-2 ACL SUPPORT ON THE HP PRODUCTS .................................................................................................3-2 ACL IDS AND ENTRIES .........................................................................................................................3-2 DEFAULT ACL ACTION .........................................
PAGE 8
CONFIGURING ADVANCED FEATURES ........................................................................................................5-13 FAST PORT SPAN ...............................................................................................................................5-13 FAST UPLINK SPAN ............................................................................................................................5-15 SINGLE SPANNING TREE ........................................................
PAGE 9
Advanced Configuration and Management Guide CONFIGURING DOMAIN NAME SERVER (DNS) RESOLVER ....................................................................6-74 CHANGING THE TTL THRESHOLD ........................................................................................................6-76 CONFIGURING DHCP ASSIST .............................................................................................................6-76 DISPLAYING IP CONFIGURATION INFORMATION AND STATISTICS ................
PAGE 10
ENABLE ROUTE REDISTRIBUTION ........................................................................................................8-28 DISABLE OR RE-ENABLE LOAD SHARING .............................................................................................8-30 CONFIGURE EXTERNAL ROUTE SUMMARIZATION .................................................................................8-31 CONFIGURE DEFAULT ROUTE ORIGINATION ...............................................................................
PAGE 11
Advanced Configuration and Management Guide CONFIGURING GLOBAL PARAMETERS ..................................................................................................9-14 CONFIGURING PIM INTERFACE PARAMETERS ......................................................................................9-14 CONFIGURING PIM SPARSE GLOBAL PARAMETERS .............................................................................9-15 STATICALLY SPECIFYING THE RP ...................................................
PAGE 12
CHANGING THE KEEP ALIVE TIME AND HOLD TIME ............................................................................10-23 ENABLING FAST EXTERNAL FALLOVER ..............................................................................................10-24 CHANGING THE MAXIMUM NUMBER OF PATHS FOR BGP4 LOAD SHARING .........................................10-25 SPECIFYING A LIST OF NETWORKS TO ADVERTISE .............................................................................
PAGE 13
Advanced Configuration and Management Guide DYNAMICALLY REQUESTING A ROUTE REFRESH FROM A BGP4 NEIGHBOR ......................................10-114 CLOSING OR RESETTING A NEIGHBOR SESSION ..............................................................................10-116 REMOVING ROUTE FLAP DAMPENING ....................................................................................................10-117 CLEARING DIAGNOSTIC BUFFERS .....................................................................
PAGE 14
CONFIGURATION EXAMPLES ....................................................................................................................12-30 VRRP EXAMPLE ..............................................................................................................................12-30 VRRPE EXAMPLE ............................................................................................................................12-34 CONFIGURING SRP...........................................................
PAGE 15
Advanced Configuration and Management Guide DISPLAYING THE IPX FORWARDING CACHE .......................................................................................14-19 DISPLAYING THE IPX ROUTE TABLE ..................................................................................................14-20 DISPLAYING THE IPX SERVER TABLE ................................................................................................14-21 DISPLAYING IPX TRAFFIC STATISTICS ................................
PAGE 16
802.1P TAGGING ...............................................................................................................................16-5 SPANNING TREE PROTOCOL (STP) ....................................................................................................16-7 VIRTUAL INTERFACES .........................................................................................................................16-8 VLAN AND VIRTUAL INTERFACE GROUPS .................................................
PAGE 17
Advanced Configuration and Management Guide DISPLAYING SYSTEM-WIDE VLAN INFORMATION ...............................................................................16-57 DISPLAYING VLAN INFORMATION FOR SPECIFIC PORTS ....................................................................16-58 ROUTE HEALTH INJECTION ........................................................................ 17-1 CONFIGURATION EXAMPLE ..............................................................................................
PAGE 18
QUALITY-OF-SERVICE POLICIES ........................................................................................................... C-5 LAYER 3 POLICIES ............................................................................................................................... C-6 LAYER 4 POLICIES ............................................................................................................................... C-9 FILTERS ...............................................................
PAGE 19
Advanced Configuration and Management Guide xviii
PAGE 20
Chapter 1 Getting Started Introduction This guide describes how to install, configure, and monitor the following devices: • HP ProCurve Routing Switch 9308M • HP ProCurve Routing Switch 9304M • HP ProCurve Routing Switch 6308M-SX • HP ProCurve Switch 6208M-SX This guide also describes how to monitor these products using statistics and summary screens. Audience This guide assumes that you have a working knowledge of Layer 2 and Layer 3 switching and routing.
PAGE 21
Installation and Getting Started Guide Terminology The following table defines basic product terms used in this guide. Product Terms Term chassis Definition A switch or routing switch that accepts optional modules or power supplies. or Chassis device fixed-port device A device that contains a fixed configuration of ports, instead of swappable modules. The HP 6208M-SX switch and HP 6308M-SX routing switch are fixed-port devices.
PAGE 22
Getting Started method for electronically searching either individual chapters or an entire manual for specific topics. For a brief description of the CD contents and how to use the CD to save time, do the following: 1. Insert the CD in your PC’s CD-ROM drive. 2. Using the file manager in your PC, select the drive containing the CD and display the CD’s directory. 3. Use a compatible text editor to display the README.txt file in the CD’s root directory.
PAGE 23
Installation and Getting Started Guide • BGP4 re-advertises BGP routes even when OSPF or RIP routes to the same destination have a lower cost • Redistribution changes take place immediately • Option to redistribute Internal BGP (IBGP) routes into RIP and OSPF • Dynamic BGP4 route refresh • BGP4 route reflection updated to RFC 2796 • Change to route map processing of ACL or other filtering deny statements • Option to clear BGP4 neighbor sessions based on a specific Autonomous System (AS) number
PAGE 24
Getting Started • Super Aggregated VLANs • Support for simultaneous Telnet configuration by multiple users • New CLI command for displaying dynamic memory utilization • SNMP V2 view • Enhancement to show default values command • CLI enhancements to the startup-config and running-config files • Page display is configurable for individual CLI management sessions • CLI enhancement to display the idle time for open CLI sessions • New CLI command for displaying TACACS+ or RADIUS information •
PAGE 25
Installation and Getting Started Guide 1 - 6
PAGE 26
Chapter 2 Quality of Service (QoS) Software release 06.6.X provides the following enhancements to QoS on the HP 9304M, HP 9308M, and HP 6208M-SX routing switches. • You can choose between a strict queuing method and a weighted queuing method. • You can modify the minimum guaranteed percentage of bandwidth for each queue. • You can apply a QoS profile (one of the four queues) to 802.1q tagged VLAN packets.
PAGE 27
Advanced Configuration and Management Guide • You can classify packets and assign them to specific queues based on the following criteria: • Incoming port (sometimes called ingress port) • IP source and destination addresses • Layer 4 source and destination information (for all IP addresses or specific IP addresses) • Static MAC entry • AppleTalk socket number • Layer 2 port-based VLAN membership • 802.1q tag By default, all the traffic types listed above except the 802.
PAGE 28
Quality of Service (QoS) Queuing Methods In software release 06.6.X and higher, you can configure the device to use one of the following queuing methods: • Weighted – A weighted fair queuing algorithm is used to rotate service among the four queues. The rotation is based on the weights you assign to each queue. This is the default queuing method and uses a default set of queue weights.
PAGE 29
Advanced Configuration and Management Guide Configuring the Queues Each of the four queues has the following configurable parameters: • The queue name • The minimum percentage of a port’s outbound bandwidth guaranteed to the queue. Renaming the Queues The default queue names are qosp3, qosp2, qosp1, and qosp0. You can change one or more of the names if desired. To do so, use one of the following methods.
PAGE 30
Quality of Service (QoS) Changing the Minimum Bandwidth Percentages of the Queues If you are using the weighted fair queuing mechanism instead of the strict mechanism, you can change the weights for each queue by changing the minimum percentage of bandwidth you want each queue to guarantee for its traffic. By default, the four QoS queues receive the following minimum guaranteed percentages of a port’s total bandwidth. Queue Default Minimum Percentage of Bandwidth qosp3 80% qosp2 15% qosp1 3.
PAGE 31
Advanced Configuration and Management Guide The following table shows one full queue cycle using the default bandwidth percentages. qosp3 bandwidth % = 80 weight = 4 Total visits Total packets qosp2 bandwidth % = 15 weight = 3 Total visits Total packets 1 4 1 2 8 2 3 12 4 16 5 20 4 6 24 5 7 28 8 32 9 36 7 10 40 8 11 44 12 48 2 - 6 1 qosp1 bandwidth % = 3.3 weight = 2 Total visits Total packets qosp0 bandwidth % = 1.
PAGE 32
Quality of Service (QoS) Figure 2.1 illustrates a cycle through the queues. q3 q3 q0 q2 q3 q3 q3 q3 q3 q3 q3 q3 q3 q3 q2 q2 Begin here q3 q3 q3 q3 q3 q3 q3 q3 q2 q2 q3 q3 q3 q3 q3 q3 q3 q3 q2 q1 q3 q3 q3 q3 q3 q3 q3 q3 q2 q1 q3 q3 q3 q3 q3 q3 q3 q3 q2 q3 q3 q2 q3 q3 Queue 3: weight=4, minimum percentage=80% Queue 2: weight=3, minimum percentage=15% Queue 1: weight=2, minimum percentage=3.3% Queue 0: weight=1, minimum percentage=1.7% Figure 2.
PAGE 33
Advanced Configuration and Management Guide USING THE CLI To change the minimum guaranteed bandwidth percentages of the queues, enter commands such as the following. Note that this example uses the default queue names.
PAGE 34
Quality of Service (QoS) USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration dialog is displayed. 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3. Click on the plus sign next to QoS in the tree view to expand the list of QoS option links. 4. Click on the Profile link to display the QoS Profile configuration panel, as shown in the following figure.
PAGE 35
Advanced Configuration and Management Guide 7. Select the Save link at the bottom of the dialog, then select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. Resetting the Minimum Bandwidth Percentages to Their Defaults You can use either of the following CLI commands to reset the QoS queues to their default bandwidth percentages (and therefore to their default weights).
PAGE 36
Quality of Service (QoS) Assigning QoS Priorities to Traffic By default, traffic of the following categories is forwarded using the best-effort queue (qosp0): • Incoming port (sometimes called the ingress port) • Port-based VLAN membership • Static destination MAC entry • Layer 3 and Layer 4 information (IP and TCP/UDP source and destination information) • AppleTalk socket NOTE: Tagged VLAN traffic is placed in a queue corresponding to the 802.1p priority in the tag by default.
PAGE 37
Advanced Configuration and Management Guide USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration dialog is displayed. 2. Click on the Port link to display the Port table. 3. Scroll down to the port for which you want to change the QoS level, then click on the Modify button to the right of the port information to display the Port configuration panel, as shown in the following example. 4.
PAGE 38
Quality of Service (QoS) USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration dialog is displayed. 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3. Click on the plus sign next to VLAN in the tree view to expand the list of VLAN option links. 4. Click on the Port link to display the Port VLAN panel.
PAGE 39
Advanced Configuration and Management Guide Reassigning 802.1p Priorities to Different Queues Tagged priority applies to tagged packets that come in from tagged ports. These packets have a tag in the header that specifies the packet’s VLAN ID and its 802.1p priority tag value, which is 3 bits long. By default, an HP device interprets the prioritization information in the 3-bit priority tag as follows.
PAGE 40
Quality of Service (QoS) 4. Click on the Bind link to display the QoS 802.1p to QoS Profile Binding configuration panel, as shown in the following figure. 5. For each priority level, select the QoS queue to which you want to reassign the profile by selecting the queue name from the Profile field’s pulldown list. For example, to reassign priority 7 to QoS queue qosp0, select qosp0 from the Profile Name field’s pulldown list in the row for priority 7. 6.
PAGE 41
Advanced Configuration and Management Guide USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration dialog is displayed. 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3. Click on the plus sign next to QoS in the tree view to expand the list of QoS option links. 4. Click on the Bind link to display the QoS 802.
PAGE 42
Quality of Service (QoS) 4. Enter or edit the MAC address, if needed. Specify the address in the following format: xx-xx-xx-xx-xx-xx. 5. Change the VLAN number if needed by editing the value in the VLAN ID field. 6. Select the port number from the Slot (for Chassis devices) and Port pulldown lists. 7. Select a QoS level from 0 – 7 from the QoS field’s pulldown menu. 8.
PAGE 43
Advanced Configuration and Management Guide The parameter applies only if you use the tcp or udp parameter above. Use the parameter to specify the comparison condition for the specific TCP or UDP ports. For example, if you are configuring QoS for HTTP, specify tcp eq http. You can enter one of the following operators: • eq – The policy applies to the TCP or UDP port name or number you enter after eq.
PAGE 44
Quality of Service (QoS) Figure 2.2 and Figure 2.3 show the CLI syntax for configuring a Layer 4 QoS policy on an HP routing switch.
PAGE 45
Advanced Configuration and Management Guide continued from previous page udp eq gt bootpc | bootps | lt dns | tftp | neq ntp | radius | radius-old | rip | snmp | snmp-trap | range ip access-policy-group bootpc | bootps | bootpc | bootps | dns | tftp | dns | tftp | ntp | radius | ntp | radius | radius-old | rip | radius-old | rip | snmp | snmp-trap | snmp | snmp-trap | in out Figure 2.
PAGE 46
Quality of Service (QoS) Figure 2.4 shows the CLI syntax for configuring a QoS policy on an HP switch. The value “” means “carriage return”, also known as the Enter key. ip policy priority tcp bgp global dns local ftp http imap4 ldap nntp pop2 pop3 smtp ssl telnet udp bootpc global bootps local dns tftp ntp radius radius-old rip snmp snmp-trap ip-policy Figure 2.
PAGE 47
Advanced Configuration and Management Guide Routing Switch To assign a priority of 4 to all HTTP traffic on port 3/12 on an HP 9304M or HP 9308M routing switch, perform the following steps: 1. Log on to the device using a valid user name and password for read-write access. The System configuration dialog is displayed. 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3.
PAGE 48
Quality of Service (QoS) • ospf • tcp • udp In this example, enter tcp. 11. If you entered tcp or udp, you also can select one of the following comparison operators from the Operator field. • Equal – The policy applies to the TCP or UDP port name or number you enter in the TCP/UDP port field. In this example, select Equal. • Greater – The policy applies to TCP or UDP port numbers greater than the port number or the numeric equivalent of the port name you enter in the TCP/UDP port field.
PAGE 49
Advanced Configuration and Management Guide 17. Click the checkbox next to In Filter, Out Filter, or next to both options to indicate the traffic direction to which you are applying the policy. • The In Filter option applies the policy to packets received in the port. • The Out Filter option applies the policy to packets sent on the port. • If you select both, the policy applies to traffic in both directions. In this example, select Out Filter. 18. Enter the policy IDs in the Filter ID List field.
PAGE 50
Quality of Service (QoS) Assigning AppleTalk Sockets to Priority Queues By default, all AppleTalk sockets are in the best effort queue (qosp0). To assign an AppleTalk socket to a higher priority queue, use either of the following methods.
PAGE 51
Advanced Configuration and Management Guide Configuring a Utilization List for an Uplink Port You can configure uplink utilization lists that display the percentage of a given uplink port’s bandwidth that is used by a specific list of downlink ports. The percentages are based on 30-second intervals of RMON packet statistics for the ports. Both transmit and receive traffic is counted in each percentage.
PAGE 52
Quality of Service (QoS) 4. Click on the Relative Utilization link at the top of the panel to display the Port Uplink Relative Utilization panel, as shown in the following example: 5. Enter the ID for the link utilization list in the ID field. You can specify a number from 1 – 4. 6. Click the Select Uplink Port Members button. A Port Members panel similar to the following is displayed. 7. Select the boxes next to the ports you want to include in the uplink list.
PAGE 53
Advanced Configuration and Management Guide Displaying Utilization Percentages for an Uplink After you configure an uplink utilization list, you can display the list to observe the percentage of the uplink’s bandwidth that each of the downlink ports used during the most recent 30-second port statistics interval. The number of packets sent and received between the two ports is listed, as well as the ratio of each individual downlink port’s packets relative to the total number of packets on the uplink.
PAGE 54
Quality of Service (QoS) USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration dialog is displayed. 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3. Click on the Port link to display the Port Configuration panel. 4. Click on the Relative Utilization link at the top of the panel to display the Port Uplink Relative Utilization panel. 5.
PAGE 55
Advanced Configuration and Management Guide 2 - 30
PAGE 56
Chapter 3 Using Access Control Lists (ACLs) Access control lists (ACLs) enable you to permit or deny packets based on source and destination IP address, IP protocol information, or TCP or UDP protocol information. You can configure the following types of ACLs: • Standard – Permits or denies packets based on source IP address. Valid standard ACL IDs are 1 – 99 or a string. • Extended – Permits or denies packets based on source and destination IP address and also based on IP protocol information.
PAGE 57
Installation and Getting Started Guide • “Displaying the Log Entries” on page 3-23 • “Policy-Based Routing (PBR)” on page 3-24 Usage Guidelines for Access Control Lists (ACLs) This section provides some guidelines for implementing ACLs to ensure wire-speed ACL performance. For optimal ACL performance, use the following guidelines: • Apply ACLs to inbound traffic rather than outbound traffic. • Use the default filtering behavior as much as possible.
PAGE 58
Using Access Control Lists (ACLs) • ACL entry – An ACL entry is a filter command associated with an ACL ID. The maximum number of ACL entries you can configure is a system-wide parameter and depends on the device you are configuring. You can configure up to the maximum number of entries in any combination in different ACLs. The total number of entries in all ACLs cannot exceed the system maximum. NOTE: Up to 1024 entries are supported on routing switches.
PAGE 59
Installation and Getting Started Guide NOTE: The following sections describe how to configure ACLs using the HP device’s CLI. You also can create and modify ACLs using a text editor on a file server, then copy them to the device’s running-config file. In fact, this method is a convenient way to reorder individual ACL entries within an ACL. See “Modifying ACLs” on page 3-19.
PAGE 60
Using Access Control Lists (ACLs) 7. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory.
PAGE 61
Installation and Getting Started Guide The commands in this example configure an ACL to deny packets from three source IP addresses from being forwarded on port 1/1. The last ACL entry in this ACL permits all packets that are not explicitly denied by the first three ACL entries.
PAGE 62
Using Access Control Lists (ACLs) NOTE: You can enable logging on ACLs and filters that support logging even when the ACLs and filters are already in use. To do so, re-enter the ACL or filter command and add the log parameter to the end of the ACL or filter. The software replaces the ACL or filter command with the new one. The new ACL or filter, with logging enabled, takes effect immediately.
PAGE 63
Installation and Getting Started Guide NOTE: If the ACL is a forwarding ACL, the action forwards or drops the traffic. If the ACL is a management access ACL, the action permits or denies management access. 7. Enter the source information. You can enter the source IP address and network mask or the host name. • If you enter the address, you also must enter the network mask. To specify “any”, enter “0.0.0.0”.
PAGE 64
Using Access Control Lists (ACLs) Configuring Extended ACLs This section describes how to configure extended ACLs. • For configuration information on named ACLs, see “Configuring Named ACLs” on page 3-18. • For configuration information on standard ACLs, see “Configuring Standard ACLs” on page 3-5.
PAGE 65
Installation and Getting Started Guide The fourth entry denies all IP traffic from host 209.157.21.100to host 209.157.22.1 and generates Syslog entries for packets that are denied by this entry. The fifth entry denies all OSPF traffic and generates Syslog entries for denied traffic. The sixth entry permits all packets that are not explicitly denied by the other entries. Without this entry, the ACL would deny all incoming or outgoing IP traffic on the ports to which you assign the ACL.
PAGE 66
Using Access Control Lists (ACLs) The second entry denies all FTP traffic from the 209.157.21.x network to the 209.157.22.x network, if the traffic has the IP precedence value “6” (equivalent to “internet”). The third entry permits all packets that are not explicitly denied by the other entries. Without this entry, the ACL would deny all incoming or outgoing IP traffic on the ports to which you assign the ACL.
PAGE 67
Installation and Getting Started Guide 209.157.22.26 0.0.0.255, then save the changes to the startup-config file, the value appears as 209.157.22.0/24 (if you have enabled display of sub-net lengths) or 209.157.22.0 0.0.0.255 in the startup-config file. If you enable the software to display IP sub-net masks in CIDR format, the mask is saved in the file in “/” format. To enable the software to display the CIDR masks, enter the ip show-subnet-length command at the global CONFIG level of the CLI.
PAGE 68
Using Access Control Lists (ACLs) • • pop2 • pop3 • smtp • ssl • telnet UDP port names recognized by the software: • bootps • bootpc • dns • ntp • radius • radius-old • rip • snmp • snmp-trap • tftp The in | out parameter specifies whether the ACL applies to incoming traffic or outgoing traffic on the interface to which you apply the ACL. You can apply the ACL to an Ethernet port or virtual interface.
PAGE 69
Installation and Getting Started Guide You can specify one of the following: • max-reliability or 2 – The ACL matches packets that have the maximum reliability TOS. The decimal value for this option is 2. • max-throughput or 4 – The ACL matches packets that have the maximum throughput TOS. The decimal value for this option is 4. • min-delay or 8 – The ACL matches packets that have the minimum delay TOS. The decimal value for this option is 8.
PAGE 70
Using Access Control Lists (ACLs) 5. Change the ACL number in the ACL Number field or use the ACL number displayed in the field. NOTE: You cannot specify a name. 6. 7. Select the ACL action. You can select Permit or Deny: • Permit – Forwards traffic that matches the ACL. • Deny – Drops traffic that matches the ACL. Enter the source IP information. You can enter the source IP address and network mask or the host name. • If you enter the address, you also must enter the network mask.
PAGE 71
Installation and Getting Started Guide must have network access to a DNS server and the server must have an Address record for the host. In addition, the device must be configured with a DNS domain name and the IP address of the DNS server. 8. Enter the destination IP information. The options and requirements are the same as those for entering the source IP information. 9. Select the IP precedence from the IP Precedence pulldown menu (optional).
PAGE 72
Using Access Control Lists (ACLs) • GreaterThan – The ACL applies to TCP or UDP ports whose numbers are greater than the number of the port you specify in the following step. NOTE: The comparison operators apply only when you are filtering on individual source and destination TCP or UDP ports. If you are filtering on a range of ports, the operators do not apply. Instead, the ACL matches on any TCP or UDP port that is equal to a port within the specified range. 16. Specify the source TCP or UDP port.
PAGE 73
Installation and Getting Started Guide NOTE: You also can access the dialog for saving configuration changes by clicking on Command in the tree view, then clicking on Save to Flash. Configuring Named ACLs When you configure an IP ACL, you can refer to the ACL by a numeric ID or by a name. • If you refer to the ACL by a numeric ID, you can use 1 – 99 for a standard ACL or 100 – 199 for an extended ACL.
PAGE 74
Using Access Control Lists (ACLs) NOTE: For convenience, the software allows you to configure numbered ACLs using the syntax for named ACLs. The software also still supports the older syntax for numbered ACLs. Although the software allows both methods for configuring numbered ACLs, numbered ACLs are always formatted in the startup-config and running-config files in using the older syntax, as follows. access-list access-list access-list access-list 1 deny host 209.157.22.26 log 1 deny 209.157.22.0 0.0.0.
PAGE 75
Installation and Getting Started Guide NOTE: The only valid commands that are valid in the ACL list are the access-list and end commands. The HP device ignores other commands in the file. To modify an ACL by configuring an ACL list on a file server: 1. Use a text editor to create a new text file. When you name the file, use 8.3 format (up to eight characters in the name and up to three characters in the extension). NOTE: Make sure the HP device has network access to the TFTP server. 2.
PAGE 76
Using Access Control Lists (ACLs) NOTE: Do not place other commands in the file. The HP device reads only the ACL information in the file and ignores other commands, including ip access-group commands. To assign ACLs to interfaces, use the CLI. Applying an ACL to a Subset of Ports on a Virtual Interface You can apply an ACL to a virtual routing interface. The virtual interface is used for routing between VLANs and contains all the ports within the VLAN.
PAGE 77
Installation and Getting Started Guide Enabling Strict TCP Mode By default, when you use ACLs to filter TCP traffic, the HP device does not compare all TCP packets against the ACLs. Instead, the device compares TCP control packets against the ACLs, but not data packets. Control packets include packet types such as SYN (Synchronization) packets, FIN (Finish) packets, and RST (Reset) packets.
PAGE 78
Using Access Control Lists (ACLs) NOTE: If the device’s configuration currently has ACLs associated with interfaces, remove the ACLs from the interfaces before changing the ACL mode. To enable the strict ACL UDP mode, enter the following command at the global CONFIG level of the CLI: HP9300(config)# ip strict-acl-udp Syntax: [no] ip strict-acl-udp This command configures the device to compare all UDP packets against the configured ACLs before forwarding them.
PAGE 79
Installation and Getting Started Guide To display Syslog entries, use one of the following methods. USING THE CLI Enter the following command from any CLI prompt: HP9300(config)# show log Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) B uffer logging: level ACDMEINW, 38 messages logged l evel code: A=alert C=critical D=debugging M=emergency E=error I=inf ormational N=notification W=warning Log Buffer (50 entries): 21d07h02m40s:warning:list 101 denied tcp 209.157.22.
PAGE 80
Using Access Control Lists (ACLs) • Specify the default next-hop IP address if there is no explicit next-hop selection for the packet. • Send the packet to the null interface (null0). HP’s PBR routing is based on standard and extended ACLs and route-maps. The ACLs classify the traffic. Route maps that match on the ACLs set routing attributes for the traffic. HP's implementation of PBR uses high performance switching algorithms including route caches and route tables.
PAGE 81
Installation and Getting Started Guide If you prefer to specify the wildcard (mask value) in CIDR format, you can enter a forward slash after the IP address, then enter the number of significant bits in the mask. For example, you can enter the CIDR equivalent of “209.157.22.26 0.0.0.255” as “209.157.22.26/24”.
PAGE 82
Using Access Control Lists (ACLs) The parameter specifies a standard or extended ACL number or name. Syntax: set ip [default] next hop This command sets the next-hop IP address for traffic that matches a match statement in the route map. If you specify default, the route map sets the next-hop gateway only if the routing switch does not already have explicit routing information for the traffic.
PAGE 83
Installation and Getting Started Guide ACLs to be further evaluated by the route map. If you specify deny, the routing switch denies the traffic from further evaluation and instead drops the packets. Notice that these ACLs specify any for the destination address. HP9300(config)# access-list 1 permit 209.157.23.0 0.0.0.255 HP9300(config)# access-list 2 permit 209.157.24.0 0.0.0.255 HP9300(config)# access-list 3 permit 209.157.25.0 0.0.0.
PAGE 84
Using Access Control Lists (ACLs) HP9300(config-routemap test-route-if-no-gateway)# exit The following command enables PBR by globally applying the route map to all interfaces. HP9300(config)# ip policy route-map test-route-if-no-gateway Alternatively, you can enable PBR on specific interfaces, as shown in the following example. The commands in this example configure IP addresses in the source sub-net identified in ACL 4, then apply route map test-route-if no-gateway to the interface.
PAGE 85
Installation and Getting Started Guide 3 - 30
PAGE 86
Chapter 4 Rate Limiting HP’s rate limiting enables you to control the amount of bandwidth specific Ethernet traffic uses on specific interfaces, by limiting the amount of data the interface receives or forwards for traffic. You can configure the following types of rate limiting: • Fixed Rate Limiting – Enforces a strict bandwidth limit. The device forwards traffic that is within the limit but drops all traffic that exceeds the limit.
PAGE 87
Advanced Configuration and Management Guide intervals, the port receives less than 500000 bits in each interval. However, the port receives more than 500000 bits during the third and fourth one-second intervals, and consequently drops the excess traffic. The Fixed Rate Limiting policy allows up to 500000 bits (62500 bytes) of inbound traffic during each one-second interval. Once the maximum rate is reached, all additional traffic within the one-second interval is dropped.
PAGE 88
Rate Limiting Displaying Fixed Rate Limiting Information To display configuration information and statistics for Fixed Rate Limiting, enter the following command at any level of the CLI: HP9300(config)# show rate-limiting fixed Total rate-limited interface count: 6. P ort Input rate RX Enforced Output rate 1/1 500000 3 2/1 1234567 2/2 2222222 2/3 1234567 2/4 1238888 2/5 1238888 TX Enforced 100 3 15 12 7 Syntax: show rate-limiting fixed This display shows the following information. Table 4.
PAGE 89
Advanced Configuration and Management Guide Adaptive Rate Limiting The Adaptive Rate Limiting enables you to configure rate policies that enforce bandwidth limits for Ethernet traffic. The features allows you to specify how much Ethernet traffic of a given type a specific port can send or receive, and also allows you to either change the IP precedence of the traffic before forwarding it or drop the traffic.
PAGE 90
Rate Limiting Examples of Adaptive Rate Limiting Applications The following sections show some examples of how you can use Adaptive Rate Limiting. The CLI commands for implementing each application are shown in “Complete CLI Examples” on page 4-18. Adaptive Rate Policies For an Uplink Figure 4.2 shows an example of how you can use the Adaptive Rate Limiting. In this example, four rate policies are applied to the device’s uplink to the Internet.
PAGE 91
Advanced Configuration and Management Guide The rate policy rules are for three TCP/UDP applications: HTTP (web), FTP, and DNS. The fourth rule is for all other Ethernet traffic (traffic that is not for one of the three applications). The device applies rate policy rules in the order in which you apply them to an interface.
PAGE 92
Rate Limiting Adaptive Rate Policy for a Specific MAC Address Figure 4.3 shows an example of a rate policy consisting of one rule applied to a virtual routing interface (“virtual interface” or “VE”). A virtual interface enables ports in a VLAN to route to other VLANs. In this example, the VLAN contains three ports, attached to three hosts. The hosts use virtual interface ve2 for routing. The rate policy in this example forwards all conforming traffic from the host with MAC address aaaa.bbbb.
PAGE 93
Advanced Configuration and Management Guide Adaptive Rate Policy for a Port-Based VLAN Figure 4.4 shows a rate policy applied to a VLAN. When you apply a rate policy to a VLAN, the policy applies to all the ports in the VLAN.
PAGE 94
Rate Limiting Adaptive Rate Limiting uses the following parameters: • Average Rate • Normal Burst Size • Excess Burst Size • Committed Time Interval When you apply Adaptive Rate Limiting policies to an interface, you specify the first three of these parameters. The fourth parameter is derived from the first two. NOTE: When you configure these parameters, express the Average Rate in bits. Express the Normal Burst Size and Excess Burst Size in bytes.
PAGE 95
Advanced Configuration and Management Guide Thus, the Committed Time Interval is 1000000 bits / 10000000 bits = 0.1 seconds. This means that the Adaptive Rate Limiting parameters apply to time slices of bandwidth 0.1 seconds long. To determine the maximum Excess Burst Size you can specify, use the Average Rate and Normal Burst Size you specified to calculate the Committed Time Interval. Then divide the interface’s maximum line rate by the Committed Time Interval.
PAGE 96
Rate Limiting Figure 4.5 shows an example of the Normal Burst Size and Excess Burst Size counters. This example shows two Committed Time Intervals.
PAGE 97
Advanced Configuration and Management Guide Figure 4.6 shows an example of two Committed Time Intervals. In this example, the policy rule matches the maximum number of conforming bytes (Normal Burst Size bytes) in each interval.
PAGE 98
Rate Limiting Figure 4.7 shows an example of eight Committed Time Intervals. The software drops traffic in the second and eighth intervals because the interface receives traffic that matches the rule after the rule has already matched the maximum number of bytes for the Normal Burst Size and Excess Burst Size. In the third and fourth Committed Time Intervals, the rule matches the maximum number of bytes for the Normal Burst Size, and then matches additional bytes.
PAGE 99
Advanced Configuration and Management Guide NOTE: To characterize the traffic, configure ACLs. You can use ACLs for rate policy rules applied to IP interfaces or to virtual interfaces, but not for rate policy rules applied directly to port-based VLANs. When you apply a rate policy rule to a port-based VLAN, the policy applies to all Ethernet traffic.
PAGE 100
Rate Limiting NOTE: The deny option is not applicable to rate limiting. Always specify permit when configuring an ACL for use in a rate limiting rule. Syntax: [no] access-list deny | permit host any any [log] NOTE: For complete syntax descriptions for standard and extended ACLs, see “Using Access Control Lists (ACLs)” on page 3-1. Here is the syntax for rate limit ACLs.
PAGE 101
Advanced Configuration and Management Guide NOTE: The bits appear in this order in the IP precedence field and the software reads them from right to left. The least significant digit is the rightmost digit (bit position 1) and the most significant digit is the leftmost digit (bit position 8). You also can use the mask parameter to specify a Diffserv control point.
PAGE 102
Rate Limiting CLI Syntax Syntax: [no] rate-limit input | output [access-group ] conform-action exceed-action The input | output parameter specifies whether the rule applies to inbound traffic or outbound traffic. • Specify input for inbound traffic. • Specify output for outbound traffic. The access-group parameter specifies an ACL.
PAGE 103
Advanced Configuration and Management Guide • 4 – flash override precedence • 5 – critical precedence • 6 – internetwork control precedence • 7 – network control precedence • set-prec-continue – Set the IP precedence to one of the values listed above, then evaluate the traffic based on the next rate policy. • drop – Drop the packet. • continue – Evaluate the traffic based on the next rate policy.
PAGE 104
Rate Limiting 187500 conform-action set-prec-transmit 5 exceed-action drop The following rule applies to traffic that matches ACL 103. Like the previous rule, this rule drops packets received after the maximum number of conforming packets have been received. However, notice that this rule applies to traffic in the outbound direction.
PAGE 105
Advanced Configuration and Management Guide Disabling Rate Limiting Exemption for Control Packets By default, the device does not apply Adaptive Rate Limiting policies to certain types of control packets, but instead always forwards these packets, regardless of the rate limiting policies in effect. NOTE: This section applies only to Adaptive Rate Limiting. Fixed Rate Limiting drops all packets that exceed the limit, regardless of packet type. Table 4.
PAGE 106
Chapter 5 Configuring Spanning Tree Protocol (STP) The Spanning Tree Protocol (STP) eliminates Layer 2 loops in networks, by selectively blocking some ports and allowing other ports to forward traffic, based on global (bridge) and local (port) parameters you can configure. This chapter describes how to configure Spanning Tree Protocol (STP) parameters on HP ProCurve switches and routing switches.
PAGE 107
Installation and Getting Started Guide STP Parameters and Defaults Table 5.1 lists the default STP bridge parameters. The bridge parameters affect the entire VLAN (or the entire device, if the only port-based VLAN is the default one, VLAN 1). Table 5.1: Default STP Bridge Parameters Parameter Description Default and Valid Values Forward Delay The period of time a bridge will wait (the listen and learn period) before beginning to forward data packets.
PAGE 108
Configuring Spanning Tree Protocol (STP) Enabling or Disabling the Spanning Tree Protocol (STP) You can enable or disable STP on the following levels: • Globally – Affects all ports on the device. • Port-based VLAN – Affects all ports within the specified port-based VLAN. When you enable or disable STP within a port-based VLAN, the setting overrides the global setting.
PAGE 109
Installation and Getting Started Guide Changing STP Bridge and Port Parameters Table 5.1 on page 5-2 and Table 5.2 on page 5-2 list the default STP parameters. If you need to change the default value for an STP parameter, use the following procedures. Changing STP Bridge Parameters To change STP bridge parameters, use either of the following methods.
PAGE 110
Configuring Spanning Tree Protocol (STP) 5. Modify the bridge STP parameters to the values desired. 6. Click Apply to save the changes to the device’s running-config file. 7. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. Changing STP Port Parameters To change STP port parameters, use either of the following methods.
PAGE 111
Installation and Getting Started Guide 2. Click on the plus sign next to Configure in the tree view to display the configuration options. 3. Select the STP link to display the STP bridge and port parameters. 4. Click the Modify button in the STP port parameters table to display the STP configuration panel, as shown in the following example. If the device has multiple port-based VLANs, select the Modify button next to the VLAN on which you want to change the parameters.
PAGE 112
Configuring Spanning Tree Protocol (STP) Displaying STP Information You can display the following STP information: • All the global and interface STP settings • STP state information for an individual interface • STP state information for a port-based VLAN Displaying STP Information for an Entire Device To display STP information for an entire device, use either of the following methods.
PAGE 113
Installation and Getting Started Guide The show span command shows the following information. Table 5.3: CLI Display of STP Information This Field... Displays... Global STP Parameters VLAN ID The port-based VLAN that contains this spanning tree (instance of STP). VLAN 1 is the default VLAN. If you have not configured port based VLANs on this device, all STP information is for VLAN 1. Root ID The ID assigned by STP to the root bridge for this spanning tree.
PAGE 114
Configuring Spanning Tree Protocol (STP) Table 5.3: CLI Display of STP Information (Continued) This Field... Displays... State The port’s STP state. The state can be one of the following: • BLOCKING – STP has blocked Layer 2 traffic on this port to prevent a loop. The device or VLAN can reach the root bridge using another port, whose state is FORWARDING. When a port is in this state, the port does not transmit or receive user frames, but the port does continue to receive STP BPDUs.
PAGE 115
Installation and Getting Started Guide Table 5.4: Web Management Display of STP Information This Field... Displays... STP Bridge Parameters (global parameters) VLAN ID The port-based VLAN that contains this spanning tree (instance of STP). VLAN 1 is the default VLAN. If you have not configured port based VLANs on this device, all STP information is for VLAN 1. Root ID The ID assigned by STP to the root bridge for this spanning tree. Root Cost The cumulative cost from this bridge to the root bridge.
PAGE 116
Configuring Spanning Tree Protocol (STP) Table 5.4: Web Management Display of STP Information (Continued) This Field... Displays... State The port’s STP state. The state can be one of the following: • BLOCKING – STP has blocked Layer 2 traffic on this port to prevent a loop. The device or VLAN can reach the root bridge using another port, whose state is FORWARDING. When a port is in this state, the port does not transmit or receive user frames, but the port does continue to receive STP BPDUs.
PAGE 117
Installation and Getting Started Guide STP configured to ON, priority is level0, flow control enabled mirror disabled, monitor disabled Not member of any active trunks Not member of any configured trunks No port name MTU 1500 bytes, encapsulation ethernet 5 minute input rate: 352 bits/sec, 0 packets/sec, 0.00% utilization 5 minute output rate: 0 bits/sec, 0 packets/sec, 0.
PAGE 118
Configuring Spanning Tree Protocol (STP) Maximum PORT-VLAN entries: 16 legend: [S=Slot] PORT-VLAN Untagged Untagged Untagged Untagged Tagged Uplink 1, Name DEFAULT-VLAN, Priority level0, Spanning tree On Ports: (S3) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Ports: (S3) 17 18 19 20 21 22 23 24 Ports: (S4) 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 Ports: (S4) 18 19 20 21 22 23 24 Ports: None Ports: None PORT-VLAN Untagged Untagged Tagged Uplink 2, Name greenwell, Priority level0, Spanning tree Off Po
PAGE 119
Installation and Getting Started Guide In addition, Fast Port Span enhances overall network performance in the following ways: • Fast Port Span reduces the number of STP topology change notifications on the network. When an end station attached to a Fast Span port comes up or down, the HP device does not generate a topology change notification for the port. In this situation, the notification is unnecessary since a change in the state of the host does not affect the network’s topology.
PAGE 120
Configuring Spanning Tree Protocol (STP) 4. Select the Save link at the bottom of the panel. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. Excluding Specific Ports from Fast Port Span You can exclude individual ports from Fast Port Span while leaving Fast Port Span enabled globally. To do so, use one of the following methods.
PAGE 121
Installation and Getting Started Guide Fast Uplink Span group on the device. All Fast Uplink Span ports are members of the same Fast Uplink Span group. NOTE: To avoid the potential for temporary bridging loops, Hewlett-Packard recommends that you use the Fast Uplink feature only for wiring closet switches (switches at the edge of the network cloud).
PAGE 122
Configuring Spanning Tree Protocol (STP) To remove a Fast Uplink Span group or to remove individual ports from a group, use “no” in front of the appropriate fast uplink-span command.
PAGE 123
Installation and Getting Started Guide • Maximum Age – The interval a bridge will wait for receipt of a hello packet before initiating a topology change. Possible values: 6 – 40 seconds. Default is 20. • Hello Time – The interval of time between each configuration BPDU sent by the root bridge. Possible values: 1 – 10 seconds. Default is 2. • Priority – A parameter used to identify the root bridge in a network. The bridge with the lowest value has the highest priority and is the root.
PAGE 124
Configuring Spanning Tree Protocol (STP) To verify that single STP is in effect, enter the following command at any level of the CLI: HP9300(config) show span Syntax: show span [vlan ] Here is an example of the information displayed by this command. Notice that no VLAN IDs are listed in the VLAN ID column. For STP, all ports are members of VLAN 4094, the single STP VLAN.
PAGE 125
Installation and Getting Started Guide Untagged Untagged Untagged Tagged Ports: Ports: Ports: Ports: (S4) 17 18 19 20 21 22 23 24 (S6) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 (S6) 17 18 19 20 21 22 23 24 None This example shows information for port-based VLAN 1, which is the default VLAN. Notice that a message indicates that the VLAN is in the single STP domain. Also notice that the SINGLE-SPANNING-TREE-VLAN contains all the ports in the device. USING THE WEB MANAGEMENT INTERFACE 1.
PAGE 126
Configuring Spanning Tree Protocol (STP) When PVST is enabled on an HP port, that port sends BPDUs in PVST format instead of HP’s spanning tree format. PVST+ HP devices and Cisco devices support separate spanning trees on an individual port-based VLAN basis. However, until the IEEE standard for multiple spanning trees is finalized, vendors are using different methods to support multiple spanning trees within their own products.
PAGE 127
Installation and Getting Started Guide Displaying PVST Information To display PVST information, use the following CLI method. USING THE CLI To display PVST information for ports on an HP device, enter the following command at any level of the CLI: HP 9304M or HP 9308M(config)# show span pvst-mode VLAN ID 200 200 Port Num. 10 11 PVST Cfg. 0 1 PVST On(by cfg. or detect) 1 1 This example shows that for VLAN 200, PVST support is statically enabled on port 11.
PAGE 128
Chapter 6 Configuring IP This chapter describes the Internet Protocol (IP) parameters on HP ProCurve routing switches and switches and how to configure them.
PAGE 129
Installation and Getting Started Guide Overview The HP Procurve HP 6208M-SX switch and HP 9304M, HP 9308M, and HP 6308M-SX routing switches support Internet Protocol (IP) version 4. IP support on the HP 6208M-SX consists of basic services to support management access and access to a default gateway.
PAGE 130
Configuring IP The HP 6208M-SX Switch You can configure an IP address on the HP 6208M-SX for management access to the switch. An IP address is required for Telnet access, Web management access, and SNMP access. You also can specify the default gateway for forwarding traffic to other sub-nets. IP Packet Flow Through a Routing Switch Figure 6.1 shows how an IP packet moves through an HP routing switch. Load Balancing Algorithm Y N Y PBR or IP acc policy Mult.
PAGE 131
Installation and Getting Started Guide address and TCP or UDP port listed in the session table entry and sending the packet to a queue on the outgoing port(s) listed in the session table. The routing switch selects the queue based on the Quality of Service (QoS) level associated with the session table entry. 3.
PAGE 132
Configuring IP Here is an example of a static ARP entry: Index 1 IP Address 207.95.6.111 MAC Address 0800.093b.d210 Port 1/1 Each entry lists the information you specified when you created the entry.
PAGE 133
Installation and Getting Started Guide To display the IP route table, see the following: • “Displaying the IP Route Table” on page 6-90 – routing switch only To configure a static IP route, see the following: • “Configuring Static Routes” on page 6-36 – routing switch only To clear a route from the IP route table, see the following: • “Clearing IP Routes” on page 6-93 – routing switch only To increase the size of the IP route table for learned and static routes, see the “Configuring Basic Features” c
PAGE 134
Configuring IP The switch or routing switch selects the session table instead of the IP forwarding table for fast-path forwarding for the following features: • Policy-Based Routing (PBR) • Layer 4 Quality-of-Service (QoS) policies • IP access policies To increase the size of the session table, see the “Configuring Basic Features” chapter of the Installation and Getting Started Guide. The ip-qos-session parameter controls the size of the session table.
PAGE 135
Installation and Getting Started Guide For configuration information, see the following: • Virtual Router Redundancy Protocol Extended (VRRPE) – see “Configuring VRRP and VRRPE” on page 12-1. • Virtual Router Redundancy Protocol (VRRP) – see “Configuring VRRP and VRRPE” on page 12-1. • Standby Router Protocol (SRP) – see “Configuring SRP” on page 13-1 Network Address Translation HP’s chassis routing switches support Network Address Translation (NAT).
PAGE 136
Configuring IP Basic IP Parameters and Defaults – Routing Switches IP is enabled by default.
PAGE 137
Installation and Getting Started Guide IP Global Parameters – Routing Switches Table 6.1 lists the IP global parameters for routing switches. Table 6.1: IP Global Parameters – routing switches Parameter Description Default See page... IP state The Internet Protocol, version 4 Enabled n/a Note: You cannot disable IP. IP address and mask notation Router ID Format for displaying an IP address and its network mask information. You can enable one of the following: • Class-based format; example: 192.
PAGE 138
Configuring IP Table 6.1: IP Global Parameters – routing switches (Continued) Parameter Description Default See page... Directed broadcast forwarding A directed broadcast is a packet containing all ones (or in some cases, all zeros) in the host portion of the destination IP address. When a router forwards such a broadcast, it sends a copy of the packet out each of its enabled IP interfaces.
PAGE 139
Installation and Getting Started Guide Table 6.1: IP Global Parameters – routing switches (Continued) Parameter Description Default See page... Domain name for Domain Name Server (DNS) resolver A domain name (example: amaynes.router.com) you can use in place of an IP address for certain operations such as IP pings, trace routes, and Telnet management connections to the router.
PAGE 140
Configuring IP Table 6.1: IP Global Parameters – routing switches (Continued) Parameter Description Default See page... Origination of default routes You can enable a router to originate default routes for the following route exchange protocols, on an individual protocol basis: Disabled 7-10 • RIP • OSPF • BGP4 8-32 10-29 Default route aggregation Optimizes forwarding cache space by aggregating cache entries for destinations to which the router forwards traffic using a default route.
PAGE 141
Installation and Getting Started Guide IP Interface Parameters – Routing Switches Table 6.2 lists the interface-level IP parameters for routing switches. Table 6.2: IP Interface Parameters – routing switches Parameter Description Default See page... IP state The Internet Protocol, version 4 Enabled n/a Note: You cannot disable IP.
PAGE 142
Configuring IP Table 6.2: IP Interface Parameters – routing switches (Continued) Parameter Description Default See page... UDP broadcast forwarding The router can forward UDP broadcast packets for UDP applications such as BootP. By forwarding the UDP broadcasts, the router enables clients on one sub-net to find servers attached to other sub-nets.
PAGE 143
Installation and Getting Started Guide Basic IP Parameters and Defaults – HP 6208M-SX IP is enabled by default. The following tables list the switch IP parameters, their default values, and where to find configuration information. NOTE: The HP 6208M-SX also provides IP multicast forwarding, which is enabled by default. For information about this feature, see the “Configuring Basic Features” chapter of the Installation and Getting Started Guide. IP Global Parameters – HP 6208M-SX Table 6.
PAGE 144
Configuring IP Table 6.3: IP Global Parameters – switch (Continued) Parameter Description Default See page... Domain name for Domain Name Server (DNS) resolver A domain name (example: amaynes.router.com) you can use in place of an IP address for certain operations such as IP pings, trace routes, and Telnet management connections to the router. None configured 6-74 DNS default gateway addresses A list of gateways attached to the router through which clients attached to the router can reach DNSs.
PAGE 145
Installation and Getting Started Guide Configuring IP Parameters – Routing Switches The following sections describe how to configure IP parameters. Some parameters can be configured globally while others can be configured on individual interfaces. Some parameters can be configured globally and overridden for individual interfaces. NOTE: This section describes how to configure IP parameters for routing switches.
PAGE 146
Configuring IP USING THE WEB MANAGEMENT INTERFACE To assign an IP address and mask to a router interface: 1. Log on to the device using a valid user name and password for read-write access. The System configuration dialog is displayed. 2. Select the IP Address link. The IP addresses already configured on the device are listed in a table. Select Add IP Address to display the following panel. 3. Select the port (and slot if applicable) on which you want to configure the address.
PAGE 147
Installation and Getting Started Guide HP9300(config-lbif-1)# ip address 10.0.0.1/24 Syntax: interface loopback The value can be from 1 – 8. Syntax: [no] ip address [secondary] or Syntax: [no] ip address / [secondary] USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration panel is displayed. 2.
PAGE 148
Configuring IP For more information about VLANs and how to configure them, see “Configuring VLANs” on page 16-1. USING THE CLI To add a virtual interface to a VLAN and configure an IP address on the interface, enter commands such as the following: HP9300(config)# vlan 2 name IP-Subnet_1.1.2.0/24 HP9300(config-vlan-2)# untag e1 to 4 HP9300(config-vlan-2)# router-interface ve1 HP9300(config-vlan-2)# interface ve1 HP9300(config-vif-1)# ip address 1.1.2.
PAGE 149
Installation and Getting Started Guide HP9300(config)# ip dns domain-name newyork.com HP9300(config)# ip dns server-address 209.157.22.199 205.96.7.15 208.95.7.25 201.98.7.15 Syntax: ip dns server-address [] [] [] In this example, the first IP address in the ip dns server-address... command becomes the primary gateway address and all others are secondary addresses. Because IP address 201.98.7.
PAGE 150
Configuring IP USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-only or read-write access. The System configuration panel is displayed. 2. Click on the plus sign next to Command in the tree view to list the command options. 3. Select the Trace Route link to display the Trace Route panel. 4. Enter the host name or IP address in the Target Address field.
PAGE 151
Installation and Getting Started Guide USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration panel is displayed. 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3. Click on the plus sign next to IP in the tree view to expand the list of IP option links. 4. Click on the Interface link to display the interface table. 5.
PAGE 152
Configuring IP Changing the Router ID In most configurations, a routing switch has multiple IP addresses, usually configured on different interfaces. As a result, a routing switch’s identity to other devices varies depending on the interface to which the other device is attached.
PAGE 153
Installation and Getting Started Guide Specifying a Single Source Interface for Telnet, TACACS/TACACS+, or RADIUS Packets When the routing switch originates a Telnet, TACACS/TACACS+, or RADIUS packet, the source address of the packet is the lowest-numbered IP address on the interface that sends the packet. You can configure the routing switch to always the lowest-numbered IP address on a specific interface as the source addresses for these types of packets.
PAGE 154
Configuring IP HP9300(config)# ip tacacs source-interface ve 1 The commands in this example configure virtual interface 1, assign IP address 10.0.0.3/24 to the interface, then designate the interface as the source for all TACACS/TACACS+ packets from the routing switch. Syntax: ip tacacs source-interface ethernet | loopback | ve The parameter is a loopback interface or virtual interface number.
PAGE 155
Installation and Getting Started Guide address for the IP address. The ARP cache maps IP addresses to MAC addresses. The cache also lists the port attached to the device and, if the entry is dynamic, the age of the entry. A dynamic ARP entry enters the cache when the routing switch receives an ARP reply or receives an ARP request (which contains the sender’s IP address and MAC address).
PAGE 156
Configuring IP 5. Enter a value from 0 – 240 into the ARP Age field. 6. Click the Apply button to save the change to the device’s running-config file. 7. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. Enabling Proxy ARP Proxy ARP allows a routing switch to answer ARP requests from devices on one network on behalf of devices in another network.
PAGE 157
Installation and Getting Started Guide To display the ARP cache and static ARP table, see the following: • To display the ARP table, see “Displaying the ARP Cache” on page 6-85. • To display the static ARP table, see “Displaying the Static ARP Table” on page 6-87. To configure a static ARP entry, use either of the following methods. USING THE CLI To create a static ARP entry, enter a command such as the following: HP9300(config)# arp 1 192.53.4.2 1245.7654.
PAGE 158
Configuring IP 10. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. Changing the Maximum Number of Entries the Static ARP Table Can Hold Table 6.5 on page 6-31 lists the default maximum and configurable maximum number of entries in the static ARP table that are supported on each type of HP routing switch.
PAGE 159
Installation and Getting Started Guide 4. Enter the new value for the cache size. The value you enter specifies the maximum number of entries the cache can hold. 5. Click Apply to save the changes to the device’s running-config. 6. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. 7. Click on the plus sign next to Command in the tree view to list the command options. 8.
PAGE 160
Configuring IP NOTE: A less common type, the all-sub-nets broadcast, goes to all directly-attached sub-nets. Forwarding for this broadcast type also is supported, but most networks use IP multicasting instead of all-sub-net broadcasting. Forwarding for all types of IP directed broadcasts is disabled by default. You can enable forwarding for all types if needed. You cannot enable forwarding for specific broadcast types. To enable forwarding of IP directed broadcasts, use either of the following methods.
PAGE 161
Installation and Getting Started Guide USING THE CLI To disable forwarding of IP source-routed packets, enter the following command: HP9300(config)# no ip source-route Syntax: [no] ip source-route To re-enable forwarding of source-routed packets, enter the following command: HP9300(config)# ip source-route USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration panel is displayed. 2.
PAGE 162
Configuring IP You can selectively disable the following types of Internet Control Message Protocol (ICMP) messages: • Echo messages (ping messages) – The routing switch replies to IP pings from other IP devices. • Destination Unreachable messages – If the routing switch receives an IP packet that it cannot deliver to its destination, the routing switch discards the packet and sends a message back to the device that sent the packet to the routing switch.
PAGE 163
Installation and Getting Started Guide Syntax: [no] ip icmp unreachable [network | host | protocol | administration | fragmentation-needed | port | source-route-fail] If you enter the command without specifying a message type (as in the example above), all types of ICMP Unreachable messages listed above are disabled. If you want to disable only specific types of ICMP Unreachable messages, you can specify the message type.
PAGE 164
Configuring IP sources to the same destination, the routing switch places the route in the IP route table. • OSPF – See RIP, but substitute “OSPF” for “RIP”. • BGP4 – See RIP, but substitute “BGP4” for “RIP”. • Default network route – A statically configured default route that the routing switch uses if other default routes to the destination are not available. See “Configuring a Default Network Route” on page 6-46. • Statically configured route – You can add routes directly to the route table.
PAGE 165
Installation and Getting Started Guide • Path redundancy – When you add multiple static IP routes for the same destination, but give the routes different metrics or administrative distances, the routing switch uses the route with the lowest administrative distance by default, but uses another route to the same destination of the first route becomes unavailable.
PAGE 166
Configuring IP HP9300(config)# ip route 192.128.2.69 255.255.255.0 ethernet 4/1 The command in the example above configures a static IP route for destination network 192.128.2.69/24. Since an Ethernet port is specified instead of a gateway IP address as the next hop, the routing switch always forwards traffic for the 192.128.2.69/24 network to port 4/1. The command in the following example configures an IP static route that uses virtual interface 3 as its next hop. HP9300(config)# ip route 192.128.2.
PAGE 167
Installation and Getting Started Guide 4. Click on the General link to display the IP configuration panel. 5. Click the Static Route link. • If the device does not have any IP static routes, the Static Route configuration panel is displayed. • If a static route is already configured and you are adding a new route, click on the Add Static Route link to display the Static Route configuration panel.
PAGE 168
Configuring IP To display the maximum value for your device, enter the show default values command. The maximum number of static IP routes the system can hold is listed in the ip-static-route row in the System Parameters section of the display. To change the maximum value, use the system-max ip-static-route command at the global CONFIG level. The parameter specifies the network or host address.
PAGE 169
Installation and Getting Started Guide The following commands configure static IP routes to the same destination, but with different metrics. The route with the lowest metric is used by default. The other routes are backups in case the first route becomes unavailable. The routing switch uses the route with the lowest metric if the route is available. HP9300(config)# ip route 192.128.2.69 255.255.255.0 209.157.22.1 HP9300(config)# ip route 192.128.2.69 255.255.255.0 192.111.10.
PAGE 170
Configuring IP NOTE: If you specify 16, RIP considers the metric to be infinite and thus also considers the route to be unreachable. 10. Optionally change the administrative distance by editing the value in the Distance field. When comparing otherwise equal routes to a destination, the routing switch prefers lower administrative distances over higher ones, so make sure you use a low value for your default route. The default is 1. 11.
PAGE 171
Installation and Getting Started Guide Two static routes to 192.168.7.0/24: --Standard static route through gateway 192.168.6.157, with metric 1 --Null route, with metric 2 Router A Router B 192.168.6.188/24 192.168.6.157/24 192.168.7.7/24 When standard static route is good, Router A uses that route. 192.168.7.69/24 Router A Router B 192.168.6.188/24 192.168.6.157/24 192.168.7.
PAGE 172
Configuring IP Two static routes to 192.168.7.0/24: --Interface-based route through port 1/1, with metric 1. --Standard static route through gateway 192.168.8.11, with metric 3. Router A 192.168.6.188/24 Port 1/1 192.168.6.69/24 When route through interface 1/1 is available, Router A always uses that route. 192.168.8.12/24 Port 4/4 192.168.8.11/24 Router B Figure 6.4 If route through interface 1/1 becomes unavailable, Router A uses alternate route through gateway 192.168.8.11/24.
PAGE 173
Installation and Getting Started Guide USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration panel is displayed. 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3. Click on the plus sign next to IP in the tree view to expand the list of IP option links. 4. Click on the General link to display the IP configuration panel. 5. Click the Static Route link.
PAGE 174
Configuring IP When the software uses the default network route, it also uses the default network route’s next hop gateway as the gateway of last resort. This feature is especially useful in environments where network topology changes can make the next hop gateway unreachable. This feature allows the routing switch to perform default routing even if the default network route’s default gateway changes. The feature thus differs from standard default routes.
PAGE 175
Installation and Getting Started Guide USING THE WEB MANAGEMENT INTERFACE You cannot configure a default network route using the Web management interface. In addition, the IP route table display in the Web management interface does not indicate routes that are candidate default network routes. The routes are listed but are not flagged with an asterisk. Configuring IP Load Sharing The IP route table can contain more than one path to a given destination.
PAGE 176
Configuring IP Here are the default administrative distances on the HP routing switch: • Directly connected – 0 (this value is not configurable) • Static IP route – 1 (applies to all static routes, including default routes and default network routes) • Exterior Border Gateway Protocol (EBGP) – 20 • OSPF – 110 • RIP – 120 • Interior Gateway Protocol (IBGP) – 200 • Local BGP – 200 • Unknown – 255 (the routing switch will not use this route) Lower administrative distances are preferred over hi
PAGE 177
Installation and Getting Started Guide The load sharing state for all the route sources is based on the state of IP load sharing. Since IP load sharing is enabled by default on all HP routing switches, load sharing for static IP routes, RIP routes, OSPF routes, and BGP4 routes also is enabled by default. Table 6.6: Default Load Sharing Parameters for Route Sources Route Source Default Maximum Number of Paths Maximum Number of Paths See...
PAGE 178
Configuring IP Response to Path State Changes If one of the load-balanced paths to a cached destination becomes unavailable, or the IP route table receives a new equal-cost path to a cached destination, the software removes the unavailable path from the IP route table. Then the software selects a new path: • For host-based IP load sharing, the next load-balancing cache entry uses the first path to the destination. The first path is the path that entered the IP route table first.
PAGE 179
Installation and Getting Started Guide IP Forwarding Cache Host-Based Load Sharing Destination Host Next-Hop 192.168.1.170 (H1) 192.168.6.2 (R2) 192.168.1.234 (H2) 192.168.5.1 (R3) 192.168.1.218 (H3) 192.168.6.2 (R2) 192.168.2.175 (H4) 192.168.5.1 (R3) 192.168.2.193 (H5) 192.168.6.2 (R2) 192.168.2.155 (H6) 192.168.5.1 (R3) 192.168.3.209 (H7) 192.168.6.2 (R2) 192.168.1.170 192.168.1.234 192.168.1.218 192.168.3.159 (H8) 192.168.5.1 (R3) H1 H2 H3 192.168.3.111 (H9) 192.168.5.
PAGE 180
Configuring IP IP Forwarding Cache Host-Based Load Sharing Destination Host Next-Hop 192.168.2.175 (H4) 192.168.6.2 (R2) 192.168.1.170 (H1) 192.168.5.1 (R3) 192.168.1.218 (H3) 192.168.6.2 (R2) 192.168.2.155 (H6) 192.168.5.1 (R3) 192.168.3.209 (H7) 192.168.6.2 (R2) 192.168.3.111 (H9) 192.168.5.1 (R3) 192.168.1.234 (H2) 192.168.6.2 (R2) 192.168.2.193 (H5) 192.168.5.1 (R3) 192.168.3.159 (H8) 192.168.5.
PAGE 181
Installation and Getting Started Guide Figure 6.7 shows an example of IP load sharing cache entries for network-based IP load sharing. The network in this example is the same as the network in Figure 6.5 and Figure 6.6. Notice that the cache contains one entry for each destination network, instead of a separate entry for each destination host. Based on the cache entries, traffic for all hosts (H1, H2, and H3) on network N1 uses the path through R2.
PAGE 182
Configuring IP M = A number from 1 to the maximum number of load-sharing paths. This value increases by 1 until it reaches the maximum, then reverts to 1. P = Number of equal-cost paths to destination network S = Selected path For reference, the following table lists the path that the network-based IP load sharing algorithm will select for each combination of maximum number of paths and number of actual paths to the destination network.
PAGE 183
Installation and Getting Started Guide Table 6.
PAGE 184
Configuring IP As shown in Table 6.7, the results of the network-based IP load sharing algorithm provide evenly-distributed load sharing. Figure 6.8 shows a network where a routing switch has eight equal-cost paths to destination networks N1 – N8. The routing switch (R1) has been enabled to support up to eight IP load sharing paths.
PAGE 185
Installation and Getting Started Guide USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration panel is displayed. 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3. Click on the plus sign next to IP in the tree view to expand the list of IP option links. 4. Click on the General link to display the IP configuration panel. 5.
PAGE 186
Configuring IP NOTE: The host-based load sharing for the destination takes effect only if the IP route table contains an entry that exactly matches the destination network you specify. For example, if you configure host-based load sharing for destination network 207.95.7.0/24, the IP route table must contain a route entry for that network. In fact, for load sharing to occur, the IP route table needs to contain multiple equal-cost paths to the network.
PAGE 187
Installation and Getting Started Guide NOTE: If the setting for the maximum number of paths is lower than the actual number of equal-cost paths, the software does not use all the paths for load sharing. To change the number of paths, use either of the following methods.
PAGE 188
Configuring IP NOTE: To place a change to the high-performance mode into effect, you must reload the software after saving the change to the startup-config file.
PAGE 189
Installation and Getting Started Guide HP9300(config)# show ip dr-aggregate Syntax: show ip dr-aggregate [] If you specify an IP address, only the entries for that destination are displayed. Here is an example of the information displayed by this command. HP9300(config)# show ip dr-aggregate Total number of cache entries: 2 Start index: 1 D:Dynamic P:Permanent F:Forward U:Us C:Complex Filter W:Wait ARP I:ICMP Deny K:Drop R:Fragment S:Snap Encap IP Address Next Hop MAC Type Port Vlan 1 22.22.
PAGE 190
Configuring IP NOTE: You can configure IRDP parameters only an individual port basis. To do so, IRDP must be disabled globally and enabled only on individual ports. You cannot configure IRDP parameters if the feature is globally enabled. When IRDP is enabled, the routing switch periodically sends Router Advertisement messages out the IP interfaces on which the feature is enabled. The messages advertise the routing switch’s IP addresses to directly attached hosts who listen for the messages.
PAGE 191
Installation and Getting Started Guide 7. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. Enabling IRDP on an Individual Port To enable IRDP on an individual port and configure IRDP parameters, use either of the following methods.
PAGE 192
Configuring IP • The entry number – the entry’s sequence number in the RARP table. • The MAC address of the boot client. • The IP address you want the routing switch to give to the client.
PAGE 193
Installation and Getting Started Guide 6. Click the Apply button to save the change to the device’s running-config file. 7. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. Creating Static RARP Entries You must configure the RARP entries for the RARP table. The routing switch can send an IP address in reply to a client’s RARP request only if create a RARP entry for that client.
PAGE 194
Configuring IP 7. Enter the IP address. 8. Click the Add button to save the change to the device’s running-config file. 9. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. Changing the Maximum Number of Static RARP Entries Supported The number of RARP entries the routing switch supports depends on how much memory the routing switch has.
PAGE 195
Installation and Getting Started Guide NOTE: If you disable forwarding for a UDP application, forwarding of client requests received as broadcasts to helper addresses is disabled. Disabling forwarding of an application does not disable other support for the application. For example, if you disable forwarding of Telnet requests to helper addresses, other Telnet support on the routing switch is not also disabled.
PAGE 196
Configuring IP USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration panel is displayed. 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3. Click on the plus sign next to IP in the tree view to expand the list of IP option links. 4. Click on the General link to display the IP configuration panel. 5.
PAGE 197
Installation and Getting Started Guide 5. Select the port (and slot if applicable) on behalf of which the UDP helper packets will be forwarded. 6. Enter the IP address of the remote server for which the routing switch will be relaying the packets. 7. Click the Add button to save the change to the device’s running-config file. 8. To configure settings for another port, select the port (and slot, if applicable) and go to step 6. 9. Select the Save link at the bottom of the dialog.
PAGE 198
Configuring IP BootP/DHCP Forwarding Parameters The following parameters control the routing switch’s forwarding of BootP/DHCP requests: • Helper address – The BootP/DHCP server’s IP address. You must configure the helper address on the interface that receives the BootP/DHCP requests from the client. The routing switch cannot forward a request to the server unless you configure a helper address for the server.
PAGE 199
Installation and Getting Started Guide Changing the Maximum Number of Hops to a BootP Relay Server Each BootP/DHCP request includes a field Hop Count field. The Hop Count field indicates how many routers the request has passed through. When the routing switch receives a BootP/DHCP request, the routing switch looks at the value in the Hop Count field.
PAGE 200
Configuring IP Configuring IP Parameters – HP 6208M-SX The following sections describe how to configure IP parameters on the HP 6208M-SX. NOTE: This section describes how to configure IP parameters for the HP 6208M-SX switch. For IP configuration information for routing switches, see “Configuring IP Parameters – Routing Switches” on page 6-18.
PAGE 201
Installation and Getting Started Guide 5. Enter the IP address in the IP address field. 6. Enter the sub-net mask in the Subnet Mask field. 7. Enter the default gateway’s IP address in the Default Gateway field. 8. Click the Apply button to save the change to the device’s running-config file. 9. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory.
PAGE 202
Configuring IP 5. Click the Apply button to save the change to the device’s running-config file. 6. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. Using a DNS Name To Initiate a Trace Route EXAMPLE: Suppose you want to trace the route from the HP 6208M-SX to a remote server identified as NYC02 on domain newyork.com. Because the newyork.
PAGE 203
Installation and Getting Started Guide 2. Click on the plus sign next to Command in the tree view to list the command options. 3. Select the Trace Route link to display the Trace Route panel. 4. Enter the host name or IP address in the Target Address field. NOTE: You can use the host name only if you have already configured the DNS resolver for the domain that contains the host. 5. Optionally change the minimum and maximum TTLs and the Timeout. 6. Click on Start to begin the trace.
PAGE 204
Configuring IP Step 3: DHCP Server generates IP addresses for Hosts 1,2,3 and 4. All IP address are assigned in the 192.95.5.1 range. DHCP Server 207.95.7.6 Step 2: Router assumes the lowest IP address (192.95.5.1) is the gateway address. Server DHCP requests for the other sub-nets were not recognized by the non-DHCP assist router, causing incorrect address assignments to occur. 192.95.5.5 192.95.5.10 192.95.5.35 192.95.5.30 IP addresses configured on the router interface Router 192.95.5.
PAGE 205
Installation and Getting Started Guide DHCP Server 207.95.7.6 Step 3: Router forwards the DHCP request to the server without touching the gateway address inserted in the packet by the switch Server Router Step 2: The HP 6208M-SX stamps each DHCP request with the gateway address of the corresponding sub-net of the receiving port. Console Power Gateway addresses: 192.95.5.1 200.95.6.1 202.95.1.1 202.95.5.1 HP Switch 4000 Interface 2 Interface 14 Host 1 Host 2 192.95.5.
PAGE 206
Configuring IP DHCP Server 207.95.7.6 Step 4: DHCP Server extracts the gateway address from each packet and assigns IP addresses for each host within the appropriate range. Server Router DHCP response with IP addresses for sub-nets 1, 2, 3, and 4: 192.95.5.10 200.95.6.15 202.95.1.35 202.95.5.25 Console Power HP Switch 4000 Step 5: IP addresses are distributed to the appropriate hosts. Host 1 Host 1 Host 2 192.95.5.10 Sub-net 1 Host 2 200.95.6.15 Sub-net 2 Hub Host 3 Host 3 202.95.
PAGE 207
Installation and Getting Started Guide Syntax: dhcp-gateway-list USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration panel is displayed. 2. Select the DHCP Gateway link to display the DHCP Gateway configuration panel. 3. Enter the list ID in the List ID field. You can specify a number from 1 – 32. 4. Enter up to eight gateway IP address in the IP address fields. 5.
PAGE 208
Configuring IP In addition to the information described below, you can display the following IP information. This information is described in other parts of this guide. • RIP information – see “Displaying RIP Filters” on page 7-16. • OSPF information – see “Displaying OSPF Information” on page 8-39. • BGP4 information – see “Displaying BGP4 Information” on page 10-84. • DVMRP information – see the “Show Commands” chapter in the Command Line Interface Reference.
PAGE 209
Installation and Getting Started Guide This display shows the following information. Table 6.8: CLI Display of Global IP Configuration Information – routing switch This Field... Displays... Global settings ttl The Time-To-Live (TTL) for IP packets. The TTL specifies the maximum number of router hops a packet can travel before reaching the HP routing switch. If the packet’s TTL value is higher than the value specified in this field, the HP routing switch drops the packet.
PAGE 210
Configuring IP Table 6.8: CLI Display of Global IP Configuration Information – routing switch (Continued) This Field... Displays... Policies Index The policy number. This is the number you assigned the policy when you configured it. Action The action the routing switch takes if a packet matches the comparison values in the policy. The action can be one of the following: • deny – The routing switch drops packets that match this policy.
PAGE 211
Installation and Getting Started Guide Loopback 1 1.2.3.4 YES NVRAM down down Syntax: show ip interface [ethernet ] | [loopback ] | [ve ] This display shows the following information. Table 6.9: CLI Display of Interface IP Configuration Information This Field... Displays... Interface The type and the slot and port number of the interface. IP-Address The IP address of the interface. Note: If an “s” is listed following the address, this is a secondary address.
PAGE 212
Configuring IP This display shows the following information. Table 6.10: Web Display of IP Interface Information This Field... Displays... Port # The physical port number or virtual interface (VE) number. VEs are shown as “v”, where is the number you assigned to the VE when you configured it. For example, VE 1 is shown as “v1”. If a range of ports is listed in this field, the interface is a trunk group.
PAGE 213
Installation and Getting Started Guide The parameter lets you specify a mask for the mac-address parameter, to display entries for multiple MAC addresses. Specify the MAC address mask as “f”s and “0”s, where “f”s are significant bits. The and parameters let you restrict the display to entries for a specific IP address and network mask. Specify the IP address masks in standard decimal mask format (for example, 255.255.0.0).
PAGE 214
Configuring IP Table 6.12: Web Display of ARP Cache – routing switch This Field... Displays... Node The IP address of the device. MAC Address The MAC address of the device. Type The type, which can be one of the following: Age • Dynamic – The routing switch learned the entry from an incoming packet. • Static – The routing switch loaded the entry from the static ARP table when the device for the entry was connected to the routing switch. The number of minutes the entry has remained unused.
PAGE 215
Installation and Getting Started Guide NOTE: The parameter and parameter perform different operations. The parameter specifies the network mask for a specific IP address, whereas the parameter provides a filter for displaying multiple MAC addresses that have specific values in common. The parameter lets you display the table beginning with a specific entry number. Table 6.13: CLI Display of Static ARP Table This Field... Displays...
PAGE 216
Configuring IP The show ip cache command displays the following information. Table 6.14: CLI Display of IP Forwarding Cache – routing switch This Field... Displays... IP Address The IP address of the destination. Next Hop The IP address of the next-hop router to the destination. This field contains either an IP address or the value DIRECT. DIRECT means the destination is either directly attached or the destination is an address on this HP device.
PAGE 217
Installation and Getting Started Guide This display shows the following information. Table 6.15: Web Display of IP Forwarding Cache Information – routing switch This Field... Displays... IP Address The IP address of the destination. Next Hop The IP address of the next-hop router to the destination. This field contains either an IP address or the value DIRECT. DIRECT means the destination is either directly attached or the destination is an address on this HP device.
PAGE 218
Configuring IP Start index: 1 Destination 1.1.0.0 1.2.0.0 1.3.0.0 1.4.0.0 1.5.0.0 1.6.0.0 1.7.0.0 1.8.0.0 1.9.0.0 1.10.0.0 B:BGP D:Connected NetMask 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 R:RIP S:Static O:OSPF *:Candidate default Gateway 99.1.1.2 99.1.1.2 99.1.1.2 99.1.1.2 99.1.1.2 99.1.1.2 99.1.1.2 99.1.1.2 99.1.1.2 99.1.1.
PAGE 219
Installation and Getting Started Guide 53 54 55 56 57 58 59 60 209.159.39.0 209.159.40.0 209.159.41.0 209.159.42.0 209.159.43.0 209.159.44.0 209.159.45.0 209.159.46.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 207.95.6.101 207.95.6.101 207.95.6.101 207.95.6.101 207.95.6.101 207.95.6.101 207.95.6.101 207.95.6.
PAGE 220
Configuring IP Clearing IP Routes If needed, you can clear the entire route table or specific individual routes. To do so, use one of the following procedures. USING THE CLI To clear all routes from the IP route table: HP9300# clear ip route To clear route 209.157.22.0/24 from the IP routing table: HP9300# clear ip route 209.157.22.
PAGE 221
Installation and Getting Started Guide TCP Statistics 0 active opens, 0 passive opens, 0 failed attempts 0 active resets, 0 passive resets, 0 input errors 138 in segments, 141 out segments, 4 retransmission RIP 0 0 0 0 0 Statistics requests sent, 0 requests received responses sent, 0 responses received unrecognized, 0 bad version, 0 bad addr family, 0 bad req format bad metrics, 0 bad resp format, 0 resp not from rip port resp from loopback, 0 packets rejected The show ip traffic command displa
PAGE 222
Configuring IP Table 6.17: CLI Display of IP Traffic Statistics – routing switch (Continued) This Field... Displays... parameter The number of Parameter Problem messages sent or received by the device. source quench The number of Source Quench messages sent or received by the device. redirect The number of Redirect messages sent or received by the device. echo The number of Echo messages sent or received by the device. echo reply The number of Echo Reply messages sent or received by the device.
PAGE 223
Installation and Getting Started Guide Table 6.17: CLI Display of IP Traffic Statistics – routing switch (Continued) This Field... Displays... out segments The number of TCP segments sent by the device. retransmission The number of segments that this device retransmitted because the retransmission timer for the segment had expired before the device at the other end of the connection had acknowledged receipt of the segment.
PAGE 224
Configuring IP This display shows the following information. Table 6.18: Web Display of IP Traffic Statistics – routing switch This Field... Displays... IP statistics Packets Received The number of IP packets received by the device. Packets Sent The number of IP packets originated and sent by the device. Packets Forwarded The number of IP packets received from another device and forwarded by this device. Filtered The number of IP packets filtered by this device.
PAGE 225
Installation and Getting Started Guide Table 6.18: Web Display of IP Traffic Statistics – routing switch (Continued) This Field... Displays... Received Redirect The number of Redirect messages received by the device. Sent Redirect The number of Redirect messages sent by the device. Received Echo The number of Echo messages received by the device. Sent Echo The number of Echo messages sent by the device. Received Echo Reply The number of Echo messages received by the device.
PAGE 226
Configuring IP Table 6.18: Web Display of IP Traffic Statistics – routing switch (Continued) This Field... Displays... Active Resets The number of TCP connections this device reset by sending a TCP RESET message to the device at the other end of the connection. Passive Resets The number of TCP connections this device reset because the device at the other end of the connection sent a TCP RESET message. Input Errors This information is used by HP customer support.
PAGE 227
Installation and Getting Started Guide Displaying IP Information – HP 6208M-SX You can display the following IP configuration information statistics on the HP 6208M-SX: • Global IP settings – see “Displaying Global IP Configuration Information” on page 6-100. • ARP entries – see “Displaying ARP Entries” on page 6-101. • IP traffic statistics – see “Displaying IP Traffic Statistics” on page 6-102.
PAGE 228
Configuring IP USING THE WEB MANAGEMENT INTERFACE To display the management IP address and default gateway: 1. Log on to the device using a valid user name and password for read-write access. The System configuration panel is displayed. 2. Click on the plus sign next to Configure in the tree view to display the list of configuration options. 3. Click on the plus sign next to IP to display the list of IP configuration options. 4.
PAGE 229
Installation and Getting Started Guide USING THE WEB MANAGEMENT INTERFACE To display the ARP cache: 1. Log on to the device using a valid user name and password for read-only or read-write access. The System configuration panel is displayed. 2. Click on the plus sign next to Monitor in the tree view to display the list of configuration options. 3. Select the ARP Cache link to display the ARP cache. This display shows the following information. Table 6.
PAGE 230
Configuring IP 1 0 0 27 current active tcbs, 4 tcbs allocated, 0 tcbs freed 0 tcbs protected active opens, 0 passive opens, 0 failed attempts active resets, 0 passive resets, 0 input errors in segments, 24 out segments, 0 retransmission Syntax: show ip traffic The show ip traffic command displays the following information. Table 6.22: CLI Display of IP Traffic Statistics – switch This Field... Displays... IP statistics received The total number of IP packets received by the device.
PAGE 231
Installation and Getting Started Guide Table 6.22: CLI Display of IP Traffic Statistics – switch (Continued) This Field... Displays... echo The number of Echo messages sent or received by the device. echo reply The number of Echo Reply messages sent or received by the device. timestamp The number of Timestamp messages sent or received by the device. timestamp reply The number of Timestamp Reply messages sent or received by the device.
PAGE 232
Configuring IP Table 6.22: CLI Display of IP Traffic Statistics – switch (Continued) This Field... Displays... out segments The number of TCP segments sent by the device. retransmission The number of segments that this device retransmitted because the retransmission timer for the segment had expired before the device at the other end of the connection had acknowledged receipt of the segment. USING THE WEB MANAGEMENT INTERFACE To display IP traffic statistics: 1.
PAGE 233
Installation and Getting Started Guide Table 6.23: Web Display of IP Traffic Statistics – switch (Continued) This Field... Displays... Sent Errors This information is used by HP customer support. Received Unreachable The number of Destination Unreachable messages received by the device. Sent Unreachable The number of Destination Unreachable messages sent by the device. Received Time Exceed The number of Time Exceeded messages received by the device.
PAGE 234
Configuring IP Table 6.23: Web Display of IP Traffic Statistics – switch (Continued) This Field... Displays... UDP statistics Received The number of UDP packets received by the device. Sent The number of UDP packets sent by the device. No Port The number of UDP packets dropped because the packet did not contain a valid UDP port number. Input Errors This information is used by HP customer support. TCP statistics The TCP statistics are derived from RFC 793, “Transmission Control Protocol”.
PAGE 235
Installation and Getting Started Guide 6 - 108
PAGE 236
Chapter 7 Configuring RIP Routing Information Protocol (RIP) is an IP route exchange protocol that uses a distance vector (a number representing distance) to measure the cost of a given route. The cost is a distance vector because the cost often is equivalent to the number of router hops between the HP routing switch and the destination network. An HP routing switch can receive multiple paths to a destination.
PAGE 237
Installation and Getting Started Guide Table 7.1: RIP Global Parameters Parameter Description Default See page... RIP state Routing Information Protocol version 2 Disabled 7-3 120 7-6 Note: You can change the RIP version on individual interfaces. See Table 7.2 on page 7-3. Administrative distance The administrative distance is a numeric value assigned to each type of route on the router.
PAGE 238
Configuring RIP RIP Interface Parameters Table 7.2 lists the interface-level RIP parameters and their default values, and indicates where you can find configuration information. . Table 7.2: RIP Interface Parameters Parameter Description Default See page... RIP version The version of the protocol that is supported on the interface.
PAGE 239
Installation and Getting Started Guide HP9300(config)# write memory Syntax: [no] router rip USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration dialog is displayed. 2. Select the Enable radio button next to RIP. 3. Click the Apply button to apply the changes to the device’s running-config file. 4. Select the Save link at the bottom of the dialog.
PAGE 240
Configuring RIP Configuring Metric Parameters By default, a routing switch port increases the cost of a RIP route that is learned on the port by one. You can configure individual ports to add more than one to a learned route’s cost. In addition, you can configure a RIP offset list to increase the metric for learned or advertised routes based on network address. Changing the Cost of Routes Learned on a Port By default, a routing switch port increases the cost of a RIP route that is learned on the port.
PAGE 241
Installation and Getting Started Guide The software adds the offset value to the routing metric (cost) of the routes that match the ACL. If a route matches both a global offset list and an interface-based offset list, the interface-based offset list takes precedence. The interface-based offset list’s metric is added to the route in this case. You can configure up to 24 global RIP offset lists and up to 24 RIP offset lists on each interface.
PAGE 242
Configuring RIP Configuring Redistribution You can configure the routing switch to redistribute routes learned through Open Shortest Path First (OSPF) or Border Gateway Protocol version 4 (BGP4) into RIP. When you redistribute a route from one of these other protocols into RIP, the routing switch can use RIP to advertise the route to its RIP neighbors. To configure redistribution, perform the following tasks: • Configure redistribution filters (optional).
PAGE 243
Installation and Getting Started Guide 3. Click on the plus sign next to RIP in the tree view to expand the list of RIP option links. 4. Click on the Redistribution Filter link. • If the device does not have any RIP redistribution filters, the RIP Redistribution Filter configuration panel is displayed, as shown in the following example.
PAGE 244
Configuring RIP HP9300(config-rip-router)# default-metric 10 This command assigns a RIP metric of 10 to each route that is redistributed into RIP. Syntax: [no] default-metric <1-15> USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration panel is displayed. 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3.
PAGE 245
Installation and Getting Started Guide Changing the Update Interval for Route Advertisements The update interval specifies how often the routing switch sends route advertisements to its RIP neighbors. You can specify an interval from 1 – 1000 seconds. The default is 30 seconds. USING THE CLI To change the RIP update interval, enter a command such as the following: HP9300(config-rip-router)# update 120 This command configures the routing switch to send RIP updates every 120 seconds.
PAGE 246
Configuring RIP USING THE WEB MANAGEMENT INTERFACE To enable learning of default RIP routes: 1. Log on to the device using a valid user name and password for read-write access. The System configuration panel is displayed. 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3. Click on the plus sign next to RIP in the tree view to expand the list of RIP option links. 4. Click on the Interface link to display the RIP interface table. 5.
PAGE 247
Installation and Getting Started Guide • If a RIP neighbor filter is already configured and you are adding a new filter, click on the Add Neighbor Filter link to display the RIP Neighbor Filter configuration panel, as shown in the following example. • If you are modifying an existing RIP neighbor filter, click on the Modify button to the right of the row describing the filter to display the RIP Neighbor Filter configuration panel, as shown in the following example. 5. Enter the filter ID. 6.
PAGE 248
Configuring RIP USING THE CLI To enable poison reverse on an interface, enter commands such as the following: HP9300(config)# interface ethernet 1/1 HP9300(config-if-1/1)# ip rip poison-reverse Syntax: [no] ip rip poison-reverse USING THE WEB MANAGEMENT INTERFACE To enable RIP routing on individual interfaces: 1. Log on to the device using a valid user name and password for read-write access. The System configuration panel is displayed. 2.
PAGE 249
Installation and Getting Started Guide NOTE: A route is defined by the destination’s IP address and network mask. NOTE: Once you define a RIP route filter, the default action changes from learning and advertising all routes to denying all routes except the ones you explicitly permit. Thus, to deny specific routes but allow all other routes, you must add a filter that allows all other routes. When you apply route filters to an interface, make sure you apply the one that allows all routes as the last filter.
PAGE 250
Configuring RIP 5. Enter the filter ID. 6. Select either Permit or Deny as the action. 7. Enter an IP address and mask or the wildcard value, 0.0.0.0, to allow all routes. 8. Click the Add button to save the change to the device’s running-config file. 9. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. To modify or delete a RIP route filter: 1.
PAGE 251
Installation and Getting Started Guide 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3. Click on the plus sign next to RIP in the tree view to expand the list of RIP option links. 4. Select the Route Filter link. 5. Select the Filter Group link. • If the device does not have any RIP filter groups, the Filter Group configuration panel is displayed, as shown in the following example.
PAGE 252
Configuring RIP This display shows the following information. Table 7.3: CLI Display of RIP Filter Information This Field... Displays... Route filters The rows underneath “RIP Route Filter Table” list the RIP route filters. If no RIP route filters are configured on the device, the following message is displayed instead: “No Filters are configured in RIP Route Filter Table”. Index The filter number. You assign this number when you configure the filter.
PAGE 253
Installation and Getting Started Guide USING THE WEB MANAGEMENT INTERFACE To display RIP filter information: 1. Log on to the device using a valid user name and password for read-only or read-write access. The System configuration panel is displayed. 2. Click on the plus sign next to Configure in the tree view. 3. Click on the plus sign next to RIP. 4.
PAGE 254
Chapter 8 Configuring OSPF This chapter describes how to configure OSPF on HP routing switches using the CLI and Web management interface. To display OSPF configuration information and statistics, see “Displaying OSPF Information” on page 8-39. For complete syntax information for the CLI commands shown in this chapter, see the Command Line Interface Reference.
PAGE 255
Advanced Configuration and Management Guide You can further limit the broadcast area of flooding by defining an area range. The area range allows you to assign an aggregate value to a range of IP addresses. This aggregate value becomes the address that is advertised instead all of the individual addresses it represents being advertised. You can assign up to 32 ranges in an OSPF area. An OSPF router can be a member of multiple areas.
PAGE 256
Configuring OSPF Designated Router Election In a network with no designated router and no backup designated router, the neighboring router with the highest priority is elected as the DR, and the router with the next largest priority is elected as the BDR, as shown in Figure 8.2 Designated Backup Router priority 10 Router A Designated Router priority 5 priority 20 Router C Figure 8.2 Router B Designated and backup router election If the DR goes off-line, the BDR automatically becomes the DR.
PAGE 257
Advanced Configuration and Management Guide When only one router on the network claims the DR role despite neighboring routers with higher priorities or router IDs, this router remains the DR. This is also true for BDRs.
PAGE 258
Configuring OSPF OSPF Autonomous System (AS) Routers D, E, and F are OSPF ASBRs and EBGP routers. Another routing domain (such as BGP4 or RIP) Router A Router D Router ID: 2.2.2.2 Router F Router B Router E Router ID: 1.1.1.1 Router C Figure 8.4 AS External LSA reduction Notice that both Router D and Router E have a route to the other routing domain through Router F. In software releases earlier than 07.1.
PAGE 259
Advanced Configuration and Management Guide Algorithm for AS External LSA Reduction Figure 8.4 shows an example in which the normal AS External LSA reduction feature is in effect. The behavior changes under the following conditions: • There is one ASBR advertising (originating) a route to the external destination, but one of the following happens: • A second ASBR comes on-line • A second ASBR that is already on-line begins advertising an equivalent route to the same destination.
PAGE 260
Configuring OSPF Since dynamic memory allocation is automatic and requires no configuration, the following CLI commands and equivalent Web management options are not supported in software release 07.1.
PAGE 261
Advanced Configuration and Management Guide • Disable or re-enable load sharing. • Enable or disable default-information-originate. • Modify Shortest Path First (SPF) timers • Define external route summarization • Define redistribution metric type. • Define deny redistribution. • Define permit redistribution. • Enable redistribution. • Change the LSA pacing interval. • Modify OSPF Traps generated. • Modify database overflow interval.
PAGE 262
Configuring OSPF Note Regarding Disabling OSPF If you disable OSPF, the routing switch removes all the configuration information for the disabled protocol from the running-config. Moreover, when you save the configuration to the startup-config file after disabling one of these protocols, all the configuration information for the disabled protocol is removed from the startup-config file.
PAGE 263
Advanced Configuration and Management Guide The | parameter specifies the area number, which can be a number or in IP address format. If you specify an number, the number can be from 0 – 2,147,483,647. The nssa parameter specifies that this is an NSSA. For more information about configuring NSSAs, see “Assign a Not-So-Stubby Area (NSSA)” on page 8-11. The specifies an additional cost for using a route to or from this area and can be from 1 – 16777215.
PAGE 264
Configuring OSPF Assign a Totally Stubby Area By default, the routing switch sends summary LSAs (LSA type 3) into stub areas. You can further reduce the number of link state advertisements (LSA) sent into a stub area by configuring the routing switch to stop sending summary LSAs (type 3 LSAs) into the area. You can disable the summary LSAs when you are configuring the stub area or later after you have configured the area.
PAGE 265
Advanced Configuration and Management Guide The HP implementation of NSSA is based on RFC 1587. Figure 8.5 shows an example of an OSPF network containing an NSSA. RIP Domain NSSA Area 1.1.1.1 Internal ASBR Figure 8.5 OSPF Area 0 Backbone OSPF ABR OSPF network containing an NSSA This example shows two routing domains, a RIP domain and an OSPF domain. The ASBR inside the NSSA imports external routes from RIP into the NSSA as Type-7 LSAs, which the ASBR floods throughout the NSSA.
PAGE 266
Configuring OSPF Configuring an NSSA To configure an NSSA, use one of the following methods. USING THE CLI To configure OSPF area 1.1.1.1 as an NSSA, enter the following commands. HP9300(config)# router ospf HP9300(config-ospf-router)# area 1.1.1.1 nssa 1 HP9300(config-ospf-router)# write memory Syntax: area | [nssa | stub [no-summary]] The | parameter specifies the area number, which can be a number or in IP address format.
PAGE 267
Advanced Configuration and Management Guide 6. Enter the area ID in the Area ID field. The ID can be a number or an IP address. 7. Select NSSA by clicking on the radio button next to NSSA in the Type field. 8. Enter a cost in the Stub Cost field. This parameter is required. You can specify from 1 – 16777215. There is no default. 9. Click the Add button to add the area. 10. Select the Save link at the bottom of the dialog.
PAGE 268
Configuring OSPF NOTE: If the device already has an OSPF area range, a table listing the ranges is displayed. Click the Modify button to the right of the row describing a range to change its configuration, or click the Add Area Range link to display the OSPF Area Range configuration panel. 7. Enter the area ID in the Area ID field. 8. Enter an IP address in the Network Address field. 9. Enter a network mask in the Mask field. The software compares the address with the significant bits in the mask.
PAGE 269
Advanced Configuration and Management Guide USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. 2. If you have not already enabled OSPF, enable it by clicking on the Enable radio button next to OSPF on the System configuration panel, then clicking Apply to apply the change. 3. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 4.
PAGE 270
Configuring OSPF 5. 6. Click on the Interface link. • If the device does not have any OSPF interfaces, the OSPF Interface configuration panel is displayed, as shown in the following example. • If an OSPF interface is already configured and you are adding a new one, click on the Add OSPF Interface link to display the OSPF Interface configuration panel, as shown in the following example.
PAGE 271
Advanced Configuration and Management Guide Modify Interface Defaults OSPF has interface parameters that you can configure. For simplicity, each of these parameters has a default value. No change to these default values is required except as needed for specific network configurations.
PAGE 272
Configuring OSPF 11. Modify the default values of the following interface parameters as needed: hello interval, retransmit interval, transmit delay, dead interval, priority, and cost. 12. Click the Add button (if you are adding a new neighbor) or the Modify button (if you are modifying a neighbor that is already configured) to apply the changes to the device’s running-config file. 13.
PAGE 273
Advanced Configuration and Management Guide Block Flooding of Outbound LSAs on Specific OSPF Interfaces By default, the routing switch floods all outbound LSAs on all the OSPF interfaces within an area. You can configure a filter to block outbound LSAs on an OSPF interface. This feature is particularly useful when you want to block LSAs from some, but not all, of the interfaces attached to the area.
PAGE 274
Configuring OSPF OSPF Area 0 HP9308C Router ID 209.157.22.1 OSPF Area 1 “transit area” HP9308B Figure 8.6 OSPF Area 2 HP9308A Router ID 10.0.0.1 Defining OSPF virtual links within a network USING THE CLI EXAMPLE: Figure 8.6 shows an OSPF area border router, HP 9308M-A, that is cut off from the backbone area (area 0). To provide backbone access to HP 9308M-A, you can add a virtual link between HP 9308M-A and HP 9308M-C using area 1 as a transit area.
PAGE 275
Advanced Configuration and Management Guide USING THE WEB MANAGEMENT INTERFACE To configure a virtual link: 1. Log on to the device using a valid user name and password for read-write access. 2. If you have not already enabled OSPF, enable it by clicking on the Enable radio button next to OSPF on the System configuration panel, then clicking Apply to apply the change. 3. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 4.
PAGE 276
Configuring OSPF 8. Enter the router ID of the neighbor router. 9. Modify the default settings of the following parameters if needed: hello interval, transit delay, retransmit interval and, dead interval. NOTE: For a description of all virtual link parameters and their possible values, see “Modify Virtual Link Parameters” on page 8-23. 10. Click Add to save the change to the device’s running-config file. 11.
PAGE 277
Advanced Configuration and Management Guide The MD5 method of authentication encrypts the authentication key you define. The authentication is included in each OSPF packet transmitted. MD5 Authentication Key: When simple authentication is enabled, the key is an alphanumeric password of up to eight characters. When MD5 is enabled, the key is an alphanumeric password of up to 16 characters that is later encrypted and included in each OSPF packet transmitted.
PAGE 278
Configuring OSPF RIP Domain ASBR (Autonomous System Border Router) OSPF Domain Figure 8.7 Redistributing OSPF and static routes to RIP routes USING THE CLI EXAMPLE: To configure the HP 9308M routing switch acting as an ASBR in Figure 8.
PAGE 279
Advanced Configuration and Management Guide Syntax: deny | permit redistribute all | bgp | connected | rip | static [address [match-metric [set-metric ]]] EXAMPLE: To redistribute RIP, static, and BGP4 routes into OSPF, enter the following commands on the routing switch acting as an ASBR: HP9300ASBR(config)# router ospf HP9300ASBR(config-ospf-router)# permit redistribute 1 all HP9300ASBR(config-ospf-router)# write memory Syntax: deny | permit redistribute
PAGE 280
Configuring OSPF 6. Optionally, enter the IP address and mask if you want to filter the redistributed routes for a specific network range. 7. Optionally, enter the filter ID or accept the ID value in the Filter ID field. 8. Optionally, select the filter action, Deny or Permit. The default is Permit. 9. Optionally, select the types of routes the filter applies to in the Protocol section. You can select one of the following: • All (the default) • Static • RIP • BGP • Connected 10.
PAGE 281
Advanced Configuration and Management Guide Syntax: default-metric The can be from 1 – 16,777,215. The default is 10. USING THE WEB MANAGEMENT INTERFACE To modify the cost that is assigned to redistributed routes: 1. Log on to the device using a valid user name and password for read-write access. 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3.
PAGE 282
Configuring OSPF 5. Select the Enable radio button next to Redistribution. 6. Click the Apply button to apply the change to the device’s running-config file. 7. Select the Save link at the bottom of the dialog, then select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory.
PAGE 283
Advanced Configuration and Management Guide Disable or Re-enable Load Sharing HP routing switches can load share among up to eight equal-cost IP routes to a destination. By default, IP load sharing is enabled. The default is 4 equal-cost paths but you can specify from 2 – 8 paths. The routing switch software can use the route information it learns through OSPF to determine the paths and costs. Figure 8.8 shows an example of an OSPF network containing multiple paths to a destination (in this case, R1).
PAGE 284
Configuring OSPF Configure External Route Summarization When the routing switch is an OSPF Autonomous System Boundary Router (ASBR), you can configure it to advertise one external route as an aggregate for all redistributed routes that are covered by a specified address range. When you configure an address range, the range takes effect immediately. All the imported routes are summarized according to the configured address range.
PAGE 285
Advanced Configuration and Management Guide USING THE WEB MANAGEMENT INTERFACE You cannot configure OSPF route summarization using the Web management interface. Configure Default Route Origination When the routing switch is an OSPF Autonomous System Boundary Router (ASBR), you can configure it to automatically generate a default external route into an OSPF routing domain. This feature is called “default route origination” or “default information origination”.
PAGE 286
Configuring OSPF Modify SPF Timers The routing switch uses the following timers when calculating the shortest path for OSPF routes: • SPF delay - When the routing switch receives a topology change, the software waits before it starts a Shortest Path First (SPF) calculation. By default, the software waits five seconds. You can configure the SPF delay to a value from 0 – 65535 seconds.
PAGE 287
Advanced Configuration and Management Guide 6. Click the Apply button to save the change to the device’s running-config file. 7. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. Modify Administrative Distance HP routing switches can learn about networks from various protocols, including Border Gateway Protocol version 4 (BGP4), RIP, and OSPF.
PAGE 288
Configuring OSPF The pacing interval, which is the interval at which the routing switch refreshes an accumulated group of LSAs, is configurable to a range from 10 – 1800 seconds (30 minutes). The default is 240 seconds (four minutes). Thus, every four minutes, the routing switch refreshes the group of accumulated LSAs and sends the group together in the same packet(s). Usage Guidelines The pacing interval is inversely proportional to the number of LSAs the routing switch is refreshing and aging.
PAGE 289
Advanced Configuration and Management Guide • virtual-interface-receive-bad-packet-trap [MIB object: ospfVirtIfRxBadPacket] • interface-retransmit-packet-trap [MIB object: ospfTxRetransmit] • virtual-interface-retransmit-packet-trap [MIB object: ospfVirtIfTxRetransmit] • originate-lsa-trap [MIB object: ospfOriginateLsa] • originate-maxage-lsa-trap [MIB object: ospfMaxAgeLsa] • link-state-database-overflow-trap [MIB object: ospfLsdbOverflow] • link-state-database-approaching-overflo
PAGE 290
Configuring OSPF 5. Select Disable next to RFC 1583. 6. Click the Apply button to save the change to the device’s running-config file. 7. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. Modify Exit Overflow Interval If a database overflow condition occurs on a routing switch, the routing switch eliminates the condition by removing entries that originated on the routing switch.
PAGE 291
Advanced Configuration and Management Guide The indicates the number of OSPF routes allowed and can be from 4000 – 32000. The change takes effect after the routing switch is rebooted. USING THE WEB MANAGEMENT INTERFACE You cannot modify the maximum number of OSPF routes using the Web management interface. Modify LSDB Limits NOTE: This section applies only to devices that are running software earlier than release 07.1.10. See “Dynamic OSPF Memory” on page 8-6.
PAGE 292
Configuring OSPF 7. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. Displaying OSPF Information You can use CLI commands and Web management options to display the following OSPF information: • Trap, area, and interface information – see “Displaying General OSPF Configuration Information” on page 8 39. • Area information – see “Displaying OSPF Area Information” on page 8-40.
PAGE 293
Advanced Configuration and Management Guide Link State Database Approaching Overflow Trap: Enabled OSPF Area currently defined: Area-ID Area-Type Cost 0 normal 0 OSPF Interfaces currently defined: Ethernet Interface: 3/1-3/2 ip ospf md5-authentication-key-activation-wait-time 300 ip ospf cost 0 ip ospf area 0 Ethernet Interface: v1 ip ospf md5-authentication-key-activation-wait-time 300 ip ospf cost 0 ip ospf area 0 Syntax: show ip ospf config USING THE WEB MANAGEMENT INTERFACE 1.
PAGE 294
Configuring OSPF Table 8.2: CLI Display of OSPF Area Information (Continued) This Field... Displays... Type The area type, which can be one of the following: • nssa • normal • stub Cost The area’s cost. SPFR The SPFR value. ABR The ABR number. ASBR The ABSR number. LSA The LSA number. Chksum(Hex) The checksum for the LSA packet. The checksum is based on all the fields in the packet except the age field. The routing switch uses the checksum to verify that the packet is not corrupted.
PAGE 295
Advanced Configuration and Management Guide Table 8.3: CLI Display of OSPF Neighbor Information (Continued) Field Description Pri The OSPF priority of the neighbor. The priority is used during election of the Designated Router (DR) and Backup designated Router (BDR). State The state of the conversation between the routing switch and the neighbor. This field can have one of the following values: • Down – The initial state of a neighbor conversation.
PAGE 296
Configuring OSPF 3. Click on the plus sign next to OSPF in the tree view to expand the list of OSPF option links. 4. Click on the Neighbor link. Displaying OSPF Interface Information To display OSPF interface information for the routing switch, use one of the following methods.
PAGE 297
Advanced Configuration and Management Guide Table 8.4: CLI Display of OSPF Route Information (Continued) This Field... Displays... Mask The network mask for the route. Path_Cost The cost of this route path. (A route can have multiple paths. Each path represents a different exit port for the routing switch.) Type2_Cost The type 2 cost of this path. Path_Type The type of path, which can be one of the following: • Inter – The path to the destination passes into another area.
PAGE 298
Configuring OSPF USING THE WEB MANAGEMENT INTERFACE You cannot display the OSPF route table using the Web management interface. Displaying OSPF External Link State Information To display external link state information for the routing switch, use one of the following methods. USING THE CLI To display external link state information, enter the following command at any CLI level: HP9300> show ip ospf database external-link-state Ospf ext link-state by router ID 130.130.130.
PAGE 299
Advanced Configuration and Management Guide USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-only or read-write access. The System configuration panel is displayed. 2. Click on the plus sign next to Monitor in the tree view to expand the list of monitoring options. 3. Click on the plus sign next to OSPF in the tree view to expand the list of OSPF option links. 4. Click on the External Link State DB link.
PAGE 300
Configuring OSPF For example, to determine an external LSA’s index number, enter the following command: HP9300> show ip ospf external-link-state Index 1 2 3 4 5 Aging 1332 1325 1330 1333 1338 LS ID 130.132.81.208 130.132.116.192 130.132.88.112 130.132.75.48 130.132.46.224 Router 130.130.130.241 130.130.130.241 130.130.130.241 130.130.130.241 130.130.130.
PAGE 301
Advanced Configuration and Management Guide Displaying OSPF ABR and ASBR Information To display OSPF ABR and ASBR information for the routing switch, use one of the following methods. USING THE CLI To display OSPF ABR and ASBR information, enter the following command at any CLI level: HP9300> show ip ospf border-routers Syntax: show ip ospf border-routers [] The parameter displays the ABR and ASBR entries for the specified IP address. USING THE WEB MANAGEMENT INTERFACE 1.
PAGE 302
Chapter 9 Configuring IP Multicast Protocols This chapter describes how to configure HP routing switches for Protocol Independent Multicast (PIM) and Distance Vector Multicast Routing Protocol (DVMRP). HP routing switches support RFC 1075 for DVMRP and PIM Dense (PIM-DM). They also support RFC 2362 for PIM Sparse (PIM-SM). NOTE: Each of the multicast protocols uses Internet Group Membership Protocol (IGMP).
PAGE 303
Advanced Configuration and Management Guide Upstream: Represents the direction from which a router receives multicast data packets. An upstream router is a node that sends multicast packets. Downstream: Represents the direction to which a router forwards multicast data packets. A downstream router is a node that receives multicast packets from upstream transmissions. Group Presence: Means that a multicast group has been learned from one of the directly connected interfaces.
PAGE 304
Configuring IP Multicast Protocols USING THE WEB MANAGEMENT INTERFACE To modify the default value for the IGMP query interval: 1. Log on to the device using a valid user name and password for read-write access. The System configuration panel is displayed. 2. Click on the plus sign next to Configure in the tree view to display the configuration options. 3. Click on the plus sign next to DVMRP in the tree view to display the DVMRP configuration options. 4.
PAGE 305
Advanced Configuration and Management Guide Enabling Hardware Forwarding for all Fragments of IP Multicast Packets By default, an HP routing switch forwards the first fragment of a fragmented IP multicast packet through hardware, but forwards the remaining fragments through the software. You can enable the device to forward all the fragments of fragmented IP multicast packet through hardware. NOTE: This feature applies only to routing switches, not to switches.
PAGE 306
Configuring IP Multicast Protocols For example, in Figure 9.1 the sender with address 207.95.5.1 is sending multicast packets to the group 229.225.0.1. If a PIM router receives any groups other than that group, the router discards the group and sends a prune message to the upstream PIM router. In Figure 9.2, Router R5 is a leaf node with no group members in its IGMP database. Therefore, the router must be pruned from the multicast tree.
PAGE 307
Advanced Configuration and Management Guide Video Conferencing Server (207.95.5.1, 229.225.0.1) (Source, Group) 229.225.0.1 Group Member Group Member 229.225.0.1 Group Group Member Member Group Member ... R2 R3 R1 Leaf Node Prune Message sent to upstream router (R4) R4 ... R6 R5 Leaf Node ... Interrmediate Node (No Group Members) Leaf Node (No Group Members) Group Group Member Member Group Member 229.225.0.1 Figure 9.
PAGE 308
Configuring IP Multicast Protocols Configuring PIM NOTE: This section describes how to configure the “dense” mode of PIM, described in RFC 1075. See “Configuring PIM Sparse” on page 9-13 for information about configuring PIM Sparse. Enabling PIM on the Routing Switch and an Interface By default, PIM is disabled. To enable PIM: • Enable the feature globally. • Configure the IP interfaces that will use PIM. • Enable PIM locally on the ports that contain the IP interfaces you are using for PIM.
PAGE 309
Advanced Configuration and Management Guide 8. If you are configuring an IP Tunnel, enter the IP address of the destination interface, the end point of the IP Tunnel, in the Remote Address field. IP tunneling must also be enabled and defined on the destination router interface as well. NOTE: The Remote Address field applies only to tunnel interfaces, not to sub-net interfaces. 9. Modify the time to live threshold (TTL) if necessary.
PAGE 310
Configuring IP Multicast Protocols 5. Enter a value from 10 – 3600 into the Neighbor Router Timeout field. 6. Click the Apply button to save the change to the device’s running-config file. 7. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. Modifying Hello Timer This parameter defines the interval at which periodic hellos are sent out PIM interfaces.
PAGE 311
Advanced Configuration and Management Guide A prune state is maintained until the prune timer expires or a graft message is received for the forwarding entry. The default value is 180 seconds. USING THE CLI To set the PIM prune timer to 90, enter the following: HP9300(config)# router pim HP9300(config-pim-router)# prune-timer 90 Syntax: prune-timer <10-3600> The default is 180 seconds. USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access.
PAGE 312
Configuring IP Multicast Protocols Modifying Inactivity Timer The routing switch deletes a forwarding entry if the entry is not used to send multicast packets. The PIM inactivity timer defines how long a forwarding entry can remain unused before the routing switch deletes it.
PAGE 313
Advanced Configuration and Management Guide 8. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. PIM Sparse Overview Software release 06.6.X adds support for Protocol Independent Multicast (PIM) Sparse version 2. PIM Sparse provides multicasting that is especially suitable for widely distributed multicast environments. The HP implementation is based on RFC 2362.
PAGE 314
Configuring IP Multicast Protocols • BSR – The Bootstrap Router (BSR) distributes RP information to the other PIM Sparse routers within the domain. Each PIM Sparse domain has one active BSR. For redundancy, you can configure ports on multiple routers as candidate BSRs. The PIM Sparse protocol uses an election process to select one of the candidate BSRs as the BSR for the domain. The BSR with the highest BSR priority (a user-configurable parameter) is elected.
PAGE 315
Advanced Configuration and Management Guide • Configure the following interface parameters: • Configure an IP address on the interface • Enable PIM Sparse. • Identify the interface as a PIM Sparse border, if applicable. NOTE: You cannot configure an HP routing interface as a PMBR interface for PIM Sparse in the current software release. • Configure the following IPM Sparse global parameters: • Identify the routing switch as a candidate PIM Sparse Bootstrap Router (BSR), if applicable.
PAGE 316
Configuring IP Multicast Protocols Syntax: [no] ip pim-sparse The commands in this example add an IP interface to port 2/2, then enable PIM Sparse on the interface. If the interface is on the border of the PIM Sparse domain, you also must enter the following command: HP9300(config-if-2/2)# ip pim border Syntax: [no] ip pim border NOTE: You cannot configure an HP routing interface as a PMBR interface for PIM Sparse in the current software release.
PAGE 317
Advanced Configuration and Management Guide By default, this command configures the routing switch as a candidate RP for all group numbers beginning with 224. As a result, the routing switch is a candidate RP for all valid PIM Sparse group numbers. You can change this by adding or deleting specific address ranges. The following example narrows the group number range for which the routing switch is a candidate RP by explicitly adding a range. HP9300(config-pim-router)# rp-candidate add 224.126.0.
PAGE 318
Configuring IP Multicast Protocols Changing the Shortest Path Tree (SPT) Threshold In a typical PIM Sparse domain, there may be two or more paths from a DR (designated router) for a multicast source to a PIM group receiver. • Path through the RP – This is the path the routing switch uses the first time it receives traffic for a PIM group. However, the path through the RP may not be the shortest path from the routing switch to the receiver.
PAGE 319
Advanced Configuration and Management Guide USING THE WEB MANAGEMENT INTERFACE You cannot configure PIM Sparse parameters using the Web management interface.
PAGE 320
Configuring IP Multicast Protocols This display shows the following information. This Field... Displays... Global PIM Sparse mode settings Hello interval How frequently the routing switch sends PIM Sparse hello messages to its PIM Sparse neighbors. This field show the number of seconds between hello messages. PIM Sparse routers use hello messages to discover one another.
PAGE 321
Advanced Configuration and Management Guide This Field... Displays... TTL Threshold Following the TTL threshold value, the interface state is listed. The interface state can be one of the following: Local Address • Disabled • Enabled Indicates the IP address configured on the port or virtual interface. USING THE WEB MANAGEMENT INTERFACE You cannot display PIM Sparse information using the Web management interface.
PAGE 322
Configuring IP Multicast Protocols Next bootstrap message in 00:00:20 Next Candidate-RP-advertisement in 00:00:10 RP: 207.95.7.1 group prefixes: 224.0.0.0 / 4 Candidate-RP-advertisement period: 60 This example show information displayed on a routing switch that has been elected as the BSR. The following example shows information displayed on a routing switch that is not the BSR. Notice that some fields shown in the example above do not appear in the example below.
PAGE 323
Advanced Configuration and Management Guide This Field... Displays... RP Indicates the IP address of the Rendezvous Point (RP). Note: This field appears only if this routing switch is the BSR. group prefixes Indicates the multicast groups for which the RP listed by the previous field is a candidate RP. Note: This field appears only if this routing switch is the BSR. Candidate-RP-advertisement period Indicates how frequently the BSR sends candidate RP advertisement messages.
PAGE 324
Configuring IP Multicast Protocols This Field... Displays... Candidate-RP-advertisement period Indicates how frequently the BSR sends candidate RP advertisement messages. Note: This field appears only if this routing switch is a candidate RP. USING THE WEB MANAGEMENT INTERFACE You cannot display PIM Sparse information using the Web management interface. Displaying RP-to-Group Mappings To display RP-to-group mappings, use the following CLI method.
PAGE 325
Advanced Configuration and Management Guide This display shows the following information. This Field... Displays... RP Indicates the IP address of the Rendezvous Point (RP) for the specified PIM Sparse group. Following the IP address is the port or virtual interface through which this routing switch learned the identity of the RP. Info source Indicates the IP address on which the RP information was received.
PAGE 326
Configuring IP Multicast Protocols Displaying Multicast Neighbor Information To display information about the routing switch’s IP Multicast neighbors, use either of the following methods. USING THE CLI To display information about the routing switch’s PIM neighbors, enter the following command at any CLI level: HP9300(config-pim-router)# show ip pim nbr Port Neighbor e3/8 207.95.8.10 Port Neighbor v1 207.95.6.
PAGE 327
Advanced Configuration and Management Guide HP9300(config-pim-router)# show ip pim flowcache 1 2 3 4 Source 209.157.24.162 209.157.24.162 209.157.24.162 209.157.24.162 Group 239.255.162.1 239.255.162.1 239.255.162.1 239.255.162.1 Parent v2 v2 v2 v2 CamFlags 00000700 00000700 00000700 00000700 CamIndex 2023 201b 201d 201e Fid Flags 00004411 F 00004411 F 00004411 F 00004411 F Syntax: show ip pim flowcache This display shows the following information. This Field... Displays...
PAGE 328
Configuring IP Multicast Protocols This display shows the following information. This Field... Displays... (, ) The comma-separated values in parentheses is a source-group pair. The is the PIM source for the multicast . For example, the following entry means source 209.157.24.162 for group 239.255.162.1: (209.157.24.162,239.255.162.1) If the value is * (asterisk), this cache entry uses the RP path. The * value means “all sources”.
PAGE 329
Advanced Configuration and Management Guide This Field... Displays... prune ports Indicates the physical ports on which the routing switch has received a prune notification (in a Join/Prune message) to remove the receiver from the list of recipients for the group. virtual prune ports Indicates the virtual interfaces ports on which the routing switch has received a prune notification (in a Join/Prune message) to remove the receiver from the list of recipients for the group.
PAGE 330
Configuring IP Multicast Protocols This Field... Displays... RegStop The number of Register Stop messages sent or received on the interface. Assert The number of Assert messages sent or received on the interface. Total Recv/Xmit The total number of IGMP messages sent and received by the routing switch. Total Discard/chksum The total number of IGMP messages discarded, including a separate counter for those that failed the checksum comparison.
PAGE 331
Advanced Configuration and Management Guide PIM Sparse Domain 2 PIM Sparse Domain 1 Designated Router (DR) Rendezvous Point (RP) 2. RP sends SA message through MSDP to its MSDP peers in other PIM Sparse domains. Rendezvous Point (RP) 206.251.17.41 3. RP that receives the SA floods the SA to all its MSDP peers, except the one that sent the SA. Source Advertisement message 206.251.14.22 Source for Group 232.1.0.95 1. DR receives traffic from source and registers source with RP.
PAGE 332
Configuring IP Multicast Protocols PIM Sparse RPF tree to send the message to its peers within the tree. In Figure 9.4, the MSDP router floods the Source Active message it receives from its peer in domain 1 to its other peers, in domains 3 and 4. Note that the MSDP router in domain 2 does not forward the Source Active back to its peer in domain 1, because that is the peer from which the router received the message. An MSDP router never sends a Source Active message back to the peer that sent it.
PAGE 333
Advanced Configuration and Management Guide Configuring MSDP Peers Use the following CLI method to configure an MSDP peer. USING THE CLI To configure an MSDP peer, enter a command such as the following at the MSDP configuration level. HP9300(config-msdp-router)# msdp-peer 205.216.162.1 Syntax: [no] msdp-peer USING THE WEB MANAGEMENT INTERFACE You cannot configure MSDP using the Web management interface.
PAGE 334
Configuring IP Multicast Protocols MSDP Summary Information (Continued) This Field... Displays...
PAGE 335
Advanced Configuration and Management Guide MSDP Peer Information This Field... Displays... Total number of MSDP peers The number of MSDP peers configured on the routing switch IP Address The IP address of the peer’s interface with the routing switch State The state of the MSDP router’s connection with the peer. The state can be one of the following: • CONNECTING – The session is in the active open state. • ESTABLISHED – The MSDP session is fully up. • INACTIVE – The session is idle.
PAGE 336
Configuring IP Multicast Protocols MSDP Peer Information (Continued) This Field... Displays... Notification Message Error Code Received If the MSDP router receives a NOTIFICATION messages from the neighbor, the message contains an error code corresponding to one of the following errors. Some errors have subcodes that clarify the reason for the error. Where applicable, the subcode messages are listed underneath the error code messages.
PAGE 337
Advanced Configuration and Management Guide MSDP Peer Information (Continued) This Field... Displays... TCP Statistics TCP connection state The state of the connection with the neighbor. The connection can have one of the following states: • LISTEN – Waiting for a connection request. • SYN-SENT – Waiting for a matching connection request after having sent a connection request.
PAGE 338
Configuring IP Multicast Protocols MSDP Peer Information (Continued) This Field... Displays... ReTrans The number of sequence numbers that the MSDP router retransmitted because they were not acknowledged. IRcvSeq The initial receive sequence number for the session. RcvNext The next sequence number expected from the neighbor. RcvWnd The size of the receive window. TotalRcv The number of sequence numbers received from the neighbor. RcvQue The number of sequence numbers in the receive queue.
PAGE 339
Advanced Configuration and Management Guide MSDP Source Active Cache (Continued) This Field... Displays... RP The RP through which receivers can access the group traffic from the source Age The number of seconds the entry has been in the cache USING THE WEB MANAGEMENT INTERFACE You cannot display MSDP information using the Web management interface.
PAGE 340
Configuring IP Multicast Protocols DVMRP Overview HP routing switches provide multicast routing with the Distance Vector Multicast Routing Protocol (DVMRP) routing protocol. DVMRP uses Internet Group Membership Protocol (IGMP) to manage the IP multicast groups. DVMRP is a broadcast and pruning multicast protocol that delivers IP multicast datagrams to its intended receivers. The receiver registers the interested groups using IGMP. DVMRP builds a multicast delivery tree with the sender forming the root.
PAGE 341
Advanced Configuration and Management Guide Video Conferencing Server (207.95.5.1, 229.225.0.1) (Source, Group) 229.225.0.1 Group Member Group Member 229.225.0.1 Group Group Member Member Group Member ... R1 R2 R3 Leaf Node R4 ... R6 R5 Leaf Node Leaf Node (No Group Members) ... Interrmediate Node (No Group Members) Group Group Member Member 229.225.0.1 Figure 9.
PAGE 342
Configuring IP Multicast Protocols Video Conferencing Server (207.95.5.1, 229.225.0.1) (Source, Group) 229.225.0.1 Group Member Group Member 229.225.0.1 Group Group Member Member Group Member ... R2 R3 R1 Leaf Node Prune Message sent to upstream router (R4) R4 ... R6 R5 Leaf Node ... Interrmediate Node (No Group Members) Leaf Node (No Group Members) Group Group Member Member Group Member 229.225.0.1 Figure 9.
PAGE 343
Advanced Configuration and Management Guide Configuring DVMRP Enabling DVMRP on the Routing Switch and Interface Suppose you want to initiate the use of desktop video for fellow users on a sprawling campus network. All destination workstations have the appropriate hardware and software but the routing switches that connect the various buildings need to be configured to support DVMRP multicasts from the designated video conference server as seen in Figure 9.5.
PAGE 344
Configuring IP Multicast Protocols 11. Click Enable or Disable next to Encapsulation to enable or disable the feature. 12. Click the Add button to save the change to the device’s running-config file. 13. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. 14. Click on the plus sign next to Command in the tree view to list the command options. 15.
PAGE 345
Advanced Configuration and Management Guide 5. Enter a value from 40 – 8000 into the Neighbor Router Timeout field. 6. Click the Apply button to save the change to the device’s running-config file. 7. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. Modifying Route Expires Time The Route Expire Time defines how long a route is considered valid in the absence of the next route update.
PAGE 346
Configuring IP Multicast Protocols HP9300(config-dvmrp-router)# route-discard-timeout 150 Syntax: route-discard-timeout <40-8000> USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3. Click on the plus sign next to DVMRP in the tree view to expand the list of DVMRP option links. 4.
PAGE 347
Advanced Configuration and Management Guide 3. Click on the plus sign next to DVMRP in the tree view to expand the list of DVMRP option links. 4. Click on the General link to display the DVMRP configuration panel. 5. Enter a value from 5 – 3600 in the Graft Retransmit Time field. 6. Click the Apply button to save the change to the device’s running-config file. 7. Select the Save link at the bottom of the dialog.
PAGE 348
Configuring IP Multicast Protocols Modifying Trigger Interval The Trigger Interval defines how often trigger updates, which reflect changes in the network topology, are sent. Example changes in a network topology include router up or down or changes in the metric. Possible values are from 5 – 30 seconds. The default value is 5 seconds.
PAGE 349
Advanced Configuration and Management Guide Modifying the TTL The TTL defines the minimum value required in a packet in order for the packet to be forwarded out the interface. For example, if the TTL for an interface is set at 10 it means that only those packets with a TTL value of 10 or more are forwarded. Likewise, if an interface is configured with a TTL Threshold value of 1, all packets received on that interface are forwarded. Possible values are from 1 – 64. The default value is 1.
PAGE 350
Configuring IP Multicast Protocols 8. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. NOTE: You also can access the dialog for saving configuration changes by clicking on Command in the tree view, then clicking on Save to Flash. Enabling Advertising You can turn the advertisement of a local route on (enable) or off (disable) on the interface. By default, advertising is enabled.
PAGE 351
Advanced Configuration and Management Guide 6. Select Enable next to Encapsulation. 7. Click the Add button to save the changes to the device’s running-config file. 8. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. Configuring an IP Tunnel IP tunnels are used to send traffic through routers that do not support PIM or DVMRP multicasting.
PAGE 352
Configuring IP Multicast Protocols 4. Click on the Virtual Interface link to display the DVMRP Interface configuration panel. NOTE: If the device already has DVMRP interfaces, a table listing the interfaces is displayed. Click the Modify button to the right of the row describing an interface to change its configuration, or click the Add Virtual Interface link to display the DVMRP Interface configuration panel. 5. Select the interface type. You can select Subnet or Tunnel. In this case, select Tunnel.
PAGE 353
Advanced Configuration and Management Guide NOTE: In IP multicasting, a route is handled in terms of its source, rather than its destination. You can use the ethernet parameter to specify a physical port or the ve parameter to specify a virtual interface. The distance parameter sets the administrative distance for the route. When comparing multiple paths for a route, the routing switch prefers the path with the lower administrative distance.
PAGE 354
Configuring IP Multicast Protocols PIM router D 9.9.9.101 e6/14 Client Multicast group 239.255.162.1 e4/11 207.95.6.1 PIM router A e1/2 207.95.6.2 e2/3 207.95.7.2 PIM router C PIM router B e1/4 207.95.7.1 e1/5 207.95.8.10 e3/19 e3/11 209.157.24.62 8.8.8.164 Server Client Multicast group 239.255.162.1 Figure 9.8 e1/8 207.95.8.1 Multicast group 239.255.162.
PAGE 355
Advanced Configuration and Management Guide Tracing the route for tree 209.157.23.188 0 0 1 2 3 207.95.7.2 207.95.7.2 Thresh 0 207.95.7.1 Thresh 0 207.95.8.1 Thresh 0 207.157.24.62 Syntax: mtrace source group The source parameter specifies the address of the route’s source. NOTE: In IP multicasting, a route is handled in terms of its source, rather than its destination.
PAGE 356
Configuring IP Multicast Protocols Displaying Another Multicast Router’s Multicast Configuration The HP implementation of Mrinfo is based on the DVMRP Internet draft by T. Pusateri, but applies to PIM and not to DVMRP. To display the PIM configuration of another PIM router, use the following CLI method. NOTE: This feature is not supported for DVMRP. USING THE CLI To display another PIM router’s PIM configuration, enter a command such as the following: HP9300# mrinfo 207.95.8.1 207.95.8.1 -> 207.95.8.
PAGE 357
Advanced Configuration and Management Guide 9 - 56
PAGE 358
Chapter 10 Configuring BGP4 This chapter provides details on how to configure Border Gateway Protocol version 4 (BGP4) on HP products using the CLI and the Web management interface. BGP4 is supported on the following HP products: • HP 9308M and HP 9304M routing switches • HP 6308M-SX routing switch NOTE: BGP4 is not supported on the HP 6208M-SX. BGP4 is described in RFC 1771. The HP implementation fully complies with RFC 1771.
PAGE 359
Advanced Configuration and Management Guide networks that share the same routing and administration characteristics. For example, a corporate intranet consisting of several networks under common administrative control might be considered an AS. The networks in an AS can but do not need to run the same routing protocol to be in the same AS, nor do they need to be geographically close.
PAGE 360
Configuring BGP4 “AS_PATH”.) • Additional path attributes – A list of additional parameters that describe the route. The route origin and next hop are examples of these additional path attributes. NOTE: The routing switch re-advertises a learned best BGP4 route to the routing switch’s neighbors even when the software does not also select that route for installation in the IP route table.
PAGE 361
Advanced Configuration and Management Guide • 7. INCOMPLETE is highest If the routes have the same origin type, prefer the route with the lowest MED. NOTE: If the path does not have the MED attribute, HP’s BGP4 uses zero as the MED value for the comparison. 8. 9.
PAGE 362
Configuring BGP4 routing switch does not have a loopback interface, the default router ID is the lowest numbered IP address configured on the device. For more information or to change the router ID, see “Changing the Router ID” on page 6-25. • Parameter list – An optional list of additional parameters used in peer negotiation with BGP4 neighbors. UPDATE Message After BGP4 neighbors establish a BGP4 connection over TCP and exchange their BGP4 routing tables, they do not send periodic routing updates.
PAGE 363
Advanced Configuration and Management Guide Basic Configuration and Activation for BGP4 BGP4 is disabled by default. To enable BGP4 and place your HP routing switch into service as a BGP4 router, you must perform at least the following steps: 1. Enable the BGP4 protocol. 2. Set the local AS number. NOTE: You must specify the local AS number. BGP4 is not functional until you specify the local AS number. 3. Add each BGP4 neighbor (peer BGP4 router) and identify the AS the neighbor is in. 4.
PAGE 364
Configuring BGP4 HP9300(config-bgp-router)# no router bgp router bgp mode now disabled. All bgp config data will be lost when writing to flash! The Web management interface does not display a warning message.
PAGE 365
Advanced Configuration and Management Guide • Optional – Define IP prefix lists. • Optional – Define neighbor distribute lists. • Optional – Define BGP4 route maps for filtering routes redistributed into RIP and OSPF. • Optional – Define route flap dampening parameters. NOTE: When using CLI, you set global level parameters at the BGP CONFIG Level of the CLI. You can reach the BGP CONFIG level by entering router bgp… at the global CONFIG level.
PAGE 366
Configuring BGP4 When Parameter Changes Take Effect Some parameter changes take effect immediately while others do not take full effect until the router’s sessions with its neighbors are closed, then restarted. Some parameters do not take effect until the router is rebooted. Immediately The following parameter changes take effect immediately: • Enable or disable BGP. • Set or change the local AS. • Add neighbors. • Disable or enable fast external fallover.
PAGE 367
Advanced Configuration and Management Guide Table 10.1: Maximum Memory Usage Platform Maximum Memory BGP4 Can Use Management module with 32 MB 7 MB Note: This amount also applies to HP 6308M-SX routing switches with 32 MB. Redundant Management module with 128 MB 62 MB The memory amounts listed in the table are for all BGP4 data, including routes received from neighbors, BGP route advertisements (routes sent to neighbors), and BGP route attribute entries.
PAGE 368
Configuring BGP4 12. Optionally enable automatic summarization of subnets at the classical IP boundaries (classes A, B, and C). 13. Optionally aggregate routes in the BGP4 route table into CIDR blocks. 14. Optionally configure the routing switch as a BGP4 route reflector. 15. Optionally configure the routing switch as a member of a BGP4 confederation. 16. Optionally change the default metric for routes that BGP4 redistributes into RIP or OSPF. 17.
PAGE 369
Advanced Configuration and Management Guide • • Loopback interface 1, 9.9.9.9/24 • Loopback interface 2, 4.4.4.4/24 • Loopback interface 3, 1.1.1.1/24 If the device does not have any loopback interfaces, the default router ID is the lowest numbered IP interface configured on the device, as in earlier software releases. NOTE: HP routing switches use the same router ID for both OSPF and BGP4.
PAGE 370
Configuring BGP4 USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration panel is displayed. 2. Select the Enable radio button next to BGP. 3. Enter the local AS number in the Local AS field. 4. Click the Apply button to apply the changes to the device’s running-config file. 5. Select the Save link at the bottom of the dialog.
PAGE 371
Advanced Configuration and Management Guide 7. Click on Configure in the tree view to display the configuration options. 8. Click on IP to display the IP configuration options. 9. Select the Add IP Address link to display the Router IP Address panel. 10. Select the loopback interface from the Port field’s pulldown menu. For example, to select loopback interface 1, select “lb1”. (If you are configuring a Chassis device, you can have any slot number in the Slot field.
PAGE 372
Configuring BGP4 advertisement-interval specifies the minimum delay (in seconds) between messages to the specified neighbor. The default is 30 for EBGP neighbors (neighbors in other ASs). The default is 5 for IBGP neighbors (neighbors in the same AS). The range is 0 – 600. NOTE: The routing switch applies the advertisement interval only under certain conditions. The routing switch does not apply the advertisement interval when sending initial updates to a BGP4 neighbor.
PAGE 373
Advanced Configuration and Management Guide prefix-list specifies an IP prefix list. You can use IP prefix lists to control routes to and from the neighbor. IP prefix lists are an alternative method to AS-path filters. You can configure up to 1000 prefix list filters. The filters can use the same prefix list or different prefix lists. To configure an IP prefix list, see “Defining IP Prefix Lists” on page 10-55. remote-as specifies the AS the remote neighbor is in.
PAGE 374
Configuring BGP4 1. Enter the neighbor’s IP address in the IP Address field. 2. Enter a description in the Description field. 3. Select Enable next to Default Originate if you want to enable this feature for the neighbor. By default, the routing switch does not advertise a default route using BGP4. A BGP4 default route is the IP address 0.0.0.0 and the route prefix 0 or network mask 0.0.0.0. For example, 0.0.0.0/0 is a default route. 4.
PAGE 375
Advanced Configuration and Management Guide 10. Select Enable next to Client To Client Reflection if this neighbor is a route-reflector client of the routing switch. Use the parameter only if this routing switch is going to be a route reflector. For information, see “Configuring Route Reflection Parameters” on page 10-33. This option is disabled by default. 11. Select Enable next to Shutdown if you want to administratively shut down the session with this neighbor.
PAGE 376
Configuring BGP4 Adding a BGP4 Peer Group A peer group is a set of BGP4 neighbors that share common parameters. Peer groups provide the following benefits: • Simplified neighbor configuration – You can configure a set of neighbor parameters and then apply them to multiple neighbors. You do not need to individually configure the common parameters individually on each neighbor.
PAGE 377
Advanced Configuration and Management Guide Configuration Rules The following rules apply to peer group configuration: • You must configure a peer group before you can add neighbors to the peer group. • If you remove a parameter from a peer group, the value for that parameter is reset to the default for all the neighbors within the peer group, unless you have explicitly set that parameter on individual neighbors.
PAGE 378
Configuring BGP4 • If you add a parameter to a peer group that already contains neighbors, the parameter value is applied to neighbors that do not already have the parameter explicitly set. If a neighbor has the parameter explicitly set, the explicitly set value overrides the value you set for the peer group.
PAGE 379
Advanced Configuration and Management Guide Applying a Peer Group to a Neighbor After you configure a peer group, you can add neighbors to the group. When you add a neighbor to a peer group, you are applying all the neighbor attributes specified in the peer group to the neighbor. To add a neighbor to a peer group, use either of the following methods. USING THE CLI To add neighbors to a peer group, enter commands such as the following: HP9300(config-bgp-router)# neighbor 192.168.1.
PAGE 380
Configuring BGP4 The parameter specifies the IP address of the neighbor. USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration panel is displayed. 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3. Click on the plus sign next to BGP in the tree view to expand the list of BGP option links. 4.
PAGE 381
Advanced Configuration and Management Guide 3. Click on the plus sign next to BGP in the tree view to expand the list of BGP option links. 4. Click on the General link to display the BGP configuration panel, shown in Figure 10.2 on page 10-8. 5. Edit the number in the Keep Alive Time field. The Keep Alive Time can be 0 – 65535. 6. Edit the number in the Hold Time field. The Hold Time can be 0 or 3 – 65535 (1 and 2 are not allowed).
PAGE 382
Configuring BGP4 Changing the Maximum Number of Paths for BGP4 Load Sharing Load sharing enables the routing switch to balance traffic to a route across multiple equal-cost paths of the same type (EBGP or IBGP) for the route. To configure the routing switch to perform BGP4 load sharing: • Enable IP load sharing if it is disabled. • Set the maximum number of paths. The default maximum number of BGP4 load sharing paths is 1, which means no BGP4 load sharing takes place by default.
PAGE 383
Advanced Configuration and Management Guide NOTE: The maximum number of BGP4 load sharing paths cannot be greater than the maximum number of IP load sharing paths. To increase the maximum number of IP load sharing paths, use the ip load sharing command at the global CONFIG level of the CLI or use the # of Paths field next to Load Sharing on the IP configuration panel of the Web management interface.
PAGE 384
Configuring BGP4 USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration panel is displayed. 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3. Click on the plus sign next to BGP in the tree view to expand the list of BGP option links. 4. Click on the Network link.
PAGE 385
Advanced Configuration and Management Guide HP9300(config)# router bgp HP9300(config-bgp-router)# network 100.100.1.0/24 route-map set_net The first two commands in this example create a route map named “set_net” that sets the community attribute for routes that use the route map to “NO_EXPORT”. The next two commands change the CLI to the BGP4 configuration level. The last command configures a network for advertising from BGP4, and associates the “set_net” route map with the network.
PAGE 386
Configuring BGP4 7. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. Advertising the Default Information Originate By default, the routing switch does not originate and advertise a default route using BGP4. A BGP4 default route is the IP address 0.0.0.0 and the route prefix 0 or network mask 0.0.0.0. For example, 0.0.0.0/0 is a default route.
PAGE 387
Advanced Configuration and Management Guide 5. Change the number in the Default Metric field. You can enter a number from 0 – 4294967295. 6. Click the Apply button to apply the changes to the device’s running-config file. 7. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory.
PAGE 388
Configuring BGP4 USING THE CLI To change the default administrative distances for EBGP, IBGP, and Local BGP, enter a command such as the following: HP9300(config-bgp-router)# distance 180 160 40 Syntax: distance The sets the EBGP distance and can be a value from 1 – 255. The sets the IBGP distance and can be a value from 1 – 255.
PAGE 389
Advanced Configuration and Management Guide USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration panel is displayed. 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3. Click on the plus sign next to BGP in the tree view to expand the list of BGP option links. 4. Click on the General link to display the BGP configuration panel, shown in Figure 10.
PAGE 390
Configuring BGP4 NOTE: The auto summary feature summarizes only the routes that are redistributed from IGP into BGP4. NOTE: The auto summary feature does not summarize networks that use CIDR numbers instead of class A, B, or C numbers. To summarize CIDR networks, use the aggregation feature. See “Aggregating Routes Advertised to BGP4 Neighbors” on page 10-39.
PAGE 391
Advanced Configuration and Management Guide NOTE: Route reflection applies only among IBGP routers within the same AS. You cannot configure a cluster that spans multiple ASs. Figure 10.3 shows an example of a route reflector configuration. In this example, two routing switches are configured as route reflectors for the same cluster. The route reflectors provide redundancy in case one of the reflectors becomes unavailable.
PAGE 392
Configuring BGP4 Software release 07.1.10 and higher handles the attributes as follows: • The routing switch adds the attributes only if it is a route reflector, and only when advertising IBGP route information to other IBGP neighbors. The attributes are not used when communicating with EBGP neighbors. • A routing switch configured as a route reflector sets the ORIGINATOR_ID attribute to the router ID of the router that originated the route.
PAGE 393
Advanced Configuration and Management Guide USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration panel is displayed. 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3. Click on the plus sign next to BGP in the tree view to expand the list of BGP option links. 4. Click on the General link to display the BGP configuration panel, shown in Figure 10.
PAGE 394
Configuring BGP4 Figure 10.4 shows an example of a BGP4 confederation. Confederation 10 AS 20 Sub-AS 64512 IBGP Router B Router A EBGP EBGP Sub-AS 64513 This BGP4 router sees all traffic from Confederation 10 as traffic from AS 10. IBGP Router C Figure 10.4 Router D Routers outside the confederation do not know or care that the routers are subdivided into sub-ASs within a confederation.
PAGE 395
Advanced Configuration and Management Guide USING THE CLI To configure four routing switches to be a member of confederation 10, consisting of two sub-ASs (64512 and 64513), enter commands such as the following.
PAGE 396
Configuring BGP4 5. Enter the confederation ID in the Confederation ID field. The confederation ID must be different from the subAS numbers. You can specify a number from 1 – 65535. 6. Enter the AS numbers of the peers (sub-ASs) within the confederation in the Confederation Peers field. Separate the AS numbers with spaces. You must specify all the sub-ASs contained in the confederation. All the routers within the same sub-AS use IBGP to exchange router information.
PAGE 397
Advanced Configuration and Management Guide 3. Click on the plus sign next to BGP in the tree view to expand the list of BGP option links. 4. Click on the Aggregate Address link to display the BGP Aggregate Address configuration panel. • If the device does not have any BGP aggregate addresses configured, the BGP Aggregate Address configuration panel is displayed, as shown in the following example.
PAGE 398
Configuring BGP4 Modifying Redistribution Parameters By default, the router does not redistribute route information between BGP4 and the IP IGPs (RIP and OSPF). You can configure the router to redistribute OSPF routes, RIP routes, directly connected routes, or static routes into BGP4. The following subsections describe how to set redistribution parameters. Redistributing Routes by Route Type You can easily configure BGP4 to redistribute routes of a specific route type using the following methods.
PAGE 399
Advanced Configuration and Management Guide 5. Select the source of the routes you want to redistribute into BGP4. You can select RIP, OSPF, Static, or Connected (directly attached) routes. 6. Optionally enter a metric for the redistributed routes in the Metric field. You can specify a value from 0 – 4294967295. The default is 0. 7. Optionally select a route map from the Map field’s pulldown list. NOTE: The route map must already be defined.
PAGE 400
Configuring BGP4 The match internal | external1 | external2 parameter applies only to OSPF. This parameter specifies the types of OSPF routes to be redistributed into BGP4. USING THE WEB MANAGEMENT INTERFACE Use the procedure in “Redistributing RIP Routes” on page 10-41.
PAGE 401
Advanced Configuration and Management Guide Syntax: [no] bgp-redistribute-internal To disable redistribution of IBGP routes into RIP and OSPF, enter the following command: HP9300(config-bgp-router)# no bgp-redistribute-internal USING THE WEB MANAGEMENT INTERFACE You cannot configure this parameter using the Web management interface.
PAGE 402
Configuring BGP4 209.157.22.26 0.0.0.255, then save the changes to the startup-config file, the value appears as 209.157.22.0/24 (if you have enabled display of sub-net lengths) or 209.157.22.0 0.0.0.255 in the startup-config file. If you enable the software to display IP sub-net masks in CIDR format, the mask is saved in the file in “/” format. To enable the software to display the CIDR masks, enter the ip show-subnet-length command at the global CONFIG level of the CLI.
PAGE 403
Advanced Configuration and Management Guide 12. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. Filtering AS-Paths You can filter updates received from BGP4 neighbors based on the contents of the AS-path list accompanying the updates. For example, if you want to deny routes that have the AS 4.3.2.
PAGE 404
Configuring BGP4 • If BGP AS-path filters are already configured and you are adding a new one, click on the Add AS Path Filter link to display the BGP AS Path Filter configuration panel, as shown in the following example. • If you are modifying an existing BGP AS-path filter, click on the Modify button to the right of the row describing the filter to display the BGP AS Path Filter configuration panel, as shown in the following example. 5. Enter the filter ID in the ID field.
PAGE 405
Advanced Configuration and Management Guide The parameter specifies the AS path information you want to permit or deny to routes that match any of the match statements within the ACL. You can enter a specific AS number or use a regular expression. For the regular expression syntax, see “Using Regular Expressions” on page 10-49. The neighbor command uses the filter-list parameter to apply the AS-path ACL to the neighbor. See “Adding BGP4 Neighbors” on page 10-14.
PAGE 406
Configuring BGP4 NOTE: You cannot apply the AS path ACLs to a neighbor using the Web management interface. You must use the CLI. The AS Path Filter List for Weight field in the BGP Neighbor panel of the Web management interface is not used for AS path filtering, but is instead used for changing a route’s weight based on the AS path list. Using Regular Expressions You use a regular expression for the parameter to specify a single character or multiple characters as a filter pattern.
PAGE 407
Advanced Configuration and Management Guide Table 10.2: BGP4 Special Characters for Regular Expressions (Continued) Character Operation ^ A caret (when not used within brackets) matches on the beginning of an input string. For example, the following regular expression matches on an AS-path that begins with “jlampa”: ^jlampa $ A dollar sign matches on the end of an input string.
PAGE 408
Configuring BGP4 Table 10.2: BGP4 Special Characters for Regular Expressions (Continued) Character Operation () Parentheses allow you to create complex expressions. For example, the following complex expression matches on “abc”, “abcabc”, or “abcabcabcdefg”, but not on “abcdefgdefg”: ((abc)+)|((defg)?) If you want to filter for a special character instead of using the special character as described in Table 10.2 on page 10-49, enter “\” (backslash) in front of the character.
PAGE 409
Advanced Configuration and Management Guide NOTE: If the filter is referred to by a route map’s match statement, the filter is applied in the order in which the filter is listed in the match statement. The permit | deny parameter indicates the action the router takes if the filter match is true. • If you specify permit, the router permits the route into the BGP4 table if the filter match is true. • If you specify deny, the router denies the route from entering the BGP4 table if the filter match is true.
PAGE 410
Configuring BGP4 should not be advertised outside the sub-AS. This community type applies to confederations. • No Advertise – Filters for routes with the well-known community “NO_ADVERTISE”. A route in this community should not be advertised to any BGP4 neighbors. • No Export – Filters for routes with the well-known community “NO_EXPORT”. A route in this community should not be advertised to any BGP4 neighbors outside the local AS.
PAGE 411
Advanced Configuration and Management Guide USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration panel is displayed. 2. Click on the plus sign next to Configure in the tree view to display the list of configuration options. 3. Click on the plus sign next to IP to display the list of IP configuration options. 4. Select the Community Access List link.
PAGE 412
Configuring BGP4 Defining IP Prefix Lists An IP prefix list specifies a list of networks. When you apply an IP prefix list to a neighbor, the routing switch sends or receives only a route whose destination is in the IP prefix list. You can configure up to 100 prefix lists. The software interprets the prefix lists in order, beginning with the lowest sequence number.
PAGE 413
Advanced Configuration and Management Guide • If a prefix list ACL is already configured and you are adding a new one, click on the Add IP Prefix List link to display the IP Prefix List panel, as shown in the following example. NOTE: You cannot modify an IP prefix list ACL. Instead, you can delete and then re-add the ACL. To delete an ACL, click on the Delete button to the right of the row describing the ACL, then click on the Add IP Prefix List link. 5. Edit a name in the Name field. 6.
PAGE 414
Configuring BGP4 To apply the IP Prefix List to a neighbor, use the following procedure: 1. In the tree view, click on the plus sign next to BGP under Configure to display the list of BGP configuration options. 2. Select the Neighbor link to display the BGP Neighbor panel. 3. Select the Prefix List link to display the BGP Neighbor Prefix List panel, as shown in the following example. 4. Select the neighbor’s IP address from the IP Address field’s pulldown menu.
PAGE 415
Advanced Configuration and Management Guide NOTE: The command syntax shown above is new beginning with software release 06.6.X. However, the neighbor distribute-list in | out command (where the direction is specified before the filter number) is the same as in earlier software releases. Use the new syntax when you are using an IP ACL or IP prefix list with the distribute list. Use the old syntax when you are using a BGP4 address filter with the distribute list.
PAGE 416
Configuring BGP4 12. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. Defining Route Maps A route map is a named set of match conditions and parameter settings that the router can use to modify route attributes and to control redistribution of the routes into other protocols. A route map consists of a sequence of up to 50 instances.
PAGE 417
Advanced Configuration and Management Guide For example, when you configure parameters for redistributing routes into RIP, one of the optional parameters is a route map. If you specify a route map as one of the redistribution parameters, the router will match the route against the match statements in the route map. If a match is found and if the route map contains set statements, the router will set attributes in the route according to the set statements.
PAGE 418
Configuring BGP4 5. Enter the name of the route map in the Route Map Name field. 6. Enter the sequence (instance) number in the Sequence field. The routing switch applies the instances in ascending numerical order. Once an instance comparison results in a “true” evaluation, the routing switch stops applying instances and applies the match and set statements you configure for the instance. See “Specifying the Match Conditions” on page 10-61 and “Setting Parameters in the Routes” on page 10-66. 7.
PAGE 419
Advanced Configuration and Management Guide NOTE: The filters must already be configured. The community parameter specifies a community ACL. NOTE: The ACL must already be configured. The ip address | next-hop | prefix-list parameter specifies an ACL or IP prefix list. Use this parameter to match based on the destination network or next-hop gateway. To configure an IP ACL for use with this command, use the ip access-list command. See “Using Access Control Lists (ACLs)” on page 3-1.
PAGE 420
Configuring BGP4 12. Optionally enter an IP address against which you want to compare the route updates’ next-hop attribute. Enter the address in the Next Hop List field. Also select the checkbox in front of the field. 13. Optionally enter a tag value against which you want to compare the updates in the Tag List field. Also select the checkbox in front of the field. 14. Optionally enter a MED (metric) value against which you want to compare the route updates in the Metric field.
PAGE 421
Advanced Configuration and Management Guide 5. Enter the name of the route map in the Route Map Name field. 6. Enter the sequence (instance) number in the Sequence field. The routing switch applies the instances in ascending numerical order. Once an instance comparison results in a “true” evaluation, the routing switch stops applying instances and applies the match and set statements you configure for the instance. 7.
PAGE 422
Configuring BGP4 10. Select the type of ACL or filter you are adding as a match condition. You can select more than one ACL or filter type. In this example, select AS Path Access List. NOTE: IP prefix lists and neighbor distribute lists provide separate means for the same type of filtering. To simplify configuration, Hewlett-Packard recommends you use one method or the other but do not mix them. 11. Next to each type of ACL or filter you selected, enter the ACL or filter name or ID.
PAGE 423
Advanced Configuration and Management Guide USING THE CLI To construct a route map that matches based on the next-hop router, enter commands such as the following: HP9300(config)# route-map HopMap permit 1 HP9300(config-routemap HopMap)# match ip next-hop 2 Syntax: match ip next-hop Syntax: match ip next-hop prefix-list The parameter with the first command specifies an IP ACL and can be a number from 1 – 199 or the ACL name if it is a named ACL.
PAGE 424
Configuring BGP4 The metric [+ | - ] | none parameter sets the MED (metric) value for the route. The default MED value is 0. You can set the preference to a value from 0 – 4294967295. • set metric – Sets the route’s metric to the number you specify. • set metric + – Increases route’s metric by the number you specify. • set metric - – Decreases route’s metric by the number you specify.
PAGE 425
Advanced Configuration and Management Guide 16. Optionally enter a local preference in the Local Preference and also select the checkbox in front of the field. The default local preference is 100. You can set the preference to a value from 0 – 4294967295. 17. Optionally enter a metric (MED) in the Metric field and also select the checkbox in front of the field. The default MED value is 0. You can set the preference to a value from 0 – 4294967295. 18.
PAGE 426
Configuring BGP4 8. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. Configuring Route Flap Dampening A “route flap” is the change in a route’s state, from up to down or down to up. When a route’s state changes, the state change causes changes in the route tables of the routers that support the route.
PAGE 427
Advanced Configuration and Management Guide The parameter specifies the number of minutes after which the route’s penalty becomes half its value. The route penalty allows routes that have remained stable for a while despite earlier instability to eventually become eligible for use again. The decay rate of the penalty is proportional to the value of the penalty. After the half-life expires, the penalty decays to half its value.
PAGE 428
Configuring BGP4 1 – 20000 minutes. The default is four times the half-life setting. Thus, if you use the default half-life of 15 minutes, the maximum suppression time is 60 minutes. 10. Click the Apply button to apply the changes to the device’s running-config file. 11. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory.
PAGE 429
Advanced Configuration and Management Guide • If you are modifying an existing BGP address filter, click on the Modify button to the right of the row describing the filter to display the BGP Address Filter configuration panel, as shown in the following example. 5. Enter the filter ID in the ID field. You can specify a number from 1 – 100. 6.
PAGE 430
Configuring BGP4 14. Enter the name of the route map in the Route Map Name field. 15. Enter the sequence (instance) number in the Sequence field. The routing switch applies the instances in ascending numerical order. Once an instance comparison results in a “true” evaluation, the routing switch stops applying instances and applies the match and set statements you configure for the instance. NOTE: In this example, the sequence number matches the address filter number.
PAGE 431
Advanced Configuration and Management Guide 19. Click on the checkbox next to Address Filter to indicate that you are using an address filter as a match condition. 20. Enter the address filter number in the Address Filter field. 21. Click Apply to apply the changes to the device’s running-config file. 22. Select the Route Map Set link at the bottom of the panel to display the BGP Route Map Set panel, as shown in the following example.
PAGE 432
Configuring BGP4 23. Select the checkbox in the Dampening section to specify that this route map is setting dampening parameters. 24. Edit the value in the Half Life field to specify the half life you want this route map to set for routes that match the match conditions you specified above. 25. Edit the value in the Reuse field to specify the dampening reuse value you want this route map to set. 26. Edit the value in the Suppress field to specify the dampening suppress value you want this route map to set.
PAGE 433
Advanced Configuration and Management Guide Using a Route Map To Configure Route Flap Dampening for a Specific Neighbor You can use a route map to configure route flap dampening for a specific neighbor by performing the following tasks: • Configure an empty route map with no match or set statements. This route map does not specify particular routes for dampening but does allow you to enable dampening globally when you refer to this route map from within the BGP configuration level.
PAGE 434
Configuring BGP4 NOTE: If the device already has route maps, a table listing the route maps is displayed. Click the Modify button to the right of the row describing the route map to change its configuration, or click the Add Route Map Filter link to display the BGP Route Map Filter panel. 5. Enter the name of the route map in the Route Map Name field. In this example, enter the name DAMPENING_MAP_ENABLE for the “empty” route map that you will use to globally enable dampening. 6.
PAGE 435
Advanced Configuration and Management Guide 22. Select the neighbor IP address from the IP Address field’s pulldown menu. 23. Select the traffic direction to which you want to apply the route map. You can select In or Out. In this example, select In. 24. Select the route map from the Route Map Name field’s pulldown menu. In this example, select DAMPENING_MAP_NEIGHBOR_A. 25. Click Add to apply the changes to the device’s running-config file. 26. Select the Save link at the bottom of the dialog.
PAGE 436
Configuring BGP4 6. Click the Apply button to implement the change. Displaying and Clearing Route Flap Dampening Statistics The software provides many options for displaying and clearing route flap statistics. To display the statistics, use either of the following methods. Displaying Route Flap Dampening Statistics To display route flap dampening statistics, use the following CLI method.
PAGE 437
Advanced Configuration and Management Guide Table 10.3: Route Flap Dampening Statistics This Field... Displays... Network The destination network of the route. From The neighbor that sent the route to the routing switch. Flaps The number of flaps (state changes) the route has experienced. Since The amount of time since the first flap of this route. Reuse The amount of time remaining until this route will be un-suppressed and thus be usable again.
PAGE 438
Configuring BGP4 NOTE: If you have a lot of IBGP neighbors, you can configure some IBGP routers as route reflectors. By doing so, you can reduce the number of neighbors you need to configure on each router. Without route reflectors, all IBGP routers must be fully meshed to ensure proper route propagation. See “Configuring Route Reflection Parameters” on page 10-33.
PAGE 439
Advanced Configuration and Management Guide USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration panel is displayed. 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3. Click on the plus sign next to BGP in the tree view to expand the list of BGP option links. 4. Click on the General link to display the BGP configuration panel, shown in Figure 10.
PAGE 440
Configuring BGP4 The indicates the number of route-attribute entries allowed on the router. See “Memory Considerations” on page 10-9 for the maximum for your device. The change takes effect after the router is rebooted. USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration panel is displayed. 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3.
PAGE 441
Advanced Configuration and Management Guide Displaying BGP4 Information You can display the following configuration information and statistics for the BGP4 protocol on the router: • Summary BGP4 configuration information for the router • Active BGP4 configuration information (the BGP4 information in the running-config) • Information about the router’s BGP4 neighbors • Information about the paths from which BGP4 selects routes • Summary BGP4 route information • The router’s BGP4 route table • R
PAGE 442
Configuring BGP4 Table 10.4: BGP4 Summary Information (Continued) This Field... Displays... Maximum Number of Paths Supported for Load Sharing The maximum number of route paths across which the device can balance traffic to the same destination. The feature is enabled by default but the default number of paths is 1. You can increase the number from 2 – 8 paths. See “BGP4 Load Sharing”. Number of Neighbors Configured The number of BGP4 neighbors configured on this routing switch.
PAGE 443
Advanced Configuration and Management Guide Table 10.4: BGP4 Summary Information (Continued) This Field... Displays... State The state of this router’s neighbor session with each neighbor. The states are from this router’s perspective of the session, not the neighbor’s perspective. The state values are based on the BGP4 state machine values described in RFC 1771 and can be one of the following for each router: • IDLE – The BGP4 process is waiting to be started.
PAGE 444
Configuring BGP4 Table 10.4: BGP4 Summary Information (Continued) This Field... Displays... RtSent The number of BGP4 routes that the routing switch has sent to the neighbor. RtToSend The number of routes the routing switch has queued to send to this neighbor. USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-only or read-write access. The System configuration panel is displayed. 2.
PAGE 445
Advanced Configuration and Management Guide Displaying Summary Neighbor Information To display information for a neighbor, use the following CLI method. USING THE CLI To display summary neighbor information, enter a command such as the following at any level of the CLI: HP9300(config-bgp-router)# show ip bgp neighbor 192.168.4.
PAGE 446
Configuring BGP4 Table 10.5: BGP4 Route Summary Information for a Neighbor (Continued) This Field... Displays... NLRIs Received in Update Message The number of routes received in Network Layer Reachability (NLRI) format in UPDATE messages. NLRIs Discarded due to Routes Advertised NLRIs Sent in Update Message • Withdraws – The number of withdrawn routes the routing switch has received. • Replacements – The number of replacement routes the routing switch has received.
PAGE 447
Advanced Configuration and Management Guide Table 10.5: BGP4 Route Summary Information for a Neighbor (Continued) This Field... Displays... Peer Out of Memory Count for Statistics for the times the routing switch has run out of BGP4 memory for the neighbor during the current BGP4 session. • Receiving Update Messages – The number of times UPDATE messages were discarded because there was no memory for attribute entries.
PAGE 448
Configuring BGP4 The TCP statistics at the end of the display show status for the TCP session with the neighbor. Most of the fields show information stored in the routing switch’s Transmission Control Block (TCB) for the TCP session between the routing switch and its neighbor. These fields are described in detail in section 3.2 of RFC 793, “Transmission Control Protocol Functional Specification”. In this example, a specific neighbor’s IP address is entered.
PAGE 449
Advanced Configuration and Management Guide Table 10.6: BGP4 Neighbor Information (Continued) This Field... Displays... EBGP/IBGP Whether the neighbor session is an IBGP session, an EBGP session, or a confederation EBGP session. • EBGP – The neighbor is in another AS. • EBGP_Confed – The neighbor is a member of another sub-AS in the same confederation. • IBGP – The neighbor is in the same AS. RouterID The neighbor’s router ID.
PAGE 450
Configuring BGP4 Table 10.6: BGP4 Neighbor Information (Continued) This Field... Displays... Time The amount of time this session has been in its current state. KeepAlive The keep alive time, which specifies how often this router sends keep alive messages to the neighbor. See “Changing the Keep Alive Time and Hold Time” on page 10-23.
PAGE 451
Advanced Configuration and Management Guide Table 10.6: BGP4 Neighbor Information (Continued) This Field... Displays... Last Connection Reset Reason The reason the previous session with this neighbor ended.
PAGE 452
Configuring BGP4 Table 10.6: BGP4 Neighbor Information (Continued) This Field... Displays... Last Connection Reset Reason (cont.
PAGE 453
Advanced Configuration and Management Guide Table 10.6: BGP4 Neighbor Information (Continued) This Field... Displays... Notification Sent If the router receives a NOTIFICATION message from the neighbor, the message contains an error code corresponding to one of the following errors. Some errors have subcodes that clarify the reason for the error. Where applicable, the subcode messages are listed underneath the error code messages.
PAGE 454
Configuring BGP4 Table 10.6: BGP4 Neighbor Information (Continued) This Field... Displays... TCP Connection state The state of the connection with the neighbor. The connection can have one of the following states: • LISTEN – Waiting for a connection request. • SYN-SENT – Waiting for a matching connection request after having sent a connection request. • SYN-RECEIVED – Waiting for a confirming connection request acknowledgment after having both received and sent a connection request.
PAGE 455
Advanced Configuration and Management Guide Table 10.6: BGP4 Neighbor Information (Continued) This Field... Displays... UnAckSeq The current acknowledged sequence number. IRcvSeq The initial receive sequence number for the session. RcvNext The next sequence number expected from the neighbor. SendWnd The size of the send window. TotalRcv The number of sequence numbers received from the neighbor. DupliRcv The number of duplicate sequence numbers received from the neighbor.
PAGE 456
Configuring BGP4 Peer Out of Memory Count for: Receiving Update Messages:0, Accepting Routes(NLRI):0 Attributes:0, Outbound Routes(RIB-out):0 This display shows the following information. Table 10.7: BGP4 Route Summary Information for a Neighbor This Field... Displays... Routes Received How many routes the routing switch has received from the neighbor during the current BGP4 session.
PAGE 457
Advanced Configuration and Management Guide Table 10.7: BGP4 Route Summary Information for a Neighbor (Continued) This Field... Displays... Routes Advertised The number of routes the routing switch has advertised to this neighbor. NLRIs Sent in Update Message Peer Out of Memory Count for • To be Sent – The number of routes the routing switch has queued to send to this neighbor.
PAGE 458
Configuring BGP4 Displaying the Best Received Routes To display the routes received from a specific neighbor that are the “best” routes to their destinations, enter a command such as the following at any level of the CLI: HP9300(config-bgp-router)# show ip bgp neighbor 192.168.4.211 received-routes best Syntax: show ip bgp neighbor received-routes best For information about the fields in this display, see Table 10.9 on page 10-105.
PAGE 459
Advanced Configuration and Management Guide Displaying Summary Route Information To display summary route information, use the following CLI method.
PAGE 460
Configuring BGP4 USING THE CLI To view the BGP4 route table, enter the following command: To display all the BGP4 routes in the routing switch’s BGP4 route table that are the best routes to their destinations, enter a command such as the following at any level of the CLI: HP9300(config-bgp-router)# show ip bgp routes Searching for matching routes, use ^C to quit...
PAGE 461
Advanced Configuration and Management Guide Displaying the Best BGP4 Routes To display all the BGP4 routes in the routing switch’s BGP4 route table that are the best routes to their destinations, enter a command such as the following at any level of the CLI: HP9300(config-bgp-router)# show ip bgp routes best Searching for matching routes, use ^C to quit...
PAGE 462
Configuring BGP4 For information about the fields in this display, see Table 10.9 on page 10-105. The fields in this display also appear in the show ip bgp display. Displaying Information for a Specific Route To display information for a specific BGP4 routes, use either of the following methods. USING THE CLI To display BGP4 network information by specifying an IP address within the network, enter a command such as the following at any level of the CLI: HP9300(config-bgp-router)# show ip bgp 7.7.7.
PAGE 463
Advanced Configuration and Management Guide Table 10.9: BGP4 Network Information (Continued) This Field... Displays... Weight The value that this router associates with routes from a specific neighbor. For example, if the router receives routes to the same destination from two BGP4 neighbors, the router prefers the route from the neighbor with the larger weight. Path The route’s AS path. Note: This field appears only if you do not enter the route option.
PAGE 464
Configuring BGP4 Displaying Route Details Here is an example of the information displayed when you use the detail option. In this example, the information for one route is shown. HP9300# show ip bgp routes detail Total number of BGP Routes: 516985 Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED H:HISTORY I:IB GP L:LOCAL M:MULTIPATH S:SUPPRESSED Network Next Hop Metric LocPrf Weight 1 0.0.0.0/0 192.169.103.1 None 100 0 Atomic AGGREGATION(ID AS) Originator Cluster List None 0.0.0.
PAGE 465
Advanced Configuration and Management Guide Table 10.10: BGP4 Network Information (Continued) This Field... Displays... Atomic Whether network information in this route has been aggregated and this aggregation has resulted in information loss. Note: Information loss under these circumstances is a normal part of BGP4 and does not indicate an error. Aggregation ID The router that originated this aggregator. Aggregation AS The AS in which the network information was aggregated.
PAGE 466
Configuring BGP4 Table 10.10: BGP4 Network Information (Continued) This Field... Displays... RIB_out The number of neighbors to which the route has been or will be advertised. This is the number of times the route has been selected as the best route and placed in the Adj-RIB-Out (outbound queue) for a BGP4 neighbor. Communities The communities the route is in. USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-only or read-write access.
PAGE 467
Advanced Configuration and Management Guide Table 10.11: BGP4 Route-Attribute Entries Information (Continued) This Field... Displays... Next Hop The IP address of the next hop router for routes that have this set of attributes. Metric The cost of the routes that have this set of attributes. Origin The source of the route information. The origin can be one of the following: • EGP – The routes with this set of attributes came to BGP through EGP.
PAGE 468
Configuring BGP4 Displaying the Routes BGP4 Has Placed in the IP Route Table The IP route table indicates the routes it has received from BGP4 by listing “BGP” as the route type. You can view the IP route table using either of the following methods. USING THE CLI To display the IP route table, enter the following command: HP9300# show ip route Syntax: show ip route [ | | bgp | ospf | rip] Here is an example of the information displayed by this command.
PAGE 469
Advanced Configuration and Management Guide Syntax: show ip bgp flap-statistics [regular-expression |
[longer-prefixes] | neighbor | filter-list ...] The regular-expression parameter is a regular expression. The regular expressions are the same ones supported for BGP4 AS-path filters. See “Using Regular Expressions” on page 10-49. The
parameter specifies a particular route.
PAGE 470
Configuring BGP4 Displaying the Active Route Map Configuration To view the device’s active route map configuration (contained in the running-config) without displaying the entire running-config, use the following CLI method.
PAGE 471
Advanced Configuration and Management Guide peer group. The parameter specifies all neighbors within the specified AS. The all parameter specifies all neighbors. USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration panel is displayed. 2. Click on the plus sign next to Command in the tree view to expand the list of command options. 3. Click on the Clear link to display the Clear panel. 4.
PAGE 472
Configuring BGP4 • RFC 2842. This RFC specifies the Capability Advertisement, which a BGP4 router uses to dynamically negotiate a capability with a neighbor. • RFC 2858 for Multi-protocol Extension. NOTE: The HP implementation of dynamic route refresh supports negotiation of IP version 4 unicasts only. • bgp-draft-route-refresh-1.txt, which describes the dynamic route refresh capability The dynamic route refresh capability is enabled by default when you upgrade to software release 07.1.
PAGE 473
Advanced Configuration and Management Guide This command applies its filters for outgoing routes to the routing switch’s BGP4 route table (Adj-RIB-Out), changes or excludes routes accordingly, then sends the resulting Adj-RIB-Out to the neighbor. NOTE: The HP routing switch does not automatically update outbound routes using a new or changed outbound policy or filter when a session with the neighbor goes up or down.
PAGE 474
Configuring BGP4 • If you close a neighbor session, the routing switch and the neighbor clear all the routes they learned from each other. When the routing switch and neighbor establish a new BGP4 session, they exchange route tables again. Use this method if you want the routing switch to relearn routes from the neighbor and resend its own route table to the neighbor.
PAGE 475
Advanced Configuration and Management Guide To un-suppress a specific route, enter a command such as the following: HP9300# clear ip bgp damping 209.157.22.0 255.255.255.0 This command un-suppresses only the route(s) for network 209.157.22.0/24. USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration panel is displayed. 2. Click on the plus sign next to Command in the tree view to expand the list of command options.
PAGE 476
Configuring BGP4 3. Click on the Clear link to display the Clear panel. 4. Select one of the following: 5. • BGP Neighbor Last Packet with Error – Clears the buffer containing the first 400 bytes of the last BGP4 packet that contained an error. • BGP Neighbor Notification Error – Clears the buffer containing the last NOTIFICATION message sent or received. Click the Apply button to implement the change.
PAGE 477
Advanced Configuration and Management Guide 10 - 120
PAGE 478
Chapter 11 Network Address Translation You can configure an HP routing switch to perform standard Network Address Translation (NAT). NAT enables private IP networks that use nonregistered IP addresses to connect to the Internet. Configure NAT on the HP device at the border of an inside network and an outside network (such as the Internet). NAT translates the internal local addresses to globally unique IP addresses before sending packets to the outside network.
PAGE 479
Advanced Configuration and Management Guide The device performs NAT for traffic between the outside NAT interface and the inside NAT interface. Internet NAT Pool = 209.157.1.2 - 254/24 Internet access router Port 1/2 209.157.1.1 Outside NAT interface 10.10.10.3 10.10.10.2 Port 1/1 10.10.10.1 Inside NAT interface 10.10.10.4 Figure 11.1 ... 10.10.10.
PAGE 480
Network Address Translation Port Address Translation Normally, NAT maps each private address that needs to be routed to the outside network to a unique IP address from the pool. However, it is possible for the global address pool to have fewer addresses than the number of private addresses. In this case, you can configure the HP device to use Port Address Translation. Port Address Translation maps a client’s IP address and TCP or UDP port number to both an IP address and a TCP or UDP port number.
PAGE 481
Advanced Configuration and Management Guide Maximum Number of Addresses If the routing switch cannot allocate an address because it has run out of addresses, the routing switch drops the packet and sends an ICMP Host Unreachable packet. NOTE: The maximum number of global IP addresses you can configure depends on how much memory the routing switch has and whether you enable the Port Address Translation feature. Regardless of the amount of memory, you cannot configure more than 256 global IP addresses.
PAGE 482
Network Address Translation NOTE: You must configure inside NAT on one interface and outside NAT on another interface. The device performs NAT for traffic between the interfaces. In addition to the tasks listed above, you can modify the age timers for the address translation entries the device creates. See “Changing Translation Table Timeouts” on page 11-7 for information. For information about viewing the active NAT translations, see “Displaying the Active NAT Translations” on page 11-8.
PAGE 483
Advanced Configuration and Management Guide These commands configure a standard ACL for the private sub-net 10.10.10.x/24, then enable inside NAT for the sub-net. Make sure you specify permit in the ACL, rather than deny. If you specify deny, the HP device will not provide NAT for the addresses.
PAGE 484
Network Address Translation Enabling NAT The NAT configuration does not take effect until you enable it on specific interfaces. You can enable NAT on Ethernet ports and on virtual interfaces. You also can enable the feature on the primary port of a trunk group, in which case the feature applies to all the ports in the trunk group. NOTE: You must configure inside NAT on one interface and outside NAT on another interface. The device performs NAT for traffic between the interfaces.
PAGE 485
Advanced Configuration and Management Guide • Dynamic timeout – This age timer applies to all entries (static and dynamic) that do not use Port Address Translation. The default is 120 seconds. • UDP timeout – This age timer applies to entries that use Port Address Translation based on UDP port numbers. The default is 120 seconds. • TCP timeout – This age timer applies to entries that use Port Address Translation based on TCP port numbers. The default is 120 seconds.
PAGE 486
Network Address Translation --- 209.157.1.72 10.10.10.2 207.195.4.69 207.195.4.69 Syntax: show ip nat translation The show ip nat translation command shows the following information. Table 11.1: CLI Display of Active NAT Translations This Field... Displays... Pro When Port Address Translation is enabled, this field indicates the protocol NAT is using to uniquely identify the host. NAT can map the same IP address to multiple hosts and use the protocol port to distinguish among the hosts.
PAGE 487
Advanced Configuration and Management Guide Table 11.2: CLI Display of NAT Statistics This Field... Displays... Total translations The number of translations that are currently active. This number changes when translations are added or age out. To display the currently active translations, enter the show ip nat translation command. Hits The number of times NAT searched the translation table for a NAT entry and found the needed entry.
PAGE 488
Network Address Translation Table 11.2: CLI Display of NAT Statistics (Continued) This Field... Displays... Sess Lists session statistics. NAT uses the session table for managing the translations. • Total – The total number of both used and available internal session resources. • Avail – The number of free internal session resources. • NAT – The number of internal session resources currently used by NAT. For information about the session table, see “Layer 4 Session Table” on page 6-6.
PAGE 489
Advanced Configuration and Management Guide This command clears the inside NAT entry that maps private address 10.10.10.5 to Internet address 209.157.1.43. Here is the syntax for this form of the command. Syntax: clear ip nat inside If you use Port Address Translation, you can selectively clear entries based on the TCP or UDP port number assigned to an entry by the feature. For example, the following command clears one of the entries associated with Internet address 209.157.1.
PAGE 490
Network Address Translation NAT: NAT: NAT: NAT: NAT: NAT: NAT: NAT: NAT: NAT: tcp data src 10.10.100.18:1144 => trans 192.168.2.78:8012 dst 192.168.3.11:53 192.168.2.78:8012 192.168.3.11:53 flags A ID 65302 len 40 txfid 13 tcp data src 10.10.100.18:1144 => trans 192.168.2.78:8012 dst 192.168.3.11:53 192.168.2.78:8012 192.168.3.11:53 flags FA ID 23 len 40 txfid 13 tcp data dest 192.168.2.78:8012 => trans 192.168.3.11:53 dst 10.10.100.18:1144 192.168.3.11:53 10.10.100.
PAGE 491
Advanced Configuration and Management Guide Configuration Examples This section shows two complete configuration examples for NAT. The examples are based on different network topologies. • NAT clients connected to the routing switch by a switch. • NAT clients connected directly to routing switch ports. NOTE: You also can enable the feature on the primary port of a trunk group, in which case the feature applies to all the ports in the trunk group. These examples do not show this configuration.
PAGE 492
Network Address Translation HP9300> en HP9300# configure terminal HP9300(config)# The following command configures an ACL to identify the range of private addresses for which you want to provide NAT services. This ACL identifies the private address range as 10.10.10.0 – 10.10.10.255. HP9300(config)# access-list 9 permit 10.10.10.0 0.0.0.255 NOTE: The format of the network mask for an ACL uses zeroes to indicate a value that must match, and ones (255 in decimal) as a wildcard. In this case, 0.0.0.
PAGE 493
Advanced Configuration and Management Guide The following command saves all the configuration changes above to the routing switch’s startup-config file on flash memory. The routing switch applies NAT configuration information as soon as you enter it into the CLI. Saving the changes to the startup-config file ensures that the changes are reinstated following a system reload. HP 9304M or HP 9308M(config)# write memory Private NAT Clients Connected Directly to the routing switch Figure 11.
PAGE 494
Network Address Translation • A Pool of public (Internet) address to use for translation of the private addresses • An association of the ACL for the private addresses with the pool for translation • A default route that has the Internet access router as the route’s next-hop gateway The commands also enable inside NAT and outside NAT on the virtual interfaces and save the configuration changes to the startup-config file. All the commands are entered on the routing switch.
PAGE 495
Advanced Configuration and Management Guide The following command configures a static default route to the Internet access router. The routing switch uses this route for traffic that is addressed to a destination for which the IP route table does not have an explicit route. Typically, the IP route table does not have explicit routes to all destination networks on the Internet. HP9300(config)# ip route 0.0.0.0 0.0.0.0 63.251.295.1 The address 0.0.0.0 0.0.0.
PAGE 496
Chapter 12 Configuring VRRP and VRRPE This chapter describes how to configure HP routing switches to configure the following router redundancy protocols: • Virtual Router Redundancy Protocol (VRRP) – The standard router redundancy protocol described in RFC 2338. • VRRP Extended (VRRPE) – An enhanced version of VRRP that overcomes limitations in the standard protocol. NOTE: VRRP and VRRPE are separate protocols. You cannot use them together.
PAGE 497
Advanced Configuration and Management Guide Overview The following sections describe VRRP and VRRPE. The protocols both provide redundant paths for IP addresses. However, the protocols differ in a few important ways. For clarity, each protocol is described separately. Overview of VRRP VRRP is a protocol that provides redundancy to routers within a LAN. VRRP allows you to provide alternate router paths for a host without changing the IP address or MAC address by which the host knows its gateway.
PAGE 498
Configuring VRRP and VRRPE Figure 12.2 shows the same example network shown in Figure 12.1, but with a VRRP virtual router configured on Router1 and Router2. Internet or enterprise Intranet Internet or enterprise Intranet e 2/4 VRID1 Router1 = Master e 1/6 192.53.5.1 IP address = 192.53.5.1 MAC address = 00-00-5E-00-01-01 Priority = 255 Track port = e 2/4 e 3/2 192.53.5.3 Track priority = 20 e 1/5 VRID1 Router2 = Backup IP address = 192.53.5.
PAGE 499
Advanced Configuration and Management Guide When you configure a VRID, the software automatically assigns its MAC address. When a VRID becomes active, the Master router broadcasts a gratuitous ARP request containing the virtual router’s MAC address for each IP address associated with the virtual router. In Figure 12.2, Router1 sends a gratuitous ARP with MAC address 00-00-5e-00-01-01 and IP address 192.53.5.1.
PAGE 500
Configuring VRRP and VRRPE If the Owner becomes unavailable, but then comes back online, the Owner again becomes the Master router. The Owner becomes the Master router again because it has the highest priority. The Owner always becomes the Master again when the Owner comes back online. NOTE: If you configure a track port on the Owner and the track port is down, the Owner’s priority is changed to the track priority.
PAGE 501
Advanced Configuration and Management Guide NOTE: The MD5 authentication type is not supported for VRRP. Independent Operation of VRRP alongside RIP, OSPF, and BGP4 VRRP operation is independent of the RIP, OSPF, and BGP4 protocols. Their operation is unaffected when VRRP is enabled on a RIP, OSPF, or BGP4 interface. Dynamic VRRP Configuration All VRRP global and interface parameters take effect immediately. You do not need to reset the system to place VRRP configuration parameters into effect.
PAGE 502
Configuring VRRP and VRRPE The most important difference is that all VRRPE routers are Backups. There is no Owner router. VRRPE overcomes the limitations in standard VRRP by removing the Owner. Figure 12.3 shows an example of a VRRPE configuration. Internet or enterprise Intranet Internet or enterprise Intranet e 2/4 VRID1 Router1 = Master Virtual IP address = 192.53.5.254 e 3/2 Priority = 200 Track port = e 2/4 VRID1 Router2 = Backup Virtual IP address = 192.53.5.
PAGE 503
Advanced Configuration and Management Guide Comparison of VRRP, VRRPE, and SRP This section compares HP’s router redundancy protocols. VRRP VRRP is a standards-based protocol, described in RFC 2338. The HP implementation of VRRP contains the features in RFC 2338.
PAGE 504
Configuring VRRP and VRRPE Master and Backups • VRRP – The “Owner” of the IP address of the VRID is the default Master and has the highest priority (255). The precedence of the Backups is determined by their priorities. The default Master is always the Owner of the IP address of the VRID. • VRRPE – The Master and Backups are selected based on their priority. You can configure any of the routing switches to be the Master by giving it the highest priority. There is no Owner.
PAGE 505
Advanced Configuration and Management Guide Table 12.1: VRRP and VRRPE Parameters (Continued) Parameter Description Default See page... Virtual Router IP address This is the address you are backing up. None 12-4 VRID MAC address Authentication type No default. 12-12 • VRRP – The virtual router IP address must be a real IP address configured on the VRID interface on one of the VRRP routers. This router is the IP address Owner and is the default Master.
PAGE 506
Configuring VRRP and VRRPE Table 12.1: VRRP and VRRPE Parameters (Continued) Parameter Description Default See page... Backup priority A numeric value that determines a Backup’s preferability for becoming the Master for the VRID. During negotiation, the router with the highest priority becomes the Master. VRRP – 255 for the Owner; 100 for each Backup 12-15 • VRRP – The Owner has the highest priority (255); other routers can have a priority from 3 – 254.
PAGE 507
Advanced Configuration and Management Guide Table 12.1: VRRP and VRRPE Parameters (Continued) Parameter Description Default See page... Track priority A VRRP or VRRPE priority value assigned to the tracked port(s). If a tracked port’s link goes down, the VRID port’s VRRP or VRRPE priority changes. VRRP – 2 12-5 VRRPE – 5 12-17 Enabled 12-18 Backup preempt mode • VRRP – The priority changes to the value of the tracked port’s priority.
PAGE 508
Configuring VRRP and VRRPE Configuring Basic VRRPE Parameters To implement a simple VRRPE configuration using all the default values, enter commands such as the following on each routing switch. Router2(config)# router vrrp-extended Router2(config)# inter e 1/5 Router2(config-if-1/5)# ip address 192.53.5.3 Router2(config-if-1/5)# ip vrrp-extended vrid 1 Router2(config-if-1/5-vrid-1)# backup Router2(config-if-1/5-vrid-1)# ip-address 192.53.5.
PAGE 509
Advanced Configuration and Management Guide NOTE: For VRRP, change the router type only if you have moved the real IP address from one router to another or you accidentally configured the IP address Owner as a Backup. For VRRPE, the router type is always Backup. You cannot change the type to Owner.
PAGE 510
Configuring VRRP and VRRPE VRRPE Syntax Syntax: ip vrrp-extended auth-type no-auth | simple-text-auth The parameter values are the same as for VRRP. Router Type A VRRP interface is either an Owner or a Backup for a given VRID. By default, the Owner becomes the Master following the negotiation. A Backup becomes the Master only if the Master becomes unavailable. A VRRPE interface is always a Backup for its VRID. The Backup with the highest VRRP priority becomes the Master.
PAGE 511
Advanced Configuration and Management Guide NOTE: You cannot set the priority of a VRRP Owner. The Owner’s priority is always 255. VRRPE Syntax Syntax: backup [priority ] [track-priority ] The software requires you to identify a VRRPE interface as a Backup for its VRID before you can activate the interface for the VRID. However, after you configure the VRID, you can use this command to change its priority or track priority. The parameter values are the same as for VRRP.
PAGE 512
Configuring VRRP and VRRPE Router2(config-if-1/5)# ip vrrp vrid 1 Router2(config-if-1/5-vrid-1)# dead-interval 30 Syntax: dead-interval The syntax is the same for VRRP and VRRPE. Backup Hello Message State and Interval By default, Backup do not send Hello messages to advertise themselves to the Master. You can enable these messages if desired and also change the message interval.
PAGE 513
Advanced Configuration and Management Guide goes down, the software changes the VRRPE interface’s priority to 40. If another tracked interface goes down, the software reduces the VRID’s priority again, by the amount of the tracked interface’s track priority. The default track priority for a VRRP Owner is 2. The default track priority for Backups is 1. You enter the track priority as a parameter with the owner or backup command. See “Track Port” on page 12-17.
PAGE 514
Configuring VRRP and VRRPE Syntax: [no] owner priority | track-priority The parameter specifies the new priority and can be a number from 1 – 254. When you press Enter, the software changes the priority of the Master to the specified priority. If the new priority is lower than at least one Backup’s priority for the same VRID, the Backup takes over and becomes the new Master until the next software reload or system reset.
PAGE 515
Advanced Configuration and Management Guide This example is for VRRP. Here is an example for VRRPE: HP9300(config-if-e1000-1/6-vrid-1)# show ip vrrp-extended brief Total number of VRRP-Extended routers defined: 1 Interface VRID CurPri P State Master addr Backup addr VIP 1/6 1 255 P Init 192.53.5.2 192.53.5.3 192.53.5.
PAGE 516
Configuring VRRP and VRRPE Table 12.2: CLI Display of VRRP or VRRPE Summary Information (Continued) This Field... Displays... Master addr The IP address of the router interface that is currently the Master for the VRID. Backup addr The IP addresses of the router interfaces that are currently Backups for the VRID. VIP The virtual IP address that is being backed up by the VRID. USING THE WEB MANAGEMENT INTERFACE You cannot display the summary view using the Web management interface.
PAGE 517
Advanced Configuration and Management Guide Here is an example for a VRRPE Backup. HP9300(config)# show ip vrrp-extended Total number of VRRP-Extended routers defined: 1 Interface ethernet 1/6 auth-type no authentication VRID 1 state master administrative-status enabled priority 200 current priority 200 hello-interval 1 sec dead-interval 3.600 sec current dead-interval 3.600 sec preempt-mode true virtual ip address 192.53.5.254 advertise backup: enabled master router 192.53.5.
PAGE 518
Configuring VRRP and VRRPE Table 12.3: CLI Display of VRRP or VRRPE Detailed Information (Continued) This Field... Displays... state This routing switch’s VRRP or VRRPE state for the VRID. The state can be one of the following: • initialize – The VRID is not enabled (activated). If the state remains “initialize” after you activate the VRID, make sure that the VRID is also configured on the other routers and that the routers can communicate with each other.
PAGE 519
Advanced Configuration and Management Guide Table 12.3: CLI Display of VRRP or VRRPE Detailed Information (Continued) This Field... Displays... dead-interval The configured value for the dead interval. The dead interval is the number of seconds a Backup waits for a Hello message from the Master for the VRID before determining that the Master is no longer active.
PAGE 520
Configuring VRRP and VRRPE Table 12.3: CLI Display of VRRP or VRRPE Detailed Information (Continued) This Field... Displays... track port The interfaces that the VRID’s interface is tracking. If the link for a tracked interface goes down, the VRRP or VRRPE priority of the VRID interface is changed, causing the devices to renegotiate for Master. Note: This field is displayed only if track interfaces are configured for this VRID.
PAGE 521
Advanced Configuration and Management Guide Table 12.4: Web Display of VRRP Detailed Information (Continued) This Field... Displays... Mode Indicates whether the routing switch is the Owner or a Backup for the VRID. Note: The mode applies only to VRRP. All routing switches configured for VRRPE are Backups. Backup – Priority The device’s preferability for becoming the Master for the VRID. During negotiation, the router with the highest priority becomes the Master.
PAGE 522
Configuring VRRP and VRRPE rxed vrrp port mismatch count = 0 rxed vrrp ip address mismatch count = 0 rxed vrrp hello interval mismatch count = 0 rxed vrrp priority zero from master count = 0 rxed vrrp higher priority count = 0 transitioned to master state count = 1 transitioned to backup state count = 1 The same statistics are listed for VRRP and VRRPE.
PAGE 523
Advanced Configuration and Management Guide Table 12.5: CLI Display of VRRP or VRRPE Statistics (Continued) This Field... Displays... rxed vrrp hello interval mismatch count The number of packets received that did not match the configured Hello interval. rxed vrrp priority zero from master count The current Master has resigned.
PAGE 524
Configuring VRRP and VRRPE Table 12.6: Web Display of VRRP Statistics (Continued) This Field... Displays... Authen Password Mismatch Error The number of VRRP packets received by the interface that had a password value that does not match the password used by the interface for authentication. Virtual Router ID Error The number of VRRP packets received by the interface that contained a VRID that is not configured on this interface.
PAGE 525
Advanced Configuration and Management Guide Clearing VRRP or VRRPE Statistics Use the following methods to clear VRRP or VRRPE statistics. USING THE CLI To clear VRRP or VRRPE statistics, enter the following command at the Privileged EXEC level or any configuration level of the CLI: Router1(config)# clear ip vrrp-stat Syntax: clear ip vrrp-stat USING THE WEB MANAGEMENT INTERFACE NOTE: This procedure applies only to VRRP. You cannot display VRRPE information using the Web management interface. 1.
PAGE 526
Configuring VRRP and VRRPE Configuring Router2 Using the CLI To configure Router2 in Figure 12.2 on page 12-3 after enabling VRRP, enter the following commands: Router2(config)# router vrrp Router2(config)# inter e 1/5 Router2(config-if-1/5)# ip address 192.53.5.3 Router2(config-if-1/5)# ip vrrp vrid 1 Router2(config-if-1/5-vrid-1)# backup priority 100 track-priority 19 Router2(config-if-1/5-vrid-1)# track-port ethernet 3/2 Router2(config-if-1/5-vrid-1)# ip-address 192.53.5.
PAGE 527
Advanced Configuration and Management Guide • If the device does not have a VRRP virtual router configured, the VRRP configuration panel is displayed, as shown in the following example. • If a VRRP virtual router is already configured and you are adding a new one, click on the Add Virtual Router link to display the VRRP configuration panel, as shown in the following example.
PAGE 528
Configuring VRRP and VRRPE 12. Enter or select the track interface or port: • If you want to use a virtual interface as a track port, enter the virtual interface name. • If you want to use a physical interface as a track port, select the port. In this example, select 2/4. 13. Click the Add button to apply the changes to the device’s running-config. 14.
PAGE 529
Advanced Configuration and Management Guide 17. Select the Save link at the bottom of the dialog, then select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. VRRPE Example To implement the VRRPE configuration shown in Figure 12.3 on page 12-7, use the following CLI method. Configuring Router1 Using the CLI To configure VRRP Router1 in Figure 12.
PAGE 530
Configuring VRRP and VRRPE Syntax: activate USING THE WEB MANAGEMENT INTERFACE You cannot configure VRRPE using the Web management interface.
PAGE 531
Advanced Configuration and Management Guide 12 - 36
PAGE 532
Chapter 13 Configuring SRP This chapter describes how to configure the HP 9304M, HP 9308M, and HP 6308M-SX routing switches to use the Standby Router Protocol (SRP), a proprietary protocol that provides redundant paths between two routing switches. Details for configuring SRP with the CLI and the Web management interface are shown. For detailed summaries of all CLI commands, including the syntax and ranges of parameter values, see the Command Line Interface Reference.
PAGE 533
Advanced Configuration and Management Guide Overview of Standby Router Protocol (SRP) SRP allows alternate paths to be provided to a host. To provide path redundancy between given hosts, a virtual router with its own unique IP addresses is created. The virtual router is created by assigning these unique IP addresses to ports on existing routing switches in the network—routing switches that could provide a path between the given hosts.
PAGE 534
Configuring SRP SRP Support on Virtual Interfaces SRP is supported on both physical and virtual interfaces. Support on a virtual interface allows you to assign a single virtual interface to serve as a redundant link for multiple ports within a VLAN. For example, in Figure 13.2, virtual interface 1 represents ports 1, 2, and 3 for Router 1. A virtual interface will by default remain active until all underlying links go down.
PAGE 535
Advanced Configuration and Management Guide If a change in state (up or down) is detected by the track port, the priority of the SRP Group Interface will automatically be increased or decreased. NOTE: Virtual router interfaces cannot be assigned as track ports. Multiple Track Port Support You can assign multiple ports to serve as track ports for SRP redundant links. If an active link fails, all SRP interfaces that serve as track ports for the failed link are placed in standby mode.
PAGE 536
Configuring SRP Standby Router1 e4 A S X e1 e3 e2 A X S A=Active S=Standby PC 4 PC 1 S PC 2 A PC 3 S A Active Router2 Figure 13.
PAGE 537
Advanced Configuration and Management Guide Standby Router1 e4 e1 S e3 e2 S S S A=Active S=Standby PC 4 PC 1 A PC 2 A PC 3 A A Active Router2 Figure 13.4 Router2 becomes active router after links e1 and e3 fail with multiple track ports defined Independent Operation of RIP and OSPF SRP operation is independent of the RIP and OSPF protocols. RIP and OSPF operation will be unaffected when SRP is enabled on its interfaces.
PAGE 538
Configuring SRP Differences Between SRP and VRRP The Virtual Router Redundancy Protocol (VRRP) is a standards-based protocol that provides redundancy to routers within a LAN. VRRP is described in RFC 2338. The implementation of VRRP on the HP 9304M, HP 9308M, and HP 6308M-SX routing switches provides many of the same features as SRP. In addition, VRRP enables you to configure third-party devices that adhere to RFC 2338 along with the HP 9304M, HP 9308M, and HP 6308M-SX routing switches as virtual routers.
PAGE 539
Advanced Configuration and Management Guide Configuration Rules for SRP • Virtual interfaces cannot be assigned as track ports. • The keep-alive-time value must be set to the same value on both the active and standby router when both routers are connected to the same sub-net. • The router-dead-time parameter must be set to the same value on both the active and standby routers when both routing switches are connected to the same sub-net.
PAGE 540
Configuring SRP Assign Virtual Router IP Addresses In the examples in this section, SRP is used to provide a redundant path between Host 1 and Host 3 to ensure against failure of the primary path. See Figure 13.5. Host 1 Host 2 Default Router 192.53.5.1 Default Router 192.53.5.1 192.53.5.1 192.53.5.2 (A) Active 192.53.5.1 192.53.5.3 (B) Virtual Router Standby Router 1 Router 2 Preference = 200 192.53.5.1 Preference = 60 192.55.4.2 (C) 192.55.4.3 (D) 192.55.4.1 192.55.4.1 192.55.4.
PAGE 541
Advanced Configuration and Management Guide To establish the virtual IP address 192.55.4.1 for interface C defined by IP address 192.55.4.2 and Ethernet port 2/1, enter the following commands: Router1(config)# inter e 2/1 Router1(config-if-2/1)# ip srp address 192.55.4.2 vir-rtr-ip 192.55.4.1 other-rtr-ip 192.55.4.3 Notice that the latter command also defines the other routing switch used in this configuration by entering the IP address for Interface D on Router 2 (other-rtr-ip 192.55.4.3).
PAGE 542
Configuring SRP EXAMPLE: To make Router 1 the active router, assign a preference value to interfaces A and C that is higher than the preference value of interfaces B and D on Router 2. To assign a preference value of 200 to interfaces A and C, you would enter the following commands: Router1(config)# int e 1/7 Router1(config-if-1/7)# ip srp address 192.53.5.2 preference 200 Router1(config-if-1/7)# int e 2/1 Router1(config-if-2/1)# ip srp address 192.55.4.
PAGE 543
Advanced Configuration and Management Guide EXAMPLE: To define and assign the virtual router IP addresses for Router 1, shown in Figure 13.5, you would need to define two separate virtual IP addresses for interfaces A and C as well as linking those address to the IP addresses of the physical interfaces for A and C. For purposes of this example we are assuming that interface A corresponds to physical interface 1/7 and interface C corresponds to physical interface 2/1. To enable SRP on an interface: 1.
PAGE 544
Configuring SRP 10. Select the track port by selecting a box next to the desired interface. For purposes of this example, you would select interface 1 as the track port for interface A on router 1. NOTE: The track port is a physical port that is used to track the status of ports that provide redundant paths. If the software detects a change in state (up or down), the software increases or decreases the priority of the SRP Group Interface accordingly.
PAGE 545
Advanced Configuration and Management Guide Configuring SRP on Virtual Interfaces A virtual interface will by default remain active until all underlying links go down. If you want the virtual link to go to SRP standby state when a subset of the ports goes down, you need to configure track ports. PC1 192.147.201.50 Switch 5 6 4 7 8 8 192.147.201.1 S A IP Subnet VLAN 3 Virtual Interface 1 192.147.200.1 A Switch Router2 (STANDBY) Router1 (ACTIVE) 7 5 6 4 192.147.201.
PAGE 546
Configuring SRP USING THE CLI To configure the IP sub-net VLAN with port membership of 1, 2, and 3, you would enter the following commands: HP9300(config)# vlan 1 HP9300(config-vlan-1)# ip-subnet 192.147.200.0 255.255.255.
PAGE 547
Advanced Configuration and Management Guide 13 - 16
PAGE 548
Chapter 14 Configuring IPX This chapter describes how to configure the Internet Packet Exchange (IPX) protocol on the HP 9304M, HP 9308M, and HP 6308M-SX routing switches using the CLI and Web management interface. To display IPX configuration information and statistics, see “Displaying IPX Configuration Information and Statistics” on page 14-16. For complete syntax information for the CLI commands shown in this chapter, see the Command Line Interface Reference.
PAGE 549
Installation and Getting Started Guide 6. Assign RIP, SAP, and Forward filter groups (optional). 7. Modify the maximum number of SAP and RIP Route entries supported (optional). 8. Modify the hop count increment for RIP and SAP broadcast packets (optional). 9. Modify the maximum advertisement packet size for RIP and SAP packets (optional). 10. Modify the advertisement interval for RIP and SAP updates (optional). 11. Modify the age timer for learned RIP and SAP entries (optional).
PAGE 550
Configuring IPX 4. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. 5. Click on the plus sign next to Command in the tree view to list the command options. 6. Select the Reload link and select Yes when prompted to reload the software. You must reload after enabling IPX to place the change into effect.
PAGE 551
Installation and Getting Started Guide NOTE: Once you configure an interface with a network number and frame type, you can define filters and assign them to the interface. Internal Network Number: 01010101 Node: 1 HR Server Client #1 MAC address: 008012345678 Internal Network Number: 03030303 SAP, RIP Advertisements Network 100 802.2 e1 Node: 1 Finance Server Network 300 802.2 Client #3 e3 e2 Client #2 Network 200 802.2 Public Server Figure 14.
PAGE 552
Configuring IPX 6. Enter the network number. 7. Select the frame type from the pull down menu. 8. Enable NetBIOS if desired. 9. Click the Add button to apply the changes to the device’s running-config file. 10. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory.
PAGE 553
Installation and Getting Started Guide 5. Enter a filter ID value from 1 – 32. 6. Select either Permit or Deny. 7. Enter the appropriate number for the destination socket of the application running in the Socket field. If you enter all zeros in this field, the filter will accept any socket. 8. Enter the Source Network Address on which you want to filter traffic. If you enter all zeros in this field, the filter will accept any source network. 9.
PAGE 554
Configuring IPX 14. Select the port or slot/port combination to which you are assigning the filter(s). 15. Check either or both of the In Filter and Out Filter boxes. If you check the In Filter box, all incoming traffic is filtered as defined. If you check the Out Filter box, all outgoing traffic is filtered. By selecting both the In Filter and Out Filter boxes, you can assign the filters to both incoming and outgoing traffic. 16. Enter the filter ID(s) that you want to assign to the port.
PAGE 555
Installation and Getting Started Guide • If you are modifying an existing IPX RIP filter, click on the Modify button to the right of the row describing the filter to display the IPX RIP Filter configuration panel, as shown in the following example. 5. Enter a Filter ID value in the Filter ID field. 6. Select either Permit or Deny. 7. Enter the source network address on which you want to filter traffic in the Network field.
PAGE 556
Configuring IPX Configuring IPX SAP Access Control Lists (ACLs) You can configure Access Control Lists (ACLs) for filtering Service Advertisement Protocol (SAP) replies sent on a routing switch’s IPX interfaces. You configure IPX SAP access lists on a global basis, then apply them to the IPX inbound or outbound filter group on specific interfaces. You can configure up to 32 access lists. The same access list can be applied to multiple interfaces.
PAGE 557
Installation and Getting Started Guide The [.] parameter lets you specify a comparison mask for the network and node. The mask consists of zeros (0) and ones (f). Ones indicate significant bits. For example, to configure a mask that matches on network abcdefxx, where xx can be any value and the node address can be any value, specify the following mask: ffffff00.0000.0000.
PAGE 558
Configuring IPX The [] parameter lets you specify a service type and, optionally, a specific server. Use these parameters when you are configuring an ACL for filtering Get Nearest Server (GNS) replies. The service type is a hexadecimal number. To specify all service types (“any”), enter 0. For a list of service types, see the software documentation for your IPX servers.
PAGE 559
Installation and Getting Started Guide 4. Enter the new value for the table size. The value you enter specifies the maximum number of entries the table can hold. 5. Click Apply to save the changes to the device’s running-config file. 6. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. 7. Click on the plus sign next to Command in the tree view to list the command options. 8.
PAGE 560
Configuring IPX Modify the RIP Advertisement Packet Size The default IPX RIP packet size is 432 bytes, which allows 50 routes plus 32 bytes of header in an IPX RIP update packet. Each route requires eight bytes. You can configure the packet size to be from 40 bytes (enough for one route) – 1488 bytes (enough for 182 routes). NOTE: You can specify packet length that does not fall evenly on a route or server boundary.
PAGE 561
Installation and Getting Started Guide Modify the RIP Advertisement Interval The IPX RIP advertisement interval specifies how often the routing switch sends IPX RIP updates to neighboring IPX routers. The update intervals are separate for RIP and SAP and are configurable on an individual interface basis. By default, the routing switch sends an IPX RIP update every 60 seconds. You can change the interval to be from 10 – 65535 seconds. You cannot disable the advertisements.
PAGE 562
Configuring IPX USING THE WEB MANAGEMENT INTERFACE You cannot modify the SAP advertisement interval using the Web management interface. Modify the Age Timer for Learned IPX Routes The age timer specifies how many seconds a learned IPX route can remain in the routing switch’s IPX route table before aging out. The software calculates the age time by multiplying the advertisement interval times the age timer.
PAGE 563
Installation and Getting Started Guide Displaying IPX Configuration Information and Statistics You can use CLI commands and Web management options to display the following IPX information: • Global IPX parameter settings – see “Displaying Global IPX Configuration Information” on page 14-16. • IPX interfaces – see “Displaying IPX Interface Information” on page 14-17. • IPX forwarding cache – see “Displaying the IPX Forwarding Cache” on page 14-19.
PAGE 564
Configuring IPX Table 14.1: CLI Display of Global IPX Configuration Information (Continued) This Field... Maximum IPX SAP filters Displays... How many IPX service filters you can configure in the routing switch. On some devices, you can change this value by changing the amount of memory allocated for the filters. See “Displaying and Modifying System Parameter Default Settings” in the “Configuring Basic Features” chapter of Installation and Getting Started Guide.
PAGE 565
Installation and Getting Started Guide Syntax: show ipx interface [ethernet | ve ] The ethernet parameter lets you specify a routing switch port. The ve parameter lets you specify a virtual interface (VE). This display shows the following information. Table 14.2: CLI Display of IPX Interface Information This Field... Displays... Interface The port or virtual interface on which the IPX interface is configured. MAC address The MAC address of the interface.
PAGE 566
Configuring IPX Table 14.2: CLI Display of IPX Interface Information (Continued) This Field... sap-interval Displays... The SAP advertisement interval. The IPX SAP advertisement interval specifies how often the routing switch sends IPX SAP updates to neighboring IPX routers. To modify this parameter, see “Modify the SAP Advertisement Interval” on page 14-14. sap-max-packet-size The maximum packet size for IPX SAP advertisements.
PAGE 567
Installation and Getting Started Guide This display shows the following information. Table 14.3: CLI Display of IPX Forwarding Cache This Field... Displays... Total number of IPX cache entries The number of entries in the forwarding cache. Index The row number of this entry in the cache. Network The network containing the destination node. Router The MAC address of the next-hop IPX router. If the destination is local, the address is shown as all zeros.
PAGE 568
Configuring IPX Syntax: show ipx route [] The parameter lets you specify an IPX network number. This display shows the following information. Table 14.4: CLI Display of IPX Route Table This Field... Displays... Total number of IPX route entries The number of entries in the table. Index The index number of the table entry. Network The IPX network at the route’s destination. Router The MAC address of the next-hop IPX router.
PAGE 569
Installation and Getting Started Guide This display shows the following information. Table 14.5: CLI Display of IPX Server Table This Field... Displays... Index The index number of the table entry. Network The network in which the server is located. Node The six-byte node number. The node number can be a MAC address or, for some IPX server types, a “1”. Socket The two-byte socket number. Type The two-byte number for the server type. Hops The number of IPX router hops to the server’s network.
PAGE 570
Configuring IPX This display shows the following information. Table 14.6: CLI Display of IPX Traffic Statistics This Field... Displays... Port The port for which the statistics apply. Only the ports that have IPX interfaces configured on them are listed. Forward The number of IPX packets received by the routing switch from another device and then sent on the port. Receive The number of IPX packets received on the port.
PAGE 571
Installation and Getting Started Guide Table 14.7: Web Display of IPX Traffic Statistics (Continued) This Field... Displays... Rcv Filter Packets The number of packets received by the routing switch that matched an inbound IPX filter. Tx Filter Packets The number of packets queued for sending that matched an outbound IPX filter. To display traffic statistics for each port or virtual interface on which an IPX interface is configured: 1.
PAGE 572
Chapter 15 Configuring AppleTalk This chapter describes how to configure AppleTalk on HP 9304M, HP 9308M, and HP 6308M-SX routing switches using the CLI and the Web management interface. The routing switches support Phase II of AppleTalk routing. For complete syntax information for the CLI commands shown in this chapter, see the Command Line Interface Reference. NOTE: In addition to the routing features described in this chapter, the routing switches support AppleTalk cable VLANs.
PAGE 573
Advanced Configuration and Management Guide Zones AppleTalk zones are logical groupings of AppleTalk nodes defined within and across multiple networks as shown in Figure 15.1. For example, the Finance zone comprises two separate networks, 500 and 600. These network numbers are assigned to a specific interface on a router, and nodes within those networks are automatically assigned numbers in that range.
PAGE 574
Configuring AppleTalk Additionally, this feature helps eliminate unauthorized access to devices within restricted zones. As new devices are added to secured zones, information on those devices is protected automatically. Network Filtering You also can filter on a network basis by enabling the Routing Table Maintenance Protocol (RTMP) filtering capability of zone filtering.
PAGE 575
Advanced Configuration and Management Guide Network Layer Support Datagram Delivery Protocol (DDP) DDP provides connectionless service between application sockets on an AppleTalk network and administers AppleTalk addresses. AppleTalk Address Resolution Protocol (AARP) AARP translates AppleTalk addresses into 48-bit data link addresses. The 48-bit data link address is required in order to send AppleTalk packets to a specific node. AARP is also used to check for duplicate AppleTalk addresses on the network.
PAGE 576
Configuring AppleTalk USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. The System configuration dialog is displayed. 2. Select the Enable radio button next to AppleTalk. 3. Click the Apply button to apply the changes to the device’s running-config file. 4. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory.
PAGE 577
Advanced Configuration and Management Guide Saving Configuration Changes to the Interface Once you have configured the cable range, network address, zone(s), and AppleTalk routing for an interface, you can preserve the configuration changes by saving them to flash.
PAGE 578
Configuring AppleTalk 8. Beginning in software release 06.x, the AppleTalk ARP age is a global parameter instead of an interface parameter. When you enter an ARP age value for a port and apply the change to the running-config file or save the change to the startup-config file, the change is saved as the global setting. If you try to set different values for different ports, the interface does not display an error message.
PAGE 579
Advanced Configuration and Management Guide Enable AppleTalk Routing on an Interface To enable AppleTalk on interface 1/5, use one of the following methods. USING THE CLI HP9300(config)# int e 1/5 HP9300(config-if-1/5)# appletalk routing HP9300(config-if-1/5)# end HP9300# write memory HP9300# reload NOTE: By definition, values for the network range, AppleTalk address, and zone name fields are never entered for a non-seed router.
PAGE 580
Configuring AppleTalk 8. Beginning in software release 06.x, the AppleTalk ARP age is a global parameter instead of an interface parameter. When you enter an ARP age value for a port and apply the change to the running-config file or save the change to the startup-config file, the change is saved as the global setting. If you try to set different values for different ports, the interface does not display an error message.
PAGE 581
Advanced Configuration and Management Guide Filtering AppleTalk Zones and Networks Defining Zone Filters Zone filtering allows you to define access for a network and its nodes by entering single permit or deny CLI commands, instead of defining an access list for each node independently. By eliminating the need to enter separate numbers for each device or network segment, zone filters improve overall system administration of an AppleTalk network.
PAGE 582
Configuring AppleTalk USING THE CLI HP9300(config)# interface e1/1 HP9300(config-if-1/1)# appletalk deny zone finance HP9300(config-if-1/1)# int e1/3 HP9300(config-if-1/3)# appletalk deny zone finance HP9300(config-if-1/3)# int e1/13 HP9300(config-if-1/13)# appletalk deny zone finance HP9300(config-if-1/13)# int e1/15 HP9300(config-if-1/15)# appletalk deny zone finance USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access.
PAGE 583
Advanced Configuration and Management Guide Define Additional Zone Filters When defining AppleTalk zone filters, you must define both deny and permit relationships for an interface. For instance, in the previous example, a deny filter prevents users within Marketing and Field Service zones from accessing the Finance zone.
PAGE 584
Configuring AppleTalk 5. Select the interface for which the zone filter is to be defined from the port or slot/port pull down menu(s). In this example, you are defining a permit zone filter for HR for interfaces 10 and 14, which have membership in the Finance zone. 6. Enter the zone name to which access is to be permitted or denied. In this case, the zone name is HR. 7. Select either Deny or Permit. In this example, select Permit for interfaces 10 and 14. 8.
PAGE 585
Advanced Configuration and Management Guide 3. Configure a physical interface on the routing switch that provides access to remote networks to support routing between local and remote AppleTalk VLANs. NOTE: By supporting assignment of VLANs on interfaces, the routing switch is functioning as a virtual switch. Switch 5 6 7 4 AppleTalk Protocol VLAN 3 2 8 300.50 Finance Zone Virtual Interface 3 100.50 Marketing Zone Router 1 Figure 15.
PAGE 586
Configuring AppleTalk To configure the defined AppleTalk VLAN virtual interface ve3, enter the following commands: HP9300(config-if-1/8)# int ve 3 HP9300(config-vif-3)# appletalk cable-range 100 - 100 HP9300(config-vif-3)# appletalk address 100.50 HP9300(config-vif-3)# appletalk zone-name Marketing HP9300(config-vif-3)# appletalk routing Routing Between Protocol VLANs Within Port-Based VLANs In Figure 15.4, AppleTalk traffic is terminating on ports 1 – 4 on two separate networks, 100 and 200.
PAGE 587
Advanced Configuration and Management Guide USNG THE CLI HP9300(config)# vlan 2 by port HP9300(config-vlan-2)# untag e1/3 to 1/4 HP9300(config-vlan-2)# atalk-proto HP9300(config-vlan-atalk-proto)# static e1/3 to 1/4 HP9300(config-vlan-atalk-proto)# router-interface ve 5 HP9300(config-vlan-atalk-proto)# end HP9300(config-vlan-2)# vlan 3 by port HP9300(config-vlan-3)# untag e1/1 to 1/2 HP9300(config-vlan-3)# atalk-proto HP9300(config-vlan-atalk-proto)# router-interface ve 3 To configure the physi
PAGE 588
Configuring AppleTalk • AppleTalk RTMP update interval • AppleTalk ZIP query interval The following sections describe these parameters and show how to change them. AppleTalk ARP Age To change the AppleTalk ARP age in software release 06.X or later, use one of the following methods.
PAGE 589
Advanced Configuration and Management Guide USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3. Click on the plus sign next to AppleTalk in the tree view to expand the list of AppleTalk option links. 4. Click on the General link to display the AppleTalk configuration panel. 5.
PAGE 590
Configuring AppleTalk USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3. Click on the plus sign next to AppleTalk in the tree view to expand the list of AppleTalk option links. 4. Click on the General link to display the AppleTalk configuration panel. 5. Select Enable next to Glean Packet. 6.
PAGE 591
Advanced Configuration and Management Guide USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-write access. 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3. Click on the plus sign next to AppleTalk in the tree view to expand the list of AppleTalk option links. 4. Click on the General link to display the AppleTalk configuration panel. 5.
PAGE 592
Configuring AppleTalk Clearing AppleTalk Information USING THE CLI When using the CLI, you can clear AppleTalk data by entering the following CLI commands: • clear appletalk arp cache: Erases all data in the AppleTalk ARP table, as displayed by the show appletalk arp command. • clear appletalk forward cache: Erases all learned data from non-local networks that is currently resident in the AppleTalk cache (forwarding table), as displayed by the show appletalk cache command.
PAGE 593
Advanced Configuration and Management Guide 15 - 22
PAGE 594
Chapter 16 Configuring VLANs This chapter describes how to configure Virtual LANs (VLANs) on the HP 9304M, HP 9308M, and HP 6308M-SX routing switches and the HP 6208M-SX switch. The “Overview” section provides basic information about the VLAN options. Following this section, other sections provide configuration procedures and examples. To display configuration information for VLANs, see “Displaying VLAN Information” on page 16-57.
PAGE 595
Advanced Configuration and Management Guide When a device receives a packet on a port that is a member of a VLAN, the device forwards the packet based on the following VLAN hierarchy: • If the port belongs to an IP sub-net VLAN, IPX network VLAN, or AppleTalk cable VLAN, and the packet belongs to the corresponding IP sub-net, IPX network, or AppleTalk cable range, the device forwards the packet to all the ports within that VLAN.
PAGE 596
Configuring VLANs Layer 2 traffic is bridged within a port-based VLAN and Layer 2 broadcasts are sent to all the ports within the VLAN. Layer 3 Protocol-Based VLANs If you want some or all of the ports within a port-based VLAN to be organized according to Layer 3 protocol, you must configure a Layer 3 protocol-based VLAN within the port-based VLAN. You can configure each of the following types of protocol-based VLAN within a port-based VLAN.
PAGE 597
Advanced Configuration and Management Guide For example, if you configure two IP sub-net VLANs on a routing switch, you can configure a virtual interface on each VLAN, then configure IP routing parameters for the sub-nets. Thus, the routing switch forwards IP sub-net broadcasts within each VLAN at Layer 2 but routes Layer 3 traffic between the VLANs using the virtual interfaces.
PAGE 598
Configuring VLANs Default VLAN By default, all the ports on a device are in a single port-based VLAN. This VLAN is called DEFAULT-VLAN and is VLAN number 1. The routing switches and the switch do not contain any protocol VLANs or IP sub-net, IPX network, or AppleTalk cable VLANs by default. Figure 16.3 shows an example of the default Layer 2 port-based VLAN. Default VLAN Figure 16.
PAGE 599
Advanced Configuration and Management Guide Untagged Packet Format 6 bytes 6 bytes 2 bytes Up to 1500 bytes 4 bytes Destination Address Source Address Type Field Data Field CRC 6 bytes 6 bytes 2 bytes Up to 1496 bytes 4 bytes Destination Address Source Address Length Field Data Field CRC Ethernet II IEEE 802.3 802.1q Tagged Packet Format 6 bytes 6 bytes 4 bytes 2 bytes Up to 1500 bytes 4 bytes Destination Address Source Address 802.
PAGE 600
Configuring VLANs VLAN A VLAN A/B VLAN B g Se t1 t2 en gm VLAN A/B n me Se VLAN A VLAN B User-configured port-based VLAN Figure 16.5 VLANs configured across multiple devices Spanning Tree Protocol (STP) The default state of STP depends on the device type: • STP is disabled by default on the HP 9304M, HP 9308M, and HP 6308M-SX routing switches. • STP is enabled by default on the HP 6208M-SX switch. Also by default, each port-based VLAN has a separate instance of STP.
PAGE 601
Advanced Configuration and Management Guide blocked, the virtual interface can still route so long as at least one port in the virtual interface’s protocol VLAN is not blocked by STP. NOTE: If you plan to connect the device to networking devices that run only a single instance of STP on all ports, you can configure the device to run a single instance of STP on all ports.
PAGE 602
Configuring VLANs Dynamic, Static, and Excluded Port Membership When you add ports to a protocol VLAN, IP sub-net VLAN, IPX network VLAN, or AppleTalk cable VLAN, you can add them dynamically or statically: • Dynamic ports • Static ports You also can explicitly exclude ports. Dynamic Ports Dynamic ports are added to a VLAN when you create the VLAN. However, if a dynamically added port does not receive any traffic for the VLAN’s protocol within ten minutes, the port is removed from the VLAN.
PAGE 603
Advanced Configuration and Management Guide Static Ports Static ports are permanent members of the protocol VLAN. The ports remain active members of the VLAN regardless of whether the ports receive traffic for the VLAN’s protocol. You must explicitly identify the port as a static port when you add it to the VLAN. Otherwise, the port is dynamic and is subject to aging out. In addition, static ports never “leak” broadcast packets of other protocol types. (See “Broadcast Leaks” on page 16-10.
PAGE 604
Configuring VLANs Super Aggregated VLANs You can aggregate multiple VLANs within another VLAN. This feature allows you to construct Layer 2 paths and channels. This feature is particularly useful for Virtual Private Network (VPN) applications ins which you need to provide a private, dedicated Ethernet connection for an individual client to transparently reach its sub-net across multiple networks.
PAGE 605
Advanced Configuration and Management Guide Routing Between VLANs (Routing Switches Only) The routing switches can locally route IP, IPX, and Appletalk between VLANs defined within a single routing switch. All other routable protocols or protocol VLANs (for example, DecNet) must be routed by another external router capable of routing the protocol. Virtual Interfaces (Routing Switches Only) Virtual interfaces must be defined at the highest level of the VLAN hierarchy.
PAGE 606
Configuring VLANs There is a separate STP domain for each port-based VLAN. Routing occurs independently across port-based VLANs or STP domains. You can define each end of each backbone link as a separate tagged port-based VLAN. Routing will occur independently across the port-based VLANs. Because each port-based VLAN’s STP domain is a single point-to-point backbone connection, you are guaranteed to never have an STP loop.
PAGE 607
Advanced Configuration and Management Guide 6308M-SX Port 2 IP sub-net 2 IPX network 2 AppleTalk cable range 200 AppleTalk zone “CTP” Port 1 IP sub-net 1 IPX network 1 AppleTalk cable range 100 AppleTalk zone “Prepress” Layer port-based VLAN 333 Ports 5 - 8 Layer port-based VLAN 222 Ports 1 - 4 Port 1 Port 5 6208M-SX Ports 2 - 4 IP sub-net 1 IPX network 1 AppleTalk cable range 100 AppleTalk zone “Prepress” Figure 16.
PAGE 608
Configuring VLANs VLAN “BROWN” VLAN “GREEN” = STP blocked VLAN 6308M-SX IP sub-net 1 IPX network 1 Atalk 100.1 Zone “A” IP sub-net 2 IPX network 2 Atalk 200.
PAGE 609
Advanced Configuration and Management Guide HP6208-A(config-vlan-3)# tag ethernet 7 to 8 HP6208-A(config-vlan-3)# spanning-tree HP6208-A(config-vlan-3)# write memory Configuring 6208M-SX B Enter the following commands to configure 6208M-SX B: HP6208> en HP6208# configure terminal HP6208(config)# hostname HP6208-B HP6208-B(config)# vlan 2 name BROWN HP6208-B(config-vlan-2)# untag ethernet 1 to 3 HP6208-B(config-vlan-2)# tag ethernet 7 to 8 HP6208-B(config-vlan-2)# spanning-tree HP6208-B(config-vl
PAGE 610
Configuring VLANs Modifying a Port-Based VLAN You can make the following modifications to a port-based VLAN: • Add or delete a VLAN port. • Change its priority. • Enable or disable STP. Removing a Port-Based VLAN Suppose you want to remove VLAN 5 from the example in Figure 16.10. To do so, use the following procedure. USING THE CLI 1. Access the global CONFIG level of the CLI on 6208M-SX A by entering the following commands: HP6208-A> enable No password has been assigned yet...
PAGE 611
Advanced Configuration and Management Guide 4. Enter the following commands to exit the VLAN CONFIG mode and save the configuration to the system config file on flash memory: HP6208-A(config-vlan-4)# HP6208-A(config-vlan-4)# end HP6208-A# write memory HP6208-A# Assigning a Higher Priority to a VLAN Suppose you wanted to give all traffic on Purple VLAN 2 in Figure 16.10 higher priority than all the other VLANs. Use the following procedure to do so. USING THE CLI 1.
PAGE 612
Configuring VLANs Enable Spanning Tree on a VLAN The spanning tree bridge and port parameters are configurable using one CLI command set at the Global Configuration Level of each Port-based VLAN. Suppose you wanted to enable the IEEE 802.1d STP across VLAN 3. To do so, use the following method. NOTE: When port-based VLANs are not operating on the system, STP is set on a system-wide level at the global CONFIG level of the CLI. USING THE CLI 1.
PAGE 613
Advanced Configuration and Management Guide • Priority – a parameter used to identify the root bridge in a network. The bridge with the lowest value has the highest priority and is the root. Possible values: 1 – 65,535. Default is 32,678. Port Parameters (applied to a specified port within a VLAN) • Path Cost – a parameter used to assign a higher or lower path cost to a port. Possible values: 1 – 65535.
PAGE 614
Configuring VLANs To configure the VLANs shown in Figure 16.11, use the following procedure. USING THE CLI 1. To permanently assign ports 1 – 3 and port 8 to IP sub-net VLAN 1.1.1.0, enter the following commands HP6208> en No password has been assigned yet... HP6208# config t HP6208(config)# HP6208(config)# ip-subnet 1.1.1.0/24 name Green HP6208(config-ip-subnet)# no dynamic HP6208(config-ip-subnet)# static ethernet 1 to 3 ethernet 8 2.
PAGE 615
Advanced Configuration and Management Guide the flat IP and IPX segment with connectivity to the rest of the network. Within VLAN 4 IP and IPX will follow the STP topology. All other IP sub-nets and IPX networks will be fully routed and have use of all paths at all times during normal operation. Figure 16.12 shows the configuration described above. VLAN 2 VLAN 6 VLAN 3 VLAN 7 VLAN 4 VLAN 8 = STP blocked VLAN VLAN 5 VE 4, VE 5 9304 A VLAN 2 Ports 1 - 4 VE 1 -IP sub-net 2 -OSPF area 0.0.0.
PAGE 616
Configuring VLANs To configure the Layer 3 VLANs and virtual interfaces on the routing switches in Figure 16.12, use the following procedure. USING THE CLI Configuring 9304 A Enter the following commands to configure 9304 A. The following commands enable OSPF or RIP routing and IPX routing. HP9300> en No password has been assigned yet... HP9300# configure terminal HP9300(config)# hostname HP9300-A HP9300-A(config)# router ospf HP9300-A(config-ospf-router)# area 0.0.0.
PAGE 617
Advanced Configuration and Management Guide Do the same thing for VLAN 8.
PAGE 618
Configuring VLANs HP9300-A(config-vlan-4)# tag ethernet 4/1 to 4/2 HP9300-A(config-vlan-4)# spanning-tree HP9300-A(config-vlan-4)# spanning-tree priority 500 HP9300-A(config-vlan-4)# router-interface ve5 HP9300-A(config-vlan-4)# int ve5 HP9300-A(config-vif-5)# ip address 1.1.3.1/24 HP9300-A(config-vif-5)# ip ospf area 0.0.0.0 HP9300-A(config-vif-5)# ipx network 3 ethernet_802.
PAGE 619
Advanced Configuration and Management Guide • There is no need to include a virtual interface within VLAN 4. • The backbone VLAN between 9304 B and 9304 C must be the same at both ends and requires a new VLAN ID. The VLAN ID for this port-based VLAN is VLAN 7. Configuration for 9304 B Enter the following commands to configure 9304 B. HP9300> en No password has been assigned yet...
PAGE 620
Configuring VLANs HP9300-B(config-vlan-ipx-network)# static e2/5 to 2/8 HP9300-B(config-vlan-ipx-network)# router-interface ve4 HP9300-B(config-vlan-ipx-network)# other-proto name block-other-protocols HP9300-B(config-vlan-other-proto)# exclude e2/1 to 2/8 HP9300-B(config-vlan-other-proto)# no dynamic HP9300-B(config-vlan-other-proto)# interface ve 3 HP9300-B(config-vif-3)# ip addr 1.1.7.1/24 HP9300-B(config-vif-3)# ip ospf area 0.0.0.
PAGE 621
Advanced Configuration and Management Guide HP9300-C(config-ospf-router)# area 0.0.0.0 normal HP9300-C(config-ospf-router)# router ipx HP9300-C(config-ospf-router)# vlan 2 name IP-Subnet_1.1.9.
PAGE 622
Configuring VLANs HP9300-C(config-vif-4)# vlan 4 name Bridged_ALL_Protocols HP9300-C(config-vlan-4)# untag ethernet 3/1 to 3/8 HP9300-C(config-vlan-4)# tag ethernet 4/1 to 4/2 HP9300-C(config-vlan-4)# spanning-tree HP9300-C(config-vlan-4)# vlan 7 name Rtr_BB_to_Bldg.2 HP9300-C(config-vlan-7)# tag e4/1 HP9300-C(config-vlan-7)# no spanning-tree HP9300-C(config-vlan-7)# router-interface ve5 HP9300-C(config-vlan-7)# vlan 6 name Rtr_BB_to_Bldg.
PAGE 623
Advanced Configuration and Management Guide • You cannot have an AppleTalk cable VLAN and an AppleTalk protocol VLAN in the same port-based VLAN. If you already have an AppleTalk protocol VLAN in the port-based VLAN, you must delete the AppleTalk protocol VLAN first, then configure the AppleTalk cable VLAN. Configuration Example Figure 3 shows an example of an HP 9308M routing switch with four AppleTalk cable VLANs configured on a single port-based VLAN.
PAGE 624
Configuring VLANs The following commands add four AppleTalk cable VLANs, in groups of three commands each. The appletalk cable-vlan command adds a cable VLAN and, with the optional name parameter, names the VLAN. The static command adds specific ports within the port-based VLAN to the AppleTalk cable VLAN. The router-interface command identifies virtual interface that connects to the AppleTalk cable range the VLAN is for.
PAGE 625
Advanced Configuration and Management Guide HP9300(config-vif-2)# appletalk zone-name BB HP9300(config-vif-2)# appletalk routing HP9300(config-vif-2)# interface ve 3 HP9300(config-vif-3)# appletalk cable-range 30 - 39 HP9300(config-vif-3)# appletalk address 30.1 HP9300(config-vif-3)# appletalk zone-name CC HP9300(config-vif-3)# appletalk routing HP9300(config-vif-3)# interface ve 4 HP9300(config-vif-4)# appletalk cable-range 40 - 49 HP9300(config-vif-4)# appletalk address 40.
PAGE 626
Configuring VLANs Configuration Guidelines • You cannot dynamically add a port to a protocol VLAN if the port has any routing configuration parameters. For example, the port cannot have a virtual interface, IP sub-net address, IPX network address, or AppleTalk network address configured on it. • Once you dynamically add a port to a protocol VLAN, you cannot configure routing parameters on the port. • Dynamic VLAN ports are not required or supported on AppleTalk cable VLANs.
PAGE 627
Advanced Configuration and Management Guide HP9300(config-vlan-10)# dynamic HP9300(config)# write memory These commands create a port-based VLAN on chassis ports 1/1 – 1/6 named “Mktg-LAN”, configure an IP sub net VLAN within the port-based VLAN, and then add ports from the port-based VLAN dynamically.
PAGE 628
Configuring VLANs Configuring Uplink Ports Within a Port-Based VLAN You can configure a subset of the ports in a port-based VLAN as uplink ports. When you configure uplink ports in a port-based VLAN, the device sends all broadcast and unknown-unicast traffic from a port in the VLAN to the uplink ports, but not to other ports within the VLAN. Thus, the uplink ports provide tighter broadcast control within the VLAN.
PAGE 629
Advanced Configuration and Management Guide VLAN 2 VLAN 3 VLAN 4 HP 9304M or 9308M Routing Switch VLAN 2 VE 1 -IP 10.0.0.1/24 VLAN 3 VE 2 -IP 10.0.1.1/24 VLAN 4 VE 3 -IP 10.0.2.1/24 Figure 16.14 Multiple port-based VLANs with separate protocol addresses As shown in this example, each VLAN has a separate IP sub-net address. If you need to conserve IP sub-net addresses, you can configure multiple VLANs with the same IP sub-net address, as shown in Figure 16.15.
PAGE 630
Configuring VLANs VLAN 2 VLAN 3 VLAN 4 HP 9304M or 9308M Routing Switch VLAN 2 VE 1 -IP 10.0.0.1/24 VLAN 3 VE 2 -Follow VE 1 VLAN 4 VE 3 -Follow VE 1 Figure 16.15 Multiple port-based VLANs with the same protocol address Each VLAN still requires a separate virtual interface. However, all three VLANs now use the same IP sub-net address. In addition to conserving IP sub-net addresses, this feature allows containment of Layer 2 broadcasts to segments within an IP sub-net.
PAGE 631
Advanced Configuration and Management Guide NOTE: If the device’s ARP table does not contain the requested host, the device forwards the ARP request on Layer 2 to the same VLAN as the one that received the ARP request. Then the device sends an ARP for the destination to the other VLANs that are using the same IP sub-net address. • If the destination is in the same VLAN as the source, the device does not need to perform a proxy ARP.
PAGE 632
Configuring VLANs HP9300(config-vif-3)# ip follow ve 1 NOTE: Since virtual interfaces 2 and 3 do not have their own IP sub-net addresses but instead are “following” virtual interface 1’s IP address, you still can configure an IPX or AppleTalk interface on virtual interfaces 2 and 3. Configuring VLAN Groups and Virtual Interface Groups To simplify configuration when you have many VLANs with the same configuration, you can configure VLAN groups and virtual interface groups.
PAGE 633
Advanced Configuration and Management Guide NOTE: The device’s memory must be configured to contain at least the number of VLANs you specify for the higher end of the range. For example, if you specify 2048 as the VLAN ID at the high end of the range, you first must increase the memory allocation for VLANs to 2048 or higher.
PAGE 634
Configuring VLANs virtual interface group that has the same ID as the VLAN group. You can enter this command when you configure the VLAN group for the first time or later, after you have added tagged ports to the VLAN and so on. The parameter in the interface group-ve command specifies the ID of the VLAN group with which you want to associate this virtual interface group. The VLAN group must already be configured and enabled to use a virtual interface group.
PAGE 635
Advanced Configuration and Management Guide NOTE: If many of your VLANs will have an identical configuration, you might want to configure VLAN groups and virtual interface groups after you increase the system capacity for VLANs and virtual interfaces. See “Configuring VLAN Groups and Virtual Interface Groups” on page 16-39. Increasing the Number of VLANs You Can Configure To increase the size of the VLAN table, which determines how many VLANs you can configure, use either of the following methods.
PAGE 636
Configuring VLANs HP9300# reload Syntax: system-max virtual-interface The parameter indicates the maximum number of virtual interfaces. The range of valid values depends on the device you are configuring. See Table 16.1. USING THE WEB MANAGEMENT INTERFACE See the Web management procedure for increasing the VLAN table size, in “Increasing the Number of VLANs You Can Configure” on page 16-42. Configuring Super Aggregated VLANs You can aggregate multiple VLANs within another VLAN.
PAGE 637
Advanced Configuration and Management Guide Client 1 . . . Client 3 . . . Client 5 Client 1 192.168.1.69/24 Path = a single VLAN into which client VLANs are aggregated Channel = a client VLAN nested inside a Path sub-net 192.168.1.0/24 Figure 16.16 Conceptual Model of the Super Aggregated VLAN Application Each client connected to the edge device is in its own port-based VLAN, which is like an ATM channel.
PAGE 638
Configuring VLANs Client 1 Port 1/1 VLAN 101 . . . Client 3 Port 1/3 VLAN 103 . . . Client 6 Port 1/1 VLAN 101 Client 5 Port 1/5 VLAN 105 Client 1 192.168.1.69/24 . . . Client 8 Port 1/3 VLAN 103 . . . Client 10 Port 1/5 VLAN 105 209.157.2.
PAGE 639
Advanced Configuration and Management Guide • • Add the port connected to the client as an untagged port. • Add the port connected to the core device (the device that will aggregate the VLANs) as a tagged port. This port must be tagged because all the client VLANs share the port as an uplink to the core device. On each core device: • Enable VLAN aggregation. This support allows the core device to add an additional tag to each Ethernet frame that contains a VLAN packet from the edge device.
PAGE 640
Configuring VLANs USING THE WEB MANAGEMENT INTERFACE You cannot enable VLAN aggregation using the Web management interface. The other options you need for configuring Aggregated VLANs are present in earlier software releases and are supported in the Web management interface. See the “Configuring Virtual LANs“ chapter in the September 2000 or later edition of the Installation and Getting Started Guide.
PAGE 641
Advanced Configuration and Management Guide HP9300A(config-vlan-102)# untagged ethernet 1/2 HP9300A(config-vlan-102)# exit HP9300A(config)# vlan 103 by port HP9300A(config-vlan-103)# tagged ethernet 2/1 HP9300A(config-vlan-103)# untagged ethernet 1/3 HP9300A(config-vlan-103)# exit HP9300A(config)# vlan 104 by port HP9300A(config-vlan-104)# tagged ethernet 2/1 HP9300A(config-vlan-104)# untagged ethernet 1/4 HP9300A(config-vlan-104)# exit HP9300A(config)# vlan 105 by port HP9300A(config-vlan-105)#
PAGE 642
Configuring VLANs Commands for Device D Device D is at the other end of path and separates the channels back into individual VLANs. The tag type must be the same as tag type configured on the other core device (Device C). In addition, VLAN aggregation also must be enabled.
PAGE 643
Advanced Configuration and Management Guide HP9300F(config-vlan-103)# exit HP9300F(config)# vlan 104 by port HP9300F(config-vlan-104)# tagged ethernet 2/1 HP9300F(config-vlan-104)# untagged ethernet 1/4 HP9300F(config-vlan-104)# exit HP9300F(config)# vlan 105 by port HP9300F(config-vlan-105)# tagged ethernet 2/1 HP9300F(config-vlan-105)# untagged ethernet 1/5 HP9300F(config-vlan-105)# exit HP9300F(config)# write memory Configuring VLANs Using the Web Management Interface Use the procedures in t
PAGE 644
Configuring VLANs 10. Click the Select Port Members button to display the following panel. 11. Select the ports you are placing in the VLAN. To select a row, click on the checkbox next to the row number, then click on the Select Row button. NOTE: Ports highlighted in grey are members of a trunk group. The port right before the grey ports is the master port for that trunk group. 12. When you finish selecting the ports, click on the Continue button to return to the Port VLAN configuration dialog. 13.
PAGE 645
Advanced Configuration and Management Guide 5. Enter the VLAN ID that will contain the protocol VLAN in the VLAN ID field. 6. Enter a name for the VLAN in the Protocol_VLAN_Name field. 7. Select the virtual interface from the Router_Interface pulldown list if you configured a virtual interface for routing into and out of the VLAN. 8. Select the protocol type. 9. Specify the port that are members for the VLAN: • Select Dynamic Port if you want the port membership to be dynamic.
PAGE 646
Configuring VLANs Configuring an IP Sub-Net VLAN 1. Log on to the device using a valid user name and password for read-write access. 2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options. 3. Click on the plus sign next to VLAN in the tree view to expand the list of VLAN option links. 4. Click on the Protocol link.
PAGE 647
Advanced Configuration and Management Guide NOTE: All the ports must be members of the port-based VLAN that contains this IP sub-net VLAN. See “Layer 3 Protocol-Based VLANs” on page 16-3. 11. Click the Add button (if you are adding a new VLAN) or the Modify button (if you are modifying an existing VLAN) to save the change to the device’s running-config file. 12. Select the Save link at the bottom of the dialog.
PAGE 648
Configuring VLANs 7. Select the virtual interface from the Router_Interface pulldown list if you configured a virtual interface for routing into and out of the VLAN. 8. Select the encapsulation type from the Frame_Type field’s pulldown list. 9. Enter the IPX network address of the VLAN in the Network field. 10. Specify the port that are members for the VLAN: • Select Dynamic Port if you want the port membership to be dynamic. For information, see “Dynamic Ports” on page 16-9.
PAGE 649
Advanced Configuration and Management Guide 5. Enter the VLAN ID that will contain the AppleTalk cable VLAN in the VLAN ID field. 6. Enter a name for the VLAN in the Protocol_VLAN_Name field. 7. Select the virtual interface from the Router_Interface pulldown list if you configured a virtual interface for routing into and out of the VLAN. 8. Select the AppleTalk cable ID from the AppleTalk Cable field’s pulldown list. 9.
PAGE 650
Configuring VLANs Displaying VLAN Information After you configure the VLANs, you can verify the configuration using the following methods. Displaying System-Wide VLAN Information Use one of the following methods to display VLAN information for all the VLANs configured on the device. USING THE CLI Enter the following command at any CLI level.
PAGE 651
Advanced Configuration and Management Guide Displaying VLAN Information for Specific Ports Use one of the following methods to display VLAN information for specific ports.
PAGE 652
Chapter 17 Route Health Injection You can configure an HP 9304M, HP 9308M, and HP 6308M-SX routing switch to check the health of the HTTP application and “inject” a host route into the network to force a preferred route to an actively responding web host. The web host can be directly attached to the routing switch or can be attached through Layer 2 switches.
PAGE 653
Advanced Configuration and Management Guide When Los Angeles site is available, client’s gateway router (at ISP) has path to the www.net.com in Los Angeles: Web client in Los Angeles requests www.net.com IP address Cost Location ============================ 209.157.22.249 4 Los Angeles If Los Angeles site is unavailable, the path ages out and is replaced by the path to the www.net.com in New York: ISP IP address Cost Location ============================ 209.157.22.
PAGE 654
Route Health Injection When the web browser sends its TCP SYN request (to initiate the HTTP session with the web host), the gateway router used by the client’s computer looks in its routing table for the route to the requested IP address. The router may receive multiple paths, in which case the router typically chooses the path with the lowest cost (usually the number of router hops to the host) to place in the routing table. The paths can all go to the same host or to different hosts.
PAGE 655
Advanced Configuration and Management Guide Configuration Considerations • The routing switch and the SLB or real server must be in the same IP sub-net. • Place the management station for the SLB on a different sub-net than the one that contains the web site (HTTP application) whose health you are checking.
PAGE 656
Route Health Injection Interface Level The following commands configure an IP sub-net address that is in the same sub-net as the web site’s IP address. Enter these commands on the interface that connects the routing switch to the real server or to the SLB that is load balancing for the IP address. The ip dont_advertise command configures the routing switch to block advertisement of the host route for the interface.
PAGE 657
Advanced Configuration and Management Guide The server real command in this example configures the HP 6308M-SX to send an HTTP health check to the HTTP port on IP address 209.157.22.249. When you press Enter after this command, the CLI changes to the Real Server level of the CLI. This level allows you to configure health check parameters for the HTTP port on the IP address. The port http keepalive command in this example is entered at the Real Server level and enables the HTTP health check.
PAGE 658
Route Health Injection CLI Commands for 6308M-SX R3 The following commands configure 6308M-SX R3 for the configuration shown in Figure 17.1. This example includes the commands for modifying the HTTP health check interval and retry values. HP6308-R3(config) server port 80 HP6308-R3(config-port-80) tcp keepalive 10 3 HP6308-R3(config-port-80) server real S3 209.157.22.249 HP6308-R3(config-rs-S2) port http keepalive HP6308-R3(config-rs-S2) port http url "/marketing.
PAGE 659
Advanced Configuration and Management Guide Table 17.1: Real Server Information (Continued) This Field... IP Displays... The IP address of the real server. If you configured a host range of VIPs on the server, the number following the IP address (after the colon) is the number of hosts on the server. State The state of the real server. The state can be one of the states listed by “Server State” at the top of the display.
PAGE 660
Appendix A Network Monitoring This chapter provides a general overview of monitoring tools supported on HP ProCurve switches and routing switches. Configuration examples are provided using the CLI and Web management interfaces. RMON Support All HP ProCurve switches and routing switches come standard with an RMON agent that supports the following groups. The group numbers come from the RMON specification (RFC 1757).
PAGE 661
Advanced Configuration and Management Guide 2. Click on the plus sign next to Monitor in the tree view to expand the list of monitoring options. 3. Click on the plus sign next to Port in the tree view to expand the list of Port option links. 4. Click on the Statistics link to display the Port Statistic table. 5. Click on the RMON Ethernet Statistics link to display the RMON Ethernet Statistics table.
PAGE 662
Network Monitoring Syntax: rmon alarm owner USING THE WEB MANAGEMENT INTERFACE This display is not supported on the Web management interface. Event (RMON Group 9) There are two elements to the Event Group—the event control table and the event log table.
PAGE 663
Advanced Configuration and Management Guide NOTE: For a complete summary of all available show... CLI commands and their displays, see the Command Line Interface Reference. USING THE WEB MANAGEMENT INTERFACE 1. Log on to the device using a valid user name and password for read-only or read-write access. The System configuration dialog is displayed. 2. Click on the plus sign next to Monitor in the tree view to expand the list of monitoring options. 3.
PAGE 664
Network Monitoring Clearing Statistics You can clear statistics for many parameters with the clear option. USING THE CLI To determine the available clear commands for the system, enter the following command: HP9300# clear ? Syntax: clear
PAGE 665
Advanced Configuration and Management Guide A - 6
PAGE 666
Appendix B Protecting Against Denial of Service Attacks In a Denial of Service (DoS) attack, a router is flooded with useless packets, hindering normal operation. HP devices include measures for defending against two types of DoS attacks: Smurf attacks and TCP SYN attacks. Protecting Against Smurf Attacks A Smurf attack is a kind of DoS attack where an attacker causes a victim to be flooded with ICMP echo (Ping) replies sent from another network. Figure B.1 illustrates how a Smurf attack works.
PAGE 667
Advanced Configuration and Management Guide For each ICMP echo request packet sent by the attacker, a number of ICMP replies equal to the number of hosts on the intermediary network are sent to the victim. If the attacker generates a large volume of ICMP echo request packets, and the intermediary network contains a large number of hosts, the victim can be overwhelmed with ICMP replies.
PAGE 668
Protecting Against Denial of Service Attacks • If the number of ICMP packets exceeds the burst-max value, all ICMP packets are dropped for the number of seconds specified by the lockup value. When the lockup period expires, the packet counter is reset and measurement is restarted. In the example above, if the number of ICMP packets received per second exceeds 5,000, the excess packets are dropped.
PAGE 669
Advanced Configuration and Management Guide Displaying Statistics about Packets Dropped Because of DoS Attacks To display information about ICMP and TCP SYN packets dropped because burst thresholds were exceeded: HP9300(config)# show statistics dos-attack ---------------------------- Local Attack Statistics -------------------------- ICMP Drop Count ICMP Block Count SYN Drop Count SYN Block Count -------------------------------------------------------- 0 0 0 0 --------------------------- Transit Atta
PAGE 670
Appendix C Policies and Filters The HP 9304M, HP 9308M, and HP 6308M-SX routing switches and the HP 6208M-SX switch provide a robust array of policies and filters. You can configure policies and filters to do the following: • Change Quality-of-Service priorities for individual ports, VLANs, Layer 4 flows, static MAC entries, and AppleTalk sockets. • Configure protocol-based VLANs, IP sub-net VLANs, and IPX network VLANs within standard 802.1d port based VLANs.
PAGE 671
Advanced Configuration and Management Guide Scope Some policies and filters are configured and apply globally, while others are configured globally but apply to individual ports. The following table lists the scope for each type of policy and filter. Table C.
PAGE 672
Policies and Filters Default Filter Actions By default, no policies or filters are defined on the routing switches and switch. The following table lists the default action when no policy or filter is configured and the default action after you configure a policy or filter. For some types of policies and filters, the default action changes once you configure a policy or filter, regardless of the policy or filter’s contents. Table C.
PAGE 673
Advanced Configuration and Management Guide Policy and Filter Precedence QoS You can apply QoS policies to individual ports, VLANs, static MAC address, Layer 4 sessions, and AppleTalk sockets. If a port is a member of two or more of these items and has different priorities, the priorities are merged. However, the resulting priority is never lower than the highest priority. Precedence Among Filters on Different Layers Generally, the device applies only the type of filter that applies to the traffic.
PAGE 674
Policies and Filters Policies A policy is a set of rules that defines how the device handles packets. Table C.3 lists the types of policies you can configure on the routing switches and the switch. Table C.3: Policies Policy Type Supported on...
PAGE 675
Advanced Configuration and Management Guide Syntax Use the following CLI commands or Web management interface panels to configure QoS policies. Table C.
PAGE 676
Policies and Filters IP sub-net and IPX network VLANs are similar, except for these VLAN types the device examines the IP sub-net or IPX network address. • If the IP sub-net or IPX network address matches the address of the IP sub-net VLAN or IPX network VLAN, the device forwards the packet. • If the sub-net or network address does not match the VLAN, the device drops the packet. See “Configuring VLANs” on page 16-1 for VLAN configuration rules and examples.
PAGE 677
Advanced Configuration and Management Guide Inbound IP Access Policy Group for Port 1/1 PolicyID Action Source Destination -------------------------------------------------------------------------------3 Deny any 209.157.22.26/32 any 17 Deny 209.157.22.14/32 any any 34 Deny 201.21.2.7/32 209.157.22.69/32 201.21.2.7/32 1024 Permit any any any Source: 209.157.22.69/24 Source: 209.157.22.11/24 Source: 209.157.22.26/24 Source: 209.157.22.69/24 Source: 209.157.22.128/24 Dest: 211.44.29.
PAGE 678
Policies and Filters Syntax Use the following CLI commands or Web management interface panels to configure IP access policies. Table C.
PAGE 679
Advanced Configuration and Management Guide Outbound Policy Group for Port 2/1 PolicyID Action Source Destination ---------------------------------------------------------------------------------1 Deny any 128.24.26.0/24 1024 Permit any any Source: 209.157.22.69/24 Source: 209.157.22.11/24 Source: 209.157.22.26/24 Source: 209.157.22.69/24 Source: 209.157.22.128/24 Dest: 211.44.29.67/24 Dest: 209.241.12.66/24 Dest: 128.24.26.7/24 Dest: 209.211.44.128/24 Dest: 209.184.66.
PAGE 680
Policies and Filters Syntax Use the following CLI commands or Web management interface panels to configure TCP/UDP access policies. Table C.
PAGE 681
Advanced Configuration and Management Guide Table C.8: Filters (Continued) Filter Type Supported on... Routing Switch See page...
PAGE 682
Policies and Filters Syntax Use the following CLI commands or Web management interface panels to configure MAC filters. Table C.9: MAC Filters CLI syntax HP9300(config)# mac filter permit | deny any | any | etype | IIc | snap Web management links Configure->MAC Filter HP9300(config-if-1/1)# mac-filter-group Broadcast Filters Broadcast filters are outbound filters that drop Layer 2 broadcast packets that match the filter criteria.
PAGE 683
Advanced Configuration and Management Guide Multicast Filters Multicast filters are outbound filters that apply to packets that have a Layer 2 multicast address in the destination MAC address field. You can configure multicast filters to filter on all multicast addresses or a specific multicast address. You can configure up to eight multicast filters. NOTE: Multicast filters are applied in numerical order, beginning with filter 1. Action Multicast filters forward (permit) or drop (deny) packets.
PAGE 684
Policies and Filters Address-lock filter for port 3/1: Two (2) addresses can be learned on the port. X X MAC address: abcd MAC address: efef 1st MAC = learned 2nd MAC = learned MAC address: 1234 MAC address: 9876 4th MAC = dropped Figure D.3 3rd MAC = dropped Address-lock filter Actions Forward (permit) only those packets with a MAC address that the port has learned. Deny all other packets. Scope You configure a lock address filter globally, but you also specify the port as part of the filter.
PAGE 685
Advanced Configuration and Management Guide Layer 3 Filters Layer 3 filters control a device’s transmission and receipt of packets based on routing protocol information in the packets.
PAGE 686
Policies and Filters Outbound IP/RIP Route Filter Group for Port 4/1 Inbound IP/RIP Route Filter Group for Port 4/1 FilterID Action Source -------------------------------------------------------1 Deny 209.157.22.0/24 1024 Permit any FilterID Action Source -------------------------------------------------------2 Deny 192.164.21.0/24 1024 Permit any 209.241.12.0/24 209.157.22.0/24 X 209.241.12.0/24 192.164.21.0/24 Neighbor RIP Router 192.164.28.0/24 209.157.22.0/24 192.164.21.0/24 X 192.164.28.
PAGE 687
Advanced Configuration and Management Guide Inbound IP/RIP Neighbor Filter for Port 4/3 FilterID Action Source -------------------------------------------------------1 Deny 192.99.26.1/24 1024 Permit any Neighbor RIP Router 201.44.67.1/24 Neighbor RIP Router X 192.99.26.1/24 Actions • An IP/RIP neighbor filter applied to outbound traffic on a port permits or denies advertisement of routes.
PAGE 688
Policies and Filters IPX Filters IPX filters control transmission and receipt of IPX packets, IPX RIP routes, and IPX Service Advertisement Protocol (SAP) messages. IPX forwarding filters filter on source and destination IPX address and socket information. IPX RIP filters filter based on a route’s network address. IPX SAP filters filter based on server type and server name. IPX Forwarding Filters IPX forwarding filters control forwarding of IPX packets.
PAGE 689
Advanced Configuration and Management Guide IPX SAP Filters IPX Service Advertisement Protocol (SAP) filters control client access to IPX servers. Actions • An IPX SAP filter applied to inbound packets learns or drops advertisements for the specific services. • An IPX SAP filter applied to outbound traffic advertises or does not advertise services. Scope You configure IPX SAP filters globally, then apply them to specific ports.
PAGE 690
Policies and Filters Zone Filter to block Marketing from accessing Engineering FilterID Action Zone ------------------------------------------1 Deny Marketing 1024 Permit any Macintosh computer Macintosh computer Macintosh computer Macintosh computer Engineering zone does not appear in Marketing’s Choosers. However, RTMP is not filtered--users in Marketing can still ping devices in Engineering. Figure D.
PAGE 691
Advanced Configuration and Management Guide NOTE: If you use the rtmp-filtering | no-rtmp-filtering parameter, you are configuring an AppleTalk network filter. See the following section. Appletalk Network Filters Routing Table Maintenance Protocol (RTMP) filtering enhances a zone filter by hiding the cable ranges inside the zones used by other routing switches. The denied network numbers of the filtered zone will be removed from the RTMP packets.
PAGE 692
Policies and Filters Actions • A BGP4 address filter applied to inbound packets permits (learns) or denies (drops) the specified network address in BGP4 updates received from a BGP4 neighbor. • A BGP4 address filter applied to outbound packets permits (advertises) or denies (drops) the specified network address in BGP4 updates the device sends to a BGP4 neighbor.
PAGE 693
Advanced Configuration and Management Guide Scope You define BGP4 AS-path filters globally, then apply them as part of a BGP4 neighbor’s distribute list or as part of a match statement in a route map. Syntax Use the following CLI commands or Web management interface panels to configure BGP4 AS-path filters. Table C.
PAGE 694
Policies and Filters Syntax Use the following CLI commands or Web management interface panels to configure BGP4 community filters. Table C.22: BGP4 Community Filters CLI syntax Web management links HP9300(config-bgp-router)# community-filter permit | deny | internet | no-advertise | no-export Configure->BGP->Community Filter HP9300(config-bgp-routemap RMAP_NAME)# match as-path-filters | community-filters | address-filters
PAGE 695
Advanced Configuration and Management Guide OSPF Route Redistribution Filters FilterID Action Address ------------------------------------------1 Permit 201.99.81.0/24 2 Permit 192.124.28.0/24 X OSPF Router IP/RIP Router OSPF Router 201.99.81.0/24 192.124.28.0/24 191.47.12.0/24 Figure D.7 OSPF redistribution filters IP/RIP Redistribution Filters IP/RIP redistribution filters control redistribution of routes from other protocols into RIP.
PAGE 696
Policies and Filters Syntax Use the following CLI commands or Web management interface panels to configure IP/RIP redistribution filters. Table C.
PAGE 697
Advanced Configuration and Management Guide Syntax Use the following CLI commands or Web management interface panels to configure BGP4 redistribution filters. Table C.25: BGP4 Redistribution Filters CLI syntax HP9300(config-bgp-router)# redistribute rip | ospf | static [match internal | external1 | external2] [metric ] [route-map ] [weight ] Web management links Configure->BGP->Redistribute NOTE: The optional match internal | external1 | external2 argument applies only to OSPF.
PAGE 698
Index Numerics 802.1p QoS priority 2-14, 16-5 A AARP 15-4 Abdication VRRP 12-18 ABR 8-2 displaying information 8-48 OSPF 8-2 Access Control List. See ACL.
PAGE 699
Advanced Configuration and Management Guide VLAN 15-13, 16-3, 16-20 ZIP query interval 15-19 zone 15-5 filter 15-2, C-20 zone filter 15-10 AppleTalk Cable VLAN dynamic port add 16-32 AppleTalk cable VLAN 16-1, 16-29 configuring 16-55 AppleTalk router 15-7 AppleTalk socket QoS priority 2-25 Area OSPF 8-1 assigning to interface 8-16 configuring 8-9 displaying information 8-40 Area range OSPF 8-2 configuring 8-15 ARP 16-37 age AppleTalk 15-17 IP 6-28 IP Host unreachable message 7-1 proxy 6-29 retransmit count
PAGE 700
un-suppressing a route 10-117 BootP hops 6-72 IP address stamp 6-71 Broadcast directed 6-32 filter C-13 leaks 16-10 BSR 9-13 displaying 9-20 C Cable AppleTalk range 15-5 AppleTalk VLAN 16-29 Cache ARP displaying 6-85, 6-101 IP host displaying 6-88 IPX 14-19 PIM-SM 9-25, 9-26 CIDR 6-18, 6-80 Confederation 10-36 Configuring AppleTalk 15-1 AppleTalk cable VLAN 16-29 BGP4 10-1 DVMRP 9-42 IGMP 9-2 IP multicast 9-1 IP tunnel 9-50 IPX 14-1 OSPF 8-1 PIM-DM 9-7 PIM-SM 9-13 port-based VLAN 16-13, 16-17 p
PAGE 701
Advanced Configuration and Management Guide STP 5-3 Encapsulation DVMRP 9-49 Event RMON Group 9 A-3 Excluded port VLAN 16-10 Exit overflow interval OSPF 8-37 Extended IP ACL 3-9 External LSA displaying 8-45 F Fast external fallover 10-24 Fast Port Span 5-13 Fast Uplink Span 5-15 Filter C-1 AppleTalk network 15-3, 15-13, C-20 AppleTalk zone 15-2, 15-10, C-20 AS-path 10-46, C-23 BGP4 AS-path 10-46, C-23 community 10-51, C-24 distribute list 10-57 IP address 10-44, C-22 redistribution 10-41, C-27 broadca
PAGE 702
I IGMP configuring 9-2 maximum response time 9-3 membership time 9-3 query interval 9-2 Inactivity timer PIM-DM 9-11 Injection 17-1 Interface AppleTalk 15-5 enabling 15-8 DVMRP parameters 9-47 IP route filter 7-15 IP/RIP displaying information 6-83 IPX configuring 14-3 displaying information 14-17 frame type 14-1 parameters 14-2 loopback 10-13 OSPF blocking LSAs 8-20 defaults 8-18 displaying information 8-43 PIM-DM parameters 9-11 PIM-SM parameters 9-14 SRP parameters 13-11 track port 13-3 track port SRP 13
PAGE 703
Advanced Configuration and Management Guide age timer learned routes 14-15 learned SAP entries 14-15 configuring 14-1 interface 14-3 displaying information 14-16 forwarding cache 14-19 route 14-20 server table 14-21 summary 14-16 enabling 14-2 filter forward 14-5, C-19 GNS replies 14-10 frame type 14-1 GNS replies disabling 14-11 round robin 14-10 interface configuring 14-3 displaying information 14-17 parameters 14-2 traffic statistics 14-22 VLAN 16-3, 16-20 IPX network VLAN 16-1 configuring 16-54 IPX/RIP
PAGE 704
VRRP 12-4, 12-16 hold BGP4 10-23 join PIM-SM 9-17 keepalive BGP4 10-23 SRP 13-11 probe DVMRP 9-46 prune DVMRP 9-45 PIM-DM 9-9 PIM-SM 9-17 Metric BGP4 10-29, 10-31 DVMRP 9-48 OSPF redistribution 8-27, 8-33 redistribution IP/RIP 7-8 Modifying OSPF compliance setting 8-36 OSPF default port parameters 8-36 mrinfo 9-55 mroute 9-51 mtrace 9-53 MTU IP 6-24 Multicast cache PIM-SM 9-26 delivery tree 9-39 filter C-14 tree IP multicast 9-2 Multi-Exit Discriminator 10-3, 10-29, 10-31 N Named IP ACL 3-18 NBP 15-3 Negot
PAGE 705
Advanced Configuration and Management Guide load sharing 8-30 LSDB maximum 8-38 modifying port parameters 8-36 neighbor 8-20 Not So Stubby Area configuring 8-11 NSSA configuring 8-11 overview 8-1 parameters 8-7 redistribution 8-24, C-27 enabling 8-28 metric 8-27 metric type 8-33 RFC compliance 8-4, 8-36 route maximum 8-37 summarization 8-31 SPF delay 8-33 hold time 8-33 totally stubby area configuring 8-11 transit area 8-20 trap 8-35 virtual link 8-20 displaying information 8-47 parameters 8-23 virtual nei
PAGE 706
excluded 16-10 static 16-10 types 16-9 Port-based VLAN configuring 16-50 default 16-5, 16-13 Preempt VRRP backup 12-18 Prefix 6-80 Priority 802.
PAGE 707
Advanced Configuration and Management Guide load balancing 6-41 VLAN 16-3, 16-12, 16-21 AppleTalk 15-13 Route dampening statistics 10-79, 10-111 Route discard time DVMRP 9-44 Route expire timeout DVMRP 9-44 Route flap dampening 10-69 statistics clearing 10-78, 10-80, 10-114 un-suppressing a route 10-117 Route health injection 17-1 Route map 10-59 match 10-61 set 10-66 Route reflection 10-33 Route summarization BGP4 10-32 OSPF 8-31 Route synchronization 10-32 Route table BGP4 10-2 displaying 10-102 path sel
PAGE 708
Fast Uplink Span 5-15 single 5-17 statistics A-4 VLAN 16-7, 16-19 Strict QoS method 2-3 System displaying information A-3 T Table map 10-68 Tagged port 2-14, 16-5 TCP/UDP access policy C-9 Threshold TTL IP 6-32 Time update IP/RIP 7-10 Totally stubby area OSPF configuring 8-11 Traceroute IP multicast 9-53 Track port SRP 13-10, 13-14 VRRP 12-17 Track priority VRRP 12-17 Traffic QoS bandwidth percentages 2-28 statistics AppleTalk 15-20 BGP4 10-90 IP/RIP 6-93, 6-102 IPX 14-22 PIM-SM 9-28 Transit area OSPF
PAGE 709
Advanced Configuration and Management Guide authentication 12-5, 12-14 backup 12-15 priority 12-15 backup preempt 12-18 configuring 12-1, 12-12 dead interval 12-16 differences from SRP 13-7 differences from SRP and VRRPE 12-8 hello 12-4 hello timer 12-16 master 12-15 master negotiation 12-4 multiple VLANs 16-37 RIP advertisement suppression 12-5, 12-16 statistics clearing 12-30 track port 12-5, 12-17 track priority 12-17 virtual router IP address 12-4 virtual router MAC address 12-3 VRI
PAGE 710
Technical information in this document is subject to change without notice. ©Copyright Hewlett-Packard Company 2000. All rights reserved. Reproduction, adaptation, or translation without prior written permission is prohibited except as allowed under the copyright laws.