122 | HP 3400CL-24G specification

Enhancements

Release M.10.39 Enhancements

You can configure local, chap-radiusor eap-radiusas the primary password authentication method for the port-access method. You also need to select none or authorized as a secondary, or backup, method.

Syntax: aaa authentication port-access <chap-radius eap-radius local>

Configures local, chap-radius, or eap-radiusas the primary password authentication method for port-access. The default primary authentication is local.

[<none authorized >]

Provides options for secondary authentication. The none option specifies that a backup authentication method is not used. The authorized option allows access without authentication. (default: none).

You can configure chap-radiusas the primary password authentication method for web-based or mac- based port-access methods. You also need to select none or authorized as a secondary, or backup, method.

Syntax: aaa authentication <mac-based web-based> chap-radius

Configures chap-radiusas the primary password authentication method for mac-based or web-based port access.

[<none authorized >]

Provides options for secondary authentication. The none option specifies that a backup authentication method is not used. The authorized option allows access without authentication. (default: none).

Figure 1 shows an example of the show authentication command displaying authorized as the second- ary authentication method for port-access, Web-auth access, and Mac-auth access. Since the config- uration of authorized means no authentication will be performed and the client has unconditional access to the network, the “Enable Primary” and “Enable Secondary” fields are not applicable (N/A).

122

Image 132

HP 3400CL-24G manual 122

Contents

For the HP ProCurve Series 3400cl Switches Release Notes Version M.10.72 Software Publication Number Contents Known Issues Page Release M.10.26 Software Fixes in Release M.08.51 M.10.72 Viii Page Page Software Updates Download Switch Documentation and Software from the WebDownloading Software to the Switch View or Download the Software Manual Set Downloading Software to the Switch T e Tftp Download from a Server Xmodem Download From a PC or Unix Workstation ProCurve config# console baud-rate Syntax copy xmodem flash primary secondary Saving Configurations While Using the CLI Do you want to save current configuration y/n ? Install Recommendations for I.08.12 Boot ROM Update Boot Rom Version Current Boot Primary ProCurve Switch, Routing Switch, and Router Software Keys Software ProCurve Networking Products Letter Software Management Minimum Software Versions for Series 3400cl Switch Features For Switch 3400cl Hardware AccessoriesOS/Web/Java Compatibility Table Switch Management Access Security Default Settings Affecting Security Local Manager Password Inbound Telnet Access and Web Browser AccessSecure File Transfers Snmp Access Simple Network Management Protocol Snmp-server mib hpswitchauthmib excluded Physical Access to the Switch Other Provisions for Management Access Security Network Access Security Access Control Lists ACLsWeb and MAC Authentication Secure Shell SSH Secure Socket Layer SSLv3/TLSv1Traffic/Security Filters 802.1X Access Control Port Security, MAC Lockdown, MAC Lockout, and IP Lockdown Key Management System KMS Identity-Driven Management IDM Publication Updates Operating Notes for Jumbo Traffic-HandlingNon-Genuine Mini-GBIC Detection and Protection Initiative Igmp Command Update General Switch Traffic Security Guideline Igmp Operating Notes Management Vlan IP Address Interoperating with 802.1s Multiple Spanning-TreeRate-Limiting Known Issues Release M.10.17 Release M.08.69 Enhancements Release M.08.70 through M.08.72 EnhancementsRelease M.08.73 Enhancements Release M.08.74 through M.08.77 Enhancements Using Fastboot To Reduce Boot Time ProCurveconfig# show fastboot Fast Boot DisabledRelease M.08.78 Enhancements Release M.08.79 Enhancements Release M.08.80 through M.08.83 Enhancements Operating Notes Release M.08.84 Enhancements Release M.08.85 through M.08.88 EnhancementsRelease M.08.89 Enhancements DNS Resolver Basic Operation Ping accounts015 traceroute sales021ProCurve# Ping leader 10.28.229.220 Alive, time = ProCurve# traceroute Remote-01.common.group.net 10.22.240.73 Configuring a DNS Entry Example Using DNS Names with Ping and Traceroute Example Network Domain Viewing the Current DNS Configuration 10.28.192.2 10.28.229.219 IP Config IP Address Subnet Mask Arp Age Domain Suffix Pubs.outdoors.comServer 10.28.229.10 Manual 10.28.192.1 255.255.255.0 Event Log Messages Message Meaning Changing and Viewing the Snmp Access Configuration Security Notes ProCurveconfig# Snmp-server mib hpswitchauthmib excluded Snmp Communities Mstp Default Path Cost Controls Releases M.08.90 and M.08.91 Enhancements QoS Pass-Through Mode Description Configuring QoS Pass-Through Mode Example Showing QoS Pass-Through Mode Set Using the CLI Displaying the Current QoS Pass-Through Mode on the Switch Release M.08.94 Enhancements ProCurveconfig# dhcp-relay option 82 append mgmt-vlan Example UDP Broadcast Forwarding Dhcp Operation for the Topology in Figure RADIUS-Assigned Access Control Lists ACLs Releases M.08.95 through M.10.01 EnhancementsRelease M.08.96 Enhancements Releases M.08.97 through M.10.01 Enhancements Release M.10.02 Enhancements Operates on the 3400cl switches Terminology General Operation Packet-filtering Process T e s Example of Sequential Comparison Packet-Filtering Process in an ACL with N Entries ACEs Example of How a RADIUS-Based ACL Filters Packets General Steps Determining Traffic Policies Planning the ACLs Needed To Enforce Traffic Policies Guidelines for Structuring a RADIUS-Based ACL Operating Rules for RADIUS-Based ACLs Limits for RADIUS-Based ACLs, Associated ACEs, and Counters Limits Affecting RADIUS-Based ACL Applications Configuring an ACL in a Radius Server Limit Notes END-VENDOR Client 10.10.10.125 nastype = other secret = Format Details for ACEs Configured in a RADIUS-Based ACL Deny in udp from any to any 135, 137-139 Configuring the Switch To Support RADIUS-Based ACLs MAC Authentication Option Web Authentication Option802.1X Option Port port-#, No Radius ACLs applied on this port Syntax show port-access authenticator port-list Event Log Messages ACE parsing error, destination IP ACE parsing error, tcp/udp portsPort port-# , No Radius ACLs applied on this port Exceeded counter per port limit SFlow Show Commands Viewing SFlow Configuration Viewing sFlow Agent Information Release M.10.04 Enhancements Instrumentation Monitor Ip-address-count Known Limitations Configuring Instrumentation Monitor Viewing the Current Instrumentation Monitor Configuration Examples ProCurve# show instrumentation Monitor configuration TCP/UDP Port Closure Enabling/Disabling Tftp Enabling/Disabling SnmpEnabling/Disabling RIP Spanning Tree Show Commands Enabling/Disabling Stacking Operating Notes BPDUs Tx BPDUs Rx 256654 Release M.10.05 Enhancements Release M.10.06 Enhancements Release M.10.07 Enhancements Release M.10.08 EnhancementsRelease M.10.09 Enhancements Uni-Directional Link Detection Udld Udld Example Configuration Considerations Configuring Udld ProCurveconfig#interface al link-keepalive ProCurveconfig#interface al-a4 link-keepaliveProCurveconfig# link-keepalive interval ProCurveconfig# link-keepalive retries Viewing Udld Information Udld ProCurve# clear link-keepalive statistics Configuration Warnings and Event Log Messages CLI Command Example Warning Message Possible Problem Configuring STP Bpdu Filters ProCurveconfig# spanning-tree a9 bpdu-filterRelease M.10.10 Enhancements Spanning Tree Per-Port Bpdu Filtering Viewing Status of Bpdu Filtering Viewing Configuration of Bpdu Filtering Bpdu Releases M.10.11 through M.10.12 Enhancements Release M.10.13 EnhancementsReleases M.10.14 through M.10.16 Enhancements Release M.10.17 Enhancements Terminology Release M.10.17 Enhancements Configuring STP Bpdu Protection ProCurveconfig# spanning-tree 1-10 bpdu protection Viewing Bpdu Protection Status Configuring Loop Protection ProCurveconfig# loop-protect port-listRelease M.10.21 Enhancements Release M.10.22 Enhancements Example of Show Loop Protect Display Release M.10.23 Enhancements Release M.10.24 EnhancementsRelease M.10.25 Enhancements Release M.10.26 Enhancements Release M.10.27 Enhancements Enhancements Release M.10.28 Enhancements Release M.10.29 EnhancementsRelease M.10.30 Enhancements Release M.10.31 Enhancements Release M.10.32 Enhancements Scheduled Reload How RADIUS-Based Authentication Affects Vlan Operation Release M.10.33 EnhancementsVlan Assignment on a ProCurve Port 103 104 Example of an Active Vlan Configuration 106 107 Release M.10.34 Enhancements Concurrent TACAS+ and Sftp Release M.10.35 Enhancements Dynamic ARP ProtectionIntroduction ProCurveconfig# arp protect vlan Enabling Dynamic ARP Protection Configuring Trusted Ports Configuring Trusted Ports for Dynamic ARP Protection ProCurveconfig# arp protect trust b1-b4, d1 Adding an IP-to-MAC Binding to the Dhcp Database Configuring Additional Validation Checks on ARP Packets ProCurveconfig# arp protect validate src-mac dst-mac Verifying the Configuration of Dynamic ARP Protection Displaying ARP Packet Statistics Release M.10.36 Enhancements Release M.10.37 EnhancementsMonitoring Dynamic ARP Protection Configuring Mstp Port Connectivity Parameters 117 Release M.10.38 Enhancements Spanning-tree B2 priority Enabling and Configuring Snmp Informs Send Snmp v2c Informs Release M.10.39 Enhancements Community Configuring Radius Authentication Radius Server UnavailableOverview 122 Specifying the MAC Address Format SSH ARP Age Timer Increase Example of Setting the ARP Age Timeout to 1000 Minutes IP Config 125 Release M.10.40 Enhancements Release M.10.41 EnhancementsRelease M.10.42 Enhancements Release M.10.43 Enhancements Differences Between Switch Platforms Protection Against IP Source Address Spoofing Prerequisite Dhcp Snooping Filtering IP and MAC Addresses Per-Port and Per-VLAN An Example of a Static Configuration Entry 10.0.10.1 001122-110011 Enabling Dynamic IP Lockdown Potential Issues with Bindings Adding an IP-to-MAC Binding to the Dhcp Binding Database Verifying the Dynamic IP Lockdown Configuration Adding a Static Binding Example of show ip source-lockdown status Command Output Displaying the Static Configuration of IP-to-MAC Bindings Example of show ip source-lockdown bindings Command Output Debugging Dynamic IP Lockdown Example of debug dynamic-ip-lockdown Command Output Release M.10.44 through M.10.64 Enhancements Mstp Vlan Configuration Enhancement Release M.10.65 Enhancements Enabling Mstp on the Switch PreConfiguring VLANs in an MST InstanceProCurveconfig# spanning-tree protocol-version mstp ProCurveconfig# write mem Configuring Mstp Instances with the Vlan Range Option ProCurveconfig# spanning-tree instance 1 vlan Operating Notes Configure Logging via Snmp Release M.10.66 Enhancements Adding a Description for a Syslog Server Adding a Priority Description Example of the Logging Command with a Priority Description Lacp and Link Traps Global Disable Release M.10.67 EnhancementsRelease M.10.68 Enhancements Release M.10.69 Enhancements Release M.10.70 EnhancementsRelease M.10.71 Enhancements Release M.10.72 Enhancements Release M.08.52 Release M.08.53 Never ReleasedRelease M.08.54 Release M.08.55 Release M.08.60 Show CDP the Yes is changed to Yes,Receive Only Problems Resolved in Release M.08.62 Problems Resolved in Release M.08.63 Not a general releaseRelease M.08.62 Release M.08.63 Release M.08.64 Release M.08.65Release M.08.66 Release M.08.67 Problems Resolved in Release M.08.68 Not a general release Problems Resolved in Release M.08.69Release M.08.68 Release M.08.69 Problems Resolved in Release M.08.70 Not a general release Duplicate access control entryProblems Resolved in Release M.08.71 Never released Release M.08.70 Release M.08.72 Release M.08.73Release M.08.74 Release M.08.75 Release M.08.76Release M.08.77 Release M.08.78 Release M.08.79Release M.08.80 Release M.08.81 Release M.08.83 Release M.08.84Release M.08.85 Release M.08.86 Problems Resolved in Release M.08.87 Not a general release Problems Resolved in Release M.08.88 Not a general releaseRelease M.08.87 Release M.08.88 Problems Resolved in Release M.08.90 Not a general release Problems Resolved in Release M.08.92 Not a general releaseRelease M.08.90 Release M.08.91 Release M.08.93 Release M.08.94Release M.08.95 Release M.08.96 Release M.08.97 Release M.10.01Release M.10.02 Release M.10.03 Release M.10.04 Release M.10.05Release M.10.06 Problems Resolved in Release M.10.07 Problems Resolved in Release M.10.08Release M.10.07 Release M.10.08 Problems Resolved in Release M.10.09 Problems Resolved in Release M.10.10Release M.10.09 Release M.10.10 Release M.10.11 Release M.10.12Release M.10.13 Release M.10.14 Release M.10.15Release M.10.16 Problems Resolved in Release M.10.17 Problems Resolved in Release M.10.20Release M.10.17 Release M.10.18 Release M.10.19 Problems Resolved in Release M.10.21 Not a general release Problems Resolved in Release M.10.22 Not a general releaseRelease M.10.21 Release M.10.22 Problems Resolved in Release M.10.23 Never released Problems Resolved in Release M.10.24 Never releasedRelease M.10.23 Release M.10.24 Problems Resolved in Release M.10.26 Not a general release Problems Resolved in Release M.10.27 Never releasedRelease M.10.26 Release M.10.27 Problems Resolved in Release M.10.28 Not a general release Problems Resolved in Release M.10.29 Never releasedCCCCCline 10007 Error setting configuration Release M.10.28 Transceiver hotswap PR1000390888 Transceiver hotswap issues Problems Resolved in Release M.10.30Problems Resolved in Release M.10.31 Release M.10.30 Problems Resolved in Release M.10.32 Problems Resolved in Release M.10.33Release M.10.32 Release M.10.33 Problems Resolved in Release M.10.34 Problems Resolved in Release M.10.35Release M.10.34 Release M.10.35 Release M.10.36 Release M.10.37Release M.10.38 Release M.10.39 Release M.10.40Release M.10.41 Release M.10.42 Release M.10.43Release M.10.44 Release M.10.45 Release M.10.46Release M.10.47 Fatal error Server unexpectedly closed connection Problems Resolved in Release M.10.48 Not a Public ReleaseProblems Resolved in Release M.10.49 Not a Public Release Release M.10.48 Software exception at ConfigTree.cc508 -- in mChassCtrl Problems Resolved in Release M.10.50 M.10.64 Never BuiltProblems Resolved in Release M.10.65 Not a Public Release Release M.10.50 through M.10.64 Problems Resolved in Release M.10.66 Not a Public Release Release M.10.66Software exception at dsnoopctrl.c109 -- in mDsnoop002 Problems Resolved in Release M.10.67 Never Released Release M.10.67 Problems Resolved in Release M.10.68 Problems Resolved in Release M.10.69 Not a Public ReleaseRelease M.10.68 Release M.10.69 Problems Resolved in Release M.10.70 Not a Public Release Release M.10.70 Software exception at aaa8021xproto.c255 -- in m8021xCtrl Software exception at ldbalutil.c2525 -- in mLdBalCtrl Problems Resolved in Release M.10.71 Not a Public Release Problems Resolved in Release M.10.72Release M.10.71 Release M.10.72 184 185 Message October