Release Notes:
for the ProCurve Series 2300 and 2500 Switches
Page
Page
Contents
Software Management
Enhancements in Release F.05.05 through F.05.70
Page
Enhancements in Release F.04.08
Enhancements in Release F.02.11
Enhancements in Release F.02.02
Page
Updates and Corrections for the Management and Configuration Guide
Software Fixes
Page
Page
Software Management
View or Download the Software Manual Set
Downloading Software to the Switch
N o t e
TFTP Download from a Server
Validating and Writing System Software to FLASH
Logon Default
Xmodem Download From a PC or Unix Workstation
This procedure assumes that:
The switch is connected via the Console
■The switch software is stored on a disk drive in the PC
Send File
Saving Configurations While Using the CLI
Running-Config
File:
Startup-Config
save configuration
ProCurve Switch, Routing Switch, and Router Software Keys
Enhancements in Release F.05.05 through F.05.70
Implementation of LLDP
LLDP Terminology
Adjacent Device:
Advertisement: See LLDPDU
Active Port:
Packet Boundaries in a Network Topology
Table 1. Viewable Data Available for LLDP Advertisements
LLDP Standards Compatibility
IEEE
■RFC 2922 (PTOPO, or Physical Topology MIB)
■RFC 2737 (Entity MIB)
LLDP Operating Rules
Port Trunking
IP Address Advertisements
Spanning-Tree
Blocking
Viewing the Current LLDP Configuration
Viewing LLDP-detectedDevices
Figure 3. Example of Viewing the LLDP Remote Device Information Details
Enabling or Disabling LLDP Operation on the Switch
lldp run
Syntax [ no ] lldp run
For example, to disable LLDP on the switch, use the command:
Configuring Per-PortLLDP Transmit/Receive
New Console Option
console
local-terminal
console local-terminalvt100
Clarification of Time Zone Issue
Syslog Overview
Syslog
Figure 4. A Syslog server collecting Event Log Messages from Multiple Switches
Syslog Operation
Syntax: [no] logging < syslog-ip-addr
no logging
syslog-ip-address
Syntax: [no] logging facility < facility-name
user
user (the default) — Random user-levelmessages kern — Kernel messages
auth — Security/Authorization messages
syslog — Messages generated internally by Syslog lpr — Line-Printersubsystem
Viewing the Syslog Configuration
Syntax: show debug
show debug
Configuring Syslog Logging
1.If you want to use a Syslog server for recording Event Log messages:
See Figure 6 below for an example of adding an additional Syslog server
Figure 6. Configuring multiple Syslog Servers
Operating Notes for Syslog
Isolated Port Groups (Enhanced)
group1
group2
Caution
Options for Isolated Port Groups
Uplink (the default)
Table 2. Communication Allowed Between Port-IsolationTypes within a Switch
Figure 7. Communication Allowed Between Port-IsolationTypes within a Switch
Operating Rules for Port Isolation
Trunking is supported
only
LACP is allowed only on the Uplink ports
no int e < port-numbers > lacp
Configuring Port Isolation on the Switch
Steps for Configuring Port Isolation
Remove all
2.Identify the devices you will connect to the switch’s ports
7.Enable port isolation on the switch
Configuring and Viewing Port-Isolation
Syntax: [ no ] port-isolation
uplink
public, group1, group2, private, local
show port-isolation
Table 3. Port Isolation Plan
Figure 8. Example of Isolating Ports on a Series 2500 Switch
Figure 9. Example of Port-IsolationConfiguration
Messages Related to Port-IsolationOperation
Port Isolation is
disabled. It must be
enabled first
Troubleshooting Port-IsolationOperation
Configuring Port-BasedAccess Control (802.1X)
Overview
Why Use Port-BasedAccess Control
General Features
802.1X on the Series 2500 switches includes the following:
Switch operation as both an authenticator (for supplicants having a
■Prevention of traffic flow in either direction on unauthorized ports
Temporary
Figure 10. Example of an 802.1X Application
Accounting
How 802.1X Operates
Authenticator Operation
2.The switch responds with an identity request
Switch-PortSupplicant Operation
■Switch “A” has port 1 configured for 802.1X supplicant operation
■You want to connect port 1 on switch “A” to port 5 on switch “B”
Figure 11. Example of Supplicant Operation
•A “success” response unblocks port 5 to normal traffic from port
Terminology
802.1X-Aware:
Authenticator:
CHAP (MD5): Challenge Handshake Authentication Protocol
EAP
EAPOL:
Friendly Client:
MD5:
PVID (Port VID):
General Operating Rules and Notes
Error configuring port X: LACP and 802.1X cannot be run together
Note on 802.1X and LACP
General Setup Procedure for Port-BasedAccess Control (802.1X)
Do These Steps Before You Configure 802.1X Operation
Overview: Configuring 802.1X Authentication on the Switch
eap-radius
chap-radius
radius host
Configuring Switch Ports as 802.1X Authenticators
1. Enable 802.1X Authentication on Selected Ports
Syntax: aaa port-accessauthenticator < port-list
[control < authorized | auto | unauthorized >]
Controls authentication mode on the specified port:
authorized:
Syntax: aaa port-accessauthenticator < port-list > (Syntax Continued)
[quiet-period< 0 - 65535 >]
(Default: 60 seconds)
[tx-period< 0 - 65535 >]
[supplicant-timeout< 1 - 300 >]
control auto
Note:
control authorized
port- security
3. Configure the 802.1X Authentication Method
Figure 12. Example of 802.1X (Port-Access)Authentication
4. Enter the RADIUS Host IP Address(es)
5. Enable 802.1X Authentication on the Switch
802.1X Open VLAN Mode
Introduction
■Acquiring IP addressing from a DHCP server
Unauthorized-Client
VLAN
3rd Priority:
Use Models for 802.1X Open VLAN Modes
Authorized-Client
Table 4. 802.1X Open VLAN Mode Options
802.1X Per-PortConfiguration
Port Response
No Open VLAN mode:
tication session
Open VLAN Mode with Only an Unauthorized-ClientVLAN Configured:
Open VLAN Mode with Only an Authorized-ClientVLAN Configured:
Operating Rules for Authorized-Clientand Unauthorized-ClientVLANs
Condition
Rule
command or the VLAN Menu screen in the Menu interface.)
VLAN Assignment Received from a RADIUS Server
Multiple Authenticator Ports Using
the Same Unauthorized-Clientand
Authorized-ClientVLANs
all 802.1X authenticator ports configured on the switch
Attempt
Setting Up and Configuring 802.1X Open VLAN Mode
Preparation
Before you configure the 802.1X Open VLAN mode on a port:
i.Port 5 is an untagged member of VLAN 1 (the default VLAN)
ii.You configure port 5 as an 802.1X authenticator port
Configuring General 802.1X Operation:
Syntax: aaa port-accessauthenticator e < port-list > control auto
2.Configure the 802.1X authentication type. Options include:
If you selected either
Adds a server to the RADIUS configuration
4.Activate authentication on the switch
Configuring 802.1X Open VLAN Mode
rad4all
802.1X Open VLAN Operating Notes
not
While an
When a client’s authentication attempt on an
Syntax: port-security[ethernet] < port-list
learn-mode port-access
action < none | send-alarm| send-disable
Note on Blocking a Non-802.1XDevice
control
authorized
For example, suppose that you want to connect two switches, where:
■Switch “A” has port 1 configured for 802.1X supplicant operation
Figure 13. Example of Supplicant Operation
Syntax: [no] aaa port-accesssupplicant [ethernet] < port-list
Configuring a Supplicant Switch Port
identity
secret
Syntax: aaa port-accesssupplicant [ethernet] < port-list
[identity < username >]
max-start
start-period
start- period
Displaying 802.1X Configuration, Statistics, and Counters
Show Commands for Port-AccessAuthenticator
Without
displays whether
port-access
supplicant
Viewing 802.1X Open VLAN Mode Status
port-access
authenticator
show vlan
Figure 14. Example Showing Ports Configured for Open VLAN Mode
Table 5. Open VLAN Mode Status
Syntax: show vlan < vlan-id
Figure 15. Example of Showing a VLAN with Ports Configured for Open VLAN Mode
Show Commands for Port-AccessSupplicant
port- list
Connecting - Starting authentication
Authenticated
Acquired
How RADIUS/802.1X Authentication Affects VLAN Operation
Static VLAN Requirement
(This is because a port can be an untagged member of only one VLAN at a time.)
Figure 16. Example of an Active VLAN Configuration
You can see the temporary VLAN assignment by using the
Page
Notes
■Eliminates and ceases to advertise the temporary VLAN assignment
■Re-activatesand resumes advertising the temporarily disabled VLAN assignment
Messages Related to 802.1X Operation
Table 6. 802.1X Operating Messages
LACP has been disabled on 802.1X port(s)
Error configuring port < port-number>: LACP and 802.1X cannot be run together
IGMP Version 3 Support
Enhancements in Release F.04.08
Using Friendly (Optional) Port Names
Show
augments
does not replace
Configuring and Operating Rules for Friendly Port Names
Configuring Friendly Port Names
Configuring a Single Port Name
Figure 20. Example of Configuring a Friendly Port Name
Figure 21. Example of Configuring One Friendly Port Name on Multiple Ports
Displaying Friendly Port Names with Other Port Data
You can display friendly port name data in the following combinations:
This command lists
names assigned to a specific port
show name [ port-list ]
Figure 23. Example of Friendly Port Name Data for Specific Ports on the Switch
show interface <port-number
statistics listing
Figure 24. Example of a Friendly Port Name in a Per-PortStatistics Listing
Name
Name : not assigned
This option tells you which friendly port names have been saved to the
startup-config
file. (The
Configuring Secure Shell (SSH)
■Client public-keyauthentication
■Switch SSH and user password authentication
Figure 26. Client Public Key Authentication Model
Note
on OpenSSH, visit http://www.openssh.com
on OpenSSH, visit
Figure 27. Switch/User Authentication
SSH on the Series 2500 switches supports these data encryption methods:
■SSH Server: An HP Series 2500 switch with SSH enabled
Key Pair:
PEM (Privacy Enhanced Mode):
Public Key:
■Enable Level: Manager privileges on the switch
Steps for Configuring and Using SSH for Switch and Client Authentication
SSH Options
The general steps for configuring SSH include:
A. Client Preparation
Optional—If
B.Switch Preparation
Assign a login (Operator) and enable (Manager) password on the switch (page
erase
Once you generate a key pair on the switch you should avoid
the session is not secure
Configuring the Switch for SSH Operation
1. Assigning a Local Login (Operator) and Enable (Manager) Password
2. Generating the Switch’s Public and Private Key Pair
Figure 31. Example of Generating a Public/Private Host Key Pair for the Switch
IP SSH
3. Providing the Switch’s Public Key to Clients
Figure 33. Example of a Correctly Formatted Public Key (Unbroken ASCII String)
Displaying the Public Key
Non-encoded
ASCII numeric string:
Phonetic hash:
4. Enabling SSH on the Switch and Anticipating SSH Client Contact Behavior
SSH Client Contact Behavior
To enable SSH on the switch
Generate a public/private key pair if you have not already done so. (Refer to
2.Execute the ip ssh command
To disable SSH on the switch, do either of the following:
Note on Port Number
key-size
ip ssh port
web-management
no telnet
5. Configuring the Switch for SSH Authentication
Syntax: copy tftp pub-key-file< ip-address > < filename
aaa authentication ssh login rsa
Configures the switch to authenticate
< local | none
a client public-keyat the login level
6. Use an SSH Client To Access the Switch
Further Information on SSH Client Public-KeyAuthentication
4.If there is a match, the switch:
a.Generates a random sequence of bytes
b.Uses the client’s public key to encrypt this sequence
c.Send these encrypted bytes to the client
b.Uses MD5 to create a hash version of this information
c.Returns the hash version to the switch
The switch computes its own hash version of the data in step
Using client public-keyauthentication requires these steps:
Copy the public key for each client into a
Copy the client’s public key (in ASCII
.txt
3.Copy the client-public-keyfile into a TFTP server accessible to the switch
Copying a client-public-keyinto the switch requires the following:
One or more
Note on Public Keys
Syntax: copy tftp pub-key-file <ip-address><filename
Copies a public key file from a TFTP
show ip client-public-key[ babble | fingerprint ]
switch’s current client-public-keyfile
You can replace the existing client
You can remove the existing client
clear
public-key
Syntax: clear public-key
Messages Related to SSH Operation
00000K Peer unreachable
00000K Transport error
Indicates the switch experienced a problem when
may be wrong
Generating new RSA host key. If the
After you execute the crypto key generate [rsa]
cache is depleted
this could take
up to two minutes
Configuring RADIUS Authentication and Accounting
Remote Authentication
Dial-In
User Service
Authentication
Accounting
EAP(Extensible Authentication Protocol):
Host: See RADIUS Server
NAS (Network Access Server):
RADIUS (Remote Authentication Dial In User Service):
Preparation:
Configuring the Switch for RADIUS Authentication
Outline of the Steps for Configuring RADIUS Authentication
1.Configure Authentication for the Access Methods You Want RADIUS To Protect
Figure 42. Example Configuration for RADIUS Authentication
2. Configure the Switch To Access a RADIUS Server
1.Change the encryption key for the server at 10.33.18.127 to "source0127
Add a RADIUS server with an IP address of 10.33.18.119 and a
To make the changes listed prior to figure 43, you would do the following:
3. Configure the Switch’s Global RADIUS Parameters
radius-serverretransmit < 1 .. 5
If a RADIUS server fails to respond to an
authentication request, specifies how many
retries to attempt before closing the session
(Default: 3; Range: 1 - 5)
Local Authentication Process
Controlling Web Browser Interface Access When Using RADIUS Authentication
This section assumes you have already:
■Configured RADIUS authentication on the switch for one or more access methods
■Configured one or more RADIUS servers to support the switch
Exec accounting:
System accounting:
Operating Rules for RADIUS Accounting
■RADIUS servers used for accounting are also used for authentication
■The switch must be configured to access at least one RADIUS server
Outline of the Steps for Configuring RADIUS Accounting
1. Configure the Switch To Access a RADIUS Server
Select the Accounting Type(s):
Exec:
exec
■System: Use system if you want to collect accounting data when:
•A system boot or reload occurs
3. (Optional) Configure Session Blocking and Interim Updating Options
General RADIUS
Page
Page
RADIUS Authentication
RADIUS Accounting
Changing RADIUS-ServerAccess Order
Figure 57. Search Order for Accessing a RADIUS Server
Re-enter
Figure 58. Example of New RADIUS Server Search Order
Messages Related to RADIUS Operation
Troubleshooting RADIUS Operation
IP Preserve: Retaining VLAN-1IP Addressing Across Configuration File Downloads
Operating Rules for IP Preserve
ip preserve
The
Figure 59. Example of Implementing IP Preserve in a Configuration File
For example, consider Figure 60:
Figure 60. Example of IP Preserve Operation
To summarize the IP Preserve effect on IP addressing:
The Role of 802.1Q VLAN Tagging
Outbound Port Queues and Packet Priority Settings
Operating Rules for Port-BasedPriority on Series 2500 Switches
Configuring and Viewing Port-BasedPriority
Messages Related to Prioritization
Troubleshooting Prioritization
Using the "Kill" Command To Terminate Remote Sessions
Syntax: kill [<session-number>]
kill
Figure 64. Example of Using the "Kill" Command To Terminate a Remote Session
Overview
Transitioning from STP to RSTP
Configuring RSTP
CLI: Configuring RSTP
Abbreviation:
Figure 65. Example of the Spanning Tree Configuration Display
Enabling or Disabling RSTP
Abbreviation: [no] span
Enabling STP Instead of RSTP
Abbreviation: span prot stp
You can configure one or more of the
Table 9. Whole-SwitchRSTP Parameters
Abbreviations:
span
protocol-version<rstp | stp
force-version <rstp-operation| stp-compatible
priority <0 - 15
Reconfiguring
Per-Port
Spanning Tree Values
Table 10. Per-PortRSTP Parameters
spanning-tree[ethernet] <port-list
span <port-list
path-cost<1 - 200000000
path <1 - 200000000
point-to-point-mac <force-true| force-false| auto
Menu: Configuring RSTP
menu
2.Switch Configuration
4.Spanning Tree Operation
dit
8.Repeat step 6 for each additional parameter you want to change
6. Reboot Switch
Web: Enabling or Disabling RSTP
To enable or disable Spanning Tree using the Web browser interface:
1.Click on the Configuration tab
Enhancements in Release F.02.11
Fast-UplinkSpanning Tree Protocol (STP)
■Used as a wiring closet switch (also termed an edge switch or a leaf switch)
Configured for
Terminology
(2 x (forward delay) + link down detection)
Table 11. STP Parameter Settings for Figure
With the above-indicatedtopology and configuration:
Scenario 1:
■Scenario 2: If Switch "1" fails, then:
Operating Rules for Fast Uplink
Menu: Viewing and Configuring Fast-UplinkSTP
a.Press [E] (Edit) to move the cursor to the Protocol Version field
b.Press the Space bar once to change the Protocol Version field to STP
c.Press [Enter] to return to the command line
Figure 71. Changing from RSTP to STP Requires a System Reboot
e.Press [0] (zero) to return to the Main Menu, then [6] to reboot the switch
Figure 72. The Spanning Tree Operation Screen
b.Use [Tab] to move to the Mode field for port
c.Use the Space bar to select Uplink as the mode for port
d.Use [v] to move to the Mode field for Trk1
e.Use the Space bar to select Uplink as the Mode for Trk1
Page
1.From the Main Menu, select:
1.Status and Counters
7.Spanning Tree Information
2. Press [S] (for Show ports) to display the status of individual ports
Figure 75. Example of STP Port Status with Two Redundant STP Links
CLI: Viewing and Configuring Fast-UplinkSTP
Page
Page
Operating Notes
Fast-UplinkTroubleshooting
The Show Tech Command for Listing Switch
Configuration and Operating Details
1.In Hyperterminal, click on Transfer | Capture Text
In the
3.Click [Start] to create and open the text file
4.Execute show tech:
HP2512# show tech
Enhancements in Release F.02.02
TACACS+ Authentication for Centralized Control of Switch Access Security
A3 or
A2 or
Figure 82. Example of TACACS+ Operation
Series 2500 Switch Authentication Options
Local:
TACACS+:
Terminology Used in TACACS Applications:
communication server
remote access server
terminal server
Local Authentication:
General System Requirements
To use TACACS+ authentication, you need the following:
HP2512> show version
Menu Interface:
From the Main Menu, click on
TACACS+ Operation
General Authentication Setup Procedure
3.Determine the following:
Note on Privilege Levels
Page
Configuring TACACS+ on the Switch
The switch offers three command areas for TACACS+ operation:
CLI Commands Described in this Section
Viewing the Switch’s Current Authentication Configuration
This example shows the default authentication configuration
Figure 83. Example Listing of the Switch’s Authentication Configuration
Viewing the Switch’s Current TACACS+ Server Contact Configuration
Syntax: show tacacs
Configuring the Switch’s Authentication Methods
Table 12. AAA Authentication Parameters
Table 13. Primary/Secondary Authentication Table
HP2512(config)#aaa authenticationconsole login tacacs local
HP2512(config)#aaa authenticationconsole enable tacacs local
local
HP2512(config)#aaa authenticationtelnet enable tacacs local
HP2512(config)#
Configuring the Switch’s TACACS+ Server Access
The tacacs-servercommand configures these parameters:
The host IP address(es)
An optional encryption key
The timeout value
Page
first-choice
server:
Figure 85. Example of the Switch with Two TACACS+ Server Addresses Configured
The servers would then be listed with the new "first-choice"server, that is:
Figure
To configure westside as a global encryption key:
HP2512(config) tacacs-serverkey westside
To configure westside as a per-serverencryption key:
HP2512(config)tacacs-serverhost 10.28.227.63 key westside
To delete a global encryption key from the switch, use this command:
How Authentication Operates
General Authentication Process Using a TACACS+ Server
Figure 87. Using a TACACS+ Server for Authentication
The switch queries the
If the switch does not receive a response from the
Local Authentication Process
(For a listing of authentication options, see Table 13 on page 175.)
Using the Encryption Key
General Operation
Global key:
Individual key:
Encryption Options in the Switch
HP2512(config)# tacacs-serverkey north40campus
HP2512(config)# tacacs-serverhost 10.28.227.87 key south10campus
Controlling Web Browser Interface Access When Using TACACS+ Authentication
Messages
Table 14. Tacacs Messages
Operating Notes
When TACACS+ is not enabled on the
manager-level
Troubleshooting TACACS+ Operation
If the switch can access the server device (that is, it can
■The account has expired
■The access attempt is through a port that is not allowed for the account
■The time quota for the account has been exhausted
■The time credit for the account has expired
■The access attempt is outside of the timeframe allowed for the account
■The allowed number of concurrent logins for the account has been exceeded
default user
CDP (Updated by Software Version F.05.50)
http://www. procurve.com
New Time Synchronization Protocol Options
TimeP Time Synchronization
SNTP Time Synchronization
SNTP provides two operating modes:
Unicast Mode:
General Steps for Running a Time Protocol on the Switch:
• TimeP: DHCP or Manual
3.Configure the remaining parameters for the time protocol you selected
Disabling Time Synchronization
In the System Information screen of the Menu interface, set the
■In the config level of the CLI, execute no timesync
Table 15. SNTP Parameters
Menu: Viewing and Configuring SNTP
To View, Enable, and Modify SNTP Time Protocol:
Figure 88. The System Information Screen (Default Values)
iv.Press [>] to move the cursor to the Poll Interval field, then go to step
CLI: Viewing and Configuring SNTP
Viewing the Current SNTP Configuration
Configuring (Enabling or Disabling) the SNTP Mode
Enabling SNTP in Broadcast Mode
sntp broadcast
Configures Broadcast as the SNTP mode
For example, suppose:
Time synchronization is in the
Syntax: timesync sntp
Selects SNTP as the time synchronization method
sntp unicast
Configures the SNTP mode for Unicast operation
sntp server
Figure 93. Example of Specifying the SNTP Protocol Version Number
Changing the SNTP Poll Interval
Figure 94. Example of SNTP with Time Sychronization Disabled
no sntp
Figure 95. Example of Disabling Time Synchronization by Disabling the SNTP Mode
TimeP: Viewing, Selecting, and Configuring
Table 16. Timep Parameters
Menu: Viewing and Configuring TimeP
To View, Enable, and Modify the TimeP Protocol:
Figure 96. The System Information Screen (Default Values)
Viewing the Current TimeP Configuration
Configuring (Enabling or Disabling) the TimeP Mode
■Time synchronization is configured for SNTP
2.Select TimeP as the time synchronization mode
3.Enable TimeP for DHCP mode
4.View the TimeP configuration
Figure 99. Example of Enabling TimeP Operation in DHCP Mode
timesync
timep
Selects TimeP
ip timep
manual
Disabling the TimeP Mode
SNTP Unicast Time Polling with Multiple SNTP Servers
Address Prioritization
Adding and Deleting SNTP Server Addresses
Adding Addresses
Figure 103. Example of SNTP Server Address Prioritization
Deleting Addresses
Menu Interface Operation with Multiple SNTP Server Addresses Configured
SNTP Messages in the Event Log
Operation and Enhancements for Multimedia Traffic Control (IGMP)
How Data-DrivenIGMP Operates
This section uses the following terms to describe IGMP operation:
Querier:
■IGMP Device: A switch or router running IGMP traffic control features
Figure 104. Example of Data-DrivenIGMP Operation
IGMP Operates With or Without IP Addressing
Fast-LeaveIGMP
Automatic Fast-LeaveOperation. If a Series 2500 switch port is :
a.Connected to only one end node
b.The end node currently belongs to a multicast group; i.e. is an IGMP client
c.The end node subsequently leaves the multicast group
Figure 105. Example of Automatic Fast-LeaveIGMP Criteria
To list the Forced Fast-Leavestate for all ports in the switch:
Figure 106. Listing the Forced Fast-LeaveState for Ports in an HP2512 Switch
To list the Forced Fast-Leavestate for a single port
getmib hpSwitchIgmpPortForcedLeaveState.1. <port-number
(Not case-sensitive.)
Figure 107. Listing the Forced Fast-LeaveState for a Single Port
CLI: Configuring Per-PortForced Fast-LeaveIGMP
Syntax: setmib hpSwitchIgmpPortForcedLeaveState.1.<port-number> -i< 1 | 2
setmib 1.3.6.1.4.1.11.2.14.11.5.1.7.1.15.3.1.5.1.<port-number> -i< 1 | 2
where:
1 = Forced Fast-Leaveenabled
Querier Operation
Table 17. Well-KnownIP Multicast Address Groups Excluded from IGMP Filtering
Switch Memory Operation
Port Security: Changes to Retaining Learned Static Addresses Across a Reboot
Recommended Port Security Procedures
Retention of Static Addresses
Delete the address by using the
command
•Reset the switch to its factory-defaultconfiguration
Delete it by using the
Username Assignment and Prompt
Updates and Corrections for the Management and Configuration Guide
At the Interface Context Level
At the Global Configuration Level
This change affects the following commands:
Restoring the Factory-DefaultConfiguration, Including Usernames and Passwords
■Execute the no password command in the CLI
Select the
■Press and hold the Clear button on the switch for one second
GVRP Does Not Require a Common VLAN
Incomplete Information on Saving Configuration Changes
Update to Information on Duplicate MAC Addresses Across VLANs
Incorrect Command Listing for Viewing Configuration Files
■show config : Displays the startup-configfile
■show config run : Displays the running-configfile
(The write terminal command also displays the running-configfile.)
■Daylight Time Rule setting
Misleading Statement About VLANs
Software Fixes
Page
Page
Release F.01.08
Fixed in release F.01.08:
100/1000-T
transceiver —
Web-Browser
Fixed in release F.02.02:
Transceiver —
Config —
a.SNMP community parameter unrestricted is changed to (null)
b.forbid commands are added to the VLAN configuration
->Software Exception at woody_dev.c: 450 in AdMgrCtrl
->ppmgr_setDefaultPriority: invalid port number
Link —
Monitor Port —
Ping —
Release F.02.04 (Beta Release Only)
Fixed in release F.02.04:
Buffer Leak —
■CDP — The switch sends the wrong MAC address for itself in CDP packets
Console/TELNET —
LED —
Port security —
TELNET —
Web-browser
interface —
Release F.02.06 (Beta Release Only)
Textual modifications made to the Isolated Port Groups feature
Release F.02.07 (Beta Release Only)
This release adds two new features:
■Spanning Tree fast "uplink" mode
XRMON —
Release F.02.08 (Beta Release Only)
Fixed in F.02.08:
->Software exception at woodyDma_recv.c:154 --in 'eDrvPoll
Release F.02.09
Release F.02.12
Fixed in release F.02.12
Release F.02.13
Fixed in release F.02.13
Monitoring Port —
Port Configuration —
Port Monitoring —
TFTP —
VARIOUS: Crash/Bus Error —
Release F.04.02
Release F.04.08
Fixed in release F.04.08
Release F.04.09
Fixed in release F.04.09
Agent Hang —
Fixed in release F.05.05
ARP —
■GARP/Event log — Garp event log messages may be garbled
show arp
show trunks
Event Log —
GVRP —
LACP/802.1X —
Loop/VTP —
Menu —
Menu/CLI — Modified help message for RSTP
Menu/VLAN — The VLAN help text has been modified
NNM/Stacking —
TACACS+ —
Time Zone —
VTP/ISL —
Release F.05.09 (Beta Release Only)
Fixed in release F.05.09
Release F.05.12 (Beta Release Only)
Adds the following enhancement:
■Changes to 802.1X to support Open VLAN Mode
Release F.05.13 (Beta Release Only)
■Changes to Isolated Port Groups to add two new groups: group1 and group2
Performance/Crash (PR_4967) —
Transceiver
hot-swap
(PR_3138) —
Transceivers (PR_3167) —
crash with a bus error similar to:
->Bus error: HW Addr=0x29283030 IP=0x002086ac Task='mSnmpCtrl
Task ID=0x165ae00
Flow control —
software exception at alloc_free.c ... buf_free: corrupted buffer
■SNMP — The switch does not support community names other than PUBLIC in traps
SNMP/Crash —
->Bus error: HW Addr=0x5265766d IP=0x002592e8 Task='mSnmpCtrl
Task ID=0x12c2158 fp: 0x00000005 sp:0x012c1e28 lr:0x00259430
■TACACS+ — The TACACS server IP is shown on the 'splash screen
Example output:
■Web — Sun java v1.3.x and v1.4.x interoperability issue: high CPU utilization
■Web/Stack Mgmt — Software version isn't displayed in Web-agentidentity screen
Release F.05.17
Modification of Manufacturing test commands
Release F.05.19 (Never Released)
Fixed in release F.05.19
■Counters (PR_92221) — Counters for J4834A 100/1000 xcvr do not clear
■Crash/Bus Error (PR_92466) — Bus error related to 802.1X/unauthorized VLAN
Agent Hang (PR_92802) —
■Syslog (PR_1000003656) — The syslog capability added to F.05.22
■Syslog (PR_1000004080) — A timep event log message on syslog is truncated
Web (PR_81848)
Web (PR_82039)
Web (PR_82199)
Release F.05.24 (Not a General Release)
Fixed in release F.05.24
Web (PR_1000007144)
Release F.05.25 (Not a General Release)
Fixed in release F.05.25
SNMP (PR_1000190654)
Web/Crash (PR_1000092011)
exception.c:356 --in 'mHttpCtrl', task ID = 0x139ba42
Web UI/Port Security (PR_1000195894)
port-security
Release F.05.32 (Not a General Release)
Fixed in release F.05.32
TFTP/Config (PR_1000215024)
Release F.05.33
Fixed in release F.05.33
Release F.05.37 (Not a General Release)
CLI (PR_83354)
show mac vlan <VID
Release F.05.38 (Never Released)
Fixed in release F.05.38
Release F.05.51 (Never Released)
Fixed in release F.05.51
Crash (PR_1000297510)
Release F.05.52
Fixed in release F.05.52
Release F.05.55
Fixed in release F.05.55
LLDP (PR_1000310666)
Menu (PR_1000318531)
RSTP (PR_99049)
Release F.05.59
Fixed in release F.05.59
Release F.05.60
Fixed in release F.05.60
RSTP (PR_10004013943)
Daylight Savings (PR_1000467724)
Release F.05.64 (Never Released)
No issues fixed in release F.05.64
Release F.05.65
Fixed in release F.05.65
Release F.05.69
Fixed in release F.05.69
ProCurve Manager (PR_1000768253)
Stacking Transceivers (PR_1000784489)
TACACS+ (PR_0000003839)
