6400cl 5300xl 4200vl 3400cl ProCurve Switches E.10.02 (Series 5300xl) L.10.XX (Series 4200vl) M.08.73 (Series 3400/6400cl) www.procurve.
ProCurve Series 6400cl Switches Series 5300xl Switches Series 4200vl Switches Series 3400cl Switches October 2006 E.10.02 or Greater (5300xl) L.10.01 or Greater (4200vl) M.08.
© Copyright 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change with out notice. All Rights Reserved. Disclaimer This document contains proprietary information, which is protected by copyright. No part of this document may be photocopied, reproduced, or translated into another language without the prior written consent of HewlettPackard.
Contents Product Documentation About Your Switch Manual Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix Feature Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xx 1 Getting Started Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Advantages of Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 General Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 Information on Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5 Advantages of Using the Web Browser Interface . . . . . . . . . . . . . . . . 2-5 Advantages of Using ProCurve Manager or ProCurve Manager Plus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Displaying CLI “Help” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11 Configuration Commands and the Context Configuration Modes . . 4-12 Configuring Custom Login Banners for the Console and Web Browser Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15 Banner Operation with Telnet, Serial, or SSHv2 Access . . . . . . . 4-16 Banner Operation with Web Browser Access . . . . . . . . . . . . . . .
Port Utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-17 Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-19 The Alert Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-20 Sorting the Alert Log Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-20 Alert Types and Detailed Views . . . . . . . . . . . . . . . . . . . . . . . . . . .
Renaming an Existing Startup-Config File . . . . . . . . . . . . . . . . . . 6-32 Creating a New Startup-Config File . . . . . . . . . . . . . . . . . . . . . . . . 6-32 Erasing a Startup-Config File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-34 Using the Clear + Reset Button Combination To Reset the Switch to Its Default Configuration . . . . . . . . . . . . . . . . . . . . 6-35 Transferring Startup-Config Files To or From a Remote Server . . . .
CLI: Configuring IP Address, Gateway, and Time-To-Live (TTL) . . . . 8-6 Web: Configuring IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10 How IP Addressing Affects Switch Operation . . . . . . . . . . . . . . . . . . . 8-11 DHCP/Bootp Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12 Network Preparations for Configuring DHCP/Bootp . . . . . . . . . 8-14 IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads . . . . . .
Menu: Operation with Multiple SNTP Server Addresses Configured . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-28 SNTP Messages in the Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-28 10 Port Status and Basic Configuration Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring PoE Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-10 Changing the PoE Port Priority Level . . . . . . . . . . . . . . . . . . . . . . . . . 11-10 Disabling or Re-Enabling PoE Port Operation . . . . . . . . . . . . . . . . . 11-11 Changing the Threshold for Generating a Power Notice . . . . . . . . . 11-11 Configuring Optional PoE Port Identifiers . . . . . . . . . . . . . . . . . . . . . 11-12 Viewing PoE Configuration and Status . . . . . . . . . . . . . . . .
General Operating Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-14 Configuring the ACM on the Network . . . . . . . . . . . . . . . . . . . . . . . . 12-14 Configuring the Access Controller xl Module . . . . . . . . . . . . . . . . . 12-16 Configuring Downlink Client Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-16 Changing the VLAN-Base . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-18 Configuring Client VLANs . . . . . . . . . . . . .
Trunk Group Operation Using LACP . . . . . . . . . . . . . . . . . . . . . . . . . 13-18 Default Port Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-20 LACP Notes and Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-21 Trunk Group Operation Using the “Trunk” Option . . . . . . . . . . . . 13-24 How the Switch Lists Trunk Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-25 Outbound Traffic Distribution Across Trunked Links .
Configuring Jumbo Packet Operation . . . . . . . . . . . . . . . . . . . . . . . . 14-29 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-29 Viewing the Current Jumbo Configuration . . . . . . . . . . . . . . . . . 14-29 Enabling or Disabling Jumbo Traffic on a VLAN . . . . . . . . . . . . 14-31 Operating Notes for Jumbo Traffic-Handling . . . . . . . . . . . . . . . . . . 14-32 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
LLDP Operating Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-31 LLDP Data Management on the Series 3400cl and 6400cl Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-32 LLDP Neighbor Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-32 Configuring LLDP Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-33 Viewing the Current Configuration . . . . . . . . . . . . . . . .
Menu: TFTP Download from a Server to Primary Flash . . . . . . . A-5 CLI: TFTP Download from a Server to Flash . . . . . . . . . . . . . . . . A-6 Using Secure Copy and SFTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-8 How It Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-9 The SCP/SFTP Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-10 Disable TFTP and Auto-TFTP for Enhanced Security . . . . . . .
B Monitoring and Analyzing Switch Operation Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3 Status and Counters Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-4 Menu Access To Status and Counters . . . . . . . . . . . . . . . . . . . . . . . . . B-5 General System Information . . . . . . . .
Interface Monitoring Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-23 Menu: Configuring Port and Static Trunk Monitoring . . . . . . . . . . . B-24 CLI: Configuring Port, Mesh, and Static Trunk Monitoring . . . . . . . B-26 Web: Configuring Port Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . B-29 C Troubleshooting Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-1 Overview . . . . . . . . . . . .
Viewing the Debug Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-40 Steps for Configuring Debug and Syslog Messaging . . . . . . . . . . . . . C-40 Operating Notes for Debug and Syslog . . . . . . . . . . . . . . . . . . . . . . . C-44 Diagnostic Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-45 Port Auto-Negotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-45 Ping and Link Tests . . . . . . . . .
Product Documentation About Your Switch Manual Set Note For the latest version of all ProCurve switch documentation, including Release Notes covering recently added features, please visit the ProCurve Networking Web site at www.procurve.com, click on Technical support, and then click on Product manuals (all). Printed Publications The two publications listed below are printed and shipped with your switch.
Product Documentation Feature Index For the manual set supporting your switch model, the following feature index indicates which manual to consult for information on a given software feature and which switches support that feature. Feature Management Advanced and Traffic Configuration Management 802.1Q VLAN Tagging 802.1X Port-Based Priority Access Security Guide X X 802.
Product Documentation Feature Management Advanced and Traffic Configuration Management Eavesdrop Protection Access Security Guide X Supported Supported Supported on 5300xl on 4200vl on 3400cl/ 6400cl yes yes no Event Log X yes yes yes Factory Default Settings X yes yes yes Flow Control (802.
Product Documentation Feature Management Advanced and Traffic Configuration Management Meshing Monitoring and Analysis Access Security Guide X X Multicast Filtering X Supported Supported Supported on 5300xl on 4200vl on 3400cl/ 6400cl yes no yes yes yes yes yes no no Multiple Configuration Files X yes yes yes Network Management Applications X yes SNMP only SNMP only OpenView Device Management X yes yes yes yes no yes OSPF X Passwords X yes yes yes Password Clear Pro
Product Documentation Feature Management Advanced and Traffic Configuration Management RMON 1,2,3,9 Access Security Guide X Supported Supported Supported on 5300xl on 4200vl on 3400cl/ 6400cl yes yes yes Routing X yes yes yes Routing - IP Static X yes yes yes yes yes yes yes yes yes Secure Copy X SFLOW SFTP X yes yes yes SNMPv3 X yes yes yes X yes yes yes yes yes yes yes yes yes Software Downloads (SCP/SFTP, TFTP, Xmodem) X Source-Port Filters X Spanning Tr
Product Documentation Feature Management Advanced and Traffic Configuration Management Voice VLAN Access Security Guide X Supported Supported Supported on 5300xl on 4200vl on 3400cl/ 6400cl yes yes yes Web Authentication RADIUS Support X yes yes yes Web-based Authentication X yes yes yes Web UI X yes yes yes Xmodem X yes yes yes yes no yes XRRP xxiv X
1 Getting Started Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Feature Descriptions by Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Command Syntax Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 Command Prompts . . . . . . . . . . . . . . . . . . . . .
Getting Started Introduction Introduction This Management and Configuration Guide is intended for use with the following switches: ■ ProCurve Switch 10G CX4 6400cl-6xg ■ ProCurve Switch 10G X2 6400cl-6xg ■ ProCurve Switch 5304xl ■ ProCurve Switch 5348xl ■ ProCurve Switch 5308xl ■ ProCurve Switch 5372xl ■ ProCurve Switch 4204vl ■ ProCurve Switch 4208vl ■ ProCurve Switch 4202vl-48G ■ ProCurve Switch 4202vl-72 ■ ProCurve Switch 3400cl-24G ■ ProCurve Switch 3400cl-48G This guide describ
Getting Started Conventions Command Syntax Statements Syntax: ip default-gateway < ip-addr > Syntax: show interfaces [port-list ] ■ Vertical bars ( | ) separate alternative, mutually exclusive elements. ■ Square brackets ( [ ] ) indicate optional elements. ■ Braces ( < > ) enclose required elements. ■ Braces within square brackets ( [ < > ] ) indicate a required element within an optional choice.
Getting Started Sources for More Information Screen Simulations Displayed Text. Figures containing simulated screen text and command output look like this: ProCurve> show version Image stamp: /sw/code/build/info September 30 2005 13:43:13 E.08.22 139 ProCurve> Figure 1-1. Example of a Figure Showing a Simulated Screen In some cases, brief command-output sequences appear without figure iden tification.
Getting Started Sources for More Information Note For the latest version of all ProCurve switch documentation, including Release Notes covering recently added features, visit the ProCurve Network ing web site at www.procurve.com, click on Technical support, and then click on Product Manuals (all).
Getting Started Sources for More Information ■ Access Security Guide—Use the Access Security Guide for information on: • Local username and password security • Web-Based and MAC-based authentication • RADIUS and TACACS+ authentication • SSH (Secure Shell) and SSL (Secure Socket Layer) operation • 802.1x port-based access control • Port security operation with MAC-based control • Authorized IP Manager security • Key Management System (KMS) Getting Documentation From the Web 1.
Getting Started Sources for More Information Figure 1-3. Listing of ProCurve Manuals on the ProCurve Networking Web Site Online Help If you need information on specific parameters in the menu interface, refer to the online help provided in the interface. For example: Online Help for Menu If you need information on a specific command in the CLI, type the command name followed by “help”.
Getting Started Need Only a Quick Start? If you need information on specific features in the web browser interface, use the online help available for the web browser interface. For more information on web browser Help options, refer to “Online Help for the Web Browser Interface” on page 5-11. If you need further information on ProCurve switch technology, visit the ProCurve Networking web site at: www.procurve.
Getting Started To Set Up and Install the Switch in Your Network To Set Up and Install the Switch in Your Network Use the ProCurve Installation and Getting Started Guide (shipped with the switch) for the following: ■ Notes, cautions, and warnings related to installing and using the switch and its related modules ■ Instructions for physically installing the switch in your network ■ Quickly assigning an IP address and subnet mask, set a Manager pass word, and (optionally) configure other basic features
Getting Started To Set Up and Install the Switch in Your Network — This page unused intentionally— 1-10
Selecting a Management Interface Contents 2 Selecting a Management Interface Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Understanding Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Advantages of Using the Menu Interface . . . . . . . . . . . . . . . . . . . . . . . . 2-3 Advantages of Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 General Benefits . . .
Selecting a Management Interface Overview Overview This chapter describes the following: ■ Management interfaces for the switches covered by this guide ■ Advantages of using each interface Understanding Management Interfaces Management interfaces enable you to reconfigure the switch and to monitor switch status and performance.
Selecting a Management Interface Advantages of Using the Menu Interface To use ProCurve Manager or ProCurve Manager Plus, refer to the Getting Started Guide and the Administrator’s Guide, which are available electron ically with the software for these applications. For more information, visit the ProCurve Networking web site at www.procurve.com. Advantages of Using the Menu Interface Figure 2-1.
Selecting a Management Interface Advantages of Using the CLI ■ Offers out-of-band access (through the RS-232 connection) to the switch, so network bottlenecks, crashes, lack of configured or correct IP address, and network downtime do not slow or prevent access ■ Enables Telnet (in-band) access to the menu functionality. ■ Allows faster navigation, avoiding delays that occur with slower display of graphical objects over a web browser interface.
Selecting a Management Interface Advantages of Using the Web Browser Interface Information on Using the CLI ■ For information on how to use the CLI, refer to chapter 3. “Using the Command Line Interface (CLI)”. ■ To perform specific procedures (such as configuring IP addressing or VLANs), use the Contents listing at the front of the manual to locate the information you need. ■ For monitoring and analyzing switch operation, refer to appendix B.
Selecting a Management Interface Advantages of Using the Web Browser Interface 2-6 ■ Familiar browser interface--locations of window objects consistent with commonly used browsers, uses mouse clicking for navigation, no terminal setup ■ Many features have all their fields in one screen so you can view all values at once ■ More visual cues, using colors, status bars, device icons, and other graphical objects instead of relying solely on alphanumeric values ■ Display of acceptable ranges of values av
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus Advantages of Using ProCurve Manager or ProCurve Manager Plus You can operate ProCurve Manager and ProCurve Manager Plus (PCM and PCM+) from a PC on the network to monitor traffic, manage your hubs and switches, and proactively recommend network changes to increase network uptime and optimize performance. Easy to install and use, PCM and PCM+ are the answers to your management challenges. Figure 2-4.
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus PCM and PCM+ enable greater control, uptime, and performance in your network: ■ ■ 2-8 Features and benefits of ProCurve Manager: • Network Status Summary: Upon boot-up, a network status screen displays high-level information on network devices, end nodes, events, and traffic levels. From here, users can research any one of these areas to get more details.
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus • Device Software Updates: This feature automatically obtains new device software images from ProCurve and updates devices, allowing users to download the latest version or choose the desired version. Updates can be scheduled easily across large groups of devices, all at user-specified times.
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus — This page is intentionally unused.
3 Using the Menu Interface Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Starting and Ending a Menu Session . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 How To Start a Menu Interface Session . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 How To End a Menu Session and Exit from the Console: . . . . . . . . . . 3-5 Main Menu Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using the Menu Interface Overview Overview This chapter describes the following features: ■ Overview of the Menu Interface (page 3-2) ■ Starting and ending a Menu session (page 3-3) ■ The Main Menu (page 3-7) ■ Screen structure and navigation (page 3-9) ■ Rebooting the switch (page 3-12) The menu interface operates through the switch console to provide you with a subset of switch commands in an easy-to-use menu format enabling you to: ■ Perform a “quick configuration” of basic parameters, such a
Using the Menu Interface Starting and Ending a Menu Session Note If the switch has neither a Manager nor an Operator password, anyone having access to the console interface can operate the console with full manager privileges. Also, if you configure only an Operator password, entering the Operator password enables full manager privileges. For more information on passwords, refer to the Access Security Guide for your switch. Menu Interaction with Other Interfaces.
Using the Menu Interface Starting and Ending a Menu Session How To Start a Menu Interface Session In its factory default configuration, the switch console starts with the CLI prompt. To use the menu interface with Manager privileges, go to the Manager level prompt and enter the menu command. 1. 2. 3. Use one of these methods to connect to the switch: • A PC terminal emulator or terminal • Telnet Do one of the following: • If you are using Telnet, go to step 3.
Using the Menu Interface Starting and Ending a Menu Session Stacking is available on Series 3400cl and Series 6400cl switches. Figure 3-1. Example of the Main Menu with Manager Privileges For a description of Main Menu features, see “Main Menu Features” on page 3-7. Note To configure the switch to start with the menu interface instead of the CLI, go to the Manager level prompt in the CLI, enter the setup command, and in the resulting display, change the Logon Default parameter to Menu.
Using the Menu Interface Starting and Ending a Menu Session Asterisk indicates a configuration change that requires a reboot to activate. Stacking is available on Series 3400/6400cl switches and Series 4200vlswitches. Figure 3-2. Example Indication of a Configuration Change Requiring a Reboot 1. In the current session, if you have not made configuration changes that require a switch reboot to activate, return to the Main Menu and press [0] (zero) to log out.
Using the Menu Interface Main Menu Features Main Menu Features Figure 3-3. The Main Menu View with Manager Privileges The Main Menu gives you access to these Menu interface features: ■ Status and Counters: Provides access to display screens showing switch information, port status and counters, port and VLAN address tables, and spanning tree information. (See Appendix B, “Monitoring and Analyzing Switch Operation”.
Using the Menu Interface Main Menu Features 3-8 ■ Command Line (CLI): Selects the Command Line Interface at the same level (Manager or Operator) that you are accessing in the Menu interface. (Refer to chapter 3, “Using the Command Line Interface (CLI)”.) ■ Reboot Switch: Performs a “warm” reboot of the switch, which clears most temporary error conditions, resets the network activity counters to zero, and resets the system up-time to zero.
Using the Menu Interface Screen Structure and Navigation Screen Structure and Navigation Menu interface screens include these three elements: ■ Parameter fields and/or read-only information such as statistics ■ Navigation and configuration actions, such as Save, Edit, and Cancel ■ Help line to describe navigation options, individual parameters, and readonly data For example, in the following System Information screen: Screen title – identifies the location within the menu structure Parameter fields
Using the Menu Interface Screen Structure and Navigation Table 3-1. 3-10 How To Navigate in the Menu Interface Task: Actions: Execute an action from the “Actions –>” list at the bottom of the screen: Use either of the following methods: • Use the arrow keys ( [<] ,or [>] ) to highlight the action you want to execute, then press [Enter]. • Press the key corresponding to the capital letter in the action name.
Using the Menu Interface Screen Structure and Navigation To get Help on individual parameter descriptions. In most screens there is a Help option in the Actions line. Whenever any of the items in the Actions line is highlighted, press [H], and a separate help screen is displayed. For example: Pressing [H] or highlighting Help and pressing [Enter] displays Help for the parameters listed in the upper part of the screen Highlight on any item in the Actions line indicates that the Actions line is active.
Using the Menu Interface Rebooting the Switch Rebooting the Switch Rebooting the switch from the menu interface ■ Terminates all current sessions and performs a reset of the operating system ■ Activates any menu interface configuration changes that require a reboot ■ Resets statistical counters to zero (Note that statistical counters can be reset to zero without rebooting the switch.) To Reboot the switch, use the Reboot Switch option in the Main Menu.
Using the Menu Interface Rebooting the Switch Rebooting To Activate Configuration Changes. Configuration changes for most parameters in the menu interface become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the Maximum VLANs to support parameter. (To access this parameter, go to the Main Menu and select: 2. Switch Configuration 8. VLAN Menu 1. VLAN Support.
Using the Menu Interface Menu Features List Menu Features List Status and Counters • General System Information • Switch Management Address Information • Port Status • Port Counters • Address Table • Port Address Table • Spanning Tree Information Switch Configuration • System Information • Port/Trunk Settings • Network Monitoring Port • Spanning Tree Operation • IP Configuration • SNMP Community Names • IP authorized Managers • VLAN Menu Console Passwords Event Log Command Lin
Using the Menu Interface Where To Go From Here Where To Go From Here This chapter provides an overview of the menu interface and how to use it. The following table indicates where to turn for detailed information on how to use the individual features available through the menu interface. Option: Turn to: To use the Run Setup option Refer to the Installation and Getting Started Guide shipped with the switch.
Using the Menu Interface Where To Go From Here — This page is intentionally unused.
4 Using the Command Line Interface (CLI) Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Privilege Levels at Logon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using the Command Line Interface (CLI) Overview Overview The CLI is a text-based command interface for configuring and monitoring the switch. The CLI gives you access to the switch’s full set of commands while providing the same password protection that is used in the web browser interface and the menu interface. Accessing the CLI Like the menu interface, the CLI is accessed through the switch console, and in the switch’s factory default state, is the default interface when you start a console session.
Using the Command Line Interface (CLI) Using the CLI When you use the CLI to make a configuration change, the switch writes the change to the Running-Config file in volatile memory. This allows you to test your configuration changes before making them permanent. To make changes permanent, you must use the write memory command to save them to the Startup-Config file in non-volatile memory.
Using the Command Line Interface (CLI) Using the CLI Caution ProCurve strongly recommends that you configure a Manager password. If a Manager password is not configured, then the Manager level is not passwordprotected, and anyone having in-band or out-of-band access to the switch may be able to reach the Manager level and compromise switch and network security. Note that configuring only an Operator password does not prevent access to the Manager level by intruders who have the Operator password.
Using the Command Line Interface (CLI) Using the CLI Manager Privileges Manager privileges give you three additional levels of access: Manager, Global Configuration, and Context Configuration. (See figure.) A “#” character delim its any Manager prompt. For example: ProCurve#_ ■ Example of the Manager prompt. Manager level: Provides all Operator level privileges plus the ability to perform system-level actions that do not require saving changes to the system configuration file.
Using the Command Line Interface (CLI) Using the CLI Table 4-1. Privilege Level Hierarchy Privilege Level Example of Prompt and Permitted Operations Operator Privilege Operator Level ProCurve> show < command > setup View status and configuration information. ping < argument > link-test < argument > Perform connectivity tests. enable Move from the Operator level to the Manager level. menu Move from the CLI interface to the menu interface.
Using the Command Line Interface (CLI) Using the CLI How To Move Between Levels Change in Levels Example of Prompt, Command, and Result Operator level to Manager level ProCurve> enable Password:_ After you enter enable, the Password prompt appears.
Using the Command Line Interface (CLI) Using the CLI For example, if you use the menu interface to configure an IP address of “X” for VLAN 1 and later use the CLI to configure a different IP address of “Y” for VLAN 1, then “Y” replaces “X” as the IP address for VLAN 1 in the running config file. If you subsequently execute write memory in the CLI, then the switch also stores “Y” as the IP address for VLAN 1 in the startup-config file.
Using the Command Line Interface (CLI) Using the CLI Typing ? at the Manager level produces this listing: When - - MORE - - appears, use the Space bar or [Return] to list additional commands. Figure 4-4.Example of the Manager-Level Command Listing When - - MORE - - appears, there are more commands in the listing. To list the next screenfull of commands, press the Space bar. To list the remaining commands one-by-one, repeatedly press [Enter].
Using the Command Line Interface (CLI) Using the CLI As mentioned above, if you type part of a command word and press [Tab], the CLI completes the current word (if you have typed enough of the word for the CLI to distinguish it from other possibilities), including hyphenated exten sions. For example: ProCurve(config)# port-[Tab] ProCurve(config)# port-security _ Pressing [Tab] after a completed command word lists the further options for that command.
Using the Command Line Interface (CLI) Using the CLI Displaying CLI “Help” CLI Help provides two types of context-sensitive information: ■ Command list with a brief summary of each command’s purpose ■ Detailed information on how to use individual commands Displaying Command-List Help. Syntax: help Displays a listing of command Help summaries for all commands available at the current privilege level.
Using the Command Line Interface (CLI) Using the CLI Figure 4-7.Example of How To Display Help for a Specific Command Note that trying to list the help for an individual command from a privilege level that does not include that command results in an error message.
Using the Command Line Interface (CLI) Using the CLI Commands executed at configuration level for entering port and trk1 static trunk-group contexts, and resulting prompts showing port or static trunk contexts.. ProCurve(eth-C5-C8)# ProCurve(eth-Trk1)# ProCurve(eth-C5-C8)# ? ProCurve(eth-C5-C8)# ? Lists the commands you can use in the port or static trunk context, plus the Manager, Operator, and context commands you can exe cute at this level.
Using the Command Line Interface (CLI) Using the CLI VLAN Context . Includes VLAN-specific commands that apply only to the selected VLAN, plus Manager and Operator commands. The prompt for this mode includes the VLAN ID of the selected VLAN. For example, if you had already configured a VLAN with an ID of 100 in the switch: ProCurve(config)# vlan 100 Command executed at configuration level to enter VLAN 100 context. ProCurve(vlan-100)# Resulting prompt showing VLAN 100 context.
Using the Command Line Interface (CLI) Using the CLI Configuring Custom Login Banners for the Console and Web Browser Interfaces You can now configure the switch to display a login banner of up to 320 characters when an operator initiates a management session with the switch through any of the following methods: ■ Telnet ■ serial connection ■ SSHv2 (SSHv1 does not include support for banners.
Using the Command Line Interface (CLI) Using the CLI Banner Operation with Telnet, Serial, or SSHv2 Access When a system operator begins a login session, the switch displays the banner above the local password prompt or, if no password is configured, above the Press any key to continue prompt. Entering a correct password or, if no password is configured, pressing any key clears the banner from the CLI and displays the CLI prompt. (Refer to figure 4-10 on page 4-15.
Using the Command Line Interface (CLI) Using the CLI < banner-text-string > The switch allows up to 320 banner characters, including blank spaces and CR-LF ([Enter]). (The tilde “ ~“ and the delimiter defined by banner motd are not allowed as part of the banner text.) While entering banner text, you can backspace to edit the current line (that is, a line that has not been termi nated by a CR-LF.
Using the Command Line Interface (CLI) Using the CLI ProCurve(config)# show banner motd Banner Information Banner status: Enabled Configured Banner: This is a private system maintained by the Allied Widget Corporation. Unauthorized use of this system can result in civil and criminal penalties! Figure 4-12. Example of show banner motd Output Shows the current banner configuration. Figure 4-13.
Using the Command Line Interface (CLI) Using the CLI The next time someone logs onto the switch’s management CLI, the following appears: The login screen displays the configured banner. Entering a correct password clears the banner and displays the CLI prompt. Figure 4-14. Example of CLI Result of the Login Banner Configuration If someone uses a Web browser to log in to the switch interface, the following message appears: Figure 4-15.
Using the Command Line Interface (CLI) Using the CLI ■ If the switch is configured with ssh version 1 or ssh version 1-or-2, configuring the banner sets the SSH configuration to ssh version 2 and displays the following message in the CLI: Warning: SSH version has been set to v2. ■ If a banner is configured, the switch does not allow configuration with ssh version 1 or ssh version 1-or-2. Attempting to do so produces the following error message in the CLI: Banner has to be disabled first.
Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing Keystrokes Function [Ctrl] [A] Jumps to the first character of the command line. [Ctrl] [B] or [<] Moves the cursor back one character. [Ctrl] [C] Terminates a task and displays the command prompt. [Ctrl] [D] Deletes the character at the cursor. [Ctrl] [E] Jumps to the end of the current command line. [Ctrl] [F] or [>] Moves the cursor forward one character.
Using the Command Line Interface (CLI) CLI Control and Editing —This page is intentionally unused— 4-22
5 Using the Web Browser Interface Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 General Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Starting an Web Browser Interface Session with the Switch . . . . . 5-4 Using a Standalone Web Browser in a PC or UNIX Workstation . . . . 5-4 Using ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+) . . . . . . . . . . . . . . . . .
Using the Web Browser Interface Overview Overview The web browser interface built into the switch lets you easily access the switch from a browser-based PC on your network. This lets you do the following: ■ Optimize your network uptime by using the Alert Log and other diagnostic tools ■ Make configuration changes to the switch ■ Maintain security by configuring usernames and passwords This chapter covers the following: ■ General features (page 5-3).
Using the Web Browser Interface General Features General Features The Web Browser Interface includes these features: Switch Identity and Status: • General system data • Software version • IP address • Status Overview • Port utilization • Port counters • Port status • Alert log Switch Configuration: • Device view • Port configuration • VLAN configuration • Fault detection • Quality of service (QoS) • Port monitoring (mirroring) • System information • IP configuration • Support and management server URLs • D
Using the Web Browser Interface Starting an Web Browser Interface Session with the Switch Starting an Web Browser Interface Session with the Switch You can start a web browser session in the following ways: ■ ■ Using a standalone web browser on a network connection from a PC or UNIX workstation: • Directly connected to your network • Connected through remote access to your network Using a network management station running ProCurve Manager on your network Using a Standalone Web Browser in a PC or UN
Using the Web Browser Interface Starting an Web Browser Interface Session with the Switch Using ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+) ProCurve Manager and ProCurve Manager Plus are designed for installation on a network management workstation. For this reason, the system require ments are different from the system requirements for accessing the switch’s web browser interface from a non-management PC or workstation.
Using the Web Browser Interface Starting an Web Browser Interface Session with the Switch Alert Log First-Time Install Alert Figure 5-1.
Using the Web Browser Interface Tasks for Your First Web Browser Interface Session Tasks for Your First Web Browser Interface Session The first time you access the web browser interface, there are three tasks you should perform: ■ Review the “First Time Install” window ■ Set Manager and Operator passwords ■ Set access to the web browser interface online help Viewing the “First Time Install” Window When you access the switch’s web browser interface for the first time, the Alert log contains a “First T
Using the Web Browser Interface Tasks for Your First Web Browser Interface Session This window is the launching point for the basic configuration you need to perform to set web browser interface passwords for maintaining security and a fault detection policy, which determines the types of messages that the Alert Log displays. To set web browser interface passwords, click on secure access to the device to display the Device Passwords screen, and then go to the next page.
Using the Web Browser Interface Tasks for Your First Web Browser Interface Session Figure 5-3. The Device Passwords Window To set the passwords: 1. 2. Access the Device Passwords screen by one of the following methods: • If the Alert Log includes a “First Time Install” event entry, double click on this event, then, in the resulting display, click on the secure access to the device link. • Select the Security tab.
Using the Web Browser Interface Tasks for Your First Web Browser Interface Session Entering a User Name and Password Figure 5-4. Example of the Password Prompt in the Web Browser Interface The manager and operator passwords are used to control access to all switch interfaces. Once set, you will be prompted to supply the password every time you try to access the switch through any of its interfaces.
Using the Web Browser Interface Tasks for Your First Web Browser Interface Session The Clear button is provided for your convenience, but its presence means that if you are concerned with the security of the switch configuration and operation, you should make sure the switch is installed in a secure location, such as a locked wiring closet.
Using the Web Browser Interface Support/Mgmt URLs Feature Support/Mgmt URLs Feature The Support/Mgmt URLs window enables you to change the World Wide Web Universal Resource Locator (URL) for two functions: ■ Support URL – A support information site for your switch ■ Management Server URL – The web site for web browser online Help 1. Click Here 2. Click Here 3.
Using the Web Browser Interface Support/Mgmt URLs Feature Support URL This is the site the switch accesses when you click on the Support tab on the web browser interface. The default URL is: www.procurve.com which is the World Wide Web site for ProCurve networking products. Click on technical support on that page to get support information regarding your switch, including white papers, software updates, and more.
Using the Web Browser Interface Support/Mgmt URLs Feature In the default configuration, the switch uses the URL for accessing the web browser interface help files on the ProCurve World Wide Web site. Figure 5-7. How To Access Web Browser Interface Online Help Using the PCM Server for Switch Web Help For ProCurve devices that support the “Web Help” feature, you can use the PCM server to host the switch help files for devices that do not have HTTP access to the ProCurve Support Web site. 1.
Using the Web Browser Interface Support/Mgmt URLs Feature } You will enter the IP address for your PCM server. 8040 is the standard port number to use. 4. Note Restart the Discovery process for the change to be applied. Changing the Discovery’s Global properties file will redirect the Device Help URL for all devices. If you just want to change the Device Help URL for a particular device, then go to the Configuration tab on the Web UI for that device and select the "Support/Mgmt URL" button.
Using the Web Browser Interface Status Reporting Features Status Reporting Features Browser elements covered in this section include: ■ The Overview window (below) ■ Port utilization and status (page 5-17) ■ The Alert log (page 5-20) ■ The Status bar (page 5-22) The Overview Window The Overview Window is the home screen for any entry into the web browser interface.The following figure identifies the various parts of the screen.
Using the Web Browser Interface Status Reporting Features The Port Utilization and Status Displays The Port Utilization and Status displays show an overview of the status of the switch and the amount of network activity on each port. The following figure shows a sample reading of the Port Utilization and Port Status. Port Utilization Bar Graphs Bandwidth Display Control Port Status Indicators Legend Figure 5-9.
Using the Web Browser Interface Status Reporting Features ■ % Error Pkts Rx: All error packets received by the port. (This indicator is a reddish color on many systems.) Although errors received on a port are not propagated to the rest of the network, a consistently high number of errors on a specific port may indicate a problem on the device or network segment connected to the indicated port.
Using the Web Browser Interface Status Reporting Features Figure 5-11. Display of Numerical Values for the Bar Port Status Port Status Indicators Legend Figure 5-12. The Port Status Indicators and Legend The Port Status indicators show a symbol for each port that indicates the general status of the port. There are four possible statuses: ■ Port Connected – the port is enabled and is properly connected to an active network device.
Using the Web Browser Interface Status Reporting Features The Alert Log The web browser interface Alert Log, shown in the lower half of the screen, shows a list of network occurrences, or alerts, that were detected by the switch. Typical alerts are Broadcast Storm, indicating an excessive number of broadcasts received on a port, and Problem Cable, indicating a faulty cable. A full list of alerts is shown in the table on page 5-21. Figure 5-13.
Using the Web Browser Interface Status Reporting Features Alert Types and Detailed Views As of April, 2004, the web browser interface generates the following alert types: • • • • • • • • • Note Auto Partition Backup Transition Excessive broadcasts Excessive CRC/alignment errors Excessive jabbering Excessive late collisions First Time Install Full-Duplex Mismatch Half-Duplex Mismatch • • • • • • • • High collision or drop rate Loss of Link Mis-Configured SQE Network Loop Polarity Reversal Security Viola
Using the Web Browser Interface Status Reporting Features Figure 5-14.Example of Alert Log Detail View The Status Bar The Status Bar appears in the upper left corner of the web browser interface window. Figure 5-15 shows an expanded view of the status bar. Status Indicator System Name Most Critical Alert Description Product Name Figure 5-15.
Using the Web Browser Interface Status Reporting Features The Status bar includes four objects: ■ Status Indicator. Indicates, by icon, the severity of the most critical alert in the current display of the Alert Log. This indicator can be one of four shapes and colors, as shown below. Table 5-1. Status Indicator Key Color Blue Green Switch Status Normal Activity; “First time installation” information available in the Alert log.
Using the Web Browser Interface Status Reporting Features Setting Fault Detection Policy One of the powerful features in the web browser interface is the Fault Detection facility. For your switch, this feature controls the types of alerts reported to the Alert Log based on their level of severity. Set this policy in the Fault Detection window (figure 5-16). Figure 5-16.
Using the Web Browser Interface Status Reporting Features To provide the most information on network problems in the Alert Log, the recommended sensitivity level for Log Network Problems is High Sensitivity. The Fault Detection settings are: ■ High Sensitivity. This policy directs the switch to send all alerts to the Alert Log. This setting is most effective on networks that have none or few problems. ■ Medium Sensitivity.
Using the Web Browser Interface Status Reporting Features —This page left blank intentionally— 5-26
6 Switch Memory and Configuration Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 Overview of Configuration File Management . . . . . . . . . . . . . . . . . . . 6-3 Using the CLI To Implement Configuration Changes . . . . . . . . . . . . 6-6 Using the Menu and Web Browser Interfaces To Implement Configuration Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Switch Memory and Configuration Contents Using the Clear + Reset Button Combination To Reset the Switch to Its Default Configuration . . . . . . . . . . . . . . . . . . . . 6-35 Transferring Startup-Config Files To or From a Remote Server . . . . 6-37 TFTP: Copying a Configuration File to a Remote Host . . . . . . . . 6-37 TFTP: Copying a Configuration File from a Remote Host . . . . . 6-37 Xmodem: Copying a Configuration File to a Serially Connected Host . . . . . . . . . . . . . . . . . . . . . . . . . .
Switch Memory and Configuration Overview Overview This chapter describes: ■ How switch memory manages configuration changes ■ How the CLI implements configuration changes ■ How the menu interface and web browser interface implement configu ration changes ■ How the switch provides software options through primary/secondary flash images ■ How to use the switch’s primary and secondary flash options, including displaying flash information, booting or restarting the switch, and other topics Overview
Switch Memory and Configuration Overview of Configuration File Management ■ Running Config File: Exists in volatile memory and controls switch operation. If no configuration changes have been made in the CLI since the switch was last booted, the running-config file is identical to the startup-config file. ■ Startup-config File: Exists in flash (non-volatile) memory and is used to preserve the most recently-saved configuration as the “permanent” configuration.
Switch Memory and Configuration Overview of Configuration File Management “permanent”. When you are satisfied that the change is satisfactory, you can make it permanent by executing the write memory command. For example, suppose you use the following command to disable port 5: ProCurve(config)# interface ethernet 5 disable The above command disables port 5 in the running-config file, but not in the startup-config file. Port 5 remains disabled only until the switch reboots.
Switch Memory and Configuration Using the CLI To Implement Configuration Changes Using the CLI To Implement Configuration Changes The CLI offers these capabilities: ■ Access to the full set of switch configuration features ■ The option of testing configuration changes before making them perma nent How To Use the CLI To View the Current Configuration Files. Use show commands to view the configuration for individual features, such as port status or Spanning Tree Protocol.
Switch Memory and Configuration Using the CLI To Implement Configuration Changes 3. Observe the switch’s performance with the new parameter settings to verify the effect of your changes. 4. When you are satisfied that you have the correct parameter settings, use the write memory command to copy the changes to the startup-config file. Syntax: write memory For example, the default port mode setting is auto.
Switch Memory and Configuration Using the CLI To Implement Configuration Changes Disables port 1 in the running configuration, which causes port 1 to block all traffic. ProCurve(config)# interface e 1 disable ProCurve(config)# boot Device will be rebooted, do you want to continue [y/n]? y Press [Y] to continue the rebooting process. You will then see this prompt. Do you want to save current configuration [y/n]? Figure 6-2.
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes How To Reset the startup-config and running-config Files to the Factory Default Configuration. This command reboots the switch, replacing the contents of the current startup-config and running-config files with the factory-default startup configuration.
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Note The only exception to this operation are two VLAN-related parameter changes that require a reboot—described under “Rebooting To Activate Configuration Changes” on page 6-11. Using Save and Cancel in the Menu Interface For any configuration screen in the menu interface, the Save command: 1. Implements the changes in the running-config file 2.
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Rebooting from the Menu Interface ■ Terminates the current session and performs a reset of the operating system ■ Activates any configuration changes that require a reboot ■ Resets statistical counters to zero (Note that statistical counters can be reset to zero without rebooting the switch. See “To Display the Port Counter Summary Report” on page B-12.
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes If configuration changes requiring a reboot have been made, the switch displays an asterisk (*) next to the menu item in which the change has been made.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Using Primary and Secondary Flash Image Options The Series switches covered by this guide feature two flash memory locations for storing switch software image files: ■ Primary Flash: The default storage for a switch software image. ■ Secondary Flash: The additional storage for either a redundant or an alternate switch software image.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options For example, if the switch is using a software version of E.08.22 stored in Primary flash, show version produces the following: Figure 6-6. Example Showing the Identity of the Current Flash Image (5300xl) Determining Whether the Flash Images Are Different Versions. If the flash image sizes in primary and secondary are the same, then in almost every case, the primary and secondary images are identical.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options 1. In this example show version indicates the switch has version E.08.30 in primary flash. 2. After the boot system command, show version indicates that version E.08.20 is in secondary flash. Figure 6-8.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Local Switch Software Replacement and Removal This section describes commands for erasing a software version and copying an existing software version between primary and secondary flash. Note It is not necessary to erase the content of a flash location before downloading another software file. The process automatically overwrites the previous file with the new file.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options For example, to copy the image in secondary flash to primary flash: 1. Verify that there is a valid flash image in the secondary flash location. The following figure indicates that a software image is present in secondary flash. (If you are unsure whether the image is secondary flash is valid, try booting from it before you proceed, by using boot system flash secondary.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options 2. Then erase the software image in the selected flash (in this case, primary): The prompt shows which flash location will be erased. Figure 6-10. Example of Erase Flash Prompt 3. Type y at the prompt to complete the flash erase. 4. Use show flash to verify erasure of the selected software flash image The “0” here shows that primary flash has been erased. Figure 6-11.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Booting from Primary Flash. This command always boots the switch from primary flash, executes the complete set of subsystem self-tests, and gives you the option of saving or discarding any configuration changes in the running config file. Syntax: boot For example, to boot the switch from primary flash with pending configuration changes in the running-config file: Figure 6-12.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Using the Fastboot feature. The fastboot command allows a boot sequence that skips the internal power-on self-tests, resulting in a faster boot time. Syntax: [no] fastboot Enables the fastboot option [no]: disables the feature. Syntax: show fastboot Shows the status of the fastboot feature, either enabled or disabled. The fastboot command is shown below. ProCurve(config)# fastboot Figure 6-14.
Switch Memory and Configuration Using Primary and Secondary Flash Image Options Operating Notes Default Boot Source. The switch reboots from primary flash by default unless you specify the secondary flash. Boot Attempts from an Empty Flash Location. In this case, the switch aborts the attempt and displays Image does not exist Operation aborted. Interaction of Primary and Secondary Flash Images with the Current Configuration.
Switch Memory and Configuration Multiple Configuration Files on 5300xl and 4200vl Switches Multiple Configuration Files on 5300xl and 4200vl Switches This section applies only to 5300xl switches running software release E.09.xx or greater, and 4200vl switches.
Switch Memory and Configuration Multiple Configuration Files on 5300xl and 4200vl Switches Beginning with software release E.09.
Switch Memory and Configuration Multiple Configuration Files on 5300xl and 4200vl Switches General Operation Multiple Configuration Storage in the Switch. The switch uses three memory “slots”, with identity (id) numbers of 1, 2, and 3. Memory Slots for Different Startup-Config Files A startup-config file stored in a memory slot has a unique, changeable file name. A software version earlier than release E.09.
Switch Memory and Configuration Multiple Configuration Files on 5300xl and 4200vl Switches The result is that the startup-config file used to reboot the switch is modified by the actions in step 2. Boot Command Primary Boot Path Active Startup-Config File: backupConfig Idle Startup-Config File: workingConfig Generated Running-Config File Use CLI To Change Running-Config Execute write mem To Save Changes to Source Startup-Config File Figure 6-18.
Switch Memory and Configuration Multiple Configuration Files on 5300xl and 4200vl Switches Transitioning to Multiple Configuration Files If your 5300xl switch was shipped from the factory with software release E.08.xx or earlier installed, you must download software release E.09.xx or greater to use the multiple configuration feature.
Switch Memory and Configuration Multiple Configuration Files on 5300xl and 4200vl Switches Listing and Displaying Startup-Config Files Command Page show config files show config < filename > Below 6-29 Viewing the Startup-Config File Status with Multiple Configuration Enabled Rebooting the switch with software release E.09.xx or later automatically enables the multiple configuration feature.
Switch Memory and Configuration Multiple Configuration Files on 5300xl and 4200vl Switches — Continued from the previous page. — In the default configuration: • If the switch was shipped from the factory with software release E.09.xx installed in both the primary and secondary boot paths, then one startup-config file named config1 is used for both paths and is stored in memory slot 1. Memory slots 2 and 3 are empty in this default configuration.
Switch Memory and Configuration Multiple Configuration Files on 5300xl and 4200vl Switches Displaying the Content of A Specific Startup-Config File With Multiple Configuration enabled, the switch can have up to three startup config files. Because the show config command always displays the content of the currently active startup-config file, the command extension shown below is needed to allow viewing the contents of any other startup-config files stored in the switch.
Switch Memory and Configuration Multiple Configuration Files on 5300xl and 4200vl Switches You can use the following command to change the current policy so that the switch automatically boots using a different startup-config file. Syntax: startup-default [ primary | secondary ] config < filename > Specifies a boot configuration policy option: [ primary | secondary ] config < filename >: Designates the startup-config file to use in a reboot with the software version stored in a specific flash location.
Switch Memory and Configuration Multiple Configuration Files on 5300xl and 4200vl Switches Overriding the Default Reboot Configuration Policy. This command provides a method for manually rebooting with a specific startup-config file other than the file specified in the default reboot configuration policy. Syntax: boot system flash < primary | secondary > config < filename > Specifies the name of the startup-config file to apply for the immediate boot instance only.
Switch Memory and Configuration Multiple Configuration Files on 5300xl and 4200vl Switches Renaming an Existing Startup-Config File Syntax: rename config < current-filename > < newname-str > This command changes the name of an existing startup config file. A file name can include up to 63, alphanumeric characters. Blanks are allowed in a file name enclosed in quotes (“ “ or ‘ ‘). (File names are not case-sensitive.) Creating a New Startup-Config File The switch allows up to three startup-config files.
Switch Memory and Configuration Multiple Configuration Files on 5300xl and 4200vl Switches Figure 6-21. Example of Using One Startup-Config File for Both Primary and Secondary Flash If you wanted to experiment with configuration changes to the software version in secondary flash, you could create and assign a separate startup config file for this purpose.
Switch Memory and Configuration Multiple Configuration Files on 5300xl and 4200vl Switches Erasing a Startup-Config File You can erase any of the startup-config files in the switch’s memory slots. In some cases, erasing a file causes the switch to generate a new, defaultconfiguration file for the affected memory slot. Syntax: erase < config < filename >> | startup-config > config < filename >: This option erases the specified startup config file.
Switch Memory and Configuration Multiple Configuration Files on 5300xl and 4200vl Switches Figure 6-23 illustrates using erase config < filename > to remove a startup-config file. Figure 6-23. Example of Erasing a Non-Active Startup-Config File With the same memory configuration as is shown in the bottom portion of figure 6-23, executing erase startup-config boots the switch from primary flash, resulting in a new file named minconfig in the same memory slot.
Switch Memory and Configuration Multiple Configuration Files on 5300xl and 4200vl Switches • Boots the switch from primary flash using the new (default) configu ration in the startup-config file in memory slot 1. Since the primary flash in this instance does not support multiple configuration files, the multiple configuration feature does not operate until the switch is booted again using software release E.09.xx or greater.
Switch Memory and Configuration Multiple Configuration Files on 5300xl and 4200vl Switches Transferring Startup-Config Files To or From a Remote Server Command Page copy config < src-file > tftp < ip-addr > < remote-file > < pc | unix > below copy tftp config < dest-file > < ip-addr > < remote-file > < pc | unix > below copy config < src-file > xmodem < pc | unix > 6-38 copy xmodem config < dest-file > < pc | unix > 6-38 TFTP: Copying a Configuration File to a Remote Host Syntax: copy config <
Switch Memory and Configuration Multiple Configuration Files on 5300xl and 4200vl Switches For example, the following command copies a startup-config file named test 01.txt from a (UNIX) TFTP server at IP address 10.10.28.14 to the first empty memory slot in the switch: ProCurve(config)# copy tftp config test-01 10.10.28.14 test-01.
Switch Memory and Configuration Multiple Configuration Files on 5300xl and 4200vl Switches Operating Notes for Multiple Configuration Files ■ SFTP/SCP: The configuration files are available for sftp/scp transfer as /cfg/< filename >. ■ If you retain a software version earlier than E.09.xx on the switch, always reserve the first config memory slot (id = 1) for a configuration compatible with the earlier version. This is because, software versions earlier than E.09.
Switch Memory and Configuration Multiple Configuration Files on 5300xl and 4200vl Switches —This page is intentionally unused— 6-40
7 Interface Access and System Information Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Interface Access: Console/Serial Link, Web, and Inbound Telnet . 7-3 Menu: Modifying the Interface Access . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 CLI: Modifying the Interface Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5 Denying Interface Access by Terminating Remote Management Sessions . . . . . . . . .
Interface Access and System Information Overview Overview This chapter describes how to: ■ View and modify the configuration for switch interface access ■ Use the CLI kill command to terminate a remote session ■ View and modify switch system information For help on how to actually use the interfaces built into the switch, refer to: ■ Chapter 3, “Using the Menu Interface” ■ Chapter 4, “Using the Command Line Interface (CLI)” ■ Chapter 5, Using the Web Browser Interface” Why Configure Interface A
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access Features Feature Inactivity Time Inbound Telnet Access Outbound Telnet Access Web Browser Interface Access Terminal type Event Log event types to list (Displayed Events) Baud Rate Flow Control Default Menu CLI Web 0 Minutes (disabled) page 7-4 page 7-6 — Enabled page 7-4 page 7-5 — n/a — page 7-6 — Enabled pa
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Menu: Modifying the Interface Access The menu interface enables you to modify these parameters: ■ Inactivity Timeout ■ Inbound Telnet Enabled ■ Web Agent Enabled To Access the Interface Access Parameters: 1. From the Main Menu, Select... 2. Switch Configuration... 1. System Information Interface Access Parameters Figure 7-1.
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet CLI: Modifying the Interface Access Interface Access Commands Used in This Section show console below [no] telnet-server below [no] web-management page 7-6 console page 7-6 Listing the Current Console/Serial Link Configuration. This com mand lists the current interface access parameter settings. Syntax: show console This example shows the switch’s default console/serial configuration.
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Outbound Telnet to Another Device. This feature operates indepen dently of the telnet-server status and enables you to Telnet to another device that has an IP address. Syntax: telnet < ip-address > For example: ProCurve # telnet 10.28.27.204 Reconfigure Web Browser Access. In the default configuration, web browser access is enabled.
Interface Access and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet All console parameter changes except events require that you save the config uration with write memory and then execute boot before the new console configuration will take effect.
Interface Access and System Information Denying Interface Access by Terminating Remote Management Sessions Denying Interface Access by Terminating Remote Management Sessions The switch supports up to four management sessions. You can use show ip ssh to list the current management sessions, and kill to terminate a currently running remote session. (Kill does not terminate a Console session on the serial port, either through a direct connection or via a modem.
Interface Access and System Information System Information System Information System Information Features Feature Default Menu CLI Web System Name switch product name page 7-10 page 7-12 page 7-14 System Contact n/a page 7-10 page 7-12 page 7-14 System Location n/a page 7-10 page 7-12 page 7-14 MAC Age Time 300 seconds page 7-10 page 7-13 — Time Sync Method None See Chapter 9, “Time Protocols”.
Interface Access and System Information System Information Time Zone: The number of minutes your time zone location is to the West (+) or East (-) of Coordinated Universal Time (formerly GMT). The default 0 means no time zone is configured. For example, the time zone for Berlin, Germany is + 60 (minutes) and the time zone for Vancouver, Canada is - 480 (minutes). Daylight Time Rule: Specifies the daylight savings time rule to apply for your location. The default is None.
Interface Access and System Information System Information 2. Press [E] (for Edit). The cursor moves to the System Name field. 3. Refer to the online help provided with this screen for further information on configuration options for these features. 4. When you have finished making changes to the above parameters, press [Enter], then press [S] (for Save) and return to the Main Menu.
Interface Access and System Information System Information Configure a System Name, Contact, and Location for the Switch. To help distinguish one switch from another, configure a plain-language identity for the switch. Syntax: hostname < name-string > snmp-server [contact ] [location ] Both fields allow up to 48 characters. Blank spaces are not allowed in the variables for these commands.
Interface Access and System Information System Information Reconfigure the MAC Age Time for Learned MAC Addresses. This command corresponds to the MAC Age Interval in the menu interface, and is expressed in seconds. Syntax: mac-age-time < 10 - 1000000 > (seconds) For example, to configure the age time to seven minutes: ProCurve(config)# mac-age-time 420 Configure the Time Zone and Daylight Time Rule.
Interface Access and System Information System Information Web: Configuring System Parameters In the web browser interface, you can enter the following system information: ■ System Name ■ System Location ■ System Contact For access to the MAC Age Interval and the Time parameters, use the menu interface or the CLI. Configure System Parameters in the Web Browser Interface. 1. Click on the Configuration tab. 2. Click on [System Info]. 3. Enter the data you want in the displayed fields. 4.
8 Configuring IP Addressing Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 Just Want a Quick Start with IP Addressing? . . . . . . . . . . . . . . . . . . . . 8-3 IP Addressing with Multiple VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring IP Addressing Overview Overview You can configure IP addressing through all of the switch’s interfaces. You can also: ■ Easily edit a switch configuration file to allow downloading the file to multiple switches without overwriting each switch’s unique gateway and VLAN 1 IP addressing. ■ Assign up to eight IP addresses to a VLAN (multinetting).
Configuring IP Addressing IP Configuration use the menu interface or the CLI to manually configure the initial IP values. After you have network access to a device, you can use the web browser interface to modify the initial IP configuration if needed. For information on how IP addressing affects switch operation, refer to “How IP Addressing Affects Switch Operation” on page 8-11. Multinetting: Assigning Multiple IP Addresses to a VLAN. For a given VLAN you can assign up to eight IP addresses.
Configuring IP Addressing IP Configuration For more on using the Switch Setup screen, see the Installation and Getting Started Guide you received with the switch. IP Addressing with Multiple VLANs In the factory-default configuration, the switch has one, permanent default VLAN (named DEFAULT_VLAN) that includes all ports on the switch.
Configuring IP Addressing IP Configuration Menu: Configuring IP Address, Gateway, and Time-ToLive (TTL) Do one of the following: ■ To manually enter an IP address, subnet mask, set the IP Config parameter to Manual and then manually enter the IP address and subnet mask values you want for the switch. ■ To use DHCP or Bootp, use the menu interface to ensure that the IP Config parameter is set to DHCP/Bootp, then refer to “DHCP/Bootp Operation” on page 8-12. To Configure IP Addressing. 1.
Configuring IP Addressing IP Configuration 3. If the switch needs to access a router, for example, to reach off-subnet destinations, select the Default Gateway field and enter the IP address of the gateway router. 4. If you need to change the packet Time-To-Live (TTL) setting, select Default TTL and type in a value between 2 and 255. 5.
Configuring IP Addressing IP Configuration (You can also use the show management command to display the IP addressing and time server IP addressing configured on the switch. Refer to figure 9-6 on page 9-10.) For example, in the factory-default configuration (no IP addressing assigned), the switch’s IP addressing appears as: The Default IP Configuration Figure 8-2.
Configuring IP Addressing IP Configuration Note The default IP address setting for the DEFAULT_VLAN is DHCP/Bootp. On additional VLANs you create, the default IP address setting is Disabled. Syntax: [ no ] vlan < vlan-id > ip address or [ no ] vlan < vlan-id > ip address < ip-address > < mask-bits > or vlan < vlan-id > ip address dhcp-bootp This example configures IP addressing on the default VLAN with the subnet mask specified in mask bits.
Configuring IP Addressing IP Configuration 1. Go to VLAN 20. 2. Configure two additional IP addresses on VLAN 20. 3. Display IP addressing. Figure 8-4. Example of Configuring and Displaying a Multinetted VLAN If you then wanted to multinet the default VLAN, you would do the following: Figure 8-5. Example of Multinetting on the Default VLAN Note The Internet (IP) Service screen in the Menu interface (figure 8-1 on page 8-5) displays the first IP address for each VLAN.
Configuring IP Addressing IP Configuration Removing or Replacing IP Addresses in a Multinetted VLAN. To remove an IP address from a multinetted VLAN, use the no form of the IP address command shown on page 8-8. Generally, to replace one IP address with another, you should first remove the address you want to replace, and then enter the new address. Configure the Optional Default Gateway. Using the Global configura tion level, you can manually assign one default gateway to the switch.
Configuring IP Addressing IP Configuration 3. If you need further information on using the web browser interface, click on [?] to access the web-based help available for the switch. How IP Addressing Affects Switch Operation Without an IP address and subnet mask compatible with your network, the switch can be managed only through a direct terminal device connection to the Console RS-232 port. You can use direct-connect console access to take advantage of features that do not depend on IP addressing.
Configuring IP Addressing IP Configuration DHCP/Bootp Operation Overview. DHCP/Bootp is used to provide configuration data from a DHCP or Bootp server to the switch. This data can be the IP address, subnet mask, default gateway, Timep Server address, and TFTP server address. If a TFTP server address is provided, this allows the switch to TFTP a previously saved configuration file from the TFTP server to the switch.
Configuring IP Addressing IP Configuration DHCP Operation. A significant difference between a DHCP configuration and a Bootp configuration is that an IP address assignment from a DHCP server is automatic. Depending on how the DHCP server is configured, the switch may receive an IP address that is temporarily leased. Periodically the switch may be required to renew its lease of the IP configuration.
Configuring IP Addressing IP Configuration An entry in the Bootp table file /etc/bootptab to tell the switch or VLAN where to obtain a configuration file download would be similar to this entry: 5300switch:\ ht=ether:\ ha=0030c1123456:\ ip=10.66.77.88:\ sm=255.255.248.0:\ gw=10.66.77.1:\ lg=10.22.33.44:\ T144=”switch.cfg”:\ vm=rfc1048 where: Note 5300switch is a user-defined symbolic name to help you find the correct section of the bootptab file.
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads ■ Note For DHCP operation: • A DHCP scope has been configured on the appropriate DHCP server. • The necessary network connections are in place • A DHCP server is accessible from the switch Designating a primary VLAN other than the default VLAN affects the switch’s use of information received via DHCP/Bootp.
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads Operating Rules for IP Preserve When ip preserve is entered as the last line in a configuration file stored on a TFTP server: ■ If the switch’s current IP address for VLAN 1 was not configured by DHCP/ Bootp, IP Preserve retains the switch’s current IP address, subnet mask, and IP gateway address when the switch downloads the file and reboots.
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads For example, consider Figure 8-7: DHCP Server TFTP Server Management Station config. IP Address Switch 1 Switch 2 Switch 3 Switch 4 VLAN 1: 10.31.22.101 VLAN 1: 10.31.22.102 VLAN 1: 10.31.22.103 VLAN 1: DHCP Switches 1 through 3 copy and implement the config.txt file from the TFTP server (figure 8-8), but retain their current IP Switch 4 also copies and implements the config.
Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads If you apply this configuration file to figure 8-7, switches 1 - 3 will still retain their manually assigned IP addressing. However, switch 4 will be configured with the IP addressing included in the file. Because switch 4 (figure 8-7) received its most recent IP addressing from a DHCP/Bootp server, the switch ignores the ip preserve command and implements the IP addressing included in this file.
9 Time Protocols Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2 TimeP Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2 SNTP Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3 Selecting a Time Synchronization Protocol or Turning Off Time Protocol Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Time Protocols Overview Overview This chapter describes: ■ SNTP Time Protocol Operation ■ Timep Time Protocol Operation Using time synchronization ensures a uniform time among interoperating devices. This helps you to manage and troubleshoot switch operation by attaching meaningful time data to event and error messages. The switch offers TimeP and SNTP (Simple Network Time Protocol) and a timesync command for changing the time protocol selection (or turning off time protocol operation).
Time Protocols Selecting a Time Synchronization Protocol or Turning Off Time Protocol Operation SNTP Time Synchronization SNTP provides two operating modes: ■ Note Broadcast Mode: The switch acquires time updates by accepting the time value from the first SNTP time broadcast detected. (In this case, the SNTP server must be configured to broadcast time updates to the network broadcast address. Refer to the documentation provided with your SNTP server application.
Time Protocols Selecting a Time Synchronization Protocol or Turning Off Time Protocol Operation 3. Configure the remaining parameters for the time protocol you selected. The switch retains the parameter settings for both time protocols even if you change from one protocol to the other. Thus, if you select a time protocol, the switch uses the parameters you last configured for the selected protocol.
Time Protocols SNTP: Viewing, Selecting, and Configuring SNTP: Viewing, Selecting, and Configuring SNTP Feature Default Menu CLI Web view the SNTP time synchronization configuration n/a page 9-6 page 9-9 — select SNTP as the time synchronization method timep page 9-6 page 9-10 ff.
Time Protocols SNTP: Viewing, Selecting, and Configuring SNTP Parameter Operation Server Address Used only when the SNTP Mode is set to Unicast. Specifies the IP address of the SNTP server that the switch accesses for time synchronization updates. You can configure up to three servers; one using the menu or CLI, and two more using the CLI. See “SNTP Unicast Time Polling with Multiple SNTP Servers” on page 25. Server Version Default: 3; range: 1 - 7.
Time Protocols SNTP: Viewing, Selecting, and Configuring 4. Use the Space bar to select SNTP, then press [v] once to display and move to the SNTP Mode field. 5. Do one of the following: • Use the Space bar to select the Broadcast mode, then press [v] to move the cursor to the Poll Interval field, and go to step 6. (For Broadcast mode details, see “SNTP Operating Modes” on page 9-3.) Figure 9-2.
Time Protocols SNTP: Viewing, Selecting, and Configuring Note: The Menu interface lists only the highest priority SNTP server, even if others are configured. To view all SNTP servers configured on the switch, use the CLI show management command. Refer to “SNTP Unicast Time Polling with Multiple SNTP Servers” on page 9-25. Figure 9-3. SNTP Configuration Fields for SNTP Configured with Unicast Mode 6. In the Poll Interval field, enter the time in seconds that you want for a Poll Interval.
Time Protocols SNTP: Viewing, Selecting, and Configuring Viewing the Current SNTP Configuration Syntax: show sntp This command lists both the time synchronization method (TimeP, SNTP, or None) and the SNTP configuration, even if SNTP is not the selected time protocol. For example, if you configured the switch with SNTP as the time synchronization method, then enabled SNTP in broadcast mode with the default poll interval, show sntp lists the following: Figure 9-4.
Time Protocols SNTP: Viewing, Selecting, and Configuring Syntax: show management This command can help you to easily examine and compare the IP addressing on the switch. It lists the IP addresses for all time servers configured on the switch, plus the IP addresses and default gateway for all VLANs configured on the switch. Figure 9-6.
Time Protocols SNTP: Viewing, Selecting, and Configuring Syntax: sntp poll-interval < 30 - 720 > Enabling the SNTP mode also enables the SNTP poll interval (default: 720 seconds; page 9-13). Enabling SNTP in Broadcast Mode. Because the switch provides an SNTP polling interval (default: 720 seconds), you need only these two commands for minimal SNTP broadcast configuration: Syntax: timesync sntp Selects SNTP as the time synchronization method. Syntax: sntp broadcast Configures broadcast as the SNTP mode.
Time Protocols SNTP: Viewing, Selecting, and Configuring to three unicast servers. You can use the Menu interface or the CLI to configure one server or to replace an existing Unicast server with another. To add a second or third server, you must use the CLI. For more on SNTP operation with multiple servers, see “SNTP Unicast Time Polling with Multiple SNTP Servers” on page 25. Syntax: timesync sntp Selects SNTP as the time synchronization method.
Time Protocols SNTP: Viewing, Selecting, and Configuring . In this example, the Poll Interval and the Protocol Version appear at their default settings. Note: Protocol Version appears only when there is an IP address configured for an SNTP server. Figure 9-8. Example of Configuring SNTP for Unicast Operation If the SNTP server you specify uses SNTP version 4 or later, use the sntp server command to specify the correct version number.
Time Protocols SNTP: Viewing, Selecting, and Configuring Disabling Time Synchronization Without Changing the SNTP Configuration. The recommended method for disabling time synchroniza tion is to use the timesync command. Syntax: no timesync Halts time synchronization without changing your SNTP configuration. For example, suppose SNTP is running as the switch’s time synchronization protocol, with Broadcast as the SNTP mode and the factory-default polling interval.
Time Protocols SNTP: Viewing, Selecting, and Configuring Even though the Time Sync Mode is set to Sntp, time synchronization is disabled because no sntp has disabled the SNTP Mode parameter. Figure 9-11.
Time Protocols TimeP: Viewing, Selecting, and Configuring TimeP: Viewing, Selecting, and Configuring TimeP Feature Default Menu CLI Web view the Timep time synchronization configuration n/a page 9-17 page 9-19 — select Timep as the time synchronization method TIMEP page 9-15 pages 9-21 ff.
Time Protocols TimeP: Viewing, Selecting, and Configuring Menu: Viewing and Configuring TimeP To View, Enable, and Modify the TimeP Protocol: 1. From the Main Menu, select: 2. Switch Configuration... 1. System Information Time Protocol Selection Parameter – TIMEP (the default) – SNTP – None Figure 9-12. The System Information Screen (Default Values) Press [E] (for Edit). The cursor moves to the System Name field. 2. Use [v] to move the cursor to the Time Sync Method field. 3.
Time Protocols TimeP: Viewing, Selecting, and Configuring • Use the Space bar to select the Manual mode. i. Press [>] to move the cursor to the Server Address field. ii. Enter the IP address of the TimeP server you want the switch to use for time synchronization. Note: This step replaces any previously configured TimeP server IP address. iii. Press [>] to move the cursor to the Poll Interval field, then go to step 6. 5.
Time Protocols TimeP: Viewing, Selecting, and Configuring Viewing the Current TimeP Configuration Using different show commands, you can display either the full TimeP config uration or a combined listing of all TimeP, SNTP, and VLAN IP addresses configured on the switch. Syntax: show timep This command lists both the time synchronization method (TimeP, SNTP, or None) and the TimeP configuration, even if SNTP is not the selected time protocol.
Time Protocols TimeP: Viewing, Selecting, and Configuring Figure 9-15. Example of Display Showing IP Addressing for All Configured Time Servers and VLANs Configuring (Enabling or Disabling) the TimeP Mode Enabling the TimeP mode means to configure it for either broadcast or unicast mode. Remember that to run TimeP as the switch’s time synchronization protocol, you must also select TimeP as the time synchronization method by using the CLI timesync command (or the Menu interface Time Sync Method parameter).
Time Protocols TimeP: Viewing, Selecting, and Configuring Enabling TimeP in DHCP Mode. Because the switch provides a TimeP polling interval (default: 720 minutes), you need only these two commands for a minimal TimeP DHCP configuration: Syntax: timesync timep Selects TimeP as the time synchronization method. Syntax: ip timep dhcp Configures DHCP as the TimeP mode. For example, suppose: ■ Time synchronization is configured for SNTP. ■ You want to: 1. View the current time synchronization. 2.
Time Protocols TimeP: Viewing, Selecting, and Configuring Enabling Timep in Manual Mode. Like DHCP mode, configuring TimeP for Manual mode enables TimeP. However, for manual operation, you must also specify the IP address of the TimeP server. (The switch allows only one TimeP server.) To enable the TimeP protocol: Syntax: timesync timep Selects Timep. Syntax: ip timep manual < ip-addr > Activates TimeP in Manual mode with a specified TimeP server. Syntax: no ip timep Disables TimeP.
Time Protocols TimeP: Viewing, Selecting, and Configuring Changing the TimeP Poll Interval. This command lets you specify how long the switch waits between time polling intervals. The default is 720 minutes and the range is 1 to 9999 minutes. (This parameter is separate from the poll interval parameter used for SNTP operation.
Time Protocols TimeP: Viewing, Selecting, and Configuring For example, if the switch is running TimeP in DHCP mode, no ip timep changes the TimeP configuration as shown below, and disables time synchronization. Even though the Time Sync Mode is set to Timep, time synchronization is disabled because no ip timep has disabled the TimeP Mode parameter. Figure 9-19.
Time Protocols SNTP Unicast Time Polling with Multiple SNTP Servers SNTP Unicast Time Polling with Multiple SNTP Servers When running SNTP unicast time polling as the time synchronization method, the switch requests a time update from the server you configured with either the Server Address parameter in the menu interface, or the primary server in a list of up to three SNTP servers configured using the CLI.
Time Protocols SNTP Unicast Time Polling with Multiple SNTP Servers Displaying All SNTP Server Addresses Configured on the Switch The System Information screen in the menu interface displays only one SNTP server address, even if the switch is configured for two or three servers. The CLI show management command displays all configured SNTP servers on the switch. Figure 9-20. Example of How To List All SNTP Servers Configured on the Switch Adding and Deleting SNTP Server Addresses Adding Addresses.
Time Protocols SNTP Unicast Time Polling with Multiple SNTP Servers Prioritized list of SNTP Server IP Addresses Figure 9-21. Example of SNTP Server Address Prioritization Note If there are already three SNTP server addresses configured on the switch, and you want to use the CLI to replace one of the existing addresses with a new one, you must delete the unwanted address before you configure the new one. Deleting Addresses. To delete an address, you must use the CLI.
Time Protocols SNTP Messages in the Event Log Menu: Operation with Multiple SNTP Server Addresses Configured When you use the Menu interface to configure an SNTP server IP address, the new address writes over the current primary address, if one is configured. If there are multiple addresses configured, the switch re-orders the addresses according to the criteria described under “Address Prioritization” on page 25.
10 Port Status and Basic Configuration Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2 Viewing Port Status and Configuring Port Parameters . . . . . . . . . . 10-2 Menu: Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6 CLI: Viewing Port Status and Configuring Port Parameters . . . . . . . 10-8 Using the CLI To Enable or Disable Ports and Configure Port Mode . . . . . . . . . . . . .
Port Status and Basic Configuration Overview Overview This chapter describes how to view the current port configuration and how to configure ports to non-default settings, including ■ Enable/Disable ■ Mode (speed and duplex) ■ Flow Control ■ Broadcast Limit Viewing Port Status and Configuring Port Parameters Port Status and Configuration Features Feature Default Menu CLI Web viewing port status n/a page 10-6 page 10-8 page 10-18 configuring ports Refer to Table 10-1 on pages 10-3 thru 10
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters Table 10-1. Status and Parameters for Each Port Type Status or Parameter Description Enabled Yes (default): The port is ready for a network connection. No: The port will not operate, even if properly connected in a network. Use this setting, for example, if the port needs to be shut down for diagnostic purposes or while you are making topology changes. Status (read-only) Up: The port senses a link beat.
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters Status or Parameter Description — Continued From Previous Page — 100/1000Base-T Ports: • auto-mdix (default): Senses speed and negotiates with the port at the other end of the link for port operation (MDI-X or MDI). To see what the switch negotiates for the Auto setting, use the CLI show interfaces brief command or the “3. Port Status” option under “1. Status and Counters” in the menu interface.
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters Status or Parameter Description — Continued From Previous Page — Gigabit Fiber-Optic Ports (Gigabit-SX, Gigabit-LX, and Gigabit-LH): • 1000FDx: 1000 Mbps (1 Gbps), Full Duplex only • Auto (default): The port operates at 1000FDx and auto-negotiates flow control with the device connected to the port. 10-Gigabit CX4 Copper Ports: • Auto: The port operates at 10 gigabits FDx and negotiates flow control.
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters Menu: Port Configuration From the menu interface, you can view and change the port configuration. Using the Menu To View Port Configuration. The menu interface dis plays the configuration for ports and (if configured) any trunk groups. From the Main Menu, select: 1. Status and Counters … 3. Port Status (3400cl and 6400cl switches) — or — 4.
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters Using the Menu To Configure Ports. Note The menu interface uses the same screen for configuring both individual ports and port trunk groups. For information on port trunk groups, refer to chapter 13, “Port Trunking” . 1. From the Main Menu, Select: 2. Switch Configuration... 2. Port/Trunk Settings Figure 10-3. Example of Port/Trunk Settings with a Trunk Group Configured 2. Press [E] (for Edit).
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters CLI: Viewing Port Status and Configuring Port Parameters Port Status and Configuration Commands show interfaces brief page 10-9 show interfaces config page 10-9 interface page 10-9 disable/enable page 10-9 speed-duplex page 10-9 flow-control page 10-11 broadcast-limit page 10-14 auto-mdix page 10-15 From the CLI, you can configure and view all port parameter settings and view all port status indicators.
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters This screen shows current port operating status. Note: The (per-port) Bcast Limit column appears only on the 3400cl and 6400cl switches. (The 5300xl switches apply a global broadcast limit. 3400cl/ 6400cl Switches Only Figure 10-4. Example of a Show Interfaces Brief Command Listing This screen shows current port configuration. Figure 10-5.
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters Note that in the above syntax you can substitute an “int” for “interface”; that is: int < port-list >.
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters Enabling or Disabling Flow Control Note ■ 3400cl/6400cl Switches: Flow-Control on these switches is enabled and disabled on a per-port basis. ■ 5300xl and 4200vl Switches: You must first enable flow-control glo bally on the switch, and then enable it on the desired ports. You must enable flow control on both ports in a given link.
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters For example, suppose that: 1. You want to enable flow control on ports A1-A6. 2. Later, you decide to disable flow control on ports A5 and A6. 3. As a final step, you want to disable flow control on all ports. Assuming that flow control is currently disabled on the switch, you would use these commands: Enables global flow control. Enables per-port flow control for ports A1 - A6. Figure 10-7.
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters Disables per-port flow control on ports A5 and A6. Figure 10-8. Example Continued from Figure 10-7 Disables per-port flow control on ports A1 through A4 and global flow control. Flow control is now disabled on the switch. Ports formerly configured for flow control. Figure 10-9.
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters Configuring a Broadcast Limit on the Switch ■ 3400cl/6400cl Switches: Broadcast-Limit on these switches is config ured as a percentage on a per-port basis. ■ 5300xl and 4200vl Switches: Broadcast-Limit on these switches is configured globally (on all ports) as a fixed limit. Broadcast-Limit on the 3400cl/6400cl Switches.
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters For example, the following command enables broadcast limiting on all ports on the switch: ProCurve(config)# broadcast-limit Configuring Auto-MDIX Copper ports on the switch can automatically detect the type of cable config uration (MDI or MDI-X) on a connected device and adjust to operate appro priately.
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters For more information on MDI-X, refer to the appendix titled “Switch Ports and Network Cables” in the Installation and Getting Started Guide for your switch. Manual Override. If you require control over the MDI/MDI-X feature you can set the switch to either of two non-default modes: ■ Manual MDI ■ Manual MDI-X Table 10-2 shows the cabling requirements for the MDI/MDI-X settings. Table 10-2.
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters Syntax: show interfaces brief Where a port is linked to another device, this command lists the MDI mode the port is currently using. In the case of ports configured for Auto (auto-mdix), the MDI mode appears as either MDI or MDIX, depending upon which option the port has negotiated with the device on the other end of the link.
Port Status and Basic Configuration Using Friendly (Optional) Port Names Note Upgrading the Switch Series 5300xl Operating System from E_07.XX or earlier: 1. Copper ports in auto-negotiation still default to auto-mdix mode. 2. Copper ports in forced speed/duplex default to mdix mode. For a fresh installation of the operating system, auto-mdix is the default. Web: Viewing Port Status and Configuring Port Parameters In the web browser interface: 1. Click on the Configuration tab. 2.
Port Status and Basic Configuration Using Friendly (Optional) Port Names Configuring and Operating Rules for Friendly Port Names ■ At either the global or context configuration level you can assign a unique name to a port. You can also assign the same name to multiple ports. ■ The friendly port names you configure appear in the output of the show name [ port-list ], show config, and show interface < port-number > commands.
Port Status and Basic Configuration Using Friendly (Optional) Port Names Configuring a Single Port Name. Suppose that you have connected port A3 on the switch to Bill Smith’s workstation, and want to assign Bill’s name and workstation IP address (10.25.101.73) as a port name for port A3: Figure 10-12. Example of Configuring a Friendly Port Name Configuring the Same Name for Multiple Ports. Suppose that you want to use ports A5 through A8 as a trunked link to a server used by a drafting group.
Port Status and Basic Configuration Using Friendly (Optional) Port Names Displaying Friendly Port Names with Other Port Data You can display friendly port name data in the following combinations: ■ show name: Displays a listing of port numbers with their corresponding friendly port names and also quickly shows you which ports do not have friendly name assignments. (show name data comes from the running config file.
Port Status and Basic Configuration Using Friendly (Optional) Port Names Port Without a “Friendly” Name Friendly port names assigned in previous examples. Figure 10-15. Example of Friendly Port Name Data for Specific Ports on the Switch Including Friendly Port Names in Per-Port Statistics Listings. A friendly port name configured to a port is automatically included when you display the port’s statistics output.
Port Status and Basic Configuration Using Friendly (Optional) Port Names For a given port, if a friendly port name does not exist in the running-config file, the Name line in the above command output appears as: Name : not assigned To Search the Configuration for Ports with Friendly Port Names. This option tells you which friendly port names have been saved to the startup config file. (show config does not include ports that have only default settings in the startup-config file.
Port Status and Basic Configuration Using Friendly (Optional) Port Names — This page is intentionally unused.
11 Power Over Ethernet (PoE) Operation for the Series 5300xl Switches Contents PoE Operation on the Series 5300xl Switches . . . . . . . . . . . . . . . . . . 11-2 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2 PoE Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3 Overview of Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-4 Related Publications .
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches PoE Operation on the Series 5300xl Switches PoE Operation on the Series 5300xl Switches The Power Over Ethernet (PoE) features described in this chapter operate on ProCurve Switch Series 5300xl devices running software release E.08.20 (or greater), with one or more ProCurve Switch xl PoE (J8161A) modules installed.
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches Introduction PoE Terminology Term Use in this Manual active PoE port A PoE-enabled port connected to a PD requesting power. priority class Refers to the type of power prioritization where an xl PoE module uses Low (the default), High, and Critical priority assignments to determine which groups of ports will receive power.
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches Introduction Overview of Operation A J8161A xl PoE module is a PSE device that receives PoE power from an external EPS device and distributes this power to the PDs connected to the xl PoE module’s RJ-45 ports. The xl PoE module receives either 204 watts or 408 watts from the EPS, depending on whether the EPS is supporting one or two PSE devices.
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches General PoE Operation ■ For information on installing a ProCurve Switch xl PoE Module (J8161A), refer to the ProCurve Switch xl Modules Installation Guide provided with the module. ■ To help you plan and implement a PoE system in your network, refer to edition 2 or later of the PoE Planning and Implementation Guide, which is available from either of the following sources: • The Documentation CD-ROM (version 3.
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches General PoE Operation Note The ports on a PoE module support standard networking links and PoE links. Thus, you can connect either a non-PoE device or a PD to a PoE-enabled port without reconfiguring the port. PD Support An xl PoE module must have a minimum of 15.4 watts of unused PoE power available when you connect an 802.3af-compliant PD, regardless of how much power the PD actually uses.
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches General PoE Operation with 20 watts of PoE power remaining available on a module, you can connect one new PD without losing power to any currently connected PDs on that module. If that PD draws only 3 watts, then 17 watts remain available and you can connect at least one more PD to that module without interrupting power to any other PoE devices connected to the same module.
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches General PoE Operation Power Priority Operation When Does an xl PoE Module Prioritize Power Allocations? If an xl PoE module can provide power for all connected PD demand, it does not use its power priority settings to allocate power. However, if the PD power demand oversubscribes the available power, then the module prioritizes the power allocation to the ports that present a PD power demand.
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches General PoE Operation Table 11-2. Example of PoE Priority Operation on an xl PoE Module Port Priority Setting C3 - C17 Critical Configuration Command1 and Resulting Operation with PDs connected to Ports C3 Through C24 In this example, the following CLI command sets ports C3-C17 to Critical: ProCurve(config)# interface c3-c17 power critical The Critical priority class always receives power.
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches Configuring PoE Operation Configuring PoE Operation In the default configuration, PoE support is enabled on the 10/100Base-TX ports in an xl PoE (J8161A) module installed on the switch. The default priority for all ports is Low and the default power notification threshold is 80 (%).
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches Configuring PoE Operation Disabling or Re-Enabling PoE Port Operation Syntax: [no] interface [e] < port-list > power Re-enables PoE operation on < port-list > and restores the priority setting in effect when PoE was disabled on < port-list >. The [no] form of the command disables PoE operation on < port-list >. (Default: All xl PoE ports on the module are enabled for PoE operation at Low priority.
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches Configuring PoE Operation Syntax: power [slot < slot-identifier >] threshold < 1 - 99 > (Continued) To continue the preceding example, if the PoE power usage on the xl PoE module in slot B drops below 70%, another SNMP trap is generated and you will see this message in the Event Log: Slot B POE usage is below threshold of 70 %. For a message listing, refer to “PoE Event Log Messages” on page 11-23.
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches Configuring PoE Operation 1. Use the walkmib pethPsePortType.< slot-# > command to determine the MIB-based port number for the port to which you want to assign a Configured Type identifier. On the 5300xl switches the slot numbering is as follows: Slot Slot Number Used in the MIB A 1 B 2 C 3 D 4 E* 5 F* 6 G* 7 H* 8 *5308xl only. Note that in the MIB, 26 port numbers are assigned to each slot designa tion.
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches Configuring PoE Operation Lists port numbers used by the MIB for slot “B”. MIB Designation for Port B1 Command to configure “Wireless-1” as the Configured Type identifier for port B1. CLI response indicates successful command execution. “Show” command lists the new Configured Type identifier. Figure 11-1.
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches Viewing PoE Configuration and Status Viewing PoE Configuration and Status Displaying the Switch’s Global PoE Power Status Syntax: show power-management Displays the switch’s global PoE power status, including: • Maximum Power: Lists the maximum PoE wattage available to provision active PoE ports on the switch. • Power In Use: Lists the amount of PoE power presently in use.
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches Viewing PoE Configuration and Status Displaying an Overview of PoE Status on All Ports Syntax: show power-management brief Displays the following port power status: • Port: Lists all PoE-capable ports on the switch. • Power Enable: Shows Yes for ports enabled to support PoE (the default) and No for ports on which PoE is disabled. • Priority: Lists the power priority (Low, High, and Critical) configured on ports enabled for PoE.
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches Viewing PoE Configuration and Status Ports C1 through C4 are delivering power. The remaining ports are available to supply power, but currently do not detect a connected PD. Figure 11-3.
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches Viewing PoE Configuration and Status Syntax: show power-management < port-list > (Continued) • Power Denied Cnt: Shows the number of times PDs requesting • • • • power on the port have been denied due to insufficient power available. Each occurrence generates an Event Log message. Voltage: The total voltage, in dV, being delivered to PDs. Power: The total power, in mW, being delivered to PDs.
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches Planning and Implementing a PoE Configuration Planning and Implementing a PoE Configuration This section provides an overview of some considerations for planning a PoE application. For additional information on this topic, refer to the ProCurve PoE Planning and Implementation Guide.
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches Planning and Implementing a PoE Configuration Applying Security Features to PoE Configurations You can utilize security features built into the switch to control device or user access to the network through PoE ports in the same way as non-PoE ports. ■ MAC Address Security: Using Port Security, you can configure each switch port with a unique list of MAC addresses for devices that are authorized to access the network through that port.
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches Planning and Implementing a PoE Configuration For more on this topic, refer to the chapter titled “Quality of Service: Managing Bandwidth More Effectively” in the Advanced Traffic Management Guide for your switch. Calculating the Maximum Load for an xl PoE Module Since the full PoE load on an xl PoE module receiving 408 watts (from an EPS supporting only that module) cannot exceed 369.6 watts (24 ports with a maximum of 15.
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches Planning and Implementing a PoE Configuration enough unused power to meet the minimum of 15.4 watts required to support the initial bring-up of the 24th appliance. That is, 204 - (23 x 8.3) = 13.1. Because the module provisions power on the basis of the priority scheme described on page 11-10 (under the interface < port-list > power [ critical | high | low ] syntax), you can still fully populate the module with appliances.
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches PoE Operating Notes PoE Operating Notes ■ Simply disabling a PoE port does not affect power delivery through that port. To cycle the power on a PD receiving power from a PoE port on the switch, disable, then re-enable the power to that port.
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches PoE Operating Notes Slot < slot-id > POE usage is below configured threshold of < 1 - 99 > % Indicates that POE usage on the module in the indicated slot has decreased below the threshold specified by the last execution of the power threshold command affecting that module. This message occurs if, after the last reboot, the PoE demand on the module exceeded the power threshold and then later dropped below the threshold value.
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches PoE Operating Notes “Warning” PoE Event-Log Messages W < MM/DD/YY > < HH:MM:SS > chassis: Message header, with severity, date, system time, and system module type. For more information on Event Log operation, including severity indicators, refer to “Using the Event Log To Identify Problem Sources” on page C-27". Slot < slot-id > Ext Power Supply connected but not responding.
Power Over Ethernet (PoE) Operation for the Series 5300xl Switches PoE Operating Notes Port < port-id > PD Invalid Signature indication. The switch has detected a non-802.3af-compliant device on the indicated port. This message appears for all non-802.3af devices connected to the port, such as other switches, PC-NICs, etc. Port < port-id > PD MPS Absent indication. The switch no longer detects a device on < port-id >. The device may have been disconnected, powered down, or stopped functioning.
12 Access Controller xl Module for the Series 5300xl Switches Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2 General Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2 Related Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Access Controller xl Module for the Series 5300xl Switches Contents Configuration Context Command Syntax . . . . . . . . . . . . . . . . . . 12-24 Access Controller Context Command Syntax . . . . . . . . . . . . . . 12-25 Managing the ACM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-26 Using the ACM’s Extended CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-26 Downloading New Software to the Module . . . . . . . . . . . . . . . . . . . .
Access Controller xl Module for the Series 5300xl Switches Introduction Introduction The ProCurve Access Controller xl Module (ACM) enables secure, mobile user access to appropriate network services on any ProCurve Series 5300xl switch. This modular addition to the 5300xl switch offers a unique approach to integrating identity-based user access control, wireless data privacy and secure roaming with the flexibility of a full-featured intelligent edge switch.
Access Controller xl Module for the Series 5300xl Switches Introduction • The ProCurve Networking Web site at www.procurve.com. (Click on Technical support, then Product manuals (all).) Terminology Term Use in this Manual Access Control Server A centralized resource on the network that provides services, such as authentication management, mobility management (roaming support), policy management, and system monitoring and reporting, to the connected Access Controllers.
Access Controller xl Module for the Series 5300xl Switches Access Controller xl Module Overview Access Controller xl Module Overview The Access Controller xl Module adds new wireless security and access control capabilities to the 5300xl switch. The module supplies identity-based user access control to specific network services, wireless data privacy with VPN services, and application persistence across subnet boundaries at the edge of the network, where users connect.
Access Controller xl Module for the Series 5300xl Switches Access Controller xl Module Overview The Access Controller xl Module has no external ports, as shown in Figure 12-12-1. The module uses ports on the 5300xl switch through two internal ports, the uplink port and the downlink port. Clients, typically connecting through an access point, connect to 5300xl ports defined as downlink client ports.
Access Controller xl Module for the Series 5300xl Switches Using 5300xl Features with the Access Controller xl Module 4. Configure downlink client ports, client VLANs, uplink network ports, and the uplink VLAN on the 5300xl switch. Configure access and user/group policy rights on the 740wl/760wl to support and manage clients and client traffic through the ACM. 5. Manage and monitor the ACM using the Administrative Console on a 740wl or 760wl.
Access Controller xl Module for the Series 5300xl Switches Using 5300xl Features with the Access Controller xl Module Note 5300xl switch ports that are not used by the Access Controller xl Module (that is, they are not downlink client ports, or members of client VLANs) continue to operate as regular 5300xl ports. Their operation is not affected. Downlink Port Downlink Client Ports x x x Feature 802.
IP Routing/ Multicast Routing Explanation Client VLANs Downlink Port Uplink Port Feature Downlink Client Ports Access Controller xl Module for the Series 5300xl Switches Using 5300xl Features with the Access Controller xl Module x x IP Stacking No routing is done. Not allowed. Not supported across an ACM. IRDP x Not allowed. Link Test x x Test packets not supported across an ACM. LLDP x x Set to off. MAC Auth x x x Meshing x x x Not allowed. x MSTP (802.
Access Controller xl Module for the Series 5300xl Switches Using 5300xl Features with the Access Controller xl Module Routing Infrastructure Support The ACM uses IP to communicate with Access Control Server 740wls, Inte grated Access Managers 760wls and Access Controller 720wls. The default gateway must be set up correctly if there is a router in the communications path. Figure 12-12-2 shows an ACM communicating with its 740wl/760wl through a router. Figure 12-2.
Access Controller xl Module for the Series 5300xl Switches Using 5300xl Features with the Access Controller xl Module Figure 12-3. A Downlink Client Port with a Non-Routed Network Structure Using 5300xl Switch Network Address Translation with the ACM The Secure Access 700wl series products and the ACM provide network address translation for client traffic. The 5300xl switch’s network address translation feature is not recommended for use with the ACM.
Access Controller xl Module for the Series 5300xl Switches Using 5300xl Features with the Access Controller xl Module The Role of VLANs VLANs are used by the Access Controller xl Module to manage client traffic through the switch. Downlink client ports, connecting to access points, either directly or through an intermediate network, are assigned as untagged mem bers to a unique VLAN that also includes the downlink port as a tagged member.
Access Controller xl Module for the Series 5300xl Switches Using 5300xl Features with the Access Controller xl Module Downlink client ports must be members of some other VLAN before they can be removed from a client VLAN. If you use the no access-controller client-ports [e] command to remove an untagged downlink client port with no other VLAN memberships from a client VLAN, the port is automatically placed in the DEFAULT-VLAN as an untagged member.
Access Controller xl Module for the Series 5300xl Switches General Operating Rules General Operating Rules ■ Uplink and downlink ports cannot be members of the same VLAN. ■ Switch 5300xl features used to manage ports that are connected to bridges don’t apply, as the ACM is not a bridge. ■ A client VLAN containing the downlink port, DP, is automat ically created when the ACM is installed in a 5300xl switch. The VID for this VLAN is the vlan-base (default: 2000).
Access Controller xl Module for the Series 5300xl Switches Configuring the ACM on the Network Note ‘ProCurve’ is used as a generic prompt for all 5300xl switches. The term ‘id’ is used below for ‘slot-id’ to shorten the command prompt. ProCurve (config)# access-controller where is the slot in the 5300xl where the ACM is installed. ProCurve (access-controller-id)# ip address </<1-32> | > where /<1...
Access Controller xl Module for the Series 5300xl Switches Configuring the Access Controller xl Module Figure 12-4. Example of ACM Establishing Communication Configuring the Access Controller xl Module Once the module has an IP address and is communicating with its Access Control Server or Integrated Access Manager, configure downlink client ports, client VLANs, uplink network ports, and the uplink VLANs on the 5300xl switch.
Access Controller xl Module for the Series 5300xl Switches Configuring the Access Controller xl Module From the CLI command prompt at the global configuration level, enter ProCurve (config) #access-controller client-ports where is the slot letter where the module is installed. is the switch port(s) to be used as downlink client ports.
Access Controller xl Module for the Series 5300xl Switches Configuring the Access Controller xl Module Notes on Creating Downlink Client Ports Depending on how many VLANs are already configured in the 5300xl switch, the following messages may occur: ■ Maximum Number of VLANs (X) has already been reached Increase the maximum number of VLANs allowed on the switch. ■ Command will take effect after saving configuration and reboot.
Access Controller xl Module for the Series 5300xl Switches Configuring the Access Controller xl Module Configuring Client VLANs You may configure a client VLAN with a specific VID, containing just the downlink port as a tagged member. Later, you can add an untagged 5300xl port as a downlink client port to carry client traffic.
Access Controller xl Module for the Series 5300xl Switches Configuring the Access Controller xl Module ACM Configuration Commands Summary and Syntax Command Page Configuration Context access-controller 1220 [no] access-controller client-ports [e] < port-list > 1221 [no] access-controller client-ports vlan < vlan-list > 1222 access-controller reload 1222 access-controller shutdown 1222 access-controller vlan-base <2-4094> 1222 Access Controller
Access Controller xl Module for the Series 5300xl Switches Configuring the Access Controller xl Module Syntax: [no] access-controller client-ports [ethernet] < port-list > Assigns switch ports (port-list) to separate client VLANs for the access controller in slot-id (a - h). The ports are removed from all other VLANs. GVRP and LACP port provisioning are disabled.
Access Controller xl Module for the Series 5300xl Switches Configuring the Access Controller xl Module Syntax: [no] access-controller client-ports vlan < vlan-list > Configures client VLANs with the VIDs given, contain ing only the downlink port, (DP), as a tagged member. The no form can be used to remove client VLANs that were configured using the access-controller client-ports vlan < vlan-list > command and contain only the downlink port.
Access Controller xl Module for the Series 5300xl Switches Configuring the Access Controller xl Module Syntax: enable extended-commands Changes the CLI to the access controller extended com mands context. A limited set of commands from the 720wl CLI is provided here. See “Using the ACM’s Extended CLI” for more information. Syntax: exit Leaves the access controller context and returns the CLI to the global configuration context.
Access Controller xl Module for the Series 5300xl Switches Displaying Access Controller xl Status from the 5300xl CLI Displaying Access Controller xl Status from the 5300xl CLI Show commands are available in both the configuration context and the access controller context of the 5300xl CLI. These commands display ACM status and configuration.
Access Controller xl Module for the Series 5300xl Switches Displaying Access Controller xl Status from the 5300xl CLI Configuration Context Command Syntax Syntax: show access-controller Displays the following for the access controller in slot-id (a - h). Syntax: Versions ACM version information for support staff.
Access Controller xl Module for the Series 5300xl Switches Displaying Access Controller xl Status from the 5300xl CLI Access Controller Context Command Syntax Syntax: show ip Displays the current IP configuration for the ACM, including: Hostname: Domain Name: IP Address: DHCP enabled: Default gateway: DHCP server: DNS servers: WINS servers: Syntax: show status Displays an overview of the ACM’s status, including: Uptime: Access Control Server: Connected: Active Clients: Syntax: show temperature Display
Access Controller xl Module for the Series 5300xl Switches Managing the ACM Managing the ACM Once the module is installed and configured, most management tasks are done on the Access Control Server 740wl or Integrated Access Manager 760wl, using the Administrative Console. The Access Controller Module is managed in the same manner as a 720wl.
Access Controller xl Module for the Series 5300xl Switches Managing the ACM Command Clear Commands clear accesscontrolserver clear dhcpserver clear dns clear domainname clear gateway clear hostname clear logs clear sharedsecret clear upgradeproxy delete bridging | enable extended-commands exit factoryreset get upgrade [mindowngrade | reboot | version] help logoff client > reboot [downgrade | same | upgrade] Set Commands set accesscontr
Access Controller xl Module for the Series 5300xl Switches Managing the ACM Command set logopt level set logopt nofuncs set logopt noids set logopt oflags set logopt shorttrace set logopt string set sharedsecret set upgradeproxy [] [host [ ]] [user []] Show Commands show accesscontrolserver show bridging show client mac [ rights ] show client
Access Controller xl Module for the Series 5300xl Switches Managing the ACM Command show vpn terminal length <2..1000> terminal width <61… 1920> Downloading New Software to the Module New software is loaded through the Access Control Server or Integrated Access Manager using the Administrative Console. Resetting the Module to Factory Defaults The ACM may be returned to the factory default configuration using one of the following methods.
Access Controller xl Module for the Series 5300xl Switches Operating Notes Operating Notes ■ Bridged protocols, such as Appletalk, are supported through a single downlink client port, whose client VLAN contains the downlink port as an untagged member. This must be configured manually on the switch. Each ACM may have one downlink client port configured to support bridged protocols. ■ ProCurve recommends that a downlink client port be a member of only one client VLAN.
Access Controller xl Module for the Series 5300xl Switches BIOS POST Event Log Messages BIOS POST Event Log Messages If a critical BIOS power on self test (POST) failure occurs when the ACM is inserted into a slot in a 5300xl chassis, the message below is posted to the Event Log. The 5300xl switch resets the ACM, up to two times (a total of three attempts to pass the POST). If the ACM fails three consecutive times, the module does not power on. The 5300xl switch can operate successfully if this occurs.
13 Port Trunking Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2 Port Trunk Features and Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-4 Trunk Configuration Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-5 Menu: Viewing and Configuring a Static Trunk Group . . . . . . . . . . 13-9 CLI: Viewing and Configuring Port Trunk Groups . . . . . . . . . . . . .
Port Trunking Overview Overview This chapter describes creating and modifying port trunk groups. This includes non-protocol trunks and LACP (802.3ad) trunks.
Port Trunking Overview Port Connections and Configuration: All port trunk links must be pointto-point connections between a switch covered by this guide and another switch, router, server, or workstation configured for port trunking. No inter vening, non-trunking devices are allowed. It is important to note that ports on both ends of a port trunk group must have the same mode (speed and duplex) and flow control settings. Note Link Connections.
Port Trunking Port Trunk Features and Operation Port Trunk Features and Operation The switches covered by this guide offer these options for port trunking: ■ LACP: IEEE 802.3ad—page 13-18 ■ Trunk: Non-Protocol—page 13-24 The number of trunk groups supported on a given switch depends on the switch model and the number of ports physically available on the switch. The maximum theoretical bandwidths shown below are based on full-duplex operation.
Port Trunking Trunk Configuration Methods Fault Tolerance: If a link in a port trunk fails, the switch redistributes traffic originally destined for that link to the remaining links in the trunk. The trunk remains operable as long as there is at least one link in operation. If a link is restored, that link is automatically included in the traffic distribution again.
Port Trunking Trunk Configuration Methods Static Trunk: The switch uses the links you configure with the Port/Trunk Settings screen in the menu interface or the trunk command in the CLI to create a static port trunk. The switch offers two types of static trunks: LACP and Trunk. Table 13-1. Trunk Types Used in Static and Dynamic Trunk Groups Trunking Method LACP Trunk Dynamic Yes No Static Yes Yes Table 13-2. Trunk Configuration Protocols Protocol Trunking Options LACP (802.
Port Trunking Trunk Configuration Methods Table 13-3. General Operating Rules for Port Trunks Media: For proper trunk operation, all ports on both ends of a trunk group must have the same media type and mode (speed and duplex). (For the switches covered by this guide, ProCurve recommends leaving the port Mode setting at Auto or, in networks using Cat 3 cabling, Auto-10.
Port Trunking Trunk Configuration Methods Spanning Tree: 802.1D (STP) and 802.1w (RSTP) Spanning Tree operate as a global setting on the switch (with one instance of Spanning Tree per switch). 802.1s (MSTP) Spanning Tree operates on a per-instance basis (with multiple instances allowed per switch). For each SpanningTree instance, you can adjust Spanning Tree parameters on a per-port basis.
Port Trunking Menu: Viewing and Configuring a Static Trunk Group Menu: Viewing and Configuring a Static Trunk Group Important Configure port trunking before you connect the trunked links to another switch, routing switch, or server. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured. See “Using the CLI To Enable or Disable Ports and Configure Port Mode” on page 10-9.
Port Trunking Menu: Viewing and Configuring a Static Trunk Group • For proper trunk operation, all ports in a trunk must have the same media type and mode (such as 10/100TX set to 100FDx, or 100FX set to 100FDx). The flow control settings must also be the same for all ports in a given trunk. To verify these settings, see “Viewing Port Status and Configuring Port Parameters” on page 10-2. • You can configure the trunk group with up to eight ports per trunk.
Port Trunking CLI: Viewing and Configuring Port Trunk Groups 7. When you are finished assigning ports to the trunk group, press [Enter], then [S] (for Save) and return to the Main Menu. (It is not necessary to reboot the switch.) During the Save process, traffic on the ports configured for trunking will be delayed for several seconds. If the Spanning Tree Protocol is enabled, the delay may be up to 30 seconds. 8. Connect the trunked ports on the switch to the corresponding ports on the opposite device.
Port Trunking CLI: Viewing and Configuring Port Trunk Groups Listing Static Trunk Type and Group for All Ports or for Selected Ports. Syntax: show trunks [< port-list >] Omitting the < port-list > parameter results in a static trunk data listing for all LAN ports in the switch. For example, in a switch where ports A4 and A5 belong to Trunk 1 and ports A7 and A8 belong to Trunk 2, you have the options shown in figures 13-6 and 13-7 for displaying port data for ports belonging to static trunks.
Port Trunking CLI: Viewing and Configuring Port Trunk Groups Listing Static LACP and Dynamic LACP Trunk Data. Syntax: show lacp Lists data for only the LACP-configured ports.. In the following example, ports A1 and A2 have been previously configured for a static LACP trunk. (For more on “Active”, see table 11-13-5 on page 13-21.) Figure 13-8. Example of a Show LACP Listing (For a description of each of the above-listed data types, refer to table 13-5, “LACP Port Status Data” on page 13-21.
Port Trunking CLI: Viewing and Configuring Port Trunk Groups “Up” Links Standby Link Figure 13-9. Example of a Dynamic LACP Trunk with One Standby Link Using the CLI To Configure a Static or Dynamic Trunk Group Important Configure port trunking before you connect the trunked links between switches. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured.
Port Trunking CLI: Viewing and Configuring Port Trunk Groups The following examples show how to create different types of trunk groups. Configuring a Static Trunk or Static LACP Trunk Group. Syntax: trunk < port-list > < trk1 ... trk36 > < trunk | lacp > Configures the specified static trunk type. This example uses ports C4 - C6 to create a non-protocol static trunk group with the group name of Trk2. ProCurve(config)# trunk c4-c6 trk2 trunk Removing Ports from a Static Trunk Group.
Port Trunking CLI: Viewing and Configuring Port Trunk Groups Switch “A” with ports set to LACP passive (the default). Switch “B” with ports set to LACP passive (the default). Dynamic LACP trunk cannot automatically form because both ends of the links are LACP passive. (In this case spanning-tree blocking is needed to prevent a loop. Switch “A” with ports set to LACP active. Switch “B” with ports set to LACP passive (the default).
Port Trunking Web: Viewing Existing Port Trunk Groups Caution Unless spanning tree is running on your network, removing a port from a trunk can result in a loop. To help prevent a broadcast storm when you remove a port from a trunk where spanning tree is not in use, ProCurve recommends that you first disable the port or disconnect the link on that port. Syntax: Syntax: no interface < port-list > lacp Removes < port-list > from any dynamic LACP trunk and returns the ports in < port-list > to passive LACP.
Port Trunking Trunk Group Operation Using LACP Trunk Group Operation Using LACP The switch can automatically configure a dynamic LACP trunk group or you can manually configure a static LACP trunk group. Note LACP requires full-duplex (FDx) links of the same media type (10/100Base-T, 100FX, etc.) and the same speed, and enforces speed and duplex conformance across a trunk group. For most installations, ProCurve recommends that you leave the port Mode settings at Auto (the default).
Port Trunking Trunk Group Operation Using LACP Table 13-4. LACP Trunk Types LACP Port Trunk Operation Configuration Dynamic LACP This option automatically establishes an 802.3ad-compliant trunk group, with LACP for the port Type parameter and DynX for the port Group name, where X is an automatically assigned value from 1 to 36, depending on how many dynamic and static trunks are currently on the switch. (The switch allows a maximum of 36 trunk groups in any combination of static and dynamic trunks.
Port Trunking Trunk Group Operation Using LACP LACP Port Trunk Operation Configuration Static LACP Provides a manually configured, static LACP trunk to accommodate these conditions: • A static LACP trunk will work with a dynamic LACP trunk. The VLAN membership of a dynamic trunk will be VLAN 1; the static LACP trunk should also be a member of VLAN 1. (Static trunks can be configured to be a member of another VLAN.) • You want to configure non-default spanning tree or IGMP parameters on an LACP trunk group.
Port Trunking Trunk Group Operation Using LACP Table 13-5. LACP Port Status Data Status Name Meaning Port Numb Shows the physical port number for each port configured for LACP operation (C1, C2, C3 … ). Unlisted port numbers indicate that the missing ports are assigned to a static Trunk group are not configured for any trunking. LACP Enabled Active: The port automatically sends LACP protocol packets.
Port Trunking Trunk Group Operation Using LACP ProCurve(config)# aaa port-access authenticator b1 LACP has been disabled on 802.1x port(s). ProCurve(config)# The switch will not allow you to configure LACP on a port on which port access (802.1x) is enabled. For example: ProCurve(config)# int b1 lacp passive Error configuring port < port-number >: LACP and 802.1x cannot be run together. ProCurve(config)# To restore LACP to the port, you must first remove the port’s 802.
Port Trunking Trunk Group Operation Using LACP Dynamic LACP Trunks. You can configure a port for LACP-active or LACPpassive, but on a dynamic LACP trunk you cannot configure the other options that you can on static trunks. If you want to manually configure a trunk, use the trunk command. (Refer to “Using the CLI To Configure a Static or Dynamic Trunk Group” on page 13-14.) VLANs and Dynamic LACP.
Port Trunking Trunk Group Operation Using the “Trunk” Option A port configured as LACP passive and not assigned to a port trunk can be configured to half-duplex (HDx). However, in any of the following cases, a port cannot be reconfigured to an HDx setting: ■ If the port is a 10-gigabit port. ■ If a port is set to LACP Active, you cannot configure it to HDx. ■ If a port is already a member of a static or dynamic LACP trunk, you cannot configure it to HDx.
Port Trunking How the Switch Lists Trunk Data How the Switch Lists Trunk Data Static Trunk Group: Appears in the menu interface and the output from the CLI show trunk and show interfaces commands. Dynamic LACP Trunk Group: Appears in the output from the CLI show lacp command.
Port Trunking Outbound Traffic Distribution Across Trunked Links Manager Plus network management software to quickly and easily identify the sources of heavy traffic (top talkers) and make adjustments to improve performance. Broadcasts, multicasts, and floods from different source addresses are dis tributed evenly across the links. As links are added or deleted, the switch redistributes traffic across the trunk group.
14 Port Traffic Controls Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-3 All-Traffic Rate-Limiting for the 5300xl, 3400cl and 6400cl Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-4 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-4 Rate-Limiting Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Port Traffic Controls Contents Viewing the Current Jumbo Configuration . . . . . . . . . . . . . . . . . 14-29 Enabling or Disabling Jumbo Traffic on a VLAN . . . . . . . . . . . . 14-31 Operating Notes for Jumbo Traffic-Handling . . . . . . . . . . . . . . . . . . 14-32 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Port Traffic Controls Overview Overview Feature Default Menu CLI Web None n/a 14-4 n/a Guaranteed Minimum Bandwidth Per Queue: 8%-16%-30%-45% n/a 14-21 n/a Jumbo Packets (3400cl and 6400cl Only) Disabled n/a 14-27 n/a Rate-Limiting This chapter includes: ■ Rate Limiting: Enables a port to limit the amount of bandwidth a user or device may utilize for inbound traffic on the switch.
Port Traffic Controls All-Traffic Rate-Limiting for the 5300xl, 3400cl and 6400cl Switches All-Traffic Rate-Limiting for the 5300xl, 3400cl and 6400cl Switches Feature rate-limit < limit-% > show rate-limit [ port-list ] Note Default Menu none n/a CLI page 14-5 Web n/a n/a n/a page 14-6 n/a This feature applies to the 5300xl, 3400cl, and 6400cl switches.
Port Traffic Controls All-Traffic Rate-Limiting for the 5300xl, 3400cl and 6400cl Switches Under network stress conditions, a port may allow occasional bursts of inbound traffic forwarding that exceed the port’s configured rate. For this reason, rate-limiting should not be employed as a security feature. Rate-Limiting Operation Rate-Limiting operates on a per-port basis to allow only the specified percent age of the port’s bandwidth to be used for inbound traffic.
Port Traffic Controls All-Traffic Rate-Limiting for the 5300xl, 3400cl and 6400cl Switches For example, either of the following commands configures an inbound rate limit of 60% on ports A3 - A5: ProCurve (config)# int a3-a5 rate-limit all 60 ProCurve (eth-A3-A5)# rate-limit all 60 Displaying the Current Rate-Limit Configuration This command displays the per-port rate-limit configuration in the running config file.
Port Traffic Controls All-Traffic Rate-Limiting for the 5300xl, 3400cl and 6400cl Switches The outbound port priority queues 1 - 4 for ports A1-A2 are configured with the indicated Guaranteed Minimum Bandwidth percentages. Ports A3-A5 are configured with a rate limit of 60 %. (Ports A1 and A2 are not configured for rate-limiting.) Figure 14-2.
Port Traffic Controls All-Traffic Rate-Limiting for the 5300xl, 3400cl and 6400cl Switches rate limit. In this case, the inbound traffic flow does not reach the configured rate and lower priority traffic is not forwarded into the switch fabric from the rate-limited port. (This behavior is termed “head-of-line blocking” and is a well-known problem with flow-control.) In another type of situation, an outbound port can become oversubscribed by traffic received from multiple rate-limited ports.
Port Traffic Controls All-Traffic Rate-Limiting for the 5300xl, 3400cl and 6400cl Switches ■ Network Stress Conditions: Under normal network operating condi tions, rate-limiting limits inbound traffic on a port to no more than the configured level. However, under network stress conditions, the port may allow occasional bursts of inbound traffic forwarding that exceed the configured rate. ■ Optimum Rate-Limiting Operation: Optimum rate-limiting occurs with 64-byte packet sizes.
Port Traffic Controls All-Traffic Rate-Limiting for the 5300xl, 3400cl and 6400cl Switches ICMP Rate-Limiting In IP networks, ICMP messages are generated in response to either inquiries or requests from routing and diagnostic functions. These messages are directed to the applications originating the inquiries. In unusual situations, if the messages are generated rapidly with the intent of overloading network circuits, they can threaten network availability.
Port Traffic Controls All-Traffic Rate-Limiting for the 5300xl, 3400cl and 6400cl Switches Caution The ICMP protocol is necessary for routing, diagnostic, and error responses in an IP network. ICMP rate-limiting is primarily used for throttling worm or virus-like behavior, and should normally be configured to allow one to five per cent of available inbound bandwidth to be used for ICMP traffic. This feature should not be used to remove all ICMP traffic from a network.
Port Traffic Controls All-Traffic Rate-Limiting for the 5300xl, 3400cl and 6400cl Switches ICMP Rate-Limit at 5% ICMP Rate-Limit at 1% Dormitory 1 5300xl Switch WAN LAN 5300xl Switch Router Dormitory 2 Dormitory 3 5300xl Switch Dormitory 4 Classroom Administration Building Backup Server Classroom Server ICMP Rate-Limit at 1% Figure 14-3. Example of ICMP Rate-Limiting ICMP Rate-Limiting Operation.
Port Traffic Controls All-Traffic Rate-Limiting for the 5300xl, 3400cl and 6400cl Switches Note ■ All ports belonging to a trunk configured for ICMP rate-limiting operate according to the trunk configuration, regardless of the ICMP rate-limiting state that existed on the port prior to its being added to the trunk. (While a port is in a trunk, any ICMP rate-limiting previously configured for that port is suspended, but remains in the switch configuration.
Port Traffic Controls All-Traffic Rate-Limiting for the 5300xl, 3400cl and 6400cl Switches Configuring Inbound Rate-Limiting. This command controls inbound usage of a port by setting a limit on the bandwidth available for inbound traffic. Syntax: [no] int < port- list | trunk-list > rate-limit icmp < 0..100 > Configures inbound ICMP traffic rate limiting. You can configure a rate limit from either the global configuration level (as shown above) or from the interface context level.
Port Traffic Controls All-Traffic Rate-Limiting for the 5300xl, 3400cl and 6400cl Switches For example, if you wanted to view the rate-limiting configuration on the first six ports in the module in slot “B”: Ports B2-B5 are configured with an ICMP rate limit of 1%. (Ports B1 and B6 are not configured for ICMP rate-limiting.) Figure 14-4.
Port Traffic Controls All-Traffic Rate-Limiting for the 5300xl, 3400cl and 6400cl Switches The show config status command compares the content of the startup-config and running-config files and prints a report. Ports B2-B5 are configured with an ICMP rate limit of 1%. Figure 14-5. Example of ICMP Rate-Limit Settings Listed in the “show running” Output ICMP Rate-Limiting Trap and Event Log Messages.
Port Traffic Controls All-Traffic Rate-Limiting for the 5300xl, 3400cl and 6400cl Switches The switch does not send more traps or Event Log messages for excess ICMP traffic on the affected port until the system operator resets the port’s ICMP trap function. The reset can be done through SNMP from a network manage ment station or through the CLI with the following setmib command. Syntax: setmib hpIcmpRatelimitPortAlarmflag.
Port Traffic Controls All-Traffic Rate-Limiting for the 5300xl, 3400cl and 6400cl Switches 14-18 ■ Interface Support: ICMP rate-limiting is available on all types of ports and trunks on the switches covered by this guide, and at all port speeds configurable for these devices. ■ Rate-Limiting Not Permitted on Mesh Ports: Either type of ratelimiting can reduce the efficiency of paths through a mesh domain.
Port Traffic Controls All-Traffic Rate-Limiting for the 5300xl, 3400cl and 6400cl Switches tion, an outbound interface can become oversubscribed by traffic received from multiple ICMP rate-limited interfaces. In this case, the actual rate for traffic on the rate-limited interfaces may be lower than configured because the total traffic load requested to the outbound inter face exceeds the interface’s bandwidth, and thus some requested traffic may be held off on inbound.
Port Traffic Controls All-Traffic Rate-Limiting for the 5300xl, 3400cl and 6400cl Switches ProCurve# walkmib ifDescr ifDescr.1 = A1 ifDescr.2 = A2 ifDescr.3 = A3 . . . ifDescr.23 = A23 ifDescr.24 = A24 ifDescr.27 = B1 ifDescr.28 = B2 ifDescr.29 = B3 . . . ifDescr.48 = B22 ifDescr.49 = B23 ifDescr.50 = B24 . . . Beginning and Ending of Port Number Listing for Slot A Beginning and Ending of Port Number Listing for Slot B Figure 14-6.
Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) on the Series 5300xl Switches Guaranteed Minimum Bandwidth (GMB) on the Series 5300xl Switches This section applies only to the Series 5300xl switches.
Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) on the Series 5300xl Switches Table 14-1. Per-Port Outbound Priority Queues 802.1p Priority Settings in Tagged VLAN Packets* 1 (low) Outbound Priority Queue for a Given Port 1 2 (low) 0 (normal) 2 3 (normal) 4 (medium) 3 5 (medium) 6 (high) 4 7(high) *The switch processes outbound traffic from an untagged port at the "0" (normal) priority level.
Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) on the Series 5300xl Switches Note For a given port, when the demand on one or more outbound queues exceeds the minimum bandwidth configured for those queues, the switch apportions unallocated bandwidth to these queues on a priority basis.
Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) on the Series 5300xl Switches Syntax: [ no ] int < port-list > bandwidth-min output (Continued) [ < queue1% > < queue2% > < queue3% > < queue4% >] For ports in < port-list >, specifies the minimum outbound bandwidth as a percent of the total bandwidth for each outbound queue. The queues receive service in descending order of priority.
Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) on the Series 5300xl Switches For example, suppose you wanted to configure the following outbound mini mum bandwidth availability for ports A1 and A2: Priority of Outbound Port Queue Minimum Effect on Outbound Bandwidth Allocation Bandwidth % 4 50 Queue 4 has the first priority use of all outbound bandwidth not specifically allocated to queues 1 - 3.
Port Traffic Controls Guaranteed Minimum Bandwidth (GMB) on the Series 5300xl Switches For example, to display the GMB configuration resulting from either of the above commands: User-Configured Minimum Bandwidth Settings Default Minimum Bandwidth Settings Figure 14-7. Example of Listing the Guaranteed Minimum Bandwidth Configuration For an example listing the GMB configuration in the startup-config file, refer to figure 14-2 on page 14-7. GMB Operating Notes Granularity of Applied GMB Settings.
Port Traffic Controls Jumbo Packets on the Series 3400cl and Series 6400cl Switches Jumbo Packets on the Series 3400cl and Series 6400cl Switches This section applies only to the ProCurve Series 3400cl and Series 6400cl switches. Feature display VLAN jumbo status configure jumbo VLANs Default Menu CLI Web n/a — 14-29 — Disabled — 14-31 — The Maximum Transmission Unit (MTU) is the maximum size IP packet the switch can receive for Layer 2 packets inbound on a port.
Port Traffic Controls Jumbo Packets on the Series 3400cl and Series 6400cl Switches Operating Rules 14-28 ■ Required Port Speed: The 3400cl/6400cl switches allow inbound and outbound jumbo packets on ports operating at speeds of 1 gigabit or higher. At lower port speeds, only standard (1522-byte or smaller) packets are allowed, regardless of the jumbo configuration.
Port Traffic Controls Jumbo Packets on the Series 3400cl and Series 6400cl Switches Configuring Jumbo Packet Operation Command Page show vlans 14-30 show vlans ports < port-list > 14-31 show vlans < vid > 14-31 jumbo 14-31 Overview 1. Determine the VLAN membership of the ports or trunks through which you want the switch to accept inbound jumbo traffic. For operation with GVRP enabled, refer to the GVRP topic under “Operating Rules”, above. 2.
Port Traffic Controls Jumbo Packets on the Series 3400cl and Series 6400cl Switches Indicates which static VLANs are configured to enable jumbo packets. Figure 14-8. Example Listing of Static VLANs To Show Jumbo Status Per VLAN Syntax: show vlans ports < port-list > Lists the static VLANs to which the specified port(s) belong, including the Jumbo column to indicate which VLANs are configured to support jumbo traffic.
Port Traffic Controls Jumbo Packets on the Series 3400cl and Series 6400cl Switches Syntax: show vlans < vid > This command shows port membership and jumbo configuration for the specified < vid >. Lists the ports belonging to VLAN 100 and whether the VLAN is enabled for jumbo packet traffic. Figure 14-10.
Port Traffic Controls Jumbo Packets on the Series 3400cl and Series 6400cl Switches Operating Notes for Jumbo Traffic-Handling 14-32 ■ ProCurve does not recommend configuring a voice VLAN to accept jumbo packets. Voice VLAN packets are typically small, and allowing a voice VLAN to accept jumbo packet traffic can degrade the voice transmission performance. ■ You can configure the default, primary, and/or (if configured) the manage ment VLAN to accept jumbo packets on all ports belonging to the VLAN.
Port Traffic Controls Jumbo Packets on the Series 3400cl and Series 6400cl Switches excluded from jumbo traffic. A solution is to create a third VLAN with the sole purpose of enabling jumbo traffic on the desired ports, while leaving the other ports on the switch disabled for jumbo traffic.
Port Traffic Controls Jumbo Packets on the Series 3400cl and Series 6400cl Switches ■ Jumbo Traffic in a Switch Mesh Domain. Note that if a switch belongs to a meshed domain, but does not have any VLANs configured to support jumbo traffic, then the meshed ports on that switch will drop any jumbo packets they receive from other devices.
15 Configuring for Network Management Applications Contents Using SNMP Tools To Manage the Switch . . . . . . . . . . . . . . . . . . . . . . 15-3 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-3 SNMP Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-4 Configuring for SNMP Access to the Switch . . . . . . . . . . . . . . . . . . . . 15-4 Configuring for SNMP Version 3 Access to the Switch . . . . . . . .
Configuring for Network Management Applications Contents LLDP Operating Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-31 LLDP Data Management on the Series 3400cl and 6400cl Switches 15-32 LLDP Neighbor Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-32 Configuring LLDP Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-33 Viewing the Current Configuration . . . . . . . . . . . . . . . . . . . . . . .
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Using SNMP Tools To Manage the Switch Overview You can manage the switch via SNMP from a network management station running an application such as ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+). For more on PCM and PCM+, visit the ProCurve Networking web site at: www.procurve.com Click on products index in the sidebar, then click on the appropriate link appearing under the Network Management heading.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Management Features SNMP management features on the switch include: ■ SNMP version 1, version 2c or version 3 over IP ■ Security via configuration of SNMP communities (page 15-4) ■ Security via authentication and privacy for SNMP Version 3 access ■ Event reporting via SNMP • Version 1 traps • RMON: groups 1, 2, 3, and 9 ■ ProCurve Manager/Plus support ■ Flow sampling using either EASE or sFlow ■ Stand
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch If you want to restrict access to one or more specific nodes, you can use the switch’s IP Authorized Manager feature. (Refer to the Access Security Guide for your switch.) Caution For ProCurve Manager (PCM) version 1.5 or earlier (or any TopTools version), deleting the “public” community disables some network management functions (such as traffic monitoring, SNMP trap generation, and threshold setting).
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Version 3 Commands SNMP version 3 (SNMPv3) adds a new command to the CLI for configuring SNMPv3 functions. To enable SMNPv3 operation on the switch you must: Caution a. Enable SNMPv3 with the snmpv3 enable command. An initial user entry will be generated with MD5 authentication and DES privacy. b. You may restrict access to only SNMPv3 agents with the snmpv3 only command.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Enabling SNMPv3 The snmpv3 enable command starts a dialog that performs three functions: enabling the switch to receive SNMPv3 messages, configuring the initial users, and, optionally, to restrict non-version 3 messages to “read only”. Figure 15-1 shows an example of this dialog.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch 2. Caution Assign users to Security Groups based on their security model. This is done with the snmpv3 group command. See“Assigning Users to Groups” on page 15-9. Adding a user without authentication and/or privacy to a group that requires it, will cause the user to not be able to access the switch. You should only add users to the group that is appropriate for their security parameters Adding Users.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMPv3 Commands Syntax: [no] snmpv3 user Adds or Deletes a user entry for snmpv3. Authorization and privacy are optional, but to use privacy, you must use authorization. When deleting a user, only the user_name is required. [auth ] With authorization, you can select either MD5 authentication or sha authentication.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMPv3 Group Commands Syntax: [no] snmpv3 group This command assigns or removes a user to a security group for access rights to the switch. To delete an entry, all of the following three parameters must be included in the command. group This parameter identifies the group that has the privileges that will be assigned to the user. For more details see “Group Access Levels” on page 15-10.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Note ■ OperatorReadView – no access to icfSecurityMIB, hpSwitchIpTftpMode, vacmContextTable, vacmAccessTable, vacmViewTreeFami lyTable, usmUserTable, snmpCommunityTable ■ Discovery View – Access limited to samplingProbe MIB. All access groups and views are predefined on the switch. There is no method to modify or add groups or views to those that are pre-defined on the switch.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Figure 15-4 shows the assigning of Operator community on MgrStation1 to the CommunityOperatorReadWrite group. Any other Operator only has an access level of CommunityOperatorReadOnly Add mapping to allow write access for Operator community on MgrStation1 Two Operator Access Levels Figure 15-4.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Caution For ProCurve Manager (PCM) version 1.5 or earlier (or any TopTools version), deleting the “public” community disables some network management functions (such as traffic monitoring, SNMP trap generation, and threshold setting). If network management security is a concern, and you are using the above software versions, ProCurve recommends that you change the write access for the “public” community to “Restricted”.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch If you are adding a community, the fields in this screen are blank. If you are editing an existing community, the values for the currently selected Community appear in the fields. Type the value for this field. Use the Space bar to select values for other fields Figure 15-6.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch This example lists the data for all communities in a switch; that is, both the default “public” community name and another community named "blue-team" Default Community and Settings Non-Default Community and Settings Trap Receiver Data (See page 15-16.) Figure 15-7.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch [restricted | unrestricted] Optionally assigns MIB access type. Assigning the restricted type allows the community to read MIB variables, but not to set them. Assigning the unrestricted type allows the community to read and set MIB variables. For example, to add the following communities: Community Access Level Type of Access red-team manager (Access to all MIB objects.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: [no] snmpv3 notify tag This adds or deletes a notification request. To remove a mapping you only need the < notify_name >. [no] snmpv3 targetaddress < name > taglist < tag > params < parms_name > < ip-addr > Add or delete an address where notification messages are sent. The < tag > value must match the tag value of a notify entry.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch [no] snmpv3 params user Adds or deletes a user parameter for use with target address. The params_name must match the parms_name in the targetaddress command. The user_name should be a user from the User Table. For more information on users see “SNMPv3 Users” on page 15-7. A complete params command must also have a sec-model and msg-processing entry.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMPv1 and SNMPv2c Trap Features Feature Default Menu CLI Web snmp-server host (trap receiver) public — page 15-20 — snmp-server enable (authentication trap) none — page 15-22 — A trap receiver is a management station designated by the switch to receive SNMP traps sent from the switch.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Using the CLI To List Current SNMP Trap Receivers. This command lists the currently configured trap receivers and the setting for authentication traps (along with the current SNMP community name data — see “SNMPv3 Communities” on page 15-11). Syntax: show snmp-server Displays current community and trap receiver data.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Syntax: snmp-server host < community-string > < ip-address > Using community name and destination IP address, this command designates a destination networkmanagement station for receiving SNMP event log messages from the switch. If you do not specify the event level, then the switch does not send event log messages as traps. You can specify up to 10 trap receivers (network management stations).
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Notes To replace one community name with another for the same IP address, you must use no snmp-server host < community-name> < ip-address > to delete the unwanted community name. Otherwise, adding a new community name with an IP address already in use with another community name simply creates two allowable community name entries for the same management station.
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch The RMON agent automatically runs in the switch. Use the RMON management station on your network to enable or disable specific RMON traps and events. Note that you can access the Ethernet statistics, Alarm, and Event groups from the ProCurve Manager network management software. For more on ProCurve Manager, visit the ProCurve Networking web site at www.procurve.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP (Link-Layer Discovery Protocol) To standardize device discovery on all ProCurve switches, LLDP will be implemented while offering limited read-only support for CDP as documented in this manual. For current information on your switch model, consult the Release Notes (available on the ProCurve Networking web site).
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP (Link Layer Discovery Protocol): provides a standards-based method for enabling the switches covered by this guide to advertise themselves to adjacent devices and to learn about adjacent LLDP devices. LLDP-MED (LLDP Media Endpoint Discovery): Provides an extension to LLDP and is designed to support VoIP deployments.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP: Link Layer Discovery Protocol: • 5300xl, 4200vl, and 6400cl Switches: IEEE 802.1AB • 3400cl Switches: IEEE 802.1AB/D9 or greater LLDP-Aware: A device that has LLDP in its operating code, regardless of whether LLDP is enabled or disabled. LLDP Device: A switch, server, router, or other device running LLDP.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) PSAP (Public Safety Answering Point): PSAPs are typically emergency telephone facilities established as a first point to receive emergency (911) calls and to dispatch emergency response services such as police, fire and emergency medical services. PSE (Power-Sourcing Equipment): A PSE, such as a PoE module installed in a Series 5300xl switch, provides power to IEEE 802.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ■ An intervening hub or repeater forwards the LLDP packets it receives in the same manner as any other multicast packets it receives. Thus, two LLDP switches joined by a hub or repeater handle LLDP traffic in the same way that they would if directly connected. ■ Any intervening 802.1D device or Layer-3 device that is either LLDPunaware or has disabled LLDP operation drops the packet.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ■ Receive only (rxonly): This setting enables a port to receive and read LLDP packets from LLDP neighbors, and to store the packet data in the switch’s MIB. However, the port does not transmit outbound LLDP packets. This prevents LLDP neighbors from learning about the switch through that port. ■ Disable (disable): This setting disables LLDP packet transmissions and reception on a port.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Data Type Configuration Options Default Description System Description6 Enable/Disable Enabled Includes switch model name and running software version, and ROM version. Port Description6 Enable/Disable Enabled Uses the physical port identifier. System capabilities supported5, 6 Enable/Disable Enabled Identifies the switch’s primary capabilities (bridge, router).
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ■ Using an SNMP application that is designed to query the Neighbors MIB for LLDP data to use in device discovery and topology mapping. (In the 3400cl and 6400cl switches only.) ■ Using the walkmib command to display a listing of the LLDP MIB objects LLDP and LLDP-MED Standards Compatibility The operation covered by this section is compatible with these standards: ■ IEEE P802.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) You can override the default operation by configuring the port to advertise any IP address that is manually configured on the switch, even if the port does not belong to the VLAN configured with the selected IP address (page 15-43). (Note that LLDP cannot be configured through the CLI to advertise an addresses acquired through DHCP or Bootp.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) neighbor, it stores this information as two separate entries if the advertisements have differences chassis ID and port ID information. However, if the chassis and port ID information are the same, the switch stores this information as a single entry. LLDP data transmission/collection is enabled in the switch’s default configuration.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Command Page lldp enable-notification 15-41 lldpnotificationinterval 15-42 lldp admin-status < txonly | rxonly | tx_rx | disable > 15-42 lldp config < port-list > IpAddrEnable 15-43 lldp config < port-list > basicTlvEnable 15-44 lldp config < port-list > dot3TlvEnable < macphy_config > 15-46 Viewing the Current Configuration Displaying the Global LLDP, Port Admin, and SNMP Notification Status.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note: This value corresponds to the lldp refresh-interval command (page 15-38). These LLDP-MED fields apply to 5300xl switches running software release E.10.xx or greater, and to 4200vl switches. Med Topology Trap Enabled ------------------------False True False False True False False Figure 15-10.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying Port Configuration Details. This command displays the portspecific configuration. Syntax show lldp config < port-list > Displays the LLDP port-specific configuration for all ports in < port-list >, including which optional TLVs and any non-default IP address that are included in the port’s outbound advertisements.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) These fields appear when medtlvenable is enabled on the switch, which is the default setting. This field appears when dot3tlvenable is enabled on the switch, which is the default setting. The blank IpAddress field indicates that the default IP address will be advertised from this port. (Refer to page 15-43: “Configuring a Remote Management Address for Outbound LLDP Advertisements” Figure 15-12.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax [ no ] lldp run Enables or disables LLDP operation on the switch. The no form of the command, regardless of individual LLDP port configurations, prevents the switch from transmitting outbound LLDP advertisements, and causes the switch to drop all LLDP advertisements received from other devices. The switch preserves the current LLDP configuration when LLDP is disabled.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) discarding it. The Time-to-Live value is the result of multiplying the refreshinterval by the holdtime-multiplier described below. Syntax lldp holdtime-multiplier < 2 - 10 > Changes the multiplier an LLDP switch uses to calculate the Time-to-Live for the LLDP advertisements it generates and transmits to LLDP neighbors.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax setmib lldpTxDelay.0 -i < 1 - 8192 > Uses setmib to change the minimum time (delay-interval) any LLDP port will delay advertising successive LLDP advertisements due to a change in LLDP MIB content. (Default: 2; Range: 1 - 8192) Note: The LLDP refresh-interval (transmit interval) must be greater than or equal to (4 x delay-interval).
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) delay interval delays the port’s ability to reinitialize and generate LLDP traffic following an LLDP disable/enable cycle. Syntax setmib lldpReinitDelay.0 -i < 1 - 10 > Uses setmib to change the minimum time (reinitialization delay interval) an LLDP port will wait before reinitializing after receiving an LLDP disable command followed closely by a txonly or tx_rx command.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Changing the Minimum Interval for Successive Data Change Notifications for the Same Neighbor LLDP trap notification is enabled on a port, a rapid succession of changes in LLDP information received in advertisements from one or more neighbors can generate a high number of traps. To reduce this effect, you can globally change the interval between successive notifications of neighbor data change.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax lldp admin-status < port-list > < txonly | rxonly | tx_rx | disable > With LLDP enabled on the switch in the default configuration, each port is configured to transmit and receive LLDP packets. These options enable you to control which ports participate in LLDP traffic and whether the participating ports allow LLDP traffic in only one direction or in both directions.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax [ no ] lldp config < port-list > ipAddrEnable < ip-address > Replaces the default IP address for the port with an IP address you specify. This can be any IP address configured in a static VLAN on the switch, even if the port does not belong to the VLAN configured with the selected IP address. The no form of the command deletes the specified IP address.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax: [ no ] lldp config < port-list > basicTlvEnable < TLV-Type > port_descr For outbound LLDP advertisements, this TLV includes an alphanumeric string describing the port. (Default: Enabled) system_name For outbound LLDP advertisements, this TLV includes an alphanumeric string showing the system’s assigned name.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Configuring Support for Port Speed and Duplex Advertisements on the 5300xl and 4200vl Switches This feature operates only on 5300xl switches running software release E.10.x or greater, and 4200vl switches. This feature is enabled in the default LLDP-MED configuration on 5300xl switches running software release E.10.x or greater, and on 4200vl switches.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP-MED (Media-Endpoint-Discovery) for the 5300xl and 4200vl Switches As of October 2006, LLDP-MED operates only on 5300xl switches running software release E.10.x or greater, and 4200vl switches. LLDP-MED (ANSI/TIA-1057/D6) extends the LLDP (IEEE 802.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ■ IP communications controllers ■ other VoIP devices or servers LLDP-MED Class 1 Generic Endpoints Such As IP Call Control Devices 5300xl Switches Providing Network Access to LLDP-MED Endpoints IP Network IP Network Infrastructure Infrastructure (IEEE 802 LAN) (IEEE 802 LAN) LLDP-MED Class 2 Media Endpoints Such As Media Gateways, Conference Bridges, and other Devices Supporting IP Media Streams LLDP-MED Class 3 End
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note ■ provide information on network connectivity capabilities (for example, a multi-port VoIP phone with Layer 2 switch capability) ■ support the fast start capability LLDP-MED is intended for use with VoIP endpoints, and is not designed to support links between network infrastructure devices, such as switch-to switch or switch-to-router links. LLDP-MED Endpoint Device Classes.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP-MED Topology Change Notification This optional feature provides information an SNMP application can use to track LLDP-MED connects and disconnects.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note Topology change notifications provide one method for monitoring system activity. However, because SNMP normally employs UDP, which does not guarantee datagram delivery, topology change notification should not be relied upon as the sole method for monitoring critical endpoint device connectivity.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Advertising Device Capability, Network Policy, PoE Status and Location Data The medTlvEnable option on the switch is enabled in the default configuration and supports the following LLDP-MED TLVs: ■ LLDP-MED capabilities: This TLV enables the switch to determine: • whether a connected endpoint device supports LLDP-MED • which specific LLDP-MED TLVs the endpoint supports • the device class (1, 2, or 3) for the connecte
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ■ The voice VLAN port membership configured on the switch can be tagged or untagged. However, if the LLDP-MED endpoint expects a tagged mem bership when the switch port is configured for untagged, or the reverse, then a configuration mismatch results. (Typically, the endpoint expects the switch port to have a tagged voice VLAN membership.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax: [ no ] lldp config < port-list > medTlvEnable < medTlv > ■ Enables or disables advertisement of the following TLVs on the specified ports: • device capability TLV • configured network policy TLV • configured location data TLV (Refer to “Configuring Location Data for LLDP-MED Devices” on page 15-56.) • current PoE status TLV (Default: All of the above TLVs are enabled.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) network-policy This TLV enables the switch port to advertise its configured network policies (voice VLAN, Layer 2 QoS, Layer 3 QoS), and allows LLDP-MED endpoint devices to auto-configure the voice network policy advertised by the switch. This also enables the use of SNMP applications to troubleshoot statically configured endpoint network policy mismatches.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) PoE Advertisements. These advertisements inform an LLDP-MED endpoint of the power (PoE) configuration on switch ports. Similar advertisements from an LLDP-MED endpoint inform the switch of the endpoint’s power needs and provide information that can be used to identify power priority mismatches.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ■ ELIN (Emergency Location Identification Number): an emergency number typically assigned to MLTS (Multiline Telephone System Opera tors) in North America ■ coordinate-based location: attitude, longitude, and altitude informa tion (Requires configuration via an SNMP application.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax: [ no ] lldp config < port-list > medPortLocation < Address-Type > Configures location or emergency call data the switch advertises per port in the location_id TLV. This TLV is for use by LLDP-MED endpoints employing location-based applications. Note: The switch allows one medPortLocation entry per port (without regard to type).
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) When an emergency call is placed from a properly configured class 3 endpoint device to an appropriate PSAP, the country code, device type, and type/value pairs configured on the switch port are included in the transmission. The “type” specifiers are used by the PSAP to identify and organize the location data components in an understandable format for response personnel to interpret.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) elin-addr < emergency-number > This feature is intended for use in Emergency Call Service (ECS) applications to support class 3 LLDP-MED VoIP telephones connected to a 5300xl switch in a multiline telephone system (MLTS) infrastructure.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Example of a Location Configuration on a 5300xl Switch Port.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Figure 15-15 shows the commands for configuring and displaying the above data. Figure 15-15.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying Switch Information Available for Outbound Advertisements These commands display the current switch information that will be used to populate outbound LLDP advertisements. Syntax show lldp info local-device [ port-list ] Without the [ port-list ] option, this command displays the global switch information and the per-port information currently available for populating outbound LLDP advertisements.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) The Management Address field displays only the LLDP-configurable IP addresses on the switch. (Only manually-configured IP addresses are LLDP-configurable.) If the switch has only an IP address from a DHCP or Bootp server, then the Management Address field is empty (because there are no LLDP configurable IP addresses available). For more on this topic, refer to “Remote Management Address” on page 15-30. Figure 15-16.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) information on displaying the currently configured port speed and duplex on an LLDP-MED endpoint, refer to “Displaying the Current Port Speed and Duplex Configuration on a Switch Port” on page 15-64. Syntax: show interfaces brief < port-list > Includes port speed and duplex configuration in the Mode column of the resulting display. (This command is available on all switch models covered by this guide.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Syntax show lldp info remote-device [ port-list ] Without the [ port-list ] option, this command provides a global list of the individual devices it has detected by reading LLDP advertisements. Discovered devices are listed by the inbound port on which they were discovered.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note: In software releases earlier than M_08_06x (for the 3400cl switches only), a Port Type column appears with this command instead of the PortId, PortName columns shown in this figure. Note: In software release E.10.x and greater for the 5300xl switches, and for 4200vl switches, the PortName column heading appears as PortDescr. Figure 15-18.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Displaying LLDP Statistics LLDP statistics are available on both a global and a per-port levels. Rebooting the switch resets the LLDP statistics counters to zero. Disabling the transmit and/or receive capability on a port “freezes” the related port counters at their current values.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) — Continued from the preceding page. — Per-Port LLDP Counters: NumFramesRecvd: Shows the total number of valid, inbound LLDP advertisements received from any neighbor(s) on < portlist >. Where multiple neighbors are connected to a port through a hub, this value is the total number of LLDP advertisements received from all sources. NumFramesSent: Shows the total number of LLDP advertisements sent from < port-list >.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Counters showing frames sent on a port but no frames received on that port indicates an active link with a device that either has LLDP disabled on the link or is not LLDPaware. Figure 15-20. Example of a Global LLDP Statistics Display Figure 15-21. Example of a Per-Port LLDP Statistics Display LLDP Operating Notes Neighbor Maximum.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) LLDP Packet Forwarding: An 802.1D-compliant switch does not forward LLDP packets, regardless of whether LLDP is globally enabled or disabled on the switch. One IP Address Advertisement Per-Port: LLDP advertises only one IP address per-port, even if multiple IP addresses are configured by lldp config < port-list > ipAddrEnable on a given port. 802.1Q VLAN Information. LLDP packets do not include 802.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) ProCurve# walkmib ifDescr ifDescr.1 = A1 ifDescr.2 = A2 ifDescr.3 = A3 . . . ifDescr.23 = A23 ifDescr.24 = A24 ifDescr.27 = B1 ifDescr.28 = B2 ifDescr.29 = B3 . . . ifDescr.48 = B22 ifDescr.49 = B23 ifDescr.50 = B24 . . . Beginning and Ending of Port Number Listing for Slot A Beginning and Ending of Port Number Listing for Slot B Figure 15-22.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note ■ If the switch receives both LLDP and CDP advertisements on the same port from the same neighbor the switch stores this information as two separate entries if the advertisements have differences chassis ID and port ID information. ■ If the chassis and port ID information are the same, the switch stores this information as a single entry.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Protocol State Packet Generation Inbound Data Management Inbound Packet Forwarding CDP Enabled1 n/a Store inbound CDP data. CDP Disabled n/a No storage of CDP data from Floods inbound CDP packets neighbor devices. from connected devices to outbound ports. No forwarding of inbound CDP packets. LLDP Enabled1 Generates and Store inbound LLDP data. transmits LLDP packets out all ports on the switch.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Note Command Page show cdp 15-75 show cdp neighbors [< port-list > detail] [detail < port-list >] 15-76 [no] cdp run 15-77 [no] cdp enable < port-list > 15-77 For details on how to use an SNMP utility to retrieve information from the switch’s CDP Neighbors table maintained in the switch’s MIB (Management Information Base), refer to the documentation provided with the particular SNMP utility.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Viewing the Switch’s Current CDP Neighbors Table. Devices are listed by the port on which they were detected. Syntax: show cdp neighbors Lists the neighboring CDP devices the switch detects, with a subset of the information collected from the device’s CDP packet. [ [e] port-numb [detail] ] Lists the CDP device connected to the specified port. (Allows only one port at a time.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Disabling CDP Operation. Disabling CDP operation clears the switch’s CDP Neighbors table and causes the switch to drop inbound CDP packets from other devices without entering the data in the CDP Neighbors table. Syntax: [no] cdp run Enables or disables CDP read-only operation on the switch.
Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) —This page is intentionally unused— 15-78
A File Transfers Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3 Downloading Switch Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3 General Software Download Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4 Using TFTP To Download Switch Software from a Server . . . . . . . . A-4 Menu: TFTP Download from a Server to Primary Flash . . . . . . .
File Transfers Contents Xmodem: Copying a Configuration File from a Serially Connected PC or UNIX Workstation . . . . . . . . . . . . . . . A-27 Copying Diagnostic Data to a Remote Host, PC, or UNIX Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-29 Copying Command Output to a Destination Device . . . . . . . . . A-29 Copying Event Log Output to a Destination Device . . . . . . . . . A-30 Copying Crash Data Content to a Destination Device . . . . . . .
File Transfers Overview Overview You can download new switch software, upload or download switch configu ration files, and upload command files for configuring Access Control Lists (ACLs).
File Transfers Downloading Switch Software General Software Download Rules Note ■ Switch software that you download via the menu interface always goes to primary flash. ■ After a software download, you must reboot the switch to implement the new software. Until a reboot occurs, the switch continues to run on the software it was using before the download commenced. Downloading new switch software does not change the current switch con figuration.
File Transfers Downloading Switch Software Menu: TFTP Download from a Server to Primary Flash Note that the menu interface accesses only the primary flash. 1. In the console Main Menu, select Download OS to display the screen in figure A-A-1. (The term “OS”, or “operating system” refers to the switch software): Figure A-1. Example of a Download OS (Software) Screen (Default Values) 2. Press [E] (for Edit). 3. Ensure that the Method field is set to TFTP (the default). 4.
File Transfers Downloading Switch Software A “progress” bar indicates the progress of the download. When the entire software file has been received, all activity on the switch halts and you will see Validating and writing system software to FLASH... 7. After the primary flash memory has been updated with the new software, you must reboot the switch to implement the newly downloaded software. Return to the Main Menu and press [6] (for Reboot Switch).
File Transfers Downloading Switch Software 1. Execute copy as shown below: Dynamic counter continually displays the number of bytes transferred. Figure A-3. 2. This message means that the image you want to upload will replace the image currently in primary flash. Example of the Command to Download an OS (Switch Software) When the switch finishes downloading the software file from the server, it displays this progress message: Validating and Writing System Software to FLASH … 3.
File Transfers Downloading Switch Software Using Secure Copy and SFTP For some situations you may want to use a secure method to issue commands or copy files to the switch. By opening a secure, encrypted SSH session you can then use a third-party software application to take advantage of Secure Copy (SCP) and Secure ftp (SFTP). SCP and SFTP provide a secure alternative to TFTP for transferring information that may be sensitive (like switch con figuration files) to and from the switch.
File Transfers Downloading Switch Software Note SFTP over SSH version 1 (SSH v1) is not supported. A request from either the client or the switch (or both) using SSH v1 generates an error message. The actual text of the error message differs, depending on the client software in use. Some examples are: Protocol major versions differ: 2 vs. 1 Connection closed Protocol major versions differ: 1 vs.
File Transfers Downloading Switch Software The SCP/SFTP Process To use SCP and SFTP: 1. Open an SSH session as you normally would to establish a secure encrypted tunnel between your computer and the switch. For more detailed directions on how to open an SSH session see the chapter titled “Configuring Secure Shell (SSH)” in the Access Security Guide for your switch. Please note that this is a one-time procedure for new switches or connections.
File Transfers Downloading Switch Software ProCurve(config)# ip ssh filetransfer Tftp and auto-tftp have been disabled. ProCurve(config)# sho run Enabling SFTP automatically disables TFTP and auto-tftp and displays this message. Running configuration: ; J4850A Configuration Editor; Created on release #E.10.02 hostname "ProCurve" module 1 type J8161A module 2 type J8161A vlan 1 name "DEFAULT_VLAN" untagged A1-A24,B1-B24 ip address 10.28.234.176 255.255.240.
File Transfers Downloading Switch Software Enables/Disables TFTP. Note: If SFTP is enabled, this field will be set to No. You cannot use this field to enable TFTP if SFTP is enabled. Attempting to do so produces an Inconsistent value message in the banner below the Actions line. Figure A-5. Using the Menu Interface To Disable TFTP ■ While SFTP is enabled, TFTP and auto-TFTP cannot be enabled from the CLI.
File Transfers Downloading Switch Software Syntax: no tftp-enable This command disables all TFTP operation on the switch except for the auto-TFTP feature. To re-enable TFTP operation, use the tftp-enable command. When TFTP is disabled, the instances of tftp in the CLI copy command and the Menu interface “Download OS” screen become unavailable. Note: This command does not disable auto-TFTP operation.
File Transfers Downloading Switch Software Authentication Switch memory allows up to ten public keys. This means the authentication and encryption keys you use for your third-party client SCP/SFTP software can differ from the keys you use for the SSH session, even though both SCP and SFTP use a secure SSH tunnel. Note SSH authentication through a TACACS+ server and use of SCP or SFTP through an SSH tunnel are mutually exclusive.
File Transfers Downloading Switch Software ■ The switch supports one SFTP session or one SCP session at a time. ■ All files have read-write permission. Several SFTP commands, such as create or remove, are not allowed and return an error message.
File Transfers Downloading Switch Software Using Xmodem to Download Switch Software From a PC or UNIX Workstation This procedure assumes that: ■ The switch is connected via the Console RS-232 port to a PC operating as a terminal. (Refer to the Installation and Getting Started Guide you received with the switch for information on connecting a PC as a terminal and running the switch console interface.) ■ The switch software is stored on a disk drive in the PC.
File Transfers Downloading Switch Software 6. After the primary flash memory has been updated with the new software, you must reboot the switch to implement the newly downloaded software. Return to the Main Menu and press [6] (for Reboot Switch). You will then see this prompt: Continue reboot of system? : No Press the space bar once to change No to Yes, then press [Enter] to begin the reboot. 7. To confirm that the software downloaded correctly: a. From the Main Menu, select 1. Status and Counters 1.
File Transfers Downloading Switch Software c. In the Protocol field, select Xmodem. d. Click on the [Send] button. The download can take several minutes, depending on the baud rate used in the transfer. 3. When the download finishes, you must reboot the switch to implement the newly downloaded software. To do so, use one of the following commands: Syntax: boot system flash Reboots from the selected flash. Syntax: reload Reboots from the flash image currently in use.
File Transfers Downloading Switch Software 1. From the switch console Main Menu in the switch to receive the down load, select 7. Download OS screen. 2. Ensure that the Method parameter is set to TFTP (the default). 3. In the TFTP Server field, enter the IP address of the remote switch contain ing the software file you want to download. 4.
File Transfers Downloading Switch Software and Series 6400cl switches use software with the “M” identifier, such as M.08.01 and all of the Series 4200vl switches use the “L” identifier, such as L.10.xx.) The options for this CLI feature include: ■ Copy from primary flash in the source to either primary or secondary in the destination. ■ Copy from either primary or secondary flash in the source to either primary or secondary flash in the destination. Downloading from Primary Only.
File Transfers Troubleshooting TFTP Downloads For example, to download a software file from secondary flash in a switch with an IP address of 10.28.227.103 to the secondary flash in a destination switch, you would execute the following command in the destination switch’s CLI: Figure A-7.
File Transfers Troubleshooting TFTP Downloads To find more information on the cause of a download failure, examine the messages in the switch’s Event Log by executing this CLI command: ProCurve# show log tftp (For more on the Event Log, see “Using the Event Log To Identify Problem Sources” on “Using the Event Log To Identify Problem Sources” on page C-27.) Some of the causes of download failures include: Note A-22 ■ Incorrect or unreachable address specified for the TFTP Server parameter.
File Transfers Transferring Switch Configurations and ACL Command Files Transferring Switch Configurations and ACL Command Files Transfer Features Feature Default Menu CLI Web Use TFTP to copy from a remote host to a config n/a file. — below — Use TFTP to copy a config file to a remote host. n/a — page A-24 — Use TFTP to upload and execute a command file n/a for configuring or replacing an ACL in the switch configuration.
File Transfers Transferring Switch Configurations and ACL Command Files For example, to download a configuration file named sw5300 in the configs directory on drive “d” in a remote host having an IP address of 10.28.227.105: ProCurve# copy tftp startup-config 10.28.227.
File Transfers Transferring Switch Configurations and ACL Command Files “Working Offline To Create or Edit an ACL” in the “Access Control Lists (ACLs) chapter of the Advanced Traffic Management Guide for your switch. Syntax: copy tftp command-file < ip-addr > < filename.txt > < unix | pc > where: < ip-addr > = The IP address of a TFTP server available to the switch < filename.
File Transfers Transferring Switch Configurations and ACL Command Files To continue with the upload, press the [Y] key. To abort the upload, press the [N] key. Note that if the switch detects an illegal (non-ACL) command in the file, it bypasses the illegal command, displays a notice as shown in figure A A-9, and continues to implement the remaining ACL commands in the file. This message indicates that “show running” command just above it is not an ACL command and will be ignored by the switch.
File Transfers Transferring Switch Configurations and ACL Command Files Xmodem: Copying a Configuration File from the Switch to a Serially Connected PC or UNIX Workstation To use this method, the switch must be connected via the serial port to a PC or UNIX workstation. You will need to: ■ Determine a filename to use. ■ Know the directory path you will use to store the configuration file.
File Transfers Transferring Switch Configurations and ACL Command Files Syntax: copy xmodem startup-config < pc | unix > copy xmodem config < filename > < pc | unix > All Switches: Copies a configuration file from a serially connected PC or UNIX workstation to the switch’s startup config file. 5300xl and 4200vl: 5300xl switches running software release E.09.
File Transfers Copying Diagnostic Data to a Remote Host, PC, or UNIX Workstation Copying Diagnostic Data to a Remote Host, PC, or UNIX Workstation You can use the CLI to copy the following types of switch data to a text file in a management device: ■ Command Output: Sends the output of a switch CLI command as a file on the destination device. ■ Event Log: Copies the switch’s Event Log into a file on the destination device.
File Transfers Copying Diagnostic Data to a Remote Host, PC, or UNIX Workstation Copying Event Log Output to a Destination Device Syntax: copy event-log tftp < ip-address > < filepath_filename > copy event-log xmodem These commands use TFTP or Xmodem to copy the Event Log content to a PC or UNIX workstation on the network. For example, to copy the event log to a PC connected to the switch: At this point, press [Enter] and start the Xmodem command sequence in your terminal emulator. Figure A-11.
File Transfers Copying Diagnostic Data to a Remote Host, PC, or UNIX Workstation At this point, press [Enter] and start the Xmodem command sequence in your terminal emulator. Figure A-12.
File Transfers Copying Diagnostic Data to a Remote Host, PC, or UNIX Workstation —This page is intentionally unused— A-32
B Monitoring and Analyzing Switch Operation Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3 Status and Counters Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-4 Menu Access To Status and Counters . . . . . . . . . . . . . . . . . . . . . . . . . B-5 General System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-5 Menu Access . . . . . . . . . . . . . . . . . . . . . .
Monitoring and Analyzing Switch Operation Contents VLAN Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-20 Web Browser Interface Status Information . . . . . . . . . . . . . . . . . . . . B-22 Interface Monitoring Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-23 Menu: Configuring Port and Static Trunk Monitoring . . . . . . . . . . . B-24 CLI: Configuring Port, Mesh, and Static Trunk Monitoring . . . . . . .
Monitoring and Analyzing Switch Operation Overview Overview The switches covered by this guide have several built-in tools for monitoring, analyzing, and troubleshooting switch and network operation: Note ■ Status: Includes options for displaying general switch information, man agement address data, port status, port and trunk group statistics, MAC addresses detected on each port or VLAN, and STP, IGMP, and VLAN data (page B-4).
Monitoring and Analyzing Switch Operation Status and Counters Data Status and Counters Data This section describes the status and counters screens available through the switch console interface and/or the web browser interface. Note Status or Counters Type You can access all console screens from the web browser interface via Telnet to the console. Telnet access to the switch is available in the Device View window under the Configuration tab.
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access To Status and Counters Beginning at the Main Menu, display the Status and Counters menu by select ing: 1. Status and Counters Figure B-1. The Status and Counters Menu Each of the above menu items accesses the read-only screens described on the following pages. Refer to the online help for a description of the entries displayed in these screens. General System Information Menu Access From the console Main Menu, select: 1.
Monitoring and Analyzing Switch Operation Status and Counters Data Figure B-2. Example of General Switch Information This screen dynamically indicates how individual switch resources are being used. See the online Help for details. CLI Access Syntax: show system-information Switch Management Address Information Menu Access From the Main Menu, select: 1 Status and Counters … 2.
Monitoring and Analyzing Switch Operation Status and Counters Data Figure B-3. Example of Management Address Information with VLANs Configured This screen displays addresses that are important for management of the switch. If multiple VLANs are not configured, this screen displays a single IP address for the entire switch. See the online Help for details. Note As shown in figure B-3, all VLANs on the switches covered by this guide use the same MAC address.
Monitoring and Analyzing Switch Operation Status and Counters Data Module Information Use this feature to determine which slots have modules installed and which type(s) of modules are installed. Menu: Displaying Port Status From the Main Menu, select: 1. Status and Counters … 3. Module Information Figure B-4.
Monitoring and Analyzing Switch Operation Status and Counters Data Port Status The web browser interface and the console interface show the same port status data. Menu: Displaying Port Status From the Main Menu, select: 1. Status and Counters … 4. Port Status Figure B-5. Example of Port Status on the Menu Interface CLI Access Syntax: show interfaces brief Web Access 1. Click on the Status tab. 2. Click on [Port Status].
Monitoring and Analyzing Switch Operation Status and Counters Data Viewing Port and Trunk Group Statistics and Flow Control Status Feature Default Menu CLI Web viewing port and trunk statistics for all ports, and flow control status n/a page B-11 page B-12 page B-12 viewing a detailed summary for a particular port or trunk n/a page B-11 page B-12 page B-12 resetting counters n/a page B-11 page B-12 page B-12 These features enable you to determine the traffic patterns for each port since
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to Port and Trunk Statistics To access this screen from the Main Menu, select: 1. Status and Counters … 4. Port Counters Figure B-6. Example of Port Counters on the Menu Interface To view details about the traffic on a particular port, use the [v] key to highlight that port number, then select Show Details. For example, selecting port A2 displays a screen similar to figure B-7, below. Figure B-7.
Monitoring and Analyzing Switch Operation Status and Counters Data CLI Access To Port and Trunk Group Statistics To Display the Port Counter Summary Report. Syntax: show interfaces This command provides an overview of port activity for all ports on the switch. To Display a Detailed Traffic Summary for Specific Ports. . Syntax: show interfaces < port-list > This command provides traffic details for the port(s) you specify To Reset the Port Counters for a Specific Port.
Monitoring and Analyzing Switch Operation Status and Counters Data Viewing the Switch’s MAC Address Tables Feature Default Menu CLI Web viewing MAC addresses on all ports on a specific VLAN n/a page B-13 page B-16 — viewing MAC addresses on a specific port n/a page B-15 page B-16 — searching for a MAC address n/a page B-15 page B-16 — These features help you to view: ■ The MAC addresses that the switch has learned from network devices attached to the switch ■ The port on which each M
Monitoring and Analyzing Switch Operation Status and Counters Data Figure B-8. Example of the Address Table To page through the listing, use Next page and Prev page. Finding the Port Connection for a Specific Device on a VLAN. This feature uses a device’s MAC address that you enter to identify the port used by that device. 1. Proceeding from figure B-8, press [S] (for Search), to display the following prompt: Enter MAC address: _ 2. Type the MAC address you want to locate and press [Enter].
Monitoring and Analyzing Switch Operation Status and Counters Data Port-Level MAC Address Viewing and Searching. This feature displays and searches for MAC addresses on the specified port instead of for all ports on the switch. 1. From the Main Menu, select: 1. Status and Counters 7. Port Address Table Prompt for Selecting the Port To Search Figure B-10. Listing MAC Addresses for a Specific Port 2.
Monitoring and Analyzing Switch Operation Status and Counters Data CLI Access for MAC Address Views and Searches Syntax: show mac-address [ vlan < vlan-id >] [< port-list >] [< mac-addr >] To List All Learned MAC Addresses on the Switch, with The Port Number on Which Each MAC Address Was Learned. ProCurve> show mac-address To List All Learned MAC Addresses on one or more ports, with Their Corresponding Port Numbers.
Monitoring and Analyzing Switch Operation Status and Counters Data Spanning Tree Protocol (STP) Information Menu Access to STP Data From the Main Menu, select: 1. Status and Counters … 8. Spanning Tree Information STP must be enabled on the switch to display the following data: Figure B-11. Example of Spanning Tree Information Use this screen to determine current switch-level STP parameter settings and statistics.
Monitoring and Analyzing Switch Operation Status and Counters Data Figure B-12. Example of STP Port Information CLI Access to STP Data This option lists the STP configuration, root data, and per-port data (cost, priority, state, and designated bridge).
Monitoring and Analyzing Switch Operation Status and Counters Data Internet Group Management Protocol (IGMP) Status The switch uses the CLI to display the following IGMP status on a per-VLAN basis: Show Command Output show ip igmp Global command listing IGMP status for all VLANs configured in the switch: • VLAN ID (VID) and name • Active group addresses per VLAN • Number of report and query packets per group • Querier access port per VLAN show ip igmp Per-VLAN command listing above IGMP stat
Monitoring and Analyzing Switch Operation Status and Counters Data VLAN Information The switch uses the CLI to display the following VLAN status: Show Command Output show vlan Lists: • Maximum number of VLANs to support • Existing VLANs • Status (static or dynamic) • Primary VLAN show vlan For the specified VLAN, lists: • Name, VID, and status (static/dynamic) • Per-Port mode (tagged, untagged, forbid, no/auto) • “Unknown VLAN” setting (Learn, Block, Disable) • Port status (up/down) For ex
Monitoring and Analyzing Switch Operation Status and Counters Data Listing the VLAN ID (VID) and Status for Specific Ports. Because ports A1 and A2 are not members of VLAN 44, it does not appear in this listing. Figure B-15. Example of VLAN Listing for Specific Ports Listing Individual VLAN Status. Figure B-16.
Monitoring and Analyzing Switch Operation Status and Counters Data Web Browser Interface Status Information The “home” screen for the web browser interface is the Status Overview screen, as shown below. As the title implies, it provides an overview of the status of the switch, including summary graphs indicating the network utili zation on each of the switch ports, symbolic port status indicators, and the Alert Log, which informs you of any problems that may have occurred on the switch.
Monitoring and Analyzing Switch Operation Interface Monitoring Features Interface Monitoring Features Port Monitoring Features Feature Default Menu CLI Web display monitoring configuration disabled page B-24 page B-26 page B-29 configure the monitor port(s) ports: none page B-24 page B-27 page B-29 selecting or removing ports page B-24 page B-28 page B-29 none selected You can designate monitoring of inbound and outbound traffic on: ■ Ports and static trunks: Allows monitoring of individual p
Monitoring and Analyzing Switch Operation Interface Monitoring Features Menu: Configuring Port and Static Trunk Monitoring This procedure describes configuring the switch for monitoring when moni toring is disabled. (If monitoring has already been enabled, the screens will appear differently than shown in this procedure.) 1. From the Console Main Menu, Select: 2. Switch Configuration... 3. Network Monitoring Port Enable monitoring by setting this parameter to “Yes”. Figure B-18.
Monitoring and Analyzing Switch Operation Interface Monitoring Features Move the cursor to the Monitoring Port parameter. Inbound Port and Trunk Monitoring (Only) on the Switch 4108 Figure B-19. How To Select a Monitoring Port 5. Use the Space bar to select the port to use for monitoring. 6. Highlight the Monitor field and use the Space bar to select the interfaces to monitor: Ports: Use for monitoring ports, static trunks, or the mesh. VLAN: Use for monitoring a VLAN (5300xl and 4200vl switches). 7.
Monitoring and Analyzing Switch Operation Interface Monitoring Features ii. Use the Space bar to select the VLAN you want to monitor. iii. Go to step 10. 8. Use the down arrow key to move the cursor to the Action column for the individual ports and position the cursor at a port you want to monitor. 9. Press the Space bar to select Monitor for each port and trunk that you want monitored. (Use the down arrow key to move from one interface to the next in the Action column.) 10.
Monitoring and Analyzing Switch Operation Interface Monitoring Features Port receiving monitored traffic. Monitored Ports Figure B-20. Example of Monitored Port Listing Configuring the Monitor Port. Syntax: [no] mirror-port [< port-num >] This command assigns or removes a monitoring port, and must be executed from the global configuration level. Removing the monitor port disables port monitoring and resets the monitoring parameters to their factory-default settings.
Monitoring and Analyzing Switch Operation Interface Monitoring Features Selecting or Removing Monitoring Source Interfaces. After you con figure a monitor port you can use either the global configuration level or the interface context level to select ports, static trunks, meshed ports, or (for the 5300xl switches or 4200vl switches) VLANs as monitoring sources. You can also use either level to remove monitoring sources.
Monitoring and Analyzing Switch Operation Interface Monitoring Features To monitor a VLAN: Configure monitoring of VLAN 20. Display current monitoring configuration: – Monitor port – Interface Being Monitored Figure B-22. Example of Configuring VLAN Monitoring These two commands show how to disable monitoring at the interface context level for a single port or all ports in an interface context level.
Monitoring and Analyzing Switch Operation Interface Monitoring Features — This page is intentionally unused.
C Troubleshooting Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-3 Troubleshooting Approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-4 Browser or Telnet Access Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . C-5 Unusual Network Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-7 General Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting Contents Debug Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-36 Debug Destinations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-38 Syslog Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-39 Viewing the Debug Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-40 Steps for Configuring Debug and Syslog Messaging . . . . . . . . . . . . .
Troubleshooting Overview Overview This chapter addresses performance-related network problems that can be caused by topology, switch configuration, and the effects of other devices or their configurations on switch operation. (For switch-specific information on hardware problems indicated by LED behavior, cabling requirements, and other potential hardware-related problems, refer to the installation guide you received with the switch.
Troubleshooting Troubleshooting Approaches Troubleshooting Approaches Use these approaches to diagnose switch problems: ■ Check the ProCurve Networking web site for software updates that may have solved your problem: www.procurve.com ■ Check the switch LEDs for indications of proper switch operation: • Each switch port has a Link LED that should light whenever an active network device is connected to the port.
Troubleshooting Browser or Telnet Access Problems Browser or Telnet Access Problems Cannot access the web browser interface: ■ Access may be disabled by the Web Agent Enabled parameter in the switch console. Check the setting on this parameter by selecting: 2. Switch Configuration … 1. System Information ■ The switch may not have the correct IP address, subnet mask or gateway. Verify by connecting a console to the switch’s Console port and selecting: 2. Switch Configuration … 5.
Troubleshooting Browser or Telnet Access Problems Cannot Telnet into the switch console from a station on the network: ■ Off subnet management stations can lose Telnet access if you enable routing without first configuring a static (default) route. That is, the switch uses the IP default gateway only while operating as a Layer 2 device. While routing is enabled on the switch, the IP default gateway is not used.
Troubleshooting Unusual Network Activity Unusual Network Activity Network activity that fails to meet accepted norms may indicate a hardware problem with one or more of the network components, possibly including the switch. Such problems can also be caused by a network loop or simply too much traffic for the network as it is currently designed and implemented.
Troubleshooting Unusual Network Activity This can also happen, for example, if the server is first configured to issue IP addresses with an unlimited duration, then is subsequently configured to issue IP addresses that will expire after a limited duration. One solution is to configure “reservations” in the DHCP server for specific IP addresses to be assigned to devices having specific MAC addresses. For more information, refer to the documentation for the DHCP server.
Troubleshooting Unusual Network Activity Indicates that routing is enabled; a require ment for ACL operation. (There is an exception. See the Note, below.) Figure C-1. Indication that Routing Is Enabled Note If an ACL assigned to a VLAN includes an ACE referencing an IP address on the switch itself as a packet source or destination, the ACE screens traffic to or from this switch address regardless of whether IP routing is enabled.
Troubleshooting Unusual Network Activity Error (Invalid input) when entering an IP address. When using the “host” option in the command syntax, ensure that you are not including a mask in either dotted decimal or CIDR format. Using the “host” option implies a specific host device and therefore does not permit any mask entry. Correct. Incorrect. No mask needed to specify a single host. Figure C-2. Examples of Correctly and Incorrectly Specifying a Single Host Apparent failure to log all “Deny” Matches.
Troubleshooting Unusual Network Activity DA or to use a wildcard ACL mask in a deny statement that happens to include the switch’s IP address. For an example of this problem, refer to the section titled “General ACL Operating Notes” in the “Access Control Lists (ACLs)” chapter of the Advanced Traffic Management Guide for your switch. Routing Through a Gateway on the Switch Fails Configuring a “deny” ACE that includes a gateway address can block traffic attempting to use the gateway as a next-hop.
Troubleshooting Unusual Network Activity Switch 2 10 Net -- VLAN 1 IP: 10.0.8.16 (Deflt. G’way = 10.0.8.1) 5300xl, 3400cl, or 6400cl Switch 10 Net -- VLAN 1 IP: 10.08.15 (Deflt. G’Way = 10.0.8.1) Switch 1 20 Net -- VLAN 2 IP: 20.0.8.21 (Deflt. G’way = 20.0.8.1) 20 Net VLAN 2 IP: 20.0.8.1 (Deflt. G’way for20.0.8.1) Switch 1 cannot access the 30 Net on Router X because ACL 101 on the Switch 5300xl or 3400cl denies routed, outbound IP traffic to the 10 Net. Router X 10 Net IP: 10.0.8.1 30 Net IP: 30.29.
Troubleshooting Unusual Network Activity IGMP-Related Problems IP Multicast (IGMP) Traffic That Is Directed By IGMP Does Not Reach IGMP Hosts or a Multicast Router Connected to a Port. IGMP must be enabled on the switch and the affected port must be configured for “Auto” or “Forward” operation. IP Multicast Traffic Floods Out All Ports; IGMP Does Not Appear To Filter Traffic.
Troubleshooting Unusual Network Activity Mesh-Related Problems Traffic on a dynamic VLAN does not get through the switch mesh . GVRP enables dynamic VLANs. Ensure that all switches in the mesh have GVRP enabled. (Note that ProCurve 1600M/2400M/2424M/4000M/8000M switches do not offer GVRP. Thus, if there are any of these switches in the mesh, GVRP must be disabled for any switch in the mesh.) The Switch Mesh Does Not Allow A ProCurve Switch 1600M/2400M/ 2424M/4000M/8000M Port To Join the Mesh .
Troubleshooting Unusual Network Activity Port-Based Access Control (802.1x)-Related Problems Note To list the 802.1x port-access Event Log messages stored on the switch, use show log 802. See also “Radius-Related Problems” on page C-18. The switch does not receive a response to RADIUS authentication requests. In this case, the switch will attempt authentication using the secondary method configured for the type of access you are using (console, Telnet, or SSH).
Troubleshooting Unusual Network Activity The switch does not authenticate a client even though the RADIUS server is properly configured and providing a response to the authentication request. If the RADIUS server configuration for authenti cating the client includes a VLAN assignment, ensure that the VLAN exists as a static VLAN on the switch. Refer to “How 802.1x Authentication Affects VLAN Operation” in the Access Security Guide for your switch.
Troubleshooting Unusual Network Activity Port A9 shows an “Open” status even though Access Control is set to Unauthorized (Force Auth). This is because the port-access authenticator has not yet been activated. Figure C-6. Authenticator Ports Remain “Open” Until Activated RADIUS server fails to respond to a request for service, even though the server’s IP address is correctly configured in the switch.
Troubleshooting Unusual Network Activity Also, ensure that the switch port used to access the RADIUS server is not blocked by an 802.1x configuration on that port. For example, show portaccess authenticator < port-list > gives you the status for the specified ports. Also, ensure that other factors, such as port security or any 802.1x configura tion on the RADIUS server are not blocking the link. The authorized MAC address on a port that is configured for both 802.
Troubleshooting Unusual Network Activity ■ Ensure that the radius-server timeout period is long enough for network conditions. ■ Verify that the switch is using the same UDP port number as the server. RADIUS server fails to respond to a request for service, even though the server’s IP address is correctly configured in the switch. Use show radius to verify that the encryption key the switch is using is correct for the server being contacted.
Troubleshooting Unusual Network Activity Broadcast Storms Appearing in the Network. This can occur when there are physical loops (redundant links) in the topology.Where this exists, you should enable STP on all bridging devices in the topology in order for the loop to be detected. STP Blocks a Link in a VLAN Even Though There Are No Redundant Links in that VLAN. In 802.1Q-compliant switches STP blocks redundant physical links even if they are in separate VLANs.
Troubleshooting Unusual Network Activity Executing IP SSH does not enable SSH on the switch. The switch does not have a host key. Verify by executing show ip host-public-key. If you see the message ssh cannot be enabled until a host key is configured (use 'crypto' command). then you need to generate an SSH key pair for the switch. To do so, execute crypto key generate.(Refer to “2. Generating the Switch’s Public and Private Key Pair” in the SSH chapter of the Access Security Guide for your switch.
Troubleshooting Unusual Network Activity TACACS-Related Problems Event Log. When troubleshooting TACACS+ operation, check the switch’s Event Log for indications of problem areas. All Users Are Locked Out of Access to the Switch. If the switch is func tioning properly, but no username/password pairs result in console or Telnet access to the switch, the problem may be due to how the TACACS+ server and/or the switch are configured.
Troubleshooting Unusual Network Activity ■ The encryption key configured in the server does not match the encryption key configured in the switch (by using the tacacs-server key command). Verify the key in the server and compare it to the key configured in the switch. (Use show tacacs-server to list the global key. Use show config or show config running to list any server-specific keys.) ■ The accessible TACACS+ servers are not configured to provide service to the switch.
Troubleshooting Unusual Network Activity TimeP, SNTP, or Gateway Problems The Switch Cannot Find the Time Server or the Configured Gateway . TimeP, SNTP, and Gateway access are through the primary VLAN, which in the default configuration is the DEFAULT_VLAN. If the primary VLAN has been moved to another VLAN, it may be disabled or does not have ports assigned to it. VLAN-Related Problems Monitor Port.
Troubleshooting Unusual Network Activity Link supporting VLAN_1 and VLAN_2 Switch “X” Port X-3 Switch “Y” Port Y- 7 VLAN Port Assignment VLAN Port Assignment Port VLAN_1 Port VLAN_1 X-3 VLAN_2 Untagged Tagged Y-7 VLAN_2 Untagged Tagged Figure C-9. Example of Correct VLAN Port Assignments on a Link 1. If VLAN_1 (VID=1) is configured as “Untagged” on port 3 on switch “X”, then it must also be configured as “Untagged” on port 7 on switch “Y”.
Troubleshooting Unusual Network Activity MAC Address “A”; VLAN 1 Server MAC Address “A”; VLAN 2 5300xl, 4200vl, 3400cl, or 6400cl Switch (Multiple Forwarding Database) VLAN 1 VLAN 2 Switch with Single Forwarding Database Problem: This switch detects continual moves of MAC address “A” between ports. Figure C-10.
Troubleshooting Using the Event Log To Identify Problem Sources Using the Event Log To Identify Problem Sources The Event Log records operating events as single-line entries listed in chrono logical order, and serves as a tool for isolating problems. Each Event Log entry is composed of five fields: Severity I Date 08/05/01 Time System Module 10:52:32 ports: Event Message port A1 enabled Severity is one of the following codes: I (information) indicates routine events.
Troubleshooting Using the Event Log To Identify Problem Sources Table C-1.
Troubleshooting Using the Event Log To Identify Problem Sources Menu: Entering and Navigating in the Event Log From the Main Menu, select Event Log. Range of Events in the Log Range of Log Events Displayed Log Status Line Figure C-11. Example of an Event Log Display The log status line at the bottom of the display identifies where in the sequence of event messages the display is currently positioned.
Troubleshooting Using the Event Log To Identify Problem Sources CLI: Listing Events Syntax: show logging [-a] [] Uses the CLI to list: ■ Events recorded since the last boot of the switch ■ All events recorded ■ Event entries containing a specific keyword, either since the last boot or all events recorded show logging Lists recorded log messages since last reboot. show logging -a Lists all recorded log messages, including those before the last reboot.
Troubleshooting Using the Event Log To Identify Problem Sources Reducing Duplicate Event Log and SNMP Trap Messages Note This feature is available with all software releases for the Series 3400/6400cl switches, Series 4200vl switches and with software release E.08.xx and greater on the Series 5300xl switches. Initially it applies only to Event Log messages and SNMP traps generated by the PIM software module.
Troubleshooting Using the Event Log To Identify Problem Sources W 10/01/04 09:00:33 PIM:No IP address configured on VID 100 (1) The counter indicates that this is the first instance of this event since the switch last rebooted. Figure C-12. Example of the First Instance of an Event Message and Counter If PIM operation caused the same event to occur six more times during the initial log throttle period, there would be no further entries in the Event Log.
Troubleshooting Using the Event Log To Identify Problem Sources These two messages report separate events involving separate log throttle periods and separate counters. W 10/01/04 09:00:33 PIM:No IP address configured on VID 100 (1) W 10/01/04 09:00:33 PIM:No IP address configured on VID 205 (1) . . . Figure C-14. Example of Log Messages Generated by Unrelated Events of the Same Type Example of Event Counter Operation.
Troubleshooting Debug and Syslog Messaging Operation Debug and Syslog Messaging Operation The switch’s Event Log records switch-level progress, status, and warning messages. The Debug/System-Logging (Syslog) feature provides a method for recording messages you can use to help in debugging network-level problems, such as routing misconfigurations and other network protocol details. Debug enables you to specify the types of event notification messages to send to external devices.
Troubleshooting Debug and Syslog Messaging Operation Debug logging requires a logging destination (Syslog server and/or a session type), and involves the logging and debug destination commands. Actions you can perform with Debug and Syslog operation include: Configure the switch to send Event Log messages to one or more Syslog servers. Included is the option to send the messages to the User log facility (default) on the configured server(s) or to another log facility.
Troubleshooting Debug and Syslog Messaging Operation Note Using the logging < dest-ip-addr > command to configure a Syslog server address creates an exception to the above general operation. Refer to “Syslog Operation” on page C-39. Debug Types This section describes the types of debug messages the switch can send to configured debug destinations.
Troubleshooting Debug and Syslog Messaging Operation Syntax: [no] debug < debug-type > (Continued) ip [ ospf < adj | event | flood | lsa-generation | packet | retransmission | spf > ] For the configured debug destination(s): ospf < adj | event | flood | lsa-generation | packet | retransmission | spf > — Enables the specified IP-OSPF message type. adj — Adjacency changes. event — OSPF events. flood — Information on flood messages. lsa-generation — New LSAs added to database. packet — Packets sent/received.
Troubleshooting Debug and Syslog Messaging Operation Debug Destinations Debug enables you to disable and re-enable Syslog messaging to configured servers, and to designate a CLI session to receive messaging of any debug type. Syntax: [no] debug destination < logging | session > logging This command enables Syslog logging to the configured Syslog server(s).
Troubleshooting Debug and Syslog Messaging Operation Syslog Operation Syslog is a client-server logging tool that allows a client switch to send event notification messages to a networked device operating with Syslog server software. Messages sent to a Syslog server can be stored to a file for later debugging analysis. Use of Syslog requires that you set up a Syslog server application on a networked host accessible to the switch. (Refer to the documentation for the Syslog server application you select.
Troubleshooting Debug and Syslog Messaging Operation Syntax: [no] logging facility < facility-name > The logging facility specifies the destination subsystem the Syslog server(s) must use. (All configured Syslog servers must use the same subsystem.) ProCurve recommends the default (user) subsystem unless your application specifically requires another subsystem.
Troubleshooting Debug and Syslog Messaging Operation Using this command when there are no Syslog server IP addresses already configured enables both debug messaging to a Syslog server and the Event debug-type, which means that the switch begins send ing Event Log messages to the server, regardless of other debug types that may be configured. b. Use the command in step “a” to configure any additional Syslog servers you want to use, up to a total of six.
Troubleshooting Debug and Syslog Messaging Operation Example: Suppose that there are no Syslog servers configured on the switch (the default). Configuring one Syslog server enables debug logging to that server and also enables Event Log messages to be sent to the server. Displays the default debug configuration. (There are no Syslog server IP addresses or debug types configured.
Troubleshooting Debug and Syslog Messaging Operation Example. Suppose that you want to: ■ Configure Syslog logging of ACL and IP-OSPF packet messages on a Syslog server at 18.38.64.164 (with user as the default logging facility). ■ Also display these messages in the CLI session of your terminal device’s management access to the switch. ■ Prevent the Switch’s standard Event Log messages from going to the Syslog server and the CLI.
Troubleshooting Debug and Syslog Messaging Operation Operating Notes for Debug and Syslog ■ Rebooting the Switch or pressing the Reset button resets the Debug Configuration. Debug Option Effect of a Reboot or Reset logging (destination) If any Syslog server IP addresses are in the startup-config file, they are saved across a reboot and the logging destination option remains enabled. Otherwise, the logging destination is disabled. Session (destination) Disabled. C-44 ACL (event type) Disabled.
Troubleshooting Diagnostic Tools Diagnostic Tools Diagnostic Features Feature Default Menu CLI Web Port Auto negotiation n/a n/a Ping Test n/a — page C-48 page C-47 Link Test n/a — page C-48 page C-47 Display Config File n/a — page C-50 page C-50 Admin.
Troubleshooting Diagnostic Tools Note To respond to a Ping test or a Link test, the device you are trying to reach must be IEEE 802.3-compliant. Ping Test. This is a test of the path between the switch and another device on the same or another IP network that can respond to IP packets (ICMP Echo Requests). Link Test. This is a test of the connection between the switch and a desig nated network device on the same LAN (or VLAN, if configured). During the link test, IEEE 802.
Troubleshooting Diagnostic Tools Web: Executing Ping or Link Tests 1. Click here. 2. Click here. 3. Select Ping Test (the default) or Link Test 4. For a Ping test, enter the IP address of the target device. For a Link test, enter the MAC address of the target device. 6. Click on Start to begin the test. 5. Select the number of tries (packets) and the timeout for each try from the drop-down menus. Figure C-18.
Troubleshooting Diagnostic Tools Number of Packets to Send is the number of times you want the switch to attempt to test a connection. Timeout in Seconds is the number of seconds to allow per attempt to test a connection before determining that the current attempt has failed. To halt a Link or Ping test before it concludes, click on the Stop button. To reset the screen to its default settings, click on the Defaults button. CLI: Ping or Link Tests Ping Tests.
Troubleshooting Diagnostic Tools Link Tests. You can issue single or multiple link tests with varying repeti tions and timeout periods. The defaults are: ■ Repetitions: 1 (1 - 999) ■ Timeout: 5 seconds (1 - 256 seconds) Syntax: link < mac-address > [repetitions < 1 - 999 >] [timeout < 1 - 256 >] [vlan < vlan-id >] Basic Link Test Link Test with Repetitions Link Test with Repetitions and Timeout Link Test Over a Specific VLAN Link Test Over a Specific VLAN; Test Fail Figure C-20.
Troubleshooting Diagnostic Tools Displaying the Configuration File The complete switch configuration is contained in a file that you can browse from either the web browser interface or the CLI. It may be useful in some troubleshooting scenarios to view the switch configuration. CLI: Viewing the Configuration File Using the CLI, you can display either the running configuration or the startup configuration. (For more on these topics, see appendix C, “Switch Memory and Configuration”.
Troubleshooting Diagnostic Tools ■ IP routes ■ Status and counters — VLAN information ■ GVRP support ■ Load balancing (trunk and LACP) Syntax: show tech Executing show tech outputs a data listing to your terminal emulator. However, using your terminal emulator’s text capture features, you can also save show tech data to a text file for viewing, printing, or sending to an associate.
Troubleshooting Diagnostic Tools 3. Click [Start] to create and open the text file. 4. Execute show tech: ProCurve# show tech Note a. Each time the resulting listing halts and displays -- MORE --, press the Space bar to resume the listing. b. When the CLI prompt appears, the show tech listing is complete. At this point, click on Transfer | Capture Text | Stop in HyperTerminal to stop copying data into the text file created in the preceding steps.
Troubleshooting Diagnostic Tools Syntax: show version [no] page Toggles the paging mode for display commands between continuous listing and per-page listing. setup Displays the Switch Setup screen from the menu interface. repeat Repeatedly executes the previous command until a key is pressed. kill Terminates all other active sessions. Traceroute Command The traceroute command enables you to trace the route from the switch to a host address.
Troubleshooting Diagnostic Tools [minttl < 1-255 >] For the current instance of traceroute, changes the minimum number of hops allowed for each probe packet sent along the route. If minttl is greater than the actual number of hops, then the output includes only the hops at and above the minttl threshold. (The hops below the threshold are not listed.) If minttl matches the actual number of hops, only that hop is shown in the output. If minttl is less than the actual number of hops, then all hops are listed.
Troubleshooting Diagnostic Tools Intermediate router hops with the time taken for the switch to receive acknowledgement of each probe reaching each router. Destination IP Address Figure C-23. Example of a Completed Traceroute Enquiry Continuing from the previous example (figure C-23, above), executing traceroute with an insufficient maxttl for the actual hop count produces an output similar to this: Traceroute does not reach destination IP address because of low maxttl setting.
Troubleshooting Diagnostic Tools Executing traceroute where the route becomes blocked or otherwise fails results in an output marked by timeouts for all probes beyond the last detected hop. For example with a maximum hop count of 7 (maxttl = 7), where the route becomes blocked or otherwise fails, the output appears similar to this: At hop 3, the first and third probes timed out but the second probe reached the router.
Troubleshooting Restoring the Factory-Default Configuration Restoring the Factory-Default Configuration As part of your troubleshooting process, it may become necessary to return the switch configuration to the factory default settings.
Troubleshooting Restoring a Flash Image 2. Continue to press the Clear button while releasing the Reset button. 3. When the Self Test LED begins to flash, release the Clear button. The switch will then complete its self test and begin operating with the configuration restored to the factory default settings.
Troubleshooting Restoring a Flash Image 3. Use the Reset button to reset the switch. The following prompt should then appear in the terminal emulator: Enter h or ? for help. => 4. Since the OS file is large, you can increase the speed of the download by changing the switch console and terminal emulator baud rates to a high speed. For example: a. Change the switch baud rate to 115,200 Bps. => sp 115200 b. 5. Change the terminal emulator baud rate to match the switch speed: i.
Troubleshooting Restoring a Flash Image Figure C-26. Example of Xmodem Download in Progress 8. C-60 When the download completes, the switch reboots from primary flash using the OS image you downloaded in the preceding steps, plus the most recent startup-config file.
D MAC Address Management Contents Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-2 Determining MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-3 Menu: Viewing the Switch’s MAC Addresses . . . . . . . . . . . . . . . . . . . . D-4 CLI: Viewing the Port and VLAN MAC Addresses . . . . . . . . . . . . . . . . D-5 Viewing the MAC Addresses of Connected Devices . . . . . . . . . . . . .
MAC Address Management Overview Overview The switch assigns MAC addresses in these areas: ■ For management functions, one Base MAC address is assigned to the default VLAN (VID = 1). (All VLANs on the switches covered in this guide use the same MAC address.) ■ For internal switch operations: One MAC address per port (See “CLI: Viewing the Port and VLAN MAC Addresses” on page D-5.) MAC addresses are assigned at the factory.
MAC Address Management Determining MAC Addresses Determining MAC Addresses MAC Address Viewing Methods Feature Menu CLI Web view switch’s base (default vlan) MAC address n/a and the addressing for any added VLANs D-4 D-5 — view port MAC addresses (hexadecimal format) n/a — D-5 — ■ Note Default Use the menu interface to view the switch’s base MAC address and the MAC address assigned to any VLAN you have configured on the switch.
MAC Address Management Determining MAC Addresses Menu: Viewing the Switch’s MAC Addresses The Management Address Information screen lists the MAC addresses for: ■ Base switch (default VLAN; VID = 1) ■ Any additional VLANs configured on the switch. Also, the Base MAC address appears on a label on the back of the switch. Note The Base MAC address is used by the first (default) VLAN in the switch.
MAC Address Management Determining MAC Addresses CLI: Viewing the Port and VLAN MAC Addresses The MAC address assigned to each switch port is used internally by such features as Flow Control and the spanning-tree protocol. Using the walkmib command to determine the MAC address assignments for individual ports can sometimes be useful when diagnosing switch operation. Switch Series MAC Address Allocation 5300xl and 4200vl The switch allots 26 MAC addresses per slot.
MAC Address Management Determining MAC Addresses (The above command is not case-sensitive.) For example, with a 4-port module in slot A of a 5304xl switch, a 24-port module in slot B, and four nondefault VLANs configured: ifPhysAddress.1 - 4: Ports A1 - A4 in Slot A (Addresses 5 - 24 in slot A are unused, and addresses 25 and 26 are reserved.) ifPhysAddress.27 - 50: Ports B1 - B24 in Slot B (Addresses 51 - 52 in slot B are reserved.) ifPhysAddress.
MAC Address Management Determining MAC Addresses ifPhysAddress.1 - 24: Ports 1 - 24 (A 3400cl-48G switch includes addresses 1 - 48 for the fixed ports.) ifPhysAddress.25 - 26: Ports 25 - 26 (Addresses 25 - 26 appear only if a 10-gigabit expansion module is installed in the switch. On a 3400cl-48G switch, these ports are numbered 49 and 50.) ifPhysAddress.102 Base MAC Address (MAC Address for default VLAN; VID = 1) Figure D-3.
MAC Address Management Viewing the MAC Addresses of Connected Devices Viewing the MAC Addresses of Connected Devices Syntax: show mac-address [ | mac-addr | Lists the MAC addresses of the devices the switch has detected, along with the number of the specific port on which each MAC address was detected. [ port-list ] Lists the MAC addresses of the devices the switch has detected, on the specified port(s). [ mac-addr ] Lists the port on which the switch detects the specified MAC address.
E Daylight Savings Time on ProCurve Switches This information applies to the following ProCurve switches: • • • • • • • 212M 224M 1600M 2400M 2424M 4000M 8000M • • • • • • • • Series 2500 Series 2600 Series 2800 Series 3400cl Series 4100gl Series 4200vl Series 5300xl Series 6400cl • 6108 • AdvanceStack Switches • AdvanceStack Routers ProCurve switches provide a way to automatically adjust the system clock for Daylight Savings Time (DST) changes.
Daylight Savings Time on ProCurve Switches Middle Europe and Portugal: • Begin DST at 2am the first Sunday on or after March 25th. • End DST at 2am the first Sunday on or after September 24th. Southern Hemisphere: • Begin DST at 2am the first Sunday on or after October 25th. • End DST at 2am the first Sunday on or after March 1st. Western Europe: • Begin DST at 2am the first Sunday on or after March 23rd. • End DST at 2am the first Sunday on or after October 23rd.
Daylight Savings Time on ProCurve Switches Before configuring a “User defined” Daylight Time Rule, it is important to understand how the switch treats the entries. The switch knows which dates are Sundays, and uses an algorithm to determine on which date to change the system clock, given the configured “Beginning day” and “Ending day”: ■ If the configured day is a Sunday, the time changes at 2am on that day.
Daylight Savings Time on ProCurve Switches — This page is intentionally unused.
Index Symbols => prompt … C-58 Numerics 802.1x LLDP blocked … 15-32 802.
broadcast traffic, IPX … 10-5, 10-14 browser interface See web browser interface.
running-config file … 6-25 running-config file operation … 6-24 secondary boot path … 6-27 sftp/scp transfer … 6-39 show config file content … 6-29 show multiple files … 6-27 slot 1, use … 6-39 startup-config … 6-24 startup-config file … 6-25 transition to multiple files … 6-26 Unable to copy … 6-32 workingConfig … 6-24, 6-26, 6-28 xmodem from host … 6-38 xmodem to host … 6-38 configuring uplink VLAN … 12-19 console … C-7 configuring … 7-3 ending a session … 3-5 features … 2-3 Main menu … 3-7 navigation … 3
excessive packets … 14-34 operation … 14-21 outbound queue priority … 14-22 starving queues … 14-23 F factory default configuration restoring … 6-9, C-57 failure, switch software download … A-22 fault detection … 5-8 fault detection policy … 5-8, 5-24 fault detection policy, setting … 5-24 fault detection window … 5-24 fault-tolerance … 13-5 filter, source-port … 14-33 firmware version … B-6 flash memory … 3-10, 6-3 flow control constraints … 10-5, 10-11 global … 10-10, 10-11 global requirement … 10-5, 10
for SNMP management … 15-3 multiple in a VLAN … 8-8 removing or replacing … 8-10 IP preserve DHCP server … 8-16 overview … 8-15 rules, operating … 8-16 summary of effect … 8-18 IPX network number … B-7 IPX broadcast traffic … 10-5, 10-14 J Java … 5-4, 5-5 jumbo packets configuration … 14-29 excessive inbound … 14-32 flow control … 14-28, 14-32 GVRP operation … 14-28 management VLAN … 14-32 maximum size … 14-27 meshing … 14-28 MTU … 14-27 port adds and moves … 14-28 port speed … 14-28 security concerns … 14
default configuration … 15-33 DHCP/Bootp operation … 15-32 disable, per-port … 15-42 display neighbor data … 15-65 ELIN … 15-25 enable/disable, global … 15-37 features … 15-24 general operation … 15-27 global counters … 15-68 holdtime multiplier … 15-39 hub, packet-forwarding … 15-28 IEEE 802.1AB/D9 … 15-26 IEEE P802.
See port trunk. logging, command … C-36 logical port … 13-8 loop, network … 13-3 lost password … 5-10 M MAC address … 8-13, B-6, D-2 displaying detected devices … D-8 duplicate … C-20, C-25 learned … B-13 per slot … D-5 per-slot or per-port … D-5 port … D-2, D-4 same MAC, multiple VLANs … D-6 switch … D-2 VLAN … D-2, D-5 walkmib … D-5 management interfaces described … 2-2 server URL … 5-12, 5-13 server URL default … 5-13 management VLAN See VLAN.
delete … 3-7, 5-10 if you lose the password … 5-10 lost … 5-10 manager … 5-8 operator … 5-8 set … 3-7 setting … 5-9 using to access browser and console … 5-10 PCM/PCM+ starting web browser … 5-4 PD … 15-26 ping test … C-46 for troubleshooting … C-45 PoE … 15-47 802.3af … 11-6 802.
link requirements … 13-3 logical port … 13-8 media requirements … 13-7 media type … 13-3 menu access to static trunk … 13-9 monitor port restrictions … 13-8 monitoring … B-23 nonconsecutive ports … 13-2 port security restriction … 13-8 removing port from static trunk … 13-15 requirements … 13-7 SA/DA … 13-25 spanning tree protocol … 13-8 static trunk … 13-7 static trunk, overview … 13-5 static/dynamic limit … 13-19 STP … 13-8 STP operation … 13-7 traffic distribution … 13-7 Trk1 … 13-7 trunk (non-protocol)
RFC2863 … 15-31 RIP debug command … C-37 RIP broadcast traffic, broadcast traffic, RIP … 10-5, 10-14 RMON … 15-4 RMON groups supported … 15-22 router gateway … 8-6 router, hop … 8-10 routing gateway fails … C-11 OSPF debug … C-37 RIP debug … C-37 traceroute … C-53 RS-232 … 2-4 running-config, viewing … 6-6 See also configuration. S SCP/SFTP session limit … A-15 secure copy See SCP/SFTP. secure FTP See SCP/SFTP.
viewing … 9-5, 9-9 software See switch software. software image See switch software. software version … B-6 sorting alert log entries … 5-20 source-port filter … 14-33 spanning tree fast-uplink, troubleshooting … C-20 global information … B-17 information screen … B-17 problems related to … C-20 show tech, copy output … C-51 statistics … B-17 using with port trunking … 13-8 special ports used … 12-7 specific VID … 12-19 SSH TACACS exclusion … A-14 troubleshooting … C-20 stack management See stacking.
viewing, CLI … 9-19 timesync, disabling … 9-23 Time-To-Live … 8-3, 8-5, 8-6, 8-10 See also TTL.
MAC address … D-2, D-5 management and jumbo packets … 14-32 management VLAN, SNMP block … 15-3 monitoring … B-3, B-23 multinet … 8-3 multinetting … 8-3, 8-8 multiple … 15-3 multiple IP addresses … 8-3, 8-8 port configuration … C-24 primary … 8-3 reboot required … 3-8 same MAC, multiple VLANs … D-6 subnet … 8-3, 8-8 support enable/disable … 3-8 switch software download … A-4 tagging broadcast, multicast, and unicast traffic … C-24 VLAN ID See VLAN.
—This page is intentionally unused— 14 – Index
Technical information in this document is subject to change without notice. © Copyright 2006 Hewlett-Packard Development Company, L.P. Reproduction, adaptation, or translation without prior written permission is prohibited except as allowed under the copyright laws.