Manuals / Brands / Computer Equipment / Switch / HP / Computer Equipment / Switch

HP 6120 ping, timeout, requests, radius-server, The switch does not receive a response to RADIUS authentication

1 589

Download 589 pages, 3.31 Mb

Troubleshooting

Unusual Network Activity

The switch does not receive a response to RADIUS authentication

requests. In this case, the switch will attempt authentication using the secondary method configured for the type of access you are using (console, Telnet, or SSH).

There can be several reasons for not receiving a response to an authentication request. Do the following:

■Use ping to ensure that the switch has access to the configured RADIUS servers.

■Verify that the switch is using the correct encryption key (RADIUS secret key) for each server.

■Verify that the switch has the correct IP address for each RADIUS server.

■Ensure that the radius-server timeout period is long enough for network conditions.

The switch does not authenticate a client even though the RADIUS server is properly configured and providing a response to the authentication request. If the RADIUS server configuration for authenticating the client includes a VLAN assignment, ensure that the VLAN exists as a static VLAN on the switch. Refer to “How 802.1X Authentication Affects VLAN Operation” in the Access Security Guide for your switch.

During RADIUS-authenticated client sessions, access to a VLAN on the

port used for the client sessions is lost. If the affected VLAN is configured as untagged on the port, it may be temporarily blocked on that port during an 802.1X session. This is because the switch has temporarily assigned another VLAN as untagged on the port to support the client access, as specified in the response from the RADIUS server. Refer to “How 802.1X Authentication Affects VLAN Operation” in the Access Security Guide for your switch.

The switch appears to be properly configured as a supplicant, but cannot gain access to the intended authenticator port on the switch to which it is connected. If aaa authentication port-access is configured for Local, ensure that you have entered the local login (operator-level) username and password of the authenticator switch into the identity and secret parameters of the supplicant configuration. If instead, you enter the enable (manager- level) username and password, access will be denied.

C-12

Contents

Page Page Page Product Documentation 1 Getting Started 2 Selecting a Management Interface 3 Using the Menu Interface 4 Using the Command Line Interface (CLI) 5 Using the ProCurve Web Browser Interface 6 Switch Memory and Configuration 7 Interface Access and System Information 8 Configuring IP Addressing 9 Time Protocols 10 Port Status and Configuration 11 Port Trunking 12 Port Traffic Controls 13 Configuring for Network Management Applications Page A File Transfers B Monitoring and Analyzing Switch Operation Page C Troubleshooting Page D MAC Address Management E Monitoring Resources FDaylight Savings Time on ProCurve Switches GNetwork Out-of-BandManagement (OOBM) Page Product Documentation Software Feature Index Intelligent Edge Software Features Page Page Page Getting Started Introduction Conventions Command Syntax Statements copy tftp Command Prompts ProCurve hostname Screen Simulations Displayed Text Sources for More Information Page Getting Documentation From the Web Online Help Menu Interface Figure 1-2.Online Help for Menu Interface Command Line Interface help Figure 1-3.Example of CLI Help Web Browser Interface Figure 1-4.Button for Web Browser Interface Online Help Need Only a Quick Start IP Addressing setup 8.Run Setup To Set Up and Install the Switch in Your Page Selecting a Management Interface Understanding Physical Interfaces www.hp.com/go/bladesystem/documentation Understanding Management Interfaces Menu interface ProCurve Manager (PCM)— Advantages of Using the Menu Interface Figure 2-1.Example of the Console Interface Display Provides quick, easy management access Offers out-of-band Advantages of Using the CLI Figure 2-2.Command Prompt Examples General Benefits Information on Using the CLI Advantages of Using the Web Browser Interface Figure 2-3.Example of the Web Browser Interface Easy access Familiar browser Advantages of Using ProCurve Manager or ProCurve Manager Plus Figure 2-4.Example of the Home Page for ProCurve Manager Plus Network Status Summary: Alerts and Troubleshooting: Automatic Device Discovery: Topology and Mapping: Device Management: Custom Login Banners for the Console and Web Browser Interfaces Banner Operation with Telnet, Serial, or SSHv2 Access Press any key to continue prompt Banner Operation with Web Browser Access Configuring and Displaying a Non-DefaultBanner show banner motd Example of Configuring and Displaying a Banner Figure 2-5.Example of Configuring a Login Banner show running Figure 2-6.Example of show banner motd Output Figure 2-7.The Current Banner Appears in the Switch’s Running-ConfigFile Figure 2-8.Example of CLI Result of the Login Banner Configuration Operating Notes no banner motd ssh version 1-or-2 1-or-2 Using the Menu Interface Page Menu Interaction with Other Interfaces Starting and Ending a Menu Session How To Start a Menu Interface Session menu Figure 3-1.Example of the Main Menu with Manager Privileges How To End a Menu Session and Exit from the Console: Switch Configuration Figure 3-2.Example Indication of a Configuration Change Requiring a Reboot Reboot Switch Main Menu Features Figure 3-3.The Main Menu View with Manager Privileges Status and Counters: Switch Configuration: Event Log: Reboot Switch: Download OS: Run Setup: Logout: Screen Structure and Navigation Figure 3-4.Elements of the Screen Structure dit Table 3-1.How To Navigate in the Menu Interface Help Figure 3-5.Example Showing How To Display Help Rebooting the Switch Figure 3-6.The Reboot Switch Option in the Main Menu Rebooting To Activate Configuration Changes 2.Switch Configuration 8.VLAN Menu Maximum VLANs to support VLAN Support Menu Features List Where To Go From Here Using the Command Line Interface (CLI) Accessing the CLI Command Line (CLI) Using the CLI Privilege Levels at Logon Figure 4-1.Example of CLI Log-OnScreen with Password(s) Set C a u t i o n Privilege Level Operation Operator Privileges Manager Privileges Figure 4-2.Access Sequence for Privilege Levels Operator Privileges Manager Privileges Context Configuration level: Table 4-1.Privilege Level Hierarchy How To Move Between Levels Command Line Interface (CLI) Listing Commands and Command Options Listing Commands Available at Any Privilege Level Figure 4-3.Example of the Operator Level Command Listing Figure 4-4.Exampleof the Manager-LevelCommand Listing - - MORE Listing Command Options Figure 4-5.Example of How To List the Options for a Specific Command Displaying CLI “Help” Displaying Command-ListHelp Syntax: help Figure 4-6.Example of Context-Sensitive Command-ListHelp Displaying Help for an Individual Command Figure 4-7.Exampleof How To Display Help for a Specific Command Configuration Commands and the Context Configuration Modes Port or Trunk-Group Context trk1 Figure 4-8. Context-SpecificCommands Affecting Port Context VLAN Context Figure 4-9. Context-SpecificCommands Affecting VLAN Context CLI Control and Editing Executing a Prior Command—Redo command-str Figure 4-10.Example of the redo Command Repeating Execution of a Command For example: Figure 4-11.Example of repeat Command Using a Range Using a Command Alias alias name: command: show interface custom show alias Figure 4-13.Example of Alias Commands and Their Configurations CLI Shortcut Keystrokes Using the ProCurve Web Browser Interface No General Features Starting a Web Browser Interface Session with the Switch Using a Standalone Web Browser in a PC or UNIX Workstation Location or Address Using ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+) Figure 5-1.Example of Status Overview Screen Tasks for Your First ProCurve Web Browser Interface Session Viewing the “First Time Install” Window Figure 5-2. First-TimeInstall Window Security: Creating Usernames and Passwords in the Browser Interface Operator Setting Manager Setting Figure 5-3.The Device Passwords Window secure access to the device Device Passwords Entering a User Name and Password Figure 5-4.Example of the Password Prompt in the Web Browser Interface Using a User Name If You Lose the Password Online Help for the Web Browser Interface Figure 5-5.The Help Button Support/Mgmt URLs Feature Support URL Management Server URL Figure 5-6.The Default Support/Mgmt URLs Window Support URL www.hp.com/#Support Help and the Management Server URL Management Server URL www.hp.com/rnd/device_help Using the PCM Server for Switch Web Help www.hp.com//rnd/device_help http://15.29.37.12.8040/rnd/device_help Status Reporting Features The Overview Window Figure 5-8.The Status Overview Window The Port Utilization and Status Displays Figure 5-9.The Graphs Area Port Utilization % Unicast Rx & All Tx: Maximum Activity Indicator: Utilization Guideline To change the amount of bandwidth the Port Utilization bar graph Figure 5-10.Changing the Graph Area Scale Figure 5-11.Display of Numerical Values for the Bar Port Status Figure 5-12.The Port Status Indicators and Legend Port Connected Port Not Connected Port Disabled The Alert Log Figure 5-13.Example of the Alert Log Alert Description Excessive CRC/Alignment errors on port: Alert Types and Detailed Views Acknowledge Event Delete Event Cancel Figure 5-14.Example of Alert Log Detail View The Status Bar Figure 5-15.Example of the Status Bar Status Indicator Table 5-1.Status Indicator Key System Name Most Critical Alert Description Product Name Setting Fault Detection Policy Figure 5-16.The Fault Detection Window Log Network Problems High Sensitivity Medium Sensitivity Low Sensitivity Never Switch Memory and Configuration Page Configuration File Management Figure 6-1.Conceptual Illustration of Switch Memory Operation Running Config File: Startup-config File: In the menu interface: In the web browser interface: Page Show config How To Use the CLI To Reconfigure Switch Features Using the CLI To Implement Configuration Changes write terminal show config status auto-10 How To Cancel Changes You Have Made to the Running-ConfigFile Figure 6-2.Boot Prompt for an Unsaved Configuration How To Reset the startup-configand running-configFiles to the Factory Default Configuration Figure 6-3.Example of erase startup-configCommand Using the Menu and Web Browser Interfaces To Implement Configuration Changes Menu: Implementing Configuration Changes Using Save and Cancel in the Menu Interface Rebooting from the Menu Interface Figure 6-5.The Reboot Switch Option in the Main Menu 2. Switch Configuration 8. VLAN Menu Figure 6-6.Indication of a Configuration Change Requiring a Reboot Web: Implementing Configuration Changes Using Primary and Secondary Flash Image Options Primary Flash: Secondary Flash: Displaying the Current Flash Image Data show version Figure 6-7.Example Showing the Identity of the Current Flash Image Figure 6-8.Example Showing Different Flash Image Versions Figure 6-9.Determining the Software Version in Primary and Secondary Flash Switch Software Downloads Table 6-1.Primary/Secondary Memory Access copy xmodem usb Local Switch Software Replacement and Removal Copying a Switch Software Image from One Flash Location to primary secondary Caution: No Undo Figure 6-11.Example of Erase Flash Prompt Rebooting the Switch Operating Notes about Booting Default Boot Source boot system flash [primary | secondary] set-default Boot and Reload Command Comparison Table 6-2.Comparing the Boot and Reload Commands The reload command Setting the Default Flash flash Booting from the Default Flash (Primary or Secondary) boot set- default boot system flash <primary | secondary Note system: Using Reload Reload Syntax: reload Scheduled Reload at: Multiple Configuration Files Figure 6-17.Optional Reboot Process General Operation Boot Options backupConfig write mem Transitioning to Multiple Configuration Files oldConfig Figure 6-19.Switch Memory Assignments After the First Reboot from Software Supporting Multiple Configuration Listing and Displaying Startup-ConfigFiles Viewing the Startup-ConfigFile Status with Multiple Configuration Enabled id: act: pri: Displaying the Content of A Specific Startup-ConfigFile Changing or Overriding the Reboot Configuration Policy config boot system flash minconfig newconfig Using Reload To Reboot From the Current Flash Image and Startup- Config File Managing Startup-ConfigFiles in the Switch Renaming an Existing Startup-ConfigFile Creating a New Startup-ConfigFile Unable to copy configuration to “< target-filename >” target-filename Figure 6-20.Example of Using One Startup-ConfigFile for Both Primary and Secondary Flash Erasing a Startup-ConfigFile startup-config: erase erase config Figure 6-22.Example of Erasing a Non-Active Startup-ConfigFile config1 Transferring Startup-ConfigFiles To or From a Remote Server TFTP: Copying a Configuration File to a Remote Host test TFTP: Copying a Configuration File from a Remote Host Unable to copy configuration to "< filename test- 01.txt Xmodem: Copying a Configuration File to a Serially Connected Host copy config > xmodem Automatic Configuration Update with DHCP Option CLI Command Figure 6-24.Example of Enabling Configuration File Update Using Option Possible Scenarios for Updating the Configuration File Log Messages Interface Access and System Information kill Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access Features Menu: Modifying the Interface Access To Access the Interface Access Parameters: 2.Switch Configuration 1.System Information CLI: Modifying the Interface Access Interface Access Commands Used in This Section Listing the Current Console/Serial Link Configuration. This com Figure 7-2.Listing of Show Console Command Reconfigure Inbound Telnet Access. In the default configuration Outbound Telnet to Another Device. This feature operates indepen show telnet Page Reconfigure the Console/Serial Link Settings. You can reconfigure one Syntax: console Figure 7-4.Example of Executing the Console Command with Multiple Parameters Figure 7-5.Example of Executing a Series of Console Commands Denying Interface Access by Terminating Remote Management Sessions show ip ssh Kill System Information System Information Features System Name: System Contact and Location: MAC Age Time: Menu: Viewing and Configuring System Information Figure 7-7.The System Information Configuration Screen (Default Values) CLI: Viewing and Configuring System Information System Information Commands Used in This Section Listing the Current System Information. This command lists the current Figure 7-8.Example of CLI System Information Listing Listing the System Enclosure Information. This command lists the sys Figure 7-9.Example of CLI System Enclosure Information Listing Configure a System Name, Contact, and Location for the Switch. To Figure 7-10.System Information Listing After Executing the Preceding Commands show running, show config show system information Figure 7-11.Menu Screen Showing System Information Figure 7-12.System Location and System Contact in the Web Browser age-out Configure the Time Zone and Daylight Time Rule. These commands: Configure the Time and Date Web: Configuring System Parameters Configure System Parameters in the Web Browser Interface Configuring IP Addressing IP Configuration IP Configuration Features Just Want a Quick Start with IP Addressing 8. Run Setup IP Addressing with Multiple VLANs N o t e s Menu: Configuring IP Address, Gateway, and Time-To-Live (TTL) IP Config Manual DHCP/Bootp To Configure IP Addressing CLI: Configuring IP Address, Gateway, and Time-To Live (TTL) IP Commands Used in This Section Viewing the Current IP Configuration Syntax: show ip Figure 8-2.Example of the Switch’s Default IP Addressing Figure 8-3.Example of Show IP Listing with Non-DefaultIP Addressing Configured Page Figure 8-4.Example of Configuring and Displaying a Multinetted VLAN Figure 8-5.Example of Multinetting on the Default VLAN Removing or Replacing IP Addresses in a Multinetted VLAN. To Note ip route Web: Configuring IP Addressing How IP Addressing Affects Switch Operation Table 8-1.Features Available With and Without IP Addressing on the Switch DHCP/Bootp Operation Overview Bootp Database Record Entries /etc/bootptab Network Preparations for Configuring DHCP/Bootp Page IP Preserve: Retaining VLAN-1IP Addressing Across Configuration File Downloads Operating Rules for IP Preserve ip preserve Enabling IP Preserve Figure 8-6.Example of Implementing IP Preserve in a Configuration File Figure 8-7.Example of IP Preserve Operation with Multiple Series Switches Page Page Time Protocols TimeP Time Synchronization SNTP Time Synchronization Unicast Mode: sntp server General Steps for Running a Time Protocol on the Switch: TimeP •SNTP: Broadcast or Unicast •TimeP: DHCP or Manual Disabling Time Synchronization SNTP: Viewing, Selecting, and Configuring Table 9-1.SNTP Parameters Menu: Viewing and Configuring SNTP 2. Switch Configuration 1. System Information Figure 9-1.The System Information Screen (Default Values) SNTP Mode Broadcast Figure 9-2.Time Configuration Fields for SNTP with Broadcast Mode Unicast Server Version Figure 9-3.SNTP Configuration Fields for SNTP Configured with Unicast Mode CLI: Viewing and Configuring SNTP Viewing the Current SNTP Configuration Page Configuring (Enabling or Disabling) the SNTP Mode Syntax: broadcast Figure 9-7.Example of Enabling SNTP Operation in Broadcast Mode Page Figure 9-8.Example of Configuring SNTP for Unicast Operation Figure 9-9.Example of Specifying the SNTP Protocol Version Number Changing the SNTP Poll Interval Figure 9-10.Example of SNTP with Time Synchronization Disabled Disabling the SNTP Mode Syntax: no sntp Disabled no sntp TimeP: Viewing, Selecting, and Page Page Page Page Page Page Page Page SNTP Unicast Time Polling with Multiple SNTP Servers Displaying All SNTP Server Addresses Configured on the Switch show management Figure 9-20.Example of How To List All SNTP Servers Configured on the Switch Menu: Operation with Multiple SNTP Server Addresses Port Status and Configuration Page Viewing Port Status and Configuring Port Parameters Port Status and Configuration Features Transceivers to Devices Table 10-1.Status and Parameters for Each Port Type Page Menu: Port Configuration 1.Status and Counters 4.Port Status Figure 10-1.Example of a Switch Port Status Screen Using the Menu To Configure Ports 2. Port/Trunk Settings Figure 10-2.Example of Port/Trunk Settings with a Trunk Group Configured Enabled [Enter] CLI: Viewing Port Status and Configuring Port Parameters Port Status and Configuration Commands Viewing Port Status and Configuration brief: Figure 10-3.Example of Show Interfaces Brief Command Listing show interfaces config Figure 10-4.Example of a Show Interfaces Config Command Listing Note Customizing the Show Interfaces Command custom Page Figure 10-6.Example of the Custom show interfaces Command Error Messages Note on Using Pattern Matching with the “Show Interfaces Custom” Command show int custom include Viewing Port Utilization Statistics Viewing Transceiver Status show tech transceivers Figure 10-8.Example of Show Tech Transceivers Command non-operational Enabling or Disabling Ports and Configuring Port Mode auto int int Figure 10-9.Examples of Two Methods for Changing a Port Configuration Enabling or Disabling Flow Control Figure 10-10.Example of Configuring Flow Control for a Series of Ports Figure 10-11.Example Continued from Figure Figure 10-12.Example Continued from Figure Configuring a Broadcast Limit on the Switch Broadcast-Limit broadcast-limit Configuring ProCurve Auto-MDIX Manual Override Table 10-2.Cable Types for Auto and Manual MDI/MDI-XSettings auto-mdix mdi mdix Figure 10-13.Example of Displaying the Current MDI Configuration Figure 10-14.Example of Displaying the Current MDI Operating Mode Web: Viewing Port Status and Configuring Port Using Friendly (Optional) Port Names Show Configuring and Operating Rules for Friendly Port Names show name show interface Configuring Friendly Port Names Figure 10-15.Example of Configuring a Friendly Port Name Figure 10-16.Example of Configuring One Friendly Port Name on Multiple Ports Displaying Friendly Port Names with Other Port Data show name To List All Ports or Selected Ports with Their Friendly Port Names Figure 10-17.Example of Friendly Port Name Data for All Ports on the Switch Including Friendly Port Names in Per-PortStatistics Listings. A Figure 10-19.Example of a Friendly Port Name in a Per-PortStatistics Listing To Search the Configuration for Ports with Friendly Port Names Page Configuring Transceivers and Modules That Haven’t Been Inserted Transceivers Modules Clearing the Module Configuration Page Uni-DirectionalLink Detection (UDLD) Figure 10-21.UDLD Example Configuring UDLD Enabling UDLD Changing the Keepalive Interval Changing the Keepalive Retries Configuring UDLD for Tagged Ports Viewing UDLD Information link-keepalive Figure 10-22.Example of Show Link-KeepaliveCommand show link- keepalive statistics Figure 10-23.Example of Show Link-KeepaliveStatistics Command show link keepalive statistics Configuration Warnings and Event Log Messages Warning Messages Table 10-3.Warning Messages caused by configuring UDLD for Tagged Ports Event Log Messages Table 10-4.UDLD Event Log Messages Port Trunking Figure 11-1.Conceptual Example of Port Trunking Port Security Restriction L A C P N o t e Port Trunk Features and Operation Trunk Configuration Methods Static Trunk: trunk Table 11-1.Trunk Types Used in Static and Dynamic Trunk Groups Table 11-2.Trunk Configuration Protocols Table 11-3.General Operating Rules for Port Trunks Auto-10 Figure 11-2.Recommended Port Mode Setting for LACP Dyn1 Figure 11-3.Example of a Port Trunk in a Spanning Tree Listing show ip igmp Important Menu: Viewing and Configuring a Static Trunk Group 2.Switch Configuration … 2.Port/Trunk Settings Figure 11-4.Example of the Menu Screen for Configuring a Port Trunk Group Trk2 Figure 11-5.Example of the Configuration for a Two-PortTrunk Group Type (LACP or Trunk) CLI: Viewing and Configuring Port Trunk Groups Trunk Status and Configuration Commands Using the CLI To View Port Trunks Listing Static Trunk Type and Group for All Ports or for Selected Ports Figure 11-6.Example Listing Specific Ports Belonging to Static Trunks Figure 11-7.Example of a Show Trunk Listing Without Specifying Ports Listing Static LACP and Dynamic LACP Trunk Data Figure 11-8.Example of a Show LACP Listing Dynamic LACP Standby Links Using the CLI To Configure a Static or Dynamic Trunk Configuring a Static Trunk or Static LACP Trunk Group Trk Passive Active passive Web: Viewing Existing Port Trunk Groups Click on [Port Status] Trunk Group Operation Using LACP Auto-100 Auto-1000 10FDx 100FDx Table 11-4.LACP Trunk Types Page Default Port Operation Table 11-5.LACP Port Status Data LACP Notes and Restrictions 802.1X (Port-BasedAccess Control) Configured on a Port. To main Changing Trunking Methods Static LACP Trunks VLANs and Dynamic LACP Forbid Figure 11-11.Blocked Ports with LACP Half-Duplexand/or Different Port Speeds Not Allowed in LACP Trunks Trunk Group Operation Using the “Trunk” Option How the Switch Lists Trunk Data Outbound Traffic Distribution Across Trunked Links Figure 11-13.Example of Single Path Traffic through a Trunk Figure 11-14.Example of Port-TrunkedNetwork Page Port Traffic Controls Jumbo Frames Terminology Jumbo Frame: Jumbo VLAN: MTU Operating Rules Required Port Speed: Switch Meshing: GVRP Operation: Port Adds and Moves: Configuring Jumbo Frame Operation Overview jumbo Viewing the Current Jumbo Configuration Figure 12-1.Example Listing of Static VLANs To Show Jumbo Status Per VLAN Jumbo Figure 12-2.Example of Listing the VLAN Memberships for a Range of Ports Figure 12-3.Example of Listing the Port Membership and Jumbo Status for a VLAN Enabling or Disabling Jumbo Traffic on a VLAN < vid [no] no jumbo Configuring a Maximum Frame Size Displaying the Maximum Frame Size show jumbos Figure 13. Displaying the Maximum Frame Size and IP MTU Values Operating Notes for Maximum Frame Size Operating Notes for Jumbo Traffic-Handling Figure 12-4.Forwarding Jumbo Frames Through Non-JumboPorts Troubleshooting A VLAN is configured to allow jumbo frames, but one or more ports drops all inbound jumbo frames speed-duplex show interfaces brief < port-list Page Page Using SNMP Tools To Manage the Switch Overview www.procurve.com products index Network Management Page SNMP Management Features www.hp.com/# Support Configuring for SNMP version 1 and 2c Access to the Switch Configuring for SNMP Version 3 Access to the Switch SNMP Version 3 Commands the snmpv3 restricted-access command Enabling SNMPv3 N o t e : S N M P Ve r s i o n I n i t i a l U s e r s show snmpv3 user Figure 13-2.Adding SNMPv3 Users and Displaying SNMPv3 Configuration SNMPv3 User Commands Listing Users Assigning Users to Groups snmpv3 group Figure 13-3.Example of Assigning Users to Groups SNMPv3 Group Commands Group Access Levels Manager Read View Discovery View SNMPv3 Communities snmpv3 community index_name Figure 13-4.Assigning a Community to a Group Access Level SNMP Community Features Menu: Viewing and Configuring non-SNMPversion Communities To View, Edit, or Add SNMP Communities: 6.SNMP Community Names Figure 13-5.The SNMP Communities Screen (Default Values) Add Figure 13-6.The SNMP Add or Edit Screen Need Help elp CLI: Viewing and Configuring SNMP Community Names Figure 13-7.Example of the SNMP Community Listing with Two Communities operator restricted < community- name SNMP Notifications Supported Notifications General Steps for Configuring SNMP Notifications SNMPv1 and SNMPv2c Traps Trap receivers: Fixed or Configuring an SNMP Trap Receiver host Table 13-1.Security Levels for Event Log Messages Sent as Traps Enabling SNMPv2c Informs retries: Figure 13-8.Display of SNMPv2c Inform Configuration Configuring SNMPv3 Notifications snmpv3 notify no snmpv3 notify <notify_name snmpv3 targetaddress params taglist snmpv3 targetaddress params snmpv3 params taglist snmpv3 Syntax snmpv3 params user sec-model msg-processing Managing Network Security Notifications enable traps traps Figure 13-10.Display of Configured Network Security Notifications Enabling Link-ChangeTraps link-change all Configuring the Source IP Address for SNMP Notifications snmp- server response-source trap-source dst-ip-of-request: Page Figure 13-11.Display of Source IP Address Configuration Displaying SNMP Notification Configuration Figure 13-12.Display of SNMP Notification Configuration Configuring Listening Mode Advanced Management: RMON Network Manager LLDP (Link-LayerDiscovery Protocol) Table 13-2.LLDP and LLDP-MEDFeatures Adjacent Device: Advertisement: See LLDPDU Active Port: LLDP: LLDP-Aware: LLDP Neighbor: LLDPDU (LLDP Data Unit): LLDP-MED(Link Layer Discover Protocol Media Endpoint MIB Neighbor: General LLDP Operation LLDP-MED Packet Boundaries in a Network Topology Configuration Options Enable or Disable LLDP-MED Change the Frequency of LLDP Packet Transmission to Neighbor Devices SNMP Notification Table 13-3.Data Available for Basic LLDP Advertisements Remote Management Address Debug Logging debug lldp Options for Reading LLDP Information Collected by the Switch LLDP and LLDP-MEDStandards Compatibility LLDP Operating Rules Port Trunking Spanning-Tree Blocking 802.1X Blocking Configuring LLDP Operation Viewing the Current Configuration Displaying the Global LLDP, Port Admin, and SNMP Notification Status show lldp config Figure 13-13.Example of Viewing the General LLDP Configuration Displaying Port Configuration Details. This command displays the port Figure 13-14.Example of Per-PortConfiguration Display Configuring Global LLDP Packet Controls delay-interval setmib holdtime-multiplier holdtime-interval Changing the Delay Interval Between Advertisements Generated by Inconsistent value Figure 13-15.Example of Changing the Transmit-DelayInterval Configuring SNMP Notification Support Enabling LLDP Data Change Notification for SNMP Trap Receivers Configuring Per-PortTransmit and Receive Modes tx_rx Configuring Basic LLDP Per-PortAdvertisement Content Mandatory Data Configuring a Remote Management Address for Outbound LLDP Optional Data Configuring Support for Port Speed and Duplex Advertisements LLDP-MED (Media-Endpoint-Discovery) Figure 13-16.Example of LLDP-MEDNetwork Elements Endpoint Support Page Operational Support LLDP-MEDTopology Change Notification Page LLDP-MEDFast Start Control Advertising Device Capability, Network Policy, PoE Status and Location Data dot3TlvEnable macphy_config command on page Network Policy Advertisements voice Enabling or Disabling medTlvEnable. In the default LLDP-MED Notes: Configuring Location Data for LLDP-MEDDevices civic address: ELIN (Emergency Location Identification Number): coordinate-based location: civic-addr www.iso.org Page Configuring Coordinate-BasedLocations. Latitude, longitude, and Table 13-4.Some Location Codes Used in CA-TYPEFields Location Element Code Figure 13-17.Example of a Civic Address Configuration Displaying Advertisement Data Displaying Switch Information Available for Outbound Advertisements •PortType •PortId •PortDesc lldp config Figure 13-19.Example of the Default Per-PortInformation Content for Ports 1 and Displaying the Current Port Speed and Duplex Configuration on a Page Figure 13-20.Example of a Global Listing of Discovered Devices Displaying LLDP Statistics NumFramesRecvd: NumFramesSent: NumFramesDiscarded: Frames Invalid: Figure 13-22.Example of a Global LLDP Statistics Display LLDP Operating Notes Neighbor Maximum LLDP Packet Forwarding: > ipAddrEnable 802.1Q VLAN Information Effect of 802.1X Operation Neighbor Data Can Remain in the Neighbor Database After the Mandatory TLVs LLDP and CDP Data Management LLDP and CDP Neighbor Data Page CDP Operation and Commands Syntax: show cdp Figure 13-25.Example of Show CDP with the Default CDP Configuration detail Figure 13-26.Example of CDP Neighbors Table Listing Enabling CDP Operation Page File Transfers Page Downloading Switch Software www.hp.com/#Support General Software Download Rules Using TFTP To Download Software from a Server Menu: TFTP Download from a Server to Primary Flash Figure A-1.Example of a Download OS (Software) Screen (Default Values) TFTP Server ecute Figure A-2.Example of the Download OS (Software) Screen During a Download Validating and writing system software to FLASH b.Check the Firmware revision line Figure A-3.Example of Message for Download Failure show log tftp Remote File Name CLI: TFTP Download from a Server to Flash Figure A-4.Example of the Command to Download an OS (Switch Software) Validating and Writing System Software to FLASH … show system Enabling TFTP no tftp client no auto- tftp Using Auto-TFTP boot system flash primary ip ssh filetransfer auto- tftp Using Secure Copy and SFTP create remove rcp How It Works The SCP/SFTP Process Disable TFTP and Auto-TFTPfor Enhanced Security Figure A-5.Example of Switch Configuration with SFTP Enabled Figure A-6.Using the Menu Interface To Disable TFTP Command Options Authentication $HOME/.ssh/known_hosts SCP/SFTP Operating Notes Page Troubleshooting SSH, SFTP, and SCP Operations Broken SSH Connection PC or UNIX Workstation Menu: Xmodem Download to Primary Flash 7.Download OS XMODEM Press enter and then initiate Xmodem transfer from the attached computer Page Firmware revision Switch-to-SwitchDownload Menu: Switch-to-SwitchDownload to Primary Flash 7. Download OS /os/secondary CLI: Switch-To-SwitchDownloads Downloading from Primary Only Figure A-8. Switch-to-Switch,from Either Flash in Source to Either Flash in Destination Using PCM+ to Update Switch Software Copying Software Images TFTP: Copying a Software Image to a Remote Host Transferring Switch Configurations include-credentials sw8200 TFTP: Copying a Customized Command File to a Switch show-tech show tech custom Figure A-10.Example of the show tech custom Command Xmodem: Copying a Configuration File to a USB Serial Console Connected PC or UNIX Workstation Page Copying Diagnostic Data to a Remote Host, USB Device, PC or UNIX Workstation Copying Command Output to a Destination Device Figure A-11.Example of Sending Command Output to a File on an Attached PC Copying Event Log Output to a Destination Device Figure A-12.Example of Sending Event Log Content to a File on an Attached PC Copying Crash Data Content to a Destination Device Figure A-13.Example of Copying Switch Crash Data Content to a PC Copying Crash Log Data Content to a Destination Device crash-log Monitoring and Analyzing Switch Operation Page Status: Counters: Event Log Configurable trap receivers: Port monitoring (mirroring): Status and Counters Data Menu Access To Status and Counters 1. Status and Counters Figure B-1.The Status and Counters Menu General System Information Menu Access Figure B-2.Example of General Switch Information CLI Access to System Information Figure B-3.Example of Switch System Information Task Monitor—CollectingProcessor Data task-monitor cpu taskusage taskUsageShow CLI Access Port Status Menu: Displaying Port Status 1.Status and Counters … Figure B-6.Example of Port Status on the Menu Interface Web Access Viewing Port and Trunk Group Statistics and Flow Control Status N o t e o n R e s e t Menu Access to Port and Trunk Statistics 4.Port Counters Figure B-7.Example of Port Counters on the Menu Interface how Details Figure B-8.Example of the Display for Show details on a Selected Port CLI Access To Port and Trunk Group Statistics To Display the Port Counter Summary Report To Display a Detailed Traffic Summary for Specific Ports To Reset the Port Counters for a Specific Port Web Browser Access To View Port and Trunk Group Statistics Viewing the Switch’s MAC Address Tables Menu Access to the MAC Address Views and Searches 5.VLAN Address Table Figure B-9.Example of the Address Table ext page rev page earch Figure B-10.Example of Menu Indicating Located MAC Address 7.Port Address Table Figure B-11.Listing MAC Addresses for a Specific Port Determining Whether a Specific Device Is Connected to the Selected Port [P] CLI Access for MAC Address Views and Searches To List All Learned MAC Addresses on the Switch, with The Port Number on Which Each MAC Address Was Learned To Find the Port On Which the Switch Learned a Specific MAC Spanning Tree Protocol (MSTP) Information CLI Access to MSTP Data Figure B-12.Output from show spanning-treeCommand Internet Group Management Protocol (IGMP) Status Figure B-13.Example of IGMP Group Data VLAN Information PortsVLANVID Figure B-14.Example of VLAN Listing for the Entire Switch Listing the VLAN ID (VID) and Status for Specific Ports Figure B-15.Example of VLAN Listing for Specific Ports Listing Individual VLAN Status Figure B-16.Example of Port Listing for an Individual VLAN Web Browser Interface Status Information Figure B-17.Example of a Web Browser Interface Status Overview Screen C o n f i g u r a t i o n N o t e s Traffic Mirroring Mirroring destinations Mirroring Terminology Figure B-18.Local Session Showing Mirroring Terms Exit Port: mirror eth-port IDS: Mirrored Traffic Destinations Local Destinations Monitored Traffic Sources Ports and static trunks: Criteria for Selecting Mirrored Traffic Mirroring Configuration Table B-1.Mirroring Configuration Options Endpoint Switches and Intermediate Devices Using the Menu or Web Interface To Configure Local Mirroring Menu and Web Interface Limits Configuration Steps 3. Network Monitoring Port Figure B-19.The Default Network Mirroring Configuration Screen Monitoring Port Figure B-20.How To Select a Local Exit Port Ports: Monitor CLI: Configuring Local Mirroring Local Mirroring Overview session name monitor Configure a Local Mirroring Session (Page B-35): Mirror-SessionNumber, Local Exit Port, and (Optional) Session Name 1. Determine the Mirroring Session and Destination For a Local Mirroring Session 2. Configure a Mirroring Session on the Source Switch mirror port 3. Configure the Monitored Traffic in a Mirror Session Traffic Selection Options Mirroring-SourceRestrictions Selecting All Inbound/Outbound Traffic to Mirror Port or Trunk Interface with Traffic Direction as the Selection interface eth-port-list monitor all < in | out | both >: For the interface specified by out both Displaying a Mirroring Configuration Displaying the Mirroring Configuration Summary show monitor Mirroring is currently disabled Sessions: Policy: Viewing Mirroring in the Current Configuration File show run mirror endpoint Mirroring Configuration Examples Local Mirroring Using Traffic-DirectionCriteria Figure B-24.Example of a Local Mirroring Topology Maximum Supported Frame Size Enabling Jumbo Frames To Increase Mirroring Path MTU Table B-2.Maximum Frame Sizes for Mirroring Effect of Downstream VLAN Tagging on Untagged, Mirrored Traffic Figure B-26.Effect of Downstream VLAN Tagging on the MTU for Mirrored Traffic Mirroring Dropped Traffic: Mirroring and Spanning Tree: Intercepted or Injected Traffic: Switch Operation as Both Destination and Source: < port > monitor Troubleshooting Mirroring Troubleshooting Page Page Page Troubleshooting Approaches www.hp.com/#support Page Browser or Telnet Access Problems Cannot access the web browser interface: Web Agent Enabled 5.IP Configuration 2.Switch Management Address Information Cannot Telnet into the switch console from a station on the network: Inbound Telnet Enabled Note Unusual Network Activity General Problems The network runs slow; processes fail; users cannot access servers or other devices Duplicate IP Addresses 802.1Q Prioritization Problems Ports configured for non-defaultprioritization (level 1 - 7) are not performing the specified action IGMP-RelatedProblems IP Multicast Traffic Floods Out All Ports; IGMP Does Not Appear To LACP-RelatedProblems Trunk no trunk > lacp Port-BasedAccess Control (802.1X)-RelatedProblems The switch does not receive a response to RADIUS authentication requests radius-server timeout During RADIUS-authenticatedclient sessions, access to a VLAN on the The supplicant statistics listing shows multiple ports with the same authenticator MAC address The Figure C-1.Authenticator Ports Remain “Open” Until Activated RADIUS server fails to respond to a request for service, even though QoS-RelatedProblems Radius-RelatedProblems Figure C-3.Examples of Global and Unique Encryption Keys Spanning-TreeProtocol (MSTP) and Fast-Uplink Problems Broadcast Storms Appearing in the Network. This can occur when SSH-RelatedProblems pub-key file client-public-key TACACS-RelatedProblems Event Log System Allows Fewer Login Attempts than Specified in the Switch Configuration aaa authentication num-attempts TimeP, SNTP, or Gateway Problems The Switch Cannot Find the Time Server or the Configured Gateway VLAN-RelatedProblems Monitor Port None of the devices assigned to one or more VLANs on an 802.1Q Figure C-4.Example of Correct VLAN Port Assignments on a Link Figure C-5.Example of Duplicate MAC Address Using the Event Log for Troubleshooting Switch Problems Event Log Entries Figure C-1.Format of an Event Log Entry Severity Date Time Event Number log-number System Module Page Page Page Page Page Menu: Displaying and Navigating in the Event Log Event Log Figure C-6.Example of an Event Log Display Table C-1.Event Log Control Keys CLI: Displaying the Event Log show logging Examples CLI: Clearing Event Log Entries clear logging Using Log Throttling to Reduce Duplicate Event Log and SNMP Messages Log Throttle Periods Example of Log Throttling Figure C-7.Example of the First Instance of an Event Message and Counter Figure C-2.Example of Duplicate Messages Over Multiple Log Throttling Periods Example of Event Counter Operation Table C-4.How the Duplicate Message Counter Increments Debug/Syslog Operation Debug/Syslog Messaging Debug/Syslog Destination Devices debug destination Debug/Syslog Configuration Commands Figure C-8.Summary of Debug/Syslog Configuration Commands Configuring Debug/Syslog Operation logging facility debug destination session no debug event Displaying a Debug/Syslog Configuration Figure C-5.Sample Output of show debug Command logging severity Example Page Debug Command Debug Messages adj — event — hello — lsa — lsr — Debug Destinations ProCurve# Logging Command Configuring a Syslog Server Page no debug destination logging debug destination logging kern — auth — Adding a Description for a Syslog Server Adding a Priority Description severity system module Configuring the Severity Level for Event Log Messages Configuring the System Module Used to Select the Event Log Messages Sent to a Syslog Server all-pass Operating Notes for Debug and Syslog ■Debug commands do not affect normal message output to the Event Log debug event ■Ensure that your Syslog servers accept Debug messages Diagnostic Tools Diagnostic Features Port Auto-Negotiation Ping and Link Tests Web: Executing Ping or Link Tests Figure C-11.Link and Ping Test Screen on the Web Browser Interface Successes Failures Number of Packets to Send CLI: Ping Test ping6 <ip-address| hostname repetitions <1-10000 timeout <1-60 Link Tests Figure C-13.Example of Link Tests Traceroute Command Ctrl traceroute6 traceroute Figure C-14.Example of a Completed Traceroute Enquiry maxttl Figure C-15.Example of Incomplete Traceroute Due to Low Maxttl Setting Figure C-16.Example of Traceroute Failing to Reach the Destination Address Viewing Switch Configuration and Operation CLI: Viewing the Startup or Running Configuration File Web: Viewing the Configuration File Diagnostics 2.Click on [Configuration Report] Figure C-17.Example of Show Tech Command copy show tech Saving show tech Command Output to a Text File Transfer | Capture Text Figure C-18.Capture Text window of the Hyperterminal Application Figure C-19.Entering a Path and Filename for Saving show tech Output [Start] Customizing show tech Command Output copy “show system” remote-file unix Page CLI: Viewing More Information on Switch Operation Pattern Matching When Using the Show Command show exclude begin: Figure C-20.Example of Pattern Matching with Include Option Figure C-21.Example of Pattern Matching with Exclude Option Figure C-22.Example of Pattern Matching with Begin Option show arp Figure C-23.Example of the Show ARP Command and Pattern Matching with the Include Option CLI: Useful Commands for Troubleshooting Sessions Syntax: alias show ip ssh command Restoring the Factory-Default Configuration CLI: Resetting to the Factory-DefaultConfiguration Clear/Reset: Resetting to the Factory-DefaultConfiguration Restoring a Flash Image erase flash File Figure C-24.Example of Xmodem Download in Progress DNS Resolver Host Name — Basic Operation mygroup.procurve.net common.group.net Configuring and Using DNS Resolution with DNS-CompatibleCommands Configuring a DNS Entry Example Using DNS Names with Ping and Traceroute Figure C-27.Example Network Domain Entity: Identity: docserver Figure C-28.Configuring Switch “A” in FigureC-27To Support DNS Resolution Viewing the Current DNS Configuration Figure C-31.Example of Viewing the Current DNS Configuration Page Event Log Messages Message Meaning MAC Address Management Page Determining MAC Addresses Use the menu interface Use the CLI Menu: Viewing the Switch’s MAC Addresses Configured on the Switch: Figure D-1.Example of the Management Address Information Screen CLI: Viewing the Port and VLAN MAC Addresses Figure D-2.Example of Port MAC Address Assignments on a Switch Viewing the MAC Addresses of Connected Devices mac-address Monitoring Resources Viewing Information on Resource Usage Policy Enforcement Engine qos device-priority service When Insufficient Resources Are Available Daylight Savings Time on ProCurve Switches Middle Europe and Portugal: Southern Hemisphere: Western Europe: Figure F-1.Menu Interface with “User-Defined”Daylight Time Rule Option Page Network Out-of-BandManagement (OOBM) Concepts Figure G-1.6120G/XG Management Ports Figure G-2.6120XG Management Ports Figure D-1. C-classenclosure OA Management port Table A-1.Switch Management Ports Page Example Figure D-2.Network out-of-bandmanagement in a data center OOBM and Switch Applications Tasks OOBM Configuration OOBM context Syntax: oobm OOBM enable/disable OOBM port enable/disable OOBM IPv4 address configuration OOBM IPv4 default gateway configuration OOBM Show Commands Show OOBM Show OOBM IP configuration show oobm ip Show OOBM ARP information show oobm arp Application Server Commands Page Application Client Commands Figure D-3.Example data center Page Index Symbols Numerics