management and configuration guide hp procurve series 2500 switches www.hp.
HP ProCurve Switches 2512 and 2524 Software Release F.
© Copyright 2000 Hewlett-Packard Company All Rights Reserved. This document contains information which is protected by copyright. Reproduction, adaptation, or translation without prior permission is prohibited, except as allowed under the copyright laws. Publication Number 5969-2354 August 2000 Applicable Product Disclaimer The information contained in this document is subject to change without notice.
Preface Preface Use of This Guide and Other ProCurve Switch Documentation This guide describes how to use the command line interface (CLI), menu interface, and web browser interface for the HP ProCurve Switches 2512 and 2524 - hereafter referred to individually as the “Switch 2512” or “Switch 2524” and collectively as the “Switches 2512/2524” or “Series 2500 switches”). ■ If you need information on specific parameters in the menu interface, refer to the online help provided in the interface.
Contents Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii Use of This Guide and Other ProCurve Switch Documentation . . . . . . iii 1: Selecting a Management Interface Chapter Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Privilege Levels at Logon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Privilege Level Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Operator Privileges . . . . . . . . . . . . . . . . . . . . . . .
Contents The Port Utilization and Status Displays . . . . . . . . . . . . . . . . . . . . . . . 4-17 Port Utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17 Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19 The Alert Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Sorting the Alert Log Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents 6. Optimizing Port Usage Through Traffic Control and Port Trunking Chapter Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2 Viewing Port Status and Configuring Port Parameters . . . . . . . . . . . 6-2 Menu: Viewing Port Status and Configuring Port Parameters . . . . . .
Contents Configuring and Monitoring Port Security . . . . . . . . . . . . . . . . . . . . . . 7-9 Basic Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-9 Blocking Unauthorized Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10 Trunk Group Exclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11 Planning Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents SNMP Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3 Configuring for SNMP Access to the Switch . . . . . . . . . . . . . . . . . . . . 8-4 SNMP Communities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6 Menu: Viewing and Configuring SNMP Communities . . . . . . . . . . . . . 8-6 To View, Edit, or Add SNMP Communities: . . . . . . . . . . . . . . . . . . 8-6 CLI: Viewing and Configuring Community Names . . . . .
Contents Using the Commander To Manage The Stack . . . . . . . . . . . . . . . . . . . 9-19 Using the Commander To Access Member Switches for Configuration Changes and Monitoring Traffic . . . . . . . . . . . . . . 9-26 Converting a Commander or Member to a Member of Another Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-27 Monitoring Stack Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents VLAN Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-75 Symptoms of Duplicate MAC Addresses in VLAN Environments 9-76 GVRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-77 General Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-78 Per-Port Options for Handling GVRP “Unknown VLANs” . . . . . . . . .
Contents General System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5 Menu Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5 CLI Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5 Switch Management Address Information . . . . . . . . . . . . . . . . . . . . . . 10-6 Menu Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Unusual Network Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . General Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IGMP-Related Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Problems Related to Spanning-Tree Protocol (STP) . . . . . . . . . . Stacking-Related Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Timep or Gateway Problems . . . . . . . . . . . . . . . . . . . .
Contents Transferring Switch Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . A-10 B: MAC Address Management Appendix B Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1 Determining MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-2 Menu: Viewing the Switch’s MAC Addresses . . . . . . . . . . .
Contents xvi
1 Selecting a Management Interface Selecting a Management Interface Chapter Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Understanding Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Advantages of Using the Menu Interface . . . . . . . . . . . . . . . . . . . . . . . . 1-3 Advantages of Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Selecting a Management Interface Selecting a Management Interface Overview Overview This chapter describes the following: ■ Management interfaces for the Switches 2512/2524 ■ Advantages of using each interface Understanding Management Interfaces Management interfaces enable you to reconfigure the switch and to monitor switch status and performance.
Selecting a Management Interface Advantages of Using the Menu Interface Selecting a Management Interface Advantages of Using the Menu Interface Figure 1-1.
Selecting a Management Interface Selecting a Management Interface Advantages of Using the CLI Advantages of Using the CLI HP2512> Operator Level HP2512# Manager Level HP2512(config)# Global Configuration Level HP2512()# Context Configuration Levels (port, VLAN) Figure 1-2. Example of The Command Prompt ■ Provides access to the complete set of the switch configuration, performance, and diagnostic features.
Selecting a Management Interface Advantages of Using the HP Web Browser Interface Selecting a Management Interface Advantages of Using the HP Web Browser Interface Figure 1-3.
Selecting a Management Interface Selecting a Management Interface Advantages of Using HP TopTools for Hubs & Switches Advantages of Using HP TopTools for Hubs & Switches You can operate HP TopTools from a PC on the network to monitor traffic, manage your hubs and switches, and proactively recommend network changes to increase network uptime and optimize performance. Easy to install and use, HP TopTools for Hubs & Switches is the answer to your management challenges. Figure 1-4.
Selecting a Management Interface Advantages of Using HP TopTools for Hubs & Switches ■ Notifies you when HP hubs use “self-healing” features to fix or limit common network problems. • Provides a list of discovered devices, with device type, connectivity status, the number of new or open alerts for each device, and the type of management for each device. • Provides graphical maps of your networked devices, from which you can access specific devices.
Selecting a Management Interface Selecting a Management Interface Advantages of Using HP TopTools for Hubs & Switches 1-8
2 Using the Menu Interface Chapter Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Starting and Ending a Menu Session . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 Screen Structure and Navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9 Rebooting the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12 Menu Features List . . . . . . . . . . . . . . .
Using the Menu Interface Overview Overview This chapter describes the following features: ■ Overview of the Menu Interface (page 4-1) ■ Starting and ending a Menu session (page 2-3) ■ The Main Menu (page 2-7) ■ Screen structure and navigation (page 2-9) ■ Rebooting the switch (page 2-12) Using the Menu Interface The menu interface operates through the switch console to provide you with a subset of switch commands in an easy-to-use menu format enabling you to: ■ Perform a "quick configuration" o
Using the Menu Interface Starting and Ending a Menu Session Menu Interaction with Other Interfaces. ■ A configuration change made through any switch interface overwrites earlier changes made through any other interface. ■ The Menu Interface and the CLI (Command Line Interface) both use the switch console. To enter the menu from the CLI, use the menu command. To enter the CLI from the Menu interface, select Command Line (CLI) option.
Using the Menu Interface Starting and Ending a Menu Session How To Start a Menu Interface Session In its factory default configuration, the switch console starts with the CLI prompt. To use the menu interface with Manager privileges, go to the Manager level prompt and enter the menu command. 1. Use one of these methods to connect to the switch: • A PC terminal emulator or terminal • Telnet (You can also use the stack Commander if the switch is a stack member. See "HP ProCurve Stack Management" on ).
Using the Menu Interface Starting and Ending a Menu Session For a description of Main Menu features, see “Main Menu Features” on page 2-7. Note To configure the switch to start with the menu interface instead of the CLI, go to the Manager level prompt, enter the setup command, and in the resulting desplay, change the Logon Default parameter to Menu. For more information, see the Installation and Getting Started Guide you received with the switch.
Using the Menu Interface Starting and Ending a Menu Session Using the Menu Interface Asterisk indicates a configuration change that requires a reboot to activate. Figure 2-2. An Asterisk Indicates a Configuration Change Requiring a Reboot 1. In the current session, if you have not made configuration changes that require a switch reboot to activate, return to the Main menu and press [0] (zero) to log out. Then just exit from the terminal program, turn off the terminal, or quit the Telnet session. 2.
Using the Menu Interface Main Menu Features Main Menu Features Using the Menu Interface Figure 2-3. The Main Menu View with Manager Privileges The Main Menu gives you access to these Menu interface features: ■ Status and Counters: Provides access to display screens showing switch information, port status and counters, port and VLAN address tables, and spanning tree information. (See chapter 10, “Monitoring and Analyzing Switch Operation”.
Using the Menu Interface Using the Menu Interface Main Menu Features 2-8 ■ Command Line (CLI): Selects the Command Line Interface at the same level (Manager or Operator) that you are accessing in the Menu interface. (See chapter 3, "Using the Command Line Interface (CLI)".) ■ Reboot Switch: Performs a "warm" reboot of the switch, which clears most temporary error conditions, resets the network activity counters to zero, and resets the system up time to zero.
Using the Menu Interface Screen Structure and Navigation Screen Structure and Navigation Menu interface screens include these three elements: ■ Parameter fields and/or read-only information such as statistics ■ Navigation and configuration actions, such as Save, Edit, and Cancel ■ Help line to describe navigation options, individual parameters, and readonly data For example, in the following System Information screen: System name Using the Menu Interface Screen title – identifies the location with
Using the Menu Interface Screen Structure and Navigation Table 4-1. How To Navigate in the Menu Interface Actions: Execute an action from the “Actions –>” list at the bottom of the screen: Use either of the following methods: • Use the arrow keys ( [ <] ,or [ >] ) to highlight the action you want to execute, then press [Enter]. • Press the key corresponding to the capital letter in the action name. For example, in a configuration menu, press [E] to select Edit and begin editing parameter values.
Using the Menu Interface Screen Structure and Navigation To get Help on individual parameter descriptions. In most screens there is a Help option in the Actions line. Whenever any of the items in the Actions line is highlighted, press [H], and a separate help screen is displayed.
Using the Menu Interface Rebooting the Switch Rebooting the Switch Rebooting the switch from the menu interface ■ Terminates all current sessions and performs a reset of the operating system ■ Activates any configuration changes that require a reboot ■ Resets statistical counters to zero Using the Menu Interface (Note that statistical counters can be reset to zero without rebooting the switch.) To Reboot the switch, use the Reboot Switch option in the Main Menu.
Using the Menu Interface Rebooting the Switch Rebooting To Activate Configuration Changes. Configuration changes for most parameters become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the Maximum VLANs to support parameter. (To access this parameter, go to the Main menu and select 2. Switch Configuration, then 8. VLAN Menu, then 1. VLAN Support.
Using the Menu Interface Menu Features List Menu Features List Using the Menu Interface Status and Counters • General System Information • Switch Management Address Information • Port Status • Port Counters • Address Table • Port Address Table • Spanning Tree Information Switch Configuration • System Information • Port/Trunk Settings • Network Monitoring Port • Spanning Tree Operation • IP Configuration • SNMP Community Names • IP authorized Managers • VLAN Menu Console Pass
Using the Menu Interface Where To Go From Here Where To Go From Here This chapter provides an overview of the menu interface and how to use it. The following table indicates where to turn for detailed information on how to use the individual features available through the menu interface. Where To Turn To use the Run Setup option See the Installation and Getting Started Guide shipped with the switch.
Using the Menu Interface Using the Menu Interface Where To Go From Here 2-16
3 Using the Command Line Interface (CLI) Chapter Contents Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Privilege Levels at Logon. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using the Command Line Interface (CLI) Overview Overview The CLI is a text-based command interface for configuring and monitoring the switch. The CLI gives you access to the switch’s full set of commands while providing the same password protection that is used in the web browser interface and the menu interface.
Using the Command Line Interface (CLI) Using the CLI first using write memory, all changes made since the last reboot or write memory (whichever is later) will be lost. For more on switch memory and saving configuration changes, see appendix C, "Switch Memory and Configuration". Privilege Levels at Logon Privilege levels control the type of access to the CLI. To implement this control, you must set at least a Manager password.
Using the Command Line Interface (CLI) Using the CLI Caution HP strongly recommends that you configure a Manager password. If a Manager password is not configured, then the Manager level is not passwordprotected, and anyone having in-band or out-of-band access to the switch may be able to reach the Manager level and compromise switch and network security. Note that configuring only an Operator password does not prevent access to the Manager level by intruders who have the Operator password.
Using the Command Line Interface (CLI) Using the CLI Manager Privileges Manager privileges give you three additional levels of access: Manager, Global Configuration, and Context Configuration. (See figure .) A "#" character delimits any Manager prompt. For example: (Example of the Manager prompt.) HP2512#_ ■ Manager level: Provides all Operator level privileges plus the ability to perform system-level actions that do not require saving changes to the system configuration file.
Using the Command Line Interface (CLI) Using the CLI Changing Interfaces. If you change from the CLI to the menu interface, or the reverse, you will remain at the same privilege level. For example, entering the menu command from the Operator level of the CLI takes you to the Operator privilege level in the menu interface. Table 3-1.
Using the Command Line Interface (CLI) Using the CLI How To Move Between Levels Change in Levels Example of Prompt , Command, and Result Operator level to Manager level HP2512> enable Password:_ After you enter enable, the Password prompt appears.
Using the Command Line Interface (CLI) Using the CLI For example, if you use the CLI to set a Manager password, and then later use the Setup screen (in the menu interface) to set a different Manager password, then the first password will be replaced by the second one.
Using the Command Line Interface (CLI) Using the CLI Typing ? at the Manager level produces this listing: Figure 3-4. Example of the Manager-Level Command Listing When - - MORE - - appears, there are more commands in the listing. To list the next screenfull of commands, press the Space bar. To list the remaining commands one-by-one, repeatedly press [Enter]. Typing ? at the Global Configuration level or the Context Configuration level produces similar results.
Using the Command Line Interface (CLI) Using the CLI As mentioned above, if you type part of a command word and press [Tab], the CLI completes the current word (if you have typed enough of the word for the CLI to distinguish it from other possibilities), including hyphenated extensions. For example: HP2512(config)# port[Tab] HP2512(config)# port-security _ Pressing [Tab] after a completed command word lists the further options for that command.
Using the Command Line Interface (CLI) Using the CLI Thus, if you wanted to create a port trunk group using ports 5 - 8, the above conventions show that you could do so using any of the following forms of the trunk command: HP2512(config)# trunk trk1 trunk 5-8 HP2512(config)# trunk trk1 trunk e 5-8 HP2512(config)# trunk trk1 lacp 5-8 HP2512(config)# trunk trk1 lacp e 5-8 Listing Command Options.
Using the Command Line Interface (CLI) Using the CLI Figure 3-7. Example of Context-Sensitive Command-List Help Displaying Help for an Individual Command. You can display Help for any command that is available at the current context level by entering enough of the command string to identify the command, along with help. Syntax: help Using the Command Line Interface (CLI) For example, to list the Help for the interface command in the Global Configuration privilege level: Figure 3-8.
Using the Command Line Interface (CLI) Using the CLI Figure 3-9. Example of Help for a Specific Instance of a Command Note that if you try to list the help for an individual command from a privilege level that does not include that command, the switch returns an error message.
Using the Command Line Interface (CLI) Using the CLI HP2512(eth-5-8)# ? HP2512(eth-5-8)# ? Lists the commands you can use in the port or static trunk context, plus the Manager, Operator, and context commands you can execute at this level. Using the Command Line Interface (CLI) In the port context, the first block of commands in the "?" listing show the context-specific commands that will affect only ports 5-8. The remaining commands in the listing are Manager, Operator, and context commands.
Using the Command Line Interface (CLI) Using the CLI VLAN Context . Includes VLAN-specific commands that apply only to the selected VLAN, plus Manager and Operator commands. The prompt for this mode includes the VLAN ID of the selected VLAN. For example, if you had already configured a VLAN with an ID of 100 in the switch: HP2512(config)# vlan 100 Command executed at configuration level to enter VLAN 100 context. HP2512(vlan-100)# Resulting prompt showing VLAN 100 context.
Using the Command Line Interface (CLI) CLI Control and Editing Using the Command Line Interface (CLI) CLI Control and Editing Keystrokes Function [Ctrl] [A] Jumps to the first character of the command line. [Ctrl] [B] or [ <] Moves the cursor back one character. [Ctrl] [C] Terminates a task and displays the command prompt. [Ctrl] [D] Deletes the character at the cursor. [Ctrl] [E] Jumps to the end of the current command line. [Ctrl] [F] or [ >] Moves the cursor forward one character.
4 Using the HP Web Browser Interface Chapter Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 General Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Web Browser Interface Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Starting an HP Web Browser Interface Session with the Switch . . . . . . . . . .
Using the HP Web Browser Interface Overview Overview The HP web browser interface built into the switch lets you easily access the switch from a browser-based PC on your network. This lets you do the following: ■ Optimize your network uptime by using the Alert Log and other diagnostic tools ■ Make configuration changes to the switch ■ Maintain security by configuring usernames and passwords Using the HP Web Browser Interface This chapter covers the following: ■ General features (page 4-3).
Using the HP Web Browser Interface General Features General Features The Series 2500 switches include these web browser interface features: Switch Configuration: • Ports • VLANs and Primary VLAN • Fault detection • Port monitoring (mirroring) • System information • Enable/Disable Multicast Filtering (IGMP) and Spanning Tree • IP • Stacking • Support and management URLs Switch Security: • Passwords • Authorized IP Managers • Port security and Intrusion Log Using the HP Web Browser In
Using the HP Web Browser Interface Web Browser Interface Requirements Web Browser Interface Requirements You can use equipment meeting the following requirements to access the web browser interface on your intranet. Using the HP Web Browser Interface Table 4-1. 4-4 System Requirements for Accessing the HP Web Browser Interface Platform Entity and OS Version Minimum Recommended PC Platform 90 MHz Pentium 120 MHz Pentium HP-UX Platform (9.x or 10.
Using the HP Web Browser Interface Starting an HP Web Browser Interface Session with the Switch Starting an HP Web Browser Interface Session with the Switch You can start a web browser session in the following ways: ■ ■ Using a standalone web browser on a network connection from a PC or UNIX workstation: • Directly connected to your network • Connected through remote access to your network Using a management station running HP TopTools for Hubs & Switches on your network Using a Standalone Web Brows
Using the HP Web Browser Interface Starting an HP Web Browser Interface Session with the Switch 2. Type the IP address (or DNS name) of the switch in the browser Location or Address field and press [Enter]. (It is not necessary to include http://.) switch2512 [Enter] (example of a DNS-type name) 10.11.12.
Using the HP Web Browser Interface Starting an HP Web Browser Interface Session with the Switch 3. Note Alert Log The web browser interface automatically starts with the Status Overview window displayed for the selected device, as shown in figure 4-1. If the Registration window appears, click on the Status tab. First-Time Install Alert Note The above screen appears somewhat different if the switch is configured as a stack Commander. For an example, see figure 1-3 on page 1-5.
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Tasks for Your First HP Web Browser Interface Session The first time you access the web browser interface, there are three tasks that you should perform: ■ Review the “First Time Install” window ■ Set Manager and Operator passwords ■ Set access to the web browser interface online help Viewing the “First Time Install” Window When you access the switch’s web browser interface for the first time, the Alert log conta
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session This window is the launching point for the basic configuration you need to perform to set web browser interface passwords to maintain security and Fault Detection policy, which determines the types of messages that will be displayed in the Alert Log. To set web browser interface passwords, click on secure access to the device to display the Device Passwords screen, and then go to the next page.
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Figure 4-3. The Device Passwords Window To set the passwords: Using the HP Web Browser Interface 1. 2. Access the Device Passwords screen by one of the following methods: • If the Alert Log includes a “First Time Install” event entry, double click on this event, then, in the resulting display, click on the secure access to the device link. • Select the Security tab.
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Using the Passwords Figure 4-4. Example of the Password Window in the Web Browser Interface The manager and operator passwords are used to control access to all switch interfaces. Once set, you will be prompted to supply the password every time you try to access the switch through any of its interfaces.
Using the HP Web Browser Interface Tasks for Your First HP Web Browser Interface Session Online Help for the HP Web Browser Interface Online Help is available for the web browser interface. You can use it by clicking on the question mark button in the upper right corner of any of the web browser interface screens. The Help Button Figure 4-5. The Help Button Context-sensitive help is provided for the screen you are on.
Using the HP Web Browser Interface Support/Mgmt URLs Feature Support/Mgmt URLs Feature The Support/Mgmt URLs window enables you to change the World Wide Web Universal Resource Locator (URL) for two functions: ■ Support URL – a support information site for your switch ■ Management Server URL – the site for online help for the web browser interface, and, if set up, the URL of a network management station running HP TopTools for Hubs & Switches. 1. Click Here 2. Click Here Figure 4-6.
Using the HP Web Browser Interface Support/Mgmt URLs Feature Support URL This is the site that the switch accesses when you click on the Support tab on the web browser interface. The default URL is: http://www.hp.com/go/procurve which is the World Wide Web site for Hewlett-Packard’s networking products. Click on the [Support] button on that page and you can get to support information regarding your switch, including white papers, operating system (OS) updates, and more.
Using the HP Web Browser Interface Support/Mgmt URLs Feature ■ If you have World Wide Web access from your PC or workstation, and do not have HP TopTools installed on your network, enter the following URL in the Management Server URL field shown in figure 4-7 on page 4-15: http://www.hp.com/rnd/device_help Enter IP address of HP TopTools network management station, or URL of location of help files on HP’s World Wide Web site here. Policy Management and Configuration.
Using the HP Web Browser Interface Status Reporting Features Status Reporting Features Browser elements covered in this section include: ■ The Overview window (below) ■ Port utilization and status (page ) ■ The Alert log (page ) ■ The Status bar (page ) The Overview Window The Overview Window is the home screen for any entry into the web browser interface.The following figure identifies the various parts of the screen.
Using the HP Web Browser Interface Status Reporting Features The Port Utilization and Status Displays The Port Utilization and Status displays show an overview of the status of the switch and the amount of network activity on each port. The following figure shows a sample reading of the Port Utilization and Port Status. Port Utilization Bar Graphs Bandwidth Display Control Port Status Indicators Legend Figure 4-9.
Using the HP Web Browser Interface Status Reporting Features ■ Maximum Activity Indicator: As the bars in the graph area change height to reflect the level of network activity on the corresponding port, they leave an outline to identify the maximum activity level that has been observed on the port. Utilization Guideline. A network utilization of 40% is considered the maximum that a typical Ethernet-type network can experience before encountering performance difficulties.
Using the HP Web Browser Interface Status Reporting Features Port Status Port Status Indicators Legend Figure 4-12. The Port Status Indicators and Legend The Port Status indicators show a symbol for each port that indicates the general status of the port. There are four possible statuses: Port Connected – the port is enabled and is properly connected to an active network device. ■ Port Not Connected – the port is enabled but is not connected to an active network device.
Using the HP Web Browser Interface Status Reporting Features The Alert Log The web browser interface Alert Log, shown in the lower half of the screen, shows a list of network occurrences, or alerts, that were detected by the switch. Typical alerts are Broadcast Storm, indicating an excessive number of broadcasts received on a port, and Problem Cable, indicating a faulty cable. A full list of alerts is shown in the table on page 4-21. Figure 4-13.
Using the HP Web Browser Interface Status Reporting Features Alert Types The following table lists the types of alerts that can be generated. Table 4-2. Alert Strings and Descriptions Alert String Alert Description First Time Install Important installation information for your switch.
Using the HP Web Browser Interface Status Reporting Features Note When troubleshooting the sources of alerts, it may be helpful to check the switch’s Port Status and Port Counter windows and the Event Log in the console interface. Viewing Detail Views of Alert Log Entries By double clicking on Alert Entries, the web browser interface displays a Detail View or separate window detailing information about the events. The Detail View contains a description of the problem and a possible solution.
Using the HP Web Browser Interface Status Reporting Features The Status Bar The Status Bar is displayed in the upper left corner of the web browser interface screen. Figure 4-15 shows an expanded view of the status bar. Most Critical Alert Description Status Indicator Product Name Figure 4-15. Example of the Status Bar The Status bar consists of four objects: ■ Status Indicator. Indicates, by icon, the severity of the most critical alert in the current display of the Alert Log.
Using the HP Web Browser Interface Status Reporting Features ■ Product Name. The product name of the switch to which you are connected in the current web browser interface session. Setting Fault Detection Policy One of the powerful features in the web browser interface is the Fault Detection facility. For your switch, this feature controls the types of alerts reported to the Alert Log based on their level of severity.
Using the HP Web Browser Interface Status Reporting Features ■ High Sensitivity. This policy directs the switch to send all alerts to the Alert Log. This setting is most effective on networks that have none or few problems. ■ Medium Sensitivity. This policy directs the switch to send alerts related to network problems to the Alert Log. If you want to be notified of problems which cause a noticeable slowdown on the network, use this setting. ■ Low Sensitivity.
Using the HP Web Browser Interface Using the HP Web Browser Interface Status Reporting Features 4-26
5 Configuring IP Addressing, Interface Access, and System Information Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Just Want a Quick Start? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4 IP Addressing with Multiple VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring IP Addressing, Interface Access, and System Information Overview Overview Configuring IP Addressing, Interface Access, and This chapter describes the switch configuration features available in the menu interface, CLI and web browser interface.
Configuring IP Addressing, Interface Access, and System Information IP Configuration IP Configuration IP Configuration Features Default Menu CLI Web IP Address and Subnet Mask DHCP/Bootp page 5-5 page 5-7 page 5-10 Default Gateway Address none page 5-5 page 5-7 page 5-10 Packet Time-To-Live (TTL) 64 seconds page 5-5 page 5-7 n/a Time Server (Timep) DHCP page 5-5 page 5-7 n/a IP Address and Subnet Mask.
Configuring IP Addressing, Interface Access, and System Information IP Configuration Timep Operation. Use this optional parameter if you want the switch to get its time information from another device operating as a Timep server. In its default Timep configuration, the switch attempts to get a Timep server address from a DHCP server. Other configuration options are to manually assign a Timep server address or to disable the Timep server feature.
Configuring IP Addressing, Interface Access, and System Information IP Configuration The IP addressing used in the switch should be compatible with your network. That is, the IP address must be unique and the subnet mask must be appropriate for the IP network. ■ If you plan to connect to other networks that use globally administered IP addresses, refer to “Globally Assigned IP Network Addresses” on page 5-15. ■ By default, the switch uses DHCP to acquire the IP address of the TimeP server.
Configuring IP Addressing, Interface Access, and System Information IP Configuration To Configure IP Addressing. 1. From the Main Menu, Select. 2. Switch Configuration ... Configuring IP Addressing, Interface Access, and 5. IP Configuration Note If multiple VLANs are configured, a screen showing all VLANs appears instead of the following screen. The default setting for TimeP Config is DHCP. Setting it to Manual, then pressing [ v] or [Tab] causes the Server Address parameter to appear.
Configuring IP Addressing, Interface Access, and System Information IP Configuration 6. If you selected Manual , press [Tab] or [ v] , and additional fields will be displayed for entering the IP address for the Timep server. 7. Select the TimeP Poll Interval field if you want to change the value for how often the switch polls the Timep server for time information. 8.
Configuring IP Addressing, Interface Access, and System Information IP Configuration Configuring IP Addressing, Interface Access, and Viewing the Current IP Configuration. The following command displays the IP addressing for each VLAN configured in the switch. If only the DEFAULT_VLAN exists, then its IP configuration applies to all ports in the switch. Where multiple VLANs are configured, the IP addressing is listed per VLAN.
Configuring IP Addressing, Interface Access, and System Information IP Configuration Configure an IP Address and Subnet Mask. The following command includes both the IP address and the subnet mask. You must either include the ID of the VLAN for which you are configuring IP addressing or go to the context configuration level for that VLAN. (If you are not using VLANs on the switch—that is, if the only VLAN is the default VLAN—then the VLAN ID is always “1”.
Configuring IP Addressing, Interface Access, and System Information IP Configuration In the CLI, you can execute this command only from the global configuration level. The TTL range is 2 - 255 seconds. Configure the Optional Timep Server.
Configuring IP Addressing, Interface Access, and System Information IP Configuration Table 5-1. Features Available With and Without IP Addressing on the Switch Additional HP Proactive Networking Features Available with an IP Address and Subnet Mask • Direct-connect access to the CLI and the menu interface.
Configuring IP Addressing, Interface Access, and Configuring IP Addressing, Interface Access, and System Information IP Configuration Note 1. DHCP/Bootp requests are automatically broadcast on the local network. (The switch sends one type of request to which either a DHCP or Bootp server can respond.) 2. When a DHCP or Bootp server receives the request, it replies with a previously configured IP address and subnet mask for the switch.
Configuring IP Addressing, Interface Access, and System Information IP Configuration Bootp Database Record Entries. A minimal entry in the Bootp table file /etc/bootptab to update an IP address and subnet mask to the switch or a VLAN configured in the switch would be similar to this entry: j2512switch:\ ht=ether:\ ha=0030c1123456:\ ip=10.66.77.88:\ sm=255.255.248.0:\ gw=10.66.77.
Configuring IP Addressing, Interface Access, and Configuring IP Addressing, Interface Access, and System Information IP Configuration Note gw is the IP address of the default gateway. lg TFTP server address (source of final configuration file) T144 is the vendor-specific “tag” identifying the configuration file to download. vm is a required entry that specifies the Bootp report format. For the Switches 2512 and 2524, set this parameter to rfc1048.
Configuring IP Addressing, Interface Access, and System Information IP Configuration Globally Assigned IP Network Addresses Please contact your internet service provider (ISP). If you need more information than your ISP can provide, contact one of the following organizations: Country Phone Number/E-Mail/URL Company Name/Address United States/ 1-310-823-9358 Countries not in icann@icann.org Europe or Asia/Pacific http://www.iana.
Configuring IP Addressing, Interface Access, and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access: Console/Serial Link, Web, and Inbound Telnet Configuring IP Addressing, Interface Access, and Interface Access Features Feature Default Menu CLI Web Inactivity Time 0 Minutes (disabled) page 5-17 page 5-19 — Inbound Telnet Access Enabled page 5-17 page 5-18 — Web Browser Interface Access Enabled page 5-17 page 5-19 — Terminal type VT-100
Configuring IP Addressing, Interface Access, and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Menu: Modifying the Interface Access The menu interface enables you to modify these parameters: ■ Inactivity Timeout ■ Inbound Telnet Enabled ■ Web Agent Enabled Configuring IP Addressing, Interface Access, and To Access the Interface Access Parameters: 1. From the Main Menu, Select... 2. Switch Configuration... 1.
Configuring IP Addressing, Interface Access, and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet CLI: Modifying the Interface Access Configuring IP Addressing, Interface Access, and Interface Access Commands Used in This Section show console below [no] telnet-server below [no] web-management page 5-19 console page 5-19 Listing the Current Console/Serial Link Configuration. This command lists the current interface access parameter settings.
Configuring IP Addressing, Interface Access, and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Reconfigure Web Browser Access. In the default configuration, web browser access is enabled. Syntax:[no] web-management To disable web browser access: To re-enable web browser access: HP2512(config)# web-management Reconfigure the Console/Serial Link Settings. You can reconfigure one or more console parameters with one console command.
Configuring IP Addressing, Interface Access, and Configuring IP Addressing, Interface Access, and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet The switch implements the Event Log change immediately. The switch implements the other console changes after executing write memory and reload. Figure 5-6. Example of Executing the Console Command with Multiple Parameters You can also execute a series of console commands and then save the configuration and boot the switch.
Configuring IP Addressing, Interface Access, and System Information System Information System Information System Information Features Default Menu CLI Configuring IP Addressing, Interface Access, and Feature Web System Name switch product name page 5-22 page 5-23 page 5-25 System Contact n/a page 5-22 page 5-23 page 5-25 System Location n/a page 5-22 page 5-23 page 5-25 MAC Age Interval 300 seconds page 5-22 page 5-24 — Time Zone 0 page 5-22 page 5-24 — Daylight Time Rule No
Configuring IP Addressing, Interface Access, and System Information System Information Daylight Time Rule: Specifies the daylight savings time rule to apply for your location. The default is None. (For more on this topic, see appendix D, “Daylight Savings Time on HP ProCurve Switches.) Configuring IP Addressing, Interface Access, and Time: Used in the CLI to specify the time of day, the date, and other system parameters.
Configuring IP Addressing, Interface Access, and System Information System Information CLI: Viewing and Configuring System Information System Information Commands Used in This Section below hostname below snmp-server [contact] [location] below mac-age-time page 5-24 time timezone page 5-24 time daylight-time-rule page 5-24 time (date and time) page 5-25 Listing the Current System Information. This command lists the current system information settings.
Configuring IP Addressing, Interface Access, and System Information System Information Configuring IP Addressing, Interface Access, and New hostname, contact, and location data from previous commands. Figure 5-10. System Information Listing After Executing the Preceding Commands Reconfigure the Age Interval for Learned MAC Addresses. This command corresponds to the MAC Age Interval in the menu interface, and is expressed in seconds. Syntax: mac-age-time <10 . .
Configuring IP Addressing, Interface Access, and System Information System Information Configure the Time and Date. The switch uses the time command to configure both the time of day and the date. Also, executing time without parameters lists the switch’s time of day and date. Note that the CLI uses a 24-hour clock scheme; that is, hour (hh) values from 1 p.m. to midnight are input as 13 - 24, respectively.
Configuring IP Addressing, Interface Access, and Configuring IP Addressing, Interface Access, and System Information System Information 5-26
6 Optimizing Port Usage Through Traffic Control and Port Trunking Chapter Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Viewing Port Status and Configuring Port Parameters . . . . . . . . . . . . . . . . . 2 CLI: Viewing Port Status and Configuring Port Parameters . . . . . . . . . . 6 Web: Viewing Port Status and Configuring Port Parameters . . . . . . . . . 9 Port Trunking . . . . . . . . . . . . . . . . . . . . . . . .
Optimizing Port Usage Through Traffic Control and Port Trunking Overview Overview This chapter includes: ■ Configuring ports, including mode (speed and duplex), flow control, and broadcast control parameters (page 6-2) ■ Creating and modifying a dynamic LACP or static port trunk group (page 6-10) Optimizing Port Usage Through Traffic Control and Port numbers in the status and configuration screens correspond to the port numbers on the front of the switch.
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Table 6-1. Status or Parameter Status and Parameters for Each Port Type Description Intrusion Alert Yes: The switch has detected an attempt by an unauthorized device to communicate through the (read-only) indicated port. No: Either no unauthorized devices have been detected on the port, or any detected violations have been cleared.
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Optimizing Port Usage Through Traffic Control and Status or Parameter Description 100/1000Base-T ports: • Auto (default): Senses speed and negotiates with the port at the other end of the link for port operation (MDI-X or MDI). To see what the switch negotiates for the Auto setting, use the CLI show interfaces command or the “ 3. Port Status” option under “1.
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Menu: Viewing Port Status and Configuring Port Parameters From the menu interface, you can configure and view all port parameter settings and view all port status indicators. Using the Menu To View Port Status. The menu interface displays the status for ports and (if configured) a trunk group. From the Main Menu, select: 1. Status and Counters . . .
Optimizing Port Usage Through Traffic Control and Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Figure 6-12. Example of Port/Trunk Settings with a Trunk Group Configured 2. Press [E] (for Edit). The cursor moves to the Enabled field for the first port. 3. Refer to the online help provided with this screen for further information on configuration options for these features. 4.
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Syntax: show interfaces show interface config The next two figures list examples of the output of the above two commands for the same port configuration on a Switch 2512 or 2524. Optimizing Port Usage Through Traffic Control and Figure 6-1. Example of a Show Interface Command Listing Figure 6-2.
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Using the CLI To Configure Ports. You can configure one or more of the following port parameters. For details on each option, see Table 6-1 on page 6-3.
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Web: Viewing Port Status and Configuring Port Parameters In the web browser interface: 1. Click on the Configuration tab. 2. Click on [Port Configuration]. 3. Select the ports you want to modify and click on [Modify Selected Ports]. 4. After you make the desired changes, click on [Apply Settings].
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Port Trunking Optimizing Port Usage Through Traffic Control and Port Status and ConfigurationFeatures Feature Default Menu CLI Web viewing port trunks n/a page 6-16 page 6-18 page 6-23 configuring a static trunk group none page 6-16 page 6-21 — configuring a dynamic LACP trunk group LACP passive — page 6-22 — Port trunking allows you to assign up to four physical links to one logical link (trunk) that functio
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Port Connections and Configuration: All port trunk links must be pointto-point connections between the switch 2512 or 2524 and another switch, router, server, or workstation configured for port trunking. No intervening, non-trunking devices are allowed. It is important to note that ports on both ends of a port trunk group must have the same mode (speed and duplex) and flow control settings. Note Link Connections.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Fault Tolerance: If a link in a port trunk fails, the switch redistributes traffic originally destined for that link to the remaining links in the trunk. The trunk remains operable as long as there is at least one link in operation. If a link is restored, that link is automatically included in the traffic distribution again.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Table 6-4. Trunk Configuration Protocols Trunking Options LACP (802.3ad) Provides dynamic and static LACP trunking options. • Dynamic LACP — Use the switch-negotiated dynamic LACP trunk when: – The port on the other end of the trunk link is configured for Active or Passive LACP.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Table 6-5. General Operating Rules for Port Trunks Media: All ports on both ends of a trunk group must have the same media type and mode (speed and duplex). The switch blocks any trunked links that do not conform to this rule. (For the Switch 2512 and 2524, HP recommends leaving the port Mode setting at Auto or, in networks using Cat 3 cabling, Auto-10.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Spanning Tree Protocol (STP): STP operates as a global setting on the switch (one instance of STP per switch). However, you can adjust STP parameters on a per-port basis. A static trunk of any type appears in the STP configuration display, and you can configure STP parameters for a static trunk in the same way that you would configure STP parameters on a non-trunked port.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Menu: Viewing and Configuring a Static Trunk Group Important Configure port trunking before you connect the trunked links to another switch, routing switch, or server. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured. See “Using the CLI To Configure Ports” on page 6-8.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking switch automatically adjusts Broadcast Limit settings to be the same for all ports in a trunk.) To verify these settings, see “Viewing Port Status and Configuring Port Parameters” on page 6-2. • You can configure the trunk group with one, two, three, or four ports per trunk. If multiple VLANs are configured, all ports within a trunk will be assigned to the same VLAN or set of VLANs. (With the 802.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking 8. Connect the trunked ports on the switch to the corresponding ports on the opposite device. If you previously disabled any of the trunked ports on the switch, enable them now. (See “Viewing Port Status and Configuring Port Parameters” on page 6-2.) Check the Event Log (page 11-11) to verify that the trunked ports are operating properly.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking The show trunk command in this example does not include a port list. As a result, the listing shows static trunk group information for all switch ports. Listing Static LACP and Dynamic LACP Trunk Data. This command lists data for only the LACP-configured ports. Syntax: show lacp In the following example, ports 1, 2, and 3 have been previously configured for a static LACP trunk.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Optimizing Port Usage Through Traffic Control and bandwidth for the trunk. In the next example, ports 1 through 5 have been configured for the same LACP trunk. Notice that one of the links shows Standby status, while the remaining four links are “Up”. “Up” Links Standby Link Figure 6-9.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking You can configure trunk group types as follows: Trunk Type Trunk Group Membership Trk1 (Static) Note Dyn1 (Dynamic) LACP Yes Yes Trunk Yes No FEC Yes No The following examples show how to create different types of trunk groups. However, the Switches 2512 and 2524 allow only one trunk group at any time.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Enabling a Dynamic LACP Trunk Group. In the default port configuration, all ports on the switch are set to LACP passive. However, to enable the switch to automatically form a trunk group that is dynamic on both ends of the link, the ports on one end of a set of links must be LACP active. The ports on the other end can be either LACP active or LACP passive.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Removing Ports from a Dynamic LACP Trunk Group. To remove a port from dynamic LACP trunk operation, you must turn off LACP on the port. (On a port in an operating, dynamic LACP trunk, you cannot change between LACP dynamic and LACP passive without first removing LACP operation from the port.) Caution Unless STP is running on your network, removing a port from a trunk can result in a loop.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Trunk Group Operation Using LACP The switch can automatically configure a dynamic LACP trunk group or you can manually configure a static LACP trunk group. The methods for displaying Note LACP requires full-duplex (FDx) links of the same media type (10/100Base-T, 100FX, etc.) and speed, and enforces speed and duplex conformance across a trunk group.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking LACP Port Trunk Operation Configuration Static LACP Default Port Operation In the default configuration, all ports are configured for passive LACP. However, if LACP is not configured, the port will not try to detect a trunk configuration and will operate as a standard, untrunked port. The following table describes the elements of per-port LACP operation.
Optimizing Port Usage Through Traffic Control and Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Status Name Meaning Port Status Up: The port has an active LACP link and is not blocked or in Standby mode. Down: The port is enabled, but an LACP link is not established. This can indicate, for example, a port that is not connected to the network or a speed mismatch between a pair of linked ports. Disabled: The port cannot carry traffic.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Half-Duplex and/or Different Port Speeds Not Allowed in LACP Trunks. The ports on both sides of a trunk must be configured for the same speed and for full-duplex (FDx). In most cases,HP recommends the ing. The 802.3ad LACP standard specifies a full-duplex (FDx) requirement for LACP trunking. A port configured as LACP passive and not assigned to a port trunk can be configured to half-duplex (HDx).
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking ■ Depending on the capabilities of the device on the other end of the trunk, negotiate the forwarding mechanism on the trunk to the non-protocol option. ■ When auto-negotiated to the SA/DA forwarding mechanism, provide higher performance on the trunk for broadcast, multicast, and flooded traffic through distribution in the same manner as non-protocol trunking. ■ Support FEC automatic trunk configuration mode on other devices.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Broadcasts, multicasts, and floods from different source addresses are distributed evenly across the links. As links are added or deleted, the switch redistributes traffic across the trunk group. For example, in figure 6-11 showing a three-port trunk, traffic could be assigned as shown in table 6-8. A B C D Switch 1 2 3 W X Y Z Switch Figure 6-11. Example of Port-Trunked Network Table 6-8.
Optimizing Port Usage Through Traffic Control and Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking 6-30
7 Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Chapter Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3 Using Password Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 Menu: Setting Manager and Operator passwords . . . . . . . . . . . . . . . . . 7-5 CLI: Setting Manager and Operator Passwords . . . . . . . . . . . . . . . . . . .
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Chapter Contents Defining Authorized Management Stations . . . . . . . . . . . . . . . . . . . . . 7-31 Overview of IP Mask Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-32 Menu: Viewing and Configuring IP Authorized Managers . . . . . . . . . 7-33 CLI: Viewing and Configuring Authorized IP Managers . . . . . . . . . . . 7-34 Listing the Switch’s Current Authorized IP Manager(s) . . . . . .
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Overview Overview ■ Manager and Operator passwords (page 7-4): Control access and privileges for the command line and menu interfaces (through either the console port or Telnet) and the web browser interface through the network. The features described in this chapter enhance security controls against unauthorized access through the network.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using Password Security Using Password Security Password Features Feature Default Menu CLI Web Set a Password no passwords set page 7-5 page 7-7 page 7-8 Set User Names no user names set — — page 7-8 Delete Password Protection n/a page 7-7 page 7-8 page 7-6 Using Passwords, Port Security, and Authorized IP Console access includes both the menu interface and the CLI.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using Password Security If you set a Manager password, you may also want to configure the Inactivity Time parameter (see page 5-16). This causes the console session to end after the specified period of inactivity, thus giving you added security against unauthorized console access. Note The manager and operator passwords control access to the menu interface, the CLI, and the web browser interface.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using Password Security Figure 7-1. Using Passwords, Port Security, and Authorized IP 2. The Set Password Screen To set a new password: a. Select Set Manager Password or Set Operator Password. You will then be prompted with Enter new password. b. Type a password of up to 16 ASCII characters with no spaces and press [Enter]. (Remember that passwords are case-sensitive.) c.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using Password Security To Recover from a Lost Manager Password: If you cannot start a console session at the manager level because of a lost Manager password, you can clear the password by getting physical access to the switch and pressing and holding the Clear button for a minimum of one second.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using Password Security Web: Configuring User Names and Passwords In the web browser interface you can enter both user names and passwords. Because user names do not apply in the menu interface and the CLI, they affect only your access to the switch through the web browser interface. To Configure (or Remove) User Names and Passwords in the Web Browser Interface. 1. Click on the Security tab.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Configuring and Monitoring Port Security Feature Default Menu CLI Web Displaying Current Port Security n/a — page 7-16 page 7-21 Configuring Port Security disabled — page 7-17 page 7-21 Intrusion Alerts and Alert Flags n/a page 7-27 page 7-25 page 7-28 Using Port Security, you can configure each switch port with a unique list of the MAC addresses of d
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security ■ Intrusion Log entries in either the menu interface, CLI, or web browser interface For any port, you can configure the following: ■ Authorized (MAC) Addresses: Specify up to eight devices (MAC addresses) that are allowed to send inbound traffic through the port.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Physical Topology Logical Topology for Access to Switch A Switch A Switch A Port Security Configured Port Security Configured PC 1 MAC Address Authorized by Switch A Switch B MAC Address Authorized by Switch A PC 1 MAC Address Authorized by Switch A PC 2 Switch B MAC Address NOT Authorized by Switch A MAC Address Authorized by Switch A PC 3 MAC Address NOT
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Using Passwords, Port Security, and Authorized IP 2. 7-12 b. Which devices (MAC addresses) are authorized on each port (up to 8 per port)? c. For each port, what security actions do you want? (The switch automatically blocks intruders detected on that port from transmitting to the network.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security CLI: Port Security Command Options and Operation Port Security Commands Used in This Section show port-security page 7-16: “CLI: Displaying Current Port Security Settings” port-security page 7-17: “CLI: Configuring Port Security” <[ethernet] port-list> page 7-17: “CLI: Configuring Port Security” [learn-mode continuous] page 7-18: “Adding an Authorized Device to a
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Table 7-1. Port Security Parameters Parameter Description Port List <[ethernet] port-list> Learn Mode learn-mode Identifies the port or ports on which to apply a port security command. Specifies how the port acquires authorized addresses. Continuous (the Default): Appears in the factory-default setting or when you execute no port-security.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Parameter Description Device Limit address-limit When Learn Mode is set to Static, specifies how many authorized devices (MAC addresses) to allow. Range: 1 (the default) to 8.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security CLI: Displaying Current Port Security Settings The CLI uses the same command to provide two types of port security listings: ■ All ports on the switch with their Learn Mode and (alarm) Action ■ Only the specified ports with their Learn Mode, Address Limit, (alarm) Action, and Authorized Addresses Using the CLI To Display Port Security Settings.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Figure 7-5. Example of the Port Security Configuration Display for a Single Port The following command example shows the option for entering a range of ports, including a series of non-contiguous ports.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Specifying Authorized Devices and Intrusion Responses. This example configures port 1 to automatically accept the first device (MAC address) it detects as the only authorized device for that port. (The default device limit is 1.) It also configures the port to send an alarm to a network management station and disable itself if an intruder is detected on the port.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Although the Address Limit is set to 2, only one device has been authorized for this port. In this case you can add another without having to also increase the Address Limit. The Address Limit has not been reached. With the above configuration for port 1, the following command adds the 0c0090-456456 MAC address as the second authorized address.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security To add a second authorized device to port 1, execute a port-security command for for port 1 that raises the address limit to 2 and specifies the additional device’s MAC address.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security For example, suppose port 1 is configured as shown below and you want to remove 0c0090-123456 from the Authorized Address list: When removing 0c0090-123456, first reduce the Address Limit by 1 to prevent the port from automatically adding another device that it detects on the network.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security To access the web-based Help provided for the switch, click on [?] in the web browser screen. Reading Intrusion Alerts and Resetting Alert Flags Notice of Security Violations When the switch detects an intrusion on a port, it sets an “alert flag” for that port and makes the intrusion information available as described below.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security The Intrusion Log lists the 20 most recently detected security violation attempts, regardless of whether the alert flags for these attempts have been reset. This gives you a history of past intrusion attempts.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Menu: Checking for Intrusions, Listing Intrusion Alerts, and Resetting Alert Flags The menu interface indicates per-port intrusions in the Port Status screen, and provides details and the reset function in the Intrusion Log screen. 1. From the Main Menu select: Using Passwords, Port Security, and Authorized IP 1. Status and Counters 3.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security The above example shows two intrusions for port 3 and one intrusion for port 1. In this case, only the most recent intrusion at port 3 has not been acknowledged (reset).
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Syntax: show interface show intrusion-log clear intrusion-log port-security clear-intrusion-flag List Intrusion Alert status. List Intrusion Log content. Clear Intrusion flags on all ports. Clear Intrusion flag on a specific port.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security 20 intrusion records, and deletes intrusion records only when the log becomes full and new intrusions are subsequently added.) The “prior to” text in the record for the third intrusion means that a switch reset occurred at the indicated time and that the intrusion occurred prior to the reset.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Log Command with “security” for Search String Log Listing with Security Violation Detected Log Listing with No Security Violation Detected Figure 7-12. Example of Log Listing With and Without Detected Security Violation From the Menu Interface: In the Main Menu, click on 4. Event Log and use Next page and Prev page to review the Event Log contents.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Proxy Web Servers. If you are using the switch’s web browser interface through a switch port configured for Static port security, and your browser access is through a proxy web server, then it is necessary to do the following: ■ Enter your PC or workstation MAC address in the port’s Authorized Addresses list.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Using IP Authorized Managers Authorized IP Manager Features Feature Default Menu CLI Web Listing (Showing) Authorized Managers n/a page 7-33 page 7-34 page 7-36 Configuring Authorized IP Managers None page 7-33 page 7-34 page 7-36 Building IP Masks n/a page 7-36 page 7-36 page 7-36 Operating and Troubleshooting Notes n/a page 7-39 page 7-39 page 7-39 Using
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Access Levels For each authorized manager address, you can configure either of these access levels: ■ Manager: Enables full access to all web browser and console interface screens for viewing, configuration, and all other operations available in these interfaces. ■ Operator: Allows view-only access from the web browser and console interfaces.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Overview of IP Mask Operation The default IP Mask is 255.255.255.255 and allows switch access only to a station having an IP address that is identical to the Authorized Manager IP parameter value.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Menu: Viewing and Configuring IP Authorized Managers From the console Main Menu, select: 2. Switch Configuration . . . 7. IP Authorized Managers 1. Select Add to add an authorized manager to the list. Using Passwords, Port Security, and Authorized IP Figure 7-13. Example of How To Add an Authorized Manager Entry 2. Enter an Authorized Manager IP address here. 3.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Editing or Deleting an Authorized Manager Entry. Go to the IP Managers List screen (figure 7-13), highlight the desired entry, and press [E] (for Edit) or [D] (for Delete).
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Configuring IP Authorized Managers for the Switch Syntax: ip authorized-managers [mask ] To Authorize Manager Access. This command authorizes manager-level access for any station having an IP address of 10.28.227.0 through 10.28.227.255: HP2512(config)# ip authorized-managers 10.28.227.101 mask 255.255.255.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers The following command replaces the existing mask and access level for IP address 10.28.227.101 with 255.0.0.0 and manager (the defaults) because the command does not specify either of these parameters . HP2512(config)# ip authorized-managers 10.28.227.101 To Delete an Authorized Manager Entry.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Table 7-2. Analysis of IP Mask for Single-Station Entries 1st Octet 2nd Octet 3rd Octet 4th Octet Manager-Level or Operator-Level Device Access IP Mask 255 255 255 255 Authorized Manager IP 10 28 227 125 The “255” in each octet of the mask specifies that only the exact value in that octet of the corresponding IP address is allowed.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Table 7-3. Using Passwords, Port Security, and Authorized IP 1st Octet 2nd Octet 3rd Octet Analysis of IP Mask for Multiple-Station Entries 4th Octet Manager-Level or Operator-Level Device Access The “255” in the first three octets of the mask specify that only the exact value in the octet of the corresponding IP address is allowed.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Additional Examples for Authorizing Multiple Stations Entries for Authorized Results Manager List IP Mask 255 255 0 Authorized Manager IP 10 IP Mask 255 238 255 250 Authorized Manager IP 10 33 255 248 1 This combination specifies an authorized IP address of 10.33.xxx.1.
Using Passwords, Port Security, and Authorized IP Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers 7-40
8 Configuring for Network Management Applications Chapter Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 SNMP Management Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3 Configuring for SNMP Access to the Switch . . . . . . . . . . . . . . . . . . . . . . . . 8-4 SNMP Communities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring for Network Management Applications Overview Overview You can manage the switch via SNMP from a network management station. For this purpose, HP recommends HP TopTools for Hubs & Switches — an easy-to-install and use network management application that runs on your Windows NT- or Windows 2000-based PC. HP TopTools for Hubs & Switches provides control of your switch through its web browser interface.
Configuring for Network Management Applications SNMP Management Features SNMP Management Features SNMP management features on the switch include: ■ SNMP version 2c over IP ■ Security via configuration of SNMP communities ■ Event reporting via SNMP • Version 1 traps • RMON: groups 1, 2, 3, and 9 ■ Managing the switch with an SNMP network management tool such as HP TopTools for Hubs & Switches ■ Supported Standard MIBs include: • Bridge MIB (RFC 1493) dot1dBase, dot1dTp, dot1dStp • Ethernet MA
Configuring for Network Management Applications Configuring for SNMP Access to the Switch • HP Entity MIB (entity.mib) The switch SNMP agent also uses certain variables that are included in a Hewlett-Packard proprietary MIB file you can add to the SNMP database in your network management tool. You can copy the MIB file from the HP TopTools for Hubs & Switches CD, or from following World Wide Web site: http://www.hp.
Configuring for Network Management Applications Configuring for SNMP Access to the Switch Caution Deleting the community named “public” disables many network management functions (such as auto-discovery, traffic monitoring, SNMP trap generation, and threshold setting). If security for network management is a concern, it is recommended that you change the write access for the “public” community to “Restricted”.
Configuring for Network Management Applications SNMP Communities SNMP Communities SNMP Community Features Feature Default Menu CLI Web show community name n/a page 8-6 page 8-8 — configure identity information none — page 8-9 page 8-6 " " page 8-9 " " " " configure community names public MIB view for a community name manager (operator, manager) write access for default community name unrestricted " — Use SNMP communities to restrict access to the switch by SNMP management stations by add
Configuring for Network Management Applications SNMP Communities Note: This screen gives an overview of the SNMP communities that are currently configured. All fields in this screen are readonly. Add and Edit options are used to modify the SNMP options. See figure 8-2. Figure 8-1. The SNMP Communities Screen (Default Values) 2. Press [A] (for Add) to display the following screen: If you are adding a community, the fields in this screen are blank.
Configuring for Network Management Applications SNMP Communities CLI: Viewing and Configuring Community Names Community Name Commands Used in This Section show snmp-server [] below snmp-server page 8-9 [contact ] page 8-9 [location ] page 8-9 [community ] page 8-9 [host ] [] page 8-12 [enable traps page 8-12 Listing Current Community Names and Values
Configuring for Network Management Applications SNMP Communities HP2512# show snmp-server public Configuring Identity Information This command enables you to enter contact-person and location data to help identify the switch. Syntax: snmp-server [contact ] [location ] Both fields allow up to 48 characters, without spaces. For example, to configure the switch with "Site-LAN-Ext.
Configuring for Network Management Applications Trap Receivers and Authentication Traps Trap Receivers and Authentication Traps Trap Features Feature Default Menu CLI Web snmp-server host (trap receiver) public — page 8-12 — snmp-server enable (authentication trap) none — page 8-12 — A trap receiver is a management station designated by the switch to receive SNMP traps sent from the switch.
Configuring for Network Management Applications Trap Receivers and Authentication Traps CLI: Configuring and Displaying Trap Receivers Trap Receiver Commands Used in This Section show snmp-server below snmp-server host [none | all | non-info| critical | debug] page 8-12 snmp-server enable traps authentication page 8-12 Using the CLI To List Current SNMP Trap Receivers This command lists the currently configured trap receivers and the setting for authentication traps (along
Configuring for Network Management Applications Trap Receivers and Authentication Traps Configuring Trap Receivers This command specifies trap receivers by community membership, management station IP address, and the type of Event Log messages to send to the trap receiver. Note If you specify a community name that does not exist—that is, has not yet been configured on the switch—the switch still accepts the trap receiver assignment.
Configuring for Network Management Applications Advanced Management: RMON and HP Extended RMON Support Advanced Management: RMON and HP Extended RMON Support The switch supports RMON (Remote Monitoring) and HP Extended RMON on all connected network segments. This allows for troubleshooting and optimizing your network.
Monitoring and Managing the Switch Configuring for Network Management Applications Advanced Management: RMON and HP Extended RMON Support 8-14
9 Configuring Advanced Features Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4 HP ProCurve Stack Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9- 5 Which Devices Support Stacking? . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6 Components of HP ProCurve Stack Management . . . . . . . . . . . . . . . 9-7 General Stacking Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Advanced Features Chapter Contents Transmission Interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9- 47 Stacking Operation with Multiple VLANs Configured . . . . . . . . . . . 9- 47 Web: Viewing and Configuring Stacking . . . . . . . . . . . . . . . . . . . . . . 9- 48 Status Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9- 49 Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) . . . . . . . .
Configuring Advanced Features Chapter Contents Multimedia Traffic Control with IP Multicast (IGMP) . . . . . . . . . 9- 91 IGMP Operating Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9- 92 CLI: Configuring and Displaying IGMP . . . . . . . . . . . . . . . . . . . . . . . 9- 93 Web: Enabling or Disabling IGMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9- 97 9-97 9-98 9-101 9-101 Spanning Tree Protocol (STP) . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Advanced Features Overview Overview Configuring Advanced Features This chapter describes the following features and how to configure them with the switch’s built-in interfaces: ■ HP ProCurve Stack Management (Page 9-5): Use your network to stack switches without the need for any specialized cabling—page 9-5.
Configuring Advanced Features HP ProCurve Stack Management HP ProCurve Stack Management Stacking Features Feature Menu CLI Web view status of a single switch n/a page 9-29 thru page 9-31 page 9-34 page 9-48 view candidate status n/a page 9-34 view status of commander and its stack n/a page 9-35 view status of all stacking-enabled switches in the ip subnet n/a page 9-35 view stack status configure stacking enable/disable candidate Auto-Join enabled/Yes page 9-18 page 9-40 “push” a can
Configuring Advanced Features Configuring Advanced Features HP ProCurve Stack Management ■ Simplify management of small workgroups or wiring closets while scaling your network to handle increased bandwidth demand. ■ Eliminate any specialized cables for stacking connectivity and remove the distance barriers that typically limit your topology options when using other stacking technologies. ■ Add switches to your network without having to first perform IP addressing tasks.
Configuring Advanced Features HP ProCurve Stack Management Components of HP ProCurve Stack Management Table 9-1. Stacking Definitions Consists of a Commander switch and any Member switches belonging to that Commander’s stack. Commander A switch that has been manually configured as the controlling device for a stack. When this occurs, the switch’s stacking configuration appears as Commander. Candidate A switch that is ready to join (become a Member of) a stack through either automatic or manual methods.
Configuring Advanced Features HP ProCurve Stack Management Use the Commander’s console or web browser interface to access the user interface on any Member switch in the same stack. Wiring Closet "A" Configuring Advanced Features Network Backbone Member Switch 1 Candidate Switch IP Address: None Assigned IP Address: None Assigned Manager Password: leader Manager Password: francois Wiring Closet "B" Commander Switch 0 Non-Member Switch Member Switch 2 IP Address: 14.28.227.100 IP Address: 14.
Configuring Advanced Features HP ProCurve Stack Management There is no limit on the number of stacks in the same IP subnet (broadcast domain), however a switch can belong to only one stack. ■ If multiple VLANs are configured, stacking uses only the primary VLAN on any switch. In the factory-default configuration, the DEFAULT_VLAN is the primary VLAN. (See “Stacking Operation with Multiple VLANs Configured” on page 9-47 and “Which VLAN Is Primary?” on page 9-53.
Configuring Advanced Features HP ProCurve Stack Management IP Addressing and Stack Name Configuring Advanced Features Candidate Member Note 9-10 Number Allowed Per Stack Passwords SNMP Communities IP Addr: Optional. n/a Configuring an IP address allows access via Telnet or web browser interface while the switch is not a stack member. In the factory default configuration the switch automatically acquires an IP address if your network includes DHCP service. Stack Name: N/A Passwords optional.
Configuring Advanced Features HP ProCurve Stack Management Overview of Configuring and Bringing Up a Stack This process assumes that: All switches you want to include in a stack are connected to the same subnet (broadcast domain). ■ If VLANs are enabled on the switches you want to include in the stack, then the ports linking the stacked switches must be on the primary VLAN in each switch (which, in the default configuration, is the default VLAN).
Configuring Advanced Features HP ProCurve Stack Management Table 9-3. Stacking Configuration Guide Configuring Advanced Features Join Method1 Commander Candidate (IP Addressing Required) (IP Addressing Optional) Auto Grab Auto Join Passwords Automatically add Candidate to Stack (Causes the first 15 eligible, discovered switches in the subnet to automatically join a stack.
Configuring Advanced Features HP ProCurve Stack Management General Steps for Creating a Stack This section describes the general stack creation process. For the detailed configuration processes, see pages 9-15 through 9-39 for the menu interface and pages 9-32 through 9-44 for the CLI. 1. For status descriptions, see the table on page 9-49. Stack with unique system name for each switch. Stack named "Online" with no previously configured system names assigned to individual switches. Figure 9-4.
Configuring Advanced Features Configuring Advanced Features HP ProCurve Stack Management 3. For automatically or manually pulling Candidate switches into a stack, you can leave such switches in their default stacking configuration. If you need to access Candidate switches through your network before they join the stack, assign IP addresses to these devices. Otherwise, IP addressing is optional for Candidates and Members.
Configuring Advanced Features HP ProCurve Stack Management Using the Menu Interface To View Stack Status And Configure Stacking Using the Menu Interface To View and Configure a Commander Switch Configure an IP address and subnet mask on the Commander switch. (See “IP Configuration” on page 5-3.) 2. Display the Stacking Menu by selecting Stacking in the Main Menu. Figure 9-5. The Default Stacking Menu 3. Display the Stack Configuration menu by pressing [3] to select Stack Configuration.
Configuring Advanced Features Configuring Advanced Features HP ProCurve Stack Management Figure 9-6. The Default Stack Configuration Screen 4. Move the cursor to the Stack State field by pressing [E] (for Edit). Then use the Space bar to select the Commander option. 5. Press the downarrow key to display the Commander configuration fields in the Stack Configuration screen. Figure 9-7. The Default Commander Configuration in the Stack Configuration Screen 9-16 6.
Configuring Advanced Features HP ProCurve Stack Management • No (the default) prevents automatic joining of Candidates that have their Auto Join set to Yes. • Yes enables the Commander to automatically take a Candidate into the stack as a Member if the Candidate has Auto Join set to Yes (the default Candidate setting) and does not have a previously configured password. Accept or change the transmission interval (default: 60 seconds), then press [Enter] to return the cursor to the Actions line. 9.
Configuring Advanced Features HP ProCurve Stack Management Configuring Advanced Features Table 9-4.Candidate Configuration Options in the Menu Interface Parameter Default Setting Other Settings Stack State Candidate Commander, Member, or Disabled Auto Join Yes No Transmission Interval 60 Seconds Range: 1 to 300 seconds Using the Menu To “Push” a Switch Into a Stack, Modify the Switch’s Configuration, or Disable Stacking on the Switch.
Configuring Advanced Features HP ProCurve Stack Management 4. Do one of the following: • To disable stacking on the Candidate, use the Space bar to select the Disabled option, then go to step 5. Note: Using the menu interface to disable stacking on a Candidate removes the Candidate from all stacking menus. • To insert the Candidate into a specific Commander’s stack: Use the space bar to select Member. ii.
Configuring Advanced Features HP ProCurve Stack Management Configuring Advanced Features Using the Commander’s Menu To Manually Add a Candidate to a Stack. In the default configuration, you must manually add stack Members from the Candidate pool. Reasons for a switch remaining a Candidate instead of becoming a Member include any of the following: ■ Auto Grab in the Commander is set to No (the default). ■ Auto Join in the Candidate is set to No.
Configuring Advanced Features HP ProCurve Stack Management The Commander automatically selects an available switch number (SN). You have the option of assigning any other available number. Configuring Advanced Features Candidate List Figure 9-10. Example of Candidate List in Stack Management Screen 3. Either accept the displayed switch number or enter another available number. (The range is 0 - 15, with 0 reserved for the Commander.) 4.
Configuring Advanced Features HP ProCurve Stack Management Configuring Advanced Features For status descriptions, see the table on page 9-49. New Member added in step 6. Figure 9-11. Example of Stack Management Screen After New Member Added Using the Commander’s Menu To Move a Member From One Stack to Another. Where two or more stacks exist in the same subnet (broadcast domain), you can easily move a Member of one stack to another stack if the destination stack is not full.
Configuring Advanced Features HP ProCurve Stack Management You will then see the Stacking Status (All) screen: For status descriptions, see the table on page 49. Configuring Advanced Features This column lists the MAC Addresses for switches discovered (in the local subnet) that are configured for Stacking. Using the MAC addresses for these Members, you can move them between stacks in the same subnet. Figure 9-12. Example of How the Stacking Status (All) Screen Helps You Find Member MAC Addresses 3.
Configuring Advanced Features HP ProCurve Stack Management Configuring Advanced Features 8. 9. Note: Do one of the following: • If the stack containing the Member you are moving has a Manager password, press the downarrow key to select the Candidate Password field, then type the password. • If the stack containing the Member you want to move does not have a password, go to step 9.
Configuring Advanced Features HP ProCurve Stack Management 4. Stack Management You will then see the Stack Management screen: For status descriptions, see the table on page 9-49. Configuring Advanced Features Stack Member List Figure 9-13. Example of Stack Management Screen with Stack Members Listed 2. Use the downarrow key to select the Member you want to remove from the stack. Figure 9-14. Example of Selecting a Member for Removal from the Stack 3.
Configuring Advanced Features HP ProCurve Stack Management Using the Commander To Access Member Switches for Configuration Changes and Monitoring Traffic Configuring Advanced Features After a Candidate becomes a stack Member, you can use that stack’s Commander to access the Member’s console interface for the same configuration and monitoring that you would do through a Telnet or direct-connect access. 1. From the Main Menu, select: 9. Stacking... 5.
Configuring Advanced Features HP ProCurve Stack Management Configuring Advanced Features Main Menu for stack Member named "Coral Sea" (SN = 1 from figure 9-16) Figure 9-17. The eXecute Command Displays the Console Main Menu for the Selected Stack Member 2. You can now make configuration changes and/or view status data for the selected Member in the same way that you would if you were directly connected or telnetted into the switch. 3.
Configuring Advanced Features HP ProCurve Stack Management 3. Press [B] (for Back) to return to the Stacking Menu. 4. To display Stack Configuration menu for the switch you are moving, select Configuring Advanced Features 3. Stack Configuration 5. Press [E] (for Edit) to select the Stack State parameter. 6. Use the Space bar to select Member, then press [ v] to move to the Commander MAC Address field. 7. Enter the MAC address of the destination Commander and press [Enter]. 8.
Configuring Advanced Features HP ProCurve Stack Management Using Any Stacked Switch To View the Status for All Switches with Stacking Enabled. This procedure displays the general status of all switches in the IP subnet (broadcast domain) that have stacking enabled. 1. Go to the console Main Menu for any switch configured for stacking and select: Configuring Advanced Features 9. Stacking ... 2.
Configuring Advanced Features Configuring Advanced Features HP ProCurve Stack Management Figure 9-19. Example of the Commander’s Stacking Status Screen Viewing Member Status. This procedure displays the Member’s stacking information plus the Commander’s status, IP address, and MAC address. To display the status for a Member: 1. Go to the console Main Menu of the Commander switch and select 9. Stacking ... 5. Stack Access 2.
Configuring Advanced Features HP ProCurve Stack Management Configuring Advanced Features Figure 9-20. Example of a Member’s Stacking Status Screen Viewing Candidate Status. This procedure displays the Candidate’s stacking configuration. To display the status for a Candidate: 1. Use Telnet (if the Candidate has a valid IP address for your network) or a direct serial port connection to access the menu interface Main Menu for the Candidate switch and select 9. Stacking ... 1.
Configuring Advanced Features HP ProCurve Stack Management Using the CLI To View Stack Status and Configure Stacking The CLI enables you to do all of the stacking tasks available through the menu interface.) Configuring Advanced Features Table 9-6. CLI Commands for Configuring Stacking on a Switch CLI Command Operation show stack [candidates | view | all] Commander: Shows Commander’s stacking configuration and lists the stack members and their individual status.
Configuring Advanced Features HP ProCurve Stack Management Operation [no] stack member mac-address [password ] Commander: Adds a Candidate to stack membership. “No” form removes a Member from stack membership. To easily determine the MAC address of a Candidate, use the show stack candidates command. To determine the MAC address of a Member you want to remove, use the show stack view command.
Configuring Advanced Features HP ProCurve Stack Management Using the CLI To View Stack Status You can list the stack status for an individual switch and for other switches that have been discovered in the same subnet. Syntax: show stack [candidates | view | all] Configuring Advanced Features Viewing the Status of an Individual Switch. The following example illustrates how to use the CLI in a Switch 2524 (or 2512) to display the stack status for that switch.
Configuring Advanced Features HP ProCurve Stack Management Viewing the Status of all Stack-Enabled Switches Discovered in the IP Subnet. The next example lists all the stack-configured switches discovered in the IP subnet. Because the Switch 2524 on which the show stack all command was executed is a candidate, it is included in the “Others” category. Syntax: show stack all Configuring Advanced Features Figure 9-24.
Configuring Advanced Features HP ProCurve Stack Management Using the CLI To Configure a Commander Switch You can configure any stacking-enabled switch to be a Commander as long as the intended stack name does not already exist on the broadcast domain. (When you configure a Commander, you automatically create a corresponding stack.) Configuring Advanced Features Before you begin configuring stacking parameters: 1.
Configuring Advanced Features HP ProCurve Stack Management The Commander appears in the stack as Switch Number (SN) 0. Figure 9-26. Example of the Commander’s Show Stack Screen with Only the Commander Discovered Using a Member’s CLI to Convert the Member to the Commander of a New Stack. This procedure requires that you first remove the Member from its current stack, then create the new stack. If you do not know the MAC address for the Commander of the current stack, use show stack to list it.
Configuring Advanced Features HP ProCurve Stack Management Configuring Advanced Features The output from this command tells you the MAC address of the current stack Commander. Removes the Member from the “Big_Waters” stack. Converts the former Member to the Commander of the new “Lakes” stack. Figure 9-27.
Configuring Advanced Features HP ProCurve Stack Management Using the Commander’s CLI To Manually Add a Candidate to the Stack. To manually add a candidate, you will use: A switch number (SN) to assign to the new member. Member SNs range from 1 to 15. To see which SNs are already assigned to Members, use show stack view. You can use any SN not included in the listing. (SNs are viewable only on a Commander switch.) ■ The MAC address of the discovered Candidate you are adding to the stack.
Configuring Advanced Features HP ProCurve Stack Management For example, if the HP 8000M in the above listing did not have a Manager password and you wanted to make it a stack Member with an SN of 2, you would execute the following command: HP2512(config)# stack member 2 mac-address 0060b0-dfla00 Configuring Advanced Features The show stack view command then lists the Member added by the above command: The new member did not have a System Name configured prior to joining the stack, and so receives a Syst
Configuring Advanced Features HP ProCurve Stack Management ■ The Candidate’s Auto Join is set to Yes (and you do not want to enable Auto Grab on the Commander) or the Candidate’s Auto Join is set to No. ■ Either you know the MAC address of the Commander for the stack into which you want to insert the Candidate, or the Candidate has a valid IP address and is operating in your network.
Configuring Advanced Features HP ProCurve Stack Management Syntax: stack member mac-address [password] Configuring Advanced Features In the destination Commander, use show stack all to find the MAC address of the Member you want to pull into the destination stack. For example, suppose you created a new Commander with a stack name of “Cold_Waters” and you wanted to move a switch named “Bering Sea” into the new stack: Move this switch into the “Cold Waters” stack.
Configuring Advanced Features HP ProCurve Stack Management Syntax: no stack name stack join If you don’t know the MAC address of the destination Commander, you can use show stack all to identify it. Eliminates the “Test” stack and converts the Commander to a Candidate. Helps you to identify the MAC address of the Commander for the “Big_Waters” stack. Adds the former “Test” Commander to the “Big_Waters” stack. Figure 9-33.
Configuring Advanced Features HP ProCurve Stack Management Syntax: [no] stack member mac-address Configuring Advanced Features Use show stack view to list the stack Members. For example, suppose that you wanted to use the Commander to remove the “North Sea” Member from the following stack: Remove this Member from the stack. Figure 9-34.
Configuring Advanced Features HP ProCurve Stack Management You would then execute this command in the “North Sea” switch’s CLI to remove the switch from the stack: North Sea(config)# no stack join 0030c1-7fec40 Using the CLI To Access Member Switches for Configuration Changes and Traffic Monitoring Syntax: telnet where: unsigned integer is the switch number (SN) assigned by the Commander to each member (range: 1 - 15).
Configuring Advanced Features HP ProCurve Stack Management SNMP Community Operation in a Stack Configuring Advanced Features Community Membership In the default stacking configuration, when a Candidate joins a stack, it automatically becomes a Member of any SNMP community to which the Commander belongs, even though any community names configured in the Commander are not propagated to the Member’s SNMP Communities listing.
Configuring Advanced Features HP ProCurve Stack Management Note that in the above example (figure 9-37) you cannot use the public community through the Commander to access any of the Member switches. For example, you can use the public community to access the MIB in switches 1 and 3 by using their unique IP addresses. However, you must use the red or blue community to access the MIB for switch 2. snmpget 10.31.29.
Configuring Advanced Features Configuring Advanced Features HP ProCurve Stack Management ■ Stacking uses only the primary VLAN on each switch in a stack. ■ The primary VLAN can be tagged or untagged as needed in the stacking path from switch to switch. ■ The same VLAN ID (VID) must be assigned to the primary VLAN in each stacked switch. Web: Viewing and Configuring Stacking Figure 9-38.
Configuring Advanced Features HP ProCurve Stack Management 3. Click on [Apply Changes] to save any configuration changes for the individual switch. 4. If the switch is a Commander, use the [Stack Closeup] and [Stack Management] buttons for viewing and using stack features. To access the web-based Help provided for the switch, click on [?] in the web browser screen.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Port-Based Virtual LANs (Static VLANs) VLAN Features Configuring Advanced Features Feature Default Menu CLI Web page 9-57 thru 9-62 page 9-63 page 9-68 default VLAN with page 9-57 VID = 1 thru 9-62 page 9-62 page 9-68 view existing VLANs n/a configuring static VLANs configuring dynamic disabled VLANs See “GVRP” on page 9-77. A VLAN is a group of ports designated by the switch as belonging to the same broadcast domain.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) saved by not allowing packets to flood out all ports. An external router is required to enable separate VLANs on a switch to communicate with each other. Switch with Two VLANs Configured VLAN_1 Port 1 Port 2 Port 3 Port 4 External Router Port 8 Port 5 Port 6 Port 7 VLAN_2 Figure 9-39. Example of Routing Between VLANs via an External Router Overlapping (Tagged) VLANs.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Configuring Advanced Features Switch 2512 or 2524 Figure 9-40. Example of Overlapping VLANs Using the Same Server Similarly, using 802.1Q-compliant switches, you can connect multiple VLANs through a single switch-to-switch link. Switch 2524 2512 Switch 2512 Figure 9-41. Example of Connecting Multiple VLANs Through the Same Link Introducing Tagged VLAN Technology into Networks Running Legacy (Untagged) VLANs. You can introduce 802.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Switch 2524 Switch 2524 Switch 2524 Switch Switch 2512 2512 Tagged VLAN Link Configuring Advanced Features Untagged VLAN Links Non-802.1Qcompliant switch Figure 9-42.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Configuring Advanced Features DHCP or Bootp on different VLANs do not result in conflicting configuration values for the switch. The primary VLAN is the VLAN the switch uses to run and manage these features and data. In the factory-default configuration, the switch designates the default VLAN (DEFAULT_VLAN) as the primary VLAN. However, to provide more control in your network, you can designate another VLAN as primary.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Example of Per-Port VLAN Configuration with GVRP Disabled (the default) Example of Per-Port VLAN Configuration with GVRP Enabled Configuring Advanced Features Enabling GVRP causes “No” to display as “Auto”. Figure 9-43. Comparing Per-Port VLAN Options With and Without GVRP Table 9-7. Per-Port VLAN Configuration Options Parameter Effect on Port Participation in Designated VLAN Tagged Allows the port to join multiple VLANs.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) General Steps for Using VLANs Configuring Advanced Features 1. Plan your VLAN strategy and create a map of the logical topology that will result from configuring VLANs. Include consideration for the interaction between VLANs and other features such as Spanning Tree Protocol, load balancing, and IGMP. (Refer to “Effect of VLANs on Other Switch Features” on page 9-73.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Menu: Configuring VLAN Parameters To Change VLAN Support Settings This section describes: ■ Changing the maximum number of VLANs to support ■ Changing the primary VLAN selection (See “Changing the Primary VLAN” on page 9-65.) ■ Enabling or disabling dynamic VLANs (See “GVRP” on page 9-77.) 1. From the Main Menu select: 2. Switch Configuration 8. VLAN Menu . . . 1. VLAN Support You will then see the following screen: Figure 9-44.
Configuring Advanced Features Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Note ■ To select another primary VLAN, select the Primary VLAN field and use the space bar to select from the existing options. ■ To enable or disable dynamic VLANs, select the GVRP Enabled field and use the Space bar to toggle between options. (For GVRP information, see “GVRP” on page 9-77.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Adding or Editing VLAN Names Use this procedure to add a new VLAN or to edit the name of an existing VLAN. 1. From the Main Menu select: 2. Switch Configuration 8. VLAN Menu . . . 2. VLAN Names Default VLAN and VLAN ID Figure 9-46. The Default VLAN Names Screen 2. Press [A] (for Add). You will then be prompted for a new VLAN name and VLAN ID: 802.1Q VLAN ID : 1 Name : _ 3. Type in a VID (VLAN ID number).
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Configuring Advanced Features Example of a New VLAN and ID Figure 9-47. Example of VLAN Names Screen with a New VLAN Added 6. Repeat steps 2 through 5 to add more VLANs. Remember that you can add VLANs until you reach the number specified in the Maximum VLANs to support field on the VLAN Support screen (see figure 9-44on page 9-57). This includes any VLANs added dynamically due to GVRP operation. 7.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Configuring Advanced Features Default: In this example, the “VLAN-22” has been defined, but no ports have yet been assigned to it. (“No” means the port is not assigned to that VLAN.) Using GVRP? If you plan on using GVRP, any ports you don’t want to join should be changed to “Forbid”. A port can be assigned to several VLANs, but only one of those assignments can be “Untagged”. Figure 9-48. Example of VLAN Port Assignment Screen 2.
Configuring Advanced Features Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Ports 4 and 5 are assigned to both VLANs. Ports 6 and 7 are assigned only to VLAN-22. All other ports are assigned only to the Default VLAN. Figure 9-49. Example of VLAN Assignments for Specific Ports For information on VLAN tags (“Untagged” and “Tagged”), refer to “VLAN Tagging Information” on page 9-69. d. 3.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) VLAN Commands Used in this Section below show vlan page 9-64 max-vlans <1..30> page 9-65 primary-vlan page 9-65 [no] vlan page 9-66 name page 9-67 [no] tagged page 9-67 [no] untagged page 9-67 [no] forbid page 9-67 auto page 9-67 (Available if GVRP enabled.) static-vlan page 9-67 (Available if GVRP enabled.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Displaying the Configuration for a Particular VLAN . This command uses the VID to identify and display the data for a specific static or dynamic VLAN. show vlan Configuring Advanced Features Syntax: Figure 9-51. Example of “Show VLAN” for a Specific Static VLAN Show VLAN lists this data when GVRP is enabled and at least one port on the switch has dynamically joined the designated VLAN. Figure 9-52.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Changing the Number of VLANs Allowed on the Switch. By default, the switch allows a maximum of 8 VLANs. You can specify any value from 1 to 30. (If GVRP is enabled, this setting includes any dynamic VLANs on the switch.) As part of implementing a new value, you must execute a write memory command (to save the new value to the startup-config file) and then reboot the switch. max-vlans <1 ..
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Creating a New Static VLAN Changing the VLAN Context Level. With this command, entering a new VID creates a new static VLAN. Entering the VID or name of an existing static VLAN places you in the context level for that VLAN. Configuring Advanced Features Syntax: vlan [name ]Creates a new static VLAN if a VLAN with that VID does not already exist, and places you in that VLAN’s context level.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Converting a Dynamic VLAN to a Static VLAN. If GVRP is running on the switch and a port dynamically joins a VLAN, you can use the next command to convert the dynamic VLAN to a static VLAN. (For GVRP and dynamic VLAN operation, see “GVRP” on page 9-77.) This is necessary if you want to make the VLAN permanent.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) operation. Note that Auto is the default per-port setting for a static VLAN if GVRP is runing on the switch. (For information on dynamic VLAN and GVRP operation, see “GVRP” on page 9-77.) Configuring Advanced Features For example, suppose you have a VLAN named VLAN100 with a VID of 100, and all ports are set to No for this VLAN.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) To configure static VLAN port parameters, you will need to use the menu interface (available by Telnet from the web browser interface) or the CLI. 1. Click on the Configuration tab. 2. Click on [VLAN Configuration]. 3. Click on [Add/Remove VLANs]. VLAN Tagging Information VLAN tagging enables traffic from more than one VLAN to use the same port.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Blue Server Red VLAN Configuring Advanced Features Red Server 5 4 3 Blue VLAN 2 Green Server Red VLAN: Untagged Green VLAN: Tagged 6 Switch "X" White Server 7 1 Green VLAN Ports 1-6: Untagged Port 7: Red VLAN Untagged Green VLAN Tagged 4 5 White VLAN 3 Switch "Y" 1 Red VLAN 2 Green VLAN Ports 1-4: Untagged Port 5: Red VLAN Untagged Green VLAN Tagged Figure 9-54.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Note Each 802.1Q-compliant VLAN must have its own unique VID number, and that VLAN must be given the same VID in every device in which it is configured. That is, if the Red VLAN has a VID of 10 in switch X, then 10 must also be used for the Red VID in switch Y. Configuring Advanced Features VID Numbers Figure 9-55.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Server S2 Server S1 Red VLAN: Untagged Green VLAN: Tagged X1 Configuring Advanced Features Switch "X" X4 Red VLAN X2 Red VLAN: Untagged Green VLAN: Tagged Red VLAN: Untagged Green VLAN: Tagged Y1 Y5 Switch "Y" Y4 X3 Green VLAN Y2 Green VLAN only Server S3 Y3 Red VLAN Green VLAN Figure 9-56. Example of Networked 802.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) To summarize: Tagging Scheme 1 Untagged or Tagged. If the device connected to the port is 802.1Q-compliant, then the recommended choice is “Tagged”. 2 or More 1 VLAN Untagged; all others Tagged or All VLANs Tagged A given VLAN must have the same VID on any 802.1Q-compliant device in which the VLAN is configured. The ports connecting two 802.1Q devices should have identical VLAN configurations, as shown for ports X2 and Y5, above.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) VLAN MAC Addresses Configuring Advanced Features The switch has one unique MAC address for each of its VLAN interfaces. You can send an 802.2 test packet to this MAC address to verify connectivity to the switch. Likewise, you can assign an IP address to the VLAN interface, and when you Ping that address, ARP will resolve the IP address to this MAC address. The switch allows up to 30 VLAN MAC addresses (one per possible VLAN).
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) VLAN Restrictions A port must be a member of at least one VLAN. In the factory default configuration, all ports are assigned to the default VLAN (DEFAULT_VLAN; VID = 1). ■ A port can be assigned to several VLANs, but only one of those assignments can be untagged. (The “Untagged” designation enables VLAN operation with non 802.1Q-compliant devices.) ■ An external router must be used to communicate between tagged VLANs.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) HP Router Requirements. Use the Hewlett-Packard version A.09.70 (or later) router OS release if any of the following Hewlett-Packard routers are installed in networks in which you will be using VLANs: Configuring Advanced Features HP Router 440 (formerly Router ER) HP Router 470 (formerly Router LR) HP Router 480 (formerly Router BR) HP Router 650 Release A.09.74 is available on the World Wide Web at http://www.hp.
Configuring Advanced Features GVRP GVRP Default Menu CLI Web n/a page 9-84 page 9-86 page 9-89 list static and dynamic VLANs on a GVRP-enabled switch n/a — page 9-88 page 9-89 enable or disable GVRP on the disabled switch page 9-84 page 9-87 page 9-89 enable or disable GVRP on individual ports page 9-84 page 9-87 — Learn control how individual ports will handle advertisements for new VLANs page 9-84 page 9-87 page 9-89 convert a dynamic VLAN to a static VLAN n/a — page 9-89 —
Configuring Advanced Features GVRP Note Configuring Advanced Features There must be one common VLAN (that is, one common VID) connecting all of the GVRP-aware devices in the network to carry GVRP packets. HP recommends the default VLAN (DEFAULT_VLAN; VID = 1), which is automatically enabled and configured as untagged on every port of the Series 2500 switches).
Configuring Advanced Features GVRP Note that if a static VLAN is configured on at least one port of a switch, and that port has established a link with another device, then all other ports of that switch will send advertisements for that VLAN. For example, in the following figure, Tagged VLAN ports on switch “A” and switch “C”, below advertise VLANs 22 and 33 to ports on other GVRP-enabled switches that can dynamically join the VLANs.
Configuring Advanced Features Configuring Advanced Features GVRP ■ If the switch already has a static VLAN assignment with the same VID as in the advertisement, and the port is configured to Auto for that VLAN, then the port will dynamically join the VLAN and begin moving that VLAN’s traffic. (For more detail on Auto, see “Per-Port Options for Dynamic VLAN Advertising and Joining” on page 9-82.) ■ Ignore the advertisement for that VID and drop all GVRP traffic with that VID.
Configuring Advanced Features GVRP Table 9-8. Options for Handling “Unknown VLAN” Advertisements: Unknown VLAN Operation Mode Enables the port to dynamically join any VLAN for which it receives an advertisement, and allows the port to forward advertisements it receives. Block Prevents the port from dynamically joining a VLAN that is not statically configured on the switch. The port will still forward advertisements that were received by the switch on other ports.
Configuring Advanced Features GVRP Per-Port Options for Dynamic VLAN Advertising and Joining Configuring Advanced Features Initiating Advertisements. As described in the preceding section, to enable dynamic joins, GVRP must be enabled and a port must be configured to Learn (the default). However, to send advertisements in your network, one or more Tagged or Untagged static VLANs must be configured on one or more switches (with GVRP enabled), depending on your topology.
Configuring Advanced Features GVRP As the above table indicates, when you enable GVRP, a port that has a Tagged or Untagged static VLAN has the option for both generating advertisements and dynamically joining other VLANs. Note In table 9-9, above, the Unknown VLAN parameters are configured on a perinterface basis using the CLI. The Tagged, Untagged, Auto, and Forbid options are configured in the VLAN context using either the menu interface or the CLI.
Configuring Advanced Features GVRP Planning for GVRP Operation Configuring Advanced Features These steps outline the procedure for setting up dynamic VLANs for a segment. 1. Determine the VLAN topology you want for each segment (broadcast domain) on your network. 2. Determine the VLANs that must be static and the VLANs that can be dynamically propagated. 3. Determine the device or devices on which you must manually create static VLANs in order to propagate VLANs throughout the segment. 4.
Configuring Advanced Features GVRP 2. Switch Configuration . . . 8. VLAN Menu . . . 1. VLAN Support Configuring Advanced Features Figure 9-60. The VLAN Support Screen (Default Configuration) 2. Do the following to enable GVRP and display the Unknown VLAN fields: a. Press [E] (for Edit). b. Use [ v] to move the cursor to the GVRP Enabled field. c. Press the Space bar to select Yes. d. Press [ v] again to display the Unknown VLAN fields.
Configuring Advanced Features GVRP CLI: Viewing and Configuring GVRP Configuring Advanced Features GVRP Commands Used in This Section show gvrp below gvrp page 9-87 unknown-vlans page 9-87 Displaying the Switch’s Current GVRP Configuration. This command shows whether GVRP is disabled, along with the current settings for the maximum number of VLANs and the current Primary VLAN. (For more on the last two parameters, see “Port-Based Virtual LANs (Static VLANs)” on page 9-50.
Configuring Advanced Features GVRP Enabling and Disabling GVRP on the Switch. This command enables GVRP on the switch. Syntax: gvrp This example enables GVRP: HP2512(config)# gvrp HP2512(config)# no gvrp Enabling and Disabling GVRP On Individual Ports. When GVRP is enabled on the switch, use the unknown-vlans command to change the Unknown VLAN field for one or more ports. You can use this command at either the Manager level or the interface context level for the desired port(s).
Configuring Advanced Features GVRP Displaying the Static and Dynamic VLANs Active on the Switch. The show vlans command lists all VLANs present in the switch. Syntax: show vlans Configuring Advanced Features For example, in the following illustration, switch “A” has one static VLAN (the default VLAN), with GVRP enabled and port 1 configured to Learn for Unknown VLANs. Switch “B” has GVRP enabled and has three static VLANs: the default VLAN, VLAN-222, and VLAN-333.
Configuring Advanced Features GVRP Converting a Dynamic VLAN to a Static VLAN. If a port on the switch has joined a dynamic VLAN, you can use the following command to convert that dynamic VLAN to a static VLAN: Syntax: static For example, to convert dynamic VLAN 333 (from the previous example) to a static VLAN: Configuring Advanced Features HP2512(config)# static 333 Web: Viewing and Configuring GVRP To view, enable, disable, or reconfigure GVRP: 1. Click on the Configuration tab.
Configuring Advanced Features Configuring Advanced Features GVRP 9-90 ■ By receiving advertisements from other devices running GVRP, the switch learns of static VLANs on those other devices and dynamically (automatically) creates tagged VLANs on the links to the advertising devices. Similarly, the switch advertises its static VLANs to other GVRP-aware devices. ■ A GVRP-enabled switch does not advertise any GVRP-learned VLANs out of the port(s) on which it originally learned of those VLANs.
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) Multimedia Traffic Control with IP Multicast (IGMP) IGMP Features Default Menu CLI Web view igmp configuration n/a — page 9-93 — show igmp status for multicast groups used by the selected VLAN n/a — Yes — enabling or disabling IGMP (Requires VLAN ID Context) disabled — page 9-95 page 9-97 per-port packet control auto — page 9-96 — IGMP traffic priority normal — page 9-96 — querier enabled — pag
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) Enabling IGMP allows the ports to detect IGMP queries and report packets and manage IP multicast traffic through the switch. If no other querier is detected, the switch will then also function as the querier. (If you need to disable the querier feature, you can do so through the IGMP configuration MIB. Refer to “Changing the Querier Configuration Setting” on page 9-97.
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) ■ Blocked: Causes the switch to drop all IGMP transmissions received from a specific port and to block all outgoing IP Multicast packets for that port. This has the effect of preventing IGMP traffic from moving through specific ports. • Forward: Causes the switch to forward all IGMP and IP multicast transmissions through the port. Querier: In the default state (enabled), eliminates the need for a multicast router.
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) Viewing the Current IGMP Configuration. This command lists the IGMP configuration for all VLANs configured on the switch or for a specific VLAN.
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) IGMP Configuration for the Selected VLAN Configuring Advanced Features IGMP Configuration On the Individual Ports in the VLAN Figure 9-66. Example Listing of IGMP Configuration for A Specific VLAN Enabling or Disabling IGMP on a VLAN. You can enable IGMP on a VLAN, along with the last-saved or default IGMP configuration (whichever was most recently set), or you can disable IGMP on a selected VLAN.
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) Configuring Per-Port IGMP Packet Control. Use this command in the VLAN context to specify how each port should handle IGMP traffic. Syntax: vlan ip igmp [auto | blocked | forward ] Default: auto Configuring Advanced Features For example, suppose you wanted to configure IGMP as follows for VLAN 1 on the 10/100 ports on the Switch 2512: Ports 1-7 auto Filter multicast traffic.
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) HP2512> show ip igmp config Show command to display results of above high-priority commands. Syntax: [no] vlan ip igmp querier Default: Yes HP2512(config)# no vlan 1 ip igmp querier Disables the querier function on VLAN 1. HP2512> show ip igmp config Show command to display results of above querier command.
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) Configuring Advanced Features a switch is configured to support IGMP with the querier feature enabled.) A set of hosts, routers, and/or switches that send or receive multicast data streams to or from the same source(s) is termed a multicast group, and all devices in the group use the same multicast group address.
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) ■ Switch 1 ignores IGMP traffic and does not distinguish between IP multicast group members and non-members. Thus, it is sending large amounts of unwanted multicast traffic out the ports to PCs 2 and 3. ■ Switch 2 is recognizing IGMP traffic and learns that PC 4 is in the IP multicast group receiving multicast data from the video server (PC X).
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) IGMP is configured on switches 3 and 4. Either of these switches can operate as querier because a multicast router is not present on the network. (If an IGMP switch does not detect a querier, it automatically assumes this role, assuming the querier feature is enabled—the default—within IGMP.
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) Note: Reserved Addresses Excluded from IP Multicast (IGMP) Filtering. Traffic to IP multicast groups in the IP address range of 224.0.0.0 to 224.0.0.255 will always be flooded because addresses in this range are “well known” or “reserved” addresses. Thus, if IP Multicast is enabled and there is an IP multicast group within the reserved address range, traffic to that group will be flooded instead of filtered by the switch.
Configuring Advanced Features Spanning Tree Protocol (STP) Spanning Tree Protocol (STP) Configuring Advanced Features STP Features Feature Default Menu CLI Web viewing the STP configuration n/a page 9-103 page 9-105 — enable/disable STP disabled page 9-103 page 9-106 page 9-108 reconfiguring general operation priority: 32768 page max age: 20 s 9-103 hello time: 2 s fwd.
Configuring Advanced Features Spanning Tree Protocol (STP) STP Fast Mode for Overcoming Server Access Failures. If an end node is configured to automatically access a server, the duration of the STP startup sequence can result in a “server access failure”. On ports where this is a problem, configuring STP Fast Mode can eliminate the failure. For more information, see “STP Fast Mode” on page 9-109. Also, for more information on STP, see “How STP Operates” on page 9-108.
Configuring Advanced Features Spanning Tree Protocol (STP) ) Configuring Advanced Features Read-Only Fields Figure 9-69. Example of the STP Configuration Screen 4. If the remaining STP parameter settings are adequate for your network, go to step 8. 5. Use [Tab] or the arrow keys to select the next parameter you want to change, then type in the new value or press the Space Bar to select a value.
Configuring Advanced Features Spanning Tree Protocol (STP) CLI: Configuring STP STP Commands Used in This Section show spanning-tree config Below spanning-tree page 9-106 page 9-106 hello-time <1 - 10> page 9-106 maximum-age <6 - 40> page 9-106 priority <0 - 65535> page 9-106 ethernet page 9-107 path-cost <1 - 65535> page 9-107 priority <0 - 255> page 9-107 mode page 9-107 show spanning tree Configuring Advanced Features forward-delay <4 - 30> See “Spanning Tr
Configuring Advanced Features Spanning Tree Protocol (STP) Configuring Advanced Features Enabling or Disabling STP. Enabling STP implements the spanning-tree protocol for all physical ports on the switch, regardless of whether multiple VLANs are configured. Disabling STP removes protection against redundant loops that can significantly slow or halt a network.
Configuring Advanced Features Spanning Tree Protocol (STP) You can also include one or more of the STP per-port parameters in this command. See “Reconfiguring Per-Port STP Operation on the Switch” on page 9-107. spanning-tree priority <0 - 65355> maximum-age <6 - 40 seconds> hello-time <1 - 10 seconds> forward-delay <4 - 30 seconds> Default: See table 9-10, above.
Configuring Advanced Features Spanning Tree Protocol (STP) For example, the following enables STP (if it is not already enabled) and configures ports 5 and 6 to a path cost of 15, a priority of 100, and fast mode: HP2512(config)# spanning-tree ethernet 5-6 path-cost 15 priority 100 mode fast Configuring Advanced Features Web: Enabling or Disabling STP In the web browser interface you can enable or disable STP on the switch. To configure other STP features, telnet to the switch console and use the CLI.
Configuring Advanced Features Spanning Tree Protocol (STP) • Active path from node A to node B: 1—> 3 • Backup (redundant) path from node A to node B: 4 —> 2 —> 3 switch A 1 path cost: 100 2 3 path cost: 100 path cost: 100 4 switch C switch D Configuring Advanced Features switch B path cost:200 node A node B Figure 9-71.
Configuring Advanced Features Spanning Tree Protocol (STP) Configuring Advanced Features Caution The Fast Mode configuration should be used only on switch ports connected to end nodes. Changing the Mode to Fast on ports connected to hubs, switches, or routers may cause loops in your network that STP may not be able to immediately detect, in all cases. This will cause temporary loops in your network.
Configuring Advanced Features Spanning Tree Protocol (STP) Problem: Solution: STP enabled with 2 separate (non-trunked) links blocks a VLAN link. STP enabled with one trunked link. Configuring Advanced Features Nodes 1 and 2 cannot communicate because STP is blocking the link. Nodes 1 and 2 can communicate because STP sees the trunk as a single link and 802.1Q (tagged) VLANs enable the use of one (trunked) link for both VLANs. Figure 9-72.
Configuring Advanced Features Configuring Advanced Features Spanning Tree Protocol (STP) 9-112
10 Monitoring and Analyzing Switch Operation Chapter Contents Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2 Status and Counters Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3 Menu Access To Status and Counters . . . . . . . . . . . . . . . . . . . . . . . . . 10-4 Switch Management Address Information . . . . . . . . . . . . . . . . . . . . . . 10-6 Menu Access . . . . . . . . . . . . . . . .
Monitoring and Analyzing Switch Operation Overview Overview Monitoring and Analyzing Switch Operation The Series 2500 switches have several built-in tools for monitoring, analyzing, and troubleshooting switch and network operation: Note 10-2 ■ Status: Includes options for displaying general switch information, management address data, port status, MAC addresses detected on each port, and STP, IGMP, and VLAN data. ■ Counters: Display details of traffic volume on individual ports.
Monitoring and Analyzing Switch Operation Status and Counters Data Status and Counters Data This section describes the status and counters screens available through the switch console interface and/or the web browser interface. Note Interface Purpose Page Menu Access to Status and Menu Counters Access menu interface for status and counter data. 10-4 General System Information Menu, CLI Lists switch-level operating information.
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access To Status and Counters Beginning at the Main Menu, display the Status and Counters menu by selecting: Monitoring and Analyzing Switch Operation 1. Status and Counters Figure 10-1. The Status and Counters Menu Each of the above menu items accesses the read-only screens described on the following pages. Refer to the online help for a description of the entries displayed in these screens.
Monitoring and Analyzing Switch Operation Status and Counters Data General System Information Menu Access From the console Main Menu, select: 1. Status and Counters 1. General System Information Monitoring and Analyzing Switch Operation Figure 10-2. Example of General Switch Information This screen dynamically indicates how individual switch resources are being used. See the online Help for details.
Monitoring and Analyzing Switch Operation Status and Counters Data Switch Management Address Information Menu Access From the Main Menu, select: 1 Status and Counters . . . Monitoring and Analyzing Switch Operation 2. Switch Management Address Information Figure 10-3. Example of Management Address Information with VLANs Configured This screen displays addresses that are important for management of the switch.
Monitoring and Analyzing Switch Operation Status and Counters Data Port Status The web browser interface and the console interface show the same port status data. Menu: Displaying Port Status From the Main Menu, select: 1. Status and Counters . . .3. Port Status Monitoring and Analyzing Switch Operation Figure 10-4. Example of Port Status on the Menu Interface CLI Access Syntax: show interfaces Web Access 1. Click on the Status tab. 2. Click on [Port Status].
Monitoring and Analyzing Switch Operation Status and Counters Data Viewing Port and Trunk Group Statistics Feature Default Menu CLI viewing port and trunk statistics n/a for all ports page 10-9 page 10-10 page 10-10 viewing a detailed summary for a n/a particular port or trunk page 10-9 page 10-10 page 10-10 resetting counters page 10-9 page 10-10 page 10-10 n/a Web Monitoring and Analyzing Switch Operation These features enable you to determine the traffic patterns for each port since the
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to Port and Trunk Statistics To access this screen from the Main Menu, select: 1. Status and Counters . . . 4. Port Counters Monitoring and Analyzing Switch Operation Figure 10-5. Example of Port Counters on the Menu Interface To view details about the traffic on a particular port, use the [ v] key to highlight that port number, then select Show Details.
Monitoring and Analyzing Switch Operation Status and Counters Data CLI Access To Port and Trunk Group Statistics To Display the Port Counter Summary Report. This command provides an overview of port activity for all ports on the switch. Syntax: show statistics To Display a Detailed Traffic Summary for a Specific Port. This command provides traffic details for the port you specify.
Monitoring and Analyzing Switch Operation Status and Counters Data Viewing the Switch’s MAC Address Tables Feature Default Menu CLI Web viewing MAC addresses on all ports n/a page 10-12 page 10-14 — viewing MAC addresses on a specific port n/a page 10-13 page 10-14 — viewing MAC addresses on a specific VLAN n/a — searching for a MAC address n/a page 10-13 page 10-14 — page 10-14 — ■ The MAC addresses that the switch has learned from network devices attached to the switch ■ The port on
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to the MAC Address Views and Searches Switch-Level MAC-Address Viewing and Searching. This feature lets you determine which switch port is being used to communicate with a specific device on the network.
Monitoring and Analyzing Switch Operation Status and Counters Data 2. Type the MAC address you want to locate and press [Enter]. The address and port number are highlighted if found. If the switch does not find the address, it leaves the MAC address listing empty. Located MAC Address and Corresponding Port Number Figure 10-8. Example of Menu Indicating Located MAC Address 1. From the Main Menu, select: 1. Status and Counters 6. Port Address Table Prompt for Selecting the Port To Search Figure 10-9.
Monitoring and Analyzing Switch Operation Status and Counters Data Enter MAC address: _ 2. Type the MAC address you want to locate and press [Enter]. The address is highlighted if found. If the switch does not find the address, it leaves the MAC address listing empty.
Monitoring and Analyzing Switch Operation Status and Counters Data Spanning Tree Protocol (STP) Information Menu Access to STP Data From the Main Menu, select: 1. Status and Counters . . . 7. Spanning Tree Information STP must be enabled on the switch to display the following data: Monitoring and Analyzing Switch Operation Figure 10-10.Example of Spanning Tree Information Use this screen to determine current switch-level STP parameter settings and statistics.
Monitoring and Analyzing Switch Operation Monitoring and Analyzing Switch Operation Status and Counters Data Figure 10-11.Example of STP Port Information CLI Access to STP Data This option lists the STP configuration, root data, and per-port data (cost, priority, state, and designated bridge).
Monitoring and Analyzing Switch Operation Status and Counters Data Internet Group Management Protocol (IGMP) Status The switch uses the CLI to display the following IGMP status on a per-VLAN basis: Output show ip igmp Global command listing IGMP status for all VLANs configured in the switch: • VLAN ID (VID) and name • Active group addresses per VLAN • Number of report and query packets per group • Querier access port per VLAN show ip igmp Per-VLAN command listing above IGMP status for specifi
Monitoring and Analyzing Switch Operation Status and Counters Data VLAN Information Monitoring and Analyzing Switch Operation The switch uses the CLI to display the following VLAN status: Show Command Output show vlan Lists: • Maximum number of VLANs to support • Existing VLANs • Status (static or dynamic) • Primary VLAN show vlan For the specified VLAN, lists: • Name, VID, and status (static/dynamic) • Per-Port mode (tagged, untagged, forbid, no/auto) • “Unknown VLAN” setting (Learn, Blo
Monitoring and Analyzing Switch Operation Status and Counters Data Listing the VLAN ID (VID) and Status for Specific Ports. Because ports 1 and 2 are not members of VLAN-44, it does not appear in this listing. Figure 10-14.Example of VLAN Listing for Specific Ports Listing Individual VLAN Status.
Monitoring and Analyzing Switch Operation Status and Counters Data Web Browser Interface Status Information The “home” screen for the web browser interface is the Status Overview screen, as shown below. As the title implies, it provides an overview of the status of the switch, including summary graphs indicating the network utilization on each of the switch ports, symbolic port status indicators, and the Alert Log, which informs you of any problems that may have occurred on the switch.
Monitoring and Analyzing Switch Operation Port Monitoring Features Port Monitoring Features Port Monitoring Features Feature Default Menu CLI Web display monitoring configuration disabled page 10-22 page 10-24 page 10-26 configure the monitor port(s) ports: none page 10-22 page 10-25 page 10-26 or VLAN VLANs: DEFAULT_VLAN none selected page 10-22 page 10-25 page 10-26 You can designate a port for monitoring traffic of one or more other ports or of a single VLAN configured on the switch.
Monitoring and Analyzing Switch Operation Port Monitoring Features Menu: Configuring Port Monitoring This procedure describes configuring the switch for monitoring when monitoring is disabled. (If monitoring has already been enabled, the screens will appear differently than shown in this procedure.) 1. From the Console Main Menu, Select: 2. Switch Configuration... Monitoring and Analyzing Switch Operation 3. Network Monitoring Port Enable monitoring by setting this parameter to “Yes”. Figure 10-16.
Monitoring and Analyzing Switch Operation Port Monitoring Features Move the cursor to the Monitoring Port parameter. Monitoring and Analyzing Switch Operation Figure 10-17. How To Select a Monitoring Port 5. Use the Space bar to select the port to use for monitoring, then press the downarrow key to select the Monitor parameter. (The default setting is Ports, which you will use if you want to monitor one or more individual ports on the switch.) 6.
Monitoring and Analyzing Switch Operation Port Monitoring Features iv. Press [Enter], then press [S] (for Save) to save your changes and exit from the screen. Monitoring and Analyzing Switch Operation Note: This screen appears instead of the one in figure 10-17 if the Monitor parameter is set to VLAN Example of a VLAN Monitoring Parameter Figure 10-18.Example of Selecting a VLAN to Monitor 7. Return to the Main Menu.
Monitoring and Analyzing Switch Operation Port Monitoring Features Port receiving monitored traffic. Monitored Ports Figure 10-19.Example of Monitored Port Listing Syntax: [no] mirror-port [] For example, to assign port 12 as the monitoring port: HP2512(config)# mirror-port 12 To turn off port monitoring: HP2512(config)# no mirror-port Selecting or Removing Ports or VLANs As Monitoring Sources.
Monitoring and Analyzing Switch Operation Port Monitoring Features From the global config level, removes ports or VLAN as monitoring sources. From the interface or VLAN context level, removes the ports or VLAN as monitoring sources. Figure 10-21.Examples of Removing Ports and VLANs as Monitoring Sources Web: Configuring Port Monitoring Monitoring and Analyzing Switch Operation To enable port monitoring: 1. Click on the Configuration tab. 2. Click on [Monitor Port]. 3.
11 Troubleshooting Chapter Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2 Troubleshooting Approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3 Browser or Console Access Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 11-4 Using the Event Log To Identify Problem Sources . . . . . . . . . . . . . 11-11 Menu: Entering and Navigating in the Event Log . . . . . . . . . . . . . . .
Troubleshooting Overview Overview This chapter addresses performance-related network problems that can be caused by topology, switch configuration, and the effects of other devices or their configurations on switch operation. (For switch-specific information on hardware problems indicated by LED behavior, cabling requirements, and other potential hardware-related problems, refer to the installation guide you received with the switch.
Troubleshooting Troubleshooting Approaches Troubleshooting Approaches Use these approaches to diagnose switch problems: ■ Check the switch LEDs for indications of proper switch operation: • Each switch port has a Link LED that should light whenever an active network device is connected to the port. • Problems with the switch hardware and software are indicated by flashing the Fault and other switch LEDs.
Troubleshooting Browser or Console Access Problems Browser or Console Access Problems Cannot access the web browser interface: ■ Access may be disabled by the Web Agent Enabled parameter in the switch console. Check the setting on this parameter by selecting: 2. Switch Configuration . . . 1. System Information ■ The switch may not have the correct IP address, subnet mask or gateway. Verify by connecting a console to the switch’s Console port and selecting: 2. Switch Configuration . . . 1.
Troubleshooting Browser or Console Access Problems Cannot Telnet into the switch console from a station on the network: ■ Telnet access may be disabled by the Inbound Telnet Enabled parameter in the System Information screen of the menu interface: 2. Switch Configuration 1. System Information ■ The switch may not have the correct IP address, subnet mask, or gateway. Verify by connecting a console to the switch’s Console port and selecting: 2. Switch Configuration 5.
Troubleshooting Unusual Network Activity Unusual Network Activity Network activity that exceeds accepted norms may indicate a hardware problem with one or more of the network components, possibly including the switch. Unusual network activity is usually indicated by the LEDs on the front of the switch or measured with the switch console interface or with a network management tool such as the HP TopTools for Hubs & Switches.
Troubleshooting Unusual Network Activity IP addresses that will expire after a limited duration. One solution is to configure “reservations” in the DHCP server for specific IP addresses to be assigned to devices having specific MAC addresses. For more information, refer to the documentation for the DHCP server.
Troubleshooting Unusual Network Activity Problems Related to Spanning-Tree Protocol (STP) Caution If you enable STP, it is recommended that you leave the remainder of the STP parameter settings at their default values until you have had an opportunity to evaluate STP performance in your network. Because incorrect STP settings can adversely affect network performance, you should avoid making changes without having a strong understanding of how STP operates.
Troubleshooting Unusual Network Activity VLAN-Related Problems Monitor Port. When using the monitor port in a multiple VLAN environment, it can be useful to know how broadcast, multicast, and unicast traffic is tagged. The following table describes the tagging to expect.
Troubleshooting Unusual Network Activity 1. If VLAN_1 (VID=1) is configured as “Untagged” on port 3 on switch “X”, then it must also be configured as “Untagged” on port 7 on switch “Y”. Make sure that the VLAN ID (VID) is the same on both switches. 2. Similarly, if VLAN_2 (VID=2) is configured as “Tagged on the link port on switch “A”, then it must also be configured as “Tagged” on the link port on switch “B”. Make sure that the VLAN ID (VID) is the same on both switches.
Troubleshooting Using the Event Log To Identify Problem Sources Using the Event Log To Identify Problem Sources The Event Log records operating events as single-line entries listed in chronological order, and serves as a tool for isolating problems. Each Event Log entry is composed of five fields: Severity I Date 08/05/98 Time System Module 10:52:32 ports: Event Message port 1 enabled Severity is one of the following codes: I (information) indicates routine events.
Troubleshooting Using the Event Log To Identify Problem Sources Troubleshooting Table 11-1.
Troubleshooting Using the Event Log To Identify Problem Sources The log status line at the bottom of the display identifies where in the sequence of event messages the display is currently positioned. To display various portions of the Event Log, either preceding or following the currently visible portion, use either the actions listed at the bottom of the display (Next page, Prev page, or End), or the keys described in the following table: Table 11-2.
Troubleshooting Diagnostic Tools Diagnostic Tools Diagnostic Features Feature Default PingTest n/a Link Test Menu CLI Web — page 11-16 page 11-15 n/a — page 11-16 page 11-15 Display Config File n/a — page 11-18 page 11-18 Admin. and Troubleshooting Commands n/a — page 11-19 — Factory-Default Config page 11-20 (Buttons) — page 11-20 — Troubleshooting Ping and Link Tests The Ping test and the Link test are point-to-point tests between your switch and another IEEE 802.
Troubleshooting Diagnostic Tools Web: Executing Ping or Link Tests 1. Click here. 2. Click here. 3. Select Ping Test (the default) or Link Test 4. For a Ping test, enter the IP address of the target device. For a Link test, enter the MAC address of the target device. Troubleshooting 6. Click on Start to begin the test. 5. Select the number of tries (packets) and the timeout for each try from the drop-down menus. Figure 11-12.
Troubleshooting Diagnostic Tools Number of Packets to Send is the number of times you want the switch to attempt to test a connection. Timeout in Seconds is the number of seconds to allow per attempt to test a connection before determining that the current attempt has failed. To halt a Link or Ping test before it concludes, click on the Stop button. To reset the screen to its default settings, click on the Defaults button. CLI: Ping or Link Tests Ping Tests.
Troubleshooting Diagnostic Tools Link Tests. You can issue single or multiple link tests with varying repititions and timeout periods. The defaults are: ■ Repetitions: 1 (1 - 9999) ■ Timeout: 5 seconds (1 - 256 seconds) Syntax: link [repetitions <1 - 999>] [timeout <1 - 256>] Basic Link Test Link Test with Repetitions Link Test with Repetitions and Timeout Troubleshooting Link Test Over a Specific VLAN Link Test Over a Specific VLAN; Test Fail Figure 11-14.
Troubleshooting Diagnostic Tools Displaying the Configuration File The complete switch configuration is contained in a file that you can browse from either the web browser interface or the CLI. It may be useful in some troubleshooting scenarios to view the switch configuration. CLI: Viewing the Configuration File Using the CLI, you can display either the running configuration or the startup configuration. (For more on these topics, see appendix C, "Switch Memory and Configuration".
Troubleshooting Diagnostic Tools CLI Administrative and Troubleshooting Commands These commands provide information or perform actions that you may find helpful in troubleshooting operating problems with the switch. Note For more on the CLI, refer to chapter 3, "Using the Command Line Reference (CLI). Syntax: Shows the software version currently running on the switch. show boot-history Displays the switch shutdown history. show history Displays the current command history.
Troubleshooting Restoring the Factory-Default Configuration Restoring the Factory-Default Configuration As part of your troubleshooting process, it may become necessary to return the switch configuration to the factory default settings. This process momentarily interrupts the switch operation, clears any passwords, clears the console event log, resets the network counters to zero, performs a complete self test, and reboots the switch into its factory default configuration including deleting an IP address.
A Transferring an Operating System or Startup Transferring an Operating System or Startup Configuration File Appendix Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2 Downloading an Operating System (OS) . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2 Using TFTP To Download the OS File from a Server . . . . . . . . . . . . . . A-3 Menu: TFTP Download from a Server . . . . . . . . . . . . . . . . . . . . . . .
Transferring an Operating System or Startup Transferring an Operating System or Startup Configuration File Overview Overview You can download new switch software (operating system—OS) and upload or download switch configuration files. These features are useful for acquiring periodic switch software upgrades and for storing or retrieving a switch configuration.
Transferring an Operating System or Startup Configuration File Downloading an Operating System (OS) Using TFTP To Download the OS File from a Server ■ An OS file for the switch has been stored on a TFTP server accessible to the switch. (The OS file is typically available from HP’s electronic services—see the support and warranty booklet shipped with the switch.) ■ The switch is properly connected to your network and has already been configured with a compatible IP address and subnet mask.
Transferring an Operating System or Startup Configuration File Downloading an Operating System (OS) Transferring an Operating System or Startup Menu: TFTP Download from a Server 1. In the console Main Menu, select Download OS to display this screen: Figure A-15. Example of the Download OS Screen (Default Values) 2. Press [E] (for Edit). 3. Ensure that the Method field is set to TFTP (the default). 4.
Transferring an Operating System or Startup Configuration File Downloading an Operating System (OS) After the system flash memory has been updated with the new operating system, the switch reboots itself and begins running with the new operating system. 7. To confirm that the operating system downloaded correctly: a. From the Main Menu, select 1. Status and Counters, and from the Status and Counters menu, select 1. General System Information b. Check the Firmware revision line.
Transferring an Operating System or Startup Configuration File Downloading an Operating System (OS) Transferring an Operating System or Startup Using the SNMP-Based Software Update Utility HP TopTools for Hubs & Switches includes a software update utility for updating on HP ProCurve switch products such as the Series 2500 switches. For further information, refer to the HP TopTools for Hubs & Switches User Guide, provided electronically with the HP TopTools software.
Transferring an Operating System or Startup Configuration File Downloading an Operating System (OS) CLI: Switch-To-Switch Download copy tftp flash flash For example, to download an OS file from a Switch 2512 with an IP address of 10.28.227.103: Running Total of Bytes Downloaded Figure 8-17.Switch-To-Switch OS Download Using the CLI Using Xmodem to Download the OS File From a PC This procedure assumes that: ■ The switch is connected via the Console RS-232 port on a PC operating as a terminal.
Transferring an Operating System or Startup Configuration File Downloading an Operating System (OS) Transferring an Operating System or Startup The download can take several minutes, depending on the baud rate used for the transfer. 6. When the download finishes, the switch automatically reboots itself and begins running the new OS version. 7. To confirm that the operating system downloaded correctly: a. From the Main Menu, select 1. Status and Counters 1. General System Information b.
Transferring an Operating System or Startup Configuration File Troubleshooting TFTP Downloads Transferring an Operating System or Startup Troubleshooting TFTP Downloads If a TFTP download fails, the Download OS screen indicates the failure. Message Indicating cause of TFTP Download Failure Figure A-18.
Transferring an Operating System or Startup Configuration File Transferring Switch Configurations Transferring an Operating System or Startup ■ Note Another console session (through either a direct connection to a terminal device or through Telnet) was already running when you started the session in which the download was attempted. If an error occurs in which normal switch operation cannot be restored, the switch automatically reboots itself.
Transferring an Operating System or Startup Configuration File Transferring Switch Configurations TFTP: Copying a Configuration to a Remote Host. copy startup-config tftp This command copies the switch’s startup configuration (startup-config file) to a remote TFTP host. For example, to upload the current startup configuration to a file named sw2512 in the configs directory on drive "d" in a remote host having an IP address of 13.28.227.105: HP2512# copy startup-config tftp 13.28.
Transferring an Operating System or Startup Configuration File Transferring Switch Configurations Transferring an Operating System or Startup Xmodem: Copying a Configuration from a Serially Connected PC or Unix Workstation. To use this method, the switch must be connected via the serial port to a PC or Unix workstation on which is stored the configuration file you want to copy. To complete the copying, you will need to know the name of the file to copy, and the drive and directory location of the file.
B MAC Address Management Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1 Determining MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-2 Menu: Viewing the Switch’s MAC Addresses . . . . . . . . . . . . . . . . . . . . . B-3 CLI: Viewing the Port and VLAN MAC Addresses . . . . . . . . . . . . . . . . .
MAC Address Management Determining MAC Addresses Determining MAC Addresses MAC Address Management MAC Address Viewing Methods Feature Default Menu CLI Web view switch’s base (default vlan) MAC address n/a and the addressing for any added VLANs B-3 B-4 — view port MAC addresses (hexadecimal format) n/a — B-4 — Use the menu interface to view the switch’s base MAC address and the MAC address assigned to any non-default VLAN you have configured on the switch.
MAC Address Management Determining MAC Addresses Menu: Viewing the Switch’s MAC Addresses The Management Address Information screen lists the MAC addresses for: ■ Base switch (default VLAN; VID = 1) ■ Any additional VLANs configured on the switch. Note The Base MAC address is used by the first (default) VLAN in the switch. This is usually the VLAN named “DEFAULT_VLAN” unless the name has been changed (by using the VLAN Names screen).
MAC Address Management Determining MAC Addresses MAC Address Management CLI: Viewing the Port and VLAN MAC Addresses The MAC address assigned to each switch port is used internally by such features as Flow Control and the Spanning Tree Protocol. Determining the MAC address assignments for individual ports can sometimes be useful when diagnosing switch operation.
C Switch Memory and Configuration Appendix Contents Appendix Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-2 Using the CLI To Implement Configuration Changes . . . . . . . . . . . C-4 Using the Menu and Web Browser Interfaces To Implement Configuration Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Switch Memory and Configuration Overview Overview This appendix describes the following: ■ How switch memory manages configuration changes ■ How the CLI implements configuration changes ■ How the menu interfaceand web browser interface implement configuration changes Switch Memory and Configuration Overview of Configuration File Management The switch maintains two configuration files, the running-config file and the startup-config file.
Switch Memory and Configuration Overview of Configuration File Management Rebooting the switch replaces the current running-config file with a new running-config file that is an exact copy of the current startup-config file.
Switch Memory and Configuration Using the CLI To Implement Configuration Changes Storing and Retrieving Configuration Files. You can store or retrieve a backup copy of the startup-config file on another device.
Switch Memory and Configuration Using the CLI To Implement Configuration Changes Syntax: write memory For example, the default port mode setting is auto. Suppose that your network uses Cat 3 wiring and you want to connect the switch to another autosensing device capable of 100 Mbps operation. Because 100 Mbps over Cat 3 wiring can introduce transmission problems, the recommended port mode is auto-10, which allows the port to negotiate full- or half-duplex, but restricts speed to 10 Mbps.
Switch Memory and Configuration Using the CLI To Implement Configuration Changes Disables port 1 in the running configuration, which causes port 1 to block all traffic. HP2512(config)# interface e 1 disable HP2512(config)# boot Device will be rebooted, do you want to continue [y/n]? y Press [Y] to continue the rebooting process. You will then see this prompt.
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Syntax: erase startup-config For example: HP2512(config)# erase startup-config Configuration will be deleted and device rebooted, continue [y/n]? Press [Y] to replace the current configuration with the factory default configuration and reboot the switch. Press [N] to retain the current configuration and prevent a reboot.
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Using Save and Cancel in the Menu Interface For any configuration screen in the menu interface, the Save command: 1. Implements the changes in the running-config file 2.
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Rebooting from the Menu Interface ■ Terminates the current session and performs a reset of the operating system ■ Activates any configuration changes that require a reboot ■ Resets statistical counters to zero (Note that statistical counters can be reset to zero without rebooting the switch. See “Displaying Port Counters” on page 10-9.
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Switch Memory and Configuration If configuration changes requiring a reboot have been made, the switch displays an asterisk (*) next to the menu item in which the change has been made.
D Daylight Savings Time on HP ProCurve Switches This information applies to the following HP ProCurve switches: • 2512 • 2524 • • • • • 1600M 2400M 2424M 4000M 8000M • 212M • 224M • HP AdvanceStack Switches • HP AdvanceStack Routers ■ Alaska ■ Canada and Continental US ■ Middle Europe and Portugal ■ Southern Hemisphere ■ Western Europe The pre-defined settings follow these rules: Alaska: • Begin DST at 2am the first Sunday on or after April 24th.
Daylight Savings Time on HP ProCurve Switches Middle Europe and Portugal: • Begin DST at 2am the first Sunday on or after March 25th. • End DST at 2am the first Sunday on or after September 24th. Southern Hemisphere: • Begin DST at 2am the first Sunday on or after October 25th. • End DST at 2am the first Sunday on or after March 1st. Western Europe: • Begin DST at 2am the first Sunday on or after March 23rd. • End DST at 2am the first Sunday on or after October 23rd.
Daylight Savings Time on HP ProCurve Switches Before configuring a "User defined" Daylight Time Rule, it is important to understand how the switch treats the entries. The switch knows which dates are Sundays, and uses an algorithm to determine on which date to change the system clock, given the configured "Beginning day" and "Ending day": ■ If the configured day is a Sunday, the time changes at 2am on that day.
Index operating notes … 7-39 overview … 7-30 troubleshooting … 7-39 Numerics 802.1Q VLAN standard … 9-102 802.
Index See CLI communities, SNMP … 8-7 configuration … 2-7, 9-108 Bootp … 5-13 console … 5-16 copying … A-10 download … A-2 factory default … 5-2, 9-57, 9-62, 9-103, C-6 IP … 5-3 network monitoring … 10-21 permanent … C-5 permanent change defined … C-3 port … 6-1 port security … 7-11 port trunk groups … 6-1 quick … 2-8 restoring factory defaults … 11-20 saving from menu interface … 2-10 serial link … 5-16 SNMP … 8-4, 8-6 spanning tree … 9-102 spanning tree protocol … 9-108 startup … 2-10 system … 5-21 Telne
spanning tree … 9-109 fault detection … 4-9 fault detection policy … 4-9, 4-24 fault detection policy, setting … 4-24 fault detection window … 4-24 fault-tolerance … 6-12 FEC benefits … 6-27 filters effect of IGMP … 9-101 IGMP override … 9-101 maximum allowed … 9-101 firmware version … 10-5 flash memory … 2-10 flow control … 6-4 flow control, terminal … 5-16 forbid See GVRP format, date … 11-11 format, time … 11-11 forwarding port, IGMP … 9-92 general operation … 9-78 IP addressing … 9-80 learn … 9-81 lear
Index configure per VLAN … 9-92 effect on filters … 9-101 example … 9-98–9-100 filter override … 9-101 high-priority forwarding … 9-92 host not receiving … 11-7 IP address required … 9-92 IP multicast address range … 9-101 leave group … 9-98 maximum address count … 9-101 multicast group … 9-98, 9-100 multimedia … 9-91 not working … 11-7 operation … 9-97–9-98 port states … 9-92 query … 9-98 report … 9-98 statistics … 10-17 status … 9-98 traffic … 9-92 inactivity timeout … 5-17 Inbound Telnet Enabled paramet
M N navigation, console interface … 2-9–2-10 navigation, event log … 11-13 Netscape … 4-5 network management functions … 8-5 network manager address … 8-4 O online help … 4-14 online help location … 4-14 operating notes authorized IP managers … 7-39 port security … 7-28 operator access … 8-6 operator password … 4-9, 4-11, 7-4, 7-6 OS version … A-5–A-6, A-8 OS download failure indication … A-9 switch-to-switch download … A-6 troubleshooting … A-9 using TFTP … A-3 out-of-band … 1-3 P password … 4-9, 4-11 b
Index Address Table screen … 9-76 auto negotiation … 6-4 auto, IGMP … 9-92 auto-negotiation … 6-3 blocked by STP operation … 9-108 blocked, IGMP … 9-92 CLI access … 6-6 context level … 6-8 cost See spanning tree protocol.
R S security … 4-11, 5-16 authorized IP managers … 7-30 per port … 7-9 security violations notices of … 7-22 Self Test LED behavior during factory default reset … 11-20 serial number … 10-5 server access failure … 9-103 Timep … 5-6 setting a password … 7-5 setting fault detection policy … 4-24 setup screen … 5-4 Index – 7 Index reboot … 2-8, 2-10, 2-12, 9-83 reboot, actions causing … C-3 reconfigure … 2-10 redundant path … 9-102, 9-108 spanning tree … 9-103 report See IGMP reset … 2-12, C-9 Reset button
server access failure … 9-103 subnet … 9-98 subnet address … 9-50 subnet mask … 5-5, 5-7 See also IP Sun workstation … 9-75 support changing default URL … 4-14 URL … 4-13 URL Window … 4-13 switch console See console switch setup menu … 2-8 switch-to-switch download … A-6 system configuration screen … 5-21 System Name parameter … 5-22 Index T tagged VLAN See VLAN TCP/IP reference book … 5-15 Telnet … 2-4 Telnet, enable/disable … 5-17 Telnet, problem … 11-5 terminal access, lose connectivity … 5-19 terminal
user name cleared … 7-7 user name, using for browser or console access … 4-9, 4-11 using the passwords … 4-11 utilization, port … 4-17 V W warranty … ii web agent enabled … 4-2 web agent, advantages … 1-5 web browser access configuration … 5-16 web browser enable/disable … 5-17 web browser interface access parameters … 4-9 alert log … 4-7, 4-20 alert log details … 4-22 alert types … 4-21 bandwidth adjustment … 4-18 bar graph adjustment … 4-18 configuration, support URL … 4-14 disable access … 4-2 enabling
Index help via TopTools … 4-14 main screen … 4-16 management server URL … 4-14 online help … 4-14 online help location specifying … 4-14 online help, inoperable … 4-14 overview … 4-16 Overview window … 4-16 password lost … 4-11 password, setting … 4-10 port status … 4-19 port utilization … 4-17 port utilization and status displays … 4-17 screen elements … 4-16 security … 4-2, 4-9 standalone … 4-5 status bar … 4-23 status indicators … 4-23 status overview screen … 4-7 system requirements … 4-4–4-5 troublesh