Manuals / Brands / Computer Equipment / Switch / HP / Computer Equipment / Switch

HP 445946-001 Accessing the switch, 6.Apply and save the configuration, 2.Configure the TACACS+ secret and second secret

1 198

Download 198 pages, 8.34 Mb

Accessing the switch

Configuring TACACS+ authentication on the switch (CLI example)

1.Turn TACACS+ authentication on, and then configure the Primary and Secondary TACACS+ servers.

>>	Main# /cfg/sys/tacacs	(Select the TACACS+ Server menu)
>>	TACACS+ Server# on	(Turn TACACS+ on)
Current status: OFF
New status: ON

>>TACACS+ Server# prisrv 10.10.1.1 (Enter primary server IP) Current primary TACACS+ server: 0.0.0.0

New pending primary TACACS+ server: 10.10.1.1

>>TACACS+ Server# secsrv 10.10.1.2 (Enter secondary server IP) Current secondary TACACS+ server: 0.0.0.0

New pending secondary TACACS+ server: 10.10.1.2

2.Configure the TACACS+ secret and second secret.

>>TACACS+ Server# secret

Enter new TACACS+ secret: <1-32 character secret> >> TACACS+ Server# secret2

Enter new TACACS+ second secret: <1-32 character secret>

CAUTION: If you configure the TACACS+ secret using any method other than a direct console connection, the secret may be transmitted over the network as clear text.

3.If desired, you may change the default TCP port number used to listen to TACACS+. The well-known port for TACACS+ is 49.

>>TACACS+ Server# port Current TACACS+ port: 49

Enter new TACACS+ port [1-65000]: <TCP port number>

4.Configure the number retry attempts for contacting the TACACS+ server and the timeout period.

>>TACACS+ Server# retries

Current TACACS+ server retries: 3

Enter new TACACS+ server retries [1-3]: 2 >> TACACS+ Server# time

Current TACACS+ server timeout: 5

Enter new TACACS+ server timeout [4-15]: 10 (Enter the timeout period in minutes)

5.Configure custom privilege-level mapping (optional).

>> TACACS+ Server# usermap 2

Current privilege mapping for remote privilege 2: not set

Enter new local privilege mapping: user

>>TACACS+ Server# usermap 3 user

>>TACACS+ Server# usermap 4 user

>>TACACS+ Server# usermap 5 oper

6.Apply and save the configuration.

28

Contents

HP 10Gb Ethernet BL-cSwitch Page Contents Ports and trunking Configuring LACP Port-basedNetwork Access and traffic control VLANs Viewing VLANs Bridge priority Port priority Port path cost Adding a VLAN to a Spanning Tree Group Creating a VLAN Basic IP routing Routing Information Protocol IGMP Snooping Configuring IGMP Snooping (CLI example) Configuring a Static Mrouter (CLI example) Configuring IGMP Snooping (BBI example) Configuring IGMP Filtering (BBI example) Types of OSPF areas High availability Spanning Tree Protocol with UFD Configuring UFD on Switch 1 (CLI example) Configuring UFD on Switch 2 (CLI example) Configuring Uplink Failure Detection (BBI example) Accessing the switch Additional references http://www.hp.com/go/bladesystem/documentation •HP 10Gb Ethernet BL-cSwitch User Guide •HP 10Gb Ethernet BL-cSwitch Command Reference Guide •HP 10Gb Ethernet BL-cSwitch ISCLI Reference Guide ○Untagged ○Port VLAN ID (PVID): VLAN Interface •Gateway 254—Thisgateway is the default gateway for the management interface Using the command line interfaces Using the Browser-basedInterface Using Simple Network Management Protocol /cfg/sys/ssnmp/snmpv3/usm <x>/auth md5|sha To configure a user with name rview wview nview CLI user equivalent CLI oper equivalent SNMPv1 trap host 3.Configure an entry in the notify table c/sys/ssnmp/snmpv3/tparam <x>/uname 5.Use the community table to define the community string used in the traps snmpv2 snmpv1 /c/sys/ssnmp/snmpv3/access <x>/level /c/sys/ssnmp/snmpv3/tparam <x Secure access to the switch Configuring an IP address range for the management network How RADIUS authentication works Configuring RADIUS on the switch (CLI example) Configuring RADIUS on the switch (BBI example) RADIUS authentication features User accounts for RADIUS users RADIUS attributes for user privileges NOTE: User access level TACACS+ level Quit 2.Configure the TACACS+ secret and second secret 5.Configure custom privilege-levelmapping (optional) 6.Apply and save the configuration Tacacs+ Submit Secure Shell and Secure Copy Configuring SSH and SCP features (CLI example) Enabling or disabling SSH Enabling or disabling SCP apply and save Configuring the SCP administrator password Using SSH and SCP client commands Logging in to the switch Downloading configuration from the switch using SCP Uploading configuration to the switch using SCP Applying and saving configuration SSH and SCP encryption of management messages Generating RSA host and server keys for SSH access SSH/SCP integration with RADIUS and TACACS+ authentication Page Ports and trunking Port trunk groups Before you configure trunks Trunk group configuration rules Port trunking example Figure 1.On Switch 1, configure trunk groups 5 and 3: 2.On Switch 2, configure trunk groups 4 and 2: 3.Examine the trunking information on each switch, using the following command: Trunk Groups Add e. Click Submit Dashboard Page Configurable Trunk Hash algorithm Link Aggregation Control Protocol Actor Switch Partner Switch Page 1.Set the LACP mode on port 3. Set the LACP mode on port 4. Define the admin key on port 5.Apply and verify the configuration 6.Save your new configuration changes Port-basedNetwork Access and traffic control Page Page Table 9 EAP support for RADIUS attributes Attribute Attribute Value A-R A-A Port-basedtraffic control To configure a port for traffic control, perform the following steps: 1.Configure the traffic-controlthreshold and enable traffic control 2.To disable a traffic-controlthreshold, use the following command: 3.Apply and save the configuration VLANs Viewing VLANs Port information Port configuration VLAN tagging Page Page Figure 7 802.1Q tagging (after 802.1Q tag assignment) VLANs and IP interfaces VLAN topologies and design considerations /cfg/l2/stp /cfg/l2/mrst Page Multiple VLANS with tagging Figure 8 Multiple VLANs with VLAN tagging The features of this VLAN are described in the following table: Table 10 Multiple VLANs with tagging Component Configuring ports and VLANs on Switch 1 (CLI example) Page Configuring ports and VLANs on Switch 2 (CLI example) Configuring ports and VLANs on Switch 1 (BBI example) e.Click Submit Add VLAN c.Click Submit FDB static entries Page Spanning Tree Protocol Bridge priority Port priority Port path cost Page Switch element Belongs to Multiple Spanning Trees Page Configuring Switch 1 (CLI example) Configuring Switch 2 (CLI example) Configuring Switch 1 (BBI example) Submit Port Fast Forwarding Fast Uplink Convergence RSTP and MSTP Edge port Link type Configuring Rapid Spanning Tree (CLI example) Configuring Rapid Spanning Tree Protocol (BBI example) Multiple Spanning Tree Protocol Configuring Multiple Spanning Tree Protocol (CLI example) Configuring Multiple Spanning Tree Protocol (BBI example) CIST-Bridge CIST-Ports d. Click Submit Quality of Service Using ACL filters Number Protocol Name TCP/UDP Application Flag Precedence Group ACLs Precedence Level Using ACL Groups ACL Metering and Re-marking Viewing ACL statistics ACL configuration examples 1.Configure Access Control Lists (ACLs) b.Open the Access Control Lists folder, and select Add ACL Deny IPv4 Page Page Using DSCP values to provide QoS Drop Precedence Class Table 18 Class selector priority classes Priority Using 802.1p priorities to provide QoS Page 1.Configure a port’s default 802.1 priority 1.Configure a port’s default 802.1p priority Page Page Priority - CoS CoS - Weight Queuing and scheduling Basic IP routing Page Page Example of subnet routing Subnet Devices IP Addresses Interface IP Interface Switch Port VLAN # 4.The VLANs shown in the table above are configured as follows: 5.Each time you add a port to a VLAN, you may get the following prompt: 6.Enter y to set the default Port VLAN ID (PVID) for the port 7.Add each IP interface to the appropriate VLAN 9.Apply and verify the configuration Dynamic Host Configuration Protocol Page Routing Information Protocol RIPv1 RIPv2 RIPv2 in RIPv1 compatibility mode RIP Features Page RIP configuration example 1. Add VLANs for routing interfaces 2. Add IP interfaces to VLANs (/cfg/l3/frwd/on) before you turn RIP on /maint/route/dump IGMP Snooping Page Configuring the range Configuring the action Configuring IGMP Snooping (CLI example) Configuring IGMP Filtering (CLI example) Configuring a Static Mrouter (CLI example) Configuring IGMP Snooping (BBI example) Page Configuring IGMP Filtering (BBI example) a. Select Layer 3 > IGMP > IGMP Filters > Add Filter Layer 3 > IGMP > IGMP Filters > Switch Ports Page Configuring a Static Multicast Router (BBI example) Page OSPF Page dead OSPF implementation in HP 10GbE switch software Assigning the area index Using the area ID to assign the OSPF area number Attaching an area to a network Default routes Page Page Page OSPF configuration examples Example 1: Simple OSPF domain (BBI example) Add IP Interface Page Add OSPF Area d.Select Add OSPF Area f.Click Submit Add OSPF Interface d.Select Add OSPF Interface f. Click Submit Configuring OSPF for a virtual link on Switch A 8.Attach the network interface to the backbone 9.Attach the network interface to the transit area Configure the virtual link Switch B in step Apply and save the configuration changes Other Virtual Link Options Figure 23 Summarizing routes hide Configure IP interfaces for each network which will be attached to OSPF areas 2.Enable OSPF 3.Define the backbone Use the following commands to verify the OSPF configuration on your switch: •/info/l3/ospf/general •/info/l3/ospf/nbr •/info/l3/ospf/dbase/dbsum •/info/l3/ospf/routes Remote monitoring Configuring RMON Statistics (CLI example) Configuring RMON Statistics (BBI example) Page 4.Click Submit History MIB objects Configure RMON History (CLI example) Configure RMON History (BBI example) Alarm MIB objects Configure RMON Alarms (CLI example 1) Configure RMON Alarms (CLI example 2) Configure RMON Alarms (BBI example 1) 2.Click Submit Configure RMON Alarms (BBI example 2) Configuring RMON Events (CLI example) Configuring RMON Events (BBI example) High availability Page Page Configuring UFD on Switch 1 (CLI example) Configuring UFD on Switch 2 (CLI example) Configuring Uplink Failure Detection (BBI example) Add Virtual router Virtual router MAC address Owners and renters Master and backup virtual router Virtual Interface Router Failover methods Figure 26 Active-Activeredundancy HP 10GbE switch extensions to VRRP Parameter Virtual router deployment considerations Task 1: Configure Switch A 2.Configure client and server interfaces 4.Turn on VRRP and configure two Virtual Interface Routers 6.Turn off Spanning Tree Protocol globally Task 2: Configure Switch B Task 1: Configure Switch A (BBI example) Page Page Add Default Gateway Page Add Virtual Router g.Select Add Virtual Router i.Click Submit Add Spanning Tree Group Page off Troubleshooting tools To configure Port Mirroring for the example shown in the preceding figure: 1.Specify the monitoring port 2.Select the ports that you want to mirror 3.Enable Port Mirroring 4. Apply and save the configuration Port-Based Port Mirroring d.Click Add Mirrored Port Other network troubleshooting techniques Other network troubleshooting techniques include the following /info/sys/log -mgt –data Page Index