HP Hewlett Packard Switch series 2500 User Manual

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2

Understanding Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 1-2

Advantages of Using the Menu Interface . . . . . . . . . . . . . . . . . . . . . . . . 1-3

Advantages of Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4

Advantages of Using the HP Web Browser Interface . . . . . . . . . . . . . 1-5

Advantages of Using HP TopTools for Hubs & Switches . . . . . . . . . 1-6

1-1

Download from Www.Somanuals.com. All Manuals Search And Download.

Selecting a Management Interface

Overview

This chapter describes the following:

Management interfaces for the Switches 2512/2524

Advantages of using each interface

Understanding Management Interfaces

Management interfaces enable you to reconfigure the switch and to monitor

switchstatusandperformance. The HPSwitches2512/2524 offerthe following

interfaces:

Menu interface—a menu-driven interface offering a subset of switch

commands through the built-in VT-100/ANSI console—page 1-3

CLI—a command line interface offering the full set of switch commands

through the VT-100/ANSI console built into the switch—page 1-4

Web browser interface --a switch interface offering status information

and a subset of switch commands through a standard web browser (such

as Netscape Navigator or Microsoft Internet Explorer)—page 1-5

HP TopTools for Hubs & Switches--an easy-to-use, browser-based

network management tool that works with HP proactive networking

features built into managed HP hubs and switches

This manual describes how to use the menu interface (chapter 2), the CLI

(chapter 3), the web browser interface (chapter 4), and how to use these

interfaces to configure and monitor the switch.

For information on how to access the web browser interface Help, see “Online

Help for the Web Browser Interface” on page 4-12.

To use HP TopTools for Hubs & Switches, refer to the HP TopTools User’s

Guide and the TopTools online help, which are available electronically with

the TopTools software. (To get a copy of HP TopTools for Hubs & Switches

software, see the Read Me First document shipped with your switch.)

1-2

Download from Www.Somanuals.com. All Manuals Search And Download.

Selecting a Management Interface

Advantages of Using the Menu Interface

Figure 1-1. Example of the Console Interface Display

Provides quick, easy management access to a menu-driven subset of

switch configuration and performance features:

• IP addressing

• VLANs

• Spanning Tree

• System information

• Security

• Passwords and other security features

• Port and Static Trunk Group • SNMP communities

• Stack Management

The menu interface also provides access for:

• Setup screen

• Event Log display

• Switch and port statistic and counter

displays

• Reboots

• Switch and port

status displays

• Software downloads

Offers out-of-band access (through the RS-232 connection) to the

switch, so network bottlenecks, crashes, lack of configured or correct IP

address, and network downtime do not slow or prevent access

Enables Telnet (in-band) access to the menu functionality.

Allows faster navigation, avoiding delays that occur with slower

display of graphical objects over a web browser interface.

Provides more security; configuration information and passwords are

not seen on the network.

1-3

Download from Www.Somanuals.com. All Manuals Search And Download.

Selecting a Management Interface

Advantages of Using the CLI

Operator Level

HP2512>

Manager Level

HP2512#

Global Configuration Level

Context Configuration Levels (port, VLAN)

HP2512(config)#

HP2512(<context>)#

Figure 1-2. Example of The Command Prompt

Provides access to the complete set of the switch configuration, perfor-

mance, and diagnostic features.

Offers out-of-band access (through the RS-232 connection) or Telnet (in-

band) access.

Enables quick, detailed system configuration and management access to

system operators and administrators experienced in command prompt

interfaces.

Provides help at each level for determining available options and vari-

ables.

CLI Usage

For information on how to use the CLI, refer to chapter 3. "Using the

Command Line Interface (CLI)".

To perform specific procedures (such as configuring IP addressing or

VLANs), use the Contents listing at the front of the manual to locate the

information you need.

To monitor and analyze switch operation, see chapter 10, "Monitoring and

Analyzing Switch Operation".

For information on individual CLI commands, refer to the Index or to the

"Command Line Interface Reference Guide" available on HP’s ProCurve

website at

http://www.hp.com/go/procurve

1-4

Download from Www.Somanuals.com. All Manuals Search And Download.

Selecting a Management Interface

Advantages of Using the HP Web Browser Interface

Advantages of Using the HP Web

Browser Interface

Figure 1-3. Example of the HP Web Browser Interface

Easy access to the switch from anywhere on the network

Familiar browser interface--locations of window objects consistent

with commonly used browsers, uses mouse clicking for navigation, no

terminal setup

Many features have all their fields in one screen so you can view all

values at once

More visual cues, using colors, status bars, device icons, and other

graphical objects instead of relying solely on alphanumeric values

Display of acceptable ranges of values available in configuration list

boxes

Forspecificrequirements,see“WebBrowserInterfaceRequirements”onpage

4-4.

1-5

Download from Www.Somanuals.com. All Manuals Search And Download.

Selecting a Management Interface

Advantages of Using HP TopTools for Hubs & Switches

Advantages of Using HP TopTools for

Hubs & Switches

You can operate HP TopTools from a PC on the network to monitor traffic,

manage your hubs and switches, and proactively recommend network

changes toincrease networkuptime andoptimize performance. Easy to install

and use, HP TopTools for Hubs & Switches is the answer to your management

challenges.

Figure 1-4. Example of HP TopTools Main Screen

HP TopTools for Hubs & Switches enables greater control, uptime, and

performance in your network:

For networked devices

•

Enables fast installation of hubs and switches.

Enables you to proactively manage your network by using the Alert

Log to quickly identify problems and suggest solutions, saving valu-

able time.

1-6

Download from Www.Somanuals.com. All Manuals Search And Download.

Selecting a Management Interface

Advantages of Using HP TopTools for Hubs & Switches

•

Notifies you when HP hubs use “self-healing” features to fix or limit

common network problems.

Provides a list of discovered devices, with device type, connectivity

status, the number of new or open alerts for each device, and the type

of management for each device.

•

Provides graphical maps of your networked devices, from which you

can access specific devices.

Identifies users by port and lets you assign easy-to-remember names

to any network device.

Enables you to configure and monitor HP networked devices from

your network management PC, including identity and status informa-

tion, port counters, port on/off capability, sensitivity thresholds for

traps, IP and security configuration, device configuration report, and

other device features.

•

Enables policy-based management through the Quality of Service

feature (QoS) to establish traffic priority policies for controlling and

improving throughput across all the HP switches in your network that

support this feature.

For network traffic:

•

Watches the network for problems and displays real-time information

about network status.

•

Shows traffic and “top talker” nodes on screen.

Uses traffic monitor diagrams to make bottlenecks easy to see.

Improves network reliability through real-time fault isolation.

Lets you see your entire network without having to put RMON probes

on every segment (up to 1500 segments).

For network growth:

•

Monitors, stores, and analyzes network traffic to determine where

upgrades are needed.

•

Uses Network Performance Advisor for automatic traffic analysis

and easy-to-understand reports that give clear, easy-to-follow plans

for cost-effectivly upgrading your network.

1-7

Download from Www.Somanuals.com. All Manuals Search And Download.

Selecting a Management Interface

Advantages of Using HP TopTools for Hubs & Switches

1-8

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Menu Interface

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

Starting and Ending a Menu Session . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

Main Menu Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7

Screen Structure and Navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9

Rebooting the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12

Menu Features List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-14

Where To Go From Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-15

2-1

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Menu Interface

Overview

This chapter describes the following features:

Overview of the Menu Interface (page 4-1)

Starting and ending a Menu session (page 2-3)

The Main Menu (page 2-7)

Screen structure and navigation (page 2-9)

Rebooting the switch (page 2-12)

The menu interface operates through the switch console to provide you with

a subset of switch commands in an easy-to-use menu format enabling you to:

Perform a "quick configuration" of basic parameters, such as the IP

addressing needed to provide management access through your network

Configure these features:

•

Manager and Operator pass-

words

•

A network monitoring port

Stack Management

•

System parameters

IP addressing

Ports

Spanning Tree operation

SNMP community names

IP authorized managers

VLANs (Virtual LANs)

One trunk group

View status, counters, and Event Log information

Download new software system

Reboot the switch

For a detailed list of menu features, see the "Menu Features List" on page 2-14.

Privilege Levels and Password Security. HP strongly recommends that

you configure a Manager password to help prevent unauthorized access to

your network. A Manager password grantsfull read-write accessto the switch.

An Operator password, if configured, grants access to status and counter,

Event Log, and the Operator level in the CLI. After you configure passwords

on the switch and log off of the interface, access to the menu interface (and

the CLI and web browser interface) will require entry of either the Manager

or Operator password. (If the switch has only a Manager password, then

someone without a password can still gain read-only access.) For more

information on passwords, see "Using Password Security" on .

2-2

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Menu Interface

Starting and Ending a Menu Session

Menu Interaction with Other Interfaces.

A configuration change made through any switch interface overwrites

earlier changes made through any other interface.

The Menu Interface and the CLI (Command Line Interface) both use the

switch console. To enter the menu from the CLI, use the menu command.

To enter the CLI from the Menu interface, select Command Line (CLI) option.)

Starting and Ending a Menu Session

You can access the menu interface using any of the following:

A direct serial connection to the switch’s console port, as described in the

installation guide you received with the switch

A Telnet connection to the switch console from a networked PC or the

switch’s web browser interface. Telnet requires that an IP address and

subnet mask compatible with your network have already been configured

on the switch.

The stack Commander, if the switch is a stack member

N o t e

This section assumes that either a terminal device is already configured and

connectedtotheswitch (seetheInstallationGuideshippedwithyourswitch)

or that you have already configured an IP address on the switch (required for

Telnet access).

2-3

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Menu Interface

Starting and Ending a Menu Session

How To Start a Menu Interface Session

In its factory default configuration, the switch console starts with the CLI

prompt. To use the menu interface with Manager privileges, go to the Manager

level prompt and enter the menu command.

1. Use one of these methods to connect to the switch:

•

A PC terminal emulator or terminal

Telnet

(You can also use the stack Commander if the switch is a stack member.

See "HP ProCurve Stack Management" on ).

2. Do one of the following:

•

If you are using Telnet, go to step 3.

If you are using a PC terminal emulator or a terminal, press [Enter] one

or more times until a prompt appears.

3. When the switch screen appears, do one of the following:

•

If a password has been configured, the password prompt appears.

Password: _

Type the Manager password and press [Enter]. Entering the Manager

password gives you manager-level access to the switch. (Entering the

Operator password gives you operator-level access to the switch. See

"Using Password Security" on .)

•

If no password has been configured, the CLI prompt appears . Go to

the next step.

4. When the CLI prompt appears, display the Menu interface by entering the

menu command. For example:

HP2512# menu[Enter]

results in:

2-4

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Menu Interface

Starting and Ending a Menu Session

Figure 2-1. The Main Menu with Manager Privileges

For a description of Main Menu features, see “Main Menu Features” on page

2-7.

N o t e

To configure the switch to start with the menu interface instead of the CLI, go

to the Manager level prompt, enter the setup command, and in the resulting

desplay, change the Logon Default parameter to Menu. For more information, see

the Installation and Getting Started Guide you received with the switch.

How To End a Menu Session and Exit from the Console:

The method for ending a menu session and exiting from the console depends

on whether, during the session, you made any changes to the switch configu-

ration that require a switch reboot to activate. (Mostchanges need only a Save,

and do not require a switch reboot.) Configuration changes needing a reboot

are marked with an asterisk (*) next to the configured item in the Configura-

tion menu and also next to the Switch Configuration item in the Main Menu.

2-5

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Menu Interface

Starting and Ending a Menu Session

Asterisk indicates a

configuration change

that requires a reboot

to activate.

Figure 2-2. An Asterisk Indicates a Configuration Change Requiring a Reboot

1. In the current session, if you have not made configuration changes that

require a switch reboot to activate, return to the Main menu and press [0]

(zero) to log out. Then just exit from the terminal program, turn off the

terminal, or quit the Telnet session.

2. If you have made configuration changes that require a switch reboot—

that is, if an asterisk(*)appears next toa configured item or next toSwitch

Configuration in the Main menu:

a. Return to the Main menu.

b. Press [6] to select Reboot Switch and follow the instructions on the

reboot screen.

Rebooting the switch terminates the menu session, and, if you are using

Telnet, disconnects the Telnet session.

(See “Rebooting To Activate Configuration Changes” on page 2-13.)

3. Exit from the terminal program, turn off the terminal, or close the Telnet

application program.

2-6

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Menu Interface

Main Menu Features

Figure 2-3. The Main Menu View with Manager Privileges

The Main Menu gives you access to these Menu interface features:

Status and Counters: Provides access to display screens showing

switch information, port status and counters, port and VLAN address

tables, and spanning tree information. (See chapter 10, “Monitoring and

Analyzing Switch Operation”.)

Switch Configuration: Provides access to configuration screens for

displaying and changing the current configuration settings. (See the Con-

tents listing at the front of this manual.) For a listing of features and

parameters configurable through the menu interface, see the "Menu Fea-

tures List" on page 2-14 .

Console Passwords:Provides access to the screen used to set or change

Manager-level and Operator-level passwords, and to delete Manager and

Operator password protection. (See "Using Password Security" on page

page 7-4.)

Event Log: Enables you to read progress and error messages that are

useful for checking and troubleshooting switch operation. (See “Using the

Event Log To Identify Problem Sources” on page 11-11.)

2-7

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Menu Interface

Main Menu Features

Command Line (CLI): Selects the Command Line Interface at the same

level (Manager or Operator) that you are accessing in the Menu interface.

(See chapter 3, "Using the Command Line Interface (CLI)".)

Reboot Switch: Performs a "warm" reboot of the switch, which clears

most temporary error conditions, resets the network activity counters to

zero, and resets thesystem up time to zero. Arebootis required to activate

a change in the VLAN Support parameter. (See “Rebooting from the Menu

Interface” on page C-9.)

Download OS: Enables you to download a new software version to the

switch. (See appendix A, “Transferring an Operating System or Configu-

ration”.)

Run Setup: Displays the Switch Setup screen for quickly configuring

basic switch parameters such as IP addressing, default gateway, logon

default interface, spanning tree, and others. (See the Installation and

Getting Started guide shipped with your switch.)

Stacking: Enables you to use a single IP address and standard network

cabling to manage a group of up to 16 switches in the same subnet

(broadcast domain). See “HP ProCurve Stack Management” on page 9-5.

Logout: Closes the Menu interface and console session, and disconnects

Telnet access to the switch. (See “How to End a Menu Session and Exit

from the Console” on page 2-5.)

2-8

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Menu Interface

Screen Structure and Navigation

Menu interface screens include these three elements:

Parameter fields and/or read-only information such as statistics

Navigation and configuration actions, such as Save, Edit, and Cancel

Help line to describe navigation options, individual parameters, and read-

only data

For example, in the following System Information screen:

Screentitle–identifies

the location within the

menu structure

System name

Parameter fields

Help describing each of the

items in the parameter fields

Actions line

Help line

describing the

selected action

or selected

parameter field

Navigation instructions

Figure 4-1. Elements of the Screen Structure

“Forms” Design. The configuration screens, in particular, operate similarly

to a number of PC applications that use forms for data entry. When you first

enter these screens, you see the current configuration for the item you have

selected. To change the configuration, the basic operation is to:

1. Press [E] to select the Edit action.

2. Navigate through the screen making all the necessary configuration

changes. (See Table 4-1 on the next page.)

3. Press [Enter] to return to the Actions line. From there you can save the

configuration changes or cancel the changes. Cancel returns the configu-

ration to the values you saw when you first entered the screen.

2-9

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Menu Interface

Screen Structure and Navigation

Table 4-1. How To Navigate in the Menu Interface

Task:

Actions:

Execute an action

from the “Actions –>”

list at the bottom of

the screen:

Use either of the following methods:

•

Use the arrow keys ( [ <] ,or [ >] ) to highlight the action you want

to execute, then press [Enter].

•

Press the key corresponding to the capital letter in the action

name. For example, in a configuration menu, press [E] to select

Edit and begin editing parameter values.

Reconfigure (edit) a

parameter setting or a

field:

1. Select a configuration item, such as System Name. (See figure

4-1.)

2. Press [E] (for Edit on the Actions line).

3. Use [Tab]or the arrow keys ([ <] , [ >] , [ ^] , or [ v] ) to highlight the

item or field.

4. Do one of the following:

–

If the parameter has preconfigured values, either use the

Space bar to select a new option or type the first part of your

selection and the rest of the selection appears automatically.

(The help line instructs you to “Select” a value.)

–

If there are no preconfigured values, type in a value (the Help

line instructs you to “Enter” a value).

5. If you want to change another parameter value, return to step 3.

6. If you are finished editing parameters in the displayed screen,

press [Enter] to return to the Actions line and do one of the

following:

–

To save and activate configuration changes, press [S] (for the

Save action). This saves the changes in the startup

configuration and also implements the change in the

currently running configuration. (See appendix C, "Switch

Memory and Configuration.)

–

To exit from the screen without saving any changes that you

have made (or if you have not made changes), press [C] (for

the Cancel action).

Note: In the menu interface, executing Save activates most

parameter changes and saves them in the startup configuration

(or flash) memory, and it is therefore not necessary to reboot the

switch after making these changes. But if an asterisk appears

next to any menu item you reconfigure, the switch will not

activate or save the change for that item until you reboot the

switch. In this case, rebooting should be done after you have

made all desired changes and then returned to the Main Menu.

7. When you finish editing parameters, return to the Main Menu.

8. If necessary, reboot the switch by highlighting Reboot Switch in

the Main Menu and pressing [Enter]. (See the Note, above.)

Exit from a read-only

screen.

Press [B] (for the Back action).

2-10

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Menu Interface

Screen Structure and Navigation

To get Help on individual parameter descriptions. In most screens

there is a Help option in the Actions line. Whenever any of the items in the

Actions line is highlighted, press [H], and a separate help screen is displayed.

For example:

Pressing [H] or highlighting Help and

pressing [Enter] displays Help for the

parameters listed in the upper part of

the screen

Highlight on any item

in the Actions line

indicates that the

Actions line is active.

The Help line provides

a brief descriptor of

the highlighted Action

item or parameter.

Figure 4-2. Example Showing How To Display Help

To get Help on the actions or data fields in each screen: Use the arrow

keys ( [ <] , [ >] , [ ^] , or [ v] ) to select an action or data field. The help line under

the Actions items describes the currently selected action or data field.

Forguidanceonhow tonavigateinascreen:Seetheinstructionsprovided

at the bottom of the screen, or refer to “Screen Structure and Navigation” on

page 2-9.)

2-11

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Menu Interface

Rebooting the Switch

Rebooting the switch from the menu interface

Terminates all current sessions and performs a reset of the operating

system

Activates any configuration changes that require a reboot

Resets statistical counters to zero

(Note that statistical counters can be reset to zero without rebooting the

switch.)

To Reboot the switch, use the Reboot Switch option in the Main Menu. (Note

that the Reboot Switch option is not available if you log on in Operator mode;

that is, if you enter an Operator password instead of a manager password at

the password prompt.)

Reboot Switch option

Figure 4-3. The Reboot Switch Option in the Main Menu

2-12

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Menu Interface

Rebooting the Switch

Rebooting To Activate Configuration Changes. Configuration changes

for most parameters become effective as soon as you save them. However,

you must reboot the switch in order to implement a change in the Maximum

VLANs to support parameter. (To access this parameter, go to the Main menu and

select 2. Switch Configuration, then 8. VLAN Menu, then 1. VLAN Support.)

If configuration changes requiring a reboot have been made, the switch

displays an asterisk (*) next to the menu item in which the change has been

made. For example, if you change and save the value for the Maximum VLANs to

support parameter, an asterisk appears next to the VLAN Support entry in the

VLAN Menu screen, and also next to the the Switch Configuration . . . entry in the

Main menu, as shown in figure 4-6:

Asterisk indicates

a configuration

change that

requires a reboot

in order to take

effect.

Reminder to

reboot the switch

to activate

configuration

changes.

Figure 4-4. Indication of a Configuration Change Requiring a Reboot

To activate changes indicated by the asterisk, go to the Main Menu and select

the Reboot Switch option.

N o t e

Executing the write memory command in the CLI does not affect pending

configuration changes indicated by an asterisk in the menu interface. That is,

only a reboot from the menu interface or a boot or reload command from the

CLI will activate a pending configuration change indicated by an asterisk.

2-13

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Menu Interface

Menu Features List

Status and Counters

•

General System Information

Switch Management Address Information

Port Status

Port Counters

Address Table

Port Address Table

Spanning Tree Information

Switch Configuration

•

System Information

Port/Trunk Settings

Network Monitoring Port

Spanning Tree Operation

IP Configuration

SNMP Community Names

IP authorized Managers

VLAN Menu

Console Passwords

Event Log

Command Line (CLI)

Reboot Switch

Download OS

Run Setup

Stacking

•

Stacking Status (This Switch)

•

Stacking Status (All)

•

Stack Configuration

•

Stack Management (Available in Stack Commander Only)

Stack Access (Available in Stack Commander Only)

Logout

2-14

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Menu Interface

Where To Go From Here

This chapter provides an overview of the menu interface and how to use it.

The following table indicates where to turn for detailed information on how

to use the individual features available through the menu interface.

Option

Where To Turn

To use the Run Setup option

See the Installation and Getting Started Guide

shipped with the switch.

To use the ProCurve Stack Manager

“HP ProCurve Stack Management” on page 9-5

To view and monitor switch status and Chapter 10, "Monitoring and Analyzing Switch

counters

Operation"

To learn how to configure and use

passwords

"Using Password Security" on page 7-4

To learn how to use the Event Log

To learn how the CLI operates

To download software (the OS)

"Using the Event Log To Identify Problem Sources"

on page 11-11

Chapter 3, "Using the Command Line Interface

(CLI)"

Appendix A, "File Transfers"

For a description of how switch

memory handles configuration

changes

Appendix C, "Switch Memory and Configuration"

For information on other switch

features and how to configure them

See the Table of Contents at the front of this

manual.

2-15

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Menu Interface

Where To Go From Here

2-16

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Command Line Interface (CLI)

Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2

Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2

Privilege Levels at Logon. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

Privilege Level Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

Operator Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

Manager Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5

Changing Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6

How To Move Between Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7

Moving Between the CLI and the Menu Interface. . . . . . . . . . . . . 3-7

Changing Parameter Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7

Listing Commands and Command Options . . . . . . . . . . . . . . . . . . . . . . 3-8

Listing Commands Available at Any Privilege Level . . . . . . . . . . . 3-8

Type "?" To List Available Commands . . . . . . . . . . . . . . . . . . . . 3-8

Use [Tab] To Search for or Complete a Command Word . . . . . . . . 3-9

Command Option Displays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10

Conventions for Command Option Displays . . . . . . . . . . . . . . . 3-10

Listing Command Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11

Displaying CLI "Help" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11

Displaying Command-List Help . . . . . . . . . . . . . . . . . . . . . . . . . 3-11

Displaying Help for an Individual Command . . . . . . . . . . . . . . . 3-12

Configuration Commands and the Context Configuration Modes . . 3-13

Port or Trunk-Group Context . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13

VLAN Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15

CLI Control and Editing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16

3-1

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Command Line Interface (CLI)

Overview

The CLI is a text-based command interface for configuring and monitoring the

switch. The CLI gives you access to the switch’s full set of commands while

providing the same password protection that is used in the web browser

interface and the menu interface.

Accessing the CLI

Like the menu interface, the CLI is accessed through the switch console, and,

in the switch’s factory default state, is the default interface when you start a

console session. You can access the console out-of-band by directly

connecting a terminal device to the switch, or in-band by using Telnet either

from a terminal device or through the web browser interface.

Also, if you are using the menu interface, you can access the CLI by selecting

the Command Line (CLI) option in the Main Menu.

Using the CLI

The CLI offers these privilege levels to help protect the switch from unautho-

rized access:

•

Operator

Manager

Global Configuration

Context Configuration

N o t e

CLI commands are not case-sensitive.

When you use the CLI to make a configuration change, the switch writes the

change to the Running-Config file in volatile memory. This allows you to test

your configuration changes before making them permanent. to make changes

permanent, you must use the write memory command to save them to the

Startup Config file in non-volatile memory. If you reboot the switch without

3-2

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Command Line Interface (CLI)

Using the CLI

first using write memory, all changes made since the last reboot or write memory

(whichever is later) will be lost. For more on switch memory and saving

configuration changes, see appendix C, "Switch Memory and Configuration".

Privilege Levels at Logon

Privilege levels control the type of access to the CLI. To implement this

control, you must set at least a Manager password. Without a Manager

password configured, anyone having serial port, Telnet, or web browser

access to the switch can reach all CLI levels. (For more on setting passwords,

see "Using Password Security" on page 7-4.)

When you use the CLI to log on to the switch, and passwords are set, you will

be prompted to enter a password. For example:

Password Prompt

Figure 3-1. Example of CLI Log-On Screen with Password(s) Set

In the above case, you will enter the CLI at the level corresponding to the

password you provide (operator or manager).

If no passwords are set when you log onto the CLI, you will enter at the

Manager level. For example:

HP2512# _

3-3

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Command Line Interface (CLI)

Using the CLI

C a u t i o n

HP strongly recommends that you configure a Manager password. If a Man-

ager password is not configured, then the Manager level is not password-

protected, and anyone having in-band or out-of-band access to the switch may

be able to reach the Manager level and compromise switch and network

security. Note that configuring only an Operator password does not prevent

access to the Manager level by intruders who have the Operator password.

Pressing the Clear button on the front of the switch removes password

protection. For this reason, it is recommended that you protect the switch

from physical access by unauthorized persons. If you are concerned about

switch security and operation, you should install the switch in a secure

location, such as a locked wiring closet.

Privilege Level Operation

Operator Privileges

Manager Privileges

Operator Level

Manager Level

Global Configuration Level

Context Configuration Level

Figure 3-2. Privilege Level Access Sequence

Operator Privileges

At the Operator level you can examine the current configuration and move

between interfaces without being able to change the configuration. A ">"

character delimits the Operator-level prompt. For example:

HP2512>_

(Example of the Operator prompt.)

When using enable to move to the Manager level, the switch prompts you for

the Manager password if one has already been configured.

3-4

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Command Line Interface (CLI)

Using the CLI

Manager Privileges

Manager privileges give you three additional levels of access: Manager, Global

Configuration, and Context Configuration. (See figure .) A "#" character

delimits any Manager prompt. For example:

HP2512#_

(Example of the Manager prompt.)

Manager level: Provides all Operator level privileges plus the ability to

perform system-level actions that do not require saving changes to the

system configuration file. The prompt for the Manager level contains only

the system name and the "#" delimiter, as shown above. To select this

level, enter the enable command at the Operator level prompt and enter

the Manager password, when prompted. For example:

HP2512> enable

HP2512# _

(Enter enable at the Operator prompt.)

(The Manager prompt.)

Global Configuration level: Provides all Operator and Manager level

privileges, and enables you to make configuration changes to any of the

switch’s software features. The prompt for the Global Configuration level

includes the system name and "(config)". To select this level, enter the

config command at the Manager prompt. For example:

HP2512# _

(Enter config at the Manager prompt.)

HP2512(config)#_ (The Global Config prompt.)

Context Configuration level: Provides all Operator and Manager

privileges, and enables you to make configuration changes in a specific

context, such as one or more ports or a VLAN. The prompt for the Context

Configuration level includes the system name and the selected context.

For example:

HP2512(eth-1)#

HP2512(vlan-10)#

The Context level is useful, for example, if you want to execute several

commands directed at the same port or VLAN, or if you want to shorten

the command strings for a specific context area. To select this level, enter

the specific context at the Global Configuration level prompt. For

example, to select the context level for an existing VLAN with the VLAN

ID of 10, you would enter the following command and see the indicated

result:

HP2512(config)# vlan 10

HP2512(vlan-10)#

3-5

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Command Line Interface (CLI)

Using the CLI

Changing Interfaces. If you change from the CLI to the menu interface, or

the reverse, you will remain at the same privilege level. For example, entering

the menucommand from the Operator level of the CLI takes you to the

Operator privilege level in the menu interface.

Table 3-1. Privilege Level Hierarchy

PrivilegeLevel Example of Prompt and Permitted Operations

Operator Privilege

Operator Level HP2512>

show <command>

View status and configuration information.

Perform connectivity tests.

setup

ping <argument>

link-test <argument>

enable

Move from the Operator level to the Manager level.

Move from the CLI interface to the menu interface.

logoff

Exit from the CLI interface and terminate the console

session.

Manager Privilige

Manager Level HP2512#

Perform system-level actions such as system control, monitoring, and diagnostic

commands, plus any of the Operator-level commands. For a list of available

commands, enter ? at the prompt.

Global

Configuration

Level

HP2512(config)#

Execute configuration commands, plus all Operator and Manager commands . For

a list of available commands, enter ? at the prompt.

Context

HP2512(eth-5)#

Execute context-specific configuration commands, such as a particular VLAN or

switch port. This is useful for shortening the command strings you type, and for

entering a series of commands for the same context. For a list of available

commands, enter ? at the prompt.

Configuration HP2512(vlan-100)#

Level

3-6

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Command Line Interface (CLI)

Using the CLI

How To Move Between Levels

Change in Levels

Example of Prompt , Command, and Result

Operator level

Manager level

HP2512> enable

Password:_

After you enter enable, the Password prompt

appears. After you enter the Manager

password, this prompt appears:

HP2512#_

Manager level

HP2512# config

HP2512(config)#

Global configuration

level

Global configuration HP2512(config)# vlan-10

level

HP2512(vlan-10)#

to a

Context configuration

level

Context configuration HP2512(vlan-10)# interface ethernet 3

level HP2512(int-3)#

to another

Context configuration

level

Move from any level HP2512(int-3)# exit

to the preceding level HP2512(config)# exit

HP2512# exit

HP2512>

Move from any level HP2512(int-3)# end

to the Manager level HP2512#

—or—

HP2512(config)# end

HP2512#

Moving Between the CLI and the Menu Interface. When moving

between interfaces, the switch retains the current privilege level (Manager or

Operator). That is, if you are at the Operator level in the menu and select the

Command Line Interface (CLI) option from the Main Menu, the CLI prompt

appears at the Operator level.

Changing Parameter Settings. Regardless of which interface is used (CLI,

menu interface, or web browser interface), the most recently configured

versionof a parametersettingoverridesanyearliersettingsfor that parameter.

3-7

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Command Line Interface (CLI)

Using the CLI

For example, if you use the CLI to set a Manager password, and then later use

the Setup screen (in the menu interface) to set a different Manager password,

then the first password will be replaced by the second one.

Listing Commands and Command Options

At any privilege level you can:

List all of the commands available at that level

List the options for a specific command

Listing Commands Available at Any Privilege Level

At a given privilege level you can execute the commands that level offers, plus

allofthe commands available atpreceding levels. Similarly, at a given privilege

level, you can list all of that level’s commands plus the commands made

available at preceding levels. For example, at the Operator level, you can list

and execute only the Operator level commands. However, at the Manager

level, you can list and execute the commands available at both the Operator

and Manager levels.

Type "?" To List Available Commands. Typing the ? symbol lists the

commands you can execute at the current privilege level. For example, typing

? at the Operator level produces this listing:

Figure 3-3. Example of the Operator Level Command Listing

3-8

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Command Line Interface (CLI)

Using the CLI

Typing ? at the Manager level produces this listing:

When - - MORE - - appears, use

the Space bar or [Return] to list

additional commands.

Figure 3-4. Example of the Manager-Level Command Listing

When - - MORE - - appears, there are more commands in the listing. To list the

next screenfull of commands, press the Space bar. To list the remaining

commands one-by-one, repeatedly press [Enter].

Typing ? at the Global Configuration level or the Context Configuration level

produces similar results.

Use [Tab] To Search for or Complete a Command Word. You can use [Tab]

to help you find CLI commands or to quickly complete the current word in a

command. To do so, press [Tab] immediately after typing the last letter of the

last keyword in the CLI (with no spaces allowed). For example, at the Global

Configuration level, if you press [Tab] immediately after typing "t", the CLI

displays the available command options that begin with "t". For example:

HP2512(config)# t[Tab]

telnet-server

time

trunk

telnet

HP2512(config)# t

3-9

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Command Line Interface (CLI)

Using the CLI

As mentioned above, if you type part of a command word and press [Tab], the

CLI completes the current word (if you have typed enough of the word for the

CLI to distinguish it from other possibilities), including hyphenated exten-

sions. For example:

HP2512(config)# port[Tab]

HP2512(config)# port-security _

Pressing [Tab] after a completed command word lists the further options for

that command.

HP2512(config)# stack [Tab]

commander <commander-str>

join <mac-addr>

auto-join

transmission-interval <integer>

<cr>

HP2512(config)# stack

Command Option Displays

Conventions for Command Option Displays. When you use the CLI to

list optionsfor a particular command, youwill see one or more of the following

conventions to help you interpret the command data:

Braces ( < >) indicate a required choice.

Square brackets ([ ]) indicate optional elements.

Vertical bars ( |) separate alternative, mutually exclusive options in a

command.

The braces (< >) show that the trunk

command requires all three

parameters.

The verticalbar( |)showsthateither

trunk or lacp must be included.

The square brackets ([ ]) show that

ethernet is optional.

Figure 3-5.Example of Command Option Conventions

3-10

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Command Line Interface (CLI)

Using the CLI

Thus, if you wanted to create a port trunk group using ports 5 - 8, the above

conventions show that you could do so using any of the following forms of

the trunk command:

HP2512(config)# trunk trk1 trunk 5-8

HP2512(config)# trunk trk1 trunk e 5-8

HP2512(config)# trunk trk1 lacp 5-8

HP2512(config)# trunk trk1 lacp e 5-8

Listing Command Options. You can use the CLI to remind you of the

options available for a command by entering command keywords followed by

?. For example, suppose you wanted to see the command options for config-

uring port 5:

This example displays the command options

for configuring port 5 on the switch.

Figure 3-6. Example of How To List the Options for a Specific Command

Displaying CLI "Help"

CLI Help provides two types of context-sensitive information:

Command list with a brief summary of each command’s purpose

Detailed information on how to use individual commands

Displaying Command-List Help. You can display a listing of command

Help summaries for all commands available at the current privilege level. That

is, when you are at the Operator level, you can display the Help summaries

only for Operator-Level commands. At the Manager level, you can display the

Help summaries for both the Operator and Manager levels, and so on.

Syntax:

help

For example, to list the Operator-Level commands with their purposes:

3-11

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Command Line Interface (CLI)

Using the CLI

Figure 3-7. Example of Context-Sensitive Command-List Help

Displaying Help for an Individual Command. You can display Help for

any command that is available at the current context level by entering enough

of the command string to identify the command, along with help.

Syntax:

<command string> help

For example, to list the Help for the interface command in the Global

Configuration privilege level:

Figure 3-8. Example of How To Display Help for a Specific Command

A similar action lists the Help showing additional parameter options for a

given command. The following example illustrates how to list the Help for an

interface command acting on a specific port:

3-12

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Command Line Interface (CLI)

Using the CLI

Figure 3-9. Example of Help for a Specific Instance of a Command

Note that if you try to list the help for an individual command from a privilege

levelthatdoesnotinclude thatcommand, theswitchreturnsanerrormessage.

For example, trying to list the help for the interface command while at the

global configuration level produces this result:

HP2512# interface help

Invalid input: interface

Configuration Commands and the Context

Configuration Modes

You can execute any configuration command in the global configuration mode

or in selected context modes. However, using a context mode enables you to

execute context-specific commands faster, with shorter command strings.

The Switch 2512 and 2524 offer interface (port or trunk group) and VLAN

context configuration modes:

Port or Trunk-Group Context . Includes port- or trunk-specific

commands that apply only to the selected port(s) or trunk group, plus the

global configuration, Manager, and Operator commands. The prompt for this

mode includes the identity of the selected port(s):

HP2512(config)# interface e 5-8

HP2512(config)# interface e trk1

Command executed at

configuration level for

entering port or trk1 static

trunk-group context.

HP2512(eth-5-8)#

HP2512(eth-Trk1)#

Resulting prompt showing

port or static trunk contexts.

3-13

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Command Line Interface (CLI)

Using the CLI

HP2512(eth-5-8)# ?

Lists the commands you can

use in the port or static trunk

context, plus the Manager,

Operator, and context

commands you can execute

at this level.

In the port context, the first block of commands in the "?"

listing show the context-specific commands that will affect

only ports 5-8.

The remaining commands in the listing are

Manager, Operator, and context commands.

Figure 3-10. Context-Specific Commands Affecting Port Context

3-14

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Command Line Interface (CLI)

Using the CLI

VLAN Context . Includes VLAN-specific commands that apply only to the

selected VLAN, plus Manager and Operator commands. The prompt for this

mode includes the VLAN ID of the selected VLAN. For example, if you had

already configured a VLAN with an ID of 100 in the switch:

HP2512(config)# vlan 100

Command executed at configura-

tion level to enter VLAN 100

context.

HP2512(vlan-100)#

Resulting prompt showing VLAN

100 context.

HP2512(vlan-100)# ?

Lists commands you can use in the

VLAN context, plus Manager, Oper-

ator, and context commands you

can execute at this level.

In the VLAN

context, the

first block of

commands in

the "?" listing

show the

commandsthat

will affect only

vlan-100.

The remaining

commands in

the listing are

Manager,

Operator, and

context

commands.

Figure 3-11. Context-Specific Commands Affecting VLAN Context

3-15

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the Command Line Interface (CLI)

CLI Control and Editing

Keystrokes

[Ctrl] [A]

Function

Jumps to the first character of the command line.

Moves the cursor back one character.

[Ctrl] [B] or [ <]

[Ctrl] [C]

Terminates a task and displays the command prompt.

Deletes the character at the cursor.

[Ctrl] [D]

[Ctrl] [E]

Jumps to the end of the current command line.

Moves the cursor forward one character.

Deletes from the cursor to the end of the command line.

Repeats current command line on a new line.

Enters the next command line in the history buffer.

Enters the previous command line in the history buffer.

Deletes from the cursor tothe beginning of the command line.

Deletes the last word typed.

[Ctrl] [F] or [ >]

[Ctrl] [K]

[Ctrl] [L] or [Ctrl] [R]

[Ctrl] [N] or [ v]

[Ctrl] [P] or [ ^]

[Ctrl] [U] or [Ctrl] [X]

[Ctrl] [W]

[Esc] [B]

Moves the cursor backward one word.

[Esc] [D]

Deletes from the cursor to the end of the word.

Moves the cursor forward one word.

[Esc] [F]

Deletes the first character to the left of the cursor in the command

line.

[Delete] or [Backspace]

3-16

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

General Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Web Browser Interface Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Starting an HP Web Browser Interface Session with the Switch . . . . . . . . . . 5

Using a Standalone Web Browser in a PC or UNIX Workstation . . . . . . 5

Using HP TopTools for Hubs & Switches . . . . . . . . . . . . . . . . . . . . . . . . . 6

Tasks for Your First HP Web Browser Interface Session . . . . . . . . . . . . . . . 8

Viewing the “First Time Install” Window . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Creating Usernames and Passwords in the Browser Interface . . . . . . . 9

Using the Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Using the User Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

If You Lose a Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Online Help for the HP Web Browser Interface . . . . . . . . . . . . . . . . . . . 12

Support/Mgmt URLs Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Support URL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Help and the Management Server URL . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Providing Online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

If Online Help Fails To Operate. . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Policy Management and Configuration . . . . . . . . . . . . . . . . . . . . . 15

Status Reporting Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

The Overview Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

The Port Utilization and Status Displays . . . . . . . . . . . . . . . . . . . . . . . . . 17

Port Utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Utilization Guideline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

To change the amount of bandwidth the Port Utilization

bar graph shows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

To display values for each graph bar. . . . . . . . . . . . . . . . . . . . . . . . 18

Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

The Alert Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Sorting the Alert Log Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Alert Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Viewing Detail Views of Alert Log Entries . . . . . . . . . . . . . . . . . . . . 22

The Status Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Setting Fault Detection Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

4-1

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Overview

The HP web browser interface built into the switch lets you easily access the

switch from a browser-based PC on your network. This lets you do the

following:

Optimize your network uptime by using the Alert Log and other diagnostic

tools

Make configuration changes to the switch

Maintain security by configuring usernames and passwords

This chapter covers the following:

General features (page 4-3).

System requirements for using the web browser interface (page 4-4)

Starting a web browser interface session (page 4-5)

Tasks for your first web browser interface session (page 4-8):

•

Creating usernames and passwords in the web browser interface

(page 4-9)

Selecting the fault detection configuration for the Alert Log operation

(page 4-24)

Getting access to online help for the web browser interface (page

4-12)

Description of the web browser interface:

•

Overview window and tabs (page 4-16)

Port Utilization and Status displays (page 4-17)

Alert Log and Alert types (page 4-20)

Setting the Fault Detection Policy (page 4-24)

N o t e

If you want security beyond that achieved with user names and passwords,

you can disable access to the web browser interface. This is done by either

executing no web-management at the Command Prompt or changing the Web

Agent Enabled parameter setting to No (page 5-22) .

4-2

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

General Features

The Series 2500 switches include these web browser interface features:

Switch Configuration:

•

Ports

VLANs and Primary VLAN

Fault detection

Port monitoring (mirroring)

System information

Enable/Disable Multicast Filtering (IGMP) and Spanning Tree

Stacking

Support and management URLs

Switch Security:

•

Passwords

Authorized IP Managers

Port security and Intrusion Log

Switch Diagnostics:

•

Ping/Link Test

Device reset

Configuration report

Switch status

•

Port utilization

Port counters

Port status

Alert log

Switch system information listing

4-3

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Web Browser Interface Requirements

You can use equipment meeting the following requirements to access the web

browser interface on your intranet.

Table 4-1. System Requirements for Accessing the HP Web Browser Interface

Platform Entity and OS Version

PC Platform

Minimum

90 MHz Pentium

100 MHz

16 Mbytes

800 X 600

256

Recommended

120 MHz Pentium

120 MHz

HP-UX Platform (9.x or 10.x)

RAM

32 Mbytes

1,024 x 768

65,536

Screen Resolution

Color Count

Internet Browser

(English-language browser only)

PCs:

•

Netscape®

Communicator 4.x

•

Netscape

Communicator4.5or

later

•

Microsoft®Internet

Explorer 4.x

Microsoft®Internet

Explorer 5.0 or later

UNIX: Netscape Navigator

4.5 or later

UNIX: Netscape

Navigator 4.5 or later

PC Operating System

Microsoft Windows®95 and Windows NT

Standard UNIX®OS

UNIX®Operating System

HP TopTools for Hubs & Switches

(Optional)

For the HP ProCurve Switch 2512 and 2524, use

product HP J2569R or later.

4-4

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Starting an HP Web Browser Interface Session with the Switch

Starting an HP Web Browser Interface

Session with the Switch

You can start a web browser session in the following ways:

Using a standalone web browser on a network connection from a PC or

UNIX workstation:

•

Directly connected to your network

Connected through remote access to your network

Using a management station running HP TopTools for Hubs & Switches

on your network

Using a Standalone Web Browser in a PC or UNIX

Workstation

This procedure assumes that you have a supported web browser (page 4-4)

installed on your PC or workstation, and that an IP address has been config-

ured on the switch. (For more on assigning an IP address, refer to "IP

Configuration" on page 5-3.)

1. Make sure the Java^TMapplets are enabled for your browser. If they are

not, do one of the following:

•

In Netscape 4.03, click on Edit, Preferences..., Advanced, then select

Enable Java and Enable JavaScript options.

•

In Microsoft Internet Explorer 4.x, click on View, Internet Options,

Security, Custom, [Settings] and scroll to the Java Permissions. Then refer

to the online Help for specific information on enabling the Java

applets.

4-5

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Starting an HP Web Browser Interface Session with the Switch

2. Type the IP address (or DNS name) of the switch in the browser Location

or Address field and press [Enter]. (It is not necessary to include

http://.)

switch2512 [Enter]

10.11.12.195 [Enter]

(example of a DNS-type name)

(example of an IP address)

If you are using a Domain Name Server (DNS), your device may have a

name associated with it (for example, switch2512) that you can type in the

Location or Address field instead of the IP address. Using DNS names

typically improvesbrowserperformance. Seeyournetworkadministrator

for any name associated with the switch.

Using HP TopTools for Hubs & Switches

HP TopTools for Hubs & Switches is designed for installation on a network

management workstation. For this reason, the HP TopTools system require-

ments are different from the system requirements for accessing the switch’s

web browser interface from a non-management PC or workstation. For HP

TopTools requirements, refer to the information provided with HP TopTools

for Hubs & Switches.

This procedure assumes that:

Youhave installed the recommended web browser on a PC orworkstation

that serves as your network management station.

The networked device you want to access has been assigned an IP address

and (optionally) a DNS name and has been discovered by HP TopTools

for Hubs & Switches. (For more on assigning an IP address, refer to "IP

Configuration" on page 5-3.)

To establish a web browser session with HP TopTools running, do the

following on the network management station:

1. Make sure the Java^TMapplets are enabled for your web browser. If they

are not, refer to the web browser online Help for specific information on

enabling the Java applets.

2. Do one of the following tasks:

•

On the HP TopTools Maps view, double-click on the symbol for the

networking device that you want to access.

•

In HP TopTools, in the Topology Information dialog box, in the device

list, double-click on the entry for the device you want to access (IP

address or DNS name).

4-6

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Starting an HP Web Browser Interface Session with the Switch

3. The web browser interface automatically starts with the Status Overview

window displayed for the selected device, as shown in figure 4-1.

N o t e

If the Registration window appears, click on the Status tab.

First-Time

Install Alert

Alert

Log

Figure 4-1. Example of Status Overview Screen

N o t e

The above screen appears somewhat different if the switch is configured as a

stack Commander. For an example, see figure 1-3 on page 1-5.

4-7

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Tasks for Your First HP Web Browser Interface Session

Tasks for Your First HP Web Browser

Interface Session

The first time you access the web browser interface, there are three tasks that

you should perform:

Review the “First Time Install” window

Set Manager and Operator passwords

Set access to the web browser interface online help

Viewing the “First Time Install” Window

When you access the switch’s web browser interface for the first time, the

Alert log contains a “First Time Install” alert, as shown in figure 4-2. This gives

you information about first time installations, and provides an immediate

opportunity to set passwords for security and to specify a Fault Detection

policy, which determines the types of messages that will be displayed in the

Alert Log.

Double click on First Time Install in the Alert log (figure 4-1 on page 4-7). The

web browser interface then displays the “First Time Install” window, below.

Figure 4-2. First-Time Install Window

4-8

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Tasks for Your First HP Web Browser Interface Session

This window is the launching point for the basic configuration you need to

perform to set web browser interface passwords to maintain security and

Fault Detection policy, which determines the types of messages that will be

displayed in the Alert Log.

To set web browser interface passwords, click on secure access to the device

to display the Device Passwords screen, and then go to the next page. (You

can also access the password screen by clicking on the Security tab.)

To set Fault Detection policy, click on select the fault detection configuration in

the second bullet in the window and go to the section, “Setting Fault Detection

Policy” on page 4-24. (You can also access the password screen by clicking on

the Configuration tab, and then [Fault Detection] button.)

Creating Usernames and Passwords in the Browser

Interface

You may want to create both a username and password to create access

security for your switch. There are two levels of access to the interface that

can be controlled by setting user names and passwords:

Operator. An Operator-level user name and password allows read-only

access to most of the web browser interface, but prevents access to the

Security window.

Manager. A Manager-level user name and password allows full read/

write access to the web browser interface.

4-9

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Tasks for Your First HP Web Browser Interface Session

Figure 4-3. The Device Passwords Window

To set the passwords:

1. Access the Device Passwords screen by one of the following methods:

•

If the Alert Log includes a “First Time Install” event entry, double

click on this event, then, in the resulting display, click on the

secure access to the device link.

•

Select the Security tab.

2. Click in the appropriate box in the Device Passwords window and enter

user names and passwords. You will be required to repeat the password

strings in the confirmation boxes.

Both the user names and passwords can be up to 16 printable ASCII

characters.

3. Click on [Apply Changes] to activate the user names and passwords.

N o t e

Passwords you assign in the web browser interface will overwrite previous

passwords assigned in either the web browser interface, the Command

Prompt, or the switch console. That is, the most recently assigned passwords

are the switch’s passwords, regardless of which interface was used to assign

the string.

4-10

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Tasks for Your First HP Web Browser Interface Session

Using the Passwords

Figure 4-4. Example of the Password Window in the Web Browser Interface

The manager and operator passwords are used to control access to all switch

interfaces. Once set, you will be prompted to supply the password every time

you try to access the switch through any of its interfaces. The password you

enter determines the capability you have during that session:

Entering the manager password gives you full read/write capabilities

Entering the operator password gives you read and limited write capabil-

ities.

Using the User Names

If you also set user names in the web browser interface screen, you must

supply the correct user name for web browser interface access. If a user name

has not been set, then leave the User Name field in the password window

blank.

Note that the Command Prompt and switch console interfaces use only the

password, and do not prompt you for the User Name.

If You Lose a Password

If you lose the passwords, you can clear them by pressing the Clear button on

the front of the switch. This action deletes all password and user name

protection from all of the switch’s interfaces.

The Clear button is provided for your convenience, but its presence means

that if you are concerned with the security of the switch configuration and

operation, you should make sure the switch is installed in a secure location,

such as a locked wiring closet.

4-11

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Tasks for Your First HP Web Browser Interface Session

Online Help for the HP Web Browser Interface

Online Help is available for the web browser interface. You can use it by

clicking on the question mark button in the upper right corner of any of the

web browser interface screens.

The Help Button

Figure 4-5. The Help Button

Context-sensitive help is provided for the screen you are on.

N o t e

If you do not have HP TopTools for Hubs and Switches installed on your

network and do not have an active connection to the World Wide Web, then

Online help for the web browser interface will not be available.

For more on Help access and operation, refer to “Help and the Management

Server URL” on page 4-14.

4-12

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Support/Mgmt URLs Feature

The Support/Mgmt URLs window enables you to change the World Wide Web

Universal Resource Locator (URL) for two functions:

Support URL – a support information site for your switch

Management Server URL – the site for online help for the web browser

interface, and, if set up, theURL of a network management stationrunning

HP TopTools for Hubs & Switches.

1. Click Here

2. Click Here

4. Click on Apply Changes

3. Enter URLs for:

- the support information source you want the switch to access

when you click on the web browser interface Support tab – the

default is HP’s ProCurve network products World Wide Web

home page

- the URL of the network Management server or other

source of the online help files for this web browser inter-

face. (The default accesses Help on HP’s World Wide Web site.)

Figure 4-6. The Default Support/Mgmt URLs Window

4-13

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Support/Mgmt URLs Feature

Support URL

This is the site that the switch accesses when you click on the Support tab on

the web browser interface. The default URL is:

http://www.hp.com/go/procurve

which is the World Wide Web site for Hewlett-Packard’s networking products.

Click on the [Support]button on that page and you can get to support information

regardingyourswitch,includingwhitepapers, operatingsystem(OS)updates,

and more.

You could instead enter the URL for a local site that you use for entering

reports about network performance, or whatever other function you would

like to be able to easily access by clicking on the [Support] tab.

Help and the Management Server URL

This field specifies which of the following two locations the switch will use to

find online Help for the web browser interface:

The URL of online Help provided by HP on the world wide web

The URL of a network management station running HP TopTools for Hubs

& Switches

Providing Online Help. The Help files are automatically available if you

install HP TopTools for Hubs & Switches on your network or if you already

have Internet access to the World Wide Web. (The Help files are included with

HP TopTools for Hubs & Switches, and are also automatically available from

HP via the World Wide Web.)

Retrieval of the Help filesiscontrolled by automatic entriesto the Management

Server URL field on the Configuration / Support/Mgmt URLs screen, shown in

figure 4-6. The switch is shipped with the URL set to retrieve online Help from

the HP World Wide Web site. However, if HP TopTools for Hubs & Switches is

installed on a management station on your network and discovers the switch,

the Management Server URL is automatically changed to retrieve the Help

from your TopTools management station.

If Online Help Fails To Operate. Do one of the following:

If HP TopTools for Hubs & Switches is installed and running on your

network, enter the IP address or DNS name of the network management

station in the Management Server URL field shown in figure 4-7 on page

4-15.

4-14

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Support/Mgmt URLs Feature

If you have World Wide Web access from your PC or workstation, and do

not have HP TopTools installed on your network, enter the following URL

in the Management Server URL field shown in figure 4-7 on page 4-15:

http://www.hp.com/rnd/device_help

Enter IP address of HP TopTools network

management station, or URL of location of

help files on HP’s World Wide Web site here.

Figure 4-7. How To Access Web Browser Interface Online Help

Policy Management and Configuration. HP Top Tools for Hubs &

Switches can perform network-wide policy management and configuration of

your switch. The Management Server URL field identifies the management

station that is performing that function. For more information, refer to the

documentation provided on the HP TopTools for Hubs & Switches CD shipped

with the switch.

4-15

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Status Reporting Features

Browser elements covered in this section include:

The Overview window (below)

Port utilization and status (page )

The Alert log (page )

The Status bar (page )

The Overview Window

The Overview Window is the home screen for any entry into the web browser

interface.The following figure identifies the various parts of the screen.

Active Button

Active Tab

Status Bar

(page 4-23)

Tab Bar

Button Bar

Port Utiliza-

tion Graphs

(page 4-17)

Port Status

Indicators

(page 4-19)

Alert Log

(page 4-20)

Alert Log

Control Bar

Figure 4-8. The Overview Window

4-16

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Status Reporting Features

The Port Utilization and Status Displays

The Port Utilization and Status displays show an overview of the status of the

switch and the amount of network activity on each port. The following figure

shows a sample reading of the Port Utilization and Port Status.

Port Utilization Bar Graphs

Bandwidth Display Control

Port Status Indicators

Legend

Figure 4-9. The Graphs Area

Port Utilization

The Port Utilization bar graphs show the network traffic on the port with a

breakdown of the packet types that have been detected (unicast packets, non-

unicast packets, and error packets). The Legend identifies traffic types and

their associated colors on the bar graph:

% Unicast Rx & All Tx: This is all unicast traffic received and all

transmitted traffic of any type. This indicator (a blue color on many

systems) can signify either transmitted or received traffic.

% Non-Unicast Pkts Rx: All multicast and broadcast traffic received by

the port. This indicator (a gold color on many systems) enables you to

know “at-a-glance” the source of any non-unicast traffic that is causing

high utilization of the switch. For example, if one port is receiving heavy

broadcast or multicast traffic, all ports will become highly utilized. By

color-coding the received broadcast and multicast utilization, the bar

graph quickly and easily identifies the offending port. This makes it faster

and easier to discover the exact source of the heavy traffic because you

don’t have to examine port counter data from several ports.

% Error Pkts Rx: All error packets received by the port. (This indicator

is a reddish color on many systems.) Although errors received on a port

are not propagated to the rest of the network, a consistently high number

of errors on a specific port may indicate a problem on the device or

network segment connected to the indicated port.

4-17

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Status Reporting Features

Maximum Activity Indicator: As the bars in the graph area change

height to reflect the level of network activity on the corresponding port,

they leave an outline to identify the maximum activity level that has been

observed on the port.

Utilization Guideline. A network utilization of 40% is considered the

maximum that a typical Ethernet-type network can experience before encoun-

tering performance difficulties. If you observe utilization that is consistently

higher than 40% on any port, click on the Port Counters button to get a detailed

set of counters for the port.

To change the amount of bandwidth the Port Utilization bar graph

shows. Click onthebandwidthdisplaycontrolbuttoninthe upperleft corner

of the graph. (The button shows the current scale setting, such as 40%.) In the

resulting menu, select the bandwidth scale you want the graph to show (3%,

10%, 25%, 40%, 75%, or 100%), as shown in figure 3-7.

Note that when viewing activity on a gigabit port, you may want to select a

lower value (such as 3% or 10%). This is because the bandwidth utilization of

current network applications on gigabit links is typically minimal, and may

not appear on the graph if the scale is set to show high bandwidth utilization.

Figure 4-10. Changing the Graph Area Scale

To display values for each graph bar. Hold the mouse cursor over any of

the bars in the graph, and a pop-up display is activated showing the port

identification and numerical values for each of the sections of the bar, as

shown in figure 4-11 (next).

Figure 4-11. Display of Numerical Values for the Bar

4-18

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Status Reporting Features

Port Status

Port Status Indicators

Legend

Figure 4-12. The Port Status Indicators and Legend

The Port Status indicators show a symbol for each port that indicates the

general status of the port. There are four possible statuses:

Port Connected – the port is enabled and is properly connected to an

active network device.

Port Not Connected – the port is enabled but is not connected to an

active network device. A cable may not be connected to the port, or the

device at the other end may be powered off or inoperable, or the cable or

connected device could be faulty.

Port Disabled – the port has been configured as disabled through the

web browser interface, the switch console, or SNMP network manage-

ment.

Port Fault-Disabled – a fault condition has occurred on the port that

has caused it to be auto-disabled. Note that the Port Fault-Disabled

symbol will be displayed in the legend only if one or more of the ports is

inthat status. See chapter 7,“Monitoring andAnalyzing Switch Operation”

for more information.

4-19

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Status Reporting Features

The Alert Log

The web browser interface Alert Log, shown in the lower half of the screen,

shows a list of network occurrences, or alerts, that were detected by the

switch. Typical alerts are Broadcast Storm, indicating an excessive number of

broadcasts received on a port, and Problem Cable, indicating a faulty cable. A

full list of alerts is shown in the table on page 4-21.

Figure 4-13. Example of the Alert Log

Each alert has the following fields of information:

Status – The level of severity of the event generated. Severity levels can

be Information, Normal, Warning, and Critical. If the alert is new (has not

yet been acknowledged), the New symbol is also in the Status column.

Alert – The specific event identification.

Date/Time – The date and time the event was received by the web

browser interface. This value is shown in the format: DD-MM-YY

HH:MM:SS AM/PM, for example, 16-Sep-99 7:58:44 AM.

Description – A short narrative statement that describes the event. For

example, Excessive CRC/Alignment errors on port: 8.

Sorting the Alert Log Entries

The alerts are sorted, by default, by the Date/Time field with the most recent

alert listed at the top of the list. The second most recent alert is displayed

below the top alert and so on. If alerts occurred at the same time, the

simultaneous alerts are sorted by order in which they appear in the MIB.

The alert field that is being used to sort the alert log is indicated by which

column heading is in bold. You can sort by any of the other columns by clicking

on the column heading. The Alert and Description columns are sorted alpha-

betically, while the Status column is sorted by severity type, with more critical

severity indicators appearing above less critical indicators.

4-20

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Status Reporting Features

Alert Types

The following table lists the types of alerts that can be generated.

Table 4-2. Alert Strings and Descriptions

Alert String

Alert Description

First Time Install

Important installation information for your switch.

Too many undersized/

giant packets

A device connected to this port is transmitting packets shorter than 64 bytes or longer than

1518 bytes (longer than 1522 bytes if tagged), with valid CRCs (unlike runts, which have invalid

CRCs).

Excessive jabbering

A device connected to this port is incessantly transmitting packets (“jabbering”), detected as

oversized packets with CRC errors.

Excessive CRC/alignment A high percentage of data errors has been detected on this port. Possible causes include:

errors

•

Faulty cabling or invalid topology.

Duplex mismatch (full-duplex configured on one end of the link, half-duplex configured on

the other)

•

A malfunctioning NIC, NIC driver, or transceiver

Excessive late collisions Late collisions (collisions detected after transmitting 64 bytes) have been detected on this

port. Possible causes include:

•

An overextended LAN topology

Duplex mismatch (full-duplex configured on one end of the link, half-duplex configured on

the other)

•

A misconfigured or faulty device connected to the port

High collision or drop rate A large number of collisions or packet drops have occurred on the port. Possible causes

include:

•

A extremely high level of traffic on the port

Duplex mismatch

A misconfigured or malfunctioning NIC or transceiver on a device connected to this port

A topology loop in the network

Excessive broadcasts

An extremely high percentage of broadcasts was received on this port. This degrades the

performance of all devices connected to the port. Possible causes include:

•

A network topology loop—this is the usual cause

A malfunctioning device, NIC, NIC driver, or software package

Network Loop

Network loop has been detected by the switch.

Lost connection to one or multiple devices on the port.

The Commander has lost the connection to a stack member.

A security violation has occurred.

Loss of Link

Loss of stack member

Security violation

4-21

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Status Reporting Features

N o t e

When troubleshooting the sources of alerts, it may be helpful to check the

switch’s Port Status and Port Counter windows and the Event Log in the

console interface.

Viewing Detail Views of Alert Log Entries

By double clicking on Alert Entries, the web browser interface displays a

Detail View or separate window detailing information about the events. The

Detail View contains a description of the problem and a possible solution. It

also provides four management buttons:

Acknowledge Event – removes the New symbol from the log entry

Delete Event – removes the alert from the Alert Log

Cancel Button – closes the detail view with no change to the status of

the alert and returns you to the Overview screen.

A sample Detail View describing an Excessive CRC/Alignment Error alert is

shown here.

Figure 4-14. Example of Alert Log Detail View

4-22

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Status Reporting Features

The Status Bar

The Status Bar is displayed in the upper left corner of the web browser

interface screen. Figure 4-15 shows an expanded view of the status bar.

Most Critical Alert Description

Status Indicator

Product Name

Figure 4-15. Example of the Status Bar

The Status bar consists of four objects:

Status Indicator. Indicates, by icon, theseverityofthemostcritical alert

in the current display of the Alert Log. This indicator can be one of three

shapes and colors as shown in the following table.

Table 4-3. Status Indicator Key

Color

Switch Status

Status Indicator Shape

Blue

Normal Activity; "First time installation"

information available in the Alert log.

Green Normal Activity

Yellow Warning

Red

Critical

System Name. The name you have configured for the switch by using

Identity screen, system name command, or the switch console System

Information screen.

Most Critical Alert Description. A brief description of the earliest,

unacknowledged alert with the current highest severity in the Alert Log,

appearing in the right portion of the Status Bar. In instances where

multiple critical alerts have the same severity level, only the earliest

unacknowledged alert is deployed in the Status bar.

4-23

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Status Reporting Features

Product Name. The product name of the switch to which you are

connected in the current web browser interface session.

Setting Fault Detection Policy

One of the powerful features in the web browser interface is the Fault

Detection facility. For your switch, this feature controls the types of alerts

reported to the Alert Log based on their level of severity.

Set this policy in the Fault Detection window (figure 4-16).

Figure 4-16. The Fault Detection Window

The Fault Detection screen contains a list box for setting fault detection and

response policy. You set the sensitivity level at which a network problem

should generate an alert and send it to the Alert Log.

To provide the most information on network problems in the Alert Log, the

recommended sensitivity level for Log Network Problems is High Sensitivity. The

Fault Detection settings are:

4-24

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Status Reporting Features

High Sensitivity. This policy directs the switch to send all alerts to the

Alert Log. This setting is most effective on networks that have none or

few problems.

Medium Sensitivity. This policy directs the switch to send alerts related

to network problems to the Alert Log. If you want to be notified of

problems which cause a noticeable slowdown on the network, use this

setting.

Low Sensitivity. This policy directs the switch to send only the most

severe alerts to the Alert Log. This policy is most effective on a network

that normally has a lot of problems and you want to be informed of only

the most severe ones.

Never. Disables the Alert Log and transmission of alerts (traps) to the

management server (in cases where a network management tool such as

HP TopTools for Hubs & Switches is in use). Use this option when you

don’t want to use the Alert Log.

The Fault Detection Window also contains three Change Control Buttons:

Apply Changes. This button stores the settings you have selected for all

future sessions with the web browser interface until you decide to change

them.

Clear Changes. This button removes your settings and returns the

settings for the list box to the level it was at in the last saved detection-

setting session.

Reset to Default Settings. This button reverts the policy setting to

Medium Sensitivity for Log Network Problems.

4-25

Download from Www.Somanuals.com. All Manuals Search And Download.

Using the HP Web Browser Interface

Status Reporting Features

4-26

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access,

and System Information

IP Addressing in a Stacking Environment . . . . . . . . . . . . . . . . . . . . . . 5- 5

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2

IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3

Just Want a Quick Start? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4

IP Addressing with Multiple VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4

Menu: Configuring IP Address, Gateway, Time-To-Live (TTL),

and Timep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5- 5

CLI: Configuring IP Address, Gateway, Time-To-Live (TTL),

and Timep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7

Web: Configuring IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10

How IP Addressing Affects Switch Operation . . . . . . . . . . . . . . . . . . 5-10

DHCP/Bootp Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11

Network Preparations for Configuring DHCP/Bootp . . . . . . . . 5-14

Globally Assigned IP Network Addresses . . . . . . . . . . . . . . . . . . . . . 5-15

Interface Access: Console/Serial Link, Web,

and Inbound Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-16

Menu: Modifying the Interface Access . . . . . . . . . . . . . . . . . . . . . . . . 5-17

CLI: Modifying the Interface Access . . . . . . . . . . . . . . . . . . . . . . . . . . 5-18

System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-21

Menu: Viewing and Configuring System Information . . . . . . . . . . . . 5-22

CLI: Viewing and Configuring System Information . . . . . . . . . . . . . 5- 23

Web: Configuring System Parameters . . . . . . . . . . . . . . . . . . . . . . . . 5- 25

5-1

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

Overview

This chapter describes the switch configuration features available in the menu

interface, CLI and web browser interface. For help on how to use these

interfaces, refer to:

Chapter 2, “Using the Menu Interface”

Chapter 3, “Using the Command Line Interface (CLI)”

Chapter 4, Using the HP Web Browser Interface”

Why Configure IP Addressing? In its factory default configuration, the

switch operates as a multiport learning bridge with network connectivity

provided by the ports on the switch. However, to enable specific management

access and control through your network, you will need IP addressing. (See

table 5-1 on page 5-11.)

Why Configure Interface Access and System Information? The inter-

face access features in the switch operate properly by default. However, you

can modify or disable access features to suit your particular needs. Similarly,

you can choose to leave the system information parameters at their default

settings. However, using these features can help you to more easily manage a

group of devices across your network.

5-2

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

IP Configuration

IP Configuration Features

Feature Default

IP Address and Subnet Mask DHCP/Bootp page 5-5

CLI

Web

page 5-7

page 5-10

n/a

Default Gateway Address

Packet Time-To-Live (TTL)

Time Server (Timep)

none

page 5-5

64 seconds

DHCP

n/a

IP Address and Subnet Mask. Configuring the switch with an IP address

expands your ability to manage the switch and use its features. By default, the

switch is configured to automatically receive IP addressing on the default

VLAN from a DHCP/Bootp server that has been configured correctly with

information to supportthe switch. (Refer to“DHCP/Bootp Operation” on page

5-11 for information on setting up automatic configuration from a server.)

However, if youare not using a DHCP/Bootpserver to configure I P a ddressing,

use the menu interface or the CLI to manually configure the initial IP values.

After you have network access to a device, you can use the web browser

interface to modify the initial IP configuration if needed.

For information on how IP addressing affects switch performance, refer to

“How IP Addressing Affects Switch Operation” on page 5-10.

Default Gateway Operation. The default gateway is required when a

router is needed for tasks such as reaching off-subnet destinations or forward-

ing traffic across multiple VLANs. The gateway value is the IP address of the

next-hop gateway node for the switch, which is used if the requested destina-

tion address is not on a local subnet/VLAN. If the switch do es not have a

manually-configured default gateway and DHCP/Bootp is configured on the

primary VLAN, then the default gateway value provided by the DHCP or Bootp

server will be used. If the switch has a manually configured default gateway,

then the switch uses this gateway, even if a different gateway is received via

DHCP or Bootp on the primary VLAN. (This is also true for TimeP and a non-

default Time-To-Live and .) See “Notes” on page 5-4 and “Which VLAN Is

Primary?” on page 9-53.

Packet Time-To-Live (TTL) . This parameter specifies how long in sec-

ondsanoutgoing packetshouldexistinthenetwork. Inmostcases, thedefault

setting (64 seconds) is adequate.

5-3

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

IP Configuration

Timep Operation. Use this optional parameter if you want the switch to get

its time information from another device operating as a Timep server. In its

defaultTimep configuration, the switch attemptsto get a Timepserver address

from a DHCP server. Other configuration options are to manually assign a

Timep server address or to disable the Timep server feature.

Just Want a Quick Start?

If you just want to give the switch an IP address so that it can communicate

on your network, or if you are not using VLANs, HP recommends that you use

the Switch Setup screen to quickly configure IP addressing. To do so, do one

of the following:

Enter setup at the CLI Manager level prompt.

HP2512# setup

Select 8. Run Setup in the Main Menu of the menu interface.

For more on using the Switch Setup screen, see the Installation and Getting

Started Guide you received with the switch.

IP Addressing with Multiple VLANs

In the factory-default configuration, the switch has one, permanent default

VLAN (named DEFAULT_VLAN) that includes all ports on the switch. In this

state, when you assign an IP address and subnet mask to the switch, you are

actually assigning the IP addressing to the DEFAULT_VLAN. You can rename

the DEFAULT_VLAN, but you cannot change its VLAN ID number (VID) or

remove it from the switch.

N o t e s

If multiple VLANs are configured, then each VLAN can have its own IP

address. This is because each VLAN operates as a separate broadcast

domain and requires a unique IP address and subnet mask. A default

gateway (IP) address for the switch is optional, but recommended. The

primary VLAN is the VLAN used for stacking operation, as well as for

determining the default gateway address, (packet) Time-To-Live (TTL),

and Timep via DHCP or Bootp. (Other VLANs can also use DHCP or BootP

to acquire IP addressing. However, the switch’s gateway, TTL, and TimeP

values will be acquired through the primary VLAN only. In the default

configuration, the default VLAN (named DEFAULT_VLAN) is the switch’s

primary VLAN.However, with multiple VLANs assigned to the switch, you

can select another VLAN to function as the primary VLAN. For more on

VLANs, refer to “Port-Based Virtual LANs (Static VLANs)” on page 9-50.

5-4

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

IP Configuration

The IP addressing used in the switch should be compatible with your

network. That is, the IP address must be unique and the subnet mask must

be appropriate for the IP network.

If you plan to connect to other networks that use globally administered

IP addresses, refer to “Globally Assigned IP Network Addresses” on page

5-15.

By default, the switch uses DHCP to acquire the IP address of the TimeP

server. If the switch does not have a manually configured Timep setting,

then it attempts to get its TimeP setting through DHCP or Bootp through

the primary VLAN.

The switch searches for the default gateway device through the primary

VLAN. By default, the DEFAULT_VLAN is the switch’s primary VLAN.

However, you can use the CLI to select a different primary VLAN if more

than one VLAN exists on the switch. For more information, see “Port-

Based Virtual LANs (Static VLANs)” on page 9-50.

If you change the IP address through either Telnet access or the web

browser interface, the connection to the switch will be lost. You can

reconnect by either restarting Telnet with the new IP address or entering

the new address as the URL in your web browser.

IP Addressing in a Stacking Environment

If you are installing the switch into an HP ProCurve stack management

environment, entering an IP address may not be required. See “HP ProCurve

Stack Management” on page 9-5 for more information.

Menu: Configuring IP Address, Gateway, Time-To-Live

(TTL), and Timep

Do one of the following:

To manually enter an IP address, subnet mask, set the IP Config parameter

to Manual and then manually enter the IP address and subnet mask values

you want for the switch.

To use DHCP or Bootp, use the menu interface to ensure that the IP Config

parameter is set to DHCP/Bootp, then refer to “DHCP/Bootp Operation” on

page 5-11.

5-5

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

IP Configuration

To Configure IP Addressing.

1. From the Main Menu, Select.

2. Switch Configuration ...

5. IP Configuration

N o t e

If multiple VLANs are configured, a screen showing all VLANs appears instead

of the following screen.

The default setting for

TimeP Config is DHCP.

Setting it to Manual,

then pressing [ v] or [Tab]

causes the Server

Address parameter to

appear.

For descriptions ofthese

parameters, see the

online Help for this

screen.

Before using the DHCP/

Bootp option, refer to

“DHCP/Bootp

Operation” on page 5-11.

Figure 5-1. Example of the IP Service Configuration Screen without Multiple

VLANs Configured

2. Press [E] (for Edit).

3. If the switch needs to access a router, for example, to reach off-subnet

destinations, select the Default Gateway field and enter the IP address of

the gateway router.

4. If you need to change the packet Time-To-Live (TTL) setting, select Default

TTL and type in a value between 2 and 255 (seconds).

5. At the TimeP Config field do one of the following:

•

If you want the switch to obtain the IP address of the Timep server

via DHCP server, keep the value as DHCP.

If you want to manually specify the IP address of the Timep server,

use the Space bar to select Manual.

If you don’t have a Timep server set up, use the Space bar to change

the value to Disabled.

5-6

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

IP Configuration

6. If you selected Manual , press [Tab] or [ v] , and additional fields will be

displayed for entering the IP address for the Timep server.

7. Select the TimeP Poll Interval field if you want to change the value for how

often the switch polls the Timep server for time information.

8. Do one of the following:

•

If you want to have the switch retrieve its IP configuration from a

DHCP or Bootp server, at the IP Config field, keep the value as DHCP/

Bootp and go to step 11.

•

If you want to manually configure the IP information, use the Space

bar to select Manual and use the [Tab] key to move to the other IP

configuration fields.

9. Select the IP Address field and enter the IP address for the switch.

10. Select the Subnet Mask field and enter the subnet mask for the IP address.

11. Press [Enter], then [S] (for Save).

CLI: Configuring IP Address, Gateway, Time-To-Live

(TTL), and Timep

IP Commands Used in This Section

show ip

page 5-8

page 5-9

vlan <vlan-id> ip

address

ip default-gateway

ip ttl

page 5-9

page 5-10

[no] ip timep

For a listing of the full CLI command set, including syntax and options, see

the CLI command reference available on the HP ProCurve website at:

http://www.hp.com/go/procurve

5-7

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

IP Configuration

Viewing the Current IP Configuration. The following command displays

the IP addressing for each VLAN configured in the switch. If only the

DEFAULT_VLAN exists, then its IP configuration applies to all ports in the

switch. Where multiple VLANs are configured, the IP addressing is listed per

VLAN. The display includes switch-wide packet time-to-live, and (if config-

ured) the switch’s default gateway and Timep configuration.

Syntax: show ip

For example, in the factory-default configuration (no IP addressing assigned),

the switch’s IP addressing appears as:

The Default IP

Configuration on

a Switch 2512 or

2524

Figure 5-2. Example of the Switch’s Default IP Addressing

With multiple VLANs and some other features configured, show ip provides

additional information:

A Switch 2512 or

2524 with IP

Addressing and

VLANs Configured

Figure 5-3. Example of Show IP Listing with Non-Default IP Addressing Configured

(If DHCP/Bootp acquires an IP address and Subnet Mask for VLAN_2, they

will appear in the appropriate columns.)

5-8

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

IP Configuration

Configure an IP Address and Subnet Mask. The following command

includes both the IP address and the subnet mask. You must either include the

ID of the VLAN for which you are configuring IP addressing or go to the

context configuration level for that VLAN. (If you are not using VLANs on the

switch—that is, if the only VLAN is the default VLAN—then the VLAN ID is

always “1”.)

N o t e

The default IP address setting for the DEFAULT_VLAN is DHCP/Bootp. On

additional VLANs you create, the default IP address setting is Disabled.

Syntax:

vlan <vlan-id> ip address <ip-address/mask-length>

vlan <vlan-id> ip address <ip-address> <mask-bits>

vlan <vlan-id> ip address dhcp-bootp

This example configures IP addressing on the default VLAN with the subnet

mask specified in mask bits.

HP2512(config)# vlan 1 ip address 10.28.227.103/255.255.255.0

This example configures the same IP addressing as the preceding example,

but specifies the subnet mask by mask length.

HP2512(config)# vlan 1 ip address 10.28.227.103/24

Configure the Optional Default Gateway. You can assign one default

gateway to the switch.

Syntax: ip default-gateway <ip-address>

For example:

HP2512(config)# ip default-gateway 11.28.227.115

You can execute this command only from the global configuration level.

Configure Time-To-Live (TTL). This command sets the time that a packet

outbound from the switch can exist on the network. The default setting is 64

seconds.

Syntax:

ip ttl <number-of-seconds>

HP2512(config)# ip ttl 60

5-9

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

IP Configuration

In the CLI, you can execute this command only from the global configuration

level. The TTL range is 2 - 255 seconds.

Configure the Optional Timep Server.

Syntax: [no] ip timep <dhcp | manual <ip-address> > [interval <1-9999>]

You can specify whether the address of the Timep server is assigned via DHCP

or manually, and the interval in minutes between Timep queries (1-9999

minutes; default 720 minutes). The following examples show the Timep

command options:

HP2512(config)# ip timep manual 10.28.227.1 interval 60

HP2512(config)# ip timep manual 10.28.227.1

HP2512(config)# ip timep dhcp

HP2512(config)# ip timep dhcp interval 60

HP2512(config)# no ip timep

Web: Configuring IP Addressing

You can use the web browser interface to access IP addressing only if the

switch already has an IP address that is reachable through your network.

1. Click on the Configuration tab.

2. Click on [IP Configuration].

3. If you need further information on using the web browser interface, click

on [?] to access the web-based help available for the Switch 2512/2524.

How IP Addressing Affects Switch Operation

Without an IP address and subnet mask compatible with your network, the

switch can be managed only through a direct terminal device connection to

the Console RS-232 port. You can use direct-connect console access to take

advantage of features that do not depend on IP addressing. However, to realize

the full performance capabilities HP proactive networking offers through the

switch, configure the switch with an IP address and subnet mask compatible

with your network. The followingtable lists the generalfeaturesavailable with

and without a network-compatible IP address configured.

5-10

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

IP Configuration

Table 5-1. Features Available With and Without IP Addressing on the Switch

Features Available Without an IP Address

Additional HP Proactive Networking Features Available

with an IP Address and Subnet Mask

•

Direct-connect access to the CLI and the menu

interface.

Stacking Candidate or Stack Member

DHCP or Bootp support for automatic IP address

configuration, and DHCP support for automatic Timep

server IP address configuration

Spanning Tree Protocol

Port settings and port trunking

Console-based status and counters information for

monitoring switch operation and diagnosing problems

through the CLI or menu interface.

VLANs

GVRP

•

HP web browser interface access, with configuration,

security, and diagnostic tools, plus the Alert Log for

discovering problems detected in the switch along

with suggested solutions

SNMP network management access such as HP

TopTools network configuration, monitoring, problem-

finding and reporting, analysis, and recommendations

for changes to increase control and uptime

Stacking Commander*

Telnet access to the CLI or the menu interface

IGMP

•

Timep server configuration

TFTP download of configurations and OS updates

Ping test

•

Serial downloads of operating system (OS) updates

and configuration files (Xmodem)

•

Link test

Port monitoring

Security

*Although a Commander can operate without an IP address, doing so makes it unavailable for in-band access in an

IP network.

DHCP/Bootp Operation

Overview. DHCP/Bootp is used to provide configuration data from a DHCP

or Bootp server to the switch. This data can be the IP address, subnet mask,

default gateway, Timep Server address, and TFTP server address. If a TFTP

server address is provided, this allows the switch to TFTP a previously saved

configuratin file from the TFTP server to the switch. With either DHCP or

Bootp, the servers must be configured prior to the switch being connected to

the network.

N o t e

The Switches 2512 and 2524 are compatible with both DHCP and Bootp

servers.

The DHCP/Bootp Process. Whenever the IP Config parameter in the switch

or in an individual VLAN in the switch is configured to DHCP/Bootp (the

default), or when the switch is rebooted with this configuration:

5-11

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

IP Configuration

1. DHCP/Bootp requests are automatically broadcast on the local network.

(The switch sends one type of request to which either a DHCP or Bootp

server can respond.)

2. When a DHCP or Bootp server receives the request, it replies with a

previously configured IP address and subnet mask for the switch. The

switch also receives an IP Gateway address if the server has been config-

ured to provide one. In the case of Bootp, the server must first be

configured with an entry that has the MAC address of the switch. (To

determine the switch’s MAC address, see appendix B, “MAC Address

Management”. The switch properly handles replies from either type of

server. If multiple replies are returned, the switch tries to use the first

reply.)

N o t e

If you manually configure a gateway on the switch, it will ignore any gateway

address received via DHCP or Bootp.

If the switch is initially configured for DHCP/Bootp operation (the default),

or if it is rebooted with this configuration, it immediately begins sending

request packets on the network. If the switch does not receive a reply to its

DHCP/Bootp requests, it continues to periodically send request packets, but

with decreasing frequency. Thus, if a DHCP or Bootp server is not available

or accessible to the switch when DHCP/Bootp is first configured, the switch

may not immediately receive the desired configuration. After verifying that

the server has become accessible to the switch, reboot the switch to re-start

the process immediately.

DHCP Operation. A significant difference between a DHCP configuration

and a Bootp configuration is that an IP address assignment from a DHCP

server is automatic. Depending on how the DHCP server is configured, the

switch may receive an ip address that is temporarily leased. Periodically the

switch may be required to renew its lease of the IP configuration. Thus, the IP

addressing provided by the server may be different each time the switch

reboots or renews its configuration from the server. However, you can fix the

address assignment for the switch by doing either of the following:

Configure the server to issue an “infinite” lease.

Using the switch’s MAC address as an identifier, configure the server with

a “Reservation” so that it will always assign the same IP address to the

switch. (For MAC address information, refer to appendix B, “MAC

Address Management”.)

For more information on either of these procedures, refer to the documenta-

tion provided with the DHCP server.

5-12

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

IP Configuration

Bootp Operation. When a Bootp server receives a request it searches its

Bootp database for a record entry that matches the MAC address in the Bootp

request from the switch. If a match is found, the configuration data in the

associated database record is returned to the switch. For many Unix systems,

the Bootp database is contained in the /etc/bootptab file. In contrast to DHCP

operation, Bootp configurations are always the same for a specific receiving

device. That is, the Bootp server replies to a request with a configuration

previously stored in the server and designated for the requesting device.

Bootp Database Record Entries. A minimal entry in the Bootp table file

/etc/bootptab to update an IP address and subnet mask to the switch or a VLAN

configured in the switch would be similar to this entry:

j2512switch:\

ht=ether:\

ha=0030c1123456:\

ip=10.66.77.88:\

sm=255.255.248.0:\

gw=10.66.77.1:\

hn:\

vm=rfc1048

An entry in the Bootp table file /etc/bootptab to tell the switch or VLAN

where to obtain a configuration file download would be similar to this entry:

j2512switch:\

ht=ether:\

ha=0030c1123456:\

ip=10.66.77.88:\

sm=255.255.248.0:\

gw=10.66.77.1:\

lg=10.22.33.44:\

T144=”switch.cfg”:\

vm=rfc1048

where:

j2512switch is a user-defined symbolic name to help you find the correct section of the

bootptab file. If you have multiple switches that will be using Bootp to get their

IP configuration, you should use a unique symbolic name for each switch.

is the “hardware type”. For the Switches 2512 and 2524, set this to ether (for

Ethernet). This tag must precede the ha tag.

is the “hardware address”. Use the switch's (or VLAN's) 12-digit MAC address.

is the IP address to be assigned to the switch (or VLAN).

is the subnet mask of the subnet in which the switch (or VLAN) is installed.

5-13

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

IP Configuration

is the IP address of the default gateway.

TFTP server address (source of final configuration file)

T144

is the vendor-specific “tag” identifying the configuration file to download.

is a required entry that specifies the Bootp report format. For the Switches 2512

and 2524, set this parameter to rfc1048.

N o t e

The above Bootp table entry is a sample that will work for the Switches 2512

and 2524 when the appropriate addresses and file names are used.

Network Preparations for Configuring DHCP/Bootp

In its default configuration, the switch is configured for DHCP/Bootp opera-

tion. However, the DHCP/Bootp feature will not acquire IP addressing for the

switch unless the following tasks have already been completed:

For Bootp operation:

•

ABootpdatabaserecordhasalreadybeenentered intoanappropriate

Bootp server.

•

The necessary network connections are in place

The Bootp server is accessible from the switch

For DHCP operation:

•

A DHCP scope has been configured on the appropriate DHCP server.

The necessary network connections are in place

A DHCP server is accessible from the switch

N o t e

Designating a primary VLAN other than the default VLAN affects the switch’s

use of information received via DHCP/Bootp. For more on this topic, see

“Which VLAN Is Primary?” on page 9-53.

After you reconfigure or reboot the switch with DHCP/Bootp enabled in a

network providing DHCP/Bootp service, the switch does the following:

Receives an IP address and subnet mask and, if configured in the server,

a gateway IP address and the address of a Timep server.

If the DHCP/Bootp reply provides information for downloading a config-

uration file, the switch uses TFTPtodownloadthefile fromthe designated

source, then reboots itself. (This assumes that the switch or VLAN has

connectivity to the TFTP file server specified in the reply, that the config-

uration file is correctly named, and that the configuration file exists in the

TFTP directory.)

5-14

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

IP Configuration

Globally Assigned IP Network Addresses

If you intend to connect your network to other networks that use globally

administered IP addresses, Hewlett-Packard strongly recommends that you

use IP addresses that have a network address assigned to you. There is a

formal process for assigning unique IP addresses to networks worldwide. For

more information:

Please contact your internet service provider (ISP).

If you need more information than your ISP can provide, contact one of the

following organizations:

Country

Phone Number/E-Mail/URL Company Name/Address

United States/

1-310-823-9358

[email protected]

http://www.iana.org

The Internet Corporation for Assigned

Countries not in

Names and Numbers (ICANN)

4676 Admiralty Way, Suite 330

Marina Del Rey, CA 90292

USA

Europe or Asia/Pacific

Europe

+31 20 535 4444

[email protected]

RIPE NCC

Singel 258

http://www.ripe.net

1016 AB Amsterdam

The Netherlands

Asia/Pacific

+61-7-3367-0490

[email protected]

http://www.apnic.net

Attention: IN-ADDR.ARPA Registration

Asia Pacific Network Information Center

Level 1, 33 Park Road

PO Box 2131

Milton, QLD 4064

Australia

For more information, refer to Internetworking with TCP/IP: Principles,

Protocols and Architecture by Douglas E. Comer (Prentice-Hall, Inc.,

publisher).

5-15

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

Interface Access: Console/Serial Link, Web, and Inbound Telnet

Interface Access: Console/Serial Link,

Web, and Inbound Telnet

Interface Access Features

Feature

Default

CLI

Inactivity Time

0 Minutes

(disabled)

page 5-17 page 5-19

Inbound Telnet Access

Web Browser Interface Access

Terminal type

Enabled

VT-100

All

page 5-17 page 5-18

page 5-17 page 5-19

page 5-19

Event Log event types to list

(Displayed Events)

Baud Rate

Speed Sense

XON/XOFF

—

page 5-19

—

Flow Control

In most cases, the default configuration is acceptable for standard operation.

N o t e

Basic switch security is through passwords. You can gain additional security

using IP authorized managers. However if unauthorized access to the switch

through in-band means (Telnet or the web browser interface), then you can

disallow in-band access (as described in this section) and install the switch in

a locked environment.

5-16

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

Interface Access: Console/Serial Link, Web, and Inbound Telnet

Menu: Modifying the Interface Access

The menu interface enables you to modify these parameters:

Inactivity Timeout

Inbound Telnet Enabled

Web Agent Enabled

To Access the Interface Access Parameters:

1. From the Main Menu, Select...

2. Switch Configuration...

1. System Information

Interface Access

Parameters

Figure 5-4. The Default Interface Access Parameters Available in the Menu

Interface

2. Press [E] (for Edit). The cursor moves to the System Name field.

3. Usethearrowkeys ([ v] ,[ ^] , [ <] , [ >] )tomovetotheparametersyouwant

to change.

Refer to the online help provided with this screen for further information

on configuration options for these features.

4. When you have finished making changes to the above parameters, press

[Enter], then press [S] (for Save).

5-17

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

Interface Access: Console/Serial Link, Web, and Inbound Telnet

CLI: Modifying the Interface Access

Interface Access Commands Used in This Section

show console

below

[no] telnet-server

[no] web-management

console

below

page 5-19

Listing the Current Console/Serial Link Configuration. This com-

mand lists the current interface access parameter settings.

Syntax:

show console

This example shows the switch’s default console/serial configuration.

Interface Access

Enable/Disable

Event Log Event

Types To List

Console Control

Options

Figure 5-5. Listing of Show Console Command

Reconfigure Inbound Telnet Access. In the default configuration,

inbound Telnet access is enabled.

Syntax:[no] telnet-server

To disable inbound Telnet access:

HP2512(config)# no telnet-server

To re-enable inbound Telnet access:

HP2512(config)# telnet-server

5-18

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

Interface Access: Console/Serial Link, Web, and Inbound Telnet

Reconfigure Web Browser Access. In the default configuration, web

browser access is enabled.

Syntax:[no] web-management

To disable web browser access:

HP2512(config)# no web-management

To re-enable web browser access:

HP2512(config)# web-management

Reconfigure the Console/Serial Link Settings. You can reconfigure one

or more console parameters with one console command.

Syntax:

console

[terminal <vt100 | ansi>]

[screen-refresh <1 | 3 | 5 | 10 | 20 | 30 | 45 | 60>]

[baud <speed-sense | 1200 | 2400 | 4800 | 9600 | 19200 |38400 | 57600>]

[flow-control <xon/xoff | none>]

[inactivity-timer <0 1 5 10 15 20 30 60 120>]

[events <none | all | non-info | critical | debug]

N o t e

If you change the Baud Rate or Flow Control settings for the switch, you

should make the corresponding changes in your console access device. Oth-

erwise, you may lose connectivity between the switch and your terminal

emulatorduetodifferencesbetweentheterminal andswitch settingsfor these

two parameters.

All console parameter changes except events require that you save the config-

uration with write memory and then execute boot before the new console

configuration will take effect.

For example, to use one command to configure the switch with the following:

VT100 operation

19,200 baud

No flow control

10-minute inactivity time

Critical log events

you would use the following command sequence:

5-19

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

Interface Access: Console/Serial Link, Web, and Inbound Telnet

Theswitchimplementsthe EventLog change immediately. The switch implements

the other console changes after executing write memory and reload.

Figure 5-6. Example of Executing the Console Command with Multiple Parameters

You can also execute a series of console commands and then save the

configuration and boot the switch. For example:

Configure

the

individual

parameters.

Save the

changes.

Boot the

switch.

Figure 5-7. Example of Executing a Series of Console Commands

5-20

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

System Information

System Information Features

Feature

Default

CLI

System Name

switch product

name

page

5-22

5-23

5-25

System Contact

System Location

MAC Age Interval

Time Zone

n/a

page

5-22

5-23

5-25

n/a

page

5-22

5-23

5-25

300 seconds

page

5-22

page

5-24

page

5-22

page

5-24

Daylight Time Rule

Time

None

page

5-22

page

5-24

January 1, 1990 at

00:00:00 at last

power reset

—

page

5-25

Configuring system information is optional, but recommended.

System Name: Using a unique name helps you to identify individual devices

in stacking environments and where you are using an SNMP network manage-

ment tool such as HP TopTools for Hubs & Switches.

System Contact and Location: This information is helpful for identifying

the person administratively responsible for the switch and for identifying the

locations of individual switches.

MAC Age Interval: The number of seconds a MAC address the switch has

learned remains in the switch’s address table before being aged out (deleted).

Aging out occurs when there has been no traffic from the device belonging to

that MAC address for the configured interval.

Time Zone: The number of minutes your time zone location is to the West (+)

or East (-) of Coordinated Universal Time (formerly GMT). The default 0

means no time zone is configured.

5-21

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

System Information

Daylight Time Rule:Specifies the daylight savings time rule to apply for your

location. The default is None. (For more on this topic, see appendix D,

“Daylight Savings Time on HP ProCurve Switches.)

Time: Used in the CLI to specify the time of day, the date, and other system

parameters.

Menu: Viewing and Configuring System Information

To access the system information parameters:

1. From the Main Menu, Select...

3. Switch Configuration...

1. System Information

System Information

Figure 5-8. The System Information Configuration Screen (Default Values)

N o t e

To help simplify administration, it is recommended that you configure

System Name to a character string that is meaningful within your system.

2. Press [E] (for Edit). The cursor moves to the System Name field.

3. Refer to the online help provided with this screen for further information

on configuration options for these features.

4. When you have finished making changes to the above parameters, press

[Enter], then press [S] (for Save) and return to the Main Menu.

5-22

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

System Information

CLI: Viewing and Configuring System Information

System Information Commands Used in This Section

show system-information

hostname

below

snmp-server

[contact] [location]

mac-age-time

page 5-24

page 5-25

time timezone

time daylight-time-rule

time (date and time)

Listing the Current System Information. Thiscommandliststhecurrent

system information settings.

Syntax:

show system-information

This example shows the switch’s default console configuration.

Figure 5-9. Example of CLI System Information Listing

Configure a System Name, Contact, and Location for the Switch. To

help distinguish one switch from another, configure a plain-language identity

for the switch.

Syntax:

hostname <name-string>

snmp-server [contact <system contact>] [location <system location>]

Note that no blank spaces are allowed in the variables for these commands.

For example, to name the switch “Blue” with “Ext-4474” as the system contact,

and “North-Data-Room” as the location:

HP2512(config)# hostname Blue

HP2512(config)# snmp-server contact Ext-4474 location North-Data-Room

HP2512(config)# show system-information

5-23

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

System Information

New hostname,

contact, and

location data from

commands.

Figure 5-10. System Information Listing After Executing the Preceding Commands

Reconfigure the Age Interval for Learned MAC Addresses. This com-

mand corresponds to the MAC Age Interval in the menu interface, and is

expressed in seconds.

Syntax:

mac-age-time <10 . . 1000000> (seconds)

For example, to configure the age interval to seven minutes:

HP2512(config)# mac-age-time 420

Configure the Time Zone and Daylight Time Rule. These commands:

Set the time zone you want to use

Define the daylight time rule for keeping the correct time when daylight-

saving-time shifts occur.

Syntax:

time timezone <1440 . . -1440>

time daylight-time-rule <none | alaska | continental-us-and-canada |

middle-europe-and-portugal | southern-hemisphere | western-europe |

user-defined>

For example, this command configures the time zone and daylight time rule

for Vancouver, British Columbia in Canada (time zone 8 = 480 minutes):

HP2512(config)# time timezone 480 daylight-time-rule

continental-us-and-canada

5-24

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

System Information

Configure the Time and Date. The switch uses the time command to con-

figure both the time of day and the date. Also, executing time without param-

eters lists the switch’s time of day and date. Note that the CLI uses a 24-hour

clock scheme; that is, hour (hh) values from 1 p.m. to midnight are input as

13 - 24, respectively.

Syntax:

time [hh:mm[:ss]] [mm/dd/ [yy]yy]

For example, to set the switch to 3:45 p.m. on October 1, 2000:

HP2512(config)# time 15:45 10/01/00

N o t e

Executing reload orboot resets the time and date to their default startup values.

Web: Configuring System Parameters

In the web browser interface, you can enter the following system information:

System Name

System Location

System Contact

For access to the MAC Age Interval and the Time parameters, use the menu

interface or the CLI.

Configure System Parameters in the Web Browser Interface.

1. Click on the Configuration tab.

2. Click on [System Info].

3. Enter the data you want in the displayed fields.

4. Implement your new data by clicking on [Apply Changes].

To access the web-based help provided for the switch, click on [?] in the web

browser screen.

5-25

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring IP Addressing, Interface Access, and System Information

System Information

5-26

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic

Control and Port Trunking

Switch 2512 and 2524 Port Trunk Features and Operation . . . . . . . . . . 11

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Viewing Port Status and Configuring Port Parameters . . . . . . . . . . . . . . . . . 2

Menu: Viewing Port Status and Configuring Port Parameters . . . . . . . . 5

CLI: Viewing Port Status and Configuring Port Parameters . . . . . . . . . . 6

Web: Viewing Port Status and Configuring Port Parameters . . . . . . . . . 9

Port Trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Trunk Configuration Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Menu: Viewing and Configuring a Static Trunk Group . . . . . . . . . . . . . . 16

Check the Event Log (page 11-11) to verify that the trunked

ports are operating properly.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

CLI: Viewing and Configuring a Static or Dynamic

Port Trunk Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Using the CLI To View Port Trunks . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Using the CLI To Configure a Static or Dynamic Trunk Group . . . 20

Web: Viewing Existing Port Trunk Groups . . . . . . . . . . . . . . . . . . . . . . . 23

Trunk Group Operation Using LACP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Default Port Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

LACP Notes and Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Trunk Group Operation Using the “Trunk” Option . . . . . . . . . . . . . . . . 27

Trunk Operation Using the “FEC” Option . . . . . . . . . . . . . . . . . . . . . . . . 27

How the Switch Lists Trunk Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Outbound Traffic Distribution Across Trunked Links . . . . . . . . . . . . . . 28

6-1

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Overview

This chapter includes:

Configuring ports, including mode (speed and duplex), flow control, and

broadcast control parameters (page 6-2)

Creating and modifying a dynamic LACP or static port trunk group (page

6-10)

Port numbers in the status and configuration screens correspond to the port

numbers on the front of the switch.

ViewingPortStatusan d C onfigurin g Port

Parameters

Port Status and ConfigurationFeatures

Feature

Default

CLI

Web

viewing port status

configuring ports

n/a

page 6-5

page 6-6

page 6-8

page 6-9

10/100TX,

Enabled, Auto

6-2

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Viewing Port Status and Configuring Port Parameters

Table 6-1. Status and Parameters for Each Port Type

Description

Status or

Parameter

Intrusion Alert Yes: The switch has detected an attempt by an unauthorized device to communicate through the

(read-only)

indicated port.

No: Either no unauthorized devices have been detected on the port, or any detected violations have been

cleared.

For more on intrusions and intrusion alerts, see “Configuring and Monitoring Port Security” on page 7-9.

Enabled

Yes (default): The port is ready for a network connection.

No: The port will not operate, even if properly connected in a network. Use this setting, for example, if

the port needs to be shut down for diagnostic purposes or while you are making topology changes.

Status

(read-only)

Up: The port senses a linkbeat.

Down: The port is not enabled, has no cables connected, or is experiencing a network error. For

troubleshooting information, see the installation manual you received with the switch. See also chapter

11, “Troubleshooting” (in this manual).

Mode

The port’s speed and duplex (data transfer operation) setting.

10/100Base-T ports:

•

Auto (default): Senses speed and negotiates with the port at the other end of the link for data transfer

operation (half-duplex or full-duplex).

Note: Ensure that the device attached to the port is configured for the same setting that you select

here. Also, if “Auto” is used, the device to which the port is connected must operate in compliance

with the IEEE 802.3u “Auto Negotiation” standard for 100Base-T networks. If the other device does

not comply with the 802.3u standard, or is not set to Auto, then the port configuration on the switch

must be manually set to match the port configuration on the other device.

To see what the switch negotiates for the Auto setting, use the CLI show interfaces command or the

“ 3. Port Status” option under “1. Status and Counters” in the menu interface.

•

Auto-10: Allows the port to negotiate between half-duplex (HDx) and full-duplex (FDx) while keeping

speed at 10 Mbps. Also negotiates flow control (enabled or disabled). HP recommends Auto-10 for

links between 10/100 autosensing ports connected with Cat 3 cabling. (Cat 5 cabling is required for

100 Mbps links.).

•

10HDx:10 Mbps, Half-Duplex

10FDx: 10 Mbps, Full-Duplex

100HDx: 100 Mbps, Half-Duplex

100FDx: 100 Mbps, Full-Duplex

100FX ports:

•

100HDx (default): 100 Mbps, Half-Duplex

100FDx: 100 Mbps, Full-Duplex

6-3

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Viewing Port Status and Configuring Port Parameters

Status or

Parameter

Description

100/1000Base-T ports:

•

Auto (default): Senses speed and negotiates with the port at the other end of the link for port operation

(MDI-X or MDI).

To see what the switch negotiates for the Auto setting, use the CLI show interfaces command or the

“ 3. Port Status” option under “1. Status and Counters” in the menu interface.

•

1000Fdx: 1000 Mbps (1Gbps), Full-Duplex only

100Fdx: 100 Mbps, Full-Duplex

Notes:

•

Changing the port speed on a transceiver port requires a reboot of the switch.

Ensure that the device attached to the port is configured for the same setting that you select here.

Also, if “Auto” is used, the device to which the port is connected must also be configured to “Auto”

and operate in compliance with the IEEE 802.3ab “Auto Negotiation” standard for 1000Base-T

networks.

Gigabit fiber-optic ports (Gigabit-SX and Gigabit-LX):

•

1000FDx (default): 1000 Mbps (1 Gbps), Full Duplex only

Auto: The port operates at 1000FDx and auto-negotiates flow control with the device connected to

the port.

Flow Control

Bcast Limit

•

Disabled (default): The port will not generate flow control packets and drops received flow control

packets.

Enabled: The port uses 802.3x Link Layer Flow Control, generates flow control packets, and processes

received flow control packets.

With the port mode set to Auto (the default) and Flow Control enabled, the switch negotiates Flow Control

on the indicated port. If the port mode is not set to Auto, or if Flow Control is disabled on the port, then

Flow Control is not used.

Specifies the theoretical maximum of network bandwidth percentage that can be used for broadcast and

multicast traffic. Any broadcast or multicast traffic exceeding that limit will be dropped. Zero (0) means

the feature is disabled.

Note: If broadcast limits are configured on a group of ports, and those ports are later configured as

a trunk, then the broadcast limit for the trunk will be the highest limit that was previously configured

on the individual ports in the trunk.

Group (menu) Menu Interface: Specifies the static trunk group, if any, to which a port belongs.

Trunk Group

(CLI)

CLI: Appears in the show lacp command output to show the LACP trunk, if any, to which a port belongs.

Note: An LACP trunk requires a full-duplex link. In most cases, HP recommends that you leave the

port Mode setting at Auto (the default). See the LACP Note on page 6-11.

For more on port trunking, see “Port Trunking” on page 6-10.

Type

This parameter appears in the CLI show trunk listing and, for a port in a trunk group, specifies the type

of trunk group. The default Type is passive LACP, which can be displayed by using the CLI show lacp

command.

For more on port trunking, see “Port Trunking” on page 6-10.

6-4

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Viewing Port Status and Configuring Port Parameters

Menu: Viewing Port Status and Configuring Port

Parameters

From the menu interface, you can configure and view all port parameter

settings and view all port status indicators.

Using the Menu To View Port Status. The menu interface displays the

status for ports and (if configured) a trunk group.

From the Main Menu, select:

1. Status and Counters . . .

3. Port Status

In this example,

ports5and6have

previously been

configured as a

trunk group.

Figure 6-11. Example of the Port Status Screen

Using the Menu To Configure Ports.

N o t e

The menu interface uses the same screen for configuring both individual ports

and port trunk groups. For information on port trunk groups, see “Port

Trunking” on page 6-10.

1. From the Main Menu, Select:

2. Switch Configuration...

2. Port/Trunk Settings

6-5

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Viewing Port Status and Configuring Port Parameters

Figure 6-12. Example of Port/Trunk Settings with a Trunk Group Configured

2. Press [E] (for Edit). The cursor moves to the Enabled field for the first port.

3. Refer to the online help provided with this screen for further information

on configuration options for these features.

4. When you have finished making changes to the above parameters, press

[Enter], then press [S] (for Save).

CLI: Viewing Port Status and Configuring Port

Parameters

Port Status and Configuration Commands

show interfaces

show interface config

interface

below

page 6-7

page 6-8

From the CLI, you can configure and view all port parameter settings and view

all port status indicators.

Using the CLI To View Port Status. Use the following commands to dis-

play port status and configuration:

show interfaces: Lists the full status and configuration for all ports on the

switch.

show interface config: Lists a subset of the data shown by the show

interfaces command (above); that is, only the enabled/disabled, mode, and

flow control status for all ports on the switch.

6-6

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Viewing Port Status and Configuring Port Parameters

Syntax:

show interfaces

show interface config

The next two figures list examples of the output of the above two commands

for the same port configuration on a Switch 2512 or 2524.

Figure 6-1. Example of a Show Interface Command Listing

Figure 6-2. Example of a Show Interface Config Command Listing

6-7

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Viewing Port Status and Configuring Port Parameters

Using the CLI To Configure Ports. You can configure one or more of the

following port parameters. For details on each option, see Table 6-1 on page

6-3.

Syntax:

[no] interface <[ethernet] port-list>

[disable | enable]

[speed-duplex

[flow-control]

[broadcast-limit <0 - 99>]

Note that in the above syntax you can subsitute an “int” for “interface” and an

“e” for “ethernet”; that is int e <port-list>.

For example, to configure ports 1 through 4 and port 7 for 100Mbps full-duplex

with a broadcast limit of 20%, you would enter this command:

HP2512(config)# int e 1-4,7 speed-duplex 100-full

broadcast-limit 20

Similarly, to configure a single port with the settings in the above command,

you could either enter the same command with only the one port identified,

or go to the context level for that port and then enter the command. For

example, to enter the context level for port 7 and then configure that port for

100FDx with a broadcast limit of 20%:

HP2512(config)# int e 7

HP2512(eth-7)# speed-duplex 100-full broadcast-limit 20

If port 8 was disabled, and you wanted to enable it and configure it for 100FDx

with a broadcast limit of 20%, with flow-control active and a broadcast limit

of 20%, you could do so with either of the following command sets.

This command enables and configures port 8 from the config level:

HP2512(config)# interface e 8 enable speed-duplex

100-full broadcast-limit 20 flow-control

These two commands select the context level for port 8 and then apply

all of the configuration commands to port 8:

HP2512(config)# int e 8

HP2512(eth-8)# enable speed-duplex 100-full

flow-control broadcast-limit 20

6-8

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Viewing Port Status and Configuring Port Parameters

Web: Viewing Port Status and Configuring Port

Parameters

In the web browser interface:

1. Click on the Configuration tab.

2. Click on [Port Configuration].

3. Select the ports you want to modify and click on [Modify Selected Ports].

4. After you make the desired changes, click on [Apply Settings].

Note that the web browser interface displays an existing port trunk group.

However, to configure a port trunk group, you must use the CLI or the menu

interface. For more on this topic, see “Port Trunking” on page 6-10.

6-9

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Port Trunking

Port Status and ConfigurationFeatures

Feature

Default

n/a

CLI

Web

viewing port trunks

page 6-16

page 6-18

page 6-21

page 6-23

—

configuring a static trunk

group

none

configuring a dynamic LACP LACP passive

trunk group

—

page 6-22

—

Port trunking allows you to assign up to four physical links to one logical link

(trunk) that functions as a single, higher-speed link providing dramatically

increased bandwidth. This capability applies to connections between back-

bone devices as well as to connections in other network areas where traffic

bottlenecks exist. A trunk group is a set of up to four ports configured as

members of the same port trunk. Note that the ports in a trunk group do not

have to be consecutive. For example:

The multiple physical links in a trunk behave as one logical link

Switch 2:

Switch 1:

port 1

port 2

port 3

port 4

port 5

port 6

port 7

port 1

port 2

port 3

port 4

port 5

port 6

port 7

Ports 3 - 6

configured

as a port

Ports 1 - 4

configured

as a port

trunk group

trunk group.

Figure 6-3. Conceptual Example of Port Trunking

With full-duplex operation in a four-port trunk group, trunking enables the

following bandwidth capabilities:

Table 6-2. Bandwidth Capacity for Trunk Groups Configured for Full-Duplex

10 Mbps Links

Up to 40 Mbps

Up to 60 Mbps

Up to 80 Mbps

100 Mbps Links

Up to 400 Mbps

Up to 600 Mbps

Up to 800 Mbps

1000 Mbps Links

Up to 4000 Mbps

n/a*

2 Ports

3 Ports

4 Ports

n/a*

The Switches 2512 and 2524 offer a maximum of two gigabit links if optional gigabit

transceivers are installed.

6-10

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Port Trunking

Port Connections and Configuration: All port trunk links must be point-

to-point connections between the switch 2512 or 2524 and another switch,

router, server, or workstation configured for port trunking. No intervening,

non-trunking devices are allowed. It is important to note that ports on both

ends of a port trunk group must have the same mode (speed and duplex) and

flow control settings.

N o t e

Link Connections. The switch does not support port trunking through an

intermediate, non-trunkingdevicesuchasahub, orusingmorethanone media

type in a port trunk group. Similarly, all links in the same trunk group must

have the same speed, duplex, and flow control.

Port Security Restriction. Port securitydoesnotoperate onatrunkgroup.

If you configure port security on one or more ports that are later added to a

trunk group, the switch will reset the port security parameters for those ports

to the factory-default configuration.

C a u t i o n

To avoid broadcast storms or loops in your network while configuring a

trunk, first disable or disconnect all ports you want to add to or remove from

the trunk. After you finish configuring the trunk, enable or re-connect the

ports.

Switch 2512 and 2524 Port Trunk Features and

Operation

The Series 2500 switches offer these options for port trunking:

LACP (IEEE 802.3ad—page 6-24)

Trunk (non-protocol—page 6-27)

FEC (Fast EtherChannel®—page 6-27)

The Series 2500 switches support one trunk group of up to four ports. (Using

the Link Aggregation Control Protocol—LACP—option, you can include

standby trunked ports in addition to the maximum of four actively trunking

ports.)

L A C P N o t e

LACP operation requires full-duplex (FDx) links. For most installations, HP

recommends that you leave the port Mode settings at Auto (the default). LACP

also operates with Auto-10 (if negotiation selects HDx), 10FDx, 100FDx, and

1000FDx settings.

6-11

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Port Trunking

Fault Tolerance: If a link in a port trunk fails, the switch redistributes

traffic originally destined for that link to the remaining links in the trunk. The

trunk remains operable as long as there is at least one link in operation. If a

link is restored, that link is automatically included in the traffic distribution

again. The LACP option also offers a standby link capability, which enables

you to keep links in reserve for service if one or more of the original active

links fails. See “Trunk Group Operation Using LACP” on page 6-24.)

Trunk Configuration Methods

Dynamic LACP Trunk: The switch automatically negotiates trunked links

between LACP-configured ports on separate devices, and offers one dynamic

trunk option: LACP. To configure the switch to initiate a dynamic LACP trunk

with another device, use the interface ethernet command in the CLI to set the

default LACP option to Active on the ports you want to use for the trunk. For

example, the following command sets ports 1-4 to LACP active:

HP2512(config) int e 1-4 lacp active

Note that the above example works if the ports are not already operating in a

trunk. To change the LACP option on ports already operating as a trunk, you

must first remove them from the trunk. For example, if ports 1 - 4 were LACP-

active and operating in a trunk with another device, you would do the

following to change them to LACP-passive:

HP2512(config)# no int e 1-4 lacp

Removes the ports from

the trunk.

HP2512(config)# int e 1-4

lacp passive

Configures LACP

passive.

Static Trunk: The switch uses the links you configure with the Port/Trunk

Settings screen in the menu interface orthe trunk command in the CLI to create

a static port trunk. The switch offers three types of static trunks: LACP, Trunk,

and FEC.

Table 6-3. Trunk Types Used in Static and Dynamic Trunk Groups

Trunking

Method

LACP

Trunk

FEC

Dynamic

Static

Yes

6-12

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Port Trunking

Table 6-4. Trunk Configuration Protocols

Protocol

Trunking Options

Provides dynamic and static LACP trunking options.

LACP

(802.3ad)

•

Dynamic LACP — Use the switch-negotiated dynamic LACP trunk when:

–

The port on the other end of the trunk link is configured for Active or Passive LACP.

You want to achieve fault-tolerance for high-availability applications where you want a four-link trunk

with one or more standby links available in case an active link goes down. (Both ends of the link must

be dynamic LACP.)

•

Static LACP — Use the manually configured static LACP trunk when:

–

The port on the other end of the trunk link is configured for a static LACP trunk

You want to configure non-default spanning tree (STP) or IGMP parameters on an LACP trunk group.

You want an LACP trunk group to operate in a VLAN other than the default VLAN and GVRP is disabled.

You want to use a monitor port on the switch to monitor an LACP trunk.

See “Trunk Group Operation Using LACP” on page 6-24.

Trunk

Provides manually configured, static-only trunking to:

(non-

protocol)

•

Most HP switches and routing switches not running the 802.3ad LACP protocol.

Windows NT and HP-UX workstations and servers

Use the Trunk option when:

–

The device to which you want to create a trunk link is using a non-802.3ad trunking protocol

You are unsure which type of trunk to use, or the device to which you want to create a trunk link is

using an unknown trunking protocol.

–

You want to use a monitor port on the switch to monitor traffic on a trunk.

See “Trunk Group Operation Using the “Trunk” Option” on page 6-27.

FEC

Provides static trunking to forwarding devices that also support FEC (Fast

EtherChannel^®), such as some Cisco^®switches and routers, and some HP-UX and Windows NT servers.

See “Trunk Operation Using the FEC Option” on page 6-27.

6-13

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Port Trunking

Table 6-5. General Operating Rules for Port Trunks

Media: All ports on both ends of a trunk group must have the same media type and mode (speed and duplex). The switch

blocks any trunked links that do not conform to this rule. (For the Switch 2512 and 2524, HP recommends leaving the port

Mode setting at Auto or, in networks using Cat 3 cabling, Auto-10.)

Port Configuration: The default port configuration on the Switch 2512/2524 is Auto, which enables a port to sense speed

and negotiate duplex with an Auto-enabled port on another device. HP recommends that you use the Auto setting for all

ports you plan to use for trunking. Otherwise, you must manually ensure that the mode setting for each port in a trunk is

compatible with the other ports in the trunk.

Recommended Port Mode Setting for LACP

All of the following operate on a per-port basis, regardless of trunk membership:

•

Enable/Disable

Flow control (Flow Ctrl)

Broadcast limit (Bcast Limit) (Note that the switch automatically adjusts the Bcast Limit setting on individual ports in

the trunk to match the trunked port with the highest broadcast limit.) When a broadcast limit is configured on a trunk,

removing a port from the trunk sets the broadcast limit for that port to 0 (the default).

LACP is a full-duplex protocol. See “Trunk Group Operation Using LACP” on page 6-24.

Trunk Configuration: All ports in the same trunk group must be the same trunk type (LACP, Trunk, or FEC). All LACP ports

in the same trunk group must be either all static LACP or all dynamic LACP.

A trunk appears as a single port labeled Dyn1 (for an LACP dynamic trunk) or Trk1 (for a static trunk of any type:

LACP, Trunk, or FEC) on various menu and CLI screens. For a listing of which screens show which trunk types, see “How

the Switch Lists Trunk Data” on page 6-28.

For STP or VLAN operation, configuration for all ports in a trunk is done at the trunk level. (You cannot separately configure

individual ports within a trunk for STP or VLAN operation.)

Traffic Distribution: All of the switch trunk protocols use the SA/DA (Source Address/Destination Address) method of

distributing traffic across the trunked links. See “Outbound Traffic Distribution Across Trunked Links” on page 6-28.

6-14

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Port Trunking

Spanning Tree Protocol (STP): STP operates as a global setting on the switch (one instance of STP per switch). However,

you can adjust STP parameters on a per-port basis. A static trunk of any type appears in the STP configuration display,

and you can configure STP parameters for a static trunk in the same way that you would configure STP parameters on

a non-trunked port. (Note that the switch lists the trunk by name—Trk1—and does not list the individual ports in the

trunk.) For example, if ports 1 and 2 are configured as a static trunk, they are listed in the STP display as TRK1 and do not

appear as individual ports in the STP displays.

In this example showing

part of the show spanning-

tree listing, ports 1 and 2

are members of TRK1 and

do not appear as individual

ports in the port

configuration part of the

listing.

When Spanning Tree forwards on a trunk, all ports in the trunk will be forwarding. Conversely, when Spanning Tree blocks

a trunk, all ports in the trunk are blocked.

Note: A dynamic LACP trunk operates only with the default STP settings and does not appear in the STP configuration

display or show ip igmp listing.

If you remove a port from a static trunk, the port retains the same STP settings that were configured for the trunk.

IP Multicast Protocol (IGMP): A static trunk of any type appears in the IGMP configuration display, and you can configure

IGMP for a static trunk in the same way that you would configure IGMP on a non-trunked port. (Note that the switch lists

the trunk by name—Trk1—and does not list the individual ports in the trunk.) Also, creating a new trunk automatically

places the trunk in IGMP Auto status if IGMP is enabled for the default VLAN. A dynamic LACP trunk operates only with

the default IGMP settings and does not appear in the IGMP configuration display or show ip igmp listing.

VLANs: Creating a new trunk automatically places the trunk in the DEFAULT_VLAN, regardless of whether the ports in

the trunk were in another VLAN. Similarly, removing a port from a trunk group automatically places the port in the default

VLAN. You can configure a static trunk in the same way that you configure a port for membership in any VLAN.

Note: For a dynamic trunk to operate in a VLAN other than the default VLAN (DEFAULT_VLAN), GVRP must be enabled.

See “Trunk Group Operation Using LACP” on page 6-24.

Port Security: Trunk groups (and their individual ports) cannot be configured for port security, and the switch excludes

trunked ports from the show port-security listing. If you configure non-default port security settings for a port, then

subsequently place the port in a trunk, the port security for that port returns to the default settings. If you remove a port

from a trunk, the port security settings for that port are returned to their default values.

Monitor Port:

Note: A trunk cannot be a monitor port. A monitor port can monitor a static trunk but cannot monitor a dynamic LACP

trunk.

6-15

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Port Trunking

Menu: Viewing and Configuring a Static Trunk Group

I m p o r t a n t

Configure port trunking before you connect the trunked links to another

switch, routing switch, or server. Otherwise, a broadcast storm could occur.

(If you need to connect the ports before configuring them for trunking, you

can temporarily disable the ports until the trunk is configured. See “Using the

CLI To Configure Ports” on page 6-8.)

To View and/or Configure Static Port Trunking: This procedure uses

the Port/Trunk Settings screen to configure a static port trunk group on the

switch.

1. Follow the procedures in the Important note above.

2. From the Main Menu, Select:

2. Switch Configuration . . .

2. Port/Trunk Settings

3. Press [E] (for Edit) and then use the arrow keys to access the port trunk

parameters.

Thesetwocolumnsprovide

static trunk control.

Figure 6-4. Example of the Menu Screen for Configuring a Port Trunk Group

4. In the Group column, move the cursor to the port you want to configure.

5. Use the Space bar to choose the Trk1 trunk group assignment for the

selected port.

•

All ports in a trunk must have the same media type and mode (such

as 10/100TX set to 100FDx, or 100FX set to 100FDx). The flow control

settings must also be the same for all ports in a given trunk. (The

6-16

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Port Trunking

switch automatically adjusts Broadcast Limit settings to be the same

for all ports in a trunk.) To verify these settings, see “Viewing Port

Status and Configuring Port Parameters” on page 6-2.

•

You can configure the trunk group with one, two, three, or four ports

per trunk. If multiple VLANs are configured, all ports within a trunk

will be assigned to the same VLAN or set of VLANs. (With the 802.1Q

VLAN capability built into the switch, more than one VLAN can be

assigned to a trunk. See “Port-Based Virtual LANs (Static VLANs)” on

page 9-50.)

(To return a port to a non-trunk status, keep pressing the Space bar

until a blank appears in the highlighted Group value for that port.)

Figure 6-5. Example of the Configuration for a Two-Port Trunk Group

6. Move the cursor to the Type column for the selected port and use the

Space bar to select the trunk type:

–

LACP

Trunk (the default type if you do not specify a type)

FEC (Fast EtherChannel^®trunk)

All ports in the same trunk group on the same switch must have the same

Type (LACP, Trunk, or FEC).

7. When you are finished assigning ports to the trunk group, press [Enter], then

[S] (for Save) and return to the Main Menu. (It is not necessary to reboot

the switch.)

During the Save process, traffic on the ports configured for trunking will

be delayed for several seconds. If the Spanning Tree Protocol is enabled,

the delay may be up to 30 seconds.

6-17

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Port Trunking

8. Connect the trunked ports on the switch to the corresponding ports on

the opposite device. If you previously disabled any of the trunked ports

on the switch, enable them now. (See “Viewing Port Status and Configur-

ing Port Parameters” on page 6-2.)

Check the Event Log (page 11-11) to verify that the trunked ports are

operating properly.

CLI: Viewing and Configuring a Static or Dynamic Port

Trunk Group

Trunk Status and Configuration Commands

show trunks

show lacp

trunk

below

page 6-19

page 6-21

page 6-22

interface lacp

Using the CLI To View Port Trunks

You can list the trunk type and group for all ports on the switch or for selected

ports. You can also list LACP-only status information for LACP-configured

ports.

Listing Static Trunk Type and Group for All Ports or Selected Ports.

Syntax:

show trunks [<port-list>]

Omitting the <port-list> parameter results in a static trunk data listing for all

LAN ports in the switch.

This example uses a port list to specify only the switch ports an administrator

wants to view:

Figure 6-6. Example of a Show Trunk Listing for Specific Ports

6-18

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Port Trunking

The show trunk command in this example does not include a port list. As a

result, the listing shows static trunk group information for all switch ports.

Figure 6-7. Example of a Show Trunk Listing Without Specifying Ports

Listing Static LACP and Dynamic LACP Trunk Data. This command

lists data for only the LACP-configured ports.

Syntax:

show lacp

In the following example, ports 1, 2, and 3 have been previously configured

for a static LACP trunk. (For more on “Active”, see table 6-7 on page 6-25.)

Figure 6-8. Example of a Show LACP Listing

Dynamic LACP Standby Links. Dynamic LACP trunking enables you to

configure standby links for a trunk by including more than four ports in a

dynamic LACP trunk configuration. When four ports (trunk links) are up, the

remaining link(s) will be held in standby status. If a trunked link that is “Up”

fails, it will be replaced by a standby link, which maintains your intended

6-19

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Port Trunking

bandwidth for the trunk. In the next example, ports 1 through 5 have been

configured for the same LACP trunk. Notice that one of the links shows

Standby status, while the remaining four links are “Up”.

“Up” Links

Standby Link

Figure 6-9. Example of a Dynamic LACP Trunk with One Standby Link

Using the CLI To Configure a Static or Dynamic Trunk Group

I m p o r t a n t

Configure port trunking before you connect the trunked links between

switches. Otherwise, a broadcast storm could occur. (If you need to connect

the ports before configuring them for trunking, you can temporarily disable

the ports until the trunk is configured. See “Using the CLI To Configure Ports”

on page 6-8.)

On the Switches 2512 and 2524, you can configure one port trunk group having

up to four links (with additional standby links if you’re using LACP). Options

include:

If no trunk group exists, you can create a trunk group on the switch

If a trunk group already exists on the switch, you can add ports to the

trunk group or delete ports within the group.

You can remove a subset of ports from a trunk group, or delete the trunk

group entirely by removing all ports from the group

6-20

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Port Trunking

You can configure trunk group types as follows:

Trunk Type

Trunk Group Membership

Trk1 (Static)

Dyn1 (Dynamic)

LACP

Trunk

FEC

Yes

N o t e

The following examples show how to create different types of trunk groups.

However, the Switches 2512 and 2524 allow only one trunk group at any time.

Configuring a Static Trunk, Static FEC, or Static LACP Trunk Group.

Syntax: trunk trk1 <trunk | fec | lacp> <port-list>

This example uses ports 5-8 to create a non-protocol static trunk group.

HP2512(config)# trunk trk1 trunk 5-8

Removing Ports from a Static Trunk Group. This command removes

one or more ports from an existing Trk1 trunk group.

C a u t i o n

Removing a portfrom a trunk can resultin a loopand cause a broadcaststorm.

Whenyou remove a port from a trunkwhere STPisnot in use, HP recommends

that you disable the port or disconnect the link on that port.

Syntax: no trunk <port-list>

This example removes ports 7 and 8 from an existing trunk group.

HP2512(config)# no trunk 7-8

6-21

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Port Trunking

Enabling a Dynamic LACP Trunk Group. In the default port configura-

tion, all ports on the switch are set to LACP passive. However, to enable the

switch to automatically form a trunk group that is dynamic on both ends of

the link, the ports on one end of a set of links must be LACP active. The ports

on the other end can be either LACP active or LACP passive. This command

enables the switch to automatically establish a (dynamic) LACP trunk group

when the device on the other end of the link is configured for LACP passive.

Switch “A”

with portsset

to LACP

passive (the

default).

Switch “B”

with portsset

to LACP

passive (the

default).

Dynamic LACP trunk cannot automatically form because both

ends of the links are LACP passive.

(In this case STP blocking is needed to prevent a loop.

Switch “A”

with portsset

to LACP

Switch “B”

with portsset

to LACP

passive (the

default).

active.

Dynamic LACP trunk automatically forms because both

ends of the links are LACP and at least one end is LACP

active. (STP is not needed, and the clear advantages are

increased bandwidth and fault-tolerance.

Figure 6-10. Example of Criteria for Automatically Forming a Dynamic LACP Trunk

Syntax: interface <port-list> lacp active

This example uses ports 5 and 6 to enable a dynamic LACP trunk group.

HP2512(config)# interface 5-6 lacp active

6-22

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Port Trunking

Removing Ports from a Dynamic LACP Trunk Group. To remove a port

from dynamic LACP trunk operation, you must turn off LACP on the port. (On

a port inanoperating, dynamic LACP trunk, you cannot change betweenLACP

dynamic and LACP passive without first removing LACP operation from the

port.)

C a u t i o n

Unless STP is running on your network, removing a port from a trunk can

result in a loop. To help prevent a broadcast storm when you remove a port

from a trunkwhere STP isnot inuse, HP recommendsthat youfirst disconnect

the link on that port.

Syntax: nointerface <port-list> lacp

In this example, port 1 belongs to an operating, dynamic LACP trunk. To

remove port1fromthedynamictrunkandreturnittopassiveLACP,youwould

do the following:

HP2512>(config)# no interface 1 lacp

HP2512>(config)# interface 1 lacp passive

Note that in the above example, if the port on the other end of the link is

configured for active LACP or static LACP, the trunked link will be re-

established almost immediately.

Web: Viewing Existing Port Trunk Groups

While the web browser interface does not enable you to configure a port trunk

group, it does provide a view of an existing trunk group.

To view any port trunk groups:

Click on the Status tab.

Click on [Port Status].

6-23

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Port Trunking

Trunk Group Operation Using LACP

The switch can automatically configure a dynamic LACP trunk group or you

can manually configure a static LACP trunk group. The methods for displaying

N o t e

LACP requires full-duplex (FDx) links of the same media type (10/100Base-T,

100FX, etc.) and speed, and enforces speed and duplex conformance across

a trunk group.

LACP trunk status include:

Trunk Display Method

Static LACP Trunk Dynamic LACP Trunk

Included in listing. Included in listing.

Included in listing. Not included.

CLI show lacp command

CLI show trunk command

Port/Trunk Settings screen in menu interface Included in listing. Not included

In most cases, trunks configured for LACP on the ProCurve 2512/ 2524

switches operate as described in table 6-6:

Table 6-6. LACP Trunk Types

LACPPortTrunk Operation

Configuration

Dynamic LACP This option automaticallyestablishes an 802.3ad-compliant trunk group, with Dyn1for the port Group

name and LACP for the port Type parameter.

Under the following conditions, the switch automatically establishes a dynamic LACP port trunk group:

•

The ports on both ends of a link have compatible mode settings (speed and duplex).

The port on one end of a link must be configured for LACP Active and the port on the other end of

the same link must be configured for either LACP Passive (the default) or LACP Active. For example:

Switch 1

Switch 2

Port X:

Port A:

Active-to-Active

Active-to-Passive

LACP Enable: Active

Port Y:

LACP Enable: Active

Port B:

LACP Enable: Active

LACP Enable: Passive

Either of the above link configurations allow a dynamic LACP trunk link.

Standby Links: A maximum of four operating links are allowed in the trunk, but, with dynamic LACP, you

can configure one or more backup links that the switch automatically activates if a primary link fails.

To configure a link as a standby for an existing four-port dynamic LACP trunk, ensure that both ports

in the standby link are configured the same as either of the above examples.

Displaying Dynamic LACP Trunk Data: To list the configuration and status for a dynamic LACP trunk,

use the CLI show lacp command.

Note: The dynamic trunk is automatically created by the switch, and is not listed in the static trunk

listings available in the menu interface or in the CLI show trunk listing.

6-24

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Port Trunking

LACPPortTrunk Operation

Configuration

Static LACP

The trunk operates if the trunk group on the opposite device is running one of the following trunking

protocols:

•

Active LACP

Passive LACP

Trunk

FEC

This option uses Trk1 for the port Group parameter and LACP for the port Type parameter.

Displaying Static LACP Trunk Data: To list the configuration and status for a static LACP trunk, use the

CLI show lacp command. To list a static LACP trunk with its assigned ports, use the CLI show trunk

command or display the menu interface Port/Trunk Settings screen.

Static LACP does not allow standby ports.

Default Port Operation

In the default configuration, all ports are configured for passive LACP. How-

ever, if LACP is not configured, the port will not try to detect a trunk config-

uration and will operate as a standard, untrunked port. The following table

describes the elements of per-port LACP operation. To display this data for a

particular switch, execute the following command in the CLI:

HP2512> show lacp

Table 6-7. LACP Port Status Data

Status Name Meaning

Port Numb

Shows the physical port number for each port configured for LACP operation (1, 2, 3 . . .). Unlisted port

numbers indicate that the missing ports are assigned to a static Trunk group, an FEC trunk group, or are

not configured for any trunking.

LACP Enabled Active: The port automatically sends LACP protocol packets.

Passive: The port does not automatically send LACP protocol packets, and responds only if it receives

LACP protocol packets from the opposite device.

A link having either two active LACP ports or one active port and one passive port can perform dynamic

LACP trunking. A link having two passive LACP ports will not perform LACP trunking because both ports

are waiting for an LACP protocol packet from the opposite device.

Note: In the default switch configuration, all ports are configured for passive LACP operation.

Trunk Group

Trk1: This port has been manually configured into a static LACP trunk.

Trunk Group Same as Port Number: The port is configured for LACP, but is not a member of a port trunk.

6-25

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Port Trunking

Status Name Meaning

Port Status

Up: The port has an active LACP link and is not blocked or in Standby mode.

Down: The port is enabled, but an LACP link is not established. This can indicate, for example, a port that

is not connected to the network or a speed mismatch between a pair of linked ports.

Disabled: The port cannot carry traffic.

Blocked: LACP, STP, or FEC has blocked the port. (The port is not in LACP Standby mode.) This may be

due to a trunk negotiation (very brief) or a configuration error such as differing port speeds on the same

link or attempting to connect the Switch 2512/2524 to more than one trunk.

Standby: The port is configured for dynamic LACP trunking, but the maximum number of ports for the

Dyn1 trunk has already been reached on either the Switch 2512/2524 or the device on the other end of

the trunked links. This port will remain in reserve, or “standby” unless LACP detects another, active link

in the trunk becomes disabled, blocked, or down. In this case, LACP automatically assigns a Standby

port, if available, to replace the failed port.

LACP Partner Yes: LACP is enabled on both ends of the link.

No: LACP is enabled on the Switch 2512/2524, but is not enabled, or LACP has not been detected on the

opposite device.

LACP Status

Success: LACP is enabled on the port, detects and synchronizes with a device on the other end of the

link, and can move traffic across the link.

Failure: LACP is enabled on a port and detects a device on the other end of the link, but is not able to

synchronize with this device, and therefore not able to send LACP packets across the link. This can be

caused, for example, by an intervening device on the link (such as a hub), a bad hardware connection,

or if the LACP operation on the opposite device does not comply with the IEEE 802.3ad standard.

LACP Notes and Restrictions

Changing Trunking Methods. The switch supports one trunk group. Thus,

a port belonging to an LACP dynamic trunk (Dyn1) cannot be configured as a

member of a static trunk (Trk1) without first eliminating the dynamic trunk.

Also, to convert a trunk from static to dynamic, you must first eliminate the

static trunk.

Static LACP Trunks. Where a port is configured for LACP (Active or

Passive), but does not belong to an existing trunk group, you can add that port

to a static trunk. Doing so disables dynamic LACP on that port, which means

you must manually configure both ends of the trunk.

VLANs and Dynamic LACP. A dynamic LACP trunk operates only in the

default VLAN unless you have enabled GVRP on the switch. If you want to use

LACP for a trunk on a non-default VLANand GVRP is disabled, configure the

trunk as a static trunk.

STP and IGMP. If spanning tree (STP) and/or IGMP is enabled in the switch,

a dynamic LACP trunk operates only with the default settings for these

features and does not appear in the port listings for these features.

6-26

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Port Trunking

Half-Duplex and/or Different Port Speeds Not Allowed in LACP

Trunks. The ports on both sides of a trunk must be configured for the same

speed and for full-duplex (FDx). In most cases,HP recommends the ing. The

802.3ad LACP standard specifies a full-duplex (FDx) requirement for LACP

trunking.

A port configured as LACP passive and not assigned to a port trunk can be

configured to half-duplex (HDx). However, in any of the following cases, a

port cannot be reconfigured to an HDx setting:

If a port is set to LACP Active, you cannot configure it to HDx.

Ifa port isalready a memberofa static or dynamic LACPtrunk, youcannot

configure it to HDx.

If a port is already set to HDx, the switch does not allow you to configure

it for a static or dynamic LACP trunk.

Dynamic/Static LACP Interoperation: A port configured for dynamic

LACP can properly interoperate with a port configured for static (Trk1) LACP,

but any ports configured as standby LACP links will be ignored.

Trunk Group Operation Using the “Trunk” Option

This method creates a trunk group that operates independently of specific

trunking protocols and does not use a protocol exchange with the device on

the other end of the trunk. With this choice, the switch simply uses the SA/DA

method of distributing outbound traffic across the trunked ports without

regard for how that traffic is handled by the device at the other end of the

trunked links. Similarly, the switch handles incoming traffic from the trunked

links as if it were from a trunked source.

Use the Trunk option when you are trying to establish a trunk group between

the Switch 2512 or 2524 and another device, but the other device’s trunking

operationfailstointeroperateproperlywithLACPorFECtrunkingconfigured

on the Switch 2512 or 2524..

Trunk Operation Using the “FEC” Option

This is the most flexible method for distributing traffic over trunked links

when connecting to devices that use the FEC (Fast EtherChannel^®) technol-

ogy. FEC trunks offer the following benefits:

Provide trunked connectivity to a FEC-compliant server, switch, or router.

Enable quick convergence to remaining links when a failure is detected

on a trunked port link.

6-27

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Port Trunking

Depending on the capabilities of the device on the other end of the trunk,

negotiate the forwarding mechanism on the trunk to the non-protocol

option.

When auto-negotiated to the SA/DA forwarding mechanism, provide

higher performance on the trunk for broadcast, multicast, and flooded

traffic through distribution in the same manner as non-protocol trunking.

Support FEC automatic trunk configuration mode on other devices. That

is, when connecting FEC trunks to FEC-capable servers, switches, or

routers having FEC automatic trunk configuration mode enabled, the

FEC trunks allow these other devices to automatically form trunk groups.

How the Switch Lists Trunk Data

Static Trunk Group: Appears in the menu interface and the output from the

CLI show trunk and show interfaces commands.

Dynamic LACP Trunk Group: Appears in the output from the CLI show lacp

command.

Interface Option

Dynamic LACP Static LACP Static Non-Protocol

Trunk Group

Trunk Group or FEC Trunk Group

Menu Interface

Yes

CLI show trunk

CLI show interfaces

CLI show lacp

CLI show spanning-tree

CLI show igmp

Yes

CLI show config

Outbound Traffic Distribution Across Trunked Links

All three trunk group options (LACP, Trunk, and FEC) use source-destination

address pairs (SA/DA) for distributing outbound traffic over trunked links.

SA/DA (source address/destination address) causes the switch to distribute

outbound traffic to the links within the trunk group on the basis of source/

destination address pairs. That is, the switch sends traffic from the same

source addresstothe samedestinationaddressthroughthe sametrunkedlink,

6-28

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Port Trunking

and sends traffic from the same source address to a different destination

address through a different link, depending on the rotation of path assign-

ments among the links in the trunk. Likewise, the switch distributes traffic for

the same destination address but from different source addresses through

different links. Because the amount of traffic coming from or going to various

nodes in a network can vary widely, it is possible for one link in a trunk group

to be fully utilized while others in the same trunk have unused bandwidth

capacity even though the address assignments are evenly distributed across

the links in a trunk. In actual networking environments, this is rarely a

problem. However, if it becomes a problem, you can use the HP TopTools for

Hubs & Switches network management software available from Hewlett-

Packard to quickly and easily identify the sources of heavy traffic (top talkers)

and make adjustments to improve performance.

Broadcasts, multicasts, and floods from different source addresses are dis-

tributed evenly across the links. As links are added or deleted, the switch

redistributes traffic across the trunk group. For example, in figure 6-11 show-

ing a three-port trunk, traffic could be assigned as shown in table 6-8.

Switch

Figure 6-11. Example of Port-Trunked Network

Table 6-8. Example of Link Assignments in a Trunk Group (SA/DA Distribution)

Source:

Node A

Node B

Node C

Node D

Node A

Node B

Destination:

Node W

Node X

Link:

Node Y

Node Z

Node Y

Node W

6-29

Download from Www.Somanuals.com. All Manuals Search And Download.

Optimizing Port Usage Through Traffic Control and Port Trunking

Port Trunking

6-30

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP

ManagersToProtectAgainstUnauthorizedAccess

Menu: Setting Manager and Operator passwords . . . . . . . . . . . . . . . . . 7-5

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3

Using Password Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4

CLI: Setting Manager and Operator Passwords . . . . . . . . . . . . . . . . . . . 7-7

Web: Configuring User Names and Passwords . . . . . . . . . . . . . . . . . . .7 - 8

Configuring and Monitoring Port Security . . . . . . . . . . . . . . . . . . . . . . 7-9

Basic Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-9

Blocking Unauthorized Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10

Trunk Group Exclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11

Planning Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11

CLI: Port Security Command Options and Operation . . . . . . . . . . . . 7-13

CLI: Displaying Current Port Security Settings . . . . . . . . . . . . . . 7-16

CLI: Configuring Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-17

Web: Displaying and Configuring Port Security Features . . . . . . . . .7 - 21

Reading Intrusion Alerts and Resetting Alert Flags . . . . . . . . . . . . . . 7-22

Notice of Security Violations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-22

How the Intrusion Log Operates . . . . . . . . . . . . . . . . . . . . . . . . . .7 - 22

Keeping the Intrusion Log Current by Resetting Alert Flags . . . 7-23

Menu: Checking for Intrusions, Listing Intrusion Alerts, and

Resetting Alert Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 - 24

CLI: Checking for Intrusions, Listing Intrusion Alerts, and Resetting

Alert Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-25

Using the Event Log To Find Intrusion Alerts . . . . . . . . . . . . . . . 7-27

Web: Checking for Intrusions, Listing Intrusion Alerts, and Resetting

Alert Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-28

Operating Notes for Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-28

Using IP Authorized Managers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7- 30

Access Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-31

7-1

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Chapter Contents

Defining Authorized Management Stations . . . . . . . . . . . . . . . . . . . . . 7-31

Overview of IP Mask Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-32

Menu: Viewing and Configuring IP Authorized Managers . . . . . . . . . 7-33

CLI: Viewing and Configuring Authorized IP Managers . . . . . . . . . . . 7-34

Listing the Switch ’s Current Authorized IP Manager(s) . . . . . . . 7-34

Configuring IP Authorized Managers for the Switch . . . . . . . . . . 7-35

Web: Configuring IP Authorized Managers . . . . . . . . . . . . . . . . . . . . . 7-36

Building IP Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-36

Configuring One Station Per Authorized Manager IP Entry . . . . 7-36

Configuring Multiple Stations Per Authorized

Manager IP Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-37

Additional Examples for Authorizing Multiple Stations . . . . . . .7- 39

Operating and Troubleshooting Notes . . . . . . . . . . . . . . . . . . . . . . . . . 7-39

7-2

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Overview

Manager and Operator passwords (page 7-4): Control access and

privileges for the command line and menu interfaces (through either the

console port or Telnet) and the web browser interface through the net-

work. The features described in this chapter enhance security controls

against unauthorized access through the network.

Port Security (page 7-9): Enables you to specify on a per-port basis

which device(s) are authorized to access the network.

Authorized IP Managers (page 7-30):Enhances security on the switch

by using IP addresses and masks to determine which stations (PCs or

workstations) can access the switch through the network. This covers

access through the following means:

•

Telnet

The switch’s web browser interface

SNMP (with a correct community name)

File transfers using TFTP (for configurations and software updates)

Thus, with authorized IP managers configured, having the correct passwords

is not sufficient for accessing the switch through the network unless the

station attempting access is also included in the switch’s Authorized IP

Managers configuration.

7-3

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Using Password Security

Password Features

Feature

Default

CLI

Web

Set a Password

Set User Names

no passwords set page 7-5 page 7-7 page 7-8

no user names set

n/a

—

page 7-8

Delete Password

Protection

page 7-6 page 7-7 page 7-8

Console access includes both the menu interface and the CLI. There are two

levels of console access: Manager and Operator. For security, you can set a

password on each of these levels.

Level

Actions Permitted

Manager: Access to all console interface areas.

This is the default level. That is, if a Manager password has not been set prior

to starting the current console session, then anyone having access to the

console can access any area of the console interface.

Operator:

Access to the Status and Counters menu, the Event Log, and the CLI*, but no

Configuration capabilities.

On the Operator level, the configuration menus, Download OS, and Reboot

Switch options in the Main Menu are not available.

*Allows use of the ping, link-test, show, menu, exit, and logout commands, plus the enable

command if you can provide the Manager password.

To use password security:

1. Set a Manager password(and an Operator password, if applicable for your

system).

2. Exit from the current console session. A Manager password will now be

needed for full access to the console.

If you do steps 1 and 2, above, then the next time a console session is started

for either the menu interface or the CLI, a prompt appears for a password.

Assuming that both a Manager password and an Operator password have been

set, the level of access to the console interface will be determined by which

password is entered in response to the prompt.

7-4

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Using Password Security

If you set a Manager password, you may also want to configure the

Inactivity Time parameter (see page 5-16). This causes the console session to

end after the specified period of inactivity, thus giving you added security

against unauthorized console access.

N o t e

The manager and operator passwords control access to the menu interface,

the CLI, and the web browser interface.

If there is only a Manager password set (with no Operator password), and the

Manager password is not entered correctly when the console session begins,

access to the console will be denied.

If there are both a Manager password and an Operator password, but neither

is entered correctly, access to the console will be denied.

If the switch has neither a Manager password nor an Operator password,

anyone having access to the console interface can operate the console with

full manager privileges. Also, if only an Operator password is set, entering

the Operator password enables full manager privileges.

Passwords are case-sensitive.

The rest of this section covers how to:

Set Passwords

Delete Passwords

Recover from a Lost Password

Menu: Setting Manager and Operator passwords

1. From the Main Menu select:

5. Console Passwords

7-5

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Using Password Security

Figure 7-1. The Set Password Screen

2. To set a new password:

a. Select Set Manager Password or Set Operator Password. You will then

be prompted with Enter new password.

b. Type a password of up to 16 ASCII characters with no spaces and

press [Enter]. (Remember that passwords are case-sensitive.)

c. When prompted with Enter new password again, retype the new pass-

word and press [Enter].

After a password is set, if you subsequently start a new console session, you

will be prompted to enter the password.

To Delete Password Protection (Including Recovery from a Lost

Password): This procedure deletes both passwords (Manager and Opera-

tor). If you have physical access to the switch, press and hold the Clear button

(on the front of the switch) for a minimumof one second to clear all password

protection, then enter new passwords as described earlier in this chapter. If

you do not have physical access to the switch, you will need the Manager

access:

1. Enter the console at the Manager level.

2. Go to the Set Passwords screen as described above.

3. Select Delete Password Protection. You will then see the following prompt:

Continue Deletion of password protection? No

4. Press the Space bar to select Yes, then press [Enter].

5. Press [Enter] to clear the Password Protection message.

7-6

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Using Password Security

To Recover from a Lost Manager Password: If you cannot start a con-

sole session at the manager level because of a lost Manager password, you

can clear the password by getting physical access to the switch and pressing

and holding the Clear button for a minimum of one second. This action deletes

all passwords and user names (Manager and Operator) used by both the

console and the web browser interface.

CLI: Setting Manager and Operator Passwords

Password Commands Used in This Section

password

below

Configuring Manager and Operator Passwords. This procedure

prompts you to enter a password twice to help verify that you have correctly

entered the desired characters.

Syntax: password <manager | operator>

no password

•

Password entries

appear as asterisks.

You must type each

password entry

twice.

To Delete Password Protection. Thiscommandpromptsyoutoverifythat

you want to clear the passwords, then clears both the Manager and the

Operator password.

Press [Y] (for yes) and press [Enter].

Figure 7-2. Clearing the Manager and Operator Passwords

7-7

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Using Password Security

Web: Configuring User Names and Passwords

In the web browser interface you can enter both user names and passwords.

Because user names donotapply in the menu interface and the CLI, they affect

only your access to the switch through the web browser interface.

To Configure (or Remove) User Names and Passwords in the Web

Browser Interface.

1. Click on the Security tab.

Click on [Device Passwords].

2. Do one of the following:

•

To set user name and password protection, enter the user names and

passwords you want in the appropriate fields.

•

To remove user name and password protection, leave the fields blank.

3. Implement the user names and passwords by clicking on [Apply Changes].

To access the web-based help provided for the switch, click on [?] in the web

browser screen.

7-8

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Configuring and Monitoring Port Security

Configuring and Monitoring Port

Security

Feature

Default

—

CLI

Web

Displaying Current Port Security n/a

page 7-16

page 7-17

page 7-25

page 7-21

page 7-28

Configuring Port Security

disabled

—

Intrusion Alerts and Alert Flags n/a

page 7-27

Using Port Security, you can configure each switch port with a unique list of

the MAC addresses of devices that are authorized to access the network

through that port. This enables individual ports to detect, prevent, and log

attempts by unauthorized devices to communicate through the switch.

N o t e

This feature does not prevent intruders from receiving broadcast and multi-

cast traffic.

Basic Operation

Default Port Security Operation. The default port security setting for

each port is off, or “continuous”. That is, any device can access a port without

causing a security reaction.

Intruder Protection. A port that detects an “intruder” blocks the intruding

device from transmitting to the network through that port.

General Operation for Port Security. On a per-port basis, you can

configure security measuresto block unauthorizeddevices, and to sendnotice

of security violations. Once you have configured port security, you can then

monitor the network for security violations through one or more of the

following:

Alert flags that are captured by network management tools such as

HP TopTools for Hubs & Switches

Alert Log entries in the switch’s web browser interface

Event Log entries in the console interface

7-9

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Configuring and Monitoring Port Security

Intrusion Log entries in either the menu interface, CLI, or web

browser interface

For any port, you can configure the following:

Authorized (MAC) Addresses: Specify up to eight devices (MAC

addresses) that are allowed to send inbound traffic through the port.

This feature:

•

Closes the port to inbound traffic from any unauthorized devices that

are connected to the port.

•

Provides the option for sending an SNMP trap notifying of an

attempted security violation to a network management station and,

optionally, disables the port. (For more on configuring the switch for

SNMP management, see “Trap Receivers and Authentication Traps”

on page page 8-10.)

Blocking Unauthorized Traffic

Unless you configure the switch to disable a port on which a security violation

is detected, the switch security measures block unauthorized traffic without

disabling the port. This implementation enables you to apply the security

configuration to ports on which hubs, switches, or other devices are

connected, and to maintain security while also maintaining network access to

authorized users. For example:

7-10

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Configuring and Monitoring Port Security

Physical Topology

PC 1

Logical Topology for Access to Switch A

Switch A

Port Security

Configured

Switch A

Port Security

Configured

PC 1

MAC Address

Authorized by Switch A

Switch B

PC 2

Switch B

MAC Address

Authorized by

Switch A

MAC Address NOT

Authorized by Switch A

MAC Address

Authorized by

Switch A

PC 3

MAC Address NOT

Authorized by Switch A

Switch C

MAC Address

NOT Authorized

by Switch A

•

PC1 can access Switch A.

PCs 2 and 3 can access Switch B and Switch C, but are

blocked from accessing switch A by the port security

settings in switch A.

•

Switch C is not authorized to access Switch A.

Figure 7-3. Example of How Port Security Controls Access

N o t e

Broadcast and Multicast traffic is not “unauthorized” traffic, and can be read

by intruders connected to a port on which you have configured port security.

Trunk Group Exclusion

Port security does not operate on either a static or dynamic trunk group. If

you configure port security on one or more ports that are later added to a trunk

group, the switch will reset the port security parameters for those ports to the

factory-default configuration. (Ports configured for either Active or Passive

LACP, and which are not members of a trunk, can be configured for port

security.)

Planning Port Security

1. Plan your port security configuration and monitoring according to the

following:

a. On which ports do you want to configure port security?

7-11

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Configuring and Monitoring Port Security

b. Which devices (MAC addresses) are authorized on each port (up to 8

per port)?

c. For each port, what security actions do you want? (The switch

automatically blocks intruders detected on that port from transmit-

ting to the network.) You can configure the switch to (1) send intru-

sion alarms to an SNMP management station and to (2) optionally

disable the port on which the intrusion was detected.

d. How do you wantto learn ofthesecurity violation attemptsthe switch

detects? You can use one or more of these methods:

–

Through network management (That is, do you want an SNMP

trap sent to a net management station when a port detects a

security violation attempt?)

–

Through the switch’s Intrusion Log, available through the CLI,

menu, and web browser interface

Through the Event Log (in the menu interface or through the CLI

show log command)

2. Use the CLI or web browser interface to configure port security operating

and address controls. The following table describes the parameters.

7-12

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Configuring and Monitoring Port Security

CLI: Port Security Command Options and Operation

Port Security Commands Used in This Section

show port-security

port-security

page 7-16: “CLI: Displaying Current Port Security Settings ”

page 7-17: “CLI: Configuring Port Security ”

<[ethernet] port-list>

page 7-17: “CLI: Configuring Port Security ”

[learn-mode continuous] page 7-18: “Adding an Authorized Device to a Port ”

[learn-mode static]

[address-limit]

[mac-address]

[action]

page 7-18: “Adding an Authorized Device to a Port”

page 7-18: “Adding an Authorized Device to a Port ”

page 7-18: “Adding an Authorized Device to a Port”

no port-security

page 7-20: “Removing a Device From the “Authorized” List for

a Port”

[clear-intrusion-flag]

page 7-25: “CLI: Checking for Intrusions, Listing Intrusion

Alerts, and Resetting Alert Flags”

This section describes the CLI port security command and how the switch

acquires and maintains authorized addresses.

N o t e

Use the global configuration level to execute port-security configuration

commands.

7-13

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Configuring and Monitoring Port Security

Table 7-1. Port Security Parameters

Parameter Description

Port List

<[ethernet] port-list>

Identifies the port or ports on which to apply a port security command.

Specifies how the port acquires authorized addresses.

Learn

Mode

learn-mode <static | continuous>

Continuous(the Default):Appearsinthe factory-default settingor whenyouexecutenoport-security.Allows

the port to learn addresses from inbound traffic from any device(s) to which it is connected. In this state,

the port accepts traafficfromany device(s) to which it isconnected. Addresses learned this way appear

in the switch and port address tables and age out according to the Address Age Interval in the System

Information configuration screen (page 5-22).

Static: Enables you to use the mac-address parameter to specify the MAC addresses of the devices

authorized for a port, and the address-limit parameter to specify the number of MAC addresses

authorized for the port. You can authorize specific devices for the port, while still allowing the port to

accept other, non-specified devices until the device limit has been reached. That is, if you enter fewer

MAC addresses than you authorized, the port authorizes the remaining addresses in the order in which

it automatically learns them. For example, If you use address-limit to specify three authorized devices,

but use mac-address to specify only one authorized MAC address, the port adds the one specifically

authorized MAC address to its authorized-devices list and the first two additional MAC addresses it

detects. For example, suppose:

–

You use mac-address to authorize MAC address 0060b0-880a80 for port 4.

You use address-limit to allow three devices on port 4 and the port detects a series of MAC addresses

in the following order:

080090-1362f2

00f031-423fc1

080071-0c45a1

0060b0-880a80

(the address you authorized with the mac-address parameter)

In the above case, port four would assume the following list of authorized addresses:

080090-1362f2

00f031-423fc1

0060b0-880a80

(the first address the port detected)

(the second address the port detected)

(the address you authorized with the mac-address parameter)

The remaining MAC address the port detects, 080071-0c45a1, is not allowed in the list of authorized

addresses, and so is handled as an intruder.

Permanence of Authorized Addresses In Static Mode: A MAC address that you specifically

authorize with the mac-address parameter cannot age-out. Instead, it remainsin the port’s authorized-

devices list until you take one of the following actions: Remove it with a CLI command; Use the CLI to

disable port security on the port; Reset the switch to its default configuration; Reboot without first

executing write memory.

While in Static mode, if a port adds a MAC address that you have not specifically authorized (see above

example), that address remains in the Authorized list until you take one of the following actions: Remove

it with a CLI command; Remove the link and reboot the switch after device detection; Disable port

security on that port; Reset the switch to its factory-default configuration.

Caution: When you use static with a device limit greater than the number of MAC addresses you specify

with mac-address , an unwanted device can become “authorized”. This can occur because the port,

in order to fulfill the number of devices allowed by the address-limit parameter, automatically adds

devices it detects until the specified limit is reached.

7-14

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Configuring and Monitoring Port Security

Parameter Description

Device

Limit

address-limit <integer>

When Learn Mode is set to Static, specifies how many authorized devices (MAC addresses) to allow. Range:

1 (the default) to 8.

Action

action <none | send-alarm | send-disable>

Specifies whether an SNMP trap is sent to a network management station when Learn Mode is set to static

andtheport detectsanunauthorizeddevice, orwhen LearnMode isset to continuousand thereisanaddress

change on a port.

None (the default): Prevents an SNMP trap from being sent.

Send Alarm: Causes the switch to send an SNMP trap to a network management station.

Send Alarm and Disable: Available only in the static learn-mode. Causes the switch to send an SNMP trap

to a network management station and disable the port.

For information on configuring the switch for SNMP management, see chapter 8.

mac-address <mac-addr>

Address

List

Available for static learn mode. Allows up to eight authorized devices (MAC addresses) per port, depending

on the value specified in the address-limit parameter.

If you use mac-address with static, but enter fewer devices than you specified in the address-limit field, the

port accepts not only your specified devices, but also as many other devices as it takes to reach the device

limit. For example, if you specify four devices, but enter only two MAC addresses, the port will accept the

first two non-specified devices it detects, along with the two specifically authorized devices.

Clear

clear-intrusion-flag

Intrusion Clears the intrusion flag for a specific port. (See “Reading Intrusion Alerts and Resetting Alert Flags” on page

Flag

7-22.)

7-15

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Configuring and Monitoring Port Security

CLI: Displaying Current Port Security Settings

The CLI uses the same command to provide two types of port security listings:

All ports on the switch with their Learn Mode and (alarm) Action

Only the specified ports with their Learn Mode, Address Limit, (alarm)

Action, and Authorized Addresses

Using the CLI To Display Port Security Settings.

Syntax:

show port-security

show port-security <port number>

show port-security [<port number>-<port number]. . .[,<port number>]

Without port parameters, show port-security displays Operating Control settings

for all ports on a switch. For example:

Figure 7-4. Example Port Security Listing (Ports 7 and 8 Show the Default Setting)

Withport numbersincludedin the command, showport-security displays Learn

Mode, Address Limit, (alarm) Action, and Authorized Addresses for the spec-

ified ports on a switch. The following example lists the full port security

configuration for a single port:

7-16

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Configuring and Monitoring Port Security

Figure 7-5. Example of the Port Security Configuration Display for a Single Port

The following command example shows the option for entering a range of

ports, including a series of non-contiguous ports. Note that no spaces are

allowed in the port number portion of the command string:

HP2512(config)# show port-security 1-3,6,8

CLI: Configuring Port Security

Using the CLI, you can:

Configure port security and edit security settings.

Add or delete devices from the list of authorized addresses for one or

more ports.

Clear the Intrusion flag on specific ports

Syntax:

port-security <port-list>

[learn-mode continuous]

[learn-mode static]

[address-limit <integer>]

[mac-address <mac-addr>] [<mac-addr> . . . <mac-addr>]

[action <none | send-alarm | send-disable>]

[clear-intrusion-flag]

no port-security <port-list> mac-address <mac-addr> [<mac-addr> . . .

<mac-addr>]

For information on the individual control parameters, see the Port Security

Parameter tables on pages 7-14 and 7-15.

7-17

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Configuring and Monitoring Port Security

Specifying Authorized Devices and Intrusion Responses. This exam-

ple configures port 1 to automatically accept the first device (MAC address)

it detects as the only authorized device for that port. (The default device limit

is 1.) It also configures the port to send an alarm to a network management

station and disable itself if an intruder is detected on the port.

HP2512(config)# port-security 1 learn-mode static

action send-disable

The next example does the same as the preceding example, except that it

specifies a MAC address of 0c0090-123456 as the authorized device instead of

allowing the port to automatically assign the first device it detects as an

authorized device.

HP2512(config)# port-security 1 learn-mode static

mac-address 0c0090-123456 action send-disable

This example configures port 5 to:

Allow two MAC addresses, 00c100-7fec00 and 0060b0-889e00, as the

authorized devices

Send an alarm to a management station if an intruder is detected on the

port

HP2512(config)# port-security 5 learn-mode static

address-limit 2 mac-address 00c100-7fec00 0060b0-

889e00 action send-alarm

If you manually configure authorized devices (MAC addresses) and/or an

alarm action on a port, those settings remain unless you either manually

change them or the switch is reset to its factory-default configuration. You can

“turn off” authorized devices on a port by configuring the port to continuous

Learn Mode, but subsequently reconfiguring the port to static Learn Mode

restores those authorized devices.

Adding an Authorized Device to a Port. To simply add a device (MAC

address) to a port’s existing Authorized Addresses list, enter the port number

with the mac-address parameter and the device’s MAC address. This assumes

that Learn Mode is set to static and the Authorized Addresses list is not full

(as determined by the current Address Limit value). For example, suppose

port 2 allows two authorized devices, but has only one device in its Authorized

Address list:

7-18

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Configuring and Monitoring Port Security

Although the

Address Limit is set

to 2, only one device

has been authorized

for this port. In this

case you can add

another without

having to also

increase the Address

Limit.

The Address Limit has not

been reached.

With the above configuration for port 1, the following command adds the

0c0090-456456 MAC address as the second authorized address.

HP2512(config)# port-security 1 mac-address 0c0090-456456

After executing the above command, the security configuration for port 1

would be:

TheAddressLimithasbeen

reached.

(The message Inconsistent valueappears if the new MAC address

exceeds the current Address Limit or specifies a device that is already on the

list. Note that if you change a port from static to continuous learn mode, the

port retains in memory any authorized addresses it had while in static mode.

If you subsequently attempt to convert the port back to static mode with the

same authorized address(es), the Inconsistent valuemessage appears

because the port already has the address(es) in its “Authorized” list.)

If you are adding a device (MAC address) to a port on which the Authorized

Addresses list is already full (as controlled by the port’s current Address Limit

setting), then you must increase the Address Limit in order to add the device,

even if you want to replace one device with another. Using the CLI, you can

simultaneously increase the limit and add the MAC address with a single

command. For example, suppose port 1 allows one authorized device and

already has a device listed:

7-19

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Configuring and Monitoring Port Security

To add a second authorized device to port 1, execute a port-security command

for for port 1 that raises the address limit to 2 and specifies the additional

device’s MAC address. For example:

HP2512(config)# port-security 1 mac-address 0c0090-456456

address-limit 2

Removing a Device From the “Authorized” List for a Port. This com-

mand option removes unwanted devices (MAC addresses) from the Autho-

rized Addresses list. (An Authorized Address list is available for each port for

which Learn Mode is currently set to “Static”. See the “Address List” entry in

the table on page 7-15.)

C a u t i o n

When learn mode is set to static, the Address Limit (address-limit) parameter

controls how many devices are allowed in the Authorized Addresses (mac-

address) for a given port. If you remove a MAC address from the Authorized

Addresses list without also reducing the Address Limit by 1, the port may

subsequently detect and accept as authorized a MAC address that you do not

intend to include in your Authorized Address list. Thus, if you use the CLI to

remove a device that is no longer authorized, it is recommended that you first

reduce the Address Limit (address-limit) integer by 1, as shown below. This

prevents the possibility of the same device or another unauthorized device on

the network from automatically being accepted as “authorized” for that port.

To remove a device (MAC address) from the “Authorized” list and when the

current number of devices equals the Address Limit value, you should first

reduce the Address Limit value by 1, then remove the unwanted device.

N o t e

You can reduce the address limit below the number of currently authorized

addresses on a port. This enables you to subsequently remove a device from

the “Authorized” list without opening the possibility for an unwanted device

to automatically become authorized.

7-20

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Configuring and Monitoring Port Security

For example, suppose port 1 is configured as shown below and you want to

remove 0c0090-123456 from the Authorized Address list:

When removing 0c0090-123456, first

reduce the AddressLimitby 1to prevent

the port from automatically adding

another device that it detects on the

network.

The following command serves this purpose by removing 0c0090-123456 and

reducing the Address Limit to 1:

HP2512(config) # port-security 1 address-limit 1

HP2512(config) # no port-security 1 mac-address

0c0090-123456

The above command sequence results in the following configuration for port 1:

Web: Displaying and Configuring Port Security Features

1. Click on the Security tab.

2. Click on [Port Security].

3. Select the settings you want and, if you are using the Static Learn Mode,

add or edit the Authorized Addresses field.

4. Implement your new data by clicking on [Apply Changes].

7-21

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Configuring and Monitoring Port Security

To access the web-based Help provided for the switch, click on [?] in the web

browser screen.

Reading Intrusion Alerts and Resetting Alert Flags

Notice of Security Violations

When the switch detects an intrusion on a port, it sets an “alert flag” for that

port and makes the intrusion information available as described below. While

the switch can detect additional intrusions for the same port, it does not list

the next chronological intrusion for that port in the Intrusion Log until the

alert flag for that port has been reset.

When a security violation occurs on a port configured for Port Security, the

switch responds in the following ways to notify you:

The switch sets an alert flag for that port. This flag remains set until:

•

You use either the CLI, menu interface, or web browser interface to

reset the flag.

•

The switch is reset to its factory default configuration.

The switch enables notification of the intrusion through the following

means:

•

In the CLI:

–

The show intrusion-log command displays the Intrusion Log

The log command displays the Event Log

In the menu interface:

–

The Port Status screen includes a per-port intrusion alert

The Event Log includes per-port entries for security violations

In the web browser interface:

–

The Alert Log’s Status | Overview window includes entries for per-

port security violations

–

The Intrusion Log in the Security | Intrusion Log window lists per-

port security violation entries

•

In HP TopTools for Hubs & Switches via an SNMP trap sent to a net

management station

How the Intrusion Log Operates

When the switch detects an intrusion attempt on a port, it enters a record of

this event in the Intrusion Log. No further intrusion attempts on that port will

appear in the Log until you acknowledge the earlier intrusion event by reset-

ting the alert flag.

7-22

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Configuring and Monitoring Port Security

The Intrusion Log lists the 20 most recently detected security violation

attempts, regardless of whether the alert flags for these attempts have been

reset. This gives you a history of past intrusion attempts. Thus, for example,

if there is an intrusion alert for port 1 and the Intrusion Log shows two or more

entries for port 1, only the most recent entry has not been acknowledged (by

resetting the alert flag). The other entries give you a history of past intrusions

detected on port 1.

Figure 7-6. Example of Multiple Intrusion Log Entries for the Same Port

The log shows the most recent intrusion at the top of the listing. You cannot

delete Intrusion Log entries (unless you reset the switch to its factory-default

configuration). Instead, if the log is filled when the switch detects a new

intrusion, the oldest entry is dropped off the listing and the newest entry

appears at the top of the listing.

Keeping the Intrusion Log Current by Resetting Alert Flags

When a violation occurs on a port, an alert flag is set for that port and the

violation is entered in the Intrusion Log. The switch can detect and handle

subsequent intrusions on that port, but will not log another intrusion on the

port until you reset the alert flag for either all ports or for the individual port.

7-23

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Configuring and Monitoring Port Security

Menu: Checking for Intrusions, Listing Intrusion Alerts, and

Resetting Alert Flags

The menu interface indicates per-port intrusions in the Port Status screen, and

provides details and the reset function in the Intrusion Log screen.

1. From the Main Menu select:

1. Status and Counters

3. Port Status

The Intrusion Alert

column shows

“Yes” for any port

on which a security

violation has been

detected.

Figure 7-7. Example of Port Status Screen with Intrusion Alert on Port 3

2. Type [I] (Intrusion log) to display the Intrusion Log.

MAC Address of

Intruding Device

on Port 3

System Time of Intrusion on Port 3

Indicates this intrusion on port 3

occurred prior to a reset (reboot) at

the indicated time and date.

Figure 7-8. Example of the Intrusion Log Display

7-24

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Configuring and Monitoring Port Security

The above example shows two intrusions for port 3 and one intrusion for

port 1. In this case, only the most recent intrusion at port 3 has not been

acknowledged (reset). This is indicated by the following:

•

Because the Port Status screen (figure 7-7 on page 7-24) does not

indicate an intrusion for port 1, the alert flag for the intrusion on port

1 has already been reset.

•

Since the switch can show only one uncleared intrusion per port, the

older intrusion for port 3 in this example has also been previously

reset.

(The intrusion log holds up to 20 intrusion records and deletes an

intrusion record only when the log becomes full and a new intrusion

is subsequently detected.)

Note also that the “prior to” text in the record for the earliest intrusion

means that a switch reset occurred at the indicated time and that the

intrusion occurred prior to the reset.

3. To acknowledge the most recent intrusion entry on port 3 and enable the

switch to enter a subsequently detected intrusion on this port, type[R] (for

Reset alert flags). (Note that if there are unacknowledged intrusions on two

or more ports, this step resets the alert flags for all such ports.)

If you then re-display the port status screen, you will see that the Intrusion

Alert entry for port 3 has changed to “No”. That is, your evidence that the

Intrusion Alert flag has been acknowledged (reset) is that the Intrusion Alert

column in the port status display no longer shows “Yes” for the port on which

the intrusion occurred (port 3 in this example). (Because the Intrusion Log

provides a history of the last 20 intrusions detected by the switch, resetting

the alert flags does not change its content. Thus, displaying the Intrusion Log

again will result in the same display as in figure 7-8, above.)

CLI: Checking for Intrusions, Listing Intrusion Alerts, and

Resetting Alert Flags

The following commands display port status, including whether there are

intrusion alerts for any port(s), list the last 20 intrusions, and either reset the

alert flag on all ports or for a specific port for which an intrusion was detected.

(The record of the intrusion remains in the log. For more information, see

“Operating Notes for Port Security” on page 7-28.)

7-25

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Configuring and Monitoring Port Security

Syntax:

show interface

List Intrusion Alert status.

List Intrusion Log content.

Clear Intrusion flags on all ports.

show intrusion-log

clear intrusion-log

port-security <port-number>

clear-intrusion-flag

Clear Intrusion flag on a specific port.

In the following example, executing show interface lists the switch’s port status,

which indicates an intrusion alert on port 1.

Intrusion Alert on port 1.

Figure 7-9. Example of an Unacknowledged Intrusion Alert in a Port Status

Display

If you wanted to see the details of the intrusion, you would then enter the show

intrusion-log command. For example:

DatesandTimesof

Intrusions

MAC Address of latest

Intruder on Port 1

Earlier intrusions on

port 1 that have already

been cleared (that is,

the Alert Flag has been

reset at least twice

before the most recent

intrusion occurred.

Figure 7-10. Example of the Intrusion Log with Multiple Entries for the Same Port

The above example shows three intrusions for port 1. Since the switch can

show only one uncleared intrusion per port, the older two intrusions in this

example have already been cleared by earlier use of the clear intrusion-log or

the port-security 1 clear-intrusion-flag command. (The intrusion log holds up to

7-26

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Configuring and Monitoring Port Security

20 intrusion records, and deletes intrusion records only when the log becomes

full and new intrusions are subsequently added.) The “prior to” text in the

record for the third intrusion means that a switch reset occurred at the

indicated time and that the intrusion occurred prior to the reset.

To clear the intrusion from port 1 and enable the switch to enter any subse-

quent intrusion for port 1 in the Intrusion Log, execute the port-security 1 clear-

intrusion-flag command. If you then re-display the port status screen, you will

see that the Intrusion Alert entry for port 1 has changed to “No”. That is, your

evidence that the Intrusion Alert flag has been reset is the Intrusion Alert

column in the port status display no longer shows “Yes” for the port on which

the intrusion occurred (port 1 in this example). (Executing show intrusion-log

again will result in the same display as above.)

HP2512(config)# port-security 1 clear-intrusion-flag

HP2512(config)# show interface

Intrusion Alert on port 1 is now cleared.

Figure 7-11. Example of Port Status Screen After Alert Flags Reset

Using the Event Log To Find Intrusion Alerts

The Event Log lists port security intrusions as:

W MM/DD/YY HH:MM:SS FFI: port 3 — Security Violation

where “W” is the severity level of the log entry and FFIis the system module

that generated the entry. For further information, view the Intrusion Log.

From the CLI. Type the log command from the Manager or Configuration

level.

Syntax:

log <search-text>

For <search-text>, you can use ffi, security, or violation. For example:

7-27

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Configuring and Monitoring Port Security

Log Command

with

“security” for

Search String

Log Listing with

Security Violation

Detected

LogListingwithNo

Security Violation

Detected

Figure 7-12. Example of Log Listing With and Without Detected Security Violation

From the Menu Interface: In the Main Menu, click on 4. Event Log and use

Next page and Prev page to review the Event Log contents.

For More Event Log Information. See “Using the Event Log To Identify

Problem Sources” on page 11-11.

Web: Checking for Intrusions, Listing Intrusion Alerts, and

Resetting Alert Flags

1. Check the Alert Log by clicking on the Status tab and the [Overview] button.

If there is a “Security Violation” entry, do the following:

a. Click on the Security tab.

b. Click on [Intrusion Log]. “Ports with Intrusion Flag” indicates any ports

for which the alert flag has not been cleared.

c. To clear the current alert flags, click on [Reset Alert Flags].

To access the web-based Help provided for the switch, click on [?] in the web

browser screen.

Operating Notes for Port Security

Identifying the IP Address of an Intruder. The Intrusion Log lists

detected intruders by MAC address. If you are using HP TopTools for Hubs &

Switches tomanage your network, you can use the TopToolsinventory reports

to link MAC addresses to their corresponding IPaddresses. (Inventory reports

are organized by device type; hubs, switches, servers, etc.)

7-28

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Configuring and Monitoring Port Security

Proxy Web Servers. If you are using the switch’s web browser interface

through a switch port configured for Static port security, and your browser

access is through a proxy web server, then it is necessary to do the following:

Enter your PC or workstation MAC address in the port’s Authorized

Addresses list.

Enter your PC or workstation’s IP address in the switch’s IP Authorized

Managers list. See “Using IP Authorized Managers” on page 7-30.)

Without both of the above configured, the switch detects only the proxy

server’s MAC address, and not your PC or workstation MAC address, and

interprets your connection as unauthorized.

“Prior To” Entries in the Intrusion Log. If you reset the switch (using

the Reset button, Device Reset, or Reboot Switch), the Intrusion Log will list

the time of all currently logged intrusions as “prior to” the time of the reset.

Alert Flag Status for Entries Forced Off of the Intrusion Log. If the

Intrusion Log is full of entries for which the alert flags have not been reset, a

new intrusion will cause the oldest entry todrop offthe list, butwill notchange

the alert flag status for the port referenced in the dropped entry. This means

that, even if an entry is forced off of the Intrusion Log, no new intrusions can

be logged on the port referenced in that entry until you reset the alert flags.

7-29

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Using IP Authorized Managers

Authorized IP Manager Features

Feature

Default

CLI

Web

Listing (Showing) Authorized

Managers

n/a

page 7-33 page 7-34 page 7-36

Configuring Authorized IP

Managers

None

page 7-33 page 7-34 page 7-36

Building IP Masks

n/a

page 7-36 page 7-36 page 7-36

page 7-39 page 7-39 page 7-39

Operating and Troubleshooting

Notes

This feature enables you to enhance security on the switch by using IP

addresses to authorize which stations (PCs or workstations) can access the

switch. Thus, having the correct passwords is not sufficient for accessing the

switch through the network unless the station attempting access is also

included in the switch’s Authorized IP Managers configuration. Access con-

trols cover:

The switch’s web browser interface

Telnet (CLI or menu interface)

SNMP (network management)

File transfers using TFTP (for configurations and software updates)

You can configure:

Up to 10 authorized manager addresses, where each address applies to

either a single management station or a group of stations

Manager or Operator access level

N o t e

This feature does not protect access to the switch through a modem or direct

connection to the Console (RS-232) port. Also, if the IP address assigned to

an authorized management station is configured in another station, the other

station can gain management access to the switch even though a duplicate IP

address condition exists. For these reasons, you should enhance your net-

work’s security by keeping physical access to the switch restricted to autho-

rized personnel, using the password features built into the switch, and

preventing unauthorized access to data on your management stations.

7-30

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Using IP Authorized Managers

Access Levels

Foreachauthorizedmanageraddress, youcanconfigureeitheroftheseaccess

levels:

Manager: Enables full access to all web browser and console interface

screens for viewing, configuration, and all other operations available in

these interfaces.

Operator: Allows view-only access from the web browser and console

interfaces. (This is the same access that is allowed by the switch’s opera-

tor-level password feature.)

Defining Authorized Management Stations

Authorizing Single Stations: The table entry authorizes a single man-

agement station to have IP access to the switch. To use this method, just

enter the IP address of an authorized management station in the Autho-

rized Manager IP column, and leave the IP Mask set to 255.255.255.255. This

is the easiest way to use the Authorized Managers feature. (For more on

this topic, see “Configuring One Station Per Authorized Manager IP Entry”

on page 7-36.)

Authorizing Multiple Stations: The table entry uses the IP Mask to

authorize access to the switch from a defined group of stations. This is

useful if you want to easily authorize several stations to have access to

the switch without having to type in an entry for every station. All stations

in the group defined by the one Authorized Manager IP table entry and its

associatedIPmaskwillhavethesameaccesslevel—ManagerorOperator.

(For more onthis topic, see “Configuring Multiple Stations Per Authorized

Manager IP Entry” on page 7-37.)

To configure the switch for authorized manager access, enter the appropriate

Authorized Manager IP value, specify an IP Mask, and select either Manager

or Operator for the Access Level. The IP Mask determines how the Authorized

Manager IP value is used to allow or deny access to the switch by a manage-

ment station.

7-31

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Using IP Authorized Managers

Overview of IP Mask Operation

The default IP Mask is 255.255.255.255 and allows switch access only to a

station having an IP address that is identical to the Authorized Manager IP

parameter value. (“255” in an octet of themask meansthat only the exact value

in the corresponding octet of the Authorized Manager IP parameter is allowed

in the IP address of an authorized management station.) However, you can

alter the mask and the Authorized Manager IP parameter to specify ranges of

authorized IP addresses. For example, a mask of 255.255.255.0 and any value for

the Authorized Manager IP parameter allows a range of 0 through 255 in the

4th octet of the authorized IP address, which enables a block of up to 254 IP

addresses for IP management access (excluding 0 for the network and 255 for

broadcasts). A mask of 255.255.255.252 uses the 4th octet of a given Authorized

Manager IP address to authorize four IP addresses for management station

access. The details on how to use IP masks are provided under “Building IP

Masks” on page 7-36.

N o t e

The IP Mask is a method for recognizing whether a given IP address is

authorized for management access to the switch. This mask serves a different

purpose than IP subnet masks and is applied in a different manner.

7-32

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Using IP Authorized Managers

Menu: Viewing and Configuring IP Authorized

Managers

From the console Main Menu, select:

2. Switch Configuration . . .

7. IP Authorized Managers

1. Select Add to add an authorized manager

to the list.

Figure 7-13. Example of How To Add an Authorized Manager Entry

2. Enter an Authorized Manager IP address here.

3. Use the default mask to allow access by one

management device, or edit the mask to allow

access by a block of management devices. See

“Building IP Masks”on page 7-36.

4. Use the Space bar to select Manager or Operator

access.

5. Press [Enter], then [S] (for Save) to configure the IP

Authorized Manager entry.

Figure 7-14. Example of How To Add an Authorized Manager Entry (Continued)

7-33

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Using IP Authorized Managers

Editing or Deleting an Authorized Manager Entry. Go to the IP Manag-

ers List screen (figure 7-13), highlight the desired entry, and press [E] (for Edit)

or [D] (for Delete).

CLI: Viewing and Configuring Authorized IP Managers

Authorized IP Managers Commands Used in This Section

show ip authorized-managers

ip authorized-managers

<ip-address>

below

page 7-35: “To Authorize Manager Access”

page 7-35: “To Edit an Existing Manager Access Entry”

page 7-36: “To Delete an Authorized Manager Entry”

mask <mask-bits>

Listing the Switch’s Current Authorized IP Manager(s)

Use the show ip authorized-managers command to list IP stations authorized to

access the switch. For example:

Figure 7-15. Example of the Show IP Authorized-Manager Display

The above example shows an Authorized IP Manager List that allows stations

to access the switch as shown below:

IP Mask

255.255.255.252

Authorized Station IP Address:

10.28.227.100 through 103

10.28.227.104 through 105

10.28.227.125

Access Mode:

Manager

255.255.255.254

255.255.255.255

255.255.255.0

Manager

10.28.227.0 through 255

Operator

7-34

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Using IP Authorized Managers

Configuring IP Authorized Managers for the Switch

Syntax:

ip authorized-managers <ip address>

[mask <mask-bits>]

To Authorize Manager Access. This command authorizes manager-level

access for any station having an IP address of 10.28.227.0 through

10.28.227.255:

HP2512(config)# ip authorized-managers

10.28.227.101 mask 255.255.255.0 manager

Similarly, the next command authorizes manager-level access for any station

having an IP address of 10.28.227.101 through 103:

HP2512(config)# ip authorized-managers

10.28.227.101 mask 255.255.255.252 manager

If you omit the mask when adding a new authorized manager, the switch

automatically uses 255.255.255.255for the mask. If you do not specify

either Manager or Operator access, the switch automatically assigns the

Manager access. For example:

HP2512(config)# ip authorized-managers 10.28.227.105

The result of entering the above example is:

•

Authorized Station IP Address: 10.28.227.105

IP Mask: 255.255.255.255, which authorizes only the specified station

(10.28.227.105 in this case). (See “Configuring Multiple Stations Per

Authorized Manager IP Entry” on page 7-37.)

•

Access Level: Manager

To Edit an Existing Manager Access Entry. To change the mask or

access level for an existing entry, use the entry’s IP address and enter the new

value(s). (Notice that any parameters not included in the command will be set

to their default.):

HP2512(config)# ip authorized-managers

10.28.227.101 mask 255.255.255.0 operator

The above command replaces the existing mask and access level for IP

address 10.28.227.101 with 255.255.255.0and operator.

7-35

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Using IP Authorized Managers

The following command replaces the existing mask and access level for IP

address 10.28.227.101 with 255.0.0.0and manager(the defaults) because

the command does not specify either of these parameters .

HP2512(config)# ip authorized-managers 10.28.227.101

To Delete an Authorized Manager Entry. This command uses the IP

address of the authorized manager you want to delete:

HP2512(config)# no ip authorized-managers 10.28.227.101

Web: Configuring IP Authorized Managers

In the web browser interface you can configure IP Authorized Managers as

described below.

To Add, Modify, or Delete an IP Authorized Manager address:

1. Click on the Security tab.

2. Click on [Authorized Addresses].

3. Enter the appropriate parameter settings for the operation you want.

4. Click on [Add], [Replace], or [Delete] to implement the configuration change.

For web-based help on how to use the web browser interface screen, click on

the [?] button provided on the web browser screen.

Building IP Masks

The IP Mask parameter controls how the switch uses an Authorized Manager

IP value to recognize the IP addresses of authorized manager stations on your

network.

Configuring One Station Per Authorized Manager IP Entry

This is the easiest way to apply a mask. If you have ten or fewer management

and/or operator stations, you can configure them quickly by simply adding the

address of each to the Authorized Manager IP list with 255.255.255.255 for the

corresponding mask. For example, as shown in figure 7-15 on page 7-34, if you

configure an IP address of 10.28.227.125 with an IP mask of 255.255.255.255, only a

station having an IP address of 10.28.227.125 has management access to the

switch.

7-36

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Using IP Authorized Managers

Table 7-2. Analysis of IP Mask for Single-Station Entries

1st

2nd

3rd

4th

Manager-Level or Operator-Level Device Access

Octet Octet Octet Octet

IP Mask

255

227

255

125

The “255” in each octet of the mask specifies that only the exact value in

that octet of the corresponding IP address is allowed. This mask allows

management access only to a station having an IP address of 10.33.248.5.

Authorized

Manager IP

Configuring Multiple Stations Per Authorized Manager IP

Entry

ThemaskdetermineswhethertheIPaddressofastationonthe networkmeets

the criteria you specify. That is, for a given Authorized Manager entry, the

switch applies the IP mask to the IP address you specify to determine a range

of authorized IP addresses for management access. As described above, that

range can be as small as one IP address (if 255 is set for all octets in the mask),

or can include multiple IP addresses (if one or more octets in the mask are set

to less than 255).

If a bit in an octet of the mask is “on” (set to 1), then the corresponding bit in

the IP address of a potentially authorized station must match the same bit in

the IP address you entered in the Authorized Manager IP list. Conversely, if a

bit in an octet of the mask is “off” (set to 0), then the corresponding bit in the

IP address of a potentially authorized station on the network does not have to

match its counterpart in the IP address you entered in the Authorized Manager

IP list. Thus, in the example shown above, a “255” in an IP Mask octet (all bits

in the octet are “on”) means only one value is allowed for that octet—the value

you specify in the corresponding octet of the Authorized Manager IP list. A “0”

(all bits in the octet are “off”) means that any value from 0 to 255 is allowed

in the corresponding octet in the IP address of an authorized station. You can

also specify a series of values that are a subset of the 0-255 range by using a

value that is greater than 0, but less than 255.

7-37

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Using IP Authorized Managers

Table 7-3. Analysis of IP Mask for Multiple-Station Entries

1st

2nd

3rd

4th

Manager-Level or Operator-Level Device Access

Octet Octet Octet Octet

IP Mask

255

227

The “255” in the first three octets of the mask specify that only the exact

value in the octet of the corresponding IP address is allowed. However,

the zero (0) in the 4th octet of the mask allows any value between 0 and

255inthatoctetofthe correspondingIPaddress. Thismaskallowsswitch

access to any device having an IP address of 10.28.227.xxx, where xxx is

any value from 0 to 255.

Authorized

Manager IP

125

IP Mask

255

227

249

125

In this example (figure 7-16, below), the IP mask allows a group of up to

4 management stations to access the switch. This is useful if the only

devices in the IP address group allowed by the mask are management

stations. The “249” in the 4th octet means that bits 0 and 3 - 7 of the 4th

octet are fixed. Conversely, bits 1 and 2 of the 4th octet are variable. Any

value that matches the authorized IP address settings for the fixed bits is

allowed for the purposes of IP management station access to the switch.

Thus, any management station having an IP address of 10.28.227.121, 123,

125, or 127 can access the switch.

Authorized

IP Address

4th Octet of IP Mask:

249

4th Octet of Authorized IP Address: 5

Bit Numbers Bit

Bit

Bit Values

128

4th Octet of

IP Mask (249)

Bits 1 and 2 in the mask are “off”, and bits 0 and 3

- 7 are “on”, creating a value of 249 in the 4th octet

of the mask.

Where a mask bit is “on”, the corresponding bit

setting in the address of a potentially authorized

station must match the IP Authorized Address

setting for that same bit. Where a mask bit is “off”

the corresponding bit setting in the address can be

either “on” or “off”. In this example, in order for a

station to be authorized to access the switch:

4th Octet of

IPAuthorized

Address (125)

•

The first three octets of the station’s IP address

must match the Authorized IP Address.

Bit 0 and Bits 3 through 6 of the 4th octet in the

station’s address must be “on” (value = 1).

Bit 7 of the 4th octet in the station’s address

must be “off” (value = 0).

Bits 1 and 2 can be either “on” or “off”.

This means that stations with the IP address

13.28.227.X (where X is 121, 123, 125, or 127) are

authorized.

Figure 7-16. Example of How the Bitmap in the IP Mask Defines Authorized

Manager Addresses

7-38

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Using IP Authorized Managers

Additional Examples for Authorizing Multiple Stations

Entries for Authorized Results

Manager List

IP Mask

255 255 0

255

This combination specifies an authorized IP address of 10.33.xxx.1. It could be

applied, for example, to a subnetted network where each subnet is defined by the

third octet and includes a management station defined by the value of “1” in the

fourth octet of the station’s IP address.

Authorized

Manager IP

10 33 248 1

IP Mask

255 238 255 250

10 247 100 195

Allows 230, 231, 246, and 247 in the 2nd octet, and 194, 195, 198, 199 in the 4th octet.

Authorized

Manager IP

Operating and Troubleshooting Notes

Network Security Precautions: You can enhance your network’s secu-

rity by keeping physical access to the switch restricted to authorized

personnel, using the password features built into the switch, and prevent-

ing unauthorized access to data on your management stations.

Modem and Direct Console Access: Configuring authorized IP manag-

ers does not protect against access to the switch through a modem or

direct Console (RS-232) port connection.

Duplicate IP Addresses: If the IP address configured in an authorized

managementstationisalsoconfiguredinanotherstation,the otherstation

can gain management access to the switch even though a duplicate IP

address condition exists.

Web Proxy Servers: If you use the web browser interface to access the

switch from an authorized IP manager station, it is recommended that you

avoid the use of a web proxy server in the path between the station and

the switch. This is because switch access through a web proxy server

requires thatyou first addthe web proxy server to theAuthorizedManager

IP list. This reduces security by opening switch access to anyone who

uses the web proxy server. The following two options outline how to

eliminate a web proxy server from the path between a station and the

switch:

•

Even if you need proxy server access enabled in order to use

other applications, you can still eliminate proxy service for web

access to the switch. To do so, add the IP address or DNS name

of the switch to the non-proxy, or “Exceptions” list in the web

browser interface you are using on the authorized station.

•

If you don’t need proxy server access at all on the authorized

station, then just disable the proxy server feature in the station’s

web browser interface.

7-39

Download from Www.Somanuals.com. All Manuals Search And Download.

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access

Using IP Authorized Managers

7-40

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring for Network Management

Applications

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2

SNMP Management Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3

Configuring for SNMP Access to the Switch . . . . . . . . . . . . . . . . . . . . . . . . 8-4

SNMP Communities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6

Menu: Viewing and Configuring SNMP Communities . . . . . . . . . . . . . 8-6

To View, Edit, or Add SNMP Communities: . . . . . . . . . . . . . . . . . . 8-6

CLI: Viewing and Configuring Community Names . . . . . . . . . . . . . . . . 8-8

Listing Current Community Names and Values . . . . . . . . . . . . . . . 8-8

Configuring Identity Information . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9

Configuring Community Names and Values . . . . . . . . . . . . . . . . . . 8-9

Trap Receivers and Authentication Traps . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10

CLI: Configuring and Displaying Trap Receivers . . . . . . . . . . . . . . . . 8-11

Using the CLI To List Current SNMP Trap Receivers . . . . . . . . . 8-11

Configuring Trap Receivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12

Using the CLI To Enable Authentication Traps . . . . . . . . . . . . . . . . . . 8-12

Advanced Management: RMON and HP Extended RMON Support . . . . 8-13

RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13

Extended RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13

8-1

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring for Network Management Applications

Overview

You can manage the switch via SNMP from a network management station.

For this purpose, HP recommends HP TopTools for Hubs & Switches — an

easy-to-install and use network management application that runs on your

Windows NT- or Windows 2000-based PC. HP TopTools for Hubs & Switches

providescontrolof your switch throughits web browser interface. In addition,

it uses the RMON and Extended RMON agents statistical sampling software

that is included in the switch to provide powerful, but easy-to-use traffic

monitoring and network activity analysis tools. For more on TopTools, see the

"Read Me First" document shipped with your switch and also available on HP’s

ProCurve website at

http://www.hp.com/go/procurve

This chapter includes:

An overview of SNMP management for the switch

Configuring the Series 2500 switches for:

•

SNMP management

SNMP Communities

Trap Receivers and Authentication Traps

Information on advanced management through RMON and HP Extended

RMON Support

To implement SNMP management, you must either configure the switch with

an appropriate IP address or, if you are using DHCP/Bootp to configure the

switch, ensure that the DHCP or Bootp process provides the IP address. If

multiple VLANs are configured, each VLAN interface should have its own IP

network address. For DHCP use with multiple VLANs, see “Which VLAN Is

Primary?” on page 9-53.

8-2

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring for Network Management Applications

SNMP Management Features

SNMP management features on the switch include:

SNMP version 2c over IP

Security via configuration of SNMP communities

Event reporting via SNMP

•

Version 1 traps

RMON: groups 1, 2, 3, and 9

Managing the switch with an SNMP network management tool such as HP

TopTools for Hubs & Switches

Supported Standard MIBs include:

•

Bridge MIB (RFC 1493)

dot1dBase, dot1dTp, dot1dStp

Ethernet MAU MIB (RFC 1515)

dot3IfMauBasicGroup

Interfaces Evolution MIB (RFC 1573)

ifGeneralGroup, ifRcvAddressGroup, ifStackGroup

RMON MIB (RFC 1757)

etherstats, events, alarms, and history

SNMP MIB-II (RFC 1213)

system, interfaces, at, ip, icmp, tcp, udp, snmp

Entity MIB (RFC 2037)

HP Proprietary MIBs include:

•

Statistics for message and packet buffers, tcp, telnet, and timep

(netswtst.mib)

•

Port counters, forwarding table, and CPU statistics (stat.mib)

TFTP download (downld.mib)

Integrated Communications Facility Authentication Manager and

SNMP communities (icf.mib)

•

HP ProCurve Switch configuration (config.mib)

HP VLAN configuration information (vlan.mib) supporting

hpVlanGeneralGroup

•

HP Extended RMON MIB version 4 to allow statistical sampling

8-3

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring for Network Management Applications

Configuring for SNMP Access to the Switch

•

HP Entity MIB (entity.mib)

The switch SNMP agent also uses certain variables that are included in a

Hewlett-Packard proprietary MIB file you can add to the SNMP database

in your network management tool. You can copy the MIB file from the HP

TopTools for Hubs & Switches CD, or from following World Wide Web site:

http://www.hp.com/go/procurve

For more information, refer to the Read Me First document and the

Customer Support/Warranty booklet included with your switch.

Configuring for SNMP Access to the

Switch

SNMP access requires an IP address and subnet mask configured on the

switch. (See “IP Configuration” on page 5-3.) If you are using DHCP/Bootp to

configure the switch, ensure that the DHCP/Bootp process provides the IP

address. (See “DHCP/Bootp Operation” on page 5-11.)

Once an IP address has been configured, the general steps to configuring for

SNMP access to the preceding features are:

1. From the Main menu, select

2. Switch Configuration . . .

6. SNMP Community Names

2. Configure the appropriate SNMP communities. (The “public” community

exists by default and is used by HP’s network management applications.)

(For more on configuring SNMP communities, see “Menu: Viewing and

Configuring SNMP Communities” on page 8-6.)

3. Configure the appropriate trap receivers. (For more on configuring trap

receivers, see “CLI: Configuring and Displaying Trap Receivers” on page

8-11.)

In some networks, authorized IP manager addresses are not used. In this case,

all management stations using the correct community name may access the

switch with the View and Access levels that have been set for that community.

If you want to restrict access to one or more specific nodes, you can use the

switch’s IP Authorized Manager feature. (See “Using IP Authorized Managers”

on page 7-30.)

8-4

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring for Network Management Applications

Configuring for SNMP Access to the Switch

C a u t i o n

Deleting the community named “public” disables many network management

functions (such as auto-discovery, traffic monitoring, SNMP trap generation,

and threshold setting). If security for network management is a concern, it is

recommended that you change the write access for the “public” community

to “Restricted”.

8-5

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring for Network Management Applications

SNMP Communities

SNMP Community Features

Feature

Default

n/a

page 8-6 page 8-8

page 8-9

CLI

Web

show community name

configure identity information

configure community names

—

none

public

—

page 8-6 page 8-9

—

MIB view for a community name

manager

(operator, manager)

write access for default

community name

unrestricted

UseSNMPcommunities torestrict access to theswitchby SNMPmanagement

stations by adding, editing, or deleting SNMP communities. You can configure

up to five SNMP communities, each with either an operator-level or a manager-

level view, and either restricted or unrestricted write access.

Using SNMP requires that the switch have an IP address and subnet mask

compatible with your network.

C a u t i o n

Deleting or changing the community named “public” prevents network man-

agement applications (such as auto-discovery, traffic monitoring, SNMP trap

generation, and threshold setting) from operating in the switch. (Changing or

deleting the “public” name also generates an Event Log message.) If security

for network management is a concern, it is recommended that you change the

write access for the “public” community to “Restricted”.

Menu: Viewing and Configuring SNMP Communities

To View, Edit, or Add SNMP Communities:

1. From the Main Menu, Select:

2. Switch Configuration...

6. SNMP Community Names

8-6

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring for Network Management Applications

SNMP Communities

Note: This screen gives

an overview of the

SNMP communities

that are currently

configured. All fields in

this screen are read-

only.

Add and Edit options are

used to modify the SNMP

options. See figure 8-2.

Figure 8-1. The SNMP Communities Screen (Default Values)

2. Press [A] (for Add) to display the following screen:

If you are adding a

community, the

fields in this screen

are blank.

If you are editing an

existing community,

the values for the

currently selected

Community appear

in the fields.

Type the value for this field..

Use the Space bar to select

values for other fields

Figure 8-2. The SNMP Add or Edit Screen

Need Help? If you need information on the options in each field, press

[Enter] to move the cursor to the Actions line, then select the Help option

on the Actions line. When you are finished with Help, press [E] (for Edit)

to return the cursor to the parameter fields.

3. Enter the name you want in the Community Name field, and use the Space

bar to select the appropriate value in each of the other fields. (Use the [Tab]

key to move from one field to the next.)

4. Press [Enter], then [S] (for Save).

8-7

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring for Network Management Applications

SNMP Communities

CLI: Viewing and Configuring Community Names

Community Name Commands Used in This Section

show snmp-server [<community-string>]

snmp-server

below

page 8-9

page 8-12

[contact <contact-str>]

[location <location-str>]

[community <community-str>]

[host <community-str> <ip-addr>]

[<none | debug | all | not-info | critical>]

[enable traps <authentication>

page 8-12

Listing Current Community Names and Values

Listing Community Names. This command lists the data forcurrently con-

figured SNMP community names (along with trap receivers and the setting for

authentication traps — see “Trap Receivers and Authentication Traps” on

page 8-10).

Syntax:

show snmp-server [<community-string>]

This example lists the data for all communities in a switch; that is, both the

default "public" community name and another community named "red-team"

Default

Community and

Settings

Non-Default

Community and

Settings

Trap Receiver

Data (See page

8-10.)

Figure 8-3. Example of the SNMP Community Listing with Two Communities

To list the data for only one community, such as the "public" community, use

the above command with the community name included. For example:

8-8

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring for Network Management Applications

SNMP Communities

HP2512# show snmp-server public

Configuring Identity Information

This command enables you to enter contact-person and location data to help

identify the switch.

Syntax:

snmp-server [contact <contact-str>] [location <location-str>]

Both fields allow up to 48 characters, without spaces.

For example, to configure the switch with "Site-LAN-Ext.449" and a location

of "Level-2-North", you would execute the following command:

HP2512(config)# snmp-server contact Site-LANExt.449 location Level-2-North

Configuring Community Names and Values

If you enter a community name without an operator or manager designation,

the switch automatically assigns the community to Operator for the MIB view.

Also, if you do not specify restricted or unrestricted for the read/write MIB

access, the switch automatically restricts the community to read access for

the MIB.

Adding SNMP Communities in the Switch. The following SNMP com-

mand examples use add snmp to add new SNMP communities:

Syntax:

snmp-server community <community-name>

[operator | manager]

[restricted | unrestricted]

HP2512(config)# snmp-server community red-team

manager unrestricted

HP2512(config)# snmp-server community blue-team

operator restricted

8-9

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring for Network Management Applications

Trap Receivers and Authentication Traps

TrapReceiversandAuthenticationTraps

Trap Features

Feature

Default

—

CLI

Web

snmp-server host (trap receiver)

public

page 8-12 —

snmp-server enable (authentication trap) none

—

A trap receiver is a management station designated by the switch to receive

SNMP traps sent from the switch. An authentication trap is a specialized

SNMP trap sent to trap receivers when an unauthorized management station

tries to access the switch.

N o t e

Fixed or "Well-Known" Traps: The Series 2500 switches automatically send

fixedtraps(suchas"coldStart", "warmStart", "linkDown", and"linkUp") to trap

receivers using a public community name. These traps cannot be redirected

to other communities. Thus, if you change or delete the default public com-

munity name, these traps will be lost.

Thresholds: The switch automatically sends all messages resulting from

thresholds to the network management station(s) that set the thresholds,

regardless of the trap receiver configuration.

In the default configuration, there are no trap receivers configured, and the

authentication trap feature is disabled. From the CLI you can configure up to

ten SNMP trap receivers to receive SNMP traps from the switch. The switch

can be configured to also send event log messages as traps if the following

opotions are used with the snmp-server host command:

Event Level

None (default)

All

Description

Send no log messages.

Send all log messages.

Not INFO

Critical

Send the log messages that are not information-only.

Send critical-level log messages.

Reserved for HP-internal use.

Debug

8-10

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring for Network Management Applications

Trap Receivers and Authentication Traps

CLI: Configuring and Displaying Trap Receivers

Trap Receiver Commands Used in This Section

show snmp-server

below

snmp-server host

page 8-12

<ip-addr> <community-name>

[none | all | non-info| critical | debug]

snmp-server enable traps authentication

page 8-12

Using the CLI To List Current SNMP Trap Receivers

This command lists the currently configured trap receivers and the setting for

authentication traps (along with the current SNMP community name data —

see “SNMP Communities” on page 8-6).

Syntax: show snmp-server

In the next example, the show snmp-server command shows that the switch

has been previously configured to send SNMP traps to management stations

belonging to the “public”, “red-team”, and “blue-team” communities.

Example of

Community

Name Data (See

page 8-6.)

Authentication

Trap Setting

Example of Trap

Receiver Data

Figure 8-4. Example of Show SNMP-Server Listing

8-11

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring for Network Management Applications

Trap Receivers and Authentication Traps

Configuring Trap Receivers

This command specifies trap receivers by community membership, manage-

ment station IP address, and the type of Event Log messages to send to the

trap receiver.

N o t e

If you specify a community name that does not exist—that is, has not yet been

configured on the switch—the switch still accepts the trap receiver assign-

ment. However, no traps will be sent to that trap receiver until the community

to which it belongs has been configured on the switch.

Syntax:

snmp-server host

<community-str> <ip-address> [<none | all | non-info | critical | debug>]

For example, to configure a trap receiver in a community named "red-team"

with an IP address of 10.28.227.130 to receive only "critical" log messages:

HP2512(config)# snmp-server trap-receiver red-team

10.28.227.130 critical

N o t e

If you do not specify the event level ([<none | all | non-info | critical | debug>])

then the switchwill not send event log messages as traps. "Well-Known" traps

and threshold traps (if configured) will still be sent..

Using the CLI To Enable Authentication Traps

If this feature is enabled, an authentication trap is sent to the configured trap

receiver(s) if a management station attempts an unauthorized access of the

switch. Check the event log in the console interface to help determine why

the authentication trap was sent. (Refer to “Using the Event Log To Identify

Problem Sources” on page 11-11.)

N o t e

For this feature to operate, one or more trap receivers must be configured on

the switch. See “CLI:Configuring and Displaying Trap Receivers” on page 8-11.

Using the CLI To Enable Authentication Traps.

Syntax:

snmp-server trap authentication

HP2512(config)# snmp-server trap authentication

8-12

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring for Network Management Applications

Advanced Management: RMON and HP Extended RMON Support

Advanced Management: RMON and HP

Extended RMON Support

The switch supports RMON (Remote Monitoring) and HP Extended RMON

on all connected network segments. This allows for troubleshooting and

optimizing your network.

RMON

The following RMON groups are supported:

Ethernet Statistics (except the numbers of packetsof differentframe sizes)

Alarm

History (of the supported Ethernet statistics)

Event

The RMON agent automatically runs in the switch. Use the RMON manage-

ment station on your network to enable or disable specific RMON traps and

events. Note that you can access the Ethernet statistics, Alarm, and Event

groups from the HP TopTools for Hubs & Switches network management

software. For more on TopTools, see the "Read Me First" document shipped

with your switch and also available on HP’s ProCurve website at

http://www.hp.com/go/procurve

Extended RMON

Extended RMON provides network monitoring and troubleshooting informa-

tion that analyzes traffic from a network-wide perspective. Extended RMON

notifies you about network problems and identifies the end node at fault. That

information can be used to set up RMON to study the problem more closely,

if desired. Because it is based on detailed statistical sampling, Extended

RMON lessens the load on devices and network bandwidth. The Extended

RMON agent runs automatically on the switch. To use Extended RMON,

simply use Traffic Monitor (included with HP TopTools for Hubs & Switches)

on your network management station to enable sampling on the ports you

want to monitor.

8-13

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring for Network Management Applications

Advanced Management: RMON and HP Extended RMON Support

8-14

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9- 5

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4

Which Devices Support Stacking? . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6

Components of HP ProCurve Stack Management . . . . . . . . . . . . . . . 9-7

General Stacking Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7

Operating Rules for Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-8

General Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-8

Specific Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9- 9

Overview of Configuring and Bringing Up a Stack . . . . . . . . . . . . . . 9-11

General Steps for Creating a Stack . . . . . . . . . . . . . . . . . . . . . . . 9-13

Using the Menu Interface To View Stack Status And

Configure Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-15

Using the Menu Interface To View and Configure a

Commander Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-15

Using the Menu To Manage a Candidate Switch . . . . . . . . . . . . 9-17

Using the Commander To Manage The Stack . . . . . . . . . . . . . . . . . . 9-19

Using the Commander To Access Member Switches for

Configuration Changes and Monitoring Traffic . . . . . . . . . . . . . 9-26

Converting a Commander or Member to a Member of

Another Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-27

Monitoring Stack Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9- 28

Using the CLI To View Stack Status and Configure Stacking . . . . . 9-32

Using the CLI To View Stack Status . . . . . . . . . . . . . . . . . . . . . . 9- 34

Using the CLI To Configure a Commander Switch . . . . . . . . . . 9-36

Adding to a Stack or Moving Switches Between Stacks . . . . . . 9-38

Using the CLI To Remove a Member from a Stack . . . . . . . . . . 9-43

Using the CLI To Access Member Switches for Configuration

Changes and Traffic Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . 9-45

SNMP Community Operation in a Stack . . . . . . . . . . . . . . . . . . . . . . 9- 46

Using the CLI To Disable or Re-Enable Stacking . . . . . . . . . . . . . . . 9- 47

9-1

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Chapter Contents

Transmission Interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9- 47

Stacking Operation with Multiple VLANs Configured . . . . . . . . . . . 9- 47

Web: Viewing and Configuring Stacking . . . . . . . . . . . . . . . . . . . . . . 9- 48

Status Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9- 49

Port-Based Virtual LANs (Static VLANs) . . . . . . . . . . . . . . . . . . . . . 9- 50

Overview of Using VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-53

VLAN Support and the Default VLAN . . . . . . . . . . . . . . . . . . . . . 9-53

Which VLAN Is Primary? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9- 53

Per-Port Static VLAN Configuration Options . . . . . . . . . . . . . . . 9- 54

General Steps for Using VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . 9-56

Notes on Using VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-56

Menu: Configuring VLAN Parameters . . . . . . . . . . . . . . . . . . . . . . . . . 9- 57

To Change VLAN Support Settings . . . . . . . . . . . . . . . . . . . . . . . 9- 57

Adding or Editing VLAN Names . . . . . . . . . . . . . . . . . . . . . . . . . . 9-59

Adding or Changing a VLAN Port Assignment . . . . . . . . . . . . . . 9-60

CLI: Configuring VLAN Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . 9-62

Web: Viewing and Configuring VLAN Parameters . . . . . . . . . . . . . . 9-68

VLAN Tagging Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-69

Effect of VLANs on Other Switch Features . . . . . . . . . . . . . . . . . . . . 9-73

Spanning Tree Protocol Operation with VLANs . . . . . . . . . . . . 9-73

IP Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-73

VLAN MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-74

Port Trunks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-74

Port Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-74

VLAN Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-75

Symptoms of Duplicate MAC Addresses in

VLAN Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-76

GVRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-77

General Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-78

Per-Port Options for Handling GVRP “Unknown VLANs ” . . . . . . . . 9-80

Per-Port Options for Dynamic VLAN Advertising and Joining . . . . 9- 82

GVRP and VLAN Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9- 83

Port-Leave From a Dynamic VLAN . . . . . . . . . . . . . . . . . . . . . . . 9-83

Planning for GVRP Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9- 84

Configuring GVRP On a Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9- 84

Menu: Viewing and Configuring GVRP . . . . . . . . . . . . . . . . . . . . 9- 84

CLI: Viewing and Configuring GVRP . . . . . . . . . . . . . . . . . . . . . . 9- 86

Web: Viewing and Configuring GVRP . . . . . . . . . . . . . . . . . . . . . 9- 89

GVRP Operating Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9- 89

9-2

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Multimedia Traffic Control with IP Multicast (IGMP) . . . . . . . . . 9- 91

IGMP Operating Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9- 92

CLI: Configuring and Displaying IGMP . . . . . . . . . . . . . . . . . . . . . . . 9- 93

Web: Enabling or Disabling IGMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9- 97

How IGMP Operates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-97

Role of the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-98

Number of IP Multicast Addresses Allowed . . . . . . . . . . . . . . . 9-101

Interaction with Multicast Traffic/Security Filters. . . . . . . . . . 9-101

Spanning Tree Protocol (STP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9- 102

Menu: Configuring STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-103

CLI: Configuring STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-105

Web: Enabling or Disabling STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9- 108

How STP Operates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-108

STP Fast Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-109

STP Operation with 802.1Q VLANs 9- 110

9-3

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Overview

This chapter describes the following features and how to configure them with

the switch’s built-in interfaces:

HP ProCurve Stack Management (Page 9-5): Use your network to

stack switches without the need for any specialized cabling—page 9-5.

Port-Based VLANs — Page 9-50:

GVRP — Page 9-77:

Multimedia Traffic Control with IP Multicast (IGMP) — Page 9-91:

Use the switch to reduce unnecessary bandwidthusage on a per-port basis

by configuring IGMP controls.

Spanning Tree Protocol (STP) (Page 9-102): Use STP to automati-

cally block loops in your network by ensuring that there is only one active

path at a time between any two nodes on the network.

For general information on how to use the switch’s built-in interfaces, see:

Chapter 2, “Using the Menu Interface”

Chapter 3, “Using the Command Line Interface (CLI)”

Chapter 4, “Using the HP Web Browser Interface

Appendix C, “Switch Memory and Configuration”

9-4

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Stacking Features

Feature

Default

CLI

Web

view stack status

view status of a single switch

n/a

page 9-29 page 9-34 page 9-48

thru

page 9-31

view candidate status

n/a

page 9-34

page 9-35

view status of commander and its

stack

view status of all stacking-enabled

switches in the ip subnet

n/a

page 9-35

configure stacking

enable/disable candidate Auto-Join enabled/Yes page 9-18 page 9-40

“push” a candidate into a stack

n/a

page 9-18 page 9-40

page 9-15 page 9-36

page 9-27 page 9-42

configure a switch to be a commander n/a

“push” a member into another stack n/a

remove a member from a stack

n/a

page 9-24 page 9-43

page 9-44

“pull” a candidate into a stack

n/a

page 9-20 page 9-39

page 9-22 page 9-41

page 9-27 page 9-42

“pull” a member from another stack n/a

convert a commander or member to a n/a

member of another stack

access member switches for

n/a

page 9-26 page 9-45

page 9-18 page 9-47

configuration and traffic monitoring

disable stacking

enabled

transmission interval

60 seconds page 9-15 page 9-47

HPProCurve Stack Management (termed stacking) enables youtouse a single

IP address and standard network cabling to manage a group of up to 16 total

switches in the same IP subnet (broadcast domain). Using stacking, you can:

Reduce the number of IP addresses needed in your network.

9-5

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Simplify management of small workgroups or wiring closets while

scaling your network to handle increased bandwidth demand.

Eliminate any specialized cables for stacking connectivity and

remove thedistancebarriersthattypicallylimityourtopologyoptions

when using other stacking technologies.

Add switches to your network without having to first perform IP

addressing tasks.

Which Devices Support Stacking?

As of September, 2000, the following HP devices support stacking:

HP ProCurve Switch 2512

HP ProCurve Switch 2524

HP ProCurve Switch 8000M*

HP ProCurve Switch 4000M*

HP ProCurve Switch 2424M*

HP ProCurve Switch 2400M*

HP ProCurve Switch 1600M*

*Requiressoftware release C.08.03 or later, which isincludedwith the 8000M,

4000M, 2424M, and 1600M models as of July, 2000. Release C.08.03 or a later

version is also available on the HP ProCurve website at www.hp.com/go/

procurve. (Click on Free Software Updates.)

9-6

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Components of HP ProCurve Stack Management

Table 9-1. Stacking Definitions

Stack

Consists of a Commander switch and any Member switches belonging to that Commander’s stack.

Commander A switch that has been manually configured as the controlling device for a stack. When this occurs, the

switch’s stacking configuration appears as Commander.

Candidate

Member

A switch that is ready to join (become a Member of) a stack through either automatic or manual methods.

A switch configured as a Candidate is not in a stack.

A switch that has joined a stack and is accessible from the stack Commander.

After: Switch "B" joins the stack, thus changing from a

Before: Stack named

"Engineering" consists

of Commander and

Switch "C". Switch"B"is

a Candidate eligible to

join the stack.

Candidate to a Member of the stack.

Stack

Stack Name:

Engineering

Stack Name:

Engineering

Commander: Switch A

Member: Switch C

Member: Switch B

Candidate: Switch B

Figure 9-1. Illustration of a Switch Moving from Candidate to Member

General Stacking Operation

After you configure one switch to operate as the Commander of a stack,

additional switches can join the stack by either automatic or manual methods.

After a switch becomes a Member, you can work through the Commander

switch to further configure the Member switch as necessary for all of the

additional software features available in the switch.

The Commander switch serves as the in-band entry point for access to the

Member switches. For example, the Commander’s IP address becomes the

path to all stack Members and the Commander’s Manager password controls

access to all stack Members.

9-7

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Use the Commander’s console or web

browser interface to access the user

interface on any Member switch in

the same stack.

Wiring Closet "A"

Wiring Closet "B"

Member Switch 1

Candidate Switch

IP Address: None Assigned

Network Backbone

Manager Password: leader

Manager Password: francois

Non-Member Switch

Member Switch 2

Commander Switch 0

IP Address: 14.28.227.105

IP Address: None Assigned

IP Address: 14.28.227.100

Manager Password: donald

Manager Password: leader

Figure 9-2. Example of Stacking with One Commander Controlling Access to

Wiring Closet Switches

Interface Options. You can configure stacking through the switch’s menu

interface, CLI, or the web browser interface. For information on how to use

the web browser interface to configure stacking, see the online Help for the

web browser interface.

Web Browser Interface Window for Commander Switches. The web

browser interface window for a Commander switch differs in appearance

from the same window for non-commander switches. See figure 1-3 on page

1-5.

Operating Rules for Stacking

General Rules

Stacking is an optional feature (enabled in the default configuration)

and can easily be disabled. Stacking has no effect on the normal

operation of the switch in your network.

A stack requires one Commander switch. (Only one Commander

allowed per stack.)

All switches in a particular stack must be in the same IP subnet

(broadcast domain). A stack cannot cross a router.

A stack accepts up to 16 switches (numbered 0-15), including the

Commander (always numbered 0).

9-8

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

There is no limit on the number of stacks in the same IP subnet

(broadcast domain), however a switch can belong to only one stack.

If multiple VLANs are configured, stacking uses only the primary

VLAN on any switch. In the factory-default configuration, the

DEFAULT_VLAN is the primary VLAN. (See“Stacking Operation with

Multiple VLANs Configured” on page 9-47 and “Which VLAN Is

Primary?” on page 9-53.)

Stacking allows intermediate devices that do not support stacking.

This enables you to include switches that are distant from the

Commander.

Commander Switch

Switch with Stacking

Disabled or Not Available

Candidate Switch

Member Switch

Figure 9-3. Example of a Non-Stacking Device Used in a Stacking Environment

Specific Rules

Table 9-2 outlines the specific rules for switches operating in a stack.

Table 9-2. Specific Rules for Commander, Candidate, and Member Switches

IP Addressing and

Stack Name

Number Allowed Passwords

Per Stack

SNMP Communities

Commander IP Addr: Requires an

assigned IP address

Only one

The Commander’s Manager

StandardSNMPcommunity

Commander

and Operator passwords are operation. The Commander

and mask for access

switch is allowed assigned to any switch

per stack.

also operates as an SNMP

proxy to Members for all

SNMP communities config-

ured in the Commander.

via the network.

Stack Name: Required

becoming a Member of the

stack.

If you change the

Commander’s passwords, the

Commander propagates the

new passwords to all stack

Members.

9-9

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

IP Addressing and

Stack Name

Number Allowed Passwords

Per Stack

SNMP Communities

Candidate

IP Addr: Optional.

n/a

Passwords optional. If the

Uses standard SNMP

community operation if the

Candidate has its own IP

addressing.

Configuring an IP

Candidate becomes a stack

Member, it assumes the

Commander’s Manager and

Operator passwords.

address allows access

via Telnet or web

browser interface

while the switch is not

a stack member. In the

factory default configu-

ration the switch auto-

matically acquires an

IP address if your

If a candidate has a password,

it cannot be automatically

added to a stack. In this case,

if you want the Candidate in a

stack, you must manually add

it to the stack.

networkincludesDHCP

service.

Stack Name: N/A

Member

IP Addr: Optional.

Up to 15 Members When the switch joins the

Belongs to the same SNMP

communities as the

Configuring an IP

per stack.

stack, it automatically

address allows access

via Telnet or web

browser interface

without going through

theCommanderswitch.

This is useful, for

example, if the stack

Commander fails and

you need to convert a

Member switch to

operate as a replace-

ment Commander.

assumes the Commander’s

Commander (which serves

Manager and Operator pass- as an SNMP proxy to the

words and discards any pass- Member for communities to

words it may have had while a which the Commander

Candidate.

belongs). To join other

communities that exclude

the Commander, the

Note: If a Member leaves a

stack for any reason, it retains

the passwords assigned tothe

stack Commander at the time

of departure from the stack.

Member must have its own

IP address. Loss of stack

membership means loss of

membership in any commu-

nity that is configured only

in the Commander. See

"SNMP Community Opera-

tion in a Stack" on page 9-46.

Stack Name: N/A

N o t e

In the default stack configuration, the Candidate Auto Join parameter is

enabled, but the Commander Auto Grab parameter is disabled. This prevents

Candidates from automatically joining a stack prematurely or joining the

wrong stack (if more than one stack Commander is configured in a subnet or

broadcast domain). If you plan to install more than one stack in a subnet, HP

recommends that you leave Auto Grab disabled on all Commander switches and

manually add Members to their stacks. Similarly, if you plan to install a stack

in a subnet (broadcast domain) where stacking-capable switches are not

intended for stack membership, you should set the Stack State parameter (in

the Stack Configuration screen) to Disabled on those particular switches.

9-10

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Overview of Configuring and Bringing Up a Stack

This process assumes that:

All switches you want to include in a stack are connected to the same

subnet (broadcast domain).

If VLANs are enable d o n t he switche s y ou wan t t o include inthe stack,

then the ports linking the stacked switches must be on the primary

VLAN in each switch (which, in the default configuration, is the

default VLAN). If the primary VLAN is tagged, then each switch in the

stack must use the same VLAN ID (VID) for the primary VLAN. (See

“Which VLANIsPrimary?” on page 9-53, and “Stacking Operation with

Multiple VLANs Configured” on page 9-47.)

If you are including an HP ProCurve Switch 8000M, 4000M, 2424M,

2400M, or 1600M in a stack, you must first update all such devices to

software version C.08.xx. (You can get a copy of the software from

HP’s ProCurve website and/or copy it from one switch to another. For

downloading instructions, see appendix A, "File Transfers", in the

Management and Configuration Guide you received with these

switch models.)

Options for Configuring a Commander and Candidates. Depending on

how Commander and Candidate switches are configured, Candidates can join

a stack either automatically or by a Commander manually adding (“pulling”)

them into the stack. In the default configuration, a Candidate joins only when

manually pulled by a Commander. You can reconfigure a Commander to

automatically pull in Candidates that are in the default stacking configura-

tion. You can also reconfigure a Candidate switch to either “push” itself into

a particular Commander’s stack, convert the Candidate to a Commander (for

a stack that does not already have a Commander), or to operate as a standa-

lone switch without stacking. The following table shows your control options

for adding Members to a stack.

9-11

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Table 9-3. Stacking Configuration Guide

Join Method¹

Commander

Candidate

(IP Addressing Required) (IP Addressing Optional)

Auto Grab

Yes

Auto Join

Passwords

Automatically add Candidate to Stack

(Causes the first 15 eligible, discovered

switches in the subnet to automatically

join a stack.)

Yes (default)

No (default)^*

Manually add Candidate to Stack

(Prevent automatic joining of switches

you don’t want in the stack)

No (default)

Yes

Yes (default)

Optional^*

Configured

Optional

Yes

Yes (default) or No

Disabled

Prevent a switch from being a Candidate N/A

^*The Commander’s Manager and Operator passwords propagate to the candidate when it joins the stack.

The easiest way to automatically create a stack is to:

1. Configure a switch as a Commander.

2. Configure IP addressing and a stack name on the Commander.

3. Set the Commander’s Auto Grab parameter to Yes.

4. Connect Candidate switches (in their factory default configuration) to

the network.

This approach automatically creates a stack of up to 16 switches (including

the Commander). However this replaces manual control with an automatic

process that may bring switches into the stack that you did not intend to

include. With the Commander’s Auto Grab parameter set to Yes, any switch

conforming to all four of the following factors automatically becomes a stack

Member:

Defaultstacking configuration(Stack State setto Candidate, and AutoJoin

set to Yes)

Same subnet (broadcast domain) and default VLAN as the

Commander (If VLANs are used in the stack environment, see

"Stacking Operation with a Tagged VLAN" on page 9-47.)

No Manager password

14 or fewer stack members at the moment

9-12

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

General Steps for Creating a Stack

This section describes the general stack creation process. For the detailed

configuration processes, see pages 9-15 through 9-39 for the menu interface

and pages 9-32 through 9-44 for the CLI.

1. Determine the naming conventions for the stack. You will need a stack

name. Also, to help distinguish one switch from another in the stack, you

can configure a unique system name for each switch. Otherwise, the

system name for a switch appearing in the Stacking Status screen appears

as the stack name plus an automatically assigned switch number. For

example:

For status

descriptions, see the

table on page 9-49.

Stack with unique

systemname for each

switch.

Stack named "Online"

with no previously

configured system

names assigned to

individual switches.

Figure 9-4. Use of System Name to Help Identify Individual Switches

2. Configure the Commander switch. Doing this first helps to establish

consistency in your stack configuration, which can help prevent startup

problems.

•

AstackrequiresoneCommanderswitch. Ifyouplantoimplement

more than one stack in a subnet (broadcast domain), the easiest

way to avoid unintentionally adding a Candidate to the wrong

stack is to manually control the joining process by leaving the

Commander’s Auto Grab parameter set to No (the default).

•

The Commander assigns its Manager and Operator passwords to

any Candidate switch that joins the stack.

SNMP community names used in the Commander apply to stack

members.

9-13

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

3. For automatically or manually pulling Candidate switches into a stack,

you can leave such switches in their default stacking configuration. If you

need to access Candidate switches through your network before they

join the stack, assign IP addresses to these devices. Otherwise, IP

addressing is optional for Candidates and Members. (Note that once a

Candidate becomes a member, you can access it through the Commander

to assign IP addressing or make other configuration changes.)

4. Make a record of any Manager passwords assigned to the switches

(intended for your stack) that are not currently members. (You will have

to use these passwords to enable the protected switches to join the

stack.)

5. If you are using VLANs in the stacking environment, you must use the

default VLAN for stacking links. For more information, see "Stacking

Operation with a Tagged VLAN" on page 9-47.

6. Ensure that all switches intended for the stack are connected to the same

subnet (broadcast domain). As soon as you connect the Commander, it

will begin discovering the available Candidates in the subnet.

•

If you configured the Commander to automatically add Members

(Auto Grab set to Yes), then the first 15 discovered Candidates

meeting both of the following criteria will automatically become

stack Members:

–

Auto Join parameter set to Yes (the default)

Manager password not configured

•

If you configured the Commander tomanually add Members (Auto

Grab settoNo—the default), youcanbegin the processofselecting

and adding the desired Candidates.

7. Ensure that all switches intended for the stack have joined.

8. If you need to perform specific configuration or monitoring tasks on a

Member, use the console interface on the Commander to select and

access the Member.

9-14

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Using the Menu Interface To View Stack Status And

Configure Stacking

Using the Menu Interface To View and Configure a

Commander Switch

1. Configure an IP address and subnet mask on the Commander switch.

(See “IP Configuration” on page 5-3.)

2. Display the Stacking Menu by selecting Stacking in the Main Menu.

Figure 9-5. The Default Stacking Menu

3. Display the Stack Configuration menu by pressing [3] to select Stack

Configuration.

9-15

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Figure 9-6. The Default Stack Configuration Screen

4. Move the cursor to the Stack State field by pressing [E] (for Edit). Then

use the Space bar to select the Commander option.

5. Press the downarrow key to display the Commander configuration fields

in the Stack Configuration screen.

Figure 9-7. The Default Commander Configuration in the Stack Configuration

Screen

6. Enter a unique stack name (up to 15 characters; no spaces) and press the

downarrow key.

7. Ensure that the Commander has the desired Auto Grab setting, then press

the downarrow key:

9-16

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

•

No (the default) prevents automatic joining of Candidates that

have their Auto Join set to Yes.

Yes enables the Commander to automatically take a Candidate

into the stack as a Member if the Candidate has Auto Join set to Yes

(the default Candidate setting) and does not have a previously

configured password.

8. Accept or change the transmission interval (default: 60 seconds), then

press [Enter] to return the cursor to the Actions line.

9. Press [S] (for Save) to save your configuration changes and return to the

Stacking menu.

Your Commander switch should now be ready to automatically or manually

acquire Member switches from the list of discovered Candidates, depending

on your configuration choices.

Using the Menu To Manage a Candidate Switch

Using the menu interface, you can perform these actions on a Candidate

switch:

Add (“push”) the Candidate into an existing stack

Modify the Candidate’s stacking configuration (Auto Join and Transmission

Interval)

Convert the Candidate to a Commander

Disable stacking on the Candidate so that it operates as a standalone

switch

In its default stacking configuration, a Candidate switch can either automati-

cally join a stack or be manually added ("pulled") into a stackby a Commander,

depending on the Commander’s Auto Grab setting. The following table lists the

Candidate’s configuration options:

9-17

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Table 9-4.Candidate Configuration Options in the Menu Interface

Parameter

Stack State

Auto Join

Default Setting

Candidate

Yes

Other Settings

Commander, Member, or Disabled

Transmission Interval 60 Seconds

Range: 1 to 300 seconds

Using the Menu To “Push” a Switch Into a Stack, Modify the Switch’s

Configuration, or Disable Stacking on the Switch. Use Telnet or the

web browser interface to access the Candidate if it has an IP address. Other-

wise, use a direct connection from a terminal device to the switch’s console

port. (For information on how to use the web browser interface, see the online

Help provided for the browser.)

1. Display the Stacking Menu by selecting Stacking in the console Main Menu.

2. Display the Stack Configuration menu by pressing [3] to select Stack

Configuration.

Figure 9-8. The Default Stack Configuration Screen

3. Move the cursor to the Stack State field by pressing [E] (for Edit).

9-18

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

4. Do one of the following:

•

To disable stacking on the Candidate, use the Space bar to select

the Disabled option, then go to step 5.

Note: Using the menu interface to disable stacking on a Candidate

removes the Candidate from all stacking menus.

•

To insert the Candidate into a specific Commander’s stack:

i. Use the space bar to select Member.

ii. Press [Tab] once to display the Commander MAC Address parameter,

then enter the MAC address of the desired Commander.

•

To change Auto Join or Transmission Interval, use [Tab] to select the

desired parameter, and:

–

To change Auto Join, use the Space bar.

To change Transmission Interval, type in the new value in the range

of 1 to 300 seconds.

Note: All switches in the stack must be set to the same transmis-

sion interval to help ensure proper stacking operation. HP recom-

mends that you leave this parameter set to the default 60 seconds.

Then go to step 5.

5. press [Enter] to return the cursor to the Actions line.

6. Press [S] (for Save) to save your configuration changes and return to the

Stacking menu.

Using the Commander To Manage The Stack

The Commander normally operates as your stack manager and point of entry

into other switches in the stack. This typically includes:

Adding new stack members

Moving members between stacks

Removing members from a stack

Accessing stack members for individual configuration changes and traffic

monitoring

The Commander also imposes its passwords on all stack members and pro-

vides SNMP community membership to the stack. (See “SNMP Community

Operation in a Stack” on page 9-46.)

9-19

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Using the Commander’s Menu To Manually Add a Candidate to a

Stack. In the default configuration, you must manually add stack Members

from the Candidate pool. Reasons for a switch remaining a Candidate instead

of becoming a Member include any of the following:

Auto Grab in the Commander is set to No (the default).

Auto Join in the Candidate is set to No.

Note: When a switch leaves a stack and returns to Candidate status, its

Auto Join parameter resets to No so that it will not immediately rejoin a

stack from which it has just departed.

A Manager password is set in the Candidate.

The stack is full.

Unless the stack is already full, you can use the Stack Management screen to

manually convert a Candidate to a Member. If the Candidate has a Manager

password, you will need to use it to make the Candidate a Member of the stack.

1. To add a Member, start at the Main Menu and select:

9. Stacking...

4. Stack Management

You will then see the Stack Management screen:

For status descriptions,

see the table on page

9-49.

Figure 9-9. Example of the Stack Management Screen

2. Press [A] (for Add) to add a Candidate. You will then see this screen listing

the available Candidates:

9-20

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

The Commander automatically selects an

available switch number (SN). You have the

option ofassigning any other available number.

Candidate List

Figure 9-10. Example of Candidate List in Stack Management Screen

3. Either accept the displayed switch number or enter another available

number. (The range is 0 - 15, with 0 reserved for the Commander.)

4. Use the downarrow key to move the cursor to the MAC Address field,

then type the MAC address of the desired Candidate from the Candidate

list in the lower part of the screen.

5. Do one of the following:

•

If the desired Candidate has a Manager password, press the

downarrow key to move the cursor to the Candidate Password

field, then type the password.

•

If the desired Candidate does not have a password, go to step 6.

6. Press [Enter] to return to the Actions line, then press [S] (for Save) to

complete the Add process for the selected Candidate. You will then see

a screen similar to the one in figure 9-11, below, with the newly added

Member listed.

Note: If the message Unable to add stack member: Invalid Password appears in

the console menu’s Help line, then you either omitted the Candidate’s

Manager password or incorrectly entered the Manager password.

9-21

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

For status descriptions,

see the table on page

9-49.

New Member added in step 6.

Figure 9-11. Example of Stack Management Screen After New Member Added

Using the Commander’s Menu To Move a Member From One Stack to

Another. Where two or more stacks exist in the same subnet (broadcast

domain), you can easily move a Member of one stack to another stack if the

destination stack is not full. (If you are using VLANs in your stack environ-

ment, see "Stacking Operation with a Tagged VLAN" on page 9-47.) This

procedure is nearly identical to manually adding a Candidate to a stack (page

9-20). (If the stack from which you want to move the Member has a Manager

password, you will need to know the password to make the move.)

1. To move a Member from one stack to another, go to the Main Menu of

the Commander in the destination stack and display the Stacking Menu

by selecting

9. Stacking...

2. To learn or verify the MAC address of the Member you want to move,

display a listing of all Commanders, Members, and Candidates in the

subnet by selecting:

2. Stacking Status (All)

9-22

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

You will then see the Stacking Status (All) screen:

For status descriptions,

see the table on page 49.

This column lists the MAC

Addresses for switches

discovered (in the local

subnet)thatareconfigured

for Stacking.

Using the MAC addresses for these

Members, you can move them between

stacks in the same subnet.

Figure 9-12. Example of How the Stacking Status (All) Screen Helps You Find

Member MAC Addresses

3. In the Stacking Status (All) screen, find the Member switch that you want

to move and note its MAC address, then press [B] (for Back) to return to

the Stacking Menu.

4. Display the Commander’s Stack Management screen by selecting

4. Stack Management

(For an example of this screen, see figure 9-9 on page 9-20.)

5. Press [A] (for Add) to add the Member. You will then see a screen listing

any available candidates. (See figure 9-10 on page 9-21.) Note that you

will not see the switch you want to add because it is a Member of another

stack and not a Candidate.)

6. Either accept the displayed switch number or enter another available

number. (The range is 0 - 15, with 0 reserved for the Commander.)

7. Use the downarrow key to move the cursor to the MAC Address field,

then type the MAC address of the desired Member you want to move from

another stack.

9-23

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

8. Do one of the following:

•

If the stack containing the Member you are moving has a Manager

password, press the downarrow key to select the Candidate

Password field, then type the password.

•

If the stack containing the Member you want to move does not

have a password, go to step 9.

9. Press [Enter] to return to the Actions line, then press [S] (for Save) to

complete the Add process for the selected Member. You will then see a

screen similar to the one in figure 9-9 on page 9-20, with the newly added

Member listed.

N o t e :

If the message Unable to add stack member: Invalid Password appears in the console

menu’s Help line, then you either omitted the Manager password for the stack

containing the Member or incorrectly entered the Manager password.

You can “push” a Member from one stack to another by going to the Member’s

interface and entering the MAC address of the destination stack Commander

in the Member’s Commander MAC Address field. Using this method moves the

Member to another stack without a need for knowing the Manager password

in that stack, but also blocks access to the Member from the original

Commander.

Using the Commander’s Menu To Remove a Stack Member. These

rules affect removals from a stack:

When a Candidate becomes a Member, its Auto Join parameter is

automatically set to No. This prevents the switch from automatically

rejoining a stack as soon as you remove it from the stack.

When you use the Commander to remove a switch from a stack, the

switch rejoins the Candidate pool for your IP subnet (broadcast

domain), with Auto Join set to No.

When you remove a Member from a stack, it frees the previously

assigned switch number (SN), which then becomes available for

assignment to another switch that you may subsequently add to the

stack. The default switch number used for an add is the lowest

unassigned number in the Member range (1 - 15; 0 is reserved for the

Commander).

To remove a Member from a stack, use the Stack Management screen.

1. From the Main Menu, select:

9. Stacking...

9-24

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

4. Stack Management

You will then see the Stack Management screen:

For status descriptions,

see the table on page

9-49.

Stack Member List

Figure 9-13. Example of Stack Management Screen with Stack Members Listed

2. Use the downarrow key to select the Member you want to remove from

the stack.

Figure 9-14. Example of Selecting a Member for Removal from the Stack

3. Type [D] (for Delete) to remove the selected Member from the stack. You

will then see the following prompt:

Figure 9-15. The Prompt for Completing the Deletion of a Member from the Stack

4. To continue deleting the selected Member, press the Space bar once to

select Yes for the prompt, then press [Enter] to complete the deletion. The

Stack Management screen updates to show the new stack Member list.

9-25

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Using the Commander To Access Member Switches for

Configuration Changes and Monitoring Traffic

After a Candidate becomes a stack Member, you can use that stack’s

Commander to access the Member’s console interface for the same configu-

ration and monitoring that you would do through a Telnet or direct-connect

access.

1. From the Main Menu, select:

9. Stacking...

5. Stack Access

You will then see the Stack Access screen:

For status descriptions,

see the table on page

page 9-49.

Figure 9-16. Example of the Stack Access Screen

Use the downarrow key to select the stack Member you want to access, then

press [X] (for eXecute) to display the console interface for the selected Member.

Forexample, ifyou selected switchnumber 1 (systemname: CoralSea)infigure

9-16 and then pressed [X], you would see the Main Menu for the switch named

Coral Sea.

9-26

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Main Menu for stack

Member named "Coral Sea"

(SN = 1 from figure 9-16)

Figure 9-17. The eXecute Command Displays the Console Main Menu for the

Selected Stack Member

2. You can now make configuration changes and/or view status data for the

selected Member in the same way that you would if you were directly

connected or telnetted into the switch.

3. When you are finished accessing the selected Member, do the following

to return to the Commander’s Stack Access screen:

a. Return to the Member’s Main Menu.

b. Press [0] (for Logout), then [Y] (for Yes).

c. Press [Return].

You should now see the Commander’s Stack Access screen. (For an

example, see figure 9-16 on page 9-26.)

Converting a Commander or Member to a Member of Another

Stack

When moving a commander, the following procedure returns the stack mem-

bers to Candidate status (with Auto-Join set to “No”) and converts the stack

Commander to a Member of another stack. When moving a member, the

procedure simply pulls a Member out of one stack and pushes it into another.

1. From the Main Menu of the switch you want to move, select

9. Stacking

2. To determine the MAC address of the destination Commander, select

2. Stacking Status (All)

9-27

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

3. Press [B] (for Back) to return to the Stacking Menu.

4. To display Stack Configuration menu for the switch you are moving, select

3. Stack Configuration

5. Press [E] (for Edit) to select the Stack State parameter.

6. Use the Space bar to select Member, then press [ v] to move to the Com-

mander MAC Address field.

7. Enter the MAC address of the destination Commander and press [Enter].

8. Press [S] (for Save).

Monitoring Stack Status

Using the stacking options in the menu interface for any switch in a stack, you

can view stacking data for that switch or for all stacks in the subnet(broadcast

domain). (If you are using VLANs in your stack environment, see "Stacking

Operation with a Tagged VLAN" on page 9-47.) This can help you in such ways

as determining the stacking configuration for individual switches, identifying

stack Members and Candidates, and determining the status of individual

switches in a stack. See table 9-5 on page 9-28.

Table 9-5. Stack Status Environments

Screen Name

Commander

Member

Candidate

Stack Status (This Switch)

•

Commander’s stacking

•

Member’s stacking configuration Candidate’s stacking

Member Status

Data identifying Member’s

Commander:

configuration

Data on stack Members:

–

Switch Number

MAC Address

System Name

Device Type

Status

–

Commander Status

Commander IP Address

Commander MAC Address

Stack Status (All)

Lists devices by stack name Same as for Commander.

or Candidate status (if device

is not a stack Member).

Same as for

Commander.

Includes:

•

Stack Name

MAC Address

System Name

Status

9-28

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Using Any Stacked Switch To View the Status for All Switches with

Stacking Enabled. This procedure displays the general statusofall switches

in the IP subnet (broadcast domain) that have stacking enabled.

1. Go to the console Main Menu for any switch configured for stacking and

select:

9. Stacking ...

2. Stacking Status (All)

You will then see a Stacking Status screen similar to the following:

For status descriptions,

see the table on page

9-49.

Figure 9-18. Example of Stacking Status for All Detected Switches Configured for

Stacking

Viewing Commander Status. This procedure displays the Commander and

stack configuration, plus information identifying each stack member.

To display the status for a Commander, go to the console Main Menu for the

switch and select:

9. Stacking ...

1. Stacking Status (This Switch)

You will then see the Commander’s Stacking Status screen:

9-29

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Figure 9-19. Example of the Commander’s Stacking Status Screen

Viewing Member Status. This procedure displays the Member’s stacking

information plus the Commander’s status, IP address, and MAC address.

To display the status for a Member:

1. Go to the console Main Menu of the Commander switch and select

9. Stacking ...

5. Stack Access

2. Use the downarrow key to select the Member switch whose status you

want to view, then press [X] (for eXecute). You will then see the Main Menu

for the selected Member switch.

3. In the Member’s Main Menu screen, select

9. Stacking ...

1. Stacking Status (This Switch)

You will then see the Member’s Stacking Status screen:

9-30

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Figure 9-20. Example of a Member’s Stacking Status Screen

Viewing Candidate Status. This procedure displays the Candidate’s

stacking configuration.

To display the status for a Candidate:

1. Use Telnet (if the Candidate has a valid IP address for your network) or

a direct serial port connection to access the menu interface Main Menu

for the Candidate switch and select

9. Stacking ...

1. Stacking Status (This Switch)

You will then see the Candidate’s Stacking Status screen:

Figure 9-21. Example of a Candidate’s Stacking Screen

9-31

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Using the CLI To View Stack Status and Configure

Stacking

The CLI enables you to do all of the stacking tasks available through the menu

interface.)

Table 9-6. CLI Commands for Configuring Stacking on a Switch

Operation

CLI Command

show stack

[candidates | view | all]

Commander: Shows Commander’s stacking configuration and lists the stack

members and their individual status.

Member: Lists Member’s stacking configuration and status, and the status and the

IP address and subnet mask of the stack Commander.

Options:

candidates: (Commander only) Lists stack Candidates.

view: (Commander only) Lists current stack Members and their individual

status.

all: Lists all stack Commanders, Members and Candidates, with their individual

status.

[no] stack

Any Stacking-Capable Switch: Enables or disables stacking on the switch.

Default: Stacking Enabled

[no] stack commander<stack name> Candidate or Commander: Converts a Candidate to a Commander or changes the

stack name of an existing commander.

“No” form eliminates named stack and returns Commander and stack Members

to Candidate status with Auto Join set to No.

“No” form prevents the switch from being discovered as a stacking-capable

switch.

Default: Switch Configured as a Candidate

[no] stack auto-grab

Commander: Causes Commander to automatically add to its stack any discovered

Candidate in the subnet that does not have a Manager password and has Auto-

Join set to Yes.

Default: Disabled

Note: If the Commander’s stack already has 15 members, the Candidate cannot

join until an existing member leaves the stack.

9-32

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

CLI Command

Operation

[no] stack member

<switch-num>

mac-address <mac-addr>

[password <password-str>]

Commander: Adds a Candidate to stack membership. “No” form removes a

Member from stack membership. To easily determine the MAC address of a

Candidate, use the show stack candidates command. To determine the MAC

address of a Member you want to remove, use the show stack view command.The

password (password-str) is required only when adding a Candidate that has a

Manager password.

telnet <1..15>

Commander: Uses the SN (switch number— assigned by the stack Commander)

to access the console interface (menu interface or CLI) of a stack member. To view

the list of SN assignments for a stack, execute the show stack command in the

Commander’s CLI.

Used In: Commander Only

[no] stack join <mac-addr>

Candidate: Causes the Candidate to join the stack whose Commander has the

indicated MAC address. “No” form is used in a Member to remove it from the stack

of the Commander having the specified address.

Member: “Pushes” the member to another stack whose Commander has the

indicated MAC address.

[no] stack auto-join

Candidate: Enables Candidate to automatically join the stack of any Commander

in the IP subnet that has Auto Grabenabled, or disables Auto-Join in the candidate.

Default: Auto Join enabled.

Note: If the Candidate has a Manager password or if the available stack(s) already

have the maximum of 15 Members, the automatic join will not occur.

stack transmission-interval

All Stack Members: specifies the interval in seconds for transmitting stacking

discovery packets.

Default: 60 seconds

9-33

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Using the CLI To View Stack Status

You can list the stack status for an individual switch and for other switches

that have been discovered in the same subnet.

Syntax: show stack [candidates | view | all]

Viewing the Status of an Individual Switch. The following example

illustrates how to use the CLI in a Switch 2524 (or 2512) to display the stack

status for that switch. In this case, the switch is in the default stacking

configuration.

Syntax: show stack

Figure 9-22. Example of Using the Show Stack Command To List the Stacking

Configuration for an Individual Switch

Viewing the Status of Candidates the Commander Has Detected.

This example illustrates how to list stack candidates the Commander has

discovered in the ip subnet (broadcast domain).

Syntax:

show stack candidates

Figure 9-23. Example of Using the Show Stack Candidates Command To List

Candidates

9-34

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Viewing the Status of all Stack-Enabled Switches Discovered in the IP

Subnet. The next example lists all the stack-configured switches discovered

in the IP subnet. Because the Switch 2524 on which the show stack all

command was executed is a candidate, it is included in the “Others” category.

Syntax: show stack all

Figure 9-24. Result of Using the Show Stack All Command To List Discovered

Switches in the IP Subnet

Viewing the Status of the Commander and Current Members of the

Commander’s Stack. The next example lists all switches in the stack of the

selected switch.

Syntax: show stack view

Figure 9-25. Example of the Show Stack View Command To List the Stack Assigned

to the Selected Commander

9-35

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Using the CLI To Configure a Commander Switch

You can configure any stacking-enabled switch to be a Commander as long as

the intended stack name does not already exist on the broadcast domain.

(When you configure a Commander, yo u a utomatically create a corresponding

stack.)

Before you begin configuring stacking parameters:

1. Configure I P addressing on the switch intended forstack commanderand,

if not already configured, on the primary VLAN. (For more on configuring

IP addressing, see “IP Configuration” on page 5-3.)

N o t e

The primary VLAN must have an IP address in order for stacking to operate

properly. For more on the primary VLAN, see “Which VLAN Is Primary?” on

page 9-53.

2. Configure a Manager password on the switch intended for commander.

(The Commander’s Manager password controls access to stack Mem-

bers.) For more on passwords, see chapter 7, “Using Passwords, Port

Security, and Authorized Managers To Protect Against Unauthorized

Access”.

Configure the Stack Commander. Assigning a stack name to a switch

makes it a Commander and automatically creates a stack.

Syntax: stack commander <name-str>

This example creates a Commander switch with a stack name of Big_Waters.

(Note that if stacking was previously disabled on the switch, this command

also enables stacking.)

HP2512(config)# stack commander Big_Waters

As thefollowingshow stack display shows, the Commanderswitch isnow ready

to add members to the stack.

9-36

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

The Commander appears in the stack as Switch

Number (SN) 0.

The stack commander command

configures the Commander and names

the stack.

Figure 9-26. Example of the Commander’s Show Stack Screen with Only the

Commander Discovered

Using a Member’s CLI to Convert the Member to the Commander of a

New Stack. This procedure requires that you first remove the Member from

its current stack, then create the new stack. If you do not know the MAC

address for the Commander of the current stack, use show stack to list it.

Syntax: no stack

stack commander <stack name>

Suppose, for example, that a Switch 2512 named “Bering Sea” is a Member of

a stack named “Big_Waters”. To use the switch’s CLI to convert it from a stack

Member to the Commander of a new stack named “Lakes”, you would use the

following commands:

9-37

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

The output from this command tells you the

MAC address of the current stack Commander.

Removes the Member

fromthe “Big_Waters”

stack.

Converts the former

Member to the Com-

mander of the new

“Lakes” stack.

Figure 9-27. Example of Using a Member’s CLI To Convert the Member to the

Commander of a New Stack

Adding to a Stack or Moving Switches Between Stacks

You can addswitchestoa stack by adding discovered Candidates or by moving

switches from other stacks that may exist in the same subnet. (You cannot

add a Candidate that the Commander has not discovered.)

In its default configuration, the Commander’s Auto-Grab parameter is set to

No to give you manual control over which switches join the stack and when

they join. This prevents the Commander from automatically trying to add

every Candidate it finds that has Auto Join set to Yes (the default for the

Candidate).

(If you want any eligible Candidate to automatically join the stack when the

Commander discovers it, configure Auto Grab in the Commander to Yes. When

you do so, any Candidate discovered with Auto Join set to Yes (the default) and

no Manager password will join the stack, up to the limit of 15 Members.)

9-38

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Using the Commander’s CLI To Manually Add a Candidate to the

Stack. To manually add a candidate, you will use:

A switch number (SN) to assign to the new member. Member SNs range

from 1 to 15. To see which SNs are already assigned to Members, use show

stack view. You can use any SN not included in the listing. (SNs are

viewable only on a Commander switch.)

The MAC address of the discovered Candidate you are adding to the stack.

To see this data, use the show stack candidates listing .

For example:

In this stack, the only SNs in use are 0 and 1,

so you can use any SN number from 2 through

15 for new Members. (The SN of “0” is always

reserved for the stack Commander.)

Note: When manually adding a switch, you must assign an SN.

However, if the Commander automatically adds a new Member,

it assigns an SN from the available pool of unused SNs.

Figure 9-28. Example of How To Determine Available Switch Numbers (SNs)

To display all discovered Candidates with their MAC addresses, execute show

stack candidates from the Commander’s CLI. For example, to list the discov-

ered candidates for the above Commander:

MAC addresses

of discovered

Candidates.

Figure 9-29. Example of How To Determine MAC Addresses of Discovered

Candidates

Knowing the available switch numbers (SNs) and Candidate MAC addresses,

you can proceed to manually assign a Candidate to be a Member of the stack:

Syntax: stack member <switch-number> mac-address <mac-addr>

[password <password-str>]

9-39

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

For example, if the HP 8000M in the above listing did not have a Manager

password and you wanted to make it a stack Member with an SN of 2, you

would execute the following command:

HP2512(config)# stack member 2 mac-address 0060b0-dfla00

The show stack view command then lists the Member added by the above

command:

The new member did not have a System Name

configured prior to joining the stack, and so receives a

System Name composed of the stack name (assigned in

the Commander) with its SN number as a suffix.

SN (Switch Number) 2 is the

new Member added by the

stack member command.

Figure 9-30. Example Showing the Stack After Adding a New Member

Using Auto Join on a Candidate. In the default configuration, a Candi-

date’s Auto Join parameter is set to “Yes”, meaning that it will automatically

join a stack if the stack’s Commander detects the Candidate and the Com-

mander’s Auto Grab parameter is set to “Yes”. You can disable Auto Join on a

Candidate if you want to prevent automatic joining in this case. There is also

the instance where a Candidate’s Auto Join is disabled, for example, when a

Commander leaves a stack and its members automatically return to Candidate

status, or if you manually remove a Member from a stack. In this case, you

may want to reset Auto Join to “Yes”.

Status:

[no] stack auto-join

HP2512(config)# no stack auto-join Disables Auto Join on a

Candidate.

HP 2512(config)# stack auto-join

Enables Auto Join on a

Candidate.

Using a Candidate CLI To Manually “Push” the Candidate Into a

Stack . Use this method if any of the following apply:

9-40

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

The Candidate’s Auto Join is set to Yes (and you do not want to enable

Auto Grab on the Commander) or the Candidate’s Auto Join is set to No.

Either you know the MAC address of the Commander for the stack into

which you want to insert the Candidate, or the Candidate has a valid IP

address and is operating in your network.

Syntax:

stack join <mac-addr>

where: <mac-addr> is the MAC address of the Commander in

the destination stack.

Use Telnet (if the Candidate has an IP address valid for your network) or a

direct serial port connection to access the CLI for the Candidate switch. For

example, suppose that a Candidate named “North Sea” with Auto Join off and

a valid IP address of 10.28.227.104 is running on a network. You could Telnet

to the Candidate, use show stack all to determine the Commander’s MAC

address, and then “push” the Candidate into the desired stack.

1. Telnet to the Candidate named “North Sea”.

2. Use show stack all to display the Commander’s

MAC address.

MAC Address for

Stack Commander

3. Set the Candidate CLI to Config mode.

4. Execute stack join with the

Commander’s MAC address to “push”

the Candidate into the stack.

Figure 9-31. Example of “Pushing” a Candidate Into a Stack

To verify that the Candidate successfully joined the stack, execute show stack

all again to view the stacking status.

Using the Destination Commander CLI To “Pull” a Member from

Another Stack. This method uses the Commander in the destination stack

to “pull” the Member from the source stack.

9-41

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Syntax: stack member <switch-number>

mac-address <mac-addr>

[password<password-str>]

In the destination Commander, use show stack all to find the MAC address of

the Member you want to pull into the destination stack. For example, suppose

you created a new Commander with a stack name of “Cold_Waters” and you

wanted to move a switch named “Bering Sea” into the new stack:

Move this switch into the “Cold Waters” stack.

Figure 9-32. Example of Stack Listing with Two Stacks in the Subnet

You would then execute the following command to pull the desired switch

into the new stack:

HP2524(config)# stack member 1 mac-address 0060b0-df1a00

Where 1 is an unused switch number (SN).

Since a password is not set on the Candidate, a password is not needed in this

example.

You could then use show stack all again to verify that the move took place.

Using a Member CLI To “Push” the Member into Another Stack. You

can use the Member’s CLI to “push” an HP 2512 or 2524 stack Member into a

destination stack if you know the MAC address of the destination Commander.

Syntax: stack join <mac-addr>

where: <mac-addr> is the MAC address of the Commander for the desti-

nation stack.

Converting a Commander to a Member of Another Stack. Removing

the Commander from a stack eliminates the stack and returns its Members to

the Candidate pool with Auto Join disabled.

9-42

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Syntax: no stack name <stack name>

stack join <mac-address>

If you don’t know the MAC address of the destination Commander, you can

use show stack all to identify it.

For example, suppose you have a Switch 2512 operating as the Commander

for a temporary stack named “Test”. When it is time to eliminate the temporary

“Test” stack and convert the Switch 2512 into a member of an existing stack

named “Big_Waters”, you would execute the following commands in the CLI

of the Switch 2512:

Eliminates the “Test” stack and converts

the Commander to a Candidate.

Helpsyou to identifythe MACaddressofthe

Commander for the “Big_Waters” stack.

Adds the former “Test” Commander to the

“Big_Waters” stack.

Figure 9-33. Example of Command Sequence for Converting a Commander to a

Member

Using the CLI To Remove a Member from a Stack

You can remove a Member from a stack using the CLI of either the Commander

or the Member.

N o t e

When you remove a Member from a stack, the Member’s Auto Join parameter

is set to No.

Using the Commander CLI To Remove a Stack Member. This option

requires the switch number (SN) and the MAC address of the switch to

remove. (Because the Commander propagates its Manager password to all

stack members, knowing the Manager password is necessary only for gaining

access to the Commander.)

9-43

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Syntax: [no] stack member <switch-num> mac-address <mac-addr>

Use show stack view to list the stack Members. For example, suppose that you

wanted to use the Commander to remove the “North Sea” Member from the

following stack:

Remove this Member

from the stack.

Figure 9-34. Example of a Commander and Three Switches in a Stack

You would then execute this command to remove the “North Sea” switch from

the stack:

HP2512(config)# no stack member 3 mac-address 0030c1-7fc700

where:

•

3 is the “North Sea” Member’s switch number (SN)

0030c1-7fc700 is the “North Sea” Member’s MAC address

Using the Member’s CLI To Remove the Member from a Stack.

Syntax: no stack join <mac-addr>

To use this method, you need the Commander’s MAC address, which is

available using the show stack command in the Member’s CLI. For example:

CLI for “North Sea”

Stack Member

MAC Address of the

Commander for the

Stack to Which

the“North Sea”

Switch Belongs

Figure 9-35. Example of How To Identify the Commander’s MAC Address from a

Member Switch

9-44

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

You would then execute this command in the “North Sea” switch’s CLI to

remove the switch from the stack:

North Sea(config)# no stack join 0030c1-7fec40

Using the CLI To Access Member Switches for Configuration

Changes and Traffic Monitoring

After a Candidate becomes a Member, you can use the telnet command from

the Commander to access the Member’s CLI or console interface for the same

configuration and monitoring that you would do through a Telnet or direct-

connect access from a terminal.

Syntax: telnet <switch-number>

where: unsigned integer is the switch number (SN) assigned by the Com-

mander to each member (range: 1 - 15).

To find the switch number for the Member you want to access, execute the

show stack view command in the Commander’s CLI. For example, suppose that

you wanted to configure a port trunk on the switch named “North Sea” in the

stack named “Big_Waters”. Do do so you would go to the CLI for the

“Big_Waters” Commander and execute show stack view to find the switch

number for the “North Sea” switch:

The switch number

(SN) for the “North

Sea” switch is “3”.

Figure 9-36. Example of a Stack Showing Switch Number (SN) Assignments

To access the “North Sea” console, you would then execute the following telnet

command:

HP2512(config)# telnet 3

You would then see the CLI prompt for the “North Sea” switch, allowing you

to configure or monitor the switch as if you were directly connected to the

console.

9-45

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

SNMP Community Operation in a Stack

Community Membership

In the default stacking configuration, when a Candidate joins a stack, it

automatically becomes a Member of any SNMP community to which the

Commander belongs, even though any community names configured in the

Commander are not propagated to the Member’s SNMP Communities listing.

However, if a Member has its own (optional) IP addressing, it can belong to

SNMP communities to which other switches in the stack, including the

Commander, do not belong. For example:

•

The Commander and all Members of the stack

belong to the blue and red communities. Only switch

3 belongs to the gray community. Switches 1, 2, and

3 belong to the public community

Commander Switch

IP Addr: 12.31.29.100

Community Names:

–

blue

red

If Member Switch 1 ceases to be a stack Member, it

still belongs to the public SNMP communitybecause

it has IP addressing of its own. But, with the loss of

stack Membership, Switch 1 loses membership in

the blue and red communities because they are not

specifically configured in the switch.

Member Switch 1

IP Addr: 12.31.29.18

Community Names:

Member Switch 3

IP Addr: 12.31.29.15

Community Names:

–

public (the default)

–

public (the default)

gray

•

If Member Switch 2 ceases to be a stack Member, it

loses membership in all SNMP communities.

If Member Switch 3 ceases to be a stack Member, it

loses membership in the blue and red communities,

but—because it has its own IP addressing—retains

membership in the public and gray communities.

Member Switch 2

IP Addr: None

Community Names:

–

none

Figure 9-37. Example of SNMP Community Operation with Stacking

SNMP Management Station Access to Members Via the Commander.

To use a management station for SNMP Get or Set access through the

Commander’s IP address to a Member, you must append @sw<switch number>

to the community name. For example, in figure 9-37, you would use the

following command in your management station to access Switch 1’s MIB

using the blue community:

snmpget <MIB variable> 10.31.29.100 blue@sw1

Note that because the gray community is only on switch 3, you could not use

the Commander IP address for gray community access from the management

station. Instead, you would access switch 3 directly using the switch’s own IP

address. For example:

snmpget <MIB variable> 10.31.29.15 gray

9-46

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Note that in the above example (figure 9-37) you cannot use the public

community through the Commander to access any of the Member switches.

For example, you can use the public community to access the MIB in switches

1 and 3 by using their unique IP addresses. However, you must use the red or

blue community to access the MIB for switch 2.

snmpget <MIB variable> 10.31.29.100 blue@sw2

Using the CLI To Disable or Re-Enable Stacking

In the default configuration, stacking is enabled on the ProCurve Switch 2512

and 2524. You can use the CLI to disable stacking on these switches at any

time. Disabling stacking has the following effects:

Disabling a Commander: Eliminates the stack, returns the stack Mem-

bers to Candidates with Auto Join disabled, and changes the Commander

to a stand-alone (nonstacking) switch. You must re-enable stacking on the

switch before it can become a Candidate, Member, or Commander.

Disabling a Member: Removes the Member from the stack and changes

it to a stand-alone (nonstacking) switch. You must re-enable stacking on

the switch before it can become a Candidate, Member, or Commander.

Disabling a Candidate: Changes the Candidate to a stand-alone (non-

stacking) switch.

Syntax:

no stack

stack

(Disables stacking on the switch.)

(Enables stacking on the switch.)

Transmission Interval

All switches in the stack must be set to the same transmission interval to help

ensure proper stacking operation. HP recommends that you leave this param-

eter set to the default 60 seconds.

Syntax:

stack transmission-interval <seconds>

Stacking Operation with Multiple VLANs Configured

Stacking uses the primary VLAN in a switch. In the factory-default configura-

tion, the DEFAULT_VLAN is the primary VLAN. However, you can designate

any VLAN configured in the switch as the primary VLAN. (See “Which VLAN

Is Primary?” on page 9-53.)

When using stacking in a multiple-VLAN environment, the following criteria

applies:

9-47

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

Stacking uses only the primary VLAN on each switch in a stack.

The primary VLAN can be tagged or untagged as needed in the

stacking path from switch to switch.

The same VLAN ID (VID) must be assigned to the primary VLAN in

each stacked switch.

Web: Viewing and Configuring Stacking

Figure 9-38. Example of the Web Browser Interface for a Commander

The web browser interface for a Commander appears as shown above. The

interface for Members and Candidates appears the same as for a non-stacking

Series 2500 switch.

To view or configure stacking on the web browser interface:

1. Click on the Configuration tab.

2. Click on [Stacking] to display the stackingconfiguration for an individual

switch, and make any configuration changes you want for that switch.

9-48

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

HP ProCurve Stack Management

3. Click on [Apply Changes] to save any configuration changes for the individual

switch.

4. If the switch is a Commander, use the [Stack Closeup] and [Stack Management]

buttons for viewing and using stack features.

To access the web-based Help provided for the switch, click on [?] in the web

browser screen.

Status Messages

Stacking screens and listings display these status messages:

Message

Condition

Action or Remedy

Candidate Auto-join

Indicates a switch configured with Stack State set to

Candidate, Auto Join set to Yes (the default), and no

Manager password.

None required

Candidate

Candidate cannot automatically join the stack because

one or both of the following conditions apply:

Manually add the candidate to the

stack.

•

Candidate has Auto Join set to No.

Candidate has a Manager password.

Commander Down

Commander Up

Mismatch

Member has lost connectivity to its Commander.

Check connectivity between the

Commander and the Member.

The Member has stacking connectivity with the

Commander.

None required.

This may be a temporary condition while a Candidate is

Initially, wait for an update. If condi-

trying to join a stack. If the Candidate does not join, then tion persists, reconfigure the

stack configuration is inconsistent.

Commander or the Member.

Member Down

A Member has become detached from the stack. A

Check the connectivity between

possible cause is an interruption to the link between the the Commander and the Member.

Member and the Commander.

Member Up

Rejected

The Commander has stacking connectivity to the Member. None required.

The Candidate has failed to be added to the stack.

The candidate may have a pass-

word. In this case, manually add

thecandidate.Otherwise,thestack

may already be full. A stack can

hold up to 15 Members (plus the

Commander).

9-49

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

VLAN Features

Feature

Default

CLI

Web

view existing VLANs n/a

page 9-57 page 9-63 page 9-68

thru 9-62

configuring static

VLANs

default VLAN with page 9-57 page 9-62 page 9-68

VID = 1

thru 9-62

configuring dynamic disabled

VLANs

See “GVRP” on page 9-77.

A VLAN is a group of ports designated by the switch as belonging to the same

broadcast domain. (That is, all ports carrying traffic for a particular subnet

address would normally belong to the same VLAN.)

N o t e

This section describes static VLANs, which are VLANs you manually config-

ure with a name, VLAN ID (VID), and port assignments. (For information on

dynamic VLANs, see “GVRP” on page 9-77.)

Using a VLAN, you can group users by logical function instead of physical

location. This helps to control bandwidth usage by allowing you to group high-

bandwidth users on low-traffic segments and to organize users from different

LAN segments according to their need for common resources.

By default, the Series 2500 switches are 802.1Q VLAN enabled and allow up

to 30 port-based VLANs (default: 8). For information on GVRP, see “GVRP” on

page 9-77. (The 802.1Q compatibility enables you to assign each switch port

to multiple VLANs, if needed, and the port-based nature of the configuration

allows interoperation with older switches that require a separate port for each

VLAN.)

General Use and Operation. Port-based VLANs are typically used to

enable broadcast traffic reduction and to increase security. A group of net-

work users assigned to a VLAN form a broadcast domain that is separate from

other VLANs that may be configured on a switch. Packets are forwarded only

between ports that are designated for the same VLAN. Thus, all ports carrying

traffic for a particular subnet address should be configured to the same VLAN.

Cross-domain broadcast traffic in the switch is eliminated and bandwidth is

9-50

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

saved by not allowing packets to flood out all ports. An external router is

required to enable separate VLANs on a switch to communicate with each

other.

For example, referring to figure 9-39, if ports 1 through 4 belong to VLAN_1

and ports 5 through 8 belong to VLAN_2, traffic from end-node stations on

ports 2 through 4 is restricted to only VLAN_1, while traffic from ports 5

through 7 is restricted to only VLAN_2. For nodes on VLAN_1 to communicate

with VLAN_2, their traffic must go through an external router via ports 1 and 8.

Switch with Two

VLANs Configured

Port 2

Port 3

Port 4

VLAN_1

Port 1

External

Router

Port 5

Port 6

Port 7

Port 8

VLAN_2

Figure 9-39. Example of Routing Between VLANs via an External Router

Overlapping (Tagged) VLANs. A port on the Series 2500 switches can be

a member of more than one VLAN if the device to which they are connected

complies with the 802.1Q VLAN standard. For example, a port connected to a

central server using a network interface card (NIC) that complies with the

802.1Q standard can be a member of multiple VLANs, allowing members of

multiple VLANs to use the server. Although these VLANs cannot communicate

with each other through the server, they can all access the server over the

same connection from the switch. Where VLANs overlap in this way, VLAN

“tags” are used to distinguish between traffic from different VLANs.

9-51

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

Switch 2512 or 2524

Figure 9-40. Example of Overlapping VLANs Using the Same Server

Similarly, using 802.1Q-compliant switches, you can connect multiple VLANs

through a single switch-to-switch link.

Switch

2512

Switch

252142

Figure 9-41. Example of Connecting Multiple VLANs Through the Same Link

Introducing Tagged VLAN Technology into Networks Running Legacy

(Untagged) VLANs. You can introduce 802.1Q-compliant devices into net-

works that have built untagged VLANs based on earlier VLAN technology. The

fundamental rule is that legacy/untagged VLANs require a separate link for

each VLAN, while 802.1Q, or tagged VLANs can combine several VLANs in one

link. This means that on the 802.1Q-compliant device, separate ports (config-

ured as untagged) must be used to connect separate VLANs to non-802.1Q

devices.

9-52

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

Switch

2524

Switch

2524

Switch

2524

Switch

2512

Tagged VLAN Link

Untagged VLAN Links

Non-802.1Q-

compliant switch

Figure 9-42. Example of Tagged and Untagged VLAN Technology in the Same

Network

For more information on VLANs, refer to:

“Overview of Using VLANs” (page 9-53)

“Menu: Configuring VLAN Parameters (page 9-57)

“CLI: Configuring VLAN Parameters” ( page 9-57)

“Web: Viewing and Configuring VLAN Parameters” (page 9-68)

“VLAN Tagging Information” (page 9-69)

“Effect of VLANs on Other Switch Features” (page 9-73)

“VLAN Restrictions” (page 9-75)

Overview of Using VLANs

VLAN Support and the Default VLAN

In the factory default configuration, VLAN support is enabled and all ports on

the switch belong to the default VLAN (named DEFAULT_VLAN). This places

all ports in the switch into one physical broadcast domain. In the factory-

default state, the default VLAN is the primary VLAN.

You can partition the switch into multiple virtual broadcast domains by adding

one or more additional VLANs and moving ports from the default VLAN to the

new VLANs. (The switch supports up to 30 VLANs.) You can change the name

of the default VLAN, but you cannot change the default VLAN’s VID (which is

always “1”). Although you can remove all ports from the default VLAN, this

VLAN is always present.

Which VLAN Is Primary?

Because certain features and management functions, such as single IP-

address stacking, run on only one VLAN in the switch, and because DHCP and

Bootp can run per-VLAN, there is a need to ensure that multiple instances of

9-53

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

DHCP or Bootp on different VLANs do not result in conflicting configuration

values for the switch. The primary VLAN is the VLAN the switch uses to run

and manage these features and data. In the factory-default configuration, the

switch designates the default VLAN (DEFAULT_VLAN) as the primary VLAN.

However, to provide more control in your network, you can designate another

VLANas primary. Tosummarize, designatinganon-defaultVLANasprimary

means that:

The stacking feature runs on the switch’s designated primary VLAN

instead of the default VLAN

The switch reads DHCP responses on the primary VLAN instead of on the

default VLAN.

The default VLAN continues to operate as a standard VLAN (except, as

noted above, you cannot delete it or change its VID).

Any ports not specifically assigned to another VLAN will remain assigned

to the Default VLAN, regardless of whether it is the primary VLAN.

Candidates for primary VLAN include any static VLAN currently configured

on the switch. To display the current primary VLAN, use the CLI show vlan

command.

N o t e

If you manually configure a gateway on the switch, it will ignore any gateway

address received via DHCP or Bootp.

Per-Port Static VLAN Configuration Options

The following figure and table show the options you have for assigning

individual ports to a static VLAN. Note that GVRP, if configured, affects these

options and VLAN behaviour on the switch. The display below shows the per-

port VLAN configuration options. Table 9-7 briefly describes these options.

9-54

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

Example of Per-Port

VLAN Configuration

with GVRP Disabled

(the default)

Example of Per-Port

VLAN Configuration

with GVRP Enabled

Enabling GVRP causes “No” to display as “Auto”.

Figure 9-43. Comparing Per-Port VLAN Options With and Without GVRP

Table 9-7. Per-Port VLAN Configuration Options

Parameter

Tagged

Effect on Port Participation in Designated VLAN

Allows the port to join multiple VLANs.

Untagged

Allows VLAN connection to a device that is configured for an untagged

VLAN instead of a tagged VLAN. The switch allows no more than one

untagged VLAN assignment per port.

- or -

Auto

No: Appears when the switch is not GVRP-enabled; prevents the port from

joining that VLAN.

Auto: Appears when GVRP is enabled on the switch; allows the port to

dynamically join any advertised VLAN that has the same VID

Prevents the port from joining the VLAN, regardless of whether GVRP is

enabled on the switch.

Forbid

9-55

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

General Steps for Using VLANs

1. Plan your VLAN strategy and create a map of the logical topology that will

result from configuring VLANs. Include consideration for the interaction

between VLANs and other features such as Spanning Tree Protocol, load

balancing, and IGMP. (Refer to “Effect of VLANs on Other Switch Fea-

tures” on page 9-73.) If you plan on using dynamic VLANs, include the port

configuration planning necesary to support this feature. (See “GVRP” on

page 9-77.)

By default, VLAN support is enabled and the switch is configured for eight

VLANs.

2. Configure at least one VLAN in addition to the default VLAN.

3. Assign the desired switch ports to the new VLAN(s).

4. If you are managing VLANs with SNMP in an IP network, each VLAN must

have an IP address. Refer to “IP Configuration” on page 5-3.

Notes on Using VLANs

If you are using DHCP/Bootp to acquire the switch’s configuration, packet

time-to-live, and TimeP information, you must designate the VLAN on

which DHCP is configured for this purpose as the primary VLAN. (In the

factory-default configuration, the DEFAULT_VLAN is the primary VLAN.)

IGMP, and some other features operate on a “per VLAN” basis. This means

you must configure such features separately for each VLAN in which you

want them to operate.

You can rename the default VLAN, but you cannot change its VID (1) or

delete it from the switch.

Any ports not specifically assigned to another VLAN will remain assigned

to the DEFAULT_VLAN.

To delete a VLAN from the switch, you must first remove from that VLAN

any ports assigned to it.

Changingthenumber of VLANssupportedon the switchrequiresareboot.

Other VLAN configuration changes are dynamic.

9-56

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

Menu: Configuring VLAN Parameters

In the factory default state, VLAN support is enabled. Also, all ports on the

switch belong to the default VLAN (DEFAULT_VLAN) and are in the same

broadcast/multicast domain. (The default VLAN is also the default primary

VLAN—see “Which VLAN Is Primary?” on page 9-53.) You can configure up to

29 additional static VLANs by adding new VLAN names, and then assigning

one ormore ports toeachVLAN. (The switchaccepts a maximumof 30 VLANs,

including the default VLAN and any dynamic VLANs the switch creates if you

enable GVRP—page 9-77.) Note that each port can be assigned to multiple

VLANs by using VLAN tagging. (See “VLAN Tagging Information” on page

9-69.)

To Change VLAN Support Settings

This section describes:

Changing the maximum number of VLANs to support

Changing the primary VLAN selection (See “Changing the Primary VLAN”

on page 9-65.)

Enabling or disabling dynamic VLANs (See “GVRP” on page 9-77.)

1. From the Main Menu select:

2. Switch Configuration

8. VLAN Menu . . .

1. VLAN Support

You will then see the following screen:

Figure 9-44. The Default VLAN Support Screen

2. Press [E] (for Edit), then do one or more of the following:

To change the maximum number of VLANs, type the new number (1 - 30

allowed; default 8).

9-57

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

To select another primary VLAN, select the Primary VLAN field and use the

space bar to select from the existing options.

To enable or disable dynamic VLANs, select the GVRP Enabled field and

use the Space bar to toggle between options. (For GVRP information, see

“GVRP” on page 9-77.)

N o t e

For optimal switch memory utilization, set the number of VLANs at the

number you will likely be using or a few more. If you need more VLANs later,

you can increase this number, but a switch reboot will be required at that time.

3. Press [Enter] and then [S] to save the VLAN support configuration and return

to the VLAN Menu screen.

If you changed the value for Maximum VLANs to support, you will see an

asterisk next to the VLAN Support option (see below).

An asterisk indicates

you must reboot the

switch to implement

the new Maximum

VLANs setting.

Figure 9-45. VLAN Menu Screen Indicating the Need To Reboot the Switch

–

If you changed the VLAN Support option, you must reboot the

switch before the Maximum VLANs change can take effect. You

can go on to configure other VLAN parameters first, but remem-

ber to reboot the switch when you are finished.

If you did not change the VLAN Support option, a reboot is not

necessary.

–

4. Press [0] to return to the Main Menu.

9-58

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

Adding or Editing VLAN Names

Use this procedure to add a new VLAN or to edit the name of an existing VLAN.

1. From the Main Menu select:

2. Switch Configuration

8. VLAN Menu . . .

2. VLAN Names

If multiple VLANs are not yet configured you will see a screen similar to

figure 9-46:

Default VLAN

and VLAN ID

Figure 9-46. The Default VLAN Names Screen

2. Press [A] (for Add). You will then be prompted for a new VLAN name and

VLAN ID:

802.1Q VLAN ID : 1

Name : _

3. Type in a VID (VLAN ID number). This can be any number from 2 to 4095

that is not already being used by another VLAN.

Remember that a VLAN must have the same VID in every switch in which

you configure that same VLAN. (You can use GVRP to dynamically extend

VLANs with correct VID numbering to other switches. See “GVRP” on

page 9-77.)

4. Press [ v] to move the cursor to the Name line and type the VLAN name

(up to 12 characters, with no spaces) of a new VLAN that you want to add,

then press [Enter].

5. Press [S] (for Save). You will then see the VLAN Names screen with the

new VLAN listed.

9-59

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

Example of a New

VLAN and ID

Figure 9-47. Example of VLAN Names Screen with a New VLAN Added

6. Repeat steps 2 through 5 to add more VLANs.

Remember that you can add VLANs until you reach the number specified

in the Maximum VLANs to support field on the VLAN Support screen (see

figure 9-44on page 9-57). This includes any VLANs added dynamically due

to GVRP operation.

7. Return to the VLAN Menu to assign ports to the new VLAN(s) as described

in the next section, “Adding or Changing a VLAN Port Assignment”.

Adding or Changing a VLAN Port Assignment

Use this procedure to add ports to a VLAN or to change the VLAN assign-

ment(s) for any port. (Ports not specifically assigned to a VLAN are automat-

ically in the default VLAN.)

1. From the Main Menu select:

2. Switch Configuration

8. VLAN Menu . . .

3. VLAN Port Assignment

You will then see a VLAN Port Assignment screen similar to the following:

9-60

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

Default: In thisexample,

the“VLAN-22”hasbeen

defined, but no ports

have yet been assigned

to it. (“No” means the

port is not assigned to

that VLAN.)

Using GVRP? If you plan

on using GVRP, any

ports you don’t want to

join should be changed

to “Forbid”.

A port can be assigned

to several VLANs, but

only one of those

assignments can be

“Untagged”.

Figure 9-48. Example of VLAN Port Assignment Screen

2. To change a port’s VLAN assignment(s):

a. Press [E] (for Edit).

b. Use the arrow keys to select a VLAN assignment you want to change.

c. Press the Space bar to make your assignment selection (No , Tagged,

Untagged, or Forbid).

N o t e

For GVRP Operation: If you enable GVRP on the switch, “No”

converts to “Auto”, which allows the VLAN to dynamically join an

advertised VLAN that has the same VID. See “Per-Port Options for

Dynamic VLAN Advertising and Joining” on page 9-82.

Untagged VLANs: Only one untagged VLAN is allowed per port. Also,

there must be at least one VLAN assigned to each port. In the factory

default configuration, all ports are assigned to the default VLAN

(DEFAULT_VLAN).

For example, if you want ports 4 and 5 to belong to both DEFAULT_VLAN

and VLAN-22, and ports 6 and 7 to belong only to VLAN-22, you would use

the settings in figure 9-49. (This example assumes the default GVRP

setting—disabled—and that you do not plan to enable GVRP later.)

9-61

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

Ports 4 and 5 are

assigned to both

VLANs.

Ports 6 and 7 are

assigned only to

VLAN-22.

All other ports are

assignedonlytothe

Default VLAN.

Figure 9-49. Example of VLAN Assignments for Specific Ports

For information on VLAN tags (“Untagged” and “Tagged”), refer to

“VLAN Tagging Information” on page 9-69.

d. If you are finished assigning ports to VLANs, press [Enter] and then [S]

(for Save) to activate the changes you've made and to return to the

Configuration menu. (The console then returns to the VLAN menu.)

3. Return to the Main menu.

CLI: Configuring VLAN Parameters

In the factory default state, all ports on the switch belong to the default VLAN

(DEFAULT_VLAN) and are in the same broadcast/multicast domain. (The

default VLAN is also the default primary VLAN —see “Which VLAN Is Pri-

mary?” on page 9-53.) You can configure up to 29 additional static VLANs by

adding new VLAN names, and then assigning one or more ports to each VLAN.

(The switch accepts a maximum of 30 VLANs, including the default VLAN and

any dynamic VLANs the switch creates if you enable GVRP—page 9-77.) Note

that each port can be assigned to multiple VLANs by using VLAN tagging. (See

“VLAN Tagging Information” on page 9-69.)

9-62

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

VLAN Commands Used in this Section

show vlans

below

show vlan <vlan-id>

max-vlans <1..30>

primary-vlan <vlan-id>

[no] vlan <vlan-id>

name <vlan-name>

[no] tagged <port-list>

[no] untagged <port-list>

[no] forbid

page 9-64

page 9-65

page 9-66

page 9-67

auto <port-list>

page 9-67 (Available if GVRP enabled.)

static-vlan <vlan-id>

Displaying the Switch’s VLAN Configuration. The next command lists

the VLANs currently running in the switch, with VID, VLAN name, and VLAN

status. Dynamic VLANs appear only if the switch is running with GVRP

enabled and one or more ports has dynamically joined an advertised VLAN.

(In the default configuration, GVRP is disabled. (See “GVRP” on page 9-77.)

Syntax:

show vlan

When GVRP is disabled

(the default), Dynamic

VLANs do not exist on

the switch and do not

appear in this listing.

(See “GVRP” on page

9-77.)

Figure 9-50. Example of “Show VLAN” Listing (GVRP Enabled)

9-63

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

Displaying the Configuration for a Particular VLAN . This command

uses the VID to identify and display the data for a specific static or dynamic

VLAN.

Syntax:

show vlan <vlan-id>

Figure 9-51. Example of “Show VLAN” for a Specific Static VLAN

Show VLAN lists this

data when GVRP is

enabled and at least

one porton theswitch

has dynamically

joined the designated

VLAN.

Figure 9-52. Example of “Show VLAN” for a Specific Dynamic VLAN

9-64

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

Changing the Number of VLANs Allowed on the Switch. By default,

the switch allows a maximum of 8 VLANs. You can specify any value from 1

to 30. (If GVRP is enabled, this setting includes any dynamic VLANs on the

switch.) As part of implementing a new value, you must execute a write

memory command (to save the new value to the startup-config file) and then

reboot the switch.

Syntax:

max-vlans <1 .. 30>

For example, to reconfigure the switch to allow 10 VLANs:

Note thatyou can

execute these

three steps at

another time.

Figure 9-53. Example of Command Sequence for Changing the Number of VLANs

Changing the Primary VLAN. In the factory-default configuration, the

default VLAN (DEFAULT_VLAN) is the primary VLAN. However, you can

designate any static VLAN on the switch as the primary VLAN. (For more on

the primary VLAN, see “Which VLAN Is Primary?” on page 9-53.) To view the

available VLANs and their respective VIDs, use show vlan.

Syntax:

primary-vlan <vlan-id>

For example, to make VLAN 22 the primary VLAN:

HP2512(config)# primary-vlan 22

9-65

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

Creating a New Static VLAN

Changing the VLAN Context Level.

With this command, entering a new VID creates a new static VLAN. Entering

the VID or name of an existing static VLAN places you in the context level for

that VLAN.

Syntax:

vlan <vlan-id> [name <name-str>]Creates a new static VLAN if a

VLAN with that VID does not

already exist, and places you in

that VLAN’s context level. If you

do not use the name option, the

switch uses “VLAN” and the new

VID to automatically name the

VLAN.

If the VLAN already exists, the

switch places you in the context

level for that VLAN.

vlan <vlan-name>

Places you in the context level for

that static VLAN.

For example, to create a new static VLAN with a VID of 100:

Creating the new VLAN.

Showing the result.

To go to a different VLAN context level, such as to the default VLAN:

HP2512(vlan-100)# vlan default_vlan

HP2512(vlan-1) _

9-66

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

Converting a Dynamic VLAN to a Static VLAN. If GVRP is running on

the switch and a port dynamically joins a VLAN, you can use the next

command to convert the dynamic VLAN to a static VLAN. (For GVRP and

dynamic VLAN operation, see “GVRP” on page 9-77.) This is necessary if you

want to make the VLAN permanent. Note that after you convert a dynamic

VLAN to static, you must configure the switch’s per-port participation in the

VLAN in the same way that you would for any static VLAN.

Syntax:

static-vlan <vlan-id>

If you need a VID reference, use show vlan to list the switch’s currently existing

VLANs.

For example, suppose a dynamic VLAN with a VID of 125 exists on the switch.

The following command converts the VLAN to a static VLAN.

HP2512(config)# static-vlan 125

Configuring Static VLAN Name and Per-Port Settings. The vlan <vlan-

id> command, used in conjunction with the options listed below, enables you

to change the name of an existing static VLAN and change the per-port VLAN

membership settings as show below.

N o t e

You can use these options from the configuration level by beginning the

command with vlan <vlan-id>, or from the context level of the specific VLAN.

Syntax:

name <vlan-name>

Changes the name of the existing

static VLAN. (No spaces allowed in the

<vlan-name> entry.

[no] tagged <port-list>

Configures the indicated port(s) as

Tagged for the specified VLAN. The

“no” version sets the port(s) to

either No or (if GVRP is enabled) to Auto.

[no] untagged <port-list> Configures the indicated port(s) as

Untagged for the specified VLAN. The

“no” version sets the port(s) to

either No or (if GVRP is enabled) to Auto.

[no] forbid <port-list>

auto <port-list>

Configures the indicated port(s) as

“forbidden” to participate in the

designated VLAN. The “no” version sets

the port(s) to either No or (if GVRP is

enabled) to Auto.

Available if GVRP is enabled on the

switch. Returns the per-port settings

for the specified VLAN to Auto

9-67

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

operation. Note that Auto is the default

per-port setting for a static VLAN if

GVRP is runing on the switch.

(For information on dynamic VLAN and GVRP operation, see “GVRP” on page

9-77.)

For example, suppose you have a VLAN named VLAN100 with a VID of 100,

and all ports are set to No for this VLAN. To change the VLAN name to

“Blue_Team” and set ports 1-5 to Tagged, you could do so with these com-

mands:

HP2512(config)# vlan 100 name Blue_Team

HP2512(config)# vlan 100 tagged 1-5

To move to the vlan 100 context level and execute the same commands:

HP2512(config)# vlan 100

HP2512(vlan-100)# name Blue_Team

HP2512(vlan-100)# tagged 1-5

Similarly, to change the tagged ports in the above examples to No (or Auto, if

GVRP is enabled), you could use either of the following commands.

At the config level, use:

HP2512(config)# no vlan 100 tagged 1-5

- or -

At the VLAN 100 context level, use:

HP2512(vlan-100)# no tagged 1-5

N o t e

You cannot use these commands with dynamic VLANs. Attempting to do so

results in the message “VLAN already exists.” and no change occurs.

Web: Viewing and Configuring VLAN Parameters

In the web browser interface you can do the following:

Add VLANs

Rename VLANs

Remove VLANs

Configure GVRP security

Select a new Primary VLAN

9-68

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

To configure static VLAN port parameters, you will need to use the menu

interface (available by Telnet from the web browser interface) or the CLI.

1. Click on the Configuration tab.

2. Click on [VLAN Configuration].

3. Click on [Add/Remove VLANs].

For web-based Help on how to use the web browser interface screen, click on

the [?] button provided on the web browser screen.

VLAN Tagging Information

VLAN tagging enables traffic from more than one VLAN to use the same port.

(Even when two or more VLANs use the same port they remain as separate

domains and cannot receive traffic from each other without going through an

external router.) As mentioned earlier, a “tag” is simply a unique VLAN

identification number (VLAN ID, or VID) assigned to a VLAN at the time that

you configure the VLAN name in the switch. In the Series 2500 switches the

tag can be any number from 1 to 4095 that is not already assigned to a VLAN.

When you subsequently assign a port to a given VLAN, you must implement

the VLAN tag (VID) if the port will carry traffic for more than one VLAN.

Otherwise, the port VLAN assignment can remain “untagged” because the tag

is not needed. On a given switch, this means you should use the “Untagged”

designation for a port VLAN assignment where the port is connected to non

802.1Q-compliant device or is assigned to only one VLAN. Use the “Tagged”

designation when the port is assigned to more than one VLAN or the port is

connected to a device that does comply with the 802.1Q standard.

For example, if port 7 on an 802.1Q-compliant switch is assigned to only the

Red VLAN, the assignment can remain “untagged” because the port will

forward traffic only for the Red VLAN. However, if both the Red and Green

VLANs are assigned to port 7, then at least one of those VLAN assignments

must be “tagged” so that Red VLAN traffic can be distinguished from Green

VLAN traffic. The following illustration shows this concept:

9-69

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

Blue

VLAN

White

VLAN

Blue

Server

White

Server

Red

VLAN

Red VLAN: Untagged

Green VLAN: Tagged

Switch

"X"

Switch

"Y"

Red

Server

Green

VLAN

Red

VLAN

Green

VLAN

Green

Server

Ports 1-6: Untagged

Port 7: Red VLAN Untagged

Green VLAN Tagged

Ports 1-4: Untagged

Port 5: Red VLAN Untagged

Green VLAN Tagged

Figure 9-54. Example of Tagged and Untagged VLAN Port Assignments

In switch X:

•

VLANs assigned to ports X1 - X6 can all be untagged because there is

only one VLAN assignment per port. Red VLAN traffic will go out only

the Red ports; Green VLAN traffic will go out only the Green ports,

and so on. Devices connected to these ports do not have to be 802.1Q-

compliant.

•

However, because both the Red VLAN and the Green VLAN are

assigned to port X7, at least one of the VLANs must be tagged for this

port.

In switch Y:

•

VLANs assigned to ports Y1 - Y4 can all be untagged because there is

only one VLAN assignment per port. Devices connected to these ports

do not have to be 802.1Q-compliant.

•

Because both the Red VLAN and the Green VLAN are assigned to port

Y5, at least one of the VLANs must be tagged for this port.

In both switches: The ports on the link between the two switches must be

configured the same. As shown in figure 9-54 (above), the Red VLAN must

be untagged on port X7 and Y5 and the Green VLAN must be tagged on

port X7 and Y5, or vice-versa.

9-70

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

N o t e

Each 802.1Q-compliant VLAN must have its own unique VID number, and that

VLAN must be given the same VID in every device in which it is configured.

That is, if the Red VLAN has a VID of 10 in switch X, then 10 must also be used

for the Red VID in switch Y.

VID Numbers

Figure 9-55. Example of VLAN ID Numbers Assigned in the VLAN Names Screen

VLAN tagging gives you several options:

Since the purpose of VLAN tagging is to allow multiple VLANs on the same

port, any port that has only one VLAN assigned to it can be configured as

“Untagged” (the default).

Any port that has two or more VLANs assigned to it can have one VLAN

assignment for that port as “Untagged”. All other VLANs assigned to the

same port must be configured as “Tagged”. (There can be no more than

one Untagged VLAN on a port.)

If all end nodes on a port comply with the 802.1Q standard and are

configured to use the correct VID, then, you can configure all VLAN

assignments on a port as “Tagged” if doing so makes it easier to manage

your VLAN assignments, or for security reasons.

For example, in the following network, switches X and Y and servers S1 and

S2 are 802.1Q-compliant. (Server S3 could also be 802.1Q-compliant, but it

makes no difference for this example.)

9-71

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

Server

Red VLAN: Untagged

Green VLAN: Tagged

Red VLAN: Untagged

Green VLAN: Tagged

Red VLAN: Untagged

Green VLAN: Tagged

Green VLAN only

Server

Switch

"X"

Switch

"Y"

Red

VLAN

Green

VLAN

Red

VLAN

Green

VLAN

Figure 9-56. Example of Networked 802.1Q-Compliant Devices with Multiple

VLANs on Some Ports

The VLANs assigned to ports X3, X4, Y2, Y3, and Y4 can all be untagged

because there is only one VLAN assigned per port. Port X1 has multiple VLANs

assigned, which means that one VLAN assigned to this port can be untagged

and any others must be tagged. The same applies to ports X2, Y1, and Y5.

Switch X

Switch Y

Port Red VLAN

Green VLAN

Tagged

Port Red VLAN

Green VLAN

Tagged

Untagged

No*

Untagged

No*

Tagged

Untagged

No*

Untagged

No*

Untagged

Tagged

*”No” means the port is not a member of that VLAN. For example, port X3 is not

a member of the Red VLAN and does not carry Red VLAN traffic. Also, if GVRP

were enabled, “Auto” would appear instead of “No”.

N o t e

VLAN configurations on ports connected by the same link must match.

Because ports X2 and Y5 are opposite ends of the same point-to-point connec-

tion, both ports must have the same VLAN configuration; that is, both ports

configure the Red VLAN as “Untagged” and the Green VLAN as “Tagged”.

9-72

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

To summarize:

VLANs Per

Port

Tagging Scheme

Untagged or Tagged. If the device connected to the port is 802.1Q-compliant,

then the recommended choice is “Tagged”.

2 or More

1 VLAN Untagged; all others Tagged

All VLANs Tagged

A given VLAN must have the same VID on any 802.1Q-compliant device in which the VLAN is

configured.

The ports connecting two 802.1Q devices should have identical VLAN configurations, as

shown for ports X2 and Y5, above.

Effect of VLANs on Other Switch Features

Spanning Tree Protocol Operation with VLANs

Because the Series 2500 switches follow the 802.1Q VLAN recommendation

to use single-instance spanning tree, STP operates across all ports on the

switch (regardless of VLAN assignments) instead of on a per-VLAN basis. This

means that if redundant physical links exist between the switch and another

802.1Q device, all but one link will be blocked, regardless of whether the

redundant links are in separate VLANs. However, you can use port trunking

to prevent STP from unnecessarily blocking ports (and to improve overall

network performance). Refer to “STP Operation with 802.1Q VLANs” on page

9-110.

Note that STP operates differently in different devices. For example, in the

(non-802.1Q) HP Switch 2000 and the HP Switch 800T, STP operates on a per-

VLAN basis, allowing redundant physical links as long as they are in separate

VLANs.

IP Interfaces

There is a one-to-one relationship between a VLAN and an IP network inter-

face. Since the VLAN is defined by a group of ports, the state (up/down) of

those ports determines the state of the IP network interface associated with

that VLAN. When a VLAN comes up because one or more of its ports is up, the

IP interface for that VLAN is also activated. Likewise, when a VLAN is

deactivated because all of its ports are down, the corresponding IP interface

is also deactivated.

9-73

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

VLAN MAC Addresses

The switch has one unique MAC address for each of its VLAN interfaces. You

can send an 802.2 test packet to this MAC address to verify connectivity to the

switch. Likewise, you can assign an IP address to the VLAN interface, and

when you Ping that address, ARP will resolve the IP address to this MAC

address. The switch allows up to 30 VLAN MAC addresses (one per possible

VLAN).

Port Trunks

When assigning a port trunk to a VLAN, all ports in the trunk are automatically

assigned to the same VLAN. You cannot split trunk members across multiple

VLANs. Also, a port trunk is tagged, untagged, or excluded from a VLAN in the

same way as for individual, untrunked ports.

Port Monitoring

If you designate a port on the switch for network monitoring, this port will

appear in the Port VLAN Assignment screen and can be configured as a

member of any VLAN. For information on how broadcast, multicast, and

unicast packets are tagged inside and outside of the VLAN to which the

monitor port is assigned, see “VLAN-Related Problems” on page 11-9.

9-74

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

VLAN Restrictions

A port must be a member of at least one VLAN. In the factory default

configuration, all ports are assigned to the default VLAN

(DEFAULT_VLAN; VID = 1).

A port can be assigned to several VLANs, but only one of those assign-

ments can be untagged. (The “Untagged” designation enables VLAN oper-

ation with non 802.1Q-compliant devices.)

An external router must be used to communicate between tagged VLANs.

Duplicate MAC addresses on different VLANs are not supported and can

cause VLAN operating problems. These duplicates are possible and com-

mon in situations involving Sun workstations with multiple network

interface cards, with DECnet routers, and with certain Hewlett-Packard

routers using OS versions earlier than A.09.70 where any of the following

are enabled:

•

IPX

IP Host-Only

STP

XNS

DECnet

Currently, the problem of duplicate MAC addresses in IPX and IP Host-

Only environments is addressed through the HP router OS version

described under “HP Router Requirements” on page 9-76. However, for

XNS and DECnet environments, a satisfactory solution is not available

from any vendor at this time.

N o t e

Operating problems associated with duplicate MAC addresses are likely to

occur in VLAN environments where XNS and DECnet are used. For this

reason, using VLANs in XNS and DECnet environments is not currently

supported.

Before you can delete a VLAN, you must first re-assign all ports in the

VLAN to another VLAN.

9-75

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Port-Based Virtual LANs (Static VLANs)

HP Router Requirements. Use the Hewlett-Packard version A.09.70 (or

later) router OS release if any of the following Hewlett-Packard routers are

installed in networks in which you will be using VLANs:

HP Router 440 (formerly Router ER)

HP Router 470 (formerly Router LR)

HP Router 480 (formerly Router BR)

HP Router 650

Release A.09.74 is available on the World Wide Web at

http://www.hp.com/go/procurve

Symptoms of Duplicate MAC Addresses in VLAN

Environments

There areno definitive events orstatistics toindicatethe presenceofduplicate

MAC addresses in a VLAN environment. However, one symptom that may

occur is that the duplicate MAC address can be seen in the Port Address Table

for more than one port. You can do a search for the suspected MAC address

in the switch’s address table and if there is a duplicate MAC address problem,

the address will be found in the table associated with one port at one moment,

and then later associated with a different port.

9-76

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

GVRP

Feature

Default

page 9-84

—

CLI

Web

view GVRP configuration

n/a

page 9-86

page 9-88

page 9-89

list static and dynamic VLANs n/a

on a GVRP-enabled switch

enable or disable GVRP on the disabled

switch

page 9-84

page 9-87

page 9-89

—

enable or disable GVRP on

individual ports

enabled

control how individual ports

will handle advertisements for

new VLANs

Learn

page 9-89

convert a dynamic VLAN to a n/a

static VLAN

—

page 9-89

page 9-62

—

configure static VLANs

DEFAULT_VLAN page 9-57

(VID = 1)

page 9-89

GVRP—GARP VLAN Registration Protocol—is an application of the Generic

Attribute Registration Protocol—GARP. GVRP is defined in the IEEE 802.1Q

standard, and GARP is defined in the IEEE 802.1P standard.

N o t e

To understand and use GVRP you must have a working knowledge of 802.1Q

VLAN tagging. (See “Port-Based Virtual LANs (Static VLANs)” on page 9-50.)

GVRP uses “GVRP Bridge Protocol Data Units” (“GVRP BPDUs”) to “adver-

tise” static VLANs. In this manual, a GVRP BPDU is termed an advertisement.

GVRP enables the Switch 2512/2524 to dynamically create 802.1Q-compliant

VLANs on links with other devices running GVRP. This enables the switch to

automatically create VLAN links between GVRP-aware devices. (A GVRP link

can include intermediate devices that are not GVRP-aware.) This operation

reduces the chances for errors in VLAN configuration by automatically pro-

viding VLAN ID (VID) consistency across the network. That is, you can use

GVRP to propagate VLANs to other GVRP-aware devices instead of manually

having to set up VLANs across your network. After the switch creates a

dynamic VLAN, you can optionally use the CLI static <vlan-id> command

convert it to a static VLAN or allow it to continue as a dynamic VLAN for as

long as needed. You can also use GVRP to dynamically enable port member-

ship in static VLANs configured on a switch.

9-77

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

GVRP

N o t e

There must be one common VLAN (that is, one common VID) connecting all

of the GVRP-aware devices in the network to carry GVRP packets. HP recom-

mends the default VLAN (DEFAULT_VLAN; VID = 1), which is automatically

enabledandconfigured asuntagged onevery port of the Series2500switches).

That is, on ports used for GVRP links, leave the default VLAN set to Untagged

and configure other static VLANs on the same ports as either Tagged, Auto, or

Forbid. (Auto and Forbid are described under “Per-Port Options for Dynamic

VLAN Advertising and Joining” on page 9-82.

General Operation

A GVRP-enabled port with a Tagged or Untagged static VLAN sends advertise-

ments (BPDUs, or Bridge Protocol Data Units) advertising the VLAN (actually,

its VID). Another GVRP-aware port receiving the advertisements over a link

can dynamically join the advertised VLAN. All dynamic VLANs operate as

Tagged VLANs. Also, a GVRP-enabled port can forward an advertisement for

a VLAN it learned about from other ports on the same switch. However, the

forwarding port will not itself join that VLAN until an advertisement for that

VLAN is received on that specific port.

Core switch with static

2. Port 1 receives advertise- 4. Port 4 receives advertise-

VLANs (VID= 1, 2, & 3). Port 2 ment of VIDs 1, 2, & 3 AND ment of VIDs 1, 2, & 3 AND

is a member of VIDs 1, 2, & 3. becomes a member of VIDs becomes a member of VIDs

1, 2, & 3.

1. Port 2 advertises VIDs 1, 2, 3. Port 3 advertises VIDs 1, 2, 5. Port 5 advertises VIDs 1, 2,

& 3.

& 3, but port 3 is NOT a

& 3, but port 5 is NOT a

Port6 is statically configured

to be a member of VID 3.

member of VIDs 1, 2, & 3 at member of VIDs 1, 2, & 3 at

this point.

Switch 1

Switch 2

Switch 3

Static VLAN con-

figured End Device

(NIC or switch)

with GVRP On

GVRP On

11. Port 2 receives

9. Port 3 receives advertise- 7. Port 5 receives advertise- 6. Port 6 advertises VID 3.

advertisement of VID 3. (Port ment of VID 3 AND becomes ment of VID 3 AND becomes

2 is already statically

configured for VID 3.

a member of VID 3. (Still not a member of VID 3. (Still not

a member of VIDs 1 & 2.) a member of VIDs 1 & 2.)

10. Port 1 advertises VID 3. 8. Port 4 advertises VID 3.

Figure 9-57. Example of Forwarding Advertisements and Dynamic Joining

9-78

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

GVRP

Note that if a static VLAN is configured on at least one port of a switch, and

that port has established a link with another device, then all other ports of that

switch will send advertisements for that VLAN.

For example, in the following figure, Tagged VLAN ports on switch “A” and

switch “C”, below advertise VLANs 22 and 33 to ports on other GVRP-enabled

switches that can dynamically join the VLANs.

Switch “C”

Switch “A”

Switch “C”:

Port 5 dynamically joined VLAN 22..

Ports 11 and 12 belong to Tagged VLAN 33.

GVRP On

Dynamic

VLAN 22

Tagged

VLAN 22

Tagged

VLAN 33

Switch “E”

GVRP On

Dynamic

VLAN 33

Switch “B”

(No GVRP)

Switch “D”

GVRP On

Dynamic

VLAN 33

Tagged

VLAN 22

Dynamic

VLAN 22

Dynamic

VLAN 22

Switch “E”:

Port 2 dynamically joined VLAN 33.

Lower port dynamically joined VLAN 22.

Switch “D”:

Port 3 dynamically joined VLAN 33.

Port 6 dynamically joined VLAN 22.

Figure 9-58. Example of GVRP Operation

N o t e

A port can learn of a dynamic VLAN through devices that are not aware of

GVRP (Switch “B”, above). VLANs must be disabled in GVRP-unaware devices

to allow tagged packets to pass through.

A GVRP-aware port receiving advertisements has these options:

If there is not already a static VLAN with the advertised VID on the

receiving port, then dynamically create a VLAN with the same VID as in

the advertisement, and begin moving that VLAN’s traffic.

9-79

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

GVRP

If the switch already has a static VLAN assignment with the same VID as

in the advertisement, and the port is configured to Auto for that VLAN,

then the port will dynamically join the VLAN and begin moving that

VLAN’s traffic. (For more detail on Auto, see “Per-Port Options for

Dynamic VLAN Advertising and Joining” on page 9-82.)

Ignore the advertisement for that VID and drop all GVRP traffic with that

VID.

Don’t participate in that VLAN.

Note also that a port belonging to a Tagged or Untagged static VLAN has these

configurable options:

Send VLAN advertisements, and also receive advertisements for VLANs

on other ports and dynamically join those VLANs.

Send VLAN advertisements, but ignore advertisements received from

other ports.

Avoid GVRP participation by not sending advertisements and dropping

any advertisements received from other devices.

IP Addressing. A dynamic VLAN does not have an IP address, and moves

traffic on the basis of port membership in VLANs. However, after GVRP

creates a dynamic VLAN, you can convert it to a static VLAN. Note that it is

then necessary to assign ports to the VLAN in the same way that you would

for a static VLAN that you created manually. In the static state you can

configure IP addressing on the VLAN and access it in the same way that you

would any other static (manually created) VLAN.

Per-Port Options for Handling GVRP “Unknown

VLANs”

An “unknown VLAN” is a VLAN that the switch learns of by GVRP. For

example, suppose that in figure 9-58 (page 9-79), port 1 on switch “A” is

connected to port 5 on switch “C”. Because switch “A” has VLAN 22 statically

configured, while switch “C” does not have this VLAN statically configured,

VLAN 22 is handled as an “Unknown VLAN” on port 5 in switch “C”. Con-

versely, if VLAN 22 was statically configured on switch C, but port 5 was not

a member, port 5 would become a member when advertisements for VLAN 22

were received from switch “A”.

When you enable GVRPon a switch, you have the per-port join-request options

listed in table 9-8:

9-80

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

GVRP

Table 9-8. Options for Handling “Unknown VLAN” Advertisements:

UnknownVLAN Operation

Mode

Learn

(the Default)

Enables the port to dynamically join any VLAN for which it receives an

advertisement, and allows the port to forward advertisements it receives.

Block

Prevents the port from dynamically joining a VLAN that is not statically

configured on the switch. The port will still forward advertisements that

were received by the switch on other ports. Block should typically be used

on ports in unsecure networks, where there is exposure to “attacks”, such

as ports where intruders can connect.

Disable

Causes the port to ignore and drop all advertisements it receives from any

source.

The CLI show gvrp command and the menu interface VLAN Support screen

show a switch’s current GVRP configuration, including the Unknown VLAN

settings.

GVRP Enabled

(Required for Unknown

VLAN operation.)

Unknown VLAN Settings

Default: Learn

Figure 9-59. Example of GVRP Unknown VLAN Settings

The above options also influence GVRP operation on ports where static

VLANs are configured. (See the next section.)

9-81

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

GVRP

Per-Port Options for Dynamic VLAN Advertising and

Joining

Initiating Advertisements. As described in the preceding section, to

enable dynamic joins, GVRP must be enabled and a port must be configured

to Learn (the default). However, to send advertisements in your network, one

or more Tagged or Untagged static VLANs must be configured on one or more

switches (with GVRP enabled), depending on your topology.

Enabling a Static VLAN for Dynamic Joins. You can configure a port to

dynamically join a static VLAN (that shares the same VID) if that port subse-

quently receives an advertisement for the static VLAN. (This is done by using

the Auto and Learn options described in table 9-9, below.

Parameters for Controlling VLAN Propagation Behavior. On an indi-

vidual port, you can configure an existing static VLAN to actively or passively

participate in dynamic VLAN propagation or to ignore dynamic VLAN (GVRP)

operation. These options are controlled by the GVRP “Unknown VLAN” and

the static VLAN configuration parameters, as described in the following table:

Table 9-9. Controlling VLAN Behavior on Ports with Static VLANs

Per-Port “Unknown VLAN”

(GVRP) Configuration

Per-Port Static VLAN Options ¹

Auto²

Tagged or Untagged²

Forbid²

Learn

(the Default)

Generate advertisements.

Forward advertisements for other

VLANs.

Receive advertisements and

dynamically join any advertised

VLAN.

Receive advertisements and

Do not allow the

port to become a

dynamically join any

advertised VLAN that has the member of this

same VID as the static VLAN. VLAN.

Block

Generate advertisements.

Forward advertisements received

from other ports for other VLANs.

Do not dynamically join any

advertised VLAN.

Receive advertisements and

dynamically join any

advertised VLAN that has the

same VID.

Do not allow the

VLAN on this port.

Disable

Ignore GVRP and drop all GVRP

advertisements.

IgnoreGVRPanddropallGVRP Do not allow the

advertisements. VLAN on this port.

¹Each port of a Series 2500 switch must be a Tagged or Untagged member of at least one VLAN. Thus, any port configured

for GVRP to Learn or Block will generate and forward advertisements for the static VLAN(s) for which it has been

configured as Tagged or Untagged . By default, all ports are Untagged members of the default VLAN (VID = 1). See the

“Note” on page page 9-78.

²To configure tagging, Auto, or Forbid, see “Configuring Static VLAN Name and Per-Port Settings” on page 9-67 (for the

CLI) or “Adding or Changing a VLAN Port Assignment” on page 9-60 (for the menu).

9-82

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

GVRP

As the above table indicates, when you enable GVRP, a port that has a Tagged

or Untagged static VLAN has the option for both generating advertisements

and dynamically joining other VLANs.

N o t e

In table 9-9, above, the Unknown VLAN parameters are configured on a per-

interface basis using the CLI. The Tagged, Untagged, Auto, and Forbid options

are configured in the VLAN context using either the menu interface or the CLI.

Because dynamic VLANs operate as Tagged VLANs, and because a tagged port

on one device cannot communicate with an untagged port on another device,

HP recommends that you use Tagged VLANs for the static VLANs you will use

to generate advertisements.

GVRP and VLAN Access Control

When you enable GVRP on a switch, the default GVRP parameter settings

allow all of the switch’s ports to transmit and receive dynamic VLAN adver-

tisements (GVRP advertisements) and to dynamically join VLANs. The two

preceding sections describe the per-port features you can use to control and

limit VLAN propagation. To summarize, you can:

Allow a port to advertise and/or join dynamic VLANs (the default).

Allow a port to send VLAN advertisements, but not receive them from

other devices; that is, the port cannot dynamically join a VLAN but other

devices can dynamically join the VLANs it advertises.

Prevent a port from sending dynamic VLAN advertisements for specific

VLANs

Prevent a port from participating in GVRP operation.

Port-Leave From a Dynamic VLAN

A dynamic VLAN continues to exist on a port for as long as the port continues

to receive advertisements of that VLAN from another device connected to that

port or until you:

Convert the VLAN to a static VLAN (See “Converting a Dynamic VLAN to

a Static VLAN” on page 9-67.)

Reconfigure the port to Block or Disable

Disable GVRP

Reboot the switch

The time-to-live for dynamic VLANs is 10 seconds. That is, if a port has

not received an advertisement for an existing dynamic VLAN during the

last 10 seconds, the port removes itself from that dynamic VLAN.

9-83

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

GVRP

Planning for GVRP Operation

These steps outline the procedure for setting up dynamic VLANs for a seg-

ment.

1. Determine the VLAN topology you want for each segment (broadcast

domain) on your network.

2. Determine the VLANs that must be static and the VLANs that can be

dynamically propagated.

3. Determine the device or devices on which you must manually create static

VLANs in order to propagate VLANs throughout the segment.

4. Determine security boundaries and how the individual ports in the seg-

ment will handle dynamic VLAN advertisements. (See table 9-8 on page

9-81 and table 9-9 on page 9-82.)

5. Enable GVRP on all devices you want to use with dynamic VLANs and

configure the appropriate “Unknown VLAN” parameter (Learn, Block, or

Disable) for each port.

6. Configure the static VLANs on the switch(es) where they are needed,

along with the per-VLAN parameters (Tagged, Untagged, Auto, and Forbid—

see table 9-9 on page 9-82) on the appropriate ports.

7. Dynamic VLANs will then appear automatically, according to the config-

uration options you have chosen.

8. Convert dynamic VLANs to static VLANs where you want dynamic VLANs

to become permanent.

Configuring GVRP On a Switch

The procedures in this section describe how to:

View the GVRP configuration on a switch

Enable and disable GVRP on a switch

Specify how individual ports will handle advertisements

To view or configure static VLANs for GVRP operation, refer to “Port-Based

Virtual LANs (Static VLANs)” on page 9-50.

Menu: Viewing and Configuring GVRP

1. From the Main Menu, select:

9-84

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

GVRP

2. Switch Configuration . . .

8. VLAN Menu . . .

1. VLAN Support

Figure 9-60. The VLAN Support Screen (Default Configuration)

2. Do the following to enable GVRP and display the Unknown VLAN fields:

a. Press [E] (for Edit).

b. Use [ v] to move the cursor to the GVRP Enabled field.

c. Press the Space bar to select Yes.

d. Press [ v] again to display the Unknown VLAN fields.

The Unknown VLAN

fields enable you to

configure each port to:

–

Learn - Dynamically

join any advertised

VLAN and forward all

advertisements the

port receives.

Block - Do not

dynamically join any

VLAN, but still

forward

advertisements.

Disable - Ignore and

drop all

advertisements.

Figure 9-61. Example Showing Default Settings for Handling Advertisements

3. Use the arrow keys to select the port you want, and the Space bar to select

Unknown VLAN option for any ports you want to change.

4. When you finish making configuration changes, press [Return], then [S] (for

Save) to save your changes to the Startup-Config file.

9-85

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

GVRP

CLI: Viewing and Configuring GVRP

GVRP Commands Used in This Section

show gvrp

gvrp

below

page 9-87

unknown-vlans

Displaying the Switch’s Current GVRP Configuration. This command

shows whether GVRP is disabled, along with the current settings for the

maximum number of VLANs and the current Primary VLAN. (For more on the

last two parameters, see “Port-Based Virtual LANs (Static VLANs)” on page

9-50.)

Syntax:

show gvrp

Figure 9-62. Example of “Show GVRP” Listing with GVRP Disabled

This example includes

non-default settings for

the Unknown VLAN field

for some ports.

Figure 9-63. Example of Show GVRP Listing with GVRP Enabled

9-86

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

GVRP

Enabling and Disabling GVRP on the Switch. This command enables

GVRP on the switch.

Syntax:

gvrp

This example enables GVRP:

HP2512(config)# gvrp

This example disables GVRP operation on the switch:

HP2512(config)# no gvrp

Enabling and Disabling GVRP On Individual Ports. When GVRP is

enabled on the switch, use the unknown-vlans command to change the

Unknown VLAN field for one or more ports. You can use this command at

either the Manager level or the interface context level for the desired port(s).

Syntax:

show gvrp

Shows the current settings.

interface <port-list> unknown-vlans

Changes the Unknown VLAN

field setting for the specified

port(s).

For example, to view and change the configuration for ports 1-2 to Block:

HP2512(config)# interface 1-2 unknown-vlans block

9-87

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

GVRP

Displaying the Static and Dynamic VLANs Active on the Switch. The

show vlans command lists all VLANs present in the switch.

Syntax: show vlans

For example, in the following illustration, switch “A” has one static VLAN (the

default VLAN), with GVRP enabled and port 1 configured to Learn for

Unknown VLANs. Switch “B” has GVRP enabled and has three static VLANs:

the default VLAN, VLAN-222, and VLAN-333. In this scenario, switch B will

dynamically join VLAN-222 and VLAN-333:

Switch “B”

Switch “A”

GVRP enabled.

1 Static VLANs:

GVRP enabled.

3 Static VLANs:

–

DEFAULT_VLAN

–

DEFAULT_VLAN

VLAN-222

VLAN-33

The show vlans command lists the dynamic (and static) VLANs in switch “B”.

DynamicVLANs

Learned from

Switch “A”

through Port 1

Figure 9-64. Example of Listing Showing Dynamic VLANs

9-88

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

GVRP

Converting a Dynamic VLAN to a Static VLAN. If a port on the switch

has joined a dynamic VLAN, you can use the following command to convert

that dynamic VLAN to a static VLAN:

Syntax:

static <dynamic-vlan-id>

For example, to convert dynamic VLAN 333 (from the previous example) to a

static VLAN:

HP2512(config)# static 333

Web: Viewing and Configuring GVRP

To view, enable, disable, or reconfigure GVRP:

1. Click on the Configuration tab.

2. Click on [VLAN Configuration] and do the following:

•

To enable or disable GVRP, click on GVRP Enabled.

To change the Unknown VLAN field for any port:

i. Click on [GVRP Security] and make the desired changes.

ii. Click on [Apply] to save and implement your changes to the

Unknown VLAN fields.

For web-based Help on how to use the web browser interface screen, click on

the [?] button provided on the web browser screen.

GVRP Operating Notes

A dynamic VLAN must be converted to a static VLAN before it can have

an IP address.

Converting a dynamic VLAN to a static VLAN and then executing the write

memory command saves the VLAN in the startup-config file and makes it

a permanent part of the switch’s VLAN configuration.

Within the same broadcast domain, a dynamic VLAN can pass through a

device that is not GVRP-aware. This is because a hub or a switch that is

not GVRP-ware will flood the GVRP (multicast) advertisement packets

out all ports.

GVRP assigns dynamic VLANs as Tagged VLANs. To configure the VLAN

as Untagged, you must first convert it to a static VLAN.

Rebooting a switch on which a dynamic VLAN exists deletes that VLAN.

However, the dynamic VLAN re-appears after the reboot if GVRP is

enabled and the switch again receives advertisements for that VLAN

through a port configured to add dynamic VLANs.

9-89

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

GVRP

By receiving advertisements from other devices running GVRP, the switch

learns of static VLANs on those other devices and dynamically (automat-

ically) creates tagged VLANs on the links to the advertising devices.

Similarly, the switch advertises its static VLANs to other GVRP-aware

devices.

A GVRP-enabled switch does not advertise any GVRP-learned VLANs out

of the port(s) on which it originally learned of those VLANs.

9-90

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Multimedia Traffic Control with IP Multicast (IGMP)

Multimedia Traffic Control with IP

Multicast (IGMP)

IGMP Features

Feature

Default

n/a

CLI

view igmp configuration

—

page 9-93

—

show igmp status for multicast n/a

groups used by the selected

VLAN

—

Yes

IGMP configuration for all

enabling or disabling IGMP

(Requires VLAN ID Context)

disabled

page 9-95

page 9-97

per-port packet control

IGMP traffic priority

querier

auto

—

page 9-96

page 9-97

—

normal

enabled

In a network where IP multicast traffic is transmitted for various multimedia

applications, you can use the switch to reduce unnecessary bandwidth usage

on a per-port basis by configuring IGMP (Internet Group Management Proto-

colcontrols). Inthe factorydefaultstate(IGMPdisabled), the switch forwards

all IGMP traffic to all ports, which can cause unnecessary bandwidth usage

on ports not belonging to multicast groups. Enabling IGMP allows the ports

to detect IGMP queries and report packets and manage IP multicast traffic

through the switch.

IGMP is useful in multimedia applications such as LAN TV, desktop confer-

encing, and collaborative computing, where there is multipoint communica-

tion; that is, communication from one to many hosts, or communication

originating from many hosts and destined for many other hosts. In such

multipoint applications, IGMP will be configured on the hosts, and multicast

traffic will be generated by one or more servers (inside or outside of the local

network). Switches in the network (that support IGMP) can then be config-

ured to direct the multicast traffic to only the ports where needed. If multiple

VLANs are configured, you can configure IGMP on a per-VLAN basis.

9-91

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Multimedia Traffic Control with IP Multicast (IGMP)

Enabling IGMP allows the ports to detect IGMP queries and report packets

and manage IP multicast traffic through the switch. If no other querier is

detected, the switch will then also function as the querier. (If you need to

disable the querier feature, you can do so through the IGMP configuration

MIB. Refer to “Changing the Querier Configuration Setting” on page 9-97.)

N o t e

IGMP configuration on the Switch 2512/2524 operates at the VLAN context

level. If you are not using VLANs, then configure IGMP in VLAN 1 (the default

VLAN) context. IGMP requires an IP address and subnet mask for any VLAN

used for IGMP traffic. If the switch relies on DHCP or Bootp to acquire an IP

address, ensure that an IP addressing has been assigned to the appropriate

VLANs by using show ip or by viewing the menu interface “Management

Address Information” screen (page 10-6).

In order for IGMP service to take effect, an IP address must be configured and

active on the VLAN in which you want IGMP to operate. If the only VLAN on

the switch is the default VLAN (VLAN ID, or VID, of “1”), then you must

configure an IP address for VLAN 1. If multiple VLANs are configured, you

must configure an IP address for the VLAN(s) in which you want to implement

IGMP. Refer to “IP Configuration” on page 5-3.

IGMP Operating Features

In the factory default configuration, IGMP is disabled. If multiple VLANs are

not configured, you must configure IGMP on the default VLAN

(DEFAULT_VLAN; VID = 1). If multiple VLANs are configured, you must

configure IGMP on a per-VLAN basis. When you use either the CLI or the web

browser interface to enable IGMP on the switch or a VLAN, the switch

forwards IGMP traffic only to ports belonging to multicast groups. Using the

console enables these additional options:

Forward with High Priority. Disabling this parameter (the default)

causes the switch or VLAN to process IP multicast traffic, along with other

traffic, in the order received (normal priority). Enabling this parameter

causes the switch or VLAN to give a higher priority to IP multicast traffic

than to other traffic.

Auto/Blocked/Forward:You can use the console to configure individual

ports to any of the following states:

•

Auto (the default): Causes the switch to interpret IGMP packets and

to filter IP multicast traffic based on the IGMP packet information for

ports belonging to a multicast group. This means that IGMP traffic

will be forwarded on a specific port only if an IGMP host or multicast

router is connected to the port.

9-92

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Multimedia Traffic Control with IP Multicast (IGMP)

•

Blocked: Causes the switch to drop all IGMP transmissions received

from a specific port and to block all outgoing IP Multicast packets for

that port. This has the effect of preventing IGMP traffic from moving

through specific ports.

Forward: Causes the switch to forward all IGMP and IP multicast

transmissions through the port.

Querier:Inthe default state (enabled), eliminates theneed fora multicast

router. In most cases, HP recommends that you leave this parameter in

the default “enabled” state even if you have a multicast router performing

the querier function in your multicast group. For more information, see

“How IGMP Operates” on page 9-97.

N o t e

Whenever IGMP is enabled, the switch generates an Event Log message

indicating whether querier functionality is enabled.

For more information, refer to “How IGMP Operates” on page 9-97.

CLI: Configuring and Displaying IGMP

IGMP Commands Used in This Section

show ip igmp configuration

ip igmp

page 9-94

page 9-95

high-priority-forward

auto <[ethernet] <port-list>

blocked <[ethernet] <port-list>

forward <[ethernet] <port-list>

querier

page 9-96

page 9-97

show ip igmp

See “IP Multicast (IGMP) Status” on page 10-17

For a listing of the full CLI command set, including syntax and options, see

the CLI command reference available on the HP ProCurve website at:

http://www.hp.com

9-93

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Multimedia Traffic Control with IP Multicast (IGMP)

Viewing the Current IGMP Configuration. This command lists the IGMP

configuration for all VLANs configured on the switch or for a specific VLAN.

Syntax:

show ip igmp config

VLANs on the switch

show ip igmp <vid> config

IGMP configuration for a

specific VLAN on the switch,

including per-port data

(For IGMP operating status, see “Internet Group Management Protocol

(IGMP) Status” on page 10-17.)

For example, suppose you have the following VLAN and IGMP configurations

on the switch:

VLAN ID VLAN Name

IGMP

Forward with Querier

Enabled High Priority

DEFAULT_VLAN Yes

Yes

VLAN-2

VLAN-3

Yes

You could use the CLI to display this data as follows:

Figure 9-65. Example Listing of IGMP Configuration for All VLANs in the Switch

The following versionofthe show ip igmp command includes theVLAN ID (vid)

designation, and combines the above data with the IGMP per-port configura-

tion:

9-94

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Multimedia Traffic Control with IP Multicast (IGMP)

IGMP Configuration

for the Selected

VLAN

IGMP Configuration

On the Individual

Ports in the VLAN

Figure 9-66. Example Listing of IGMP Configuration for A Specific VLAN

Enabling or Disabling IGMP on a VLAN. You can enable IGMP on a

VLAN, along with the last-saved or default IGMP configuration (whichever

was most recently set), or you can disable IGMP on a selected VLAN. Note

that this command must be executed in a VLAN context.

Syntax:

[no] ip igmp

For example, here are methods to enable and disable IGMP on the default

VLAN (VID = 1).

HP2512(config)# vlan 1 ip igmp

HP2512(vlan-1)# ip igmp

Enables IGMP on VLAN 1.

Same as above.

HP2512(config)# no vlan 1 ip igmp Disables IGMP on VLAN 1.

N o t e

If you disable IGMP on a VLAN and then later re-enable IGMP on that VLAN,

the switch restoresthe last-savedIGMP configuration forthatVLAN. For more

on how switch memory operates, see appendic C, “Switch Memory and

Configuration”.

You can also combine the ip igmp command with other IGMP-related com-

mands, as described in the following sections.

9-95

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Multimedia Traffic Control with IP Multicast (IGMP)

Configuring Per-Port IGMP Packet Control. Use this command in the

VLAN context to specify how each port should handle IGMP traffic.

Syntax: vlan <vid> ip igmp

[auto <port-list> | blocked <port-list> | forward <port-list>]

Default: auto

For example, suppose you wanted to configure IGMP as follows for VLAN 1

on the 10/100 ports on the Switch 2512:

Ports 1-7

auto

Filter multicast traffic. Forward IGMP traffic to hosts on these ports

that belong to the multicast group for which the traffic is intended.

(Also forward any multicast traffic through any of these ports that is

connected to a multicast router.)

Port 8

forward Forward all multicast traffic through this port.

Ports 9-12 blocked Drop all multicast traffic received from devices on these ports, and

prevent any outgoing multicast traffic from moving through these

ports.

Depending on the privilege level, you could use one of the following com-

mands to configure IGMP on VLAN 1 with the above settings:

HP2512(config)# vlan 1 ip igmp auto 1-7 forward 8 blocked 9-12

HP2512(vlan-1)# ip igmp auto 1-7 forward 8 blocked 9-12

The following command displays the VLAN and per-port configuration result-

ing from the above commands.

HP2512> show ip igmp 1 config

Configuring IGMP Traffic Priority. This command assigns “high” priority

to IGMP traffic or returns a high-priority setting to “normal” priority.

Syntax: vlan <vid> ip igmp high-priority-forward

Default: normal

HP2512(config)# vlan 1 ip igmp

Configures high priority for

high-priority-forward IGMP traffic on VLAN 1.

HP2512(vlan-1)# vlan 1 ip igmp

Same as above command,

high-priority-forward but in the VLAN 1 context

level.

HP2512(vlan 1)# no ip igmp

Returns IGMP traffic to

high-priority-forward “normal” priority.

9-96

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Multimedia Traffic Control with IP Multicast (IGMP)

HP2512> show ip igmp config

Show command to display

results of above high-priority

commands.

Configuring the Querier Function. The default querier function is

“enabled”. This command disables or re-enables the querier function.

Syntax:

[no] vlan <vid> ip igmp querier

Default: Yes

HP2512(config)# no vlan 1 ip

igmp querier

Disables the querier function

on VLAN 1.

HP2512> show ip igmp config

Show command to display

results of above querier

command.

Web: Enabling or Disabling IGMP

In the web browser interface you can enable or disable IGMP on a per-VLAN

basis. To configure other IGMP features, telnet to the switch console and use

the CLI.

To Enable or Disable IGMP

1. Click on the Configuration tab.

2. Click on [Device Features].

3. If more than one VLAN is configured, use the VLAN pull-down menu to

select the VLAN on which you want to enable or disable IGMP.

4. Use the Multicast Filtering (IGMP) menu to enable or disable IGMP.

5. Click on [Apply Changes] to implement the configuration change.

For web-based help on how to use the web browser interface screen, click on

the [?] button provided on the web browser screen.

How IGMP Operates

The Internet Group Management Protocol (IGMP) is an internal protocol of

the Internet Protocol (IP) suite. IP manages multicast traffic by using

switches, multicast routers, and hosts that support IGMP. (In Hewlett-Pack-

ard’s implementation of IGMP, a multicast router is not necessary as long as

9-97

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Multimedia Traffic Control with IP Multicast (IGMP)

a switch is configured to support IGMP with the querier feature enabled.) A set

of hosts, routers, and/or switches that send or receive multicast data streams

to or from the same source(s) is termed a multicast group, and all devices in

the group use the same multicast group address. The multicast group running

version 2 of IGMP uses three fundamental types of messages to communicate:

Query: A message sent from the querier (multicast router or switch)

asking for a response from each host belonging to the multicast group. If

a multicast router supporting IGMP is not present, then the switch must

assume this function in order to elicit group membership information

from the hosts on the network. (If you need to disable the querier feature,

you can do so through the CLI, using the IGMP configuration MIB. See

“Changing the Querier Configuration Setting” on page “Configuring the

Querier Function” on page 9-97.)

Report: A message sent by a host to the querier to indicate that the host

wants to be or is a member of a given group indicated in the report

message.

Leave Group: A message sent by a host to the querier to indicate that the

host has ceased to be a member of a specific multicast group.

Thus, IGMP identifies members of a multicast group (within a subnet) and

allows IGMP-configured hosts (and routers) to join or leave multicast groups.

IGMP Data. To display data showing active group addresses, reports, que-

ries, querier access port, and active group address data (port, type, and

access), see “IP Multicast (IGMP) Status” on page 7-19.

Role of the Switch

When IGMP is enabled on the switch, it examines the IGMP packetsitreceives:

To learn which of its ports are linked to IGMP hosts and multicast routers/

queriers belonging to any multicast group

To become a querier if a multicast router/querier is not discovered on the

network

Once the switch learns the port location of the hosts belonging to any partic-

ular multicast group, it can direct group traffic to only those ports, resulting

in bandwidth savings on ports where group members do not reside. The

following example illustrates this operation.

Figure 9-67 on page 9-99 shows a network running IGMP.

PCs 1 and 4, switch 2, and all of the routers are members of an IP multicast

group. (The routers operate as queriers.)

9-98

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Multimedia Traffic Control with IP Multicast (IGMP)

Switch 1 ignores IGMP traffic and does not distinguish between IP multi-

cast group members and non-members. Thus, it is sending large amounts

of unwanted multicast traffic out the ports to PCs 2 and 3.

Switch 2 is recognizing IGMP traffic and learns that PC 4 is in the IP

multicast group receiving multicast data from the video server (PC X).

Switch 2 then sends the multicast data only to the port for PC 4, thus

avoiding unwanted multicast traffic on the ports for PCs 5 and 6.

Multicast

Data Stream

Router

PC X

Router

Video

Server

Router

IGMP is NOT

Running Here

Router

Switch 1

IGMP IS

Running Here

Switch 2

PC 1

Video

Client

PC 3

PC 4

PC 2

Video

Client

PC 6

PC 5

Figure 9-67. The Advantage of Using IGMP

The next figure (9-68) shows a network running IP multicasting using IGMP

without a multicast router. In this case, the IGMP-configured switch runs as a

querier.

PCs 2, 5, and 6 are members of the same IP multicast group.

9-99

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Multimedia Traffic Control with IP Multicast (IGMP)

IGMP is configured on switches 3 and 4. Either of these switches can operate

as querier because a multicast router is not present on the network. (If an

IGMP switch does not detect a querier, it automatically assumes this role,

assuming the querier feature is enabled—the default—within IGMP.)

Switch 1

IGMP is NOT

Running Here

IGMP IS

Running Here

Switch 3

Multicast

Data Stream

Switch 2

IGMP IS

Running Here

Switch 4

PC 2

PC 1

PC 6

PC 5

Figure 9-68. Isolating IP Multicast Traffic in a Network

In the above figure, the multicast group traffic does not go to switch 1 and

beyond because either the port on switch 3 that connects to switch 1 has

been configured as blocked or there are no hosts connected to switch 1

or switch 2 that belong to the multicast group.

For PC 1 to become a member of the same multicast group without

flooding IP multicast traffic on all ports of switches 1 and 2, IGMP must

be configured on both switches 1 and 2, and the port on Switch 3 that

connects to Switch 1 must be unblocked.

9-100

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Multimedia Traffic Control with IP Multicast (IGMP)

N o t e :

IP Multicast Filters. IP multicast addresses occur in the range from

224.0.0.0 through 239.255.255.255 (which corresponds to the Ethernet multi-

cast address range of 01005e-000000 through 01005e-7fffff). Devices such as

the HP Switch 1600M/2400M/2424M/4000M/8000M having static Traffic/Secu-

rity filters configured with a “Multicast” filter type and a “Multicast Address”

in this range will continue in effect unless IGMP learns of a multicast group

destination in this range. In that case, IGMP takes over the filtering function

for the multicast destination address(es) for as long as the IGMP group is

active. If the IGMP group subsequently deactivates, the static filter resumes

control over traffic to the multicast address formerly controlled by IGMP.

(Note that the Switch 2512 and 2524 do not have traffic/security filters.)

Reserved Addresses Excluded from IP Multicast (IGMP) Filtering.

Traffic to IP multicast groups in the IP address range of 224.0.0.0 to 224.0.0.255

will always be flooded because addresses in this range are “well known” or

“reserved” addresses. Thus, if IP Multicast is enabled and there is an IP

multicast group within the reserved address range, traffic to that group will

be flooded instead of filtered by the switch.

Number of IP Multicast Addresses Allowed

Multicast filters and IGMP filters (addresses) together can total up to 255 in

the switch. If multiple VLANs are configured, then each filter is counted once

per VLAN in which it is used.

Interaction with Multicast Traffic/Security Filters.

9-101

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Spanning Tree Protocol (STP)

STP Features

Feature

Default

CLI

viewing the STP configuration n/a

page

9-103

page

9-105

—

enable/disable STP disabled

page

9-103

reconfiguring general operation priority: 32768 page

max age: 20 s 9-103

page

9-106

hello time: 2 s

fwd. delay: 15 s

reconfiguring per-port STP

monitoring STP

path cost: var page

page

9-107

priority: 128

mode: norm

9-103

n/a

page

10-15

page

10-15

n/a

The switch uses the IEEE 802.1D Spanning Tree Protocol (STP), when

enabled, to ensure that only one path at a time is active between any two nodes

on the network. In networks where there is more than one physical path

between any two nodes, STP ensures a single active path between them by

blocking all redundant paths. Enabling STP is necessary in such networks

because having more than one path between a pair of nodes causes loops in

the network, which can result in duplication of messages, leading to a “broad-

cast storm” that can bring down the network.

N o t e

You should enable STP in any switch that is part of a redundant physical link

(loop topology). (It is recommended that you enable STP on all switches

belonging to a loop topology.) This topic is covered in more detail under “How

STP Operates” on page 9-108.

As recommended in the IEEE 802.1Q VLAN standard, the Switches 2512 and

2524 use single-instance STP; a single spanning tree is created to make sure

there are no network loops associated with any of the connections to the

switch, regardlessofwhetherVLANsare configuredon theswitch. Thus, these

switches do not distinguish between VLANs when identifying redundant

physical links. If VLANs are configured on the switch, see “STPOperation with

802.1Q VLANs” on page 9-110.

9-102

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Spanning Tree Protocol (STP)

STP Fast Mode for Overcoming Server Access Failures. Ifanendnode

is configured to automatically access a server, the duration of the STP startup

sequence can result in a “server access failure”. On ports where this is a

problem, configuring STP Fast Mode can eliminate the failure. For more

information, see “STP Fast Mode” on page 9-109. Also, for more information

on STP, see “How STP Operates” on page 9-108.

In the factory default configuration, STP is off. If a redundant link (loop) exists

between nodes in your network, you should enable Spanning Tree.

N o t e

STP retains its current parameter settings when disabled. Thus, if you

disable STP, then later re-enable it, the parameter settings will be the same

as before STP was disabled.

C a u t i o n

Because the switch automatically gives faster links a higher priority, the

default STP parameter settings are usually adequate for spanning tree

operation. Also because incorrect STP settings can adversely affect network

performance, you should not make changes unless you have a strong under-

standing of how STP operates. For more on STP, see the IEEE 802.1D standard.

Menu: Configuring STP

1. From the Main Menu, select:

2. Switch Configuration . . .

4. Spanning Tree Operation

2. Press [E] (for Edit) to highlight the Spanning Tree Enabled parameter.

3. Press the Space bar to select Yes . (This enables STP.

9-103

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Spanning Tree Protocol (STP)

)

Read-Only Fields

Figure 9-69. Example of the STP Configuration Screen

4. If the remaining STP parameter settings are adequate for your network,

go to step 8.

5. Use[Tab]orthearrow keystoselectthe nextparameteryouwanttochange,

then type in the new value or press the Space Bar to select a value. (If you

need information on STP parameters, press [Enter] to select the Actions

line, then press H to get help.)

6. Repeat step 5 for each additional parameter you want to change.

For information on the Mode parameter, see “STP Fast Mode” on page

9-109.

7. When you are finished editing parameters, press [Enter] to return to the

Actions line.

8. Press [S] to save the currently displayed STP parameter settings, then

return to the Main Menu.

9-104

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Spanning Tree Protocol (STP)

CLI: Configuring STP

STP Commands Used in This Section

show spanning-tree config Below

spanning-tree

page 9-106

forward-delay <4 - 30>

hello-time <1 - 10>

maximum-age <6 - 40>

priority <0 - 65535>

ethernet <port-list>

page 9-106

page 9-107

path-cost <1 - 65535> page 9-107

priority <0 - 255>

page 9-107

mode <norm | fast>

show spanning tree

See “Spanning Tree Protocol (STP) Information” on page 10-15

Viewing the Current STP Configuration. Regardless of whether STP is

disabled (the default), this command lists the switch’s full STP configuration,

including general settings and port settings.

Syntax:

show spanning-tree configuration

Default:

See figure 9-70, below.

In the default configuration, STP appears as shown here:

Figure 9-70. Example of the Default STP Configuration Listing

9-105

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Spanning Tree Protocol (STP)

Enabling or Disabling STP. Enabling STP implements the spanning-tree

protocol for all physical ports on the switch, regardless of whether multiple

VLANs are configured. Disabling STP removes protection against redundant

loops that can significantly slow or halt a network.

Syntax:

[no] spanning-tree

Default: Disabled

This command enables STP with the current parameter settings or disables

STPwithouglosing the most-recently configuredparametersettings. (To learn

how the switch handles parameter changes, how to test changes without

losing the previous settings, and how to replace previous settings with new

settings, see appendix C, “Switch Memory and Configuration”.) When

enabling STP, you can also include the STP general and per-port parameters

described in the next two sections. When you use the “no” form of the

command, you can do so only to disable STP. (STP parameter settings are not

changed when you disable STP, and cannot be included with the no spanning-

tree command.

C a u t i o n

Because incorrect STP settings can adversely affect network performance,

HP recommends that you use the default STP parameter settings. You should

not change these settings unless you have a strong understanding of how STP

operates. For more on STP, see the IEEE 802.1D standard.

HP2512(config)# spanning tree

Enables STP on the switch.

Reconfiguring General STP Operation on the Switch. This command

enables STP (if it is not already enabled) and configures one or more of the

following parameters:

Table 9-10.General STP Operating Parameters

Name

Default

Range

Function

priority

32768

0 - 65535 Specifies the priority value used along with the

switch MAC address to determine which device is

root. The lower a priority value, the higher the

priority.

maximum-age 20 seconds 6 - 40

Maximum received message age the switch allows

seconds for STP information before discarding the message,

hello-time

2 seconds 1 - 10

Time between messages transmitted when the

switch is the root.

forward-delay 15 seconds 4 - 30

Time the switch waits before transitioning from the

seconds listening to the learning state, and between the

learning state to the forwarding state.

9-106

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Spanning Tree Protocol (STP)

You can also include one or more of the STP per-port parameters in this

command. See “Reconfiguring Per-Port STP Operation on the Switch” on page

9-107.

Syntax:

spanning-tree

priority <0 - 65355>

maximum-age <6 - 40 seconds>

hello-time <1 - 10 seconds>

forward-delay <4 - 30 seconds>

Default: See table 9-10, above.

For example, to enable STP with a maximum-age of 30 seconds and a hello-

time of 3 seconds:

HP2512(config)# spanning tree maximum-age 30 hello-time 3

Reconfiguring Per-Port STP Operation on the Switch. This command

enables STP (if not already enabled) and configures the following per-port

parameters:

Table 9-11.Per-Port STP Parameters

Name

Default

Range

Function

path-cost Ethernet: 100

10/100Tx: 10

1 - 65535 Assignsanindividualportcostthattheswitchuses

to determine which ports are the forwarding ports.

100 Fx:

Gigabit:

priority

mode

128

0 - 255

Used by STP to determine the port(s) to use for

forwarding. The port with the lowest number has

the highest priority.

norm

- or -

fast

Specifies whether a port progresses through the

listening, learning, and forwarding (or blocking)

states (“norm” mode) or transitions directly to the

forwarding state (“fast” mode).

(For information on when to use Fast mode, see

“STP Fast Mode” on page 9-109.)

You can also include STP general parameters in this command. See “Recon-

figuring General STP Operation on the Switch” on page 9-106.

Syntax:

spanning-tree ethernet <port-list>

path-cost <1 - 65535>

priority <0 - 255>

mode <norm | fast>

Default: See table 9-11, above.

9-107

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Spanning Tree Protocol (STP)

For example, the following enables STP (if it is not already enabled) and

configures ports 5 and 6 to a path cost of 15, a priority of 100, and fast mode:

HP2512(config)# spanning-tree ethernet 5-6 path-cost 15

priority 100 mode fast

Web: Enabling or Disabling STP

In the web browser interface you can enable or disable STP on the switch. To

configure other STP features, telnet to the switch console and use the CLI.

To enable or disable STP on the switch:

1. Click on the Configuration tab

2. Click on [Device Features].

4. Click on [Apply Changes] to implement the configuration change.

For web-based help on how to use the web browser interface screen, click on

the [?] button provided on the web browser screen.

How STP Operates

The switch automatically senses port identity and type, and automatically

defines port cost and priority for each type. The console interface allows you

to adjust the Cost and Priority for each port, as well as the Mode for each port

and the global STP parameter values for the switch.

While allowing only one active path through a network at any time, STP retains

any redundant physical path to serve as a backup (blocked) path in case the

existing active path fails. Thus, if an active path fails, STP automatically

activates (unblocks) an available backup to serve as the new active path for

as long as the original active path is down. For example:

9-108

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Spanning Tree Protocol (STP)

•

Active path from node A to node B: 1—> 3

Backup (redundant) path from node A to node B: 4 —> 2 —> 3

switch A

path cost: 100

path cost:

100

path cost: 100

switch C

path cost:200

switch B

switch D

node

Figure 9-71. Example of Redundant Paths Between Two Nodes

STP Fast Mode

For standard STP operation, when a network connection is established on a

device that is running STP, the port used for the connection goes through a

sequence of states (Listening and Learning) before getting to its final state

(Forwarding or Blocking, as determined by the STP negotiation). This

sequence takes two times the forward delay value configured for the switch.

The default is 15 seconds on HP switches, per the IEEE 802.1D standard

recommendation, resulting in a total STP negotiation time of 30 seconds. Each

switch port goes through this start-up sequence whenever the network con-

nection is established on the port. This includes, for example, when the switch

or connected device is powered up, or the network cable is connected.

A problem can arise from this long STP start-up sequence because some end

nodes are configured to automatically try to access a network server when-

ever the end node detects a network connection. Typical server access

includes to Novell servers, DHCP servers, and X terminal servers. If the server

access is attempted during the time that the switch port is negotiating its STP

state, the server access will fail. To provide support for this end node behavior,

the Switches 2512 and 2524 offer a configuration mode, called “Fast Mode”,

that causes the switch port to skip the standard STP start-up sequence and

put the port directly into the “Forwarding” state, thus allowing the server

access request to be forwarded when the end node needs it.

Ifyou encounterendnodes thatrepeatedly indicateserveraccess failure when

attempting to bring up their network connection, and you have enabled STP

on the switch, try changing the configuration of the switch ports associated

with those end nodes to STP Fast Mode.

9-109

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Spanning Tree Protocol (STP)

C a u t i o n

The Fast Mode configuration should be used only on switch ports connected

toendnodes. Changingthe ModetoFastonportsconnected tohubs, switches,

or routers may cause loops in your network that STP may not be able to

immediately detect, in all cases. This will cause temporary loops in your

network. After the fast start-up sequence, though, the switch ports operate

according to the STP standard, and will adjust their state to eliminate continu-

ing network loops.

To Configure Fast Mode for a Switch Port:

In the CLI, use this command: spanning tree mode <port list> fast

For example, to configure Fast mode for ports 1-3 and 5:

HP2512(config)# spanning-tree ethernet 1-3,5 mode fast

In the menu interface, go to the Main Menu and follow the steps under

“Menu: Configuring STP” on page 9-103.

STP Operation with 802.1Q VLANs

As recommended in the IEEE 802.1Q VLAN standard, when spanning tree is

enabled on the switch, a single spanning tree is configured for all ports across

the switch, including those in separate VLANs. This means that if redundant

physical links exist in separate VLANs, spanning tree will block all but one of

those links. However, if you need to use STP on the Switch 2512 or Switch

2524 in a VLAN environment with redundant physical links, you can prevent

blocked redundant links by using a port trunk. The following example shows

how you can use a port trunk with 802.1Q (tagged) VLANs and STP without

unnecessarily blocking any links or losing any bandwidth.

9-110

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Spanning Tree Protocol (STP)

Problem:

Solution:

STP enabled with

one trunked link.

STP enabled with 2

separate (non-trunked)

links blocks a VLAN link.

Nodes 1 and 2 can communicate

because STP sees the trunk as a

single link and 802.1Q (tagged) VLANs

enable the use of one (trunked) link

for both VLANs.

Nodes 1 and 2 cannot

communicate because

STP is blocking the link.

Figure 9-72. Example of Using a Trunked Link with STP and VLANs

For more information, refer to “Spanning Tree Protocol Operation with

VLANs” on page 9-73.

9-111

Download from Www.Somanuals.com. All Manuals Search And Download.

Configuring Advanced Features

Spanning Tree Protocol (STP)

9-112

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2

Status and Counters Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3

Menu Access To Status and Counters . . . . . . . . . . . . . . . . . . . . . . . . . 10-4

General System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5

Menu Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5

CLI Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5

Switch Management Address Information . . . . . . . . . . . . . . . . . . . . . . 10-6

Menu Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6

CLI Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6

Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-7

Menu: Displaying Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-7

CLI Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-7

Web Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-7

Viewing Port and Trunk Group Statistics . . . . . . . . . . . . . . . . . . . . . . 10-8

Menu Access to Port and Trunk Statistics . . . . . . . . . . . . . . . . . . 10-9

CLI Access To Port and Trunk Group Statistics . . . . . . . . . . . . 10-10

Web Browser Access To View Port and Trunk

Group Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-10

Viewing the Switch’s MAC Address Tables . . . . . . . . . . . . . . . . . . . . 10-11

Menu Access to the MAC Address Views and Searches . . . . . . 10-12

CLI Access for MAC Address Views and Searches . . . . . . . . . . 10-14

Spanning Tree Protocol (STP) Information . . . . . . . . . . . . . . . . . . . . 10-15

Menu Access to STP Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-15

CLI Access to STP Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-16

Internet Group Management Protocol (IGMP) Status . . . . . . . . . . . 10-17

VLAN Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-18

Web Browser Interface Status Information . . . . . . . . . . . . . . . . . . . .10- 20

Port Monitoring Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-21

Menu: Configuring Port Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . 10-22

CLI: Configuring Port Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-24

Web: Configuring Port Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-26

10-1

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Overview

The Series 2500 switches have several built-in tools for monitoring, analyzing,

and troubleshooting switch and network operation:

Status: Includes options for displaying general switch information, man-

agement address data, port status, MAC addresses detected on each port,

and STP, IGMP, and VLAN data.

Counters: Display details of traffic volume on individual ports.

Event Log: Lists switch operating events.

Alert Log: Lists network occurrences detected by the switch (in the

Status | Overview screen of the web browser interface).

Configurable trap receivers: Uses SNMP to enable management sta-

tions on your network to receive SNMP traps from the switch.

Port or VLAN monitoring (mirroring): Copy all traffic from the spec-

ified ports or VLAN to a designated monitoring port.

N o t e

Link test, ping test, browse configuration, and the Command prompt—analysis

tools in troubleshooting situations—are described in chapter 8, “Troubleshoot-

ing”. See “Diagnostic Tools” on page 14.

10-2

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Status and Counters Data

This section describes the status and counters screens available through the

switch console interface and/or the web browser interface.

N o t e

You can access all console screens from the web browser interface via Telnet

to the console. Telnet access to the switch is available in the Device View

window under the Configuration tab.

Status or Counters Type

Interface

Purpose

Page

10-4

Menu Access to Status and Menu

Counters

Access menu interface for status and counter data.

General System Information Menu, CLI Lists switch-level operating information.

10-5

10-6

Management Address

Information

Menu, CLI Lists the MAC address, IP address, and IPX network number for

each VLAN or, if no VLANs are configured, for the switch.

Port Status

Menu, CLI, Displays the operational status of each port.

Web

10-7

10-8

Port and Trunk Statistics

Menu, CLI, Summarizes port activity.

Web

Address Table

(Address Forwarding Table)

Menu, CLI Lists the MAC addresses of nodes the switch has detected on the

network, with the corresponding switch port.

10-11

Port Address Table

STP Information

IGMP Status

Menu, CLI Lists the MAC addresses that the switch has learned from the

selected port.

10-11

10-15

10-17

10-18

10-20

Menu, CLI Lists Spanning Tree Protocol data for the switch and for individual

ports. If VLANs are configured, reports on a per-VLAN basis.

Menu, CLI Lists IGMP groups, reports, queries, and port on which querier is

located.

VLAN Information

Port Status Overview

Menu, CLI For each VLAN configured in the switch, lists 802.1Q VLAN ID and

up/down status.

Web

Shows port utilization and the Alert Log.

10-3

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Status and Counters Data

Menu Access To Status and Counters

Beginning at the Main Menu, display the Status and Counters menu by select-

ing:

1. Status and Counters

Figure 10-1. The Status and Counters Menu

Each of the above menu items accesses the read-only screens described on

the following pages. Refer to the online help for a description of the entries

displayed in these screens.

10-4

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Status and Counters Data

General System Information

Menu Access

From the console Main Menu, select:

1. Status and Counters

1. General System Information

Figure 10-2. Example of General Switch Information

This screen dynamically indicates how individual switch resources are being

used. See the online Help for details.

CLI Access

Syntax:

show system-information

10-5

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Status and Counters Data

Switch Management Address Information

Menu Access

From the Main Menu, select:

1 Status and Counters . . .

2. Switch Management Address Information

Figure 10-3. Example of Management Address Information with VLANs Configured

This screen displays addresses that are important for management of the

switch. If multiple VLANs are not configured, this screen displays a single IP

address for the entire switch. See the online Help for details.

CLI Access

Syntax:

show management

10-6

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Status and Counters Data

Port Status

The web browser interface and the console interface show the same port

status data.

Menu: Displaying Port Status

From the Main Menu, select:

1. Status and Counters . . .3. Port Status

Figure 10-4. Example of Port Status on the Menu Interface

CLI Access

Syntax:

show interfaces

Web Access

1. Click on the Status tab.

2. Click on [Port Status].

10-7

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Status and Counters Data

Viewing Port and Trunk Group Statistics

Feature

Default

CLI

Web

viewing port and trunk statistics n/a

for all ports

page 10-9 page 10-10 page 10-10

viewing a detailed summary for a n/a

particular port or trunk

resetting counters

n/a

These features enable you to determine the traffic patterns for each port since

the last reboot or reset of the switch. You can display:

A general report of traffic on all LAN ports and trunk groups in the switch

A detailed summary of traffic on a selected port or trunk group.

You can also reset the counters for a specific port.

The menu interface and the web browser interface provide a dynamic display

of counters summarizing the traffic on each port. The CLI lets you see a static

“snapshot” of port or trunk group statistics at a particular moment.

As mentioned above, rebooting or resetting the switch resets the counters to

zero. You can also reset the counters to zero for the current session. This is

useful for troubleshooting. See the “Note On Reset”, below.

N o t e o n R e s e t

The Reset action resets the counter display to zero for the current session,

but does not affect the cumulative values in the actual hardware counters. (In

compliance with the SNMP standard, the values in the hardware counters are

not reset to zero unless you reboot the switch.) Thus, using the Reset action

resets the displayed counters to zero for the current session only. Exiting from

the console session and starting a new session restores the counter displays

to the accumulated values in the hardware counters.

10-8

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Status and Counters Data

Menu Access to Port and Trunk Statistics

To access this screen from the Main Menu, select:

1. Status and Counters . . .

4. Port Counters

Figure 10-5. Example of Port Counters on the Menu Interface

Toviewdetailsaboutthetrafficonaparticularport, usethe [ v] keytohighlight

that port number, then select Show Details. For example, selecting port 2

displays a screen similar to figure 10-6, below.

Figure 10-6. Example of the Display for Show details on a Selected Port

This screen also includes the Reset action for the current session. (See the

“Note on Reset” on page 10-8.)

10-9

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Status and Counters Data

CLI Access To Port and Trunk Group Statistics

To Display the Port Counter Summary Report. Thiscommand provides

an overview of port activity for all ports on the switch.

Syntax:

show statistics

To Display a Detailed Traffic Summary for a Specific Port. This com-

mand provides traffic details for the port you specify.

Syntax:

show statistics <port-number>

To Reset the Port Counters for a Specific Port. This command resets

the counters for the specified ports to zero for the current session. (See the

“Note on Reset” on page 10-8.)

Syntax:

clear statistics <[ethernet] port-list>

Web Browser Access To View Port and Trunk Group Statistics

1. Click on the Status tab.

2. Click on [Port Counters].

3. To reset the counters for a specific port, click anywhere in the row for

that port, then click on [Refresh].

10-10

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Status and Counters Data

Viewing the Switch’s MAC Address Tables

Feature

Default

CLI

Web

viewing MAC addresses on all

ports

n/a

page 10-12 page 10-14

viewing MAC addresses on a

specific port

n/a

page 10-13 page 10-14

—

viewing MAC addresses on a

specific VLAN

—

page 10-14

searching for a MAC address

page 10-13 page 10-14

These features help you to view:

The MAC addresses that the switch has learned from network devices

attached to the switch

The port on which each MAC address was learned

10-11

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Status and Counters Data

Menu Access to the MAC Address Views and Searches

Switch-Level MAC-Address Viewing and Searching. This feature lets

you determine which switch port is being used to communicate with a specific

device on the network. The listing includes:

The MAC addresses that the switch has learned from network devices

attached to the switch

The port on which each MAC address was learned

From the Main Menu, select:

1. Status and Counters

5. Address Table

Figure 10-7. Example of the Address Table (Switch 4000M)

To page through the listing, use Next page and Prev page.

Identifying the Port Connection for a Specific Device. This feature

uses a device’s MAC address that you enter to identify the port used by that

device.

1. Proceeding from figure 10-10-7, press [S] (for Search), to display the

following prompt:

Enter MAC address: _

10-12

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Status and Counters Data

2. Type the MAC address you want to locate and press [Enter]. The address

and port number are highlighted if found. If the switch does not find the

address, it leaves the MAC address listing empty.

Located MAC

Address and

Corresponding

Port Number

Figure 10-8. Example of Menu Indicating Located MAC Address

Port-Level MAC Address Viewing and Searching. This feature displays

and searches for MAC addresses on the specified port instead of for all ports

on the switch.

1. From the Main Menu, select:

1. Status and Counters

6. Port Address Table

Prompt for Selecting

the Port To Search

Figure 10-9. Listing MAC Addresses for a Specific Port

2. Use the Space bar to select the port you want to list or search for MAC

addresses,thenpress[Enter]tolisttheMACaddressesdetectedonthatport.

Determining Whether a Specific Device Is Connected to the Selected

Port. Proceeding from step 2, above:

1. Press [S] (for Search), to display the following prompt:

10-13

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Status and Counters Data

Enter MAC address: _

2. Type the MAC address you want to locate and press [Enter]. The address is

highlighted if found. If the switch does not find the address, it leaves the

MAC address listing empty.

CLI Access for MAC Address Views and Searches

Syntax:

show mac-address

[vlan <vlan-id>]

[ethernet]<port-list>]

[<mac-addr>]

To List All Learned MAC Addresses on the Switch, with The Port

Number on Which Each MAC Address Was Learned.

HP2512> show mac-address

To List All Learned MAC Addresses on one or more ports, with Their

Corresponding Port Numbers.

For example, to list the learned MAC

address on ports 1 through 5 and port 7:

HP2512> show mac-address 1-5,7

To List All Learned MAC Addresses on a VLAN, with Their Port

Numbers. This command lists the MAC addresses associated with the ports

for a given VLAN. For example:

HP2512> show mac-address vlan 100

N o t e

The Series 2500 switches have a Single Forwarding Database architecture.

This means the switches have only a single MAC address table, and not a

separate MAC address table per VLAN.

To Find the Port On Which the Switch Learned a Specific MAC

Address. For example, to find the port on which the switch learns a MAC

address of 0060b0-889e00:

HP2512> show mac-address 0060b0-889e00

10-14

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Status and Counters Data

Spanning Tree Protocol (STP) Information

Menu Access to STP Data

From the Main Menu, select:

1. Status and Counters . . .

7. Spanning Tree Information

STP must be enabled on the switch to display the following data:

Figure 10-10.Example of Spanning Tree Information

Use this screen to determine current switch-level STP parameter settings and

statistics.

You can use the Show ports action at the bottom of the screen to display port-

level information and parameter settings for each port in the switch (including

port type, cost, priority, operating state, and designated bridge) as shown in

figure 10-10-11.

10-15

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Status and Counters Data

Figure 10-11.Example of STP Port Information

CLI Access to STP Data

This option lists the STP configuration, root data, and per-port data (cost,

priority, state, and designated bridge).

Syntax:

show spanning-tree

HP2512> show spanning-tree

10-16

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Status and Counters Data

Internet Group Management Protocol (IGMP) Status

The switch uses the CLI to display the following IGMP status on a per-VLAN

basis:

Show Command

Output

show ip igmp

GlobalcommandlistingIGMPstatusforallVLANsconfigured

in the switch:

•

VLAN ID (VID) and name

Active group addresses per VLAN

Number of report and query packets per group

Querier access port per VLAN

show ip igmp <vlan-id>

Per-VLAN command listing above IGMP status for specified

VLAN (VID)

show ip igmp group <ip-addr> Lists the ports currently participating in the specified group,

with port type, Access type, Age Timer data and Leave Timer

data.

For example, suppose that show ip igmp listed an IGMP group address of

224.0.1.22. You could get additional data on that group by executing the

following:

Figure 10-12.Example of IGMP Group Data

10-17

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Status and Counters Data

VLAN Information

The switch uses the CLI to display the following VLAN status:

Show Command

Output

show vlan

Lists:

•

Maximum number of VLANs to support

Existing VLANs

Status (static or dynamic)

Primary VLAN

show vlan <vlan-id>

For the specified VLAN, lists:

•

Name, VID, and status (static/dynamic)

Per-Port mode (tagged, untagged, forbid, no/auto)

“Unknown VLAN” setting (Learn, Block, Disable)

Port status (up/down)

For example, suppose that your switch has the following VLANs:

Ports VLAN

VID

1 - 12

DEFAULT_VLAN

1, 2

3, 4

VLAN-33

VLAN-44

The next three figures show how you could list data on the above VLANs.

Listing the VLAN ID (VID) and Status for ALL VLANs in the Switch.

Figure 10-13.Example of VLAN Listing for the Entire Switch

10-18

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Status and Counters Data

Listing the VLAN ID (VID) and Status for Specific Ports.

Because ports 1 and

2 are not members of

VLAN-44, it does not

appear in this listing.

Figure 10-14.Example of VLAN Listing for Specific Ports

Listing Individual VLAN Status.

10-19

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Status and Counters Data

Web Browser Interface Status Information

The “home” screen for the web browser interface is the Status Overview

screen, as shown below. As the title implies, it provides an overview of the

status of the switch, including summary graphs indicating the network utili-

zation on each of the switch ports, symbolic port status indicators, and the

Alert Log, which informs you of any problems that may have occurred on the

switch.

For more information on this screen, see chapter 4, “Using the HP Web

Browser Interface”.

Port

Utilization

Graphs

PortStatus

Indicators

Alert Log

Figure 10-15.Example of a Web Browser Interface Status Overview Screen

10-20

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Port Monitoring Features

Feature

Default

CLI

Web

display monitoring

configuration

disabled

page 10-22 page 10-24 page 10-26

configure the monitorport(s) ports: none

or VLAN

page 10-22 page 10-25 page 10-26

VLANs: DEFAULT_VLAN

selecting or removing ports none selected

or VLANs

page 10-22 page 10-25 page 10-26

You can designate a port for monitoring traffic of one or more other ports or

of a single VLAN configured on the switch. The switch monitors the network

activity by copying all traffic from the specified monitoring sources (ports or

VLAN) to the designated monitoring port, to which a network analyzer can be

attached.

N o t e

Port trunk groups cannot be used as a monitoring port.

It is possible, when monitoring multiple ports in networks with high traffic

levels, to copy more traffic to a monitor port than the link can support. In this

case, some packets may not be copied to the monitor port.

10-21

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Port Monitoring Features

Menu: Configuring Port Monitoring

This procedure describes configuring the switch for monitoring when moni-

toring is disabled. (If monitoring has already been enabled, the screens will

appear differently than shown in this procedure.)

1. From the Console Main Menu, Select:

2. Switch Configuration...

3. Network Monitoring Port

Enable monitoring

by setting this

parameter to “Yes”.

Figure 10-16. The Default Network Monitoring Configuration Screen

2. In the Actions menu, press [E] (for Edit).

3. If monitoring is currently disabled (the default) then enable it by pressing

the Space bar (or [Y]) to select Yes.

4. Press the downarrow key to display a screen similar to the following and

move the cursor to the Monitoring Port parameter.

10-22

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Port Monitoring Features

Move the cursor to the

Monitoring Port parameter.

Figure 10-17. How To Select a Monitoring Port

5. Use the Space bar to select the port to use for monitoring, then press the

downarrow key to select the Monitor parameter. (The default setting is

Ports, which you will use if you want to monitor one or more individual

ports on the switch.)

6. Do one of the following:

•

To monitor individual ports:

i. Leave the Monitor parameter set to Ports and press the downar-

row key to move the cursor to the Action column for the individ-

ual ports.

ii. Press the Space bar to select Monitor for each port that you want

monitored. (Use the downarrow key to move from one port to the

next in the Action column.)

iii. Press [Enter], then press [S] (for Save) to save your changes and

exit from the screen.

•

To monitor all ports in a VLAN:

i. Press the Space bar to select VLAN in the Monitor parameter,.

ii. Press the downarrow keyto move to the VLAN parameter (figure

10-18 on page page 10-24).

iii. Press the Space bar again to select the VLAN that you want to

monitor.

10-23

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Port Monitoring Features

iv. Press [Enter], then press [S] (for Save) to save your changes and

exit from the screen.

Note: This screen

appears instead of the

one in figure 10-17 if the

Monitorparameterisset

to VLAN

Example of a VLAN

Monitoring Parameter

Figure 10-18.Example of Selecting a VLAN to Monitor

7. Return to the Main Menu.

CLI: Configuring Port Monitoring

Port Monitoring Commands Used in This Section

show mirror-port

mirror-port

monitor (VLAN)

monitor (Port)

below

page 10-25

You must use the following configuration sequence to configure port monitor-

ing in the CLI:

1. Assign a monitoring (mirror) port.

2. Designate the port(s) and/or a VLAN to monitor.

Displaying the Port Monitoring Configuration. This command lists the

port assigned to receive monitored traffic and the ports being monitored.

Syntax:

show mirror-port

For example, if you assign port 12 as the monitoring port and configure the

switch to monitor ports 1 - 3, show mirror-port displays the following:

10-24

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Port Monitoring Features

Port receiving monitored traffic.

Monitored Ports

Figure 10-19.Example of Monitored Port Listing

Configuring the Monitor Port. This command assigns or removes a mon-

itoring port, and must be executed from the global configuration level. Remov-

ing the monitor port disables port monitoring and resets the monitoring

parameters to their factory-default settings.

Syntax:

[no] mirror-port [<port-num>]

For example, to assign port 12 as the monitoring port:

HP2512(config)# mirror-port 12

To turn off port monitoring:

HP2512(config)# no mirror-port

Selecting or Removing Ports or VLANs As Monitoring Sources. After

you configure a monitor port you can use either the global configuration level

or the interface context level to select ports or VLANs as monitoring sources.

You can also use either level to remove monitoring sources.

Syntax:

[no] monitor [vlan <vlan-id> | interface ethernet <port-list>]

For example, with a monitoring (mirror) port configured (above), you could

select ports 1 and 2 for monitoring:

From the global config level, selects ports

or VLAN as monitoring sources.

From the interface or VLAN context level,

selects the ports or VLAN as monitoring

sources.

Figure 10-20.Examples of Selecting Ports and VLANs as Monitoring Sources

10-25

Download from Www.Somanuals.com. All Manuals Search And Download.

Monitoring and Analyzing Switch Operation

Port Monitoring Features

From the global config level, removes

ports or VLAN as monitoring sources.

From the interface or VLAN context level,

removes the ports or VLAN as monitoring

sources.

Figure 10-21.Examples of Removing Ports and VLANs as Monitoring Sources

Web: Configuring Port Monitoring

To enable port monitoring:

1. Click on the Configuration tab.

2. Click on [Monitor Port].

3. Do either of the following:

•

To monitor a VLAN:

i. Click on the radio button for Monitor 1 VLAN.

ii. Select the VLAN to monitor.

•

To monitor one or more ports.

i. Click on the radio button for Monitor Selected Ports.

ii. Select the port(s) to monitor.

4. Click on [Apply Changes].

To remove port monitoring:

1. Click on the Monitoring Off radio button.

2. Click on [Apply Changes].

For web-based Help on how to use the web browser interface screen, click on

the [?] button provided on the web browser screen.

10-26

Download from Www.Somanuals.com. All Manuals Search And Download.

Troubleshooting

Troubleshooting Approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2

Browser or Console Access Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 11-4

Unusual Network Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-6

General Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-6

IGMP-Related Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-7

Timep or Gateway Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-8

VLAN-Related Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-9

Using the Event Log To Identify Problem Sources . . . . . . . . . . . . . 11-11

Menu: Entering and Navigating in the Event Log . . . . . . . . . . . . . . . 11-12

CLI: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-13

Diagnostic Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-14

Ping and Link Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-14

Web: Executing Ping or Link Tests . . . . . . . . . . . . . . . . . . . . . . . 11-15

CLI: Ping or Link Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-16

Displaying the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-18

CLI: Viewing the Configuration File . . . . . . . . . . . . . . . . . . . . . . 11-18

Web: Viewing the Configuration File . . . . . . . . . . . . . . . . . . . . . . 11-18

CLI Administrative and Troubleshooting Commands . . . . . . . . . . . 11-19

Restoring the Factory-Default Configuration . . . . . . . . . . . . . . . . . 11-20

CLI: Resetting to the Factory-Default Configuration . . . . . . . . 11-20

Clear/Reset: Resetting to the Factory-Default Configuration . 11-20

11-1

Download from Www.Somanuals.com. All Manuals Search And Download.

Troubleshooting

Overview

This chapter addresses performance-related network problems that can be

caused by topology, switch configuration, and the effects of other devices or

their configurations on switch operation. (For switch-specific information on

hardware problems indicated by LED behavior, cabling requirements, and

other potential hardware-related problems, refer to the installation guide you

received with the switch.)

This chapter includes:

Troubleshooting Approaches (page 11-3)

Browser or Console Interface Problems (page 11-4)

Unusual Network Activity (page 11-6)

•

General Problems (page 11-6)

IGMP-Related Problems (page 11-7)

Spanning Tree Protocol (STP) Related Problems (page 11-8)

VLAN-Related Problems (page 11-9)

Using the Event Log To Identify Problem Sources (page 11-11)

Diagnostics and management tools (page 11-14), including:

•

Link test (page 11-14)

Ping test (page 11-15)

Browse configuration (page 11-18)

Command prompt (page 11-13)

Restoring the factory default configuration (page 11-20)

For information on support and warranty provisions, see the Support and

Warranty booklet shipped with the switch.

11-2

Download from Www.Somanuals.com. All Manuals Search And Download.

Troubleshooting

Troubleshooting Approaches

Use these approaches to diagnose switch problems:

Check the switch LEDs for indications of proper switch operation:

•

Each switch port has a Link LED that should light whenever an active

network device is connected to the port.

•

Problems with the switch hardware and software are indicated by

flashing the Fault and other switch LEDs.

See the Installation Guide shipped with the switch for a description

of the LED behavior and information on using the LEDs for trouble-

shooting.

Check the network topology/installation. See the Installation Guide

shipped with the switch for topology information.

Check cables for damage, correct type, and proper connections. See the

Installation Guide shipped with the switch for correct cable types and

connector pin-outs.

Use HP TopTools for Hubs & Switches (if installed on your network) to

help isolate problems and recommend solutions. HP TopTools is shipped

at no extra cost with the switch.

Use the Port Utilization Graph and Alert Log in the web browser interface

included in the switch to help isolate problems. See chapter 3, “Using the

HP Web Browser Interface” for operating information. These tools are

available through the web browser interface:

•

Port Utilization Graph

Alert Log

Port Status and Port Counters screens

Diagnostic tools (Link test, Ping test, configuration file browser)

For help in isolating problems, use the easy-to-access switch console built

into the switch or Telnet to the switch console. See chapter 4, “Using the

Switch Console Interface” for operating information. These tools are

available through the switch console

•

Status and Counters screens

Event Log

Diagnostics tools (Link test, Ping test, configuration file browser, and

advanced user commands)

11-3

Download from Www.Somanuals.com. All Manuals Search And Download.

Troubleshooting

Browser or Console Access Problems

Cannot access the web browser interface:

Access may be disabled by the Web Agent Enabled parameter in the switch

console. Check the setting on this parameter by selecting:

2. Switch Configuration . . .

1. System Information

The switch may not have the correct IP address, subnet mask or gateway.

Verify by connecting a console to the switch’s Console port and selecting:

2. Switch Configuration . . .

1. IP Configuration

Note: If DHCP/Bootp is used to configure the switch, the IP addressing

can be verified by selecting:

1. Status and Counters . . .

2. Switch Management Address Information

also check the DHCP/Bootp server configuration to verify correct IP

addressing.

If you are using DHCP to acquire the IP address for the switch, the IP

address “lease time ” may have expired so that the IP address has changed.

For more information on how to “reserve” an IP address, refer to the

documentation for the DHCP application that you are using.

If one or more IP-Authorized managers are configured, the switch allows

web browser access only to a device having an authorized IP address. For

more information on IP Authorized managers, see “Using IP Authorized

Managers” on page 30.

Java™ applets may not be running on the web browser. They are required

for the switch web browser interface to operate correctly. See the online

Help on your web browser for how to run the Java applets.

11-4

Download from Www.Somanuals.com. All Manuals Search And Download.

Troubleshooting

Browser or Console Access Problems

Cannot Telnet into the switch console from a station on the network:

Telnet access may be disabled by the Inbound Telnet Enabled parameter in

the System Information screen of the menu interface:

2. Switch Configuration

1. System Information

The switch may not have the correct IP address, subnet mask, or gateway.

Verify by connecting a console to the switch’s Console port and selecting:

2. Switch Configuration

5. IP Configuration

Note:If DHCP/Bootp is used to configure the switch, see the Note, above.

If you are using DHCP to acquire the IP address for the switch, the IP

address “lease time” may have expired so that the IP address has changed.

For more information on how to “reserve” an IP address, refer to the

documentation for the DHCP application that you are using.

If one or more IP-Authorized managers are configured, the switch allows

inbound telnet access only to a device having an authorized IP address.

For more information on IP Authorized managers, see “Enhancing Secu-

rity By Configuring Authorized IP Managers” on page “Using IP Autho-

rized Managers” on page 30.

11-5

Download from Www.Somanuals.com. All Manuals Search And Download.

Troubleshooting

Unusual Network Activity

Network activity that exceeds accepted norms may indicate a hardware

problem with one or more of the network components, possibly including the

switch. Unusual network activity is usually indicated by the LEDs on the front

of the switch or measured with the switch console interface or with a network

management tool such as the HP TopTools for Hubs & Switches. Refer to the

Installation Guide you received with the switch for information on using

LEDs to identify unusual network activity.

A topology loop can also cause excessive network activity. The event log "FFI"

messages can be indicative of this type of problem.

General Problems

The network runs slow; processes fail; users cannot access servers or

other devices. Broadcast storms may be occurring in the network. These

may be due to redundant links between nodes.

•

If you are configuring a port trunk, finish configuring the ports in the

trunk before connecting the related cables. Otherwise you may inad-

vertently create a number of redundant links (i.e. topology loops)

that will cause broadcast storms.

•

Turn on Spanning Tree Protocol to block redundant links (i.e. topol-

ogy loops)

Check for FFI messages in the Event Log.

Duplicate IP Addresses. This is indicated by this Event Log message:

ip: Invalid ARP source: IP address on IP address

where: both instances of IP address are the same address, indicating the

switch’s IP address has been duplicated somewhere on the network.

Duplicate IP Addresses in a DHCP Network. If you use a DHCP server

to assign IP addresses in your network and you find a device with a valid IP

addressthatdoesnotappeartocommunicateproperlywiththe serveror other

devices, a duplicate IP address may have been issued by the server. This can

occur if a client has not released a DHCP-assigned IP address after the

intendedexpiration time andthe server “leases”the addresstoanother device.

This can also happen, for example, if the server is first configured to issue IP

addresseswith an unlimited duration, then is subsequently configured to issue

11-6

Download from Www.Somanuals.com. All Manuals Search And Download.

Troubleshooting

Unusual Network Activity

IP addresses that will expire after a limited duration. One solution is to

configure “reservations” in the DHCP server for specific IP addresses to be

assigned to devices having specific MAC addresses. For more information,

refer to the documentation for the DHCP server.

One indication of a duplicate IP address in a DHCP network is this Event Log

message:

ip: Invalid ARP source: IP address on IP address

where: both instances of IP address are the same address, indicating the

IP address that has been duplicated somewhere on the network.

The Switch Has Been Configured for DHCP/Bootp Operation, But Has

Not Received a DHCP or Bootp Reply. When the switch is first config-

ured for DHCP/Bootp operation, or if it is rebooted with this configuration, it

immediately beginssending request packetson thenetwork. If theswitchdoes

not receive a reply to its DHCP/Bootp requests, it continues to periodically

send requestpackets, but withdecreasing frequency. Thus, if a DHCPor Bootp

server is not available or accessible to the switch when DHCP/Bootp is first

configured, the switch may not immediately receive the desired configuration.

After verifying that the server has become accessible to the switch, reboot the

switch to re-start the process.

IGMP-Related Problems

IP Multicast (IGMP) Traffic That Is Directed By IGMP Does Not Reach

IGMP Hosts or a Multicast Router Connected to a Port. IGMP must

be enabled on the switch and the affected port must be configured for “Auto”

or “Forward” operation.

IP Multicast Traffic Floods Out All Ports; IGMP Does Not Appear To

Filter Traffic. TheIGMPfeature doesnotoperate iftheswitchorVLANdoes

not have an IPaddressconfiguredmanually orobtained throughDHCP/Bootp.

To verify whether an IPaddress is configured for the switch or VLAN, do either

of the following:

Try Using the Web Browser Interface: If you can access the web

browser interface, then an IP address is configured.

Try To Telnet to the Switch Console: If you can Telnet to the switch,

then an IP address is configured.

Using the Switch Console Interface: From the Main Menu, check the

Management Address Information screen by clicking on

1. Status and Counters

2. Switch Management Address Information

11-7

Download from Www.Somanuals.com. All Manuals Search And Download.

Troubleshooting

Unusual Network Activity

Problems Related to Spanning-Tree Protocol (STP)

C a u t i o n

If you enable STP, it is recommended that you leave the remainder of the STP

parameter settings at their default values until you have had an opportunity

to evaluate STP performance in your network. Because incorrect STP settings

can adversely affect network performance, you should avoid making changes

without having a strong understanding of how STP operates. To learn the

details of STP operation, refer to the IEEE 802.1d standard.

Broadcast Storms Appearing in the Network. This can occur when

there are physical loops (redundant links) in the topology.Where this exists,

you should enable STP on all bridging devices in the topology in order for the

loop to be detected.

STP Blocks a Link in a VLAN Even Though There Are No Redundant

Links in that VLAN. In 802.1Q-compliant switches such as the Switch 2512

and Switch 2524, STP blocks redundant physical links even if they are in

separate VLANs. A solution is to use only one, multiple-VLAN (tagged) link

between the devices. Also, if ports are available, you can improve the band-

width in this situation by using a port trunk. See "STP Operation with 802.1Q

VLANs" on page 9-110.

Stacking-Related Problems

The Stack Commander Cannot Locate any Candidates. Stacking oper-

ates on the primary VLAN, which in the default configuration is the

DEFAULT_VLAN. However, if another VLAN has been configured as the

primary VLAN, and the Commander is not on the primary VLAN, then the

Commander will not detect Candidates on the primary VLAN.

Timep or Gateway Problems

The Switch Cannot Find the Timep Server or the Configured

Gateway . Timep and Gateway access are through the primary VLAN, which

in the default configuration is the DEFAULT_VLAN. If the primary VLAN has

been moved to another VLAN, it may be disabled or does not have ports

assigned to it.

11-8

Download from Www.Somanuals.com. All Manuals Search And Download.

Troubleshooting

Unusual Network Activity

VLAN-Related Problems

Monitor Port. When using the monitor port in a multiple VLAN environ-

ment, it can be useful to know how broadcast, multicast, and unicast traffic

is tagged. The following table describes the tagging to expect.

Within Same

Tagged VLAN

Within Same

Outside of

Untagged Monitor

Port VLAN

Untagged VLAN Tagged Monitor

as Monitor Port as Monitor Port Port VLAN

Broadcast

Multicast

Tagged

Untagged

Unicast Flood Tagged

Unicast Not Untagged

to Monitor

Port

Unicast to

Monitor Port

Tagged

Untagged

N/A—Dropped

None of the devices assigned to one or more VLANs on an 802.1Q-

compliant switch are being recognized. Ifmultiple VLANsare beingused

on ports connecting 802.1Q-compliant devices, inconsistent VLAN IDs may

have been assigned to one or more VLANs. For a given VLAN, the same VLAN

ID must be used on all connected 802.1Q-compliant devices.

Link Configured for Multiple VLANs Does Not Support Traffic for One

or More VLANs. One or more VLANs may not be properly configured as

“Tagged” or “Untagged”. A VLAN assigned to a port connecting two 802.1Q-

compliant devices must be configured the same on both ports. For example,

VLAN_1 and VLAN_2 use the same link between switch “X” and switch “Y”.

Link supporting VLAN_1

and VLAN_2

Switch “Y”

Port Y- 7

Switch “X”

Port X-3

VLAN Port Assignment

Port VLAN_1 VLAN_2

X-3 Untagged Tagged

VLAN Port Assignment

Port VLAN_1 VLAN_2

Y-7 Untagged Tagged

Figure 11-1. Example of Correct VLAN Port Assignments on a Link

11-9

Download from Www.Somanuals.com. All Manuals Search And Download.

Troubleshooting

Unusual Network Activity

1. If VLAN_1 (VID=1) is configured as “Untagged” on port 3 on switch “X”,

then it must also be configured as “Untagged” on port 7 on switch “Y”.

Make sure that the VLAN ID (VID) is the same on both switches.

2. Similarly, if VLAN_2 (VID=2) is configured as “Tagged on the link port on

switch “A”, then it must also be configured as “Tagged” on the link port

on switch “B”. Make sure that the VLAN ID (VID) is the same on both

switches.

Duplicate MAC Addresses Across VLANs. Duplicate MAC addresses on

different VLANs are not supported and can cause VLAN operating problems.

There are no explicit events or statistics to indicate the presence of duplicate

MAC addresses in a VLAN environment. However, one symptom that may

occur is that a duplicate MAC address can appear in the Port Address Table

of one port, and then later appear on another port. (This can also occur in a

LAN where there are redundant paths between nodes and Spanning Tree is

turned off.) For more information, refer to “VLAN Restrictions” on page 9-75.

11-10

Download from Www.Somanuals.com. All Manuals Search And Download.

Troubleshooting

Using the Event Log To Identify Problem Sources

Using the Event Log To Identify Problem

Sources

The Event Log records operating events as single-line entries listed in chrono-

logical order, and serves as a tool for isolating problems. Each Event Log entry

is composed of five fields:

Severity

Date

Time

System Module

Event Message

08/05/98

10:52:32

ports: port 1 enabled

Severity is one of the following codes:

(information) indicates routine events.

(warning) indicates that a service has behaved unexpectedly.

(critical) indicates that a severe switch error has occurred.

(debug) reserved for HP internal diagnostic information.

Date is the date in mm/dd/yy format that the entry was placed in the log.

Time is the time in hh:mm:ss format that the entry was placed in the log.

System Module is the internal module (such as “ports” for port manager) that

generated the log entry. If VLANs are configured, then a VLAN name also

appears for an event that is specific to an individual VLAN. Table 11-1 on page

11-12 lists the individual modules.

Event Message is a brief description of the operating event.

The event log holds up to 1000 lines in chronological order, from the oldest to

the newest. Each line consists of one complete event message. Once the log

has received 1000 entries, it discards the current oldest line each time a new

line is received. The event log window contains 14 log entry lines and can be

positioned to any location in the log.

The event log will be erased if power to the switch is interrupted.

(The event log is not erased by using the Reboot Switch command in the Main

Menu.)

11-11

Download from Www.Somanuals.com. All Manuals Search And Download.

Troubleshooting

Using the Event Log To Identify Problem Sources

Table 11-1. Event Log System Modules

Event Description Module

Module

addrMgr

chassis

bootp

Event Description

Address table

mgr

Console management

Change in port status; static trunks

SNMP communications

Stacking

switch hardware

bootp addressing

Console interface

DHCP addressing

file transfer

ports

snmp

stack

stp

console

dhcp

Spanning Tree

download

FFI

sys, system Switch management

Find, Fix, and Inform) -- available in the

console event log and web browser

interface alert log

telnet

Telnet activity

garp

igmp

GARP/GVRP

tcp

Transmission control

File transfer for new OS or config.

Time protocol

IP Multicast

tftp

IP-related

timep

vlan

ipx

Novell Netware

Dynamic LACP trunks

VLAN operations

lacp

Xmodem

Xmodem file transfer

Menu: Entering and Navigating in the Event Log

From the Main Menu, select Event Log.

Range of Events in the Log

Range of Log Events Displayed

Log Status Line

Figure 11-2. Example of an Event Log Display

11-12

Download from Www.Somanuals.com. All Manuals Search And Download.

Troubleshooting

Using the Event Log To Identify Problem Sources

The log status line at the bottom of the display identifies where in the

sequence of event messages the display is currently positioned.

To display various portions of the Event Log, either preceding or following the

currently visible portion, use either the actions listed at the bottom of the

display (Next page, Prev page, or End), or the keys described in the following

table:

Table 11-2. Event Log Control Keys

Key

[N]

Action

Advance the display by one page (next page).

Roll back the display by one page (previous page).

Advance display by one event (down one line).

Roll back display by one event (up one line).

Advance to the end of the log.

[P]

[ v]

[ ^]

[E]

[H]

Display Help for the event log.

CLI:

Using the CLI, you can list

Events recorded since the last boot of the switch

All events recorded

Event entries containing a specific keyword, either since the last boot or

all events recorded

Syntax:

show logging [-a] [<search-text>]

HP2512> show logging

Lists recorded logmessages since

last reboot.

HP2512> show logging -a

Lists all recorded log messages.

HP2512> show logging -a system Lists all log messages having

"system" in the text or module

name.

HP2512> show logging system

Lists all log messages since the

last reboot that have "system" in

the text or module name.

11-13

Download from Www.Somanuals.com. All Manuals Search And Download.

Troubleshooting

Diagnostic Tools

Diagnostic Features

Feature

Default

CLI

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2

PingTest

n/a

—

page 11-16

page 11-18

page 11-19

page 11-15

page 11-18

—

Link Test

Display Config File

Admin. and Troubleshooting

Commands

Factory-Default Config

page 11-20

(Buttons)

—

page 11-20

—

Ping and Link Tests

The Ping test and the Link test are point-to-point tests between your switch

and another IEEE 802.3-compliant device on your network. These tests can

tell you whether the switch is communicating properly with another device.

N o t e

To respond to a Ping test or a Link test, the device you are trying to reach must

be IEEE 802.3-compliant.

Ping Test. This is a test of the path between the switch and another device

on the same or another IP network that can respond to IP packets (ICMP Echo

Requests).

Link Test. This is a test of the connection between the switch and a desig-

nated network device on the same LAN (or VLAN, if configured). During the

link test, IEEE 802.2 test packets are sent to the designated network device

in the same VLAN or broadcast domain. The remote device must be able to

respond with an 802.2 Test Response Packet.

11-14

Download from Www.Somanuals.com. All Manuals Search And Download.

Troubleshooting

Diagnostic Tools

Web: Executing Ping or Link Tests

1. Click here.

2. Click here.

3. Select Ping Test (the

default) or Link Test

4. For a Ping test, enter

the IP address of the

target device. For a

Link test, enter the

MAC address of the

target device.

5. Select the number of tries

(packets) and the timeout for

each try from the drop-down

menus.

6. Click on Start to begin the test.

Figure 11-12.Link and Ping Test Screen on the Web Browser Interface

Successes indicates the number of Ping or Link packets that successfully

completed the most recent test.

Failures indicates the number of Ping or Link packets that were unsuccessful

in the last test. Failures indicate connectivity or network performance prob-

lems (such as overloaded links or devices).

Destination IP/MAC Address is the network address of the target, or destination,

device to which you want to test a connection with the switch. An IP address

is in the X.X.X.X format where X is a decimal number between 0 and 255. A

MACaddressismadeupof12hexadecimaldigits, forexample, 0060b0-080400.

11-15

Download from Www.Somanuals.com. All Manuals Search And Download.

Troubleshooting

Diagnostic Tools

Number of Packets to Send is the number of times you want the switch to

attempt to test a connection.

Timeout in Seconds is the number of seconds to allow per attempt to test a

connection before determining that the current attempt has failed.

To halt a Link or Ping test before it concludes, click on the Stop button.

To reset the screen to its default settings, click on the Defaults button.

CLI: Ping or Link Tests

Ping Tests. You can issue single or multiple ping tests with varying repiti-

tions and timeout periods. The defaults and ranges are:

Repetitions: 1 (1 - 999)

Timeout: 5 seconds (1 - 256 seconds)

Syntax:

ping <ip-address> [repetitions <1 - 999>] [timeout <1 - 256>]

Basic Ping

Operation

Ping with

Repetitions

Ping with

Repetitions

and Timeout

Ping Failure

Figure 11-13.Examples of Ping Tests

To halt a ping test before it concludes, press [Ctrl] [C].

11-16

Download from Www.Somanuals.com. All Manuals Search And Download.

Troubleshooting

Diagnostic Tools

Link Tests. Youcanissuesingle ormultiple linktestswithvaryingrepititions

and timeout periods. The defaults are:

Repetitions: 1 (1 - 9999)

Timeout: 5 seconds (1 - 256 seconds)

Syntax:

link <mac-address> [repetitions <1 - 999>] [timeout <1 - 256>]

Basic Link Test

Link Test with

Repetitions

Link Test with

Repetitions and

Timeout

Link Test Over a

Specific VLAN

Link Test Over a

Specific VLAN;

Test Fail

Figure 11-14.Example of Link Tests

11-17

Download from Www.Somanuals.com. All Manuals Search And Download.

Troubleshooting

Diagnostic Tools

Displaying the Configuration File

The complete switch configuration is contained in a file that you can browse

from either the web browser interface or the CLI. It may be useful in some

troubleshooting scenarios to view the switch configuration.

CLI: Viewing the Configuration File

Using the CLI, you can display either the running configuration or the startup

configuration. (For more on these topics, see appendix C, "Switch Memory

and Configuration".)

Syntax:

write terminal

show config

Displays the running configuration.

Displays the startup configuration.

Web: Viewing the Configuration File

To display the running configuration, through the web browser interface:

1. Click on the Diagnostics tab.

2. Click on [Configuration Report]

3. Use the right-side scroll bar to scroll through the configuration listing.

11-18

Download from Www.Somanuals.com. All Manuals Search And Download.

Troubleshooting

Diagnostic Tools

CLI Administrative and Troubleshooting Commands

These commands provide information or perform actions that you may find

helpful in troubleshooting operating problems with the switch.

N o t e

For more on the CLI, refer to chapter 3, "Using the Command Line Reference

(CLI).

Syntax:

show version

show boot-history

show history

[no] page

Shows the software version

currently running on the switch.

Displays the switch shutdown

history.

Displays the current command

history.

Toggles the paging mode for

display commands between

continuous listing and per-page

listing.

Setup

Repeat

kill

Displays the Switch Setup screen

from the menu interface

Repeatedly executes the previous

command until a key is pressed.

Terminates all other active

sessions.

11-19

Download from Www.Somanuals.com. All Manuals Search And Download.

Troubleshooting

Restoring the Factory-Default Configuration

Restoring the Factory-Default

Configuration

As part of your troubleshooting process, it may become necessary to return

the switch configuration to the factory default settings. This process momen-

tarilyinterruptstheswitchoperation, clearsanypasswords, clearstheconsole

event log, resets the network counters to zero, performs a complete self test,

and reboots the switch into its factory default configuration including deleting

an IP address. There are two methods for restting to the factory-default

configuration:

CLI

Clear/Reset button combination

N o t e

HP recommends that you save your configuration to a TFTP server before

resetting the switch to itsfactory-default configuration. You can also save your

configuration via Xmodem, to a directly connected PC.

CLI: Resetting to the Factory-Default Configuration

This command operates at any level except the Operator level.

Syntax: erase startup-configuration

Deletes the startup-config file in

flash so that the switch will

reboot with its factory-default

configuration.

Clear/Reset: Resetting to the Factory-Default Configuration

To execute the factory default reset, perform these steps:

1. Using pointed objects, simultaneously press both the Reset and Clear

buttons on the front of the switch.

2. Continue to press the Clear button while releasing the Reset button.

3. When the Self Test LED begins to flash, release the Clear button.

The switch will then complete its self test and begin operating with the

configuration restored to the factory default settings.

11-20

Download from Www.Somanuals.com. All Manuals Search And Download.

Transferring an Operating System or Startup

Configuration File

Appendix Contents

Downloading an Operating System (OS) . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2

Using TFTP To Download the OS File from a Server . . . . . . . . . . . . . . A-3

Menu: TFTP Download from a Server . . . . . . . . . . . . . . . . . . . . . . . A-4

CLI: TFTP Download from a Server . . . . . . . . . . . . . . . . . . . . . . . . A-5

Using the SNMP-Based Software Update Utility . . . . . . . . . . . . . . . . . . A-6

Series 2500 Switch-to-Switch Download . . . . . . . . . . . . . . . . . . . . . . . . A-6

Menu: Switch-to-Switch Download . . . . . . . . . . . . . . . . . . . . . . . . A-6

CLI: Switch-To-Switch Downloa d . . . . . . . . . . . . . . . . . . . . . . . . . . A -7

Using Xmodem to Download the OS File From a PC . . . . . . . . . . . . . A-7

Menu: Xmodem Download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-7

CLI: Xmodem Download from a PC or Unix Workstation . . . . . . A-8

Troubleshooting TFTP Downloads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-9

Transferring Switch Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-10

A-1

Download from Www.Somanuals.com. All Manuals Search And Download.

Transferring an Operating System or Startup Configuration File

Overview

You can download new switch software (operating system—OS) and upload

or download switch configuration files. These features are useful foracquiring

periodic switch software upgrades and for storing or retrieving a switch

configuration.

This appendix includes the following information:

downloading an operating system (this page)

transferring switch configurations (page A-10)

Downloading an Operating System (OS)

HP periodically provides switch operating system (OS) updates through the

Network City website (http://www.hp.com/go/network_city) and the HP FTP

Library Service. For more information, see the support and warranty booklet

shipped with the switch. After you acquire the new OS file, you can use one

of the following methods for downloading the operating system (OS) code to

the switch:

TheTFTP feature(Download OS) command in the Main Menu of the switch

console interface (page A-3)

HP’s SNMP Download Manager included in HP TopTools for Hubs &

Switches

A switch-to-switch file transfer

Xmodem transfer method

N o t e

Downloading a new OS does not change the current switch configuration. The

switchconfigurationiscontainedinaseparatefilethat canalsobetransferred,

for example, for archive purposes or to be used in another switch of the same

model. See “Transferring Switch Configurations” on page A-10.

A-2

Download from Www.Somanuals.com. All Manuals Search And Download.

Transferring an Operating System or Startup Configuration File

Downloading an Operating System (OS)

Using TFTP To Download the OS File from a Server

This procedure assumes that:

An OS file for the switch has been stored on a TFTP server accessible to

the switch. (The OS file is typically available from HP’s electronic ser-

vices—see the support and warranty booklet shipped with the switch.)

The switch is properly connected to your network and has already been

configured with a compatible IP address and subnet mask.

The TFTP server is accessible to the switch via IP.

Before you use the procedure, do the following:

Obtain the IP address of the TFTP server in which the OS file has been

stored.

If VLANs are configured on the switch, determine the name of the VLAN

in which the TFTP server is operating.

Determine the name of the OS file stored in the TFTP server for the switch

(for example, A_01_01.swi).

N o t e

If your TFTP server is a Unix workstation, ensure that the case (upper or

lower) that you specify for the filename is the same case as the characters

in the OS filenames on the server.

A-3

Download from Www.Somanuals.com. All Manuals Search And Download.

Transferring an Operating System or Startup Configuration File

Downloading an Operating System (OS)

Menu: TFTP Download from a Server

1. In the console Main Menu, select Download OS to display this screen:

Figure A-15. Example of the Download OS Screen (Default Values)

2. Press [E] (for Edit).

3. Ensure that the Method field is set to TFTP (the default).

4. In the TFTP Server field, type in the IP address of the TFTP server in which

the OS file has been stored.

5. In the Remote File Name field, type the name of the OS file. If you are

using a UNIX system, remember that the filename is case-sensitive.

6. Press [Enter], then [X] (for eXecute) to begin the OS download. The following

screen then appears:

Figure A-16. Example of the Download OS Screen During a Download

A-4

Download from Www.Somanuals.com. All Manuals Search And Download.

Transferring an Operating System or Startup Configuration File

Downloading an Operating System (OS)

A “progress” bar indicates the progress of the download. When the entire

operating system has been received, all activity on the switch halts and

you will see Validating and writing system software to FLASH... followed by

Transfer completed.

After the system flash memory has been updated with the new operating

system, the switch reboots itself and begins running with the new operat-

ing system.

7. To confirm that the operating system downloaded correctly:

a. From the Main Menu, select 1. Status and Counters, and from the Status

and Counters menu, select 1. General System Information

b. Check the Firmware revision line.

CLI: TFTP Download from a Server

Syntax:

copy tftp flash <ip-address> <remote-os-file>

For example, to download an OS file named F_01_03.swi from a TFTP server

with the IP address of 10.28.227.103:

1. Execute the copy command as shown below:

2. When the switch finishes downloading the OS file from the server, it

displays this progress message:

Validating and Writing System Software to FLASH . . .

3. After the switch reboots, it displays the CLI or Main Menu, depending on

the Logon Default setting last configured in the menu’s Switch Setup

screen.

A-5

Download from Www.Somanuals.com. All Manuals Search And Download.

Transferring an Operating System or Startup Configuration File

Downloading an Operating System (OS)

Using the SNMP-Based Software Update Utility

HP TopTools for Hubs & Switches includes a software update utility for

updating on HP ProCurve switch products such as the Series 2500 switches.

For further information, refer to the HP TopTools for Hubs & Switches User

Guide, provided electronically with the HP TopTools software.

Series 2500 Switch-to-Switch Download

If you have two or more Series 2500 switches networked together, you can

download the OS software from one switch to another by using the Download

OS feature in the switch console interface.

Menu: Switch-to-Switch Download

1. From the switch console Main Menu in the switch to receive the down-

load, select 7. Download OS screen.

2. Ensure that the Method parameter is set to TFTP (the default).

3. In the TFTP Server field, enter the IP address of the remote Series 2500

switch containing the OS you want to download.

4. Enter “flash” for the Remote File Name. (Type “flash” in lowercase charac-

ters.)

5. Press [Enter], then [X] (for eXecute) to begin the OS download.

6. A “progress” bar indicates the progress of the download. When the entire

operating system has been received, all activity on the switch halts and

the following messages appear:

Validating and writing system software to FLASH...

Transfer completed

After the system flash memory has been updated with the new operating

system, the switch reboots itself and begins running with the new operat-

ing system.

7. To confirm that the operating system downloaded correctly:

a. From the Main Menu, select

Status and Counters

General System Information

b. Check the Firmware revision line.

A-6

Download from Www.Somanuals.com. All Manuals Search And Download.

Transferring an Operating System or Startup Configuration File

Downloading an Operating System (OS)

CLI: Switch-To-Switch Download

Syntax:

copy tftp flash <ip-addr> flash

For example, to download an OS file from a Switch 2512 with an IP address

of 10.28.227.103:

Running Total

of Bytes

Downloaded

Figure 8-17.Switch-To-Switch OS Download Using the CLI

Using Xmodem to Download the OS File From a PC

This procedure assumes that:

The switch is connected via the Console RS-232 port on a PC operating as

a terminal. (Refer to the Installation Guide you received with the switch

for information on connecting a PC as a terminal and running the switch

console interface.)

The switch operating system (OS) is stored on a disk drive in the PC.

The terminal emulator you are using includes the Xmodem binary transfer

feature. (For example, in the Windows NT terminal emulator, you would

use the Send File option in the Transfer dropdown menu.)

Menu: Xmodem Download

1. From the console Main Menu, select

7. Download OS

2. Press [E] (for Edit).

3. Use the Space bar to select XMODEM in the Method field.

4. Press [Enter], then [X] (for eXecute) to begin the OS download. The following

message then appears:

Press enter and then initiate Xmodem transfer

from the attached computer.....

5. Execute the terminal emulator command(s) to begin Xmodem binary

transfer.

A-7

Download from Www.Somanuals.com. All Manuals Search And Download.

Transferring an Operating System or Startup Configuration File

Downloading an Operating System (OS)

The download can take several minutes, depending on the baud rate used

for the transfer.

6. When the download finishes, the switch automatically reboots itself and

begins running the new OS version.

7. To confirm that the operating system downloaded correctly:

a. From the Main Menu, select

1. Status and Counters

1. General System Information

b. Check the Firmware revision line.

CLI: Xmodem Download from a PC or Unix Workstation

Syntax:

copy xmodem flash <unix | pc>

For example, to download an OS file named F_01_03.swi from a PC:

1. Execute the following command in the CLI:

2. Execute the terminal emulator commands to begin the Xmodem transfer.

The download can take several minutes, depending on the baud rate used

in the transfer.

When the download finishes, the switch automatically reboots itself and

begins running the new OS version.

3. To confirm that the operating system downloaded correctly:

HP2512> show system

Check the Firmware revision line.

A-8

Download from Www.Somanuals.com. All Manuals Search And Download.

Transferring an Operating System or Startup Configuration File

Troubleshooting TFTP Downloads

If a TFTP download fails, the Download OS screen indicates the failure.

Message Indicating

cause of TFTP Download

Failure

Figure A-18. Example of Message for Download Failure

To find more information on the cause of a download failure, examine the

messages in the switch’s Event Log by executing this CLI command:

HP2512# show log tftp

(For more on the Event Log, see “Using the Event Log To Identify Problem

Sources” on page 11-11.)

Some of the causes of download failures include:

Incorrect or unreachable address specified for the TFTP Server parameter.

This may include network problems.

Incorrect VLAN.

Incorrect name specified for the Remote File Name parameter, or the

specified file cannot be found on the TFTP server. This can also occur if

the TFTP server is a Unix machine and the case (upper or lower) for the

filename on the server does not match the case for the filename entered

for the Remote File Name parameter in the Download OS screen.

One or more of the switch’s IP configuration parameters are incorrect.

For a Unix TFTP server, the file permissions for the OS file do not allow

the file to be copied.

A-9

Download from Www.Somanuals.com. All Manuals Search And Download.

Transferring an Operating System or Startup Configuration File

Transferring Switch Configurations

Another console session (through either a direct connection to a terminal

device or through Telnet) was already running when you started the

session in which the download was attempted.

N o t e

If an error occurs in which normal switch operation cannot be restored, the

switch automatically reboots itself. In this case, an appropriate message is

displayed in the copyright screen that appears after the switch reboots.

Transferring Switch Configurations

Transfer Features

Feature

Default

CLI