- HP Procurve Switch 4108GL Management and Configuration Guide

ManualsBrandsIronPort Systems ManualsSwitch4108GL

hp procurve

switch 4108gl

management and

configuration guide

www.hp.com/go/hpprocurve

Summary of content (483 pages)

PAGE 1
management and configuration guide hp procurve switch 4108gl www.hp.
PAGE 2
PAGE 3
HP Procurve Switch 4108GL Software Release G.01.
PAGE 4
© Copyright 2001 Hewlett-Packard Company All Rights Reserved. This document contains information which is protected by copyright. Reproduction, adaptation, or translation without prior permission is prohibited, except as allowed under the copyright laws. Publication Number 5969-2378 May 2001 Applicable Product Disclaimer The information contained in this document is subject to change without notice.
PAGE 5
Preface Preface Use of This Guide and Other Procurve Switch Documentation This guide describes how to use the command line interface (CLI), menu interface, and web browser interface for the HP Procurve Switch 4108GL— also referred to as the Switch 4108GL. ■ If you need information on specific parameters in the menu interface, refer to the online help provided in the interface. ■ If you need information on a specific command in the CLI, type the command name followed by “help” ( help).
PAGE 6
Preface To Set Up and Install the Switch in Your Network Use the HP Procurve Switch 4108GL Installation and Getting Started Guide (shipped with the switch) to guide you in the following: iv ■ Physically installing the switch in your network ■ Quickly assigning an IP address and subnet mask, set a Manager password, and (optionally) configure other basic features.
PAGE 7
Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii Use of This Guide and Other Procurve Switch Documentation . . . . . . iii Just Want a Quick Start? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii To Set Up and Install the Switch in Your Network . . . . . . . . . . . . . . . . . iv Selecting a Management Interface Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 8
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Privilege Levels at Logon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Privilege Level Operation . . . . . . . . . . . . . . . . . .
PAGE 9
Switch Memory and Configuration Chapter Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 Overview of Configuration File Management . . . . . . . . . . . . . . . . . . . 5-2 Using the CLI To Implement Configuration Changes . . . . . . . . . . . . 5-4 Using the Menu and Web Browser Interfaces To Implement Configuration Changes . . . . . .
PAGE 10
IP Addressing with Multiple VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 IP Addressing in a Stacking Environment . . . . . . . . . . . . . . . . . . . . . . . 7-5 Menu: Configuring IP Address, Gateway, and Time-To-Live (TTL) . . 7-5 CLI: Configuring IP Address, Gateway, Time-To-Live (TTL), and Timep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7 Web: Configuring IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 11
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2 Configuring Username and Password Security . . . . . . . . . . . . . . . . . . 9-3 Menu: Configuring Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-5 CLI: Setting Manager and Operator Passwords . . . . . . . . . . . . . . . . . . . 9-6 Web: Configuring User-Names and Passwords . . . . . . . . . . . . . . . . . . .
PAGE 12
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2 Viewing Port Status and Configuring Port Parameters . . . . . . . . . . 11-2 Menu: Viewing Port Status and Configuring Port Parameters . . . . . 11-5 CLI: Viewing Port Status and Configuring Port Parameters . . . . . . . 11-6 Web: Viewing Port Status and Configuring Port Parameters . . . . . . 11-9 Port Trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 13
Configuring CDP Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-21 Effect of Spanning Tree (STP) On CDP Packet Transmission . . . . 12-23 How the Switch Selects the IP Address To Include in Outbound CDP Packets 12-24 CDP Neighbor Data and MIB Objects . . . . . . . . . . . . . . . . . . . . . . . . . 12-25 Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-27 HP Procurve Stack Management Chapter Contents . . . . . . . . . .
PAGE 14
Web: Viewing and Configuring VLAN Parameters . . . . . . . . . . . . . . 14-22 VLAN Tagging Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-23 Effect of VLANs on Other Switch Features . . . . . . . . . . . . . . . . . . . . 14-27 VLAN Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-29 GVRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-30 General Operation . .
PAGE 15
CLI: Configuring STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-5 Web: Enabling or Disabling STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-9 How STP Operates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-9 STP Fast Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-10 STP Operation with 802.1Q VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 16
Menu: Entering and Navigating in the Event Log . . . . . . . . . . . . . . . 18-17 CLI: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-18 Diagnostic Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-19 Port Auto-Negotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-19 Ping and Link Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 17
Selecting a Management Interface Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Understanding Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Advantages of Using the Menu Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 Advantages of Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 18
Selecting a Management Interface Selecting a Management Interface Overview Overview This chapter describes the following: ■ Management interfaces for the Switch 4108GL ■ Advantages of using each interface Understanding Management Interfaces Management interfaces enable you to reconfigure the switch and to monitor switch status and performance.
PAGE 19
Advantages of Using the Menu Interface Figure 1-1.
PAGE 20
Selecting a Management Interface Selecting a Management Interface Advantages of Using the CLI Advantages of Using the CLI HP4108> Operator Level HP4108# Manager Level HP4108(config)# Global Configuration Level HP4108()# Context Configuration Levels (port, VLAN) Figure 1-2. Example of The Command Prompt ■ Provides access to the complete set of the switch configuration, performance, and diagnostic features.
PAGE 21
Advantages of Using the HP Web Browser Interface Figure 1-3.
PAGE 22
Selecting a Management Interface Selecting a Management Interface Advantages of Using HP TopTools for Hubs & Switches Advantages of Using HP TopTools for Hubs & Switches You can operate HP TopTools from a PC on the network to monitor traffic, manage your hubs and switches, and proactively recommend network changes to increase network uptime and optimize performance. Easy to install and use, HP TopTools for Hubs & Switches is the answer to your management challenges. Figure 1-4.
PAGE 23
■ ■ • Notifies you when HP hubs use “self-healing” features to fix or limit common network problems. • Provides a list of discovered devices, with device type, connectivity status, the number of new or open alerts for each device, and the type of management for each device. • Provides graphical maps of your networked devices, from which you can access specific devices. • Identifies users by port and lets you assign easy-to-remember names to any network device.
PAGE 24
Selecting a Management Interface Selecting a Management Interface Advantages of Using HP TopTools for Hubs & Switches 1-8
PAGE 25
2 Using the Menu Interface Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Starting and Ending a Menu Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 How To Start a Menu Interface Session . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 How To End a Menu Session and Exit from the Console: . . . . . . . . . . 2-5 Main Menu Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 26
Using the Menu Interface Overview Overview Using the Menu Interface This chapter describes the following features: ■ Overview of the Menu Interface (page 4-1) ■ Starting and ending a Menu session (page 2-3) ■ The Main Menu (page 2-7) ■ Screen structure and navigation (page 2-9) ■ Rebooting the switch (page 2-12) The menu interface operates through the switch console to provide you with a subset of switch commands in an easy-to-use menu format enabling you to: ■ Perform a "quick configuration" o
PAGE 27
Using the Menu Interface Starting and Ending a Menu Session someone without a password can still gain read-only access.) For more information on passwords, see “Configuring Username and Password Security” on page 9-3. Menu Interaction with Other Interfaces. The menu interface displays the current running-config parameter settings. You can use the menu interface to save configuration changes made in the CLI only if the CLI changes are in the running config when you save changes made in the menu interface.
PAGE 28
Using the Menu Interface Starting and Ending a Menu Session How To Start a Menu Interface Session Using the Menu Interface In its factory default configuration, the switch console starts with the CLI prompt. To use the menu interface with Manager privileges, go to the Manager level prompt and enter the menu command. 1. Use one of these methods to connect to the switch: • A PC terminal emulator or terminal • Telnet (You can also use the stack Commander if the switch is a stack member.
PAGE 29
Using the Menu Interface Starting and Ending a Menu Session Using the Menu Interface Figure 2-1. The Main Menu with Manager Privileges For a description of Main Menu features, see “Main Menu Features” on page 2-7. Note To configure the switch to start with the menu interface instead of the CLI, go to the Manager level prompt in the CLI, enter the setup command, and in the resulting desplay, change the Logon Default parameter to Menu.
PAGE 30
Using the Menu Interface Starting and Ending a Menu Session Using the Menu Interface Asterisk indicates a configuration change that requires a reboot to activate. Figure 2-2. An Asterisk Indicates a Configuration Change Requiring a Reboot 1. In the current session, if you have not made configuration changes that require a switch reboot to activate, return to the Main Menu and press [0] (zero) to log out. Then just exit from the terminal program, turn off the terminal, or quit the Telnet session. 2.
PAGE 31
Using the Menu Interface Main Menu Features Main Menu Features Using the Menu Interface Figure 2-3. The Main Menu View with Manager Privileges The Main Menu gives you access to these Menu interface features: ■ Status and Counters: Provides access to display screens showing switch information, port status and counters, port and VLAN address tables, and spanning tree information. (See Chapter 17, “Monitoring and Analyzing Switch Operation”.
PAGE 32
Using the Menu Interface Using the Menu Interface Main Menu Features 2-8 ■ Command Line (CLI): Selects the Command Line Interface at the same level (Manager or Operator) that you are accessing in the Menu interface. (See chapter 3, "Using the Command Line Interface (CLI)".) ■ Reboot Switch: Performs a "warm" reboot of the switch, which clears most temporary error conditions, resets the network activity counters to zero, and resets the system up-time to zero.
PAGE 33
Using the Menu Interface Screen Structure and Navigation Screen Structure and Navigation Menu interface screens include these three elements: Parameter fields and/or read-only information such as statistics ■ Navigation and configuration actions, such as Save, Edit, and Cancel ■ Help line to describe navigation options, individual parameters, and readonly data For example, in the following System Information screen: Screen title – identifies the location within the menu structure Parameter fields He
PAGE 34
Using the Menu Interface Screen Structure and Navigation Using the Menu Interface Table 2-1. 2-10 How To Navigate in the Menu Interface Task: Actions: Execute an action from the “Actions –>” list at the bottom of the screen: Use either of the following methods: • Use the arrow keys ( [<] ,or [>] ) to highlight the action you want to execute, then press [Enter]. • Press the key corresponding to the capital letter in the action name.
PAGE 35
Using the Menu Interface Screen Structure and Navigation To get Help on individual parameter descriptions. In most screens there is a Help option in the Actions line. Whenever any of the items in the Actions line is highlighted, press [H], and a separate help screen is displayed. For example: Highlight on any item in the Actions line indicates that the Actions line is active. The Help line provides a brief descriptor of the highlighted Action item or parameter. Figure 2-5.
PAGE 36
Using the Menu Interface Rebooting the Switch Rebooting the Switch Using the Menu Interface Rebooting the switch from the menu interface ■ Terminates all current sessions and performs a reset of the operating system ■ Activates any menu interface configuration changes that require a reboot ■ Resets statistical counters to zero (Note that statistical counters can be reset to zero without rebooting the switch.) To Reboot the switch, use the Reboot Switch option in the Main Menu.
PAGE 37
Using the Menu Interface Rebooting the Switch Rebooting To Activate Configuration Changes. Configuration changes for most parameters in the menu interface become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the Maximum VLANs to support parameter. (To access this parameter, go to the Main Menu and select: 8. VLAN Menu 1. VLAN Support.
PAGE 38
Using the Menu Interface Menu Features List Menu Features List Using the Menu Interface Status and Counters • General System Information • Switch Management Address Information • Port Status • Port Counters • Address Table • Port Address Table • Spanning Tree Information Switch Configuration • System Information • Port/Trunk Settings • Network Monitoring Port • Spanning Tree Operation • IP Configuration • SNMP Community Names • IP authorized Managers • VLAN Menu Console Passw
PAGE 39
Using the Menu Interface Where To Go From Here Where To Go From Here Option Where To Turn To use the Run Setup option See the Installation and Getting Started Guide shipped with the switch.
PAGE 40
Using the Menu Interface Using the Menu Interface Where To Go From Here 2-16
PAGE 41
3 Using the Command Line Interface (CLI) Chapter Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Privilege Level Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 42
Using the Command Line Interface (CLI) Overview Overview The CLI is a text-based command interface for configuring and monitoring the switch. The CLI gives you access to the switch’s full set of commands while providing the same password protection that is used in the web browser interface and the menu interface.
PAGE 43
Using the Command Line Interface (CLI) Using the CLI Startup Config file in non-volatile memory. If you reboot the switch without first using write memory, all changes made since the last reboot or write memory (whichever is later) will be lost. For more on switch memory and saving configuration changes, see Chapter 5X, “Switch Memory and Configuration”. Privilege Levels at Logon Privilege levels control the type of access to the CLI. To implement this control, you must set at least a Manager password.
PAGE 44
Using the Command Line Interface (CLI) Using the CLI Caution HP strongly recommends that you configure a Manager password. If a Manager password is not configured, then the Manager level is not passwordprotected, and anyone having in-band or out-of-band access to the switch may be able to reach the Manager level and compromise switch and network security. Note that configuring only an Operator password does not prevent access to the Manager level by intruders who have the Operator password.
PAGE 45
Using the Command Line Interface (CLI) Using the CLI Manager Privileges Manager privileges give you three additional levels of access: Manager, Global Configuration, and Context Configuration. (See figure .) A "#" character delimits any Manager prompt. For example: (Example of the Manager prompt.) HP4108#_ ■ Manager level: Provides all Operator level privileges plus the ability to perform system-level actions that do not require saving changes to the system configuration file.
PAGE 46
Using the Command Line Interface (CLI) Using the CLI Changing Interfaces. If you change from the CLI to the menu interface, or the reverse, you will remain at the same privilege level. For example, entering the menu command from the Operator level of the CLI takes you to the Operator privilege level in the menu interface. Table 3-1.
PAGE 47
Using the Command Line Interface (CLI) Using the CLI How To Move Between Levels Change in Levels Example of Prompt , Command, and Result Operator level to Manager level HP4108> enable Password:_ After you enter enable, the Password prompt appears.
PAGE 48
Using the Command Line Interface (CLI) Using the CLI for VLAN 1 and later use the CLI to configure a different IP address of "Y" for VLAN 1, then "Y" replaces "X" as the IP address for VLAN 1 in the runningconfig file. (If you subsequently execute write memory in the CLI, then the switch also stores "Y" as the IP address for VLAN 1 in the startup-config file. (For more on the startup-config and running config files, see Chapter 5X, “Switch Memory and Configuration”.
PAGE 49
Using the Command Line Interface (CLI) Using the CLI Typing ? at the Manager level produces this listing: Using the Command Line Interface (CLI) When - - MORE - appears, use the Space bar or [Return] to list additional commands. Figure 3-4. Example of the Manager-Level Command Listing When - - MORE - - appears, there are more commands in the listing. To list the next screenfull of commands, press the Space bar. To list the remaining commands one-by-one, repeatedly press [Enter].
PAGE 50
Using the Command Line Interface (CLI) Using the CLI telnet terminal HP4108(config)# t As mentioned above, if you type part of a command word and press [Tab], the CLI completes the current word (if you have typed enough of the word for the CLI to distinguish it from other possibilities), including hyphenated extensions. For example: HP4108(config)# port[Tab] HP4108(config)# port-security _ Pressing [Tab] after a completed command word lists the further options for that command.
PAGE 51
Using the Command Line Interface (CLI) Using the CLI Thus, if you wanted to create a port trunk group using ports c3-c6, the above conventions show that you could do so using any of the following forms of the trunk command: HP4108(config)# trunk trk1 trunk c3-c6 HP4108(config)# trunk trk1 trunk e c3-c6 HP4108(config)# trunk trk1 lacp c3-c6 HP4108(config)# trunk trk1 lacp e c3-c6 Listing Command Options.
PAGE 52
Using the Command Line Interface (CLI) Using the CLI Figure 3-7. Example of Context-Sensitive Command-List Help Using the Command Line Interface (CLI) Displaying Help for an Individual Command. You can display Help for any command that is available at the current context level by entering enough of the command string to identify the command, along with help. Syntax: help For example, to list the Help for the interface command in the Global Configuration privilege level: Figure 3-8.
PAGE 53
Using the Command Line Interface (CLI) Using the CLI Figure 3-9. Example of Help for a Specific Instance of a Command HP4108# interface help Invalid input: interface Configuration Commands and the Context Configuration Modes You can execute any configuration command in the global configuration mode or in selected context modes. However, using a context mode enables you to execute context-specific commands faster, with shorter command strings.
PAGE 54
Using the Command Line Interface (CLI) Using the CLI HP4108(eth-C5-C8)# ? HP4108(eth-C5-C8)# ? Lists the commands you can use in the port or static trunk context, plus the Manager, Operator, and context commands you can execute at this level. Using the Command Line Interface (CLI) In the port context, the first block of commands in the "?" listing show the context-specific commands that will affect only ports C3-C6. The remaining commands in the listing are Manager, Operator, and context commands.
PAGE 55
Using the Command Line Interface (CLI) Using the CLI VLAN Context . Includes VLAN-specific commands that apply only to the selected VLAN, plus Manager and Operator commands. The prompt for this mode includes the VLAN ID of the selected VLAN. For example, if you had already configured a VLAN with an ID of 100 in the switch: Command executed at configuration level to enter VLAN 100 context. HP4108(vlan-100)# Resulting prompt showing VLAN 100 context.
PAGE 56
Using the Command Line Interface (CLI) CLI Control and Editing Using the Command Line Interface (CLI) CLI Control and Editing Keystrokes Function [Ctrl] [A] Jumps to the first character of the command line. [Ctrl] [B] or [<] Moves the cursor back one character. [Ctrl] [C] Terminates a task and displays the command prompt. [Ctrl] [D] Deletes the character at the cursor. [Ctrl] [E] Jumps to the end of the current command line. [Ctrl] [F] or [>] Moves the cursor forward one character.
PAGE 57
4 Using the HP Web Browser Interface Chapter Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 General Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 Web Browser Interface Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Starting an HP Web Browser Interface Session with the Switch . . . . . . . .
PAGE 58
Using the HP Web Browser Interface Overview Overview The HP web browser interface built into the switch lets you easily access the switch from a browser-based PC on your network. This lets you do the following: ■ Optimize your network uptime by using the Alert Log and other diagnostic tools ■ Make configuration changes to the switch ■ Maintain security by configuring usernames and passwords Using the HP Web Browser Interface This chapter covers the following: ■ General features (page 4-3).
PAGE 59
Using the HP Web Browser Interface General Features General Features The Switch 4108GL include these web browser interface features: Switch Configuration: • Ports • VLANs and Primary VLAN • Fault detection • Port monitoring (mirroring) • System information • Enable/Disable Multicast Filtering (IGMP) and Spanning Tree • IP • Stacking • Support and management URLs Using the HP Web Browser Interface Switch Security: Passwords Switch Diagnostics: • Ping/Link Test • Device reset • Config
PAGE 60
Using the HP Web Browser Interface Web Browser Interface Requirements Web Browser Interface Requirements You can use equipment meeting the following requirements to access the web browser interface on your intranet. Using the HP Web Browser Interface Table 4-1. 4-4 System Requirements for Accessing the HP Web Browser Interface Platform Entity and OS Version Minimum Recommended PC Platform 90 MHz Pentium 120 MHz Pentium HP-UX Platform (9.x or 10.
PAGE 61
Using the HP Web Browser Interface Starting an HP Web Browser Interface Session with the Switch Starting an HP Web Browser Interface Session with the Switch You can start a web browser session in the following ways: ■ ■ Using a standalone web browser on a network connection from a PC or UNIX workstation: • Directly connected to your network • Connected through remote access to your network Using a management station running HP TopTools for Hubs & Switches on your network Using a Standalone Web Brows
PAGE 62
Using the HP Web Browser Interface Starting an HP Web Browser Interface Session with the Switch 2. Type the IP address (or DNS name) of the switch in the browser Location or Address field and press [Enter]. (It is not necessary to include http://.) switch4108 [Enter] (example of a DNS-type name) 10.11.12.
PAGE 63
Using the HP Web Browser Interface Starting an HP Web Browser Interface Session with the Switch 3. Note If the Registration window appears, click on the Status tab. First-Time Install Alert Using the HP Web Browser Interface Alert Log The web browser interface automatically starts with the Status Overview window displayed for the selected device, as shown in figure 4-1. Figure 4-1.
PAGE 64
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Tasks for Your First HP Web Browser Interface Session The first time you access the web browser interface, there are three tasks that you should perform: ■ Review the “First Time Install” window ■ Set Manager and Operator passwords ■ Set access to the web browser interface online help Viewing the “First Time Install” Window Using the HP Web Browser Interface When you access the switch’s web browser interface fo
PAGE 65
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session This window is the launching point for the basic configuration you need to perform to set web browser interface passwords to maintain security and Fault Detection policy, which determines the types of messages that will be displayed in the Alert Log. To set web browser interface passwords, click on secure access to the device to display the Device Passwords screen, and then go to the next page.
PAGE 66
Using the HP Web Browser Interface Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Figure 4-3. The Device Passwords Window To set the passwords: 1. 2. Access the Device Passwords screen by one of the following methods: • If the Alert Log includes a “First Time Install” event entry, double click on this event, then, in the resulting display, click on the secure access to the device link. • Select the Security tab.
PAGE 67
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Note Passwords you assign in the web browser interface will overwrite previous passwords assigned in either the web browser interface, the Command Prompt, or the switch console. That is, the most recently assigned passwords are the switch’s passwords, regardless of which interface was used to assign the string.
PAGE 68
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session If You Lose a Password If you lose the passwords, you can clear them by pressing the Clear button on the front of the switch. This action deletes all password and user name protection from all of the switch’s interfaces.
PAGE 69
Using the HP Web Browser Interface Support/Mgmt URLs Feature Support/Mgmt URLs Feature The Support/Mgmt URLs window enables you to change the World Wide Web Universal Resource Locator (URL) for two functions: ■ Support URL – a support information site for your switch ■ Management Server URL – the site for online help for the web browser interface, and, if set up, the URL of a network management station running HP TopTools for Hubs & Switches. 1. Click Here 2.
PAGE 70
Using the HP Web Browser Interface Support/Mgmt URLs Feature Support URL This is the site that the switch accesses when you click on the Support tab on the web browser interface. The default URL is: http://www.hp.com/go/procurve which is the World Wide Web site for Hewlett-Packard’s networking products. Click on the [Support] button on that page and you can get to support information regarding your switch, including white papers, operating system (OS) updates, and more.
PAGE 71
Using the HP Web Browser Interface Support/Mgmt URLs Feature ■ If you have World Wide Web access from your PC or workstation, and do not have HP TopTools installed on your network, enter the following URL in the Management Server URL field shown in figure 4-7 on page 4-15: http://www.hp.com/rnd/device_help Figure 4-7. How To Access Web Browser Interface Online Help Policy Management and Configuration.
PAGE 72
Using the HP Web Browser Interface Status Reporting Features Status Reporting Features Browser elements covered in this section include: ■ The Overview window (below) ■ Port utilization and status (page 4-17) ■ The Alert log (page 4-20) ■ The Status bar (page 4-23) The Overview Window The Overview Window is the home screen for any entry into the web browser interface.The following figure identifies the various parts of the screen.
PAGE 73
Using the HP Web Browser Interface Status Reporting Features The Port Utilization and Status Displays The Port Utilization and Status displays show an overview of the status of the switch and the amount of network activity on each port. The following figure shows a sample reading of the Port Utilization and Port Status. Port Utilization Bar Graphs Bandwidth Display Control Port Status Indicators Legend Figure 4-9.
PAGE 74
Using the HP Web Browser Interface Status Reporting Features ■ Maximum Activity Indicator: As the bars in the graph area change height to reflect the level of network activity on the corresponding port, they leave an outline to identify the maximum activity level that has been observed on the port. Utilization Guideline. A network utilization of 40% is considered the maximum that a typical Ethernet-type network can experience before encountering performance difficulties.
PAGE 75
Using the HP Web Browser Interface Status Reporting Features Port Status Port Status Indicators Legend Figure 4-12. The Port Status Indicators and Legend The Port Status indicators show a symbol for each port that indicates the general status of the port. There are four possible statuses: Port Connected – the port is enabled and is properly connected to an active network device. ■ Port Not Connected – the port is enabled but is not connected to an active network device.
PAGE 76
Using the HP Web Browser Interface Status Reporting Features The Alert Log The web browser interface Alert Log, shown in the lower half of the screen, shows a list of network occurrences, or alerts, that were detected by the switch. Typical alerts are Broadcast Storm, indicating an excessive number of broadcasts received on a port, and Problem Cable, indicating a faulty cable. A full list of alerts is shown in the table on page 4-21. Using the HP Web Browser Interface Figure 4-13.
PAGE 77
Using the HP Web Browser Interface Status Reporting Features Alert Types The following table lists the types of alerts that can be generated. Table 4-2. Alert Strings and Descriptions Alert String Alert Description First Time Install Important installation information for your switch.
PAGE 78
Using the HP Web Browser Interface Status Reporting Features Note When troubleshooting the sources of alerts, it may be helpful to check the switch’s Port Status and Port Counter windows and the Event Log in the console interface. Viewing Detail Views of Alert Log Entries By double clicking on Alert Entries, the web browser interface displays a Detail View or separate window detailing information about the events. The Detail View contains a description of the problem and a possible solution.
PAGE 79
Using the HP Web Browser Interface Status Reporting Features The Status Bar The Status Bar is displayed in the upper left corner of the web browser interface screen. Figure 4-15 shows an expanded view of the status bar. Most Critical Alert Description Status Indicator Product Name Figure 4-15. Example of the Status Bar The Status bar consists of four objects: ■ Status Indicator. Indicates, by icon, the severity of the most critical alert in the current display of the Alert Log.
PAGE 80
Using the HP Web Browser Interface Status Reporting Features ■ Product Name. The product name of the switch to which you are connected in the current web browser interface session. Setting Fault Detection Policy One of the powerful features in the web browser interface is the Fault Detection facility. For your switch, this feature controls the types of alerts reported to the Alert Log based on their level of severity.
PAGE 81
Using the HP Web Browser Interface Status Reporting Features ■ High Sensitivity. This policy directs the switch to send all alerts to the Alert Log. This setting is most effective on networks that have none or few problems. ■ Medium Sensitivity. This policy directs the switch to send alerts related to network problems to the Alert Log. If you want to be notified of problems which cause a noticeable slowdown on the network, use this setting. ■ Low Sensitivity.
PAGE 82
Using the HP Web Browser Interface Using the HP Web Browser Interface Status Reporting Features 4-26
PAGE 83
5 Switch Memory and Configuration Chapter Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 Overview of Configuration File Management . . . . . . . . . . . . . . . . . . . . . . . . 5-2 Using the CLI To Implement Configuration Changes . . . . . . . . . . . . . . . . . 5-4 Using the Menu and Web Browser Interfaces To Implement Configuration Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 84
Switch Memory and Configuration Overview Overview This chapter describes: ■ How switch memory manages configuration changes ■ How the CLI implements configuration changes ■ How the menu interface and web browser interface implement configuration changes ■ How the switch provides OS (operating system) options through primary/ secondary flash image options ■ How to use the switch’s primary and secondary flash options, including displaying flash information, booting or restarting the switch, and othe
PAGE 85
Switch Memory and Configuration Overview of Configuration File Management ■ Running Config File: Exists in volatile memory and controls switch operation. If no configuration changes have been made in the CLI since the switch was last booted, the running-config file is identical to the startup-config file. ■ Startup-config File: Exists in flash (non-volatile) memory and is used to preserve the most recently-saved configuration as the "permanent" configuration.
PAGE 86
Switch Memory and Configuration Using the CLI To Implement Configuration Changes "permanent". When you are satisfied that the change is satisfactory, you can make it permanent by executing the write memory command. For example, suppose you use the following command to disable port 5: HP4108(config)# interface ethernet 5 disable The above command disables port 5 in the running-config file, but not in the startup-config file. Port 5 remains disabled only until the switch reboots.
PAGE 87
Switch Memory and Configuration Using the CLI To Implement Configuration Changes How To Use the CLI To Reconfigure Switch Features. Use this procedure to permanently change the switch configuration (that is, to enter a change in the startup-config file). 1. Use the appropriate CLI commands to reconfigure the desired switch parameters. This updates the selected parameters in the running-config file. 2. Use the appropriate show commands to verify that you have correctly made the desired changes. 3.
PAGE 88
Switch Memory and Configuration Using the CLI To Implement Configuration Changes ■ Manually enter the earlier values you had for the changed settings. (This is recommended if you want to restore a small number of parameter settings to their previous boot-up values.) ■ Update the running-config file to match the startup-config file by rebooting the switch. (This is recommended if you want to restore a larger number of parameter settings to their previous boot-up values.
PAGE 89
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes from either the CLI or the menu interface without first executing the write memory command in the CLI, the current startup-config file will replace the running-config file, and any changes in the running-config file will be lost.
PAGE 90
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes ■ Viewing several related configuration parameters in the same screen, with their default and current settings ■ Immediately changing both the running-config file and the startup-config file with a single command Using the Menu Interface To Implement Configuration Changes You can use the menu interface to simultaneously save and implement a subset of switch configuration changes without having to
PAGE 91
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes To save and implement the changes for all parameters in this screen, press the [Enter] key, then press [S] (for Save). To cancel all changes, press the [Enter] key, then press [C] (for Cancel) Figure 5-3.
PAGE 92
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Reboot Switch option Figure 5-4. The Reboot Switch Option in the Main Menu Rebooting To Activate Configuration Changes. Configuration changes for most parameters become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the Maximum VLANs to support parameter. (To access these parameters, go to the Main menu and select 2.
PAGE 93
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Asterisk indicates a configuration change that requires a reboot in order to take effect. Reminder to reboot the switch to activate configuration changes. Figure 5-5.
PAGE 94
Switch Memory and Configuration Using Primary and Secondary Flash Image Options ■ Primary Flash: The default storage for OS (system image) files. ■ Secondary Flash: The additional storage for either a redundant or an alternate OS (system image) file. With the Primary/Secondary flash option you can test a new image in your system without having to replace a previously existing image. You can also use the image options for troubleshooting.
PAGE 95
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Figure 5-6. Example Showing the Identity of the Current Flash Image Determining Whether the Flash Images Are Different Versions. If the flash image sizes in primary and secondary are the same, then in almost every case, the primary and secondary images are identical. This command provides a comparison of flash image sizes, plus the boot ROM version and from which flash image the switch booted.
PAGE 96
Switch Memory and Configuration Using Primary and Secondary Flash Image Options 1. In this example show version indicates the switch has version G.01.01 in primary flash. 2. After the boot system command, show version indicates that version G.01.03 is in secondary flash. Figure 5-8. Determining the OS Version in Primary and Secondary Flash OS Downloads The following table shows the switch’s options for downloading an OS to flash and booting the switch from flash Table 5-1.
PAGE 97
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Local OS Replacement and Removal This section describes commands for erasing an OS (flash image) and copying an existing OS between primary and secondary flash. Note It is not necessary to erase the content of a flash location before downloading another OS file. The process automatically overwrites the previous file with the new file.
PAGE 98
Switch Memory and Configuration Using Primary and Secondary Flash Image Options 1. Verify that there is a valid flash image in the secondary flash location. The following figure indicates that an OS image is present in secondary flash. (If you are unsure whether the image is secondary flash is valid, try booting from it before you proceed, by using boot system flash secondary.) The unequal code size indicates two different versions of the OS software. Figure 5-9.
PAGE 99
Switch Memory and Configuration Using Primary and Secondary Flash Image Options The prompt shows which flash location will be erased. Figure 5-10. Example of Erase Flash Prompt 3. Type y at the prompt to complete the flash erase. 4. Use show flash to verify erasure of the selected OS flash image The "0" here shows that primary flash has been erased. Figure 5-11.
PAGE 100
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Booting from Primary Flash. This command always boots the switch from primary flash, and executes the complete set of subsystem self-tests. Syntax: boot For example, to boot the switch from primary flash with pending configuration changes in the running-config file: Figure 5-12. Example of Boot Command (Default Primary Flash) In the above example, typing either a y or n at the second prompt initiates the reboot operation.
PAGE 101
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Booting from the Current OS Version. Reload reboots the switch from the flash image on which the switch is currently running, and saves to the startup-config file any configuration changes currently in the running-config file. Because reload bypasses some subsystem self-tests, the switch reboots faster than if you use either of the boot command options.
PAGE 102
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Switch Memory and Configuration while using a version "Y" of the OS, and then reboot the switch with an earlier OS version "X" that does not include all of the features found in "Y", the OS simply ignores the parameters for any features that it does not support.
PAGE 103
6 Interface Access and System Information Chapter Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2 Interface Access: Console/Serial Link, Web, and Inbound Telnet . . . . . . . 6-3 Menu: Modifying the Interface Access . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4 CLI: Modifying the Interface Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5 System Information . . . . . . . . . . . . . . . . . . . . . .
PAGE 104
Interface Access and System Information Overview Overview This chapter describes how to view and modify the configuration for switch interface access and switch system information .
PAGE 105
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access Features Feature Default Menu CLI Web Inactivity Time 0 Minutes (disabled) page 6-4 page 6-6 — Inbound Telnet Access Enabled page 6-4 page 6-5 — Web Browser Interface Access Enabled page 6-4 page 6-6 — Terminal type VT-100 — page 6-6 — Event Log event types to list (Displayed Events) All — page 6-6
PAGE 106
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Menu: Modifying the Interface Access The menu interface enables you to modify these parameters: ■ Inactivity Timeout ■ Inbound Telnet Enabled ■ Web Agent Enabled To Access the Interface Access Parameters: 1. From the Main Menu, Select... 2. Switch Configuration... 1. System Information Interface Access Parameters Interface Access and System Information Figure 6-1.
PAGE 107
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet CLI: Modifying the Interface Access Interface Access Commands Used in This Section show console below [no] telnet-server below [no] web-management page 6-6 console page 6-6 Listing the Current Console/Serial Link Configuration. This command lists the current interface access parameter settings. Syntax: show console This example shows the switch’s default console/serial configuration.
PAGE 108
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Reconfigure Web Browser Access. In the default configuration, web browser access is enabled. Syntax:[no] web-management To disable web browser access: HP4108(config)# no web-management To re-enable web browser access: HP4108(config)# web-management Reconfigure the Console/Serial Link Settings. You can reconfigure one or more console parameters with one console command.
PAGE 109
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet The switch implements the Event Log change immediately. The switch implements the other console changes after executing write memory and reload. Figure 6-3. Example of Executing the Console Command with Multiple Parameters You can also execute a series of console commands and then save the configuration and boot the switch. For example: Configure the individual parameters. Save the changes.
PAGE 110
Interface Access and System Information System Information System Information System Information Features Feature Default Menu CLI Web System Name switch product name page 6-9 page 6-11 page 6-13 System Contact n/a page 6-9 page 6-11 page 6-13 System Location n/a page 6-9 page 6-11 page 6-13 MAC Age Interval 300 seconds page 6-9 page 6-12 — Time Sync Method None See Chapter 8, “Time Protocols”.
PAGE 111
Interface Access and System Information System Information Time Zone: The number of minutes your time zone location is to the West (+) or East (-) of Coordinated Universal Time (formerly GMT). The default 0 means no time zone is configured. Daylight Time Rule: Specifies the daylight savings time rule to apply for your location. The default is None. (For more on this topic, see appendix D, “Daylight Savings Time on HP ProCurve Switches.
PAGE 112
Interface Access and System Information System Information 3. Refer to the online help provided with this screen for further information on configuration options for these features. 4. When you have finished making changes to the above parameters, press [Enter], then press [S] (for Save) and return to the Main Menu.
PAGE 113
Interface Access and System Information System Information Configure a System Name, Contact, and Location for the Switch. To help distinguish one switch from another, configure a plain-language identity for the switch. Syntax: hostname snmp-server [contact ] [location ] Note that no blank spaces are allowed in the variables for these commands.
PAGE 114
Interface Access and System Information System Information Reconfigure the Age Interval for Learned MAC Addresses. This command corresponds to the MAC Age Interval in the menu interface, and is expressed in seconds. Syntax: mac-age-time <10 . . 1000000> (seconds) For example, to configure the age interval to seven minutes: HP4108(config)# mac-age-time 420 Configure the Time Zone and Daylight Time Rule.
PAGE 115
Interface Access and System Information System Information Web: Configuring System Parameters In the web browser interface, you can enter the following system information: ■ System Name ■ System Location ■ System Contact For access to the MAC Age Interval and the Time parameters, use the menu interface or the CLI. Configure System Parameters in the Web Browser Interface. 1. Click on the Configuration tab. 2. Click on [System Info]. 3. Enter the data you want in the displayed fields. 4.
PAGE 116
Interface Access and System Information Interface Access and System Information System Information 6-14
PAGE 117
Configuring IP Addressing Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3 Just Want a Quick Start? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 IP Addressing with Multiple VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 IP Addressing in a Stacking Environment .
PAGE 118
Configuring IP Addressing Configuring IP Addressing Overview Overview This chapter describes the switch configuration features available in the menu interface, CLI and web browser interface.
PAGE 119
IP Configuration IP Configuration Features Feature Default Menu CLI Web IP Address and Subnet Mask DHCP/Bootp page 7-5 page 7-7 page 7-9 Default Gateway Address none page 7-5 page 7-7 page 7-9 Packet Time-To-Live (TTL) 64 seconds page 7-5 page 7-7 n/a Time Server (Timep) DHCP page 7-5 page 7-7 n/a IP Address and Subnet Mask. Configuring the switch with an IP address expands your ability to manage the switch and use its features.
PAGE 120
Configuring IP Addressing Configuring IP Addressing IP Configuration Just Want a Quick Start? If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, HP recommends that you use the Switch Setup screen to quickly configure IP addressing. To do so, do one of the following: ■ Enter setup at the CLI Manager level prompt. HP4108# setup ■ Select 8. Run Setup in the Main Menu of the menu interface.
PAGE 121
■ If you change the IP address through either Telnet access or the web browser interface, the connection to the switch will be lost. You can reconnect by either restarting Telnet with the new IP address or entering the new address as the URL in your web browser. IP Addressing in a Stacking Environment If you are installing the switch into an HP Procurve stack management environment, entering an IP address may not be required. See “HP Procurve Stack Management” on page 13-1 for more information.
PAGE 122
Configuring IP Addressing Configuring IP Addressing IP Configuration For descriptions of these parameters, see the online Help for this screen. Before using the DHCP/ Bootp option, refer to “DHCP/Bootp Operation” on page 7-10. Figure 5-1. Example of the IP Service Configuration Screen without Multiple VLANs Configured 7-6 2. Press [E] (for Edit). 3.
PAGE 123
CLI: Configuring IP Address, Gateway, Time-To-Live (TTL), and Timep IP Commands Used in This Section show ip page 7-7 vlan ip address page 7-8 ip default-gateway page 7-8 ip ttl page 7-9 For a listing of the full CLI command set, including syntax and options, see the CLI command reference available on the HP Procurve website at: http://www.hp.com/go/hpprocurve Viewing the Current IP Configuration. The following command displays the IP addressing for each VLAN configured in the switch.
PAGE 124
Configuring IP Addressing Configuring IP Addressing IP Configuration A Switch 4108GL with IP Addressing and VLANs Configured Figure 5-3. Example of Show IP Listing with Non-Default IP Addressing Configured Configure an IP Address and Subnet Mask. The following command includes both the IP address and the subnet mask. You must either include the ID of the VLAN for which you are configuring IP addressing or go to the context configuration level for that VLAN.
PAGE 125
Configure Time-To-Live (TTL). Use this command at the Global config prompt to set the time that a packet outbound from the switch can exist on the network. The default setting is 64 seconds. Syntax: ip ttl HP4108(config)# ip ttl 60 In the CLI, you can execute this command only from the global configuration level. The TTL range is 2 - 255 seconds.
PAGE 126
Configuring IP Addressing Configuring IP Addressing IP Configuration Table 7-1. Features Available With and Without IP Addressing on the Switch Features Available Without an IP Address Additional HP Proactive Networking Features Available with an IP Address and Subnet Mask • Direct-connect access to the CLI and the menu interface.
PAGE 127
Note 1. DHCP/Bootp requests are automatically broadcast on the local network. (The switch sends one type of request to which either a DHCP or Bootp server can respond.) 2. When a DHCP or Bootp server receives the request, it replies with a previously configured IP address and subnet mask for the switch. The switch also receives an IP Gateway address if the server has been configured to provide one.
PAGE 128
Configuring IP Addressing Configuring IP Addressing IP Configuration Bootp Operation. When a Bootp server receives a request it searches its Bootp database for a record entry that matches the MAC address in the Bootp request from the switch. If a match is found, the configuration data in the associated database record is returned to the switch. For many Unix systems, the Bootp database is contained in the /etc/bootptab file.
PAGE 129
Note gw is the IP address of the default gateway. lg TFTP server address (source of final configuration file) T144 is the vendor-specific “tag” identifying the configuration file to download. vm is a required entry that specifies the Bootp report format. For the Switches 2512 and 2524, set this parameter to rfc1048. The above Bootp table entry is a sample that will work for the Switch 4108GL when the appropriate addresses and file names are used.
PAGE 130
Configuring IP Addressing Configuring IP Addressing IP Configuration Globally Assigned IP Network Addresses If you intend to connect your network to other networks that use globally administered IP addresses, Hewlett-Packard strongly recommends that you use IP addresses that have a network address assigned to you. There is a formal process for assigning unique IP addresses to networks worldwide. For more information: Please contact your internet service provider (ISP).
PAGE 131
8 Time Protocols Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 TimeP Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8- 2 SNTP Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 Overview: Selecting a Time Synchronization Protocol or Turning Off Time Protocol Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 132
Time Protocols Overview Overview Time Protocols This chapter describes: ■ SNTP Time Protocol Operation ■ Timep Time Protocol Operation Using time synchronization ensures a uniform time among interoperating devices. This helps you to manage and troubleshoot switch operation by attaching meaningful time data to event and error messages. The switch offers TimeP and SNTP (Simple Network Time Protocol) and a timesync command for changing the time protocol selection (or turning off time protocol operation).
PAGE 133
Time Protocols Overview: Selecting a Time Synchronization Protocol or Turning Off Time Protocol Operation ular server, it ignores time broadcasts from other SNTP servers unless the configurable Poll Interval expires three consecutive times without an update received from the first-detected server. Note ■ Unicast Mode: The switch requests a time update from the configured SNTP server. (You can configure one server using the menu interface, or up to three servers using the CLI sntp server command.
PAGE 134
Time Protocols SNTP: Viewing, Selecting, and Configuring Time Protocols Note that simply selecting a time synchronization protocol does not enable that protocol on the switch unless you also enable the protocol itself (step 2, above). For example, in the factory-default configuration, TimeP is the selected time synchronization method. However, because TimeP is disabled in the factory-default configuration, no time synchronization protocol is running.
PAGE 135
Time Protocols SNTP: Viewing, Selecting, and Configuring Table 8-1.SNTP Parameters SNTP Parameter Operation Time Sync Method Used to select either SNTP, TIMEP, or None as the time synchronization method. Disabled The Default. SNTP does not operate, even if specified by the Menu interface Time Sync Method parameter or the CLI timesync command. Unicast Directs the switch to poll a specific server for SNTP time synchronization. Requires at least one server address.
PAGE 136
Time Protocols Time Protocols SNTP: Viewing, Selecting, and Configuring Time Protocol Selection Parameter – TIMEP – SNTP – None Figure 8-4. The System Information Screen (Default Values) 2. Press [E] (for Edit). The cursor moves to the System Name field. 3. Use [v] to move the cursor to the Time Sync Method field. 4. Use the Space bar to select SNTP, then press [v] once to display and move to the SNTP Mode field. 5.
PAGE 137
Time Protocols SNTP: Viewing, Selecting, and Configuring ii. Enter the IP address of the SNTP server you want the switch to use for time synchronization. iii. Press [v] to move the cursor to the Server Version field. Enter the value that matches the SNTP server version running on the device you specified in the preceding step (step ii).
PAGE 138
Time Protocols SNTP: Viewing, Selecting, and Configuring CLI: Viewing and Configuring SNTP Time Protocols CLI Commands Described in this Section show sntp page 8 [no] timesync pages 9 and ff., 12 sntp broadcast page 9 sntp unicast page 10 sntp server pages 10 and ff. Protocol Version page 11 poll-interval page 12 no sntp page 12 This section describes how to use the CLI to view, enable, and configure SNTP parameters.
PAGE 139
Time Protocols SNTP: Viewing, Selecting, and Configuring Even though, in this example, TimeP is the current time synchronous method, the switch maintains the SNTP configuration. Configuring (Enabling or Disabling) the SNTP Mode Enabling the SNTP mode means to configure it for either broadcast or unicast mode.
PAGE 140
Time Protocols SNTP: Viewing, Selecting, and Configuring 3. Enable SNTP for Broadcast mode. 4. View the SNTP configuration again to verify the configuration. The commands and output would appear as follows: Time Protocols 1 show sntp displays the SNTP configuration and also shows that TimeP is the currently active time synchronization mode.
PAGE 141
Time Protocols SNTP: Viewing, Selecting, and Configuring For example, to select SNTP and configure it with unicast mode and an SNTP server at 10.28.227.141 with the default server version (3) and default poll interval (720 seconds): . In this example, the Poll Interval and the Protocol Version appear at their default settings. Note: Protocol Version appears only when there is an IP address configured for an SNTP server. Figure 8-8.
PAGE 142
Time Protocols SNTP: Viewing, Selecting, and Configuring Changing the SNTP Poll Interval. This command lets you specify how long the switch waits between time polling intervals. The default is 720 seconds and the range is 30 to 720 seconds. (This parameter is separate from the poll interval parameter used for Timep operation.) Syntax: sntp poll-interval <30 . .
PAGE 143
Time Protocols TimeP: Viewing, Selecting, and Configuring Even though the Time Sync Mode is set to Sntp, time synchronization is disabled because no sntp has disabled the SNTP Mode parameter. Time Protocols Figure 8-11.
PAGE 144
Time Protocols TimeP: Viewing, Selecting, and Configuring Table 8-2.Timep Parameters SNTP Parameter Operation Time Protocols Time Sync Method Used to select either TIMEP (the default), SNTP, or None as the time synchronization method. Timep Mode Disabled The Default. Timep does not operate, even if specified by the Menu interface Time Sync Method parameter or the CLI timesync command.
PAGE 145
Time Protocols TimeP: Viewing, Selecting, and Configuring Time Protocols Time Protocol Selection Parameter – TIMEP (the default) – SNTP – None Figure 8-12. The System Information Screen (Default Values) 2. Press [E] (for Edit). The cursor moves to the System Name field. 3. Use [v] to move the cursor to the Time Sync Method field. 4. If TIMEP is not already selected, use the Space bar to select TIMEP, then press [v] once to display and move to the TimeP Mode field. 5.
PAGE 146
Time Protocols TimeP: Viewing, Selecting, and Configuring Note: This step replaces any previously configured TimeP server IP address. Time Protocols iii. Press [>] to move the cursor to the Poll Interval field, then go to step 6. 6. In the Poll Interval field, enter the time in minutes that you want for a TimeP Poll Interval. Press [Enter] to return to the Actions line, then [S] (for Save) to enter the new time protocol configuration in both the startup-config and running-config files.
PAGE 147
Time Protocols TimeP: Viewing, Selecting, and Configuring For example, if you configure the switch with TimeP as the time synchronization method, then enable TimeP in DHCP mode with the default poll interval, show timep lists the following: If SNTP is the selected time synchronization method ), show timep still lists the TimeP configuration even though it is not currently in use: Even though, in this example, SNTP is the current time synchronization method, the switch maintains the TimeP configuration.
PAGE 148
Time Protocols TimeP: Viewing, Selecting, and Configuring For example, suppose: ■ Time synchronization is configured for SNTP. ■ You want to: 1.View the current time synchronization. Time Protocols 2.Select TimeP as the time synchronization mode. 3.Enable TimeP for DHCP mode. 4.View the TimeP configuration. The commands and output would appear as follows: 1 show timep displays the TimeP configuration and also shows that SNTP is the currently active time synchronization mode.
PAGE 149
Time Protocols TimeP: Viewing, Selecting, and Configuring For example, to select TimeP and configure it for manual operation using a TimeP server address of 10.28.227.141 and the default poll interval (720 minutes, assuming the TimeP poll interval is already set to the default): HP4108(config)# timesync timepSelects TimeP. HP4108(config)# ip timep manualActivates TimeP in Manual 10.28.227.141mode. Time Protocols Figure 8-16.
PAGE 150
Time Protocols SNTP Unicast Time Polling with Multiple SNTP Servers Time Protocols If you then viewed the TimeP configuration, you would see the following: Figure 8-17. Example of TimeP with Time Sychronization Disabled Disabling the TimeP Mode. Disabling the TimeP mode means to configure it as disabled. (Disabling TimeP prevents the switch from using it as the time synchronization protocol, even if it is the selected Time Sync Method option.
PAGE 151
Time Protocols SNTP Unicast Time Polling with Multiple SNTP Servers all servers in the list without success, it sends an error message to the Event Log and reschedules to try the address list again after the configured Poll Interval time has expired. Address Prioritization SNTP Server IP Address Server Ranking According to Decimal Value of IP Address 10.28.227.141 Primary 10.28.227.153 Secondary 10.29.227.100 Tertiary Adding and Deleting SNTP Server Addresses Adding Addresses.
PAGE 152
Time Protocols Time Protocols SNTP Unicast Time Polling with Multiple SNTP Servers Prioritized list of SNTP Server IP Addresses Figure 8-19. Example of SNTP Server Address Prioritization Note If there are already three SNTP server addresses configured on the switch, and you want to use the CLI to replace one of the existing addresses with a new one, you must delete the unwanted address before you configure the new one. Deleting Addresses. To delete an address, you must use the CLI.
PAGE 153
Time Protocols SNTP Messages in the Event Log Menu Interface Operation with Multiple SNTP Server Addresses Configured ■ 10.28.227.141 (primary) ■ 10.28.227.153 (secondary) ■ 10.29.227.100 (tertiary) If you use the Menu interface to add 10.28.227.160, the new prioritized list will be: New Address List Address Status 10.28.227.153 New Primary (The former primary, 10.28.227.141 was deleted when you used the menu to add 10.28.227.160.) 10.28.227.160 New Secondary 10.29.227.
PAGE 154
Time Protocols Time Protocols SNTP Messages in the Event Log 8-24
PAGE 155
9 Using Passwords and TACACS+ To Protect Against Unauthorized Access Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2 Configuring Username and Password Security . . . . . . . . . . . . . . . . . . 9-3 CLI: Setting Manager and Operator Passwords . . . . . . . . . . . . . . . . . . . 9-6 Web: Configuring User-Names and Passwords . . . . . . . . . . . . . . . . . . .
PAGE 156
Using Passwords and TACACS+ To Protect Against Unauthorized Access Overview Overview This chapter describes:. ■ Manager and Operator passwords Control access and privileges for the command line and menu interfaces (through either the console port or Telnet) and the web browser interface through the network. ■ Tacacs+ Authentication Using Passwords and TACACS+ Uses an authentication application on a central server to allow or deny access to a Switch 4108GL.
PAGE 157
Using Passwords and TACACS+ To Protect Against Unauthorized Access Configuring Username and Password Security 3. • If incorrect passwords are entered, the TACACS+ server denies access to the switch. • If TACACS+ is not configured or the TACACS+ server is not accessible, the switch uses local user-name/password protection (step 1, below). If the switch has an Authorized IP Managers list (see chapter 10) , the management station must be included in this list.
PAGE 158
Using Passwords and TACACS+ To Protect Against Unauthorized Access Configuring Username and Password Security Using Passwords and TACACS+ Note Usernames are optional. Also, in the menu interface and CLI, you can configure passwords, but not usernames. To configure usernames, use the web browser interface. Level Actions Permitted Manager: Access to all console interface areas. This is the default level.
PAGE 159
Using Passwords and TACACS+ To Protect Against Unauthorized Access Configuring Username and Password Security If the switch has a password for both the Manager and Operator levels, and neither is entered correctly during a logon attempt, access to the console will be denied. If the switch has neither a Manager nor an Operator password, anyone having access to the console interface can operate the console with full manager privileges.
PAGE 160
Using Passwords and TACACS+ To Protect Against Unauthorized Access Configuring Username and Password Security c. When prompted with Enter new password again, retype the new password and press [Enter]. After you configure a password, if you subsequently start a new console session, you will be prompted to enter the password. (If you use the CLI or web browser interface to configure an optional username, the switch will prompt you for the username, and then the password.
PAGE 161
Using Passwords and TACACS+ To Protect Against Unauthorized Access Configuring Username and Password Security no password • Password entries appear as asterisks. • You must type each password entry twice. To Delete Password Protection. This command prompts you to verify that you want to clear the passwords, then clears them from both the Manager and Operator levels. (If usernames have also been configured they will also be cleared.) Using Passwords and TACACS+ Press [Y] (for yes) and press [Enter].
PAGE 162
Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security TACACS+ Authentication for Central Control of Switch Access Security Using Passwords and TACACS+ TACACS+ Features Feature Default Menu CLI Web view the switch’s authentication configuration n/a — page 14 — view the switch’s TACACS+ server contact configuration n/a — page 15 — configure the switch’s authentication methods disabled — page 16 — configure
PAGE 163
Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security TACACS+ in the Switch 4108GL manages authentication of logon attempts through either the Console port or Telnet. TACACS+ uses an authentication hierarchy consisting of (1) remote passwords assigned in a TACACS+ server and (2) local passwords configured on the switch.
PAGE 164
Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security Using Passwords and TACACS+ ■ Authentication: The process for granting user access to a device through entry of a user name and password and comparison of this username/password pair with previously stored username/password data. Authentication also grants levels of access, depending on the privileges assigned to a user name and password pair by a system administrator.
PAGE 165
Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security Notes The effectiveness of TACACS+ security depends on correctly using your TACACS+ server application. For this reason, HP recommends that you thoroughly test all TACACS+ configurations used in your network. TACACS-aware HP switches include the capability of configuring multiple backup TACACS+ servers.
PAGE 166
Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security 2. ■ Using Passwords and TACACS+ ■ ■ Determine the following: The IP address(es) of the TACACS+ server(s) you want the switch to use for authentication. If you will use more than one server, determine which server is your first-choice for authentication services. The encryption key, if any, for allowing the switch to communicate with the server.
PAGE 167
Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security 4. Ensure that the switch has the correct local username and password for Manager access. (If the switch cannot find any designated TACACS+ servers, the local manager and operator username/password pairs are always used as the secondary access control method.) C a u ti o n You should ensure that the switch has a local Manager password.
PAGE 168
Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security Configuring TACACS+ on the Switch Before You Begin If you are new to TACACS+ authentication, HP recommends that you read the “General Authentication Setup Procedure” on page 9-11 and configure your TACACS+ server(s) before configuring authentication on the switch.
PAGE 169
Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security This example shows the default authentication configuration. Configuration for login and enable access to the switch through the switch console port. Configuration for login and enable access to the switch through Telnet. Figure 9-5.
PAGE 170
Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security Configuring the Switch’s Authentication Methods The aaa authentication command configures the access control for console port and Telnet access to the switch.
PAGE 171
Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security Table 9-3. Access Method and Privilege Level Console — Login Console — Enable Telnet — Login Authentication Options Effect on Access Attempts Primary Secondary local none* Local username/password access only. tacacs local If Tacacs+ server unavailable, uses local username/password access. local none* Local username/password access only.
PAGE 172
Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security For example, here is a set of access options and the corresponding commands to configure them: Console Login (Operator, or Read-Only) Access: Primary using TACACS+ server. Secondary using Local.
PAGE 173
Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security Configuring the Switch’s TACACS+ Server Access The tacacs-server command configures these parameters: The host IP address(es) for up to three TACACS+ servers; one firstchoice and up to two backups. Designating backup servers provides for a continuation of authentication services in case the switch is unable to contact the first-choice server.
PAGE 174
Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security Syntax:tacacs-server host Adds a TACACS+ server and optionally [key ] assigns a server-specific encryption key. Using Passwords and TACACS+ [no] tacacs-server host Removes a TACACS+ server assignment (including its serverspecific encryption key, if any).
PAGE 175
Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security Name Default Range host [key none n/a Specifies the IP address of a device running a TACACS+ server application. Optionally, can also specify the unique, perserver encryption key to use when each assigned server has its own, unique key.
PAGE 176
Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security Name Default Range timeout <1. . 255> 5 sec 1 - 255 sec Specifies how long the switch waits for a TACACS+ server to respond to an authentication request. If the switch does not detect a response within the timeout period, it initiates a new request to the next TACACS+ server in the list.
PAGE 177
Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security To remove the 10.28.227.15 device as a TACACS+ server, you would use this command: HP4108(config)# no tacacs-server host 10.28.227.15 Configuring an Encryption Key. Use an encryption key in the switch if the switch will be requesting authentication from a TACACS+ server that also uses an encryption key.
PAGE 178
Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security Configuring the Timeout Period. The timeout period specifies how long the switch waits for a response to an authentication request from a TACACS+ server before either sending a new authentication request to the next server in the switch’s Server IP Address list or using the local authentication option.
PAGE 179
Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security then it uses its own local username/password pairs to authenticate the logon request. (See "Local Authentication Process", on page 25.) • If a TACACS+ server recognizes the switch, it forwards a username prompt to the requesting terminal via the switch. 2. When the requesting terminal responds to the prompt with a username, the switch forwards it to the TACACS+ server.
PAGE 180
Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security Using Passwords and TACACS+ For local authentication, the switch uses the operator-level and manager-level username/password set(s) previously configured locally on the switch. (These are the usernames and passwords you can configure using the CLI password command, the web browser interface, or the menu interface—which enables only local password configuration).
PAGE 181
Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security Note Configure a key in the switch only if the TACACS+ server application has this exact same key configured for the switch. That is, if the key parameter in switch "X" does not exactly match the key setting for switch "X" in the TACACS+ server application, then communication between the switch and the TACACS+ server will fail.
PAGE 182
Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security Controlling Web Browser Interface Access When Using TACACS+ Authentication Using Passwords and TACACS+ In release G.01.xx, configuring the switch for TACACS+ authentication does not affect web browser interface access.
PAGE 183
Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security Operating Notes If you configure Authorized IP Managers on the switch, it is not necessary to include any devices used as TACACS+ servers in the authorized manager list. That is, authentication traffic between a TACACS+ server and the switch is not subject to Authorized IP Manager controls configured on the switch.
PAGE 184
Using Passwords and TACACS+ Using Passwords and TACACS+ To Protect Against Unauthorized Access TACACS+ Authentication for Central Control of Switch Access Security 9-30
PAGE 185
10 Using Authorized IP Managers for Increased Management Security Chapter Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2 Using Authorized IP Managers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-4 Access Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5 Defining Authorized Management Stations . . . . . . . . . . . . . . . . . . . . .
PAGE 186
Using Authorized IP Managers for Increased Management Security Overview Overview The Authorized IP Managers feature enhances security on the switch by using IP addresses and masks to determine which stations (PCs or workstations) can access the switch through the network.
PAGE 187
Using Authorized IP Managers for Increased Management Security Overview 2. 3. If TACACS+ is configured and a TACACS+ server issues a prompt, the correct passwords must be entered from the management station and verified by the TACACS+ server. • If incorrect passwords are entered, the TACACS+ server denies access to the switch. • If TACACS+ is not configured or the TACACS+ server is not accessible, the switch uses local user-name/password protection (step 3, below).
PAGE 188
Using Authorized IP Managers for Increased Management Security Using Authorized IP Managers Using Authorized IP Managers Authorized IP Manager Features Feature Default Menu CLI Web Listing (Showing) Authorized Managers n/a page 10-7 page 10-8 page 10-10 Configuring Authorized IP Managers None page 10-7 page 10-8 page 10-10 Building IP Masks n/a page 10-10 page 10-10 page 10-10 Operating and Troubleshooting Notes n/a page 10-13 page 10-13 page 10-13 This feature enables you to enhance s
PAGE 189
Using Authorized IP Managers for Increased Management Security Using Authorized IP Managers Access Levels For each authorized manager address, you can configure either of these access levels: ■ Manager: Enables full access to all web browser and console interface screens for viewing, configuration, and all other operations available in these interfaces. ■ Operator: Allows read-only access from the web browser and console interfaces.
PAGE 190
Using Authorized IP Managers for Increased Management Security Using Authorized IP Managers authorized IP addresses. For example, a mask of 255.255.255.0 and any value for the Authorized Manager IP parameter allows a range of 0 through 255 in the 4th octet of the authorized IP address, which enables a block of up to 254 IP addresses for IP management access (excluding 0 for the network and 255 for broadcasts). A mask of 255.255.255.
PAGE 191
Using Authorized IP Managers for Increased Management Security Using Authorized IP Managers Menu: Viewing and Configuring IP Authorized Managers From the console Main Menu, select: 2. Switch Configuration . . . 7. IP Authorized Managers 1. Select Add to add an authorized manager to the list. Figure 10-1. Example of How To Add an Authorized Manager Entry Using Authorized IP Managers 2. Enter an Authorized Manager IP address here. 3.
PAGE 192
Using Authorized IP Managers for Increased Management Security Using Authorized IP Managers Editing or Deleting an Authorized Manager Entry. Go to the IP Managers List screen (figure 10-1), highlight the desired entry, and press [E] (for Edit) or [D] (for Delete).
PAGE 193
Using Authorized IP Managers for Increased Management Security Using Authorized IP Managers Configuring IP Authorized Managers for the Switch Syntax: ip authorized-managers [mask ] To Authorize Manager Access. This command authorizes manager-level access for any station having an IP address of 10.28.227.0 through 10.28.227.255: HP4108(config)# ip authorized-managers 10.28.227.101 mask 255.255.255.
PAGE 194
Using Authorized IP Managers for Increased Management Security Using Authorized IP Managers The following command replaces the existing mask and access level for IP address 10.28.227.101 with 255.0.0.0 and manager (the defaults) because the command does not specify either of these parameters . HP4108(config)# ip authorized-managers 10.28.227.101 To Delete an Authorized Manager Entry. This command uses the IP address of the authorized manager you want to delete: HP4108(config)# no ip authorized-managers 10.
PAGE 195
Using Authorized IP Managers for Increased Management Security Using Authorized IP Managers Table 10-2. Analysis of IP Mask for Single-Station Entries 1st Octet 2nd Octet 3rd Octet 4th Octet Manager-Level or Operator-Level Device Access IP Mask 255 255 255 255 Authorized Manager IP 10 28 227 125 The “255” in each octet of the mask specifies that only the exact value in that octet of the corresponding IP address is allowed.
PAGE 196
Using Authorized IP Managers for Increased Management Security Using Authorized IP Managers Table 10-3. Analysis of IP Mask for Multiple-Station Entries 1st Octet 2nd Octet 3rd Octet 4th Octet Manager-Level or Operator-Level Device Access The “255” in the first three octets of the mask specify that only the exact value in the octet of the corresponding IP address is allowed.
PAGE 197
Using Authorized IP Managers for Increased Management Security Using Authorized IP Managers Additional Examples for Authorizing Multiple Stations Entries for Authorized Results Manager List IP Mask 255 255 0 Authorized Manager IP 10 IP Mask 255 238 255 250 Authorized Manager IP 10 33 255 248 1 This combination specifies an authorized IP address of 10.33.xxx.1.
PAGE 198
Using Authorized IP Managers Using Authorized IP Managers for Increased Management Security Using Authorized IP Managers 10-14
PAGE 199
11 Optimizing Port Usage Through Traffic Control and Port Trunking Chapter Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2 Viewing Port Status and Configuring Port Parameters . . . . . . . . . . . . . . . 11-2 Menu: Viewing Port Status and Configuring Port Parameters . . . . . 11-5 CLI: Viewing Port Status and Configuring Port Parameters . . . . . . . 11-6 Web: Viewing Port Status and Configuring Port Parameters . . . . . .
PAGE 200
Optimizing Port Usage Through Traffic Control and Port Trunking Overview Overview This chapter includes: ■ Configuring ports, including mode (speed and duplex), flow control, and broadcast control parameters (page 11-2) ■ Creating and modifying a dynamic LACP or static port trunk group (page 11-10) Port numbers in the status and configuration screens correspond to the port numbers on the front of the switch.
PAGE 201
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Table 11-1. Status and Parameters for Each Port Type Status or Parameter Description Enabled Yes (default): The port is ready for a network connection. No: The port will not operate, even if properly connected in a network. Use this setting, for example, if the port needs to be shut down for diagnostic purposes or while you are making topology changes.
PAGE 202
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Status or Parameter Description 100/1000Base-T ports: • Auto (default): Senses speed and negotiates with the port at the other end of the link for port operation (MDI-X or MDI). To see what the switch negotiates for the Auto setting, use the CLI show interfaces brief command or the “ 3. Port Status” option under “1. Status and Counters” in the menu interface.
PAGE 203
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Menu: Viewing Port Status and Configuring Port Parameters From the menu interface, you can configure and view all port parameter settings and view all port status indicators. Using the Menu To View Port Status. The menu interface displays the status for ports and (if configured) a trunk group. From the Main Menu, select: 1. Status and Counters . . . 4.
PAGE 204
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Figure 11-2. Example of Port/Trunk Settings with a Trunk Group Configured 2. Press [E] (for Edit). The cursor moves to the Enabled field for the first port. 3. Refer to the online help provided with this screen for further information on configuration options for these features. 4. When you have finished making changes to the above parameters, press [Enter], then press [S] (for Save).
PAGE 205
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Syntax: show interfaces brief show interface config The next two figures list examples of the output of the above two commands for the same port configuration. Figure 11-3. Example of a Show Interface Command Listing Figure 11-4.
PAGE 206
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Using the CLI To Configure Ports. You can configure one or more of the following port parameters. For details on each option, see Table 11-1 on page 11-3.
PAGE 207
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Configuring a Broadcast Limit on the Switch. Executing this command configures the broadcast limit for all ports on the switch. Syntax: broadcast-limit <0 . . 99> For example, to configure a broadcast limit of 20% for all ports on the switch: HP4108(config)# broadcast-limit 20 Web: Viewing Port Status and Configuring Port Parameters In the web browser interface: 1.
PAGE 208
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Port Trunking Port Status and ConfigurationFeatures Feature Default Menu CLI Web viewing port trunks n/a page 11-16 page 11-18 page 11-24 configuring a static trunk group none page 11-16 page 11-21 — configuring a dynamic LACP trunk group LACP passive page 11-23 — — Port trunking allows you to assign up to four physical links to one logical link (trunk) that functions as a single, higher-speed link providing d
PAGE 209
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Port Connections and Configuration: All port trunk links must be pointto-point connections between the Switch 4108GL and another switch, router, server, or workstation configured for port trunking. No intervening, nontrunking devices are allowed. It is important to note that ports on both ends of a port trunk group must have the same mode (speed and duplex) and flow control settings. Note Link Connections.
PAGE 210
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking link is restored, that link is automatically included in the traffic distribution again. The LACP option also offers a standby link capability, which enables you to keep links in reserve for service if one or more of the original active links fails. See “Trunk Group Operation Using LACP” on page 11-25.
PAGE 211
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Table 11-4. Trunk Configuration Protocols Protocol Trunking Options LACP (802.3ad) Provides dynamic and static LACP trunking options. • Dynamic LACP — Use the switch-negotiated dynamic LACP trunk when: – The port on the other end of the trunk link is configured for Active or Passive LACP.
PAGE 212
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Table 11-5. General Operating Rules for Port Trunks Media: All ports on both ends of a trunk group must have the same media type and mode (speed and duplex). The switch blocks any trunked links that do not conform to this rule. (For the Switch 4108GL, HP recommends leaving the port Mode setting at Auto or, in networks using Cat 3 cabling, Auto-10.
PAGE 213
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Spanning Tree Protocol (STP): STP operates as a global setting on the switch (one instance of STP per switch). However, you can adjust STP parameters on a per-port basis. A static trunk of any type appears in the STP configuration display, and you can configure STP parameters for a static trunk in the same way that you would configure STP parameters on a non-trunked port.
PAGE 214
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Menu: Viewing and Configuring a Static Trunk Group Important Configure port trunking before you connect the trunked links to another switch, routing switch, or server. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured. See “Using the CLI To Configure Ports” on page 11-8.
PAGE 215
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking • All ports in a trunk must have the same media type and mode (such as 10/100TX set to 100FDx, or 100FX set to 100FDx). The flow control settings must also be the same for all ports in a given trunk. To verify these settings, see “Viewing Port Status and Configuring Port Parameters” on page 11-2. • You can configure the trunk group with one, two, three, or four ports per trunk.
PAGE 216
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking During the Save process, traffic on the ports configured for trunking will be delayed for several seconds. If the Spanning Tree Protocol is enabled, the delay may be up to 30 seconds. 8. Connect the trunked ports on the switch to the corresponding ports on the opposite device. If you previously disabled any of the trunked ports on the switch, enable them now.
PAGE 217
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking This example uses a port list to specify only the switch ports an administrator wants to view: Figure 11-8. Example of a Show Trunk Listing for Specific Ports The show trunk command in this example does not include a port list, and thus shows static trunk group information for all switch ports. Figure 11-9. Example of a Show Trunk Listing Without Specifying Ports Listing Static LACP and Dynamic LACP Trunk Data.
PAGE 218
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking In the following example, ports C1 and C2 have been previously configured for a static LACP trunk. (For more on “Active”, see table 11-7 on page 11-27.) Figure 11-10. Example of a Show LACP Listing Ports: Traffic Control and Trunking Dynamic LACP Standby Links. Dynamic LACP trunking enables you to configure standby links for a trunk by including more than four ports in a dynamic LACP trunk configuration.
PAGE 219
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Using the CLI To Configure a Static or Dynamic Trunk Group Important Configure port trunking before you connect the trunked links between switches. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured. See “Using the CLI To Configure Ports” on page 11-8.
PAGE 220
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Ports: Traffic Control and Trunking HP4108(config)# no trunk c4-c5 11-22
PAGE 221
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Enabling a Dynamic LACP Trunk Group. In the default port configuration, all ports on the switch are set to LACP passive. However, to enable the switch to automatically form a trunk group that is dynamic on both ends of the link, the ports on one end of a set of links must be LACP active. The ports on the other end can be either LACP active or LACP passive.
PAGE 222
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Removing Ports from a Dynamic LACP Trunk Group. To remove a port from dynamic LACP trunk operation, you must turn off LACP on the port. (On a port in an operating, dynamic LACP trunk, you cannot change between LACP dynamic and LACP passive without first removing LACP operation from the port.) Caution Unless STP is running on your network, removing a port from a trunk can result in a loop.
PAGE 223
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Trunk Group Operation Using LACP The switch can automatically configure a dynamic LACP trunk group or you can manually configure a static LACP trunk group. The methods for displaying Note LACP requires full-duplex (FDx) links of the same media type (10/100Base-T, 100FX, etc.) and speed, and enforces speed and duplex conformance across a trunk group.
PAGE 224
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Table 11-6. LACP Trunk Types LACP Port Trunk Operation Configuration Dynamic LACP This option automatically establishes an 802.3ad-compliant trunk group, with LACP for the port Type parameter and DynX for the port Group name, where X is an automatically asssigned value from 1 to 6, depending on how many dynamic trunks are currently operating on the switch.
PAGE 225
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Default Port Operation In the default configuration, all ports are configured for passive LACP. However, if LACP is not configured, the port will not try to detect a trunk configuration and will operate as a standard, untrunked port. The following table describes the elements of per-port LACP operation. To display this data for a particular switch, execute the following command in the CLI: HP4108> show lacp Table 11-7.
PAGE 226
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking LACP Notes and Restrictions Changing Trunking Methods. To convert a trunk from static to dynamic, you must first eliminate the static trunk. Static LACP Trunks. Where a port is configured for LACP (Active or Passive), but does not belong to an existing trunk group, you can add that port to a static trunk. Doing so disables dynamic LACP on that port, which means you must manually configure both ends of the trunk.
PAGE 227
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking regard for how that traffic is handled by the device at the other end of the trunked links. Similarly, the switch handles incoming traffic from the trunked links as if it were from a trunked source.
PAGE 228
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Interface Option Dynamic LACP Trunk Group Static LACP Static Non-Protocol Trunk Group or FEC Trunk Group Menu Interface No Yes Yes CLI show trunk No Yes Yes CLI show interfaces No Yes Yes CLI show lacp Yes Yes No CLI show spanning-tree No Yes Yes CLI show igmp No Yes Yes CLI show config No Yes Yes Outbound Traffic Distribution Across Trunked Links All three trunk group options (LACP, Trunk, and FEC)
PAGE 229
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking A B C D C1 Switch C 2 C3 W X Y Z Switch Figure 11-13. Example of Port-Trunked Network Table 11-8.
PAGE 230
Ports: Traffic Control and Trunking Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking 11-32
PAGE 231
12 Configuring for Network Management Applications Chapter Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2 SNMP Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2 Configuring for SNMP Access to the Switch . . . . . . . . . . . . . . . . . . . . 12-4 SNMP Communities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 232
Configuring for Network Management Applications Overview Overview You can manage the switch via SNMP from a network management station. For this purpose, HP recommends HP TopTools for Hubs & Switches — an easy-to-install and use network management application that runs on your Windows NT- or Windows 2000-based PC. HP TopTools for Hubs & Switches provides control of your switch through its web browser interface.
PAGE 233
Configuring for Network Management Applications Overview ■ Supported Standard MIBs include: • Bridge MIB (RFC 1493) dot1dBase, dot1dTp, dot1dStp • Ethernet MAU MIB (RFC 1515) dot3IfMauBasicGroup • Interfaces Evolution MIB (RFC 1573) ifGeneralGroup, ifRcvAddressGroup, ifStackGroup • RMON MIB (RFC 1757) etherstats, events, alarms, and history • SNMP MIB-II (RFC 1213) system, interfaces, at, ip, icmp, tcp, udp, snmp • Entity MIB (RFC 2037) HP Proprietary MIBs include: • Statistics for message and
PAGE 234
Configuring for Network Management Applications Overview Configuring for SNMP Access to the Switch SNMP access requires an IP address and subnet mask configured on the switch. (See “IP Configuration” on page 7-3.) If you are using DHCP/Bootp to configure the switch, ensure that the DHCP/Bootp process provides the IP address. (See “DHCP/Bootp Operation” on page 7-10.) Once an IP address has been configured, the general steps to configuring for SNMP access to the preceding features are: 1.
PAGE 235
Configuring for Network Management Applications Overview SNMP Communities SNMP Community Features Feature Default Menu show community name n/a page 12-5 page 12-7 — configure identity information none — configure community names public MIB view for a community name manager (operator, manager) write access for default community name unrestricted CLI Web page 12-7 page 12-5 page 12-8 — " " " " " " " Use SNMP communities to restrict access to the switch by SNMP management stations by adding, edi
PAGE 236
Configuring for Network Management Applications Overview Note: This screen gives an overview of the SNMP communities that are currently configured. All fields in this screen are readonly. Add and Edit options are used to modify the SNMP options. See figure 8-2. Figure 12-1. The SNMP Communities Screen (Default Values) 2. Press [A] (for Add) to display the following screen: If you are adding a community, the fields in this screen are blank.
PAGE 237
Configuring for Network Management Applications Overview snmp-server page 12-7 [contact ] page 12-7 [location ] page 12-7 [community ] page 12-8 [host ] [] page 12-10 [enable traps page 12-11 Listing Current Community Names and Values. Listing Community Names.
PAGE 238
Configuring for Network Management Applications Overview Syntax: snmp-server [contact ] [location ] Both fields allow up to 48 characters, without spaces. For example, to configure the switch with "Site-LAN-Ext.449" and a location of "Level-2-North", you would execute the following command: HP4108(config)# snmp-server contact Site-LANExt.449 location Level-2-North Configuring Community Names and Values.
PAGE 239
Configuring for Network Management Applications Overview Note Fixed or "Well-Known" Traps: The Switch 4108GL automatically sends fixed traps (such as "coldStart", "warmStart", "linkDown", and "linkUp") to trap receivers using a public community name. These traps cannot be redirected to other communities. Thus, if you change or delete the default public community name, these traps will be lost.
PAGE 240
Configuring for Network Management Applications Overview In the next example, the show snmp-server command shows that the switch has been previously configured to send SNMP traps to management stations belonging to the “public”, “red-team”, and “blue-team” communities. Example of Community Name Data (See page 12-5.) Authentication Trap Setting Example of Trap Receiver Data Figure 12-4. Example of Show SNMP-Server Listing Configuring Trap Receivers.
PAGE 241
Configuring for Network Management Applications Overview Note If you do not specify the event level ([]) then the switchwill not send event log messages as traps. "Well-Known" traps and threshold traps (if configured) will still be sent.. Using the CLI To Enable Authentication Traps If this feature is enabled, an authentication trap is sent to the configured trap receiver(s) if a management station attempts an unauthorized access of the switch.
PAGE 242
Configuring for Network Management Applications CDP CDP CDP Features Feature Default Menu CLI Web view the switch’s CDP configuration n/a — page 12-19 — view the switch’s CDP Neighbors table n/a — page 12-19 — clear (reset) the CDP Neighbors table n/a — page 12-20 — enable or disable CDP on the switch enabled — page 12-21 — enable or disable CDP operation on an individual port enabled — page 12-22 — change the transmit interval for the switch’s 60 seconds CDP packets — page
PAGE 243
Configuring for Network Management Applications CDP An SNMP utility can progressively discover CDP devices in a network by: 1. Reading a given device’s CDP Neighbor table (in the Management Information Base, or MIB) to learn about other, neighbor CDP devices 2. Using the information learned in step 1 to go to and read the neighbor devices’ CDP Neighbors tables to learn about additional CDP devices, and so on This section describes CDP operation in a Switch 4108GL.
PAGE 244
Configuring for Network Management Applications CDP Switch "A" with CDP Running CDP Neighbor Table Switch "C" data Switch "C" with CDP Running The Neighbors table in switches "A", "B", and "D" contain information on switch "C" only because it is the only neighbor for these switches. • The Neighbors table in switch "C" contains information on switches "A", "B", and "D" because all of these switches are neighbors of switch "C".
PAGE 245
Configuring for Network Management Applications CDP Switch "B" CDP-Aware Switch with CDP Running Switch "C" CDP-Aware Switch with CDP Disabled Accepts, but does not forward CDP packets describing Switch "A". Also transmits CDP packets describing itself (Switch "B") out all ports. Drops CDP packets describing Switch "A". Also, does not transmit any CDP packets describing itself (Switch "C").
PAGE 246
Configuring for Network Management Applications CDP neighbor pairs are as follows: A/1, A/2, A/3, A/B, B/C. Note that "C" and "E" are not neighbors because the intervening CDP-disabled switch "D" does not forward CDP packets; i.e. is not transparent to CDP traffic. (For the same reason, switch "E" does not have any CDP neighbors.
PAGE 247
Configuring for Network Management Applications CDP Using the example in figure 12-7: The CDP Neighbor table for switches "A" and "B" would appear similar to these: Switch A: Switch B: (Note that no CDP devices appear on port B5, which is connected to a device on which CDP is present, but disabled.) Figure 12-8.
PAGE 248
Configuring for Network Management Applications CDP Non-CDP devices (that is, devices that are not capable of running CDP) are transparent to CDP operation. However, an intervening CDP-aware device that is CDP-disabled is not transparent. For example, in figure 12-7 (page 16), "B", "D", and "E" are not CDP neighbors because "D" (the intervening CDPdisabled switch) does not forward CDP packets; i.e. is not transparent to CDP traffic. (For the same reason, switch "E" does not have any CDP neighbors.
PAGE 249
Configuring for Network Management Applications CDP Viewing the Switch’s Current CDP Configuration This command lists the switch’s global and per-port CDP configuration. (In the factory default configuration, the switch runs CDP on all ports with a hold time of 180 seconds and a transmit interval of 60 seconds.) Syntax: show cdp This example shows the default CDP configuration.
PAGE 250
Configuring for Network Management Applications CDP Figure 12-10. Example of CDP Neighbors Table Listing Figure 12-11 illustrates a topology of CDP-enabled devices for the CDP Neighbors table listing in figure 12-10. HP 4108GL HP Switch 2512 HP J4812A: Accounting 0030c1-7fcc40 HP Switch 4000M HP Switch 4000M (HP J4121A: Support) HP J4821A: Research 0060b0-761a45 0060b0-889e43 Non-CDP-Capaable Hub Management Workstation Management Workstation HP Switch 2524 (Mgmt. NIC) (Mgmt.
PAGE 251
Configuring for Network Management Applications CDP Note that the table will again list entries after the switch recives new CDP packets from neighboring CDP devices. Figure 12-12. View of the CDP Neighbors Table Immediately After Executing cdp clear Configuring CDP Operation Enabling or Disabling CDP Operation on the Switch.
PAGE 252
Configuring for Network Management Applications CDP Enabling or Disabling CDP Operation on Individual Ports. In the factory-default configuration, the switch has all ports enabled and transmitting CDP packets. Disabling CDP on a port prevents that port from sending outbound CDP packets and causes it to drop inbound CDP packets without recording their data in the CDP Neighbors table.
PAGE 253
Configuring for Network Management Applications CDP For example, if the switch’s transmit interval for CDP packets was set to a non-default value, you would use this command to reset it to one minute: Switch 4108GL(config) cdp timer 60 Changing the Hold Time (CDP Packet Time-To-Live) for a Switch’s CDP Packet Information. The default hold time for the switch’s CDP packet information in the CDP Neighbors table of another CDP device is 180 seconds (range: 5 - 254).
PAGE 254
Configuring for Network Management Applications CDP ■ Switch "A" sends outbound CDP packets on the forwarding link, and the switch "B" CDP Neighbors table shows switch "A" on only one port. ■ Switch "B" sends outbound CDP packets on both links, and the switch "A" CDP Neighbors table shows switch "B" on both ports.
PAGE 255
Configuring for Network Management Applications CDP VLAN Membership in Port C5 of Switch "Y" VID IP Address? DEFAULT_VLAN (Primary VLAN) 1 No Blue_VLAN 200 10.28.227.103 Red VLAN 300 10.28.227.88 Port A1 Switch "X" Switch "Y" CDP Enabled on Port A1 CDP Enabled on Port C5 CDP Neighbor Table CDP Neighbor Table Port | Data ------|-----------------A1 | 10.28.227.
PAGE 256
Configuring for Network Management Applications CDP Monitoring and Managing the Switch Table 12-2. CDP Neighbors Data CDP Neighbor Data Displayed Neighbors Table MIB Address Type No Yes Always "1" (IP address only). CDP Cache Address No Yes IP address of source device. Software Version Yes Yes ASCII String Device Name (ASCII string) Yes Yes In HP Procurve switches, this is the value configured for the System Name parameter.
PAGE 257
Configuring for Network Management Applications CDP Displaying CDP Neighbor Data. To display the superset of CDP neighbor data held in the MIB, use the walkmib command. Syntax: walkmib For example, with two CDP devices connected to ports A1 and A3 on the switch, you would see a walkmib listing similar to this: CDP MIB data is grouped by type. That is, the Address Types for all detected CDP devices are listed first, then the IP addresses of the source devices, and so on.
PAGE 258
Configuring for Network Management Applications CDP CDP-Capable Hubs. Some hubs are capable of running CDP, but also forward CDP packets as if the hub itself were transparent to CDP. Such hubs will appear in the switch’s CDP Neighbor table and will also maintain a CDP neighbor table similar to that for switches. For more information, refer to the documentation provided for the specific hub. Monitoring and Managing the Switch Troubleshooting CDP Operation.
PAGE 259
HP Procurve Stack Management Chapter Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-3 HP Procurve Stack Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-4 Which Devices Support Stacking? . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-5 Components of HP Procurve Stack Management . . . . . . . . . . . . . . . . 13-6 General Stacking Operation . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 260
HP Procurve Stack Management HP Procurve Stack Management Chapter Contents Transmission Interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-46 Stacking Operation with Multiple VLANs Configured . . . . . . . . . . . 13-46 Web: Viewing and Configuring Stacking . . . . . . . . . . . . . . . . . . . . . . 13-47 Status Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 261
Overview This chapter describes how to use your network to stack switches without the need for any specialized cabling—page 13-4.
PAGE 262
HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management Stacking Features Feature Default Menu CLI Web view status of a single switch n/a page 13-28 page 13-33 page 13-47 thru page 13-30 view candidate status n/a page 13-33 view status of commander and its stack n/a page 13-34 view status of all stacking-enabled switches in the ip subnet n/a page 13-34 view stack status configure stacking enable/disable candidate Auto-Join enab
PAGE 263
■ Simplify management of small workgroups or wiring closets while scaling your network to handle increased bandwidth demand. ■ Eliminate any specialized cables for stacking connectivity and remove the distance barriers that typically limit your topology options when using other stacking technologies. ■ Add switches to your network without having to first perform IP addressing tasks.
PAGE 264
HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management Components of HP Procurve Stack Management Table 13-1. Stacking Definitions Stack Consists of a Commander switch and any Member switches belonging to that Commander’s stack. Commander A switch that has been manually configured as the controlling device for a stack. When this occurs, the switch’s stacking configuration appears as Commander.
PAGE 265
Use the Commander’s console or web browser interface to access the user interface on any Member switch in the same stack. Wiring Closet "A" Member Switch 1 Candidate Switch IP Address: None Assigned IP Address: None Assigned Manager Password: leader Manager Password: francois Commander Switch 0 Non-Member Switch Member Switch 2 IP Address: 14.28.227.100 IP Address: 14.28.227.
PAGE 266
HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management ■ There is no limit on the number of stacks in the same IP subnet (broadcast domain), however a switch can belong to only one stack. ■ If multiple VLANs are configured, stacking uses only the primary VLAN on any switch. In the factory-default configuration, the DEFAULT_VLAN is the primary VLAN. (See “Stacking Operation with Multiple VLANs Configured” on page 13-46 and “Which VLAN Is Primary?” on page 14-7.
PAGE 267
IP Addressing and Stack Name Candidate Member Note Number Allowed Per Stack Passwords SNMP Communities IP Addr: Optional. n/a Configuring an IP address allows access via Telnet or web browser interface while the switch is not a stack member. In the factory default configuration the switch automatically acquires an IP address if your network includes DHCP service. Stack Name: N/A Passwords optional. If the Candidate becomes a stack Member, it assumes the Commander’s Manager and Operator passwords.
PAGE 268
HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management Overview of Configuring and Bringing Up a Stack This process assumes that: ■ All switches you want to include in a stack are connected to the same subnet (broadcast domain). ■ If VLANs are enabled on the switches you want to include in the stack, then the ports linking the stacked switches must be on the primary VLAN in each switch (which, in the default configuration, is the default VLAN).
PAGE 269
Table 13-3. Stacking Configuration Guide Join Method1 Commander Candidate (IP Addressing Required) (IP Addressing Optional) Auto Grab Auto Join Passwords Automatically add Candidate to Stack (Causes the first 15 eligible, discovered switches in the subnet to automatically join a stack.
PAGE 270
HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management General Steps for Creating a Stack This section describes the general stack creation process. For the detailed configuration processes, see pages 13-14 through 13-38 for the menu interface and pages 13-31 through 13-43 for the CLI. 1. Determine the naming conventions for the stack. You will need a stack name.
PAGE 271
3. For automatically or manually pulling Candidate switches into a stack, you can leave such switches in their default stacking configuration. If you need to access Candidate switches through your network before they join the stack, assign IP addresses to these devices. Otherwise, IP addressing is optional for Candidates and Members. (Note that once a Candidate becomes a member, you can access it through the Commander to assign IP addressing or make other configuration changes.) 4.
PAGE 272
HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management Using the Menu Interface To View Stack Status and Configure Stacking Using the Menu Interface To View and Configure a Commander Switch 1. Configure an IP address and subnet mask on the Commander switch. (See Chapter 7, “Configuring IP Addressing”.) 2. Display the Stacking Menu by selecting Stacking in the Main Menu. Figure 13-5. The Default Stacking Menu 3.
PAGE 273
Figure 13-6. The Default Stack Configuration Screen 4. Move the cursor to the Stack State field by pressing [E] (for Edit). Then use the Space bar to select the Commander option. 5. Press the downarrow key to display the Commander configuration fields in the Stack Configuration screen. Figure 13-7. The Default Commander Configuration in the Stack Configuration Screen 6. Enter a unique stack name (up to 15 characters; no spaces) and press the downarrow key. 7.
PAGE 274
HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management Using the Menu To Manage a Candidate Switch Using the menu interface, you can perform these actions on a Candidate switch: ■ Add (“push”) the Candidate into an existing stack ■ Modify the Candidate’s stacking configuration (Auto Join and Transmission Interval) ■ Convert the Candidate to a Commander ■ Disable stacking on the Candidate so that it operates as a standalone switch In its default stacking configuratio
PAGE 275
Table 13-4.Candidate Configuration Options in the Menu Interface Parameter Default Setting Other Settings Stack State Candidate Commander, Member, or Disabled Auto Join Yes No Transmission Interval 60 Seconds Range: 1 to 300 seconds Using the Menu To “Push” a Switch Into a Stack, Modify the Switch’s Configuration, or Disable Stacking on the Switch. Use Telnet or the web browser interface to access the Candidate if it has an IP address.
PAGE 276
HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management 4. Do one of the following: • To disable stacking on the Candidate, use the Space bar to select the Disabled option, then go to step 5. Note: Using the menu interface to disable stacking on a Candidate removes the Candidate from all stacking menus. • To insert the Candidate into a specific Commander’s stack: i. Use the space bar to select Member. ii.
PAGE 277
Using the Commander’s Menu To Manually Add a Candidate to a Stack. In the default configuration, you must manually add stack Members from the Candidate pool. Reasons for a switch remaining a Candidate instead of becoming a Member include any of the following: ■ Auto Grab in the Commander is set to No (the default). ■ Auto Join in the Candidate is set to No.
PAGE 278
HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management The Commander automatically selects an available switch number (SN). You have the option of assigning any other available number. Candidate List Figure 13-10. Example of Candidate List in Stack Management Screen 3. Either accept the displayed switch number or enter another available number. (The range is 0 - 15, with 0 reserved for the Commander.) 4.
PAGE 279
For status descriptions, see the table on page 13-48. New Member added in step 6. Figure 13-11. Example of Stack Management Screen After New Member Added Using the Commander’s Menu To Move a Member From One Stack to Another. Where two or more stacks exist in the same subnet (broadcast domain), you can easily move a Member of one stack to another stack if the destination stack is not full. (If you are using VLANs in your stack environment, see "Stacking Operation with a Tagged VLAN" on page 13-46.
PAGE 280
HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management You will then see the Stacking Status (All) screen: For status descriptions, see the table on page 13-48. This column lists the MAC Addresses for switches discovered (in the local subnet) that are configured for Stacking. Using the MAC addresses for these Members, you can move them between stacks in the same subnet. Figure 13-12. Example of How the Stacking Status (All) Screen Helps You Find Member MAC Addresses 3.
PAGE 281
8. 9. Note: Do one of the following: • If the stack containing the Member you are moving has a Manager password, press the downarrow key to select the Candidate Password field, then type the password. • If the stack containing the Member you want to move does not have a password, go to step 9. Press [Enter] to return to the Actions line, then press [S] (for Save) to complete the Add process for the selected Member.
PAGE 282
HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management 4. Stack Management You will then see the Stack Management screen: For status descriptions, see the table on page 13-48. Stack Member List Figure 13-13. Example of Stack Management Screen with Stack Members Listed 2. Use the downarrow key to select the Member you want to remove from the stack. Figure 13-14. Example of Selecting a Member for Removal from the Stack 3.
PAGE 283
Using the Commander To Access Member Switches for Configuration Changes and Monitoring Traffic After a Candidate becomes a stack Member, you can use that stack’s Commander to access the Member’s console interface for the same configuration and monitoring that you would do through a Telnet or direct-connect access. 1. From the Main Menu, select: 9. Stacking... 5. Stack Access You will then see the Stack Access screen: For status descriptions, see the table on page 13-48. Figure 13-16.
PAGE 284
HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management Main Menu for stack Member named "Coral Sea" (SN = 1 from figure 13-16) Figure 13-17. The eXecute Command Displays the Console Main Menu for the Selected Stack Member 2. You can now make configuration changes and/or view status data for the selected Member in the same way that you would if you were directly connected or telnetted into the switch. 3.
PAGE 285
3. Press [B] (for Back) to return to the Stacking Menu. 4. To display Stack Configuration menu for the switch you are moving, select 3. Stack Configuration 5. Press [E] (for Edit) to select the Stack State parameter. 6. Use the Space bar to select Member, then press [v] to move to the Commander MAC Address field. 7. Enter the MAC address of the destination Commander and press [Enter]. 8. Press [S] (for Save).
PAGE 286
HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management Using Any Stacked Switch To View the Status for All Switches with Stacking Enabled. This procedure displays the general status of all switches in the IP subnet (broadcast domain) that have stacking enabled. 1. Go to the console Main Menu for any switch configured for stacking and select: 9. Stacking ... 2.
PAGE 287
Figure 13-19. Example of the Commander’s Stacking Status Screen Viewing Member Status. This procedure displays the Member’s stacking information plus the Commander’s status, IP address, and MAC address. To display the status for a Member: 1. Go to the console Main Menu of the Commander switch and select 9. Stacking ... 5. Stack Access 2. Use the downarrow key to select the Member switch whose status you want to view, then press [X] (for eXecute).
PAGE 288
HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management Figure 13-20. Example of a Member’s Stacking Status Screen Viewing Candidate Status. This procedure displays the Candidate’s stacking configuration. To display the status for a Candidate: 1. Use Telnet (if the Candidate has a valid IP address for your network) or a direct serial port connection to access the menu interface Main Menu for the Candidate switch and select 9. Stacking ... 1.
PAGE 289
Using the CLI To View Stack Status and Configure Stacking The CLI enables you to do all of the stacking tasks available through the menu interface.) Table 13-6. CLI Commands for Configuring Stacking on a Switch CLI Command Operation show stack [candidates | view | all] Commander: Shows Commander’s stacking configuration and lists the stack members and their individual status.
PAGE 290
HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management CLI Command Operation [no] stack member mac-address [password ] Commander: Adds a Candidate to stack membership. “No” form removes a Member from stack membership. To easily determine the MAC address of a Candidate, use the show stack candidates command. To determine the MAC address of a Member you want to remove, use the show stack view command.
PAGE 291
Using the CLI To View Stack Status You can list the stack status for an individual switch and for other switches that have been discovered in the same subnet. Syntax: show stack [candidates | view | all] Viewing the Status of an Individual Switch. The following example illustrates how to use the CLI in a to display the stack status for that switch. In this case, the switch is in the default stacking configuration. Syntax: show stack Figure 13-22.
PAGE 292
HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management Viewing the Status of all Stack-Enabled Switches Discovered in the IP Subnet. The next example lists all the stack-configured switches discovered in the IP subnet. Because the Switch 4108GL on which the show stack all command was executed is a candidate, it is included in the “Others” category. Syntax: show stack all Figure 13-24.
PAGE 293
Using the CLI To Configure a Commander Switch You can configure any stacking-enabled switch to be a Commander as long as the intended stack name does not already exist on the broadcast domain. (When you configure a Commander, you automatically create a corresponding stack.) Before you begin configuring stacking parameters: 1. Note Configure IP addressing on the switch intended for stack commander and, if not already configured, on the primary VLAN.
PAGE 294
HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management The stack commander command configures the Commander and names the stack. The Commander appears in the stack as Switch Number (SN) 0. Figure 13-26. Example of the Commander’s Show Stack Screen with Only the Commander Discovered Using a Member’s CLI to Convert the Member to the Commander of a New Stack. This procedure requires that you first remove the Member from its current stack, then create the new stack.
PAGE 295
The output from this command tells you the MAC address of the current stack Commander. Removes the Member from the “Big_Waters” stack. Converts the former Member to the Commander of the new “Lakes” stack. Figure 13-27. Example of Using a Member’s CLI To Convert the Member to the Commander of a New Stack Adding to a Stack or Moving Switches Between Stacks You can add switches to a stack by adding discovered Candidates or by moving switches from other stacks that may exist in the same subnet.
PAGE 296
HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management Using the Commander’s CLI To Manually Add a Candidate to the Stack. To manually add a candidate, you will use: ■ A switch number (SN) to assign to the new member. Member SNs range from 1 to 15. To see which SNs are already assigned to Members, use show stack view. You can use any SN not included in the listing. (SNs are viewable only on a Commander switch.
PAGE 297
For example, if the HP 8000M in the above listing did not have a Manager password and you wanted to make it a stack Member with an SN of 2, you would execute the following command: HP4108(config)# stack member 2 mac-address 0060b0-dfla00 The show stack view command then lists the Member added by the above command: The new member did not have a System Name configured prior to joining the stack, and so receives a System Name composed of the stack name (assigned in the Commander) with its SN number as a suffi
PAGE 298
HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management ■ The Candidate’s Auto Join is set to Yes (and you do not want to enable Auto Grab on the Commander) or the Candidate’s Auto Join is set to No. ■ Either you know the MAC address of the Commander for the stack into which you want to insert the Candidate, or the Candidate has a valid IP address and is operating in your network.
PAGE 299
Syntax: stack member mac-address [password] In the destination Commander, use show stack all to find the MAC address of the Member you want to pull into the destination stack. For example, suppose you created a new Commander with a stack name of “Cold_Waters” and you wanted to move a switch named “Bering Sea” into the new stack: Move this switch into the “Cold Waters” stack. Figure 13-32.
PAGE 300
HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management Syntax: no stack name stack join If you don’t know the MAC address of the destination Commander, you can use show stack all to identify it. For example, suppose you have a Switch 4108GL operating as the Commander for a temporary stack named “Test”.
PAGE 301
Syntax: [no] stack member mac-address Use show stack view to list the stack Members. For example, suppose that you wanted to use the Commander to remove the “North Sea” Member from the following stack: Remove this Member from the stack. Figure 13-34.
PAGE 302
HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management You would then execute this command in the “North Sea” switch’s CLI to remove the switch from the stack: North Sea(config)# no stack join 0030c1-7fec40 Using the CLI To Access Member Switches for Configuration Changes and Traffic Monitoring After a Candidate becomes a Member, you can use the telnet command from the Commander to access the Member’s CLI or console interface for the same configuration and monitoring that
PAGE 303
SNMP Community Operation in a Stack Community Membership In the default stacking configuration, when a Candidate joins a stack, it automatically becomes a Member of any SNMP community to which the Commander belongs, even though any community names configured in the Commander are not propagated to the Member’s SNMP Communities listing. However, if a Member has its own (optional) IP addressing, it can belong to SNMP communities to which other switches in the stack, including the Commander, do not belong.
PAGE 304
HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management Note that in the above example (figure 13-37) you cannot use the public community through the Commander to access any of the Member switches. For example, you can use the public community to access the MIB in switches 1 and 3 by using their unique IP addresses. However, you must use the red or blue community to access the MIB for switch 2. snmpget 10.31.29.
PAGE 305
■ Stacking uses only the primary VLAN on each switch in a stack. ■ The primary VLAN can be tagged or untagged as needed in the stacking path from switch to switch. ■ The same VLAN ID (VID) must be assigned to the primary VLAN in each stacked switch. Web: Viewing and Configuring Stacking Figure 13-38. Example of the Web Browser Interface for a Commander The web browser interface for a Commander appears as shown above.
PAGE 306
HP Procurve Stack Management HP Procurve Stack Management HP Procurve Stack Management Status Messages Stacking screens and listings display these status messages: Message Condition Action or Remedy Candidate Auto-join Indicates a switch configured with Stack State set to Candidate, Auto Join set to Yes (the default), and no Manager password.
PAGE 307
14 Port-Based Virtual LANs (VLANs) and GVRP Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-3 Port-Based Virtual LANs (Static VLANs) . . . . . . . . . . . . . . . . . . . . . . 14-4 Overview of Using VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-7 VLAN Support and the Default VLAN . . . . . . . . . . . . . . . . . . . . . . 14-7 Which VLAN Is Primary? . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 308
Port-Based Virtual LANs (VLANs) and GVRP Contents Configuring GVRP On a Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Menu: Viewing and Configuring GVRP . . . . . . . . . . . . . . . . . . . . CLI: Viewing and Configuring GVRP . . . . . . . . . . . . . . . . . . . . . . Web: Viewing and Configuring GVRP . . . . . . . . . . . . . . . . . . . . . 14-37 14-37 14-39 14-42 Port-Based Virtual LANs (VLANs) and GVRP GVRP Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 309
Port-Based Virtual LANs (VLANs) and GVRP Overview Overview ■ Port-Based VLANs — Page 14-4: ■ GVRP — Page 14-30: For general information on how to use the switch’s built-in interfaces, see: ■ Chapter 2, “Using the Menu Interface” ■ Chapter 3, “Using the Command Line Interface (CLI)” ■ Chapter 4, “Using the HP Web Browser Interface ■ Chapter 5, “Switch Memory and Configuration” 14-3 Port-Based Virtual LANs (VLANs) and GVRP This chapter describes the following features and how to configure them
PAGE 310
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) Port-Based Virtual LANs (Static VLANs) Port-Based Virtual LANs (VLANs) and GVRP VLAN Features Feature Default view existing VLANs n/a configuring static VLANs Menu CLI Web page 14-11 page 14-17 page 14-22 thru 14-16 default VLAN with page 14-11 page 14-16 page 14-22 VID = 1 thru 14-16 configuring dynamic disabled VLANs See “GVRP” on page 14-30.
PAGE 311
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) eliminated and bandwidth is saved by not allowing packets to flood out all ports. An external router is required to enable separate VLANs on a switch to communicate with each other. Switch with Two VLANs Configured VLAN_1 Port A1 Port A2 Port A3 Port A4 External Router Port A8 Port A5 Port A6 Port A7 VLAN_2 Figure 14-1. Example of Routing Between VLANs via an External Router Overlapping (Tagged) VLANs.
PAGE 312
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) Port-Based Virtual LANs (VLANs) and GVRP Switch 4108 Figure 14-2. Example of Overlapping VLANs Using the Same Server Similarly, using 802.1Q-compliant switches, you can connect multiple VLANs through a single switch-to-switch link. Switch 2524 4108 Switch 4108 Figure 14-3. Example of Connecting Multiple VLANs Through the Same Link Introducing Tagged VLAN Technology into Networks Running Legacy (Untagged) VLANs.
PAGE 313
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) Switch 2524 Switch 2524 Switch 4108 Switch Switch 4108 Port-Based Virtual LANs (VLANs) and GVRP Tagged VLAN Link Untagged VLAN Links Non-802.1Qcompliant switch Figure 14-4.
PAGE 314
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) Port-Based Virtual LANs (VLANs) and GVRP to ensure that multiple instances of DHCP or Bootp on different VLANs do not result in conflicting configuration values for the switch. The primary VLAN is the VLAN the switch uses to run and manage these features and data. In the factory-default configuration, the switch designates the default VLAN (DEFAULT_VLAN) as the primary VLAN.
PAGE 315
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) Example of Per-Port VLAN Configuration with GVRP Disabled (the default) Example of Per-Port VLAN Configuration with GVRP Enabled Port-Based Virtual LANs (VLANs) and GVRP Enabling GVRP causes “No” to display as “Auto”. Figure 14-5. Comparing Per-Port VLAN Options With and Without GVRP Table 14-1.
PAGE 316
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) General Steps for Using VLANs Port-Based Virtual LANs (VLANs) and GVRP 1. Plan your VLAN strategy and create a map of the logical topology that will result from configuring VLANs. Include consideration for the interaction between VLANs and other features such as Spanning Tree Protocol, load balancing, and IGMP. (Refer to “Effect of VLANs on Other Switch Features” on page 14-27.
PAGE 317
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) Menu: Configuring VLAN Parameters To Change VLAN Support Settings This section describes: ■ Changing the maximum number of VLANs to support ■ Changing the primary VLAN selection (See “Changing the Primary VLAN” on page 14-19.) ■ Enabling or disabling dynamic VLANs (See “GVRP” on page 14-30.) 1. From the Main Menu select: 2. Switch Configuration 8. VLAN Menu . . . 1.
PAGE 318
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) Note ■ To change the maximum number of VLANs, type the new number (1 - 30 allowed; default 8). ■ To designate a different VLAN as the primary VLAN, select the Primary VLAN field and use the space bar to select from the existing options. ■ To enable or disable dynamic VLANs, select the GVRP Enabled field and use the Space bar to toggle between options.
PAGE 319
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) Adding or Editing VLAN Names Use this procedure to add a new VLAN or to edit the name of an existing VLAN. 1. From the Main Menu select: If multiple VLANs are not yet configured you will see a screen similar to figure 14-8: Default VLAN and VLAN ID Figure 14-8. The Default VLAN Names Screen 2. Press [A] (for Add). You will then be prompted for a new VLAN name and VLAN ID: 802.1Q VLAN ID : 1 Name : _ 3.
PAGE 320
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) Example of a New VLAN and ID Figure 14-9. Example of VLAN Names Screen with a New VLAN Added 6. Repeat steps 2 through 5 to add more VLANs. Remember that you can add VLANs until you reach the number specified in the Maximum VLANs to support field on the VLAN Support screen (see figure 14-6 on page 14-11). This includes any VLANs added dynamically due to GVRP operation. 7.
PAGE 321
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) Port-Based Virtual LANs (VLANs) and GVRP Default: In this example, the “VLAN-22” has been defined, but no ports have yet been assigned to it. (“No” means the port is not assigned to that VLAN.) Using GVRP? If you plan on using GVRP, any ports you don’t want to join should be changed to “Forbid”. A port can be assigned to several VLANs, but only one of those assignments can be “Untagged”. Figure 14-10.
PAGE 322
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) Ports A4 and A5 are assigned to both VLANs. Ports A6 and A7 are assigned only to VLAN-22. All other ports are assigned only to the Default VLAN. Figure 14-11. Example of VLAN Assignments for Specific Ports For information on VLAN tags (“Untagged” and “Tagged”), refer to “VLAN Tagging Information” on page 14-23. d. 3.
PAGE 323
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) VLAN Commands Used in this Section below show vlan page 14-18 max-vlans <1..30> page 14-19 primary-vlan page 14-19 [no] vlan page 14-20 name page 14-21 [no] tagged page 14-21 [no] untagged page 14-21 [no] forbid page 14-21 auto page 14-21 (Available if GVRP enabled.) static-vlan page 14-21 (Available if GVRP enabled.
PAGE 324
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) Displaying the Configuration for a Particular VLAN . This command uses the VID to identify and display the data for a specific static or dynamic VLAN. show vlan Port-Based Virtual LANs (VLANs) and GVRP Syntax: Figure 14-13. Example of “Show VLAN” for a Specific Static VLAN Show VLAN lists this data when GVRP is enabled and at least one port on the switch has dynamically joined the designated VLAN. Figure 14-14.
PAGE 325
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) Syntax: max-vlans <1 .. 30> For example, to reconfigure the switch to allow 10 VLANs: Note that you can execute these three steps at another time. Figure 14-15. Example of Command Sequence for Changing the Number of VLANs Changing the Primary VLAN. In the factory-default configuration, the default VLAN (DEFAULT_VLAN) is the primary VLAN. However, you can designate any static VLAN on the switch as the primary VLAN.
PAGE 326
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) Creating a New Static VLAN Changing the VLAN Context Level. Port-Based Virtual LANs (VLANs) and GVRP With this command, entering a new VID creates a new static VLAN. Entering the VID or name of an existing static VLAN places you in the context level for that VLAN. Syntax: vlan [name ] Creates a new static VLAN if a VLAN with that VID does not already exist, and places you in that VLAN’s context level.
PAGE 327
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) Syntax: static-vlan (Use show vlan to list current VIDs.) For example, suppose a dynamic VLAN with a VID of 125 exists on the switch. The following command converts the VLAN to a static VLAN. HP4108(config)# static-vlan 125 Configuring Static VLAN Name and Per-Port Settings.
PAGE 328
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) (For information on dynamic VLAN and GVRP operation, see “GVRP” on page 14-30.) Port-Based Virtual LANs (VLANs) and GVRP For example, suppose you have a VLAN named VLAN100 with a VID of 100, and all ports are set to No for this VLAN.
PAGE 329
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) 3. Click on [Add/Remove VLANs]. For web-based Help on how to use the web browser interface screen, click on the [?] button provided on the web browser screen. VLAN tagging enables traffic from more than one VLAN to use the same port. (Even when two or more VLANs use the same port they remain as separate domains and cannot receive traffic from each other without going through an external router.
PAGE 330
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) Blue Server Port-Based Virtual LANs (VLANs) and GVRP Red VLAN Red Server 5 4 3 Blue VLAN 2 Green Server Red VLAN: Untagged Green VLAN: Tagged 6 Switch "X" White Server 7 1 Green VLAN Ports 1-6: Untagged Port 7: Red VLAN Untagged Green VLAN Tagged 4 5 White VLAN 3 Switch "Y" 1 Red VLAN 2 Green VLAN Ports 1-4: Untagged Port 5: Red VLAN Untagged Green VLAN Tagged Figure 14-17.
PAGE 331
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) Note Each 802.1Q-compliant VLAN must have its own unique VID number, and that VLAN must be given the same VID in every device in which it is configured. That is, if the Red VLAN has a VID of 10 in switch X, then 10 must also be used for the Red VID in switch Y. Port-Based Virtual LANs (VLANs) and GVRP VID Numbers Figure 14-18.
PAGE 332
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) Server S2 Server S1 Port-Based Virtual LANs (VLANs) and GVRP Red VLAN: Untagged Green VLAN: Tagged X1 Switch "X" X4 Red VLAN X2 Red VLAN: Untagged Green VLAN: Tagged Red VLAN: Untagged Green VLAN: Tagged Y1 Y5 Switch "Y" Y4 X3 Green VLAN Y2 Green VLAN only Server S3 Y3 Red VLAN Green VLAN Figure 14-19. Example of Networked 802.
PAGE 333
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) To summarize: Tagging Scheme 1 Untagged or Tagged. If the device connected to the port is 802.1Q-compliant, then the recommended choice is “Tagged”. 2 or More 1 VLAN Untagged; all others Tagged or All VLANs Tagged A given VLAN must have the same VID on any 802.1Q-compliant device in which the VLAN is configured. The ports connecting two 802.
PAGE 334
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) VLAN MAC Addresses Port-Based Virtual LANs (VLANs) and GVRP The switch has one unique MAC address for each of its VLAN interfaces. You can send an 802.2 test packet to this MAC address to verify connectivity to the switch. Likewise, you can assign an IP address to the VLAN interface, and when you Ping that address, ARP will resolve the IP address to this MAC address.
PAGE 335
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (Static VLANs) VLAN Restrictions A port must be a member of at least one VLAN. In the factory default configuration, all ports are assigned to the default VLAN (DEFAULT_VLAN; VID = 1). ■ A port can be assigned to several VLANs, but only one of those assignments can be untagged. (The “Untagged” designation enables VLAN operation with non 802.1Q-compliant devices.
PAGE 336
Port-Based Virtual LANs (VLANs) and GVRP GVRP Port-Based Virtual LANs (VLANs) and GVRP GVRP Feature Default Menu CLI Web view GVRP configuration n/a page 14-37 page 14-39 page 14-42 list static and dynamic VLANs on a GVRP-enabled switch n/a — page 14-41 page 14-42 enable or disable GVRP on the disabled switch page 14-37 page 14-40 page 14-42 enable or disable GVRP on individual ports page 14-37 page 14-40 — Learn control how individual ports will handle advertisements for new VLANs
PAGE 337
Port-Based Virtual LANs (VLANs) and GVRP GVRP General Operation A dynamic VLAN (that is, a VLAN learned through GVRP) is tagged on the port on which it was learned. Also, a GVRP-enabled port can forward an advertisement for a VLAN it learned about from other ports on the same switch (internal source), but the forwarding port will not itself join that VLAN until an advertisement for that VLAN is received through a link from another device (external source) on that specific port.
PAGE 338
Port-Based Virtual LANs (VLANs) and GVRP GVRP For example, in the following figure, Tagged VLAN ports on switch “A” and switch “C” advertise VLANs 22 and 33 to ports on other GVRP-enabled switches that can dynamically join the VLANs. Switch “C” GVRP On Port-Based Virtual LANs (VLANs) and GVRP Switch “A” GVRP On 1 5 Tagged VLAN 22 11 Tagged VLAN 33 Switch “B” (No GVRP) Switch “C”: Port 5 dynamically joins VLAN 22. Ports 11 and 12 belong to Tagged VLAN 33.
PAGE 339
Port-Based Virtual LANs (VLANs) and GVRP GVRP Note also that a port belonging to a Tagged or Untagged static VLAN has these configurable options: Send VLAN advertisements, and also receive advertisements for VLANs on other ports and dynamically join those VLANs. ■ Send VLAN advertisements, but ignore advertisements received from other ports. ■ Avoid GVRP participation by not sending advertisements and dropping any advertisements received from other devices. IP Addressing.
PAGE 340
Port-Based Virtual LANs (VLANs) and GVRP GVRP Table 14-2. Options for Handling “Unknown VLAN” Advertisements: Port-Based Virtual LANs (VLANs) and GVRP Unknown VLAN Operation Mode Learn (the Default) Enables the port to dynamically join any VLAN for which it receives an advertisement, and allows the port to advertise other other VLANs it knows. Block Prevents the port from dynamically joining a VLAN that is not statically configured on that port.
PAGE 341
Port-Based Virtual LANs (VLANs) and GVRP GVRP Per-Port Options for Dynamic VLAN Advertising and Joining Enabling a Port for Dynamic Joins. You can configure a port to dynamically join a static VLAN. The join will then occur if that port subsequently receives an advertisement for the static VLAN. (This is done by using the Auto and Learn options described in table 14-3, below. Parameters for Controlling VLAN Propagation Behavior.
PAGE 342
Port-Based Virtual LANs (VLANs) and GVRP GVRP Port-Based Virtual LANs (VLANs) and GVRP As the preceeding table indicates, when you enable GVRP, a port that has a Tagged or Untagged static VLAN has the option for both generating advertisements and dynamically joining other VLANs. Note In table 14-3, above, the Unknown VLAN parameters are configured on a perport basis using the CLI.
PAGE 343
Port-Based Virtual LANs (VLANs) and GVRP GVRP Planning for GVRP Operation These steps outline the procedure for setting up dynamic VLANs for a segment. Determine the VLAN topology you want for each segment (broadcast domain) on your network. 2. Determine the VLANs that must be static and the VLANs that can be dynamically propagated. 3. Determine the device or devices on which you must manually create static VLANs in order to propagate VLANs throughout the segment. 4.
PAGE 344
Port-Based Virtual LANs (VLANs) and GVRP GVRP Port-Based Virtual LANs (VLANs) and GVRP 2. Switch Configuration . . . 8. VLAN Menu . . . 1. VLAN Support Figure 14-23. The VLAN Support Screen (Default Configuration) 2. Do the following to enable GVRP and display the Unknown VLAN fields: a. Press [E] (for Edit). b. Use [v] to move the cursor to the GVRP Enabled field. c. Press the Space bar to select Yes. d. Press [v] again to display the Unknown VLAN fields.
PAGE 345
Port-Based Virtual LANs (VLANs) and GVRP GVRP CLI: Viewing and Configuring GVRP GVRP Commands Used in This Section show gvrp below page 14-40 unknown-vlans page 14-40 Displaying the Switch’s Current GVRP Configuration. This command shows whether GVRP is disabled, along with the current settings for the maximum number of VLANs and the current Primary VLAN. (For more on the last two parameters, see “Port-Based Virtual LANs (Static VLANs)” on page 14-4.) Syntax: show gvrp Shows the current settings.
PAGE 346
Port-Based Virtual LANs (VLANs) and GVRP GVRP Enabling and Disabling GVRP on the Switch. This command enables GVRP on the switch. Syntax: gvrp Port-Based Virtual LANs (VLANs) and GVRP This example enables GVRP: HP4108(config)# gvrp This example disables GVRP operation on the switch: HP4108(config)# no gvrp Enabling and Disabling GVRP On Individual Ports. When GVRP is enabled on the switch, use the unknown-vlans command to change the Unknown VLAN field for one or more ports.
PAGE 347
Port-Based Virtual LANs (VLANs) and GVRP GVRP Displaying the Static and Dynamic VLANs Active on the Switch. The show vlans command lists all VLANs present in the switch. Syntax: show vlans Switch “A” Switch “B” GVRP enabled. GVRP enabled. 1 Static VLANs: 3 Static VLANs: – DEFAULT_VLAN – VLAN-222 – VLAN-333 Port 1: Set to “Learn” Mode – DEFAULT_VLAN The show vlans command lists the dynamic (and static) VLANs in switch “B” after it has learned and joined VLAN-222 and VLAN-333.
PAGE 348
Port-Based Virtual LANs (VLANs) and GVRP GVRP Converting a Dynamic VLAN to a Static VLAN.
PAGE 349
Port-Based Virtual LANs (VLANs) and GVRP GVRP Converting a dynamic VLAN to a static VLAN and then executing the write memory command saves the VLAN in the startup-config file and makes it a permanent part of the switch’s VLAN configuration. ■ Within the same broadcast domain, a dynamic VLAN can pass through a device that is not GVRP-aware. This is because a hub or a switch that is not GVRP-ware will flood the GVRP (multicast) advertisement packets out all ports.
PAGE 350
Port-Based Virtual LANs (VLANs) and GVRP Port-Based Virtual LANs (VLANs) and GVRP GVRP 14-44
PAGE 351
15 Multimedia Traffic Control with IP Multicast (IGMP) Chapter Contents Chapter Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1 General Operation and Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-3 IGMP Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-4 IGMP Operating Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 352
Multimedia Traffic Control with IP Multicast (IGMP) Overview Overview This chapter describes the following features and how to configure them with the switch’s built-in interfaces: ■ Multimedia Traffic Control with IP Multicast (IGMP): Use the switch to reduce unnecessary bandwidth usage on a per-port basis by configuring IGMP controls.
PAGE 353
Multimedia Traffic Control with IP Multicast (IGMP) General Operation and Features General Operation and Features IGMP Features Default Menu CLI Web view igmp configuration n/a — page 15-6 — show igmp status for multicast groups used by the selected VLAN n/a — Yes — enabling or disabling IGMP (Requires VLAN ID Context) disabled — page 15-8 page 15-10 per-port packet control auto — page 15-9 — IGMP traffic priority normal — page 15-9 — querier enabled — page 15-10 — In a ne
PAGE 354
Multimedia Traffic Control with IP Multicast (IGMP) General Operation and Features Note IGMP configuration on the Switch 4108GL operates at the VLAN context level. If you are not using VLANs, then configure IGMP in VLAN 1 (the default VLAN) context. Multimedia Traffic Control with IP Multicast (IGMP) IGMP Terms 15-4 ■ IGMP Device: A switch or router running IGMP traffic control features. ■ IGMP Host: An end-node device running an IGMP (multipoint, or multicast communication) application.
PAGE 355
Multimedia Traffic Control with IP Multicast (IGMP) General Operation and Features IGMP Operating Features Basic Operation In the factory default configuration, IGMP is disabled. If multiple VLANs are not configured, you must configure IGMP on the default VLAN (DEFAULT_VLAN; VID = 1). If multiple VLANs are configured, you must configure IGMP on a per-VLAN basis for every VLAN where this feature is desired. Enhancements With the CLI, you can configure these additional options: Forward with High Priority.
PAGE 356
Multimedia Traffic Control with IP Multicast (IGMP) CLI: Configuring and Displaying IGMP ■ Notes Querier Capability: The switch performs this function for IGMP on VLANs having an IP address when there is no other device in the VLAN acting as querier. See “Querier Operation” on page 15-18. Whenever IGMP is enabled, the switch generates an Event Log message indicating whether querier functionality is enabled.
PAGE 357
Multimedia Traffic Control with IP Multicast (IGMP) CLI: Configuring and Displaying IGMP Viewing the Current IGMP Configuration. This command lists the IGMP configuration for all VLANs configured on the switch or for a specific VLAN.
PAGE 358
Multimedia Traffic Control with IP Multicast (IGMP) CLI: Configuring and Displaying IGMP IGMP Configuration for the Selected VLAN Multimedia Traffic Control with IP Multicast (IGMP) IGMP Configuration On the Individual Ports in the VLAN Figure 15-2. Example Listing of IGMP Configuration for A Specific VLAN Enabling or Disabling IGMP on a VLAN.
PAGE 359
Multimedia Traffic Control with IP Multicast (IGMP) CLI: Configuring and Displaying IGMP Configuring Per-Port IGMP Packet Control. Use this command in the VLAN context to specify how each port should handle IGMP traffic. Syntax: vlan ip igmp [auto | blocked | forward ] Default: auto For example, suppose you wanted to configure IGMP as follows for VLAN 1 on the 100/1000T ports on a module in slot 1: auto Filter multicast traffic.
PAGE 360
Multimedia Traffic Control with IP Multicast (IGMP) CLI: Configuring and Displaying IGMP Returns IGMP traffic to high-priority-forward “normal” priority. HP4108(vlan 1)# no ip igmp HP4108> show ip igmp config Show command to display results of above high-priority commands. Multimedia Traffic Control with IP Multicast (IGMP) Configuring the Querier Function. The default querier capability is “enabled”. This command disables or re-enables the ability for the switch to become querier if necessary.
PAGE 361
Multimedia Traffic Control with IP Multicast (IGMP) How IGMP Operates How IGMP Operates The Internet Group Management Protocol (IGMP) is an internal protocol of the Internet Protocol (IP) suite. IP manages multicast traffic by using switches, multicast routers, and hosts that support IGMP. (In Hewlett-Packard’s implementation of IGMP, a multicast router is not necessary as long as a switch is configured to support IGMP with the querier feature enabled.
PAGE 362
Multimedia Traffic Control with IP Multicast (IGMP) How IGMP Operates Thus, IGMP identifies members of a multicast group (within a subnet) and allows IGMP-configured hosts (and routers) to join or leave multicast groups. IGMP Data. To display data showing active group addresses, reports, queries, querier access port, and active group address data (port, type, and access), see “Internet Group Management Protocol (IGMP) Status” on page 17-19.
PAGE 363
Multimedia Traffic Control with IP Multicast (IGMP) How IGMP Operates Automatic Fast-Leave IGMP IGMP Operation Presents a "Delayed Leave" Problem.
PAGE 364
Multimedia Traffic Control with IP Multicast (IGMP) How IGMP Operates In the next figure, automatic Fast-Leave operates on the switch ports for IGMP clients "3A" and "5B", but not on the switch port for IGMP clients "7A" and 7B, Server "7C", and printer "7D". Fast-Leave IGMP automatically operates on the ports connected to IGMP clients 3A and 5A, but does not operate on the port connected to Switch 7X because the Switch 4108GL detects multiple end nodes on that port.
PAGE 365
Multimedia Traffic Control with IP Multicast (IGMP) How IGMP Operates Configuration Options for Forced Fast-Leave Feature Default Settings Function Forced Fast- 2 1 (enabled) Uses the setmib command to enable or disable Leave state (disabled) 2 (disabled) Forced Fast-Leave on individual ports. When enabled on a port, Forced Fast-Leave operates only if the switch detects multiple end nodes (and at least one IGMP client) on that port.
PAGE 366
Multimedia Traffic Control with IP Multicast (IGMP) How IGMP Operates - OR walkmib 1.3.6.1.4.1.11.2.14.11.5.1.7.1.15.3.1.5 The resulting display lists the Forced Fast-Leave state for all ports in the switch, by VLAN. (A port belonging to more than one VLAN will be listed once for each VLAN, and if multiple VLANs are not configured, all ports will be listed as members of the default VLAN.
PAGE 367
Multimedia Traffic Control with IP Multicast (IGMP) How IGMP Operates The 2 shows that Fast Forced-Leave is disabled on port 7. The 6 specifies port A6. The 1 indicates the default VLAN. (See the "Note on VLAN Numbers" on page 15-15.) Figure 15-5. Example Listing the Forced Fast-Leave State for a Single Port on the Default VLAN In the factory-default configuration, Forced Fast-Leave is disabled for all ports on the switch.
PAGE 368
Multimedia Traffic Control with IP Multicast (IGMP) How IGMP Operates DEFAULT_CONFIG: setmib hpSwitchIgmpPortForcedLeaveState.1.49 -i 1 Verifies Forced Fast-Leave enabled. 49 indicates port C1. 1 indicates the default VLAN. (See the note on page 15-15.) Multimedia Traffic Control with IP Multicast (IGMP) Figure 15-6.
PAGE 369
Multimedia Traffic Control with IP Multicast (IGMP) The Switch Excludes Well-Known or Reserved Multicast Addresses from IP Multicast Filtering In the above scenario, if the other device ceases to operate as a Querier on the default VLAN, then the switch detects this change and can become the Querier as long as it is not pre-empted by some other IGMP Querier on the VLAN.
PAGE 370
Multimedia Traffic Control with IP Multicast (IGMP) The Switch Excludes Well-Known or Reserved Multicast Addresses from IP Multicast Filtering Note: IP Multicast Filters. IP multicast addresses occur in the range from 224.0.0.0 through 239.255.255.255 (which corresponds to the Ethernet multicast address range of 01005e-000000 through 01005e-7fffff).
PAGE 371
16 Spanning Tree Protocol (STP) Chapter Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-2 Menu: Configuring STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-4 CLI: Configuring STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-5 Web: Enabling or Disabling STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-9 How STP Operates .
PAGE 372
Spanning Tree Protocol (STP) Overview Overview STP Features Feature Default Menu CLI Web viewing the STP configuration n/a page 16-4 page 16-5 — enable/disable STP disabled page 16-4 page 16-6 page 16-9 reconfiguring general operation priority: 32768 page 16-4 max age: 20 s hello time: 2 s fwd.
PAGE 373
Spanning Tree Protocol (STP) Overview As recommended in the IEEE 802.1Q VLAN standard, the Switch 4108GL uses single-instance STP. (As a result, the switch generates untagged Bridge Protocol Data Units—BPDUs.) This implementation creates a single spanning tree to make sure there are no network loops associated with any of the connections to the switch, regardless of whether multiple VLANs are configured on the switch.
PAGE 374
Spanning Tree Protocol (STP) Menu: Configuring STP Menu: Configuring STP 1. From the Main Menu, select: 2. Switch Configuration . . . 4. Spanning Tree Operation 2. Press [E] (for Edit) to highlight the Spanning Tree Enabled parameter. 3. Press the Space bar to select Yes . (Yes in this field means to enable STP.) ) Use this field to enable or disable STP. Spanning Tree Protocol (STP) Read-Only Fields Figure 16-1. Example of the STP Configuration Screen 4.
PAGE 375
Spanning Tree Protocol (STP) CLI: Configuring STP 7. When you are finished editing parameters, press [Enter] to return to the Actions line. 8. Press [S] to save the currently displayed STP parameter settings, then return to the Main Menu.
PAGE 376
Spanning Tree Protocol (STP) Spanning Tree Protocol (STP) CLI: Configuring STP Figure 16-2. Example of the Default STP Configuration Listing Enabling or Disabling STP. Enabling STP implements the spanning-tree protocol for all physical ports on the switch, regardless of whether multiple VLANs are configured. Disabling STP removes protection against redundant loops that can significantly slow or halt a network.
PAGE 377
Spanning Tree Protocol (STP) CLI: Configuring STP Caution Because incorrect STP settings can adversely affect network performance, HP recommends that you use the default STP parameter settings. You should not change these settings unless you have a strong understanding of how STP operates. For more on STP, see the IEEE 802.1D standard. HP4108(config)# spanning tree Enables STP on the switch. Reconfiguring General STP Operation on the Switch.
PAGE 378
Spanning Tree Protocol (STP) CLI: Configuring STP For example, to configure a maximum-age of 30 seconds and a hello-time of 3 seconds for STP: HP4108(config)# spanning-tree maximum-age 30 hello-time 3 Reconfiguring Per-Port STP Operation on the Switch. This command enables STP (if not already enabled) and configures the following per-port parameters: Table 16-2.
PAGE 379
Spanning Tree Protocol (STP) Web: Enabling or Disabling STP Web: Enabling or Disabling STP In the web browser interface you can enable or disable STP on the switch. To configure other STP features, telnet to the switch console and use the CLI. To enable or disable STP on the switch: 1. Click on the Configuration tab 2. Click on [Device Features]. 3. Enable or disable STP. 4. Click on [Apply Changes] to implement the configuration change.
PAGE 380
Spanning Tree Protocol (STP) How STP Operates • Active path from node A to node B: 1—> 3 • Backup (redundant) path from node A to node B: 4 —> 2 —> 3 switch A 1 path cost: 100 2 3 path cost: 100 path cost: 100 switch B 4 switch C switch D path cost:200 node A node B Figure 16-3.
PAGE 381
Spanning Tree Protocol (STP) How STP Operates If you encounter end nodes that repeatedly indicate server access failure when attempting to bring up their network connection, and you have enabled STP on the switch, try changing the configuration of the switch ports associated with those end nodes to STP Fast Mode. Caution The Fast Mode configuration should be used only on switch ports connected to end nodes.
PAGE 382
Spanning Tree Protocol (STP) How STP Operates STP Operation with 802.1Q VLANs As recommended in the IEEE 802.1Q VLAN standard, when spanning tree is enabled on the switch, a single spanning tree is configured for all ports across the switch, including those in separate VLANs (that is, single-instance STP, which generates untagged BPDUs). This means that if redundant physical links exist in separate VLANs, spanning tree will block all but one of those links.
PAGE 383
Spanning Tree Protocol (STP) How STP Operates Spanning Tree Protocol (STP) 16-13
PAGE 384
Spanning Tree Protocol (STP) Spanning Tree Protocol (STP) How STP Operates 16-14
PAGE 385
17 Monitoring and Analyzing Switch Operation Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-2 Status and Counters Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17- 3 Menu Access To Status and Counters . . . . . . . . . . . . . . . . . . . . . . . . . 17-4 General System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-5 Switch Management Address Information . .
PAGE 386
Monitoring and Analyzing Switch Operation Overview Overview The Switch 4108GL has several built-in tools for monitoring, analyzing, and troubleshooting switch and network operation: Monitoring and Analyzing Switch Operation Note 17-2 ■ Status: Includes options for displaying general switch information, management address data, port status, port and trunk group statistics, MAC addresses detected on each port or VLAN, and STP, IGMP, and VLAN data (page 17-3).
PAGE 387
Monitoring and Analyzing Switch Operation Status and Counters Data Status and Counters Data This section describes the status and counters screens available through the switch console interface and/or the web browser interface. Note Status or Counters Type You can access all console screens from the web browser interface via Telnet to the console. Telnet access to the switch is available in the Device View window under the Configuration tab.
PAGE 388
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access To Status and Counters Beginning at the Main Menu, display the Status and Counters menu by selecting: 1. Status and Counters Figure 17-1. The Status and Counters Menu Monitoring and Analyzing Switch Operation Each of the above menu items accesses the read-only screens described on the following pages. Refer to the online help for a description of the entries displayed in these screens.
PAGE 389
Monitoring and Analyzing Switch Operation Status and Counters Data General System Information Menu Access From the console Main Menu, select: 1. Status and Counters 1. General System Information Figure 17-2. Example of General Switch Information This screen dynamically indicates how individual switch resources are being used. See the online Help for details.
PAGE 390
Monitoring and Analyzing Switch Operation Status and Counters Data Switch Management Address Information Menu Access From the Main Menu, select: 1 Status and Counters . . . 2. Switch Management Address Information Figure 17-3. Example of Management Address Information with VLANs Configured This screen displays addresses that are important for management of the switch. If multiple VLANs are not configured, this screen displays a single IP address for the entire switch. See the online Help for details.
PAGE 391
Monitoring and Analyzing Switch Operation Status and Counters Data Module Information Use this feature to determine which slots have modules installed and which type(s) of modules are installed. Menu: Displaying Port Status From the Main Menu, select: 1. Status and Counters . . . 3. Module Information Figure 17-4.
PAGE 392
Monitoring and Analyzing Switch Operation Status and Counters Data Port Status The web browser interface and the console interface show the same port status data. Menu: Displaying Port Status From the Main Menu, select: 1. Status and Counters . . . 4. Port Status Monitoring and Analyzing Switch Operation Figure 17-5. Example of Port Status on the Menu Interface CLI Access Syntax: show interfaces brief Web Access 17-8 1. Click on the Status tab. 2. Click on [Port Status].
PAGE 393
Monitoring and Analyzing Switch Operation Status and Counters Data Viewing Port and Trunk Group Statistics and Flow Control Status Feature Default Menu CLI Web viewing port and trunk statistics for all ports, and flow control status n/a page 17-10 page 17-11 page 17-11 viewing a detailed summary for a particular port or trunk n/a page 17-10 page 17-11 page 17-11 resetting counters n/a page 17-10 page 17-11 page 17-11 These features enable you to determine the traffic patterns for each port si
PAGE 394
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to Port and Trunk Statistics To access this screen from the Main Menu, select: 1. Status and Counters . . . 4. Port Counters Figure 17-6. Example of Port Counters on the Menu Interface Monitoring and Analyzing Switch Operation To view details about the traffic on a particular port, use the [v] key to highlight that port number, then select Show Details.
PAGE 395
Monitoring and Analyzing Switch Operation Status and Counters Data CLI Access To Port and Trunk Group Statistics To Display the Port Counter Summary Report. This command provides an overview of port activity for all ports on the switch. Syntax: show interfaces To Display a Detailed Traffic Summary for Specific Ports. This command provides traffic details for the port(s) you specify. Syntax: show interfaces [ethernet] To Reset the Port Counters for a Specific Port.
PAGE 396
Monitoring and Analyzing Switch Operation Status and Counters Data Viewing the Switch’s MAC Address Tables Feature Default Menu CLI Web viewing MAC addresses on all ports on a specific VLAN n/a page 17-13 page 17-15 — viewing MAC addresses on a specific port n/a page 17-14 page 17-15 — searching for a MAC address n/a page 17-14 page 17-16 — Monitoring and Analyzing Switch Operation These features help you to view: 17-12 ■ The MAC addresses that the switch has learned from network devices
PAGE 397
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to the MAC Address Views and Searches Per-VLAN MAC-Address Viewing and Searching. This feature lets you determine which switch port on a selected VLAN is being used to communicate with a specific device on the network. The per-VLAN listing includes: ■ The MAC addresses that the switch has learned from network devices attached to the switch ■ The port on which each MAC address was learned 1. From the Main Menu, select: 1.
PAGE 398
Monitoring and Analyzing Switch Operation Status and Counters Data Finding the Port Connection for a Specific Device on a VLAN. This feature uses a device’s MAC address that you enter to identify the port used by that device. 1. Proceeding from figure 17-8, press [S] (for Search), to display the following prompt: Enter MAC address: _ 2. Type the MAC address you want to locate and press [Enter]. The address and port number are highlighted if found.
PAGE 399
Monitoring and Analyzing Switch Operation Status and Counters Data Prompt for Selecting the Port To Search Figure 17-10.Listing MAC Addresses for a Specific Port 2. Use the Space bar to select the port you want to list or search for MAC addresses, then press [Enter] to list the MAC addresses detected on that port. Determining Whether a Specific Device Is Connected to the Selected Port. Proceeding from step 2, above: 1. Press [S] (for Search), to display the following prompt: Enter MAC address: _ 2.
PAGE 400
Monitoring and Analyzing Switch Operation Status and Counters Data Corresponding Port Numbers. For example, to list the learned MAC address on ports A1 through A4 and port A6: HP4108> show mac-address a1-a4,a6 To List All Learned MAC Addresses on a VLAN, with Their Port Numbers. This command lists the MAC addresses associated with the ports for a given VLAN. For example: HP4108> show mac-address vlan 100 Note The Switch 4108GL has a Single Forwarding Database architecture.
PAGE 401
Monitoring and Analyzing Switch Operation Status and Counters Data Spanning Tree Protocol (STP) Information Menu Access to STP Data From the Main Menu, select: 1. Status and Counters . . . 8. Spanning Tree Information STP must be enabled on the switch to display the following data: Figure 17-11.
PAGE 402
Monitoring and Analyzing Switch Operation Status and Counters Data Figure 17-12.Example of STP Port Information CLI Access to STP Data This option lists the STP configuration, root data, and per-port data (cost, priority, state, and designated bridge).
PAGE 403
Monitoring and Analyzing Switch Operation Status and Counters Data Internet Group Management Protocol (IGMP) Status The switch uses the CLI to display the following IGMP status on a per-VLAN basis: Show Command Output show ip igmp Global command listing IGMP status for all VLANs configured in the switch: • VLAN ID (VID) and name • Active group addresses per VLAN • Number of report and query packets per group • Querier access port per VLAN show ip igmp Per-VLAN command listing above IGMP stat
PAGE 404
Monitoring and Analyzing Switch Operation Status and Counters Data VLAN Information The switch uses the CLI to display the following VLAN status: Show Command Output show vlan Lists: • Maximum number of VLANs to support • Existing VLANs • Status (static or dynamic) • Primary VLAN show vlan For the specified VLAN, lists: • Name, VID, and status (static/dynamic) • Per-Port mode (tagged, untagged, forbid, no/auto) • “Unknown VLAN” setting (Learn, Block, Disable) • Port status (up/down) For ex
PAGE 405
Monitoring and Analyzing Switch Operation Status and Counters Data Listing the VLAN ID (VID) and Status for Specific Ports. Because ports A1 and A2 are not members of VLAN44, it does not appear in this listing. Figure 17-15.Example of VLAN Listing for Specific Ports Listing Individual VLAN Status. Figure 17-16.
PAGE 406
Monitoring and Analyzing Switch Operation Status and Counters Data Web Browser Interface Status Information The “home” screen for the web browser interface is the Status Overview screen, as shown below. As the title implies, it provides an overview of the status of the switch, including summary graphs indicating the network utilization on each of the switch ports, symbolic port status indicators, and the Alert Log, which informs you of any problems that may have occurred on the switch.
PAGE 407
Monitoring and Analyzing Switch Operation Port Monitoring Features Port Monitoring Features Port Monitoring Features Feature Default Menu CLI Web display monitoring configuration disabled page 17-24 page 17-26 page 17-27 configure the monitor port(s) ports: none page 17-24 page 17-26 page 17-27 selecting or removing ports page 17-24 page 17-27 page 17-27 none selected You can designate a port for monitoring incoming traffic of one or more other ports on the switch.
PAGE 408
Monitoring and Analyzing Switch Operation Port Monitoring Features Menu: Configuring Port Monitoring This procedure describes configuring the switch for monitoring when monitoring is disabled. (If monitoring has already been enabled, the screens will appear differently than shown in this procedure.) 1. From the Console Main Menu, Select: 2. Switch Configuration... 3. Network Monitoring Port Enable monitoring by setting this parameter to “Yes”. Monitoring and Analyzing Switch Operation Figure 17-18.
PAGE 409
Monitoring and Analyzing Switch Operation Port Monitoring Features Move the cursor to the Monitoring Port parameter. Inbound Port Monitoring (Only) on the Switch 4108 Figure 17-19. How To Select a Monitoring Port Use the Space bar to select the port to use for monitoring. 6. Use the downarrow key to move the cursor to the Action column for the individual ports and position the cursor at a port you want to monitor. 7. Press the Space bar to select Monitor for each port that you want monitored.
PAGE 410
Monitoring and Analyzing Switch Operation Port Monitoring Features You must use the following configuration sequence to configure port monitoring in the CLI: 1. Assign a monitoring (mirror) port. 2. Designate the port(s) to monitor. Displaying the Port Monitoring Configuration. This command lists the port assigned to receive monitored traffic and the ports being monitored.
PAGE 411
Monitoring and Analyzing Switch Operation Port Monitoring Features Selecting or Removing Ports As Monitoring Sources. After you configure a monitor port you can use either the global configuration level or the interface context level to select ports as monitoring sources. You can also use either level to remove monitoring sources.
PAGE 412
Monitoring and Analyzing Switch Operation Port Monitoring Features To remove port monitoring: 1. Click on the Monitoring Off radio button. 2. Click on [Apply Changes]. Monitoring and Analyzing Switch Operation For web-based Help on how to use the web browser interface screen, click on the [?] button provided on the web browser screen.
PAGE 413
18 Troubleshooting Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-2 Troubleshooting Approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-3 Browser or Telnet Access Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-4 Unusual Network Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-6 General Problems . . . . . . . . . . . . . . . . . .
PAGE 414
Troubleshooting Overview Overview This chapter addresses performance-related network problems that can be caused by topology, switch configuration, and the effects of other devices or their configurations on switch operation. (For switch-specific information on hardware problems indicated by LED behavior, cabling requirements, and other potential hardware-related problems, refer to the installation guide you received with the switch.
PAGE 415
Troubleshooting Troubleshooting Approaches Troubleshooting Approaches Use these approaches to diagnose switch problems: ■ Check the HP Procurve website for software updates that may have solved your problem: http://www.hp.com/go/hpprocurve ■ Check the switch LEDs for indications of proper switch operation: • Each switch port has a Link LED that should light whenever an active network device is connected to the port.
PAGE 416
Troubleshooting Browser or Telnet Access Problems Browser or Telnet Access Problems Cannot access the web browser interface: ■ Access may be disabled by the Web Agent Enabled parameter in the switch console. Check the setting on this parameter by selecting: 2. Switch Configuration . . . 1. System Information ■ The switch may not have the correct IP address, subnet mask or gateway. Verify by connecting a console to the switch’s Console port and selecting: 2. Switch Configuration . . . 5.
PAGE 417
Troubleshooting Browser or Telnet Access Problems Cannot Telnet into the switch console from a station on the network: ■ Telnet access may be disabled by the Inbound Telnet Enabled parameter in the System Information screen of the menu interface: 2. Switch Configuration 1. System Information ■ The switch may not have the correct IP address, subnet mask, or gateway. Verify by connecting a console to the switch’s Console port and selecting: 2. Switch Configuration 5.
PAGE 418
Troubleshooting Unusual Network Activity Unusual Network Activity Network activity that fails to meet accepted norms may indicate a hardware problem with one or more of the network components, possibly including the switch. Such problems can also be caused by a network loop or simply too much traffic for the network as it is currently designed and implemented.
PAGE 419
Troubleshooting Unusual Network Activity This can also happen, for example, if the server is first configured to issue IP addresses with an unlimited duration, then is subsequently configured to issue IP addresses that will expire after a limited duration. One solution is to configure “reservations” in the DHCP server for specific IP addresses to be assigned to devices having specific MAC addresses. For more information, refer to the documentation for the DHCP server.
PAGE 420
Troubleshooting Unusual Network Activity One or more CDP neighbors appear intermittently or not at all in the switch’s CDP Neighbors table. This may be caused by more than 60 neighboring devices sending CDP packets to the switch. Exceeding the 60-neighbor limit can occur, for example, where multiple neighbors are connected to the switch through non-CDP devices such as many hubs. The Same CDP Switch or Router Appears on More Than One Port in the CDP Neighbors Table.
PAGE 421
Troubleshooting Unusual Network Activity Problems Related to Spanning-Tree Protocol (STP) Caution If you enable STP, it is recommended that you leave the remainder of the STP parameter settings at their default values until you have had an opportunity to evaluate STP performance in your network. Because incorrect STP settings can adversely affect network performance, you should avoid making changes without having a strong understanding of how STP operates.
PAGE 422
Troubleshooting Unusual Network Activity ■ If the above method does not work, try eliminating configuration changes in the switch that have not been saved to flash (boot-up configuration) by causing the switch to reboot from the boot-up configuration (which includes only the configuration changes made prior to the last write memory command.
PAGE 423
Troubleshooting Unusual Network Activity ■ The time quota for the account has been exhausted. ■ The time credit for the account has expired. ■ The access attempt is outside of the timeframe allowed for the account. ■ The allowed number of concurrent logins for the account has been exceeded For more help, refer to the documentation provided with your TACACS+ server application. Unknown Users Allowed to Login to the Switch.
PAGE 424
Troubleshooting Unusual Network Activity ■ If the monitor port is not a member of the same VLAN as the traffic from the monitored ports, traffic from the monitored ports does not go out the monitor port. None of the devices assigned to one or more VLANs on an 802.1Qcompliant switch are being recognized. If multiple VLANs are being used on ports connecting 802.1Q-compliant devices, inconsistent VLAN IDs may have been assigned to one or more VLANs.
PAGE 425
Troubleshooting Unusual Network Activity redundant links to another switch. If the other device sends traffic over multiple VLANs, its MAC address will consistently appear in multiple VLANs on the switch port to which it is linked. Note that attempting to create redundant paths through the use of VLANs will cause problems with some switches. One symptom is that a duplicate MAC address appears in the Port Address Table of one port, and then later appears on another port.
PAGE 426
Troubleshooting Unusual Network Activity ■ If the above method does not work, try eliminating configuration changes in the switch that have not been saved to flash (boot-up configuration) by causing the switch to reboot from the boot-up configuration (which includes only the configuration changes made prior to the last write memory command.
PAGE 427
Troubleshooting Unusual Network Activity ■ The time quota for the account has been exhausted. ■ The time credit for the account has expired. ■ The access attempt is outside of the timeframe allowed for the account. ■ The allowed number of concurrent logins for the account has been exceeded For more help, refer to the documentation provided with your TACACS+ server application. Unknown Users Allowed to Login to the Switch.
PAGE 428
Troubleshooting Using the Event Log To Identify Problem Sources Using the Event Log To Identify Problem Sources The Event Log records operating events as single-line entries listed in chronological order, and serves as a tool for isolating problems. Each Event Log entry is composed of five fields: Severity I Date 08/05/01 Time System Module 10:52:32 ports: Event Message port A1 enabled Severity is one of the following codes: I (information) indicates routine events.
PAGE 429
Troubleshooting Using the Event Log To Identify Problem Sources Table 18-1.
PAGE 430
Troubleshooting Using the Event Log To Identify Problem Sources The log status line at the bottom of the display identifies where in the sequence of event messages the display is currently positioned. To display various portions of the Event Log, either preceding or following the currently visible portion, use either the actions listed at the bottom of the display (Next page, Prev page, or End), or the keys described in the following table: Table 18-2.
PAGE 431
Troubleshooting Diagnostic Tools Diagnostic Tools Diagnostic Features Feature Default Menu CLI Web Port Autonegotiation n/a n/a PingTest n/a — page 18-22 page 18-21 Link Test n/a — page 18-22 page 18-21 Display Config File n/a — page 18-24 page 18-24 Admin.
PAGE 432
Troubleshooting Diagnostic Tools Note To respond to a Ping test or a Link test, the device you are trying to reach must be IEEE 802.3-compliant. Ping Test. This is a test of the path between the switch and another device on the same or another IP network that can respond to IP packets (ICMP Echo Requests). Troubleshooting Link Test. This is a test of the connection between the switch and a designated network device on the same LAN (or VLAN, if configured). During the link test, IEEE 802.
PAGE 433
Troubleshooting Diagnostic Tools Web: Executing Ping or Link Tests 1. Click here. 2. Click here. 3. Select Ping Test (the default) or Link Test 4. For a Ping test, enter the IP address of the target device. For a Link test, enter the MAC address of the target device. 6. Click on Start to begin the test. 5. Select the number of tries (packets) and the timeout for each try from the drop-down menus. Figure 18-4.
PAGE 434
Troubleshooting Diagnostic Tools Number of Packets to Send is the number of times you want the switch to attempt to test a connection. Timeout in Seconds is the number of seconds to allow per attempt to test a connection before determining that the current attempt has failed. To halt a Link or Ping test before it concludes, click on the Stop button. To reset the screen to its default settings, click on the Defaults button. CLI: Ping or Link Tests Ping Tests.
PAGE 435
Troubleshooting Diagnostic Tools Link Tests. You can issue single or multiple link tests with varying repititions and timeout periods. The defaults are: ■ Repetitions: 1 (1 - 999) ■ Timeout: 5 seconds (1 - 256 seconds) Syntax: link [repetitions <1 - 999>] [timeout <1 - 256>] [vlan ] Basic Link Test Link Test with Repetitions Link Test with Repetitions and Timeout Link Test Over a Specific VLAN Link Test Over a Specific VLAN; Test Fail Figure 18-6.
PAGE 436
Troubleshooting Diagnostic Tools Displaying the Configuration File The complete switch configuration is contained in a file that you can browse from either the web browser interface or the CLI. It may be useful in some troubleshooting scenarios to view the switch configuration. CLI: Viewing the Configuration File Using the CLI, you can display either the running configuration or the startup configuration. (For more on these topics, see appendix C, "Switch Memory and Configuration".
PAGE 437
Troubleshooting Diagnostic Tools CLI Administrative and Troubleshooting Commands These commands provide information or perform actions that you may find helpful in troubleshooting operating problems with the switch. Note For more on the CLI, refer to chapter 3, "Using the Command Line Reference (CLI). Syntax: show version Shows the software version currently running on the switch, and the flash image from which the switch booted (primary or secondary).
PAGE 438
Troubleshooting Restoring the Factory-Default Configuration Restoring the Factory-Default Configuration As part of your troubleshooting process, it may become necessary to return the switch configuration to the factory default settings. This process momentarily interrupts the switch operation, clears any passwords, clears the console event log, resets the network counters to zero, performs a complete self test, and reboots the switch into its factory default configuration including deleting an IP address.
PAGE 439
Troubleshooting Restoring a Flash Image Restoring a Flash Image The switch can lose its operating system if either the primary or secondary flash image location is empty or contains a corrupted OS file and an operator uses the erase flash command to erase a good OS image file from the opposite flash location. To Recover from an Empty or Corrupted Flash State.
PAGE 440
Troubleshooting Restoring a Flash Image 4. Since the OS file is larage, you can increase the speed of the download by changing the switch console and terminal emulator baud rates to a high speed. For example: a. Change the switch baud rate to 115,200 Bps. b. Change the terminal emulator baud rate to match the switch speed: i. In HyperTerminal, select Call | Disconnect. ii. Select File | Properties. iii. click on [Configure . . .]. iv. Change the baud rate to 115200. v. Click on [OK].
PAGE 441
Troubleshooting Restoring a Flash Image Figure 18-7. Example of Xmodem Download in Progress 8. When the download completes, the switch reboots from primary flash using the OS image you downloaded in the preceding steps, plus the most recent startup-config file.
PAGE 442
Troubleshooting Troubleshooting Restoring a Flash Image 18-30
PAGE 443
File Transfers Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2 Downloading an Operating System (OS) . . . . . . . . . . . . . . . . . . . . . . . A-2 General OS Download Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2 Using TFTP To Download an OS Image from a Server . . . . . . . . . . . A-3 Menu: TFTP Download from a Server to Primary Flash . . . . . . .
PAGE 444
File Transfers File Transfers Overview Overview You can download new switch software (operating system—OS) and upload or download switch configuration files. These features are useful for acquiring periodic switch software upgrades and for storing or retrieving a switch configuration.
PAGE 445
Note Downloading a new OS does not change the current switch configuration. The switch configuration is contained in separate files that can also be transferred. See “Transferring Switch Configurations” on page A-13. In most cases, if a power failure or other cause interrupts a flash image download, the switch reboots with the image previously stored in primary flash.
PAGE 446
File Transfers File Transfers Downloading an Operating System (OS) Menu: TFTP Download from a Server to Primary Flash Note that the menu interface accesses only the primary flash. 1. In the console Main Menu, select Download OS to display this screen: Figure A-1. 2. Press [E] (for Edit). 3. Ensure that the Method field is set to TFTP (the default). 4. In the TFTP Server field, type in the IP address of the TFTP server in which the OS file has been stored. 5.
PAGE 447
A “progress” bar indicates the progress of the download. When the entire OS file has been received, all activity on the switch halts and you will see Validating and writing system software to FLASH... 7. After the primary flash memory has been updated with the new operating system, you must reboot the switch to implement the newly downloaded OS. Return to the Main Menu and press [6] (for Reboot Switch).
PAGE 448
File Transfers File Transfers Downloading an Operating System (OS) 1. Execute copy as shown below: Dynamic counter continually displays the number of bytes transferred. Figure A-3. 2. This message means that the image you want to upload will replace the image currently in primary flash. Example of the Command to Download an OS When the switch finishes downloading the OS file from the server, it displays this progress message: Validating and Writing System Software to FLASH . . . 3.
PAGE 449
■ The terminal emulator you are using includes the Xmodem binary transfer feature. (For example, in the HyperTerminal application included with Windows NT, you would use the Send File option in the Transfer dropdown menu.) Menu: Xmodem Download to Primary Flash Note that the menu interface accesses only the primary flash. 1. From the console Main Menu, select 7. Download OS 2. Press [E] (for Edit). 3. Use the Space bar to select XMODEM in the Method field. 4.
PAGE 450
File Transfers File Transfers Downloading an Operating System (OS) CLI: Xmodem Download from a PC or Unix Workstation to Primary or Secondary Flash Using Xmodem and a terminal emulator, you can download an OS image to either primary or secondary flash. Syntax: copy xmodem flash [] Note that if you do not specify the flash destination, the Xmodem download defaults to primary flash. For example, to download an OS file named G0103.
PAGE 451
If you need information on primary/secondary flash memory and the boot commands, see “Using Primary and Secondary Flash Image Options” on page 5-11. Switch-to-Switch Download You can use TFTP to transfer an OS image between two Switch 4108GLs. The menu interface enables you to transfer primary-to-primary or secondary-toprimary. The CLI enables all combinations of flash location options.
PAGE 452
File Transfers File Transfers Downloading an Operating System (OS) a. From the Main Menu, select Status and Counters General System Information b. Check the Firmware revision line. CLI: Switch-To-Switch Downloads You can download an OS image between two Switch 4108GLs connected on your LAN by initiating a copy tftp command from the destination switch.The options for this CLI feature include: ■ Copy from primary flash in the source to either primary or secondary in the destination.
PAGE 453
If you do not specify either a primary or secondary flash location for the destination, the download automatically goes to primary flash. For example, to download an OS file from secondary flash in a Switch 4108GL with an IP address of 10.28.227.103 to the secondary flash in the destination switch, you would execute the following command in the destination switch’s CLI: Figure A-5.
PAGE 454
File Transfers File Transfers Troubleshooting TFTP Downloads Troubleshooting TFTP Downloads When using the menu interface, if a TFTP download fails, the Download OS screen indicates the failure. Message Indicating cause of TFTP Download Failure Figure A-6.
PAGE 455
Note ■ For a Unix TFTP server, the file permissions for the OS file do not allow the file to be copied. ■ Another console session (through either a direct connection to a terminal device or through Telnet) was already running when you started the session in which the download was attempted. If an error occurs in which normal switch operation cannot be restored, the switch automatically reboots itself. In this case, an appropriate message is displayed after the switch reboots.
PAGE 456
File Transfers File Transfers Transferring Switch Configurations TFTP: Copying a Configuration File to a Remote Host. Syntax: copy tftp This command copies the switch’s startup configuration (startup-config file) to a remote TFTP host. For example, to upload the current startup configuration to a file named sw4108 in the configs directory on drive "d" in a remote host having an IP address of 10.28.227.105: HP4108# copy startup-config tftp 10.28.
PAGE 457
Xmodem: Copying a Configuration File from a Serially Connected PC or Unix Workstation. To use this method, the switch must be connected via the serial port to a PC or Unix workstation on which is stored the configuration file you want to copy. To complete the copying, you will need to know the name of the file to copy and the drive and directory location of the file. Syntax: copy xmodem startup-config For example, to copy a configuration file from a PC serially connected to the switch: 1.
PAGE 458
File Transfers File Transfers Copying Diagnostic Data to a Remote Host, PC, or Unix Workstation Copying Diagnostic Data to a Remote Host, PC, or Unix Workstation You can use the CLI to copy the following types of switch data to a text file in a management device: ■ Command Output: Sends the output of a switch CLI command as a file on the destination device. ■ Event Log: Copies the switch’s Event Log into a file on the destination device.
PAGE 459
Copying Event Log Output to a Destination Device This command uses TFTP or Xmodem to copy the Event Log content to a PC or UNIX workstation on the network. Syntax: copy event-log tftp copy event-log xmodem For example, to copy the event log to a PC connected to the switch: At this point, press [Enter] and start the Xmodem command sequence in your terminal emulator. Figure A-8.
PAGE 460
File Transfers File Transfers Copying Diagnostic Data to a Remote Host, PC, or Unix Workstation Copying Crash Log Data Content to a Destination Device This command uses TFTP or Xmodem to copy the Crash Log content to a PC or UNIX workstation on the network. You can copy individual slot information or the master switch information. If you do not specify either, the command defaults to the master data.
PAGE 461
B MAC Address Management Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1 Determining MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-2 Menu: Viewing the Switch’s MAC Addresses . . . . . . . . . . . . . . . . . . . . . B-3 CLI: Viewing the Port and VLAN MAC Addresses . . . . . . . . . . . . . . . .
PAGE 462
MAC Address Management Determining MAC Addresses MAC Address Management Determining MAC Addresses MAC Address Viewing Methods Feature Menu CLI Web view switch’s base (default vlan) MAC address n/a and the addressing for any added VLANs B-3 B-4 — view port MAC addresses (hexadecimal format) n/a — B-4 — ■ Note Use the menu interface to view the switch’s base MAC address and the MAC address assigned to any non-default VLAN you have configured on the switch.
PAGE 463
MAC Address Management Determining MAC Addresses Menu: Viewing the Switch’s MAC Addresses The Management Address Information screen lists the MAC addresses for: Base switch (default VLAN; VID = 1) ■ Any additional VLANs configured on the switch. Also, the Base MAC address appears on a label on the back of the switch. Note The Base MAC address is used by the first (default) VLAN in the switch.
PAGE 464
MAC Address Management Determining MAC Addresses CLI: Viewing the Port and VLAN MAC Addresses MAC Address Management The MAC address assigned to each switch port is used internally by such features as Flow Control and the Spanning Tree Protocol. Using the walkmib command to determine the MAC address assignments for individual ports can sometimes be useful when diagnosing switch operation. The switch allots 24 MAC addresses per slot.
PAGE 465
MAC Address Management Determining MAC Addresses ifPhysAddress.1 - 6: Ports A1 - A6 in Slot 1 (Addresses 7 - 24 in slot 1 and 25 - 48 in slot 2 are unused.) Ports C1 - C3 in Slot 3 (Addresses 52 - 72 in slot 3 are unused.) ifPhysAddress.205 ifPhysAddress.226 & 237 Base MAC Address (MAC Address for default VLAN; VID = 1) MAC Addresses for non-default VLANs. Figure B-2. Example of Port MAC Address Assignments B-5 MAC Address Management ifPhysAddress.
PAGE 466
MAC Address Management MAC Address Management Determining MAC Addresses B-6
PAGE 467
C Daylight Savings Time on HP Procurve Switches This information applies to the following HP Procurve switches: • • • • • 1600M 2400M 2424M 4000M 8000M • 212M • 224M • HP AdvanceStack Switches • HP AdvanceStack Routers HP Procurve switches provide a way to automatically adjust the system clock for Daylight Savings Time (DST) changes. To use this feature you define the month and date to begin and to end the change from standard time.
PAGE 468
Daylight Savings Time on HP Procurve Switches Middle Europe and Portugal: • Begin DST at 2am the first Sunday on or after March 25th. • End DST at 2am the first Sunday on or after September 24th. Southern Hemisphere: • Begin DST at 2am the first Sunday on or after October 25th. • End DST at 2am the first Sunday on or after March 1st. Western Europe: • Begin DST at 2am the first Sunday on or after March 23rd. • End DST at 2am the first Sunday on or after October 23rd.
PAGE 469
Daylight Savings Time on HP Procurve Switches Before configuring a "User defined" Daylight Time Rule, it is important to understand how the switch treats the entries. The switch knows which dates are Sundays, and uses an algorithm to determine on which date to change the system clock, given the configured "Beginning day" and "Ending day": ■ If the configured day is a Sunday, the time changes at 2am on that day.
PAGE 470
PAGE 471
Index IP mask operation … 10-5 operating notes … 10-13 overview … 10-4 troubleshooting … 10-13 Symbols => prompt … 18-27 Numerics 802.1Q VLAN standard … 16-3 802.
PAGE 472
Index configuration, viewing … 12-19 effect of spanning tree … 12-23 general operation … 12-13 hold time … 12-23 IP address in outbound packet … 12-24 mib objects … 12-25 neighbor … 12-13 neighbor data … 12-25 neighbor maximum … 12-27 neighbor table … 12-17 neighbors table … 12-19 neighbors table, resetting … 12-20 on individual ports … 12-22 overview of operation … 12-12 port trunking … 12-27 requirements … 12-12 terminology … 12-13 transmission interval … 12-22 transparent devices … 12-18 troubleshooting
PAGE 473
SNMP-based … A-11 switch-to-switch … A-9 troubleshooting … A-12 Xmodem … A-6 download OS … A-9 download, TFTP … A-3–A-4 duplicate IP address effect on authorized IP managers … 10-13 duplicate MAC address See MAC address Dyn1 See LACP E ending a console session … 2-5 event log … 2-7, 18-16 navigation … 18-17 severity level … 18-16 use during troubleshooting … 18-16 F G GARP See GVRP gateway … 7-3, 7-5 gateway (IP) address … 7-4, 7-6 gateway, manual config … 14-8 global config level … 7-8 GVRP advertisemen
PAGE 474
H Help … 2-11, 4-14 Help line, about … 2-9 Help line, location on screens … 2-9 help, online inoperable … 4-14 HP ProCurve support URL … 4-14 HP proprietary MIB … 12-3 HP Router 440 … 14-29 HP Router 470 … 14-29 HP Router 480 … 14-29 HP Router 650 … 14-29 HP TopTools See TopTools HP web browser interface … 1-5 Index I ICANN … 7-14 IEEE 802.1d … 16-2, 18-9 IEEE 802.
PAGE 475
STP … 11-28 VLANs … 11-28 LACP, with CDP … 12-27 learning bridge … 7-2 leave group See IGMP legacy VLAN … 14-6 limit, broadcast … 11-9 link speed, port trunk … 11-11 link test … 18-20 for troubleshooting … 18-19 link, serial … 6-3 load balancing See port trunk loop, network … 11-11, 16-2, 16-9 lost password … 4-12 M N navigation, console interface … 2-9–2-10 navigation, event log … 18-18 Netscape … 4-5 network management functions … 12-4 network manager address … 12-4 network monitoring traffic overload …
PAGE 476
Index if you lose the password … 4-12, 9-6 incorrect … 9-5 length … 9-5 lost … 4-12 manager … 4-9 operator … 4-9 set … 2-7 setting … 4-10, 9-5 using to access browser and console … 4-11 path cost … 16-10 ping test … 18-20 for troubleshooting … 18-19 port address table … 17-13 auto negotiation … 11-4 auto, IGMP … 15-5 auto-negotiation … 11-3 blocked by STP operation … 16-9 blocked, IGMP … 15-5 broadcast limit … 11-9 CLI access … 11-6 context level … 11-8 cost See spanning tree protocol.
PAGE 477
quick start … iii, 7-4 R S security … 4-12, 6-3 authorized IP managers … 10-4 Self Test LED behavior during factory default reset … 18-26 serial number … 17-5 server access failure … 16-3 setting a password … 9-5 setting fault detection policy … 4-24 setup screen … iii, 7-4 severity code, event log … 18-16 slow network … 18-6 Index – 7 Index reboot … 2-8, 2-10, 2-12, 14-36 reboot, actions causing … 5-3 reconfigure … 2-10 redundant path … 16-2, 16-9 spanning tree … 16-3 report See IGMP reset … 2-12, 5-9
PAGE 478
Index stacking benefits … 13-4–13-5 minimum software version, other HP switches … 13-10 primary … 13-47 standard MIB … 12-3 starting a console session … 2-4 static VLAN, convert to … 14-30 statistical sampling … 12-2 statistics … 2-7, 17-3 statistics, clear counters … 2-12, 5-9 status and counters access from console … 2-7 status and counters menu … 17-4 status overview screen … 4-7 STP See spanning tree.
PAGE 479
U unauthorized access … 12-11 Universal Resource Locator See URL Unix, Bootp … 7-12 unrestricted write access … 12-5 unusual network activity … 18-6 up time … 17-5 URL … 4-14 browser interface online help location … 4-14 HP ProCurve … 4-14 management … 4-14 management server … 4-13–4-14 support … 4-13–4-14 user name cleared … 9-6 user name, using for browser or console access … 4-9, 4-11 using the passwords … 4-11 utilization, port … 4-17 V version, OS … A-5, A-7, A-10 VID See VLAN virtu
PAGE 480
Index maximum, GVRP … 14-42 monitoring … 17-2 multiple … 12-2 multiple VLANs on port … 14-25 notes on using … 14-10 number allowed, including dynamic … 14-14 OS download … A-3 port assignment … 14-14 port configuration … 14-26, 18-12 port monitoring … 14-28 port restriction … 14-29 port trunk … 14-28 primary … 7-3, 13-10, 13-35, 13-47, 14-8 primary VLAN … 14-7 primary, CLI command … 14-17, 14-19 primary, select in menu … 14-12 primary, web configure … 14-22 primary, with DHCP … 14-10 reboot required … 2-8
PAGE 481
write memory, effect on menu interface … 2-13 X Xmodem OS download … A-6 Index Index – 11
PAGE 482
PAGE 483
Technical information in this document is subject to change without notice. ©Copyright Hewlett-Packard Company 2001. All right reserved. Reproduction, adaptation, or translation without prior written permission is prohibited except as allowed under the copyright laws. Product of U.S.A.