Manuals / Brands / Computer Equipment / Switch / HP / Computer Equipment / Switch

HP ProCurve 6600 A-48, Security Considerations, 6.Remove the USB device from the USB port, 2.Deploy the AutoRun file to a USB flash drive

1 854

Download 854 pages, 10.12 Mb

File Transfers

Using USB Autorun

d.determine if the file will be ‘run once’ (moved to a ‘processed’ direc tory on execution) or ‘run many’ (kept in the root directory of the flash drive from where it can be executed again).

2.Deploy the AutoRun file to a USB flash drive.

3.(If required) Enable the autorun feature on the switch (autorun is enabled by default unless an operator or manager password has been set—see “Autorun and Configuring Passwords” on page A-51).

4.(If the AutoRun file has been signed or encrypted) Enable secure-mode on the switch firstly by configuring an encryption key and a valid trusted certificate, and then by enabling secure-mode via the CLI. See “Enabling Secure Mode” on page A-50.

5.Insert the USB flash drive into the switch’s USB auxiliary port.

The switch processes the AutoRun file automatically and writes a result (.txt) file and report (.xml) file back to the USB flash drive, reporting on the command operations that were executed.

6.Remove the USB device from the USB port.

The switch executes any post-commands, such as rebooting the switch to apply any configuration updates.

7.(Optional) Transfer the ‘result file’ and ‘report file’ to a PCM+-enabled computer for report checking. See “Troubleshooting Autorun Operations” on page A-49.

Security Considerations

By default, the switch is unsecured when shipped (that is, USB autorun is enabled by default). However, as soon as an operator or manager password is configured, autorun is disabled and must be re-enabled at the configuration level of the CLI before it can be used. The requirement to use PCM+ to create a valid AutoRun file helps prevent a non-authorized command file from being created and processed by the switch.

In terms of physical security, access to the switch’s console port and USB port are equivalent. Keeping the switch in a locked wiring closet or other secure space helps to prevent unauthorized physical access. As additional precau tions, you have the following configuration options via the CLI (see page A-50):

■Disable autorun by setting an operator or manager password.■Disable or re-enable the USB autorun function via the CLI.

■Enable autorun in secure mode to verify signatures in autorun command files and to decrypt encrypted command files.

A-48

Contents

Page Page HP ProCurve 3500 Switches 3500yl Switches 5400zl Switches 6200yl Switch Page Product Documentation 1 Getting Started 2 Selecting a Management Interface 3 Using the Menu Interface 4 Using the Command Line Interface (CLI) 5 Using the ProCurve Web Browser Interface 6 Switch Memory and Configuration Viewing the Startup-ConfigFile Status with Multiple Using the Clear + Reset Button Combination To Reset the Xmodem: Copying a Configuration File to a Serially Xmodem: Copying a Configuration from a Serially 7 Interface Access and System Information 8 Configuring IP Addressing 9 Time Protocols 10 Port Status and Configuration 11 Power Over Ethernet (PoE/PoE+) Operation 12 Port Trunking 13 Port Traffic Controls 14 Configuring for Network Management Applications Menu: Viewing and Configuring non-SNMPversion 15 Redundancy (Switches 8200zl) Software Version Mismatch Between Active Potential Software Version Mismatches Downloading a Software Version Serially if the Management Module is Corrupted Management Module LED Behavior A File Transfers Xmodem: Copying a Software Image from the Switch to a Xmodem: Copying a Configuration File from a Serially USB: Uploading an ACL Command File from a USB Device . . A-38 Copying Diagnostic Data to a Remote B Monitoring and Analyzing Switch Operation 2. Configure a Mirroring Destination on a Remote Switch . . . . . . . B-50 3. Configure a Mirroring Session on the Source Switch . . . . . . . . . . B-52 C Troubleshooting Using Log Throttling to Reduce Duplicate Event Debug/Syslog Operation Configuring the Severity Level for Event Log Configuring the System Module Used to Select the Event Log Messages Sent to a Syslog Server Web: Executing Ping or Link Tests Saving show tech Command Output to a Text File D MAC Address Management E Monitoring Resources FDaylight Savings Time on ProCurve Switches GScalability: IP Address, VLAN, and Routing Maximum Values HSwitch Licensing JNetwork Out-of-BandManagement (OOBM) for the 6600 Switch Index Product Documentation Software Feature Index and MLD Snooping), refer to the IPv6 Configuration Guide included on all switches the HP ProCurve 6200yl switches.) Premium License Software Page Page Page Page Page Page Getting Started Introduction www.hp.com/go/ procurve/manuals Conventions Command Syntax Statements copy tftp Command Prompts ProCurve 8212zl# ProCurve (You can use the hostname command to change the text in the CLI prompt.) hostname Sources for More Information below, including Release Notes covering recently added features, visit the ■ Software Release Notes—ReleaseNotes are posted on the HP ProCurve •new features and how to configure and use them •software management, including downloading software to the switch Page Getting Documentation From the Web www.hp.com/go/ procurve/manuals Online Help Menu Interface Figure 1-2.Online Help for Menu Interface help Figure 1-3.Example of CLI Help Web Browser Interface Figure 1-4.Web Browser Interface Online Help Need Only a Quick Start IP Addressing setup 8.Run Setup To Set Up and Install the Switch in Your Selecting a Management Interface Understanding Management Interfaces Menu ProCurve Manager (PCM)— ProCurve Manager Plus Advantages of Using the Menu Interface Figure 2-1.Example of the Console Interface Display Provides quick, easy management access to a menu-driven Advantages of Using the CLI Figure 2-2.Command Prompt Examples General Benefits Information on Using the CLI Advantages of Using the Web Browser Interface ■Display of acceptable ranges of values available in configuration list boxes Advantages of Using ProCurve Manager or ProCurve Manager Plus Figure 2-4.Example of the Home Page for ProCurve Manager Plus Page Device Software Updates: Custom Login Banners for the Console and Web Browser Interfaces ■Telnet ■serial connection ■SSHv2 ■Web browser show banner motd Syntax: banner motd < delimiter delimiter no banner motd <banner-text-string Figure 2-5.Example of Configuring a Login Banner show running Figure 2-6.Example of show banner motd Output Figure 2-7.The Current Banner Appears in the Switch’s Running-ConfigFile Figure 2-8.Example of CLI Result of the Login Banner Configuration Operating Notes no banner motd ssh version 1-or-2 Warning: SSH version has been set to 1-or-2 Page Using the Menu Interface This chapter describes the following features: ■Overview of the Menu Interface (page 3-2) ■Starting and ending a Menu session (page 3-3) ■The Main Menu (page 3-7) ■Screen structure and navigation (page 3-9) Starting and Ending a Menu Session You can access the menu interface using any of the following: How To Start a Menu Interface Session 1.Use one of these methods to connect to the switch: •A PC terminal emulator or terminal •Telnet 2.Do one of the following: How To End a Menu Session and Exit from the Console: Switch Configuration Figure 3-2.Example Indication of a Configuration Change Requiring a Reboot Reboot Switch Main Menu Features Figure 3-3.The Main Menu View with Manager Privileges The Main Menu gives you access to these Menu interface features: Status and Counters: Switch Configuration: Reboot Switch: Download OS: Run Setup: Logout: Screen Structure and Navigation Menu interface screens include these three elements: ■Parameter fields and/or read-onlyinformation such as statistics ■Navigation and configuration actions, such as Save, Edit, and Cancel For example, in the following System Information screen: Table 3-1.How To Navigate in the Menu Interface In most screens there is a Help option in the Figure 3-5.Example Showing How To Display Help 9.) Rebooting the Switch Figure 3-6.The Reboot Switch Option in the Main Menu Rebooting To Activate Configuration Changes . (To access this parameter, go to the Main Menu and select: 2.Switch Configuration 8.VLAN Menu Maximum VLANs to support Menu Features List Where To Go From Here Page Using the Command Line Interface (CLI) Accessing the CLI Command Line (CLI) Using the CLI Privilege Levels at Logon Figure 4-1.Example of CLI Log-OnScreen with Password(s) Set ProCurve# C a u t i o n Privilege Level Operation Operator Privileges Manager Privileges Figure 4-2.Access Sequence for Privilege Levels Operator Privileges config ProCurve(config)# Context Configuration level: ProCurve(eth-1)# ProCurve(vlan-10)# Table 4-1.Privilege Level Hierarchy How To Move Between Levels Password: # config (vlan-10)# interface e Listing Commands and Command Options Listing Commands Available at Any Privilege Level Typing ? at the Manager level produces this listing: Figure 4-4.Exampleof the Manager-LevelCommand Listing - - MORE ProCurve(config)# t [Tab] tacacs-server telnet-server time timesync trunk telnet terminal traceroute ProCurve(config)# t ProCurve(config)# port-[Tab] Figure 4-5.Example of How To List the Options for a Specific Command Displaying CLI “Help” Displaying Command-ListHelp Syntax: help help Figure 4-6.Example of Context-Sensitive Command-ListHelp Figure 4-7.Exampleof How To Display Help for a Specific Command Configuration Commands and the Context Configuration Modes Port or Trunk-Group Context ProCurve(config)# interface c3-c6 Figure 4-8. Context-SpecificCommands Affecting Port Context VLAN Context ProCurve(config)# vlan Command executed at configuration level to enter VLAN 100 context ProCurve(vlan-100)# Resulting prompt showing VLAN 100 context CLI Control and Editing Executing a Prior Command—Redo The redo command executes a prior command in the history list Syntax: redo [number | command-str] Re-executesa command from history. Executes the last command by default For example: Using a Command Alias alias name: command: show interface custom show alias Figure 4-13.Example of Alias Commands and Their Configurations CLI Shortcut Keystrokes Using the ProCurve Web Browser Interface Page ■Optimize your network uptime by using the Alert Log and other diagnostic tools ■Make configuration changes to the switch ■Maintain security by configuring usernames and passwords This chapter covers the following: web-management Web Agent Enabled No General Features Starting a Web Browser Interface Session with the Switch You can start a web browser session in the following ways: •Directly connected to your network •Connected through remote access to your network ■Using a network management station running ProCurve Manager on your network Using ProCurve Manager (PCM) or ProCurve Manager Plus (PCM+) This procedure assumes that: Make sure the Java listing under Figure 5-1.Example of Status Overview Screen Tasks for Your First ProCurve Web Browser Interface Session ■Review the “First Time Install” window ■Set Manager and Operator passwords ■Set access to the web browser interface online help Security: Creating Usernames and Passwords in the Browser Interface rity Guide for your switch Operator Setting Manager Setting Figure 5-3.TheDevice Passwords Window secure access to the device Device Passwords Entering a User Name and Password Figure 5-4.Example of the Password Prompt in the Web Browser Interface Using a User Name If You Lose the Password Online Help for the Web Browser Interface Figure 5-5.TheHelp Button Support/Mgmt URLs Feature ■Support URL – A support information site for your switch Support URL ■Management Server URL – The web site for web browser online Help Management Server URL Support URL Support Help and the Management Server URL Management Server URL www.hp.com/rnd/device_help Using the PCM Server for Switch Web Help Go to the ProCurve Support web site to get the Device Help files: www.hp.com//rnd/device_help 2.Copy the Web help files to the PCM server, under: http://15.29.37.12.8040/rnd/device_help Status Reporting Features Browser elements covered in this section include: ■The Overview window (below) ■Port utilization and status (page 5-18) ■The Alert log (page 5-21) The Port Utilization and Status Displays Figure 5-9.The Graphs Area Port Utilization % Unicast Rx & All Tx: Maximum Activity Indicator: Utilization Guideline To change the amount of bandwidth the Port Utilization bar graph Figure 5-10.Changing the Graph Area Scale Hold the mouse cursor over any of the bars in the graph, and a Figure 5-11.Display of Numerical Values for the Bar Port Status Figure 5-12.The Port Status Indicators and Legend Port Connected Port Not Connected The Alert Log Figure 5-13.Example of the Alert Log Each alert has the following fields of information: ■Alert – The specific event identification Alert Acknowledge Event Delete Event Cancel Status Indicators Setting Fault Detection Policy Figure 5-15.The Fault Detection Window Log Network Problems High Sensitivity Medium Sensitivity Low Sensitivity Never Page Switch Memory and Configuration Changing or Overriding the Reboot Configuration Policy Renaming an Existing Startup-ConfigFile Transferring Startup-ConfigFiles To or From a Remote Server TFTP: Copying a Configuration File to a Remote Host TFTP: Copying a Configuration File from a Remote Host Configuration File Management running-config Figure 6-1.Conceptual Illustration of Switch Memory Operation Running Config File: Startup-config File: Any of the following actions boots the switch: • Executing the boot or the reload command in the CLI • Executing the boot command in the menu interface Page Show config How To Use the CLI To Reconfigure Switch Features file) file Using the CLI To Implement Configuration Changes The CLI offers these capabilities: ■Access to the full set of switch configuration features ■The option of testing configuration changes before making them perma nent auto-10 How To Cancel Changes You Have Made to the Running-ConfigFile Update the ProCurve(config)# interface e 1 disable ProCurve(config)# boot Device will be rebooted, do you want to continue [y/n]? y Figure 6-2.Boot Prompt for an Unsaved Configuration How To Reset the startup-configand running-configFiles to the Factory Default Configuration. This command reboots the switch Factory Default Configuration with the factory-defaultstartup configuration ProCurve(config)# erase startup-config Using the Menu and Web Browser Interfaces To Implement Configuration Changes The menu and web browser interfaces offer these advantages: ■Quick, easy menu or window access to a subset of switch configuration features Rebooting from the Menu Interface ■Terminates the current session and performs a reset of the operating system ■Activates any configuration changes that require a reboot Figure 6-5.The Reboot Switch Option in the Main Menu parameter 2. Switch Configuration 8. VLAN Menu Figure 6-6.Indication of a Configuration Change Requiring a Reboot Web: Implementing Configuration Changes config file and the startup-configfile browser interface Using Primary and Secondary Flash Image Options Displaying the Current Flash Image Data show version Figure 6-7.Example Showing the Identity of the Current Flash Image Figure 6-8.Example Showing Different Flash Image Versions Determining Which Flash Image Versions Are Installed. The show ver Figure 6-9.Determining the Software Version in Primary and Secondary Flash Switch Software Downloads Table 6-1.Primary/Secondary Memory Access xmodem usb Download Interruptions Local Switch Software Replacement and Removal Copying a Switch Software Image from One Flash Location to Syntax: copy flash flash <destination flash destination flash where: destination flash = primary or secondary: Caution: No Undo Syntax: erase flash < primary | secondary For example, to erase the software image in primary flash, do the following: ProCurve# boot system flash secondary Rebooting the Switch Operating Notes about Booting Default Boot Source boot system flash [primary | secondary] flash [primary | secondary] reload at 1:00 mm/dd mm/dd Boot and Reload Command Comparison Table 6-2.Comparing the Boot and Reload Commands The reload command Setting the Default Flash flash Syntax: boot set-defaultflash [primary |secondary] boot set- default boot system flash <primary | secondary Syntax: boot [system [flash <primary | secondary>] [config FILENAME] Note system: Figure 6-16.Example of Boot Command with Secondary Flash Option Syntax: [no] fastboot Enables the fastboot option The no option disables the feature Syntax: show fastboot Syntax: reload Scheduled Reload at: The no form of the command removes a pending reboot request For more details and examples, see below The scheduled reload feature removes the requirement to physically reboot Multiple Configuration Files A fixed reboot policy using a specific ■Overriding the current reboot policy on a per-instancebasis Figure 6-19.Optional Reboot Process General Operation The switch uses three memory “slots”, with identity ) numbers of , and Boot Options backupConfig Use the CLI to make configuration changes in the Transitioning to Multiple Configuration Files Assigns the filename oldConfig Saves a copy of the existing Listing and Displaying Startup-ConfigFiles Viewing the Startup-ConfigFile Status with Multiple Configuration Enabled Syntax: show config files id: Changing or Overriding the Reboot Configuration Policy You can boot the switch using any available startup-configfile ■The active configuration file Syntax: startup-default[ primary | secondary ] config < filename Specifies a boot configuration policy option: config boot system flash For example, suppose: minconfig newconfig Managing Startup-ConfigFiles in the Switch Renaming an Existing Startup-ConfigFile Unable to copy configuration to “< target-filename >” Figure 6-22.Example of Using One Startup-ConfigFile for Both Primary and Secondary Flash flash memory location from which you have erased the currently assigned Erasing a Startup-ConfigFile startup-config: erase erase config Figure 6-24.Example of Erasing a Non-Active Startup-ConfigFile config1 Figure 6-25.Example of Clear + Reset Result Transferring Startup-ConfigFiles To or From a Remote Server TFTP: Copying a Configuration File to a Remote Host src-file remote file test TFTP: Copying a Configuration File from a Remote Host Unable to copy configuration to "< filename erase config <filename test 01.txt copy config > xmodem Xmodem: Copying a Configuration from a Serially copy xmodem Automatic Configuration Update with DHCP Option ■One or more DHCP servers with Option 66 are enabled ■One or more TFTP servers has the desired configuration file CLI Command The command to enable the configuration update using Option 66 is: Possible Scenarios for Updating the Configuration File Log Messages “Invalid IP address <ip-address>received for DHCP Option 66” Page Interface Access and System Information This chapter describes how to: ■View and modify the configuration for switch interface access ■Use the CLI kill command to terminate a remote session kill ■View and modify switch system information For help on how to actually use the interfaces built into the switch, refer to: ■Chapter 3, “Using the Menu Interface” ■Chapter 4, “Using the Command Line Interface (CLI)” Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access Features Menu: Modifying the Interface Access To Access the Interface Access Parameters: 2.Switch Configuration 1.System Information CLI: Modifying the Interface Access Interface Access Commands Used in This Section Listing the Current Console/Serial Link Configuration. This com mand lists the current interface access parameter settings Syntax: show console Outbound Telnet to Another Device. This feature operates indepen show telnet Page Reconfigure the Console/Serial Link Settings. You can reconfigure one Syntax: console Figure 7-4.Example of Executing the Console Command with Multiple Parameters control and baud-rate,are the same on both management modules. There cannot be individual settings for each management module You can also execute a series of console commands and then save the configuration and boot the switch. For example: Denying Interface Access by Terminating Remote Management Sessions show ip ssh Kill System Information System Information Features System Name: System Contact and Location: MAC Age Time: Menu: Viewing and Configuring System Information Figure 7-7.The System Information Configuration Screen (Default Values) CLI: Viewing and Configuring System Information System Information Commands Used in This Section Listing the Current System Information. This command lists the current Figure 7-8.Example of CLI System Information Listing Configure a System Name, Contact, and Location for the Switch. To Figure 7-9.System Information Listing After Executing the Preceding Commands show running, show config show system information Figure 7-10.Menu Screen Showing System Information Page Configure the Time and Date Syntax: time [ hh:mm [ :ss ]] [ mm/dd/ [ yy ] yy ] mm/dd For example, to set the switch to 9:45 a.m. on November 17, 2002: Web: Configuring System Parameters In the web browser interface, you can enter the following system information: ■System Name ■System Location ■System Contact Configuring IP Addressing IP Configuration IP Configuration Features Page Just Want a Quick Start with IP Addressing setup ProCurve# setup # setup ■Select 8. Run Setup in the Main Menu of the menu interface Menu: Configuring IP Address, Gateway, and Time-To-Live (TTL) To manually enter an IP address, subnet mask, set the IP Config Manual To use DHCP or Bootp, use the menu interface to ensure that the Figure 8-1.Example of the IP Service Configuration Screen without Multiple VLANs Configured Default Gateway Default TTL DHCP/ Bootp CLI: Configuring IP Address, Gateway, and Time-To Live (TTL) IP Commands Used in This Section Viewing the Current IP Configuration Syntax: show ip Page The fol lowing is supported: ■Up to 2000 IP addresses for the switch ■Up to 32 IP addresses for the same VLAN ■Up to 512 IP VLANs, that is, VLANs on which you can configure IP addresses Figure 8-4.Example of Configuring and Displaying a Multinetted VLAN If you then wanted to multinet the default VLAN, you would do the following: Figure 8-5.Example of Multinetting on the Default VLAN command to display the full IP address listing for multinetted VLANs then enter the new address to replace a manually configured default gateway.) Syntax: ip default-gateway < ip-address Web: Configuring IP Addressing You can use the web browser interface to access IP addressing only if the switch already has an IP address that is reachable through your network 1. Click on the Configuration tab on [?] to access the web-basedhelp available for the switch Table 8-1.Features Available With and Without IP Addressing on the Switch DHCP/Bootp Operation the network servers DHCP or Bootp it continues to periodically send request packets, but with decreasing fre and a Bootp configuration is that an IP address assignment from a DHCP addressing provided by the server may be different each time the switch address assignment for the switch by doing either of the following: Bootp Database Record Entries /etc/bootptab 8212switch: ht=ether: ha=0030c1123456: Network Preparations for Configuring DHCP/Bootp ■For Bootp operation: •The necessary network connections are in place •The Bootp server is accessible from the switch ■For DHCP operation: Loopback Interfaces lo0 lo1 lo2 lo3 Configuring a Loopback Interface interface loopback Figure 8-6.Example of a Loopback Interface Configuration lo7 Displaying Loopback Interface Configurations show ip route Figure 8-8.Example of show ip route Command Output IP Preserve: Retaining VLAN-1IP Addressing Across Configuration File Downloads Operating Rules for IP Preserve ip preserve Enabling IP Preserve Figure 8-9.Example of Implementing IP Preserve in a Configuration File For example, consider figure 8-10: Figure 8-10.Example of IP Preserve Operation with Multiple Series Switches Page To summarize the IP Preserve effect on IP addressing: Configuring a Single Source IP Address Specifying the Source IP Address source-interface loopback vlan-id address ip-address The Source IP Selection Policy show ip source- interface status Page Displaying the Source IP Interface Information Figure 8-17.Example of the Data Displayed for Source IP Interface Status Figure 8-18.Example of show ip source-interfaceCommand Output Syntax: show ip source-interfacedetail [radius | tacacs | syslog] Figure 8-19.Example of Detailed Information Displayed for Each Protocol Page Error Messages Time Protocols Viewing the Current TimeP Configuration Configuring (Enabling or Disabling) the TimeP Mode Notes ■SNTP Time Protocol Operation ■Timep Time Protocol Operation TimeP Time Synchronization SNTP Time Synchronization SNTP provides two operating modes: Unicast Mode: sntp server General Steps for Running a Time Protocol on the Switch: 1.Select the time synchronization protocol: SNTP or TimeP (the default) TimeP SNTP: Viewing, Selecting, and Configuring Table 9-1.SNTP Parameters Menu: Viewing and Configuring SNTP To View, Enable, and Modify SNTP Time Protocol: 1. From the Main Menu, select: 2. Switch Configuration 1. System Information Figure 9-1.The System Information Screen (Default Values) SNTP Mode 5.Do one of the following: Use the Space bar to select the Broadcast Server Version iv.Press [>] to move the cursor to the Poll Interval field, then go to step Figure 9-3.SNTP Configuration Fields for SNTP Configured with Unicast Mode Page Syntax: show management Configuring (Enabling or Disabling) the SNTP Mode sntp < broadcast | unicast Syntax: Selects SNTP as the time synchronization method Syntax: sntp broadcast Configures broadcast as the SNTP mode broadcast Time synchronization is in the ■You want to: 1.View the current time synchronization 2.Select SNTP as the time synchronization mode Page Figure 9-8.Example of Configuring SNTP for Unicast Operation Figure 9-9.Example of Specifying the SNTP Protocol Version Number Changing the SNTP Poll Interval Syntax: sntp poll-interval< 30..720 For example, to change the poll interval to 300 seconds: ProCurve(config)# sntp poll-interval300 Syntax: sntp server priority <1 - 3> <ip-address SNTP Client Authentication Requirements SNTP Client Authentication Support timesync sntp key-value SNTP Server Authentication Support The following must be performed on the SNTP server: authentication-mode The no version of the command deletes the authentication key Default: No default keys are configured on the switch key-id: A numeric key identifier in the range of 1 4,294,967,295 key-id: trusted Enter the following command to configure a key-id as trusted priority <version-num>: Figure 9-13.Example of Associating a Key-Idwith a Specific Server Enabling SNTP Client Authentication sntp authentication Broadcast: Displaying SNTP Configuration Information Figure 9-14.Example of SNTP Configuration Information show sntp authentication Figure 9-15.Example of show sntp authentication Command Output sntp statistics Figure 9-16.Example of SNTP Authentication Statistical Information Saving Configuration Files and the Include-CredentialsCommand include-credentials show running config Figure 9-17.Example of Configuration File with SNTP Authentication Information Page TimeP: Viewing, Selecting, and Page Page Page Page Page Page Page Page SNTP Unicast Time Polling with Multiple SNTP Servers Displaying All SNTP Server Addresses Configured on the Switch show management Figure 9-28.Example of How To List All SNTP Servers Configured on the Switch Menu: Operation with Multiple SNTP Server Addresses Port Status and Configuration Page Viewing Port Status and Configuring Port Parameters Port Status and Configuration Features Transceivers to Devices Table 10-1.Status and Parameters for Each Port Type Page Menu: Port Configuration From the menu interface, you can view and change the port configuration 1.Status and Counters 4.Port Status Figure 10-1.Example of a Switch Port Status Screen Using the Menu To Configure Ports 2. Port/Trunk Settings Figure 10-2.Example of Port/Trunk Settings with a Trunk Group Configured Enabled [Enter] CLI: Viewing Port Status and Configuring Port Parameters Port Status and Configuration Commands Viewing Port Status and Configuration brief: Figure 10-3.Example of Show Interfaces Brief Command Listing show interfaces config Figure 10-4.Example of a Show Interfaces Config Command Listing Customizing the Show Interfaces Command custom Syntax: show interfaces custom [port-list] column-list Select the information that you want to display. Parameters include: ■port name ■type ■vlan Figure 10-6.Example of the Custom show interfaces Command characters and you specify Name:2, the Name field displays 4 characters line; if you exceed this limit an error displays Error Messages show int custom Viewing Port Utilization Statistics show interface port-utilization Figure 10-7.Example of a Show Interface Port-UtilizationCommand Listing Viewing Transceiver Status show tech transceivers Figure 10-8.Example of Show Tech Transceivers Command non-operational Enabling or Disabling Ports and Configuring Port Mode auto int int For example, to configure port C5 for auto-10-100,enter this command: ProCurve(config)# int c5 speed-duplex auto-10-100 Enabling or Disabling the USB Port Figure 10-11.Example of show usb-portCommand Output on version K.14.XX Behavior of Autorun When USB Port is Disabled Software Versions K.13.XX Operation 5 volt power to the USB port remains on even after the USB port has been Enabling or Disabling Flow Control mode must be set to Auto (the default) Figure 10-12.Example of Configuring Flow Control for a Series of Ports Figure 10-13.Example Continued from Figure Figure 10-14.Example Continued from Figure Configuring a Broadcast Limit on the Switch ProCurve(config)#int B1 ProCurve(int B1)# broadcast-limit1 Syntax: broadcast-limit <0-99 broadcast-limit Configuring ProCurve Auto-MDIX ■10/100-TXxl module ports ■100/1000-Txl module ports ■10/100/1000-Txl module ports Manual Override Table 10-2.Cable Types for Auto and Manual MDI/MDI-XSettings Syntax: interface < port-list > mdix-mode< auto-mdix| mdi | mdix auto-mdix mdi mdix Syntax: show interfaces config Lists the current per-port Auto/MDI/MDI-Xconfiguration Web: Viewing Port Status and Configuring Port Using Friendly (Optional) Port Names Show augments does not replace Configuring and Operating Rules for Friendly Port Names Configuring Friendly Port Names Syntax: interface < port-list > name < port-name-string Assigns a port name to port-list Syntax: no interface < port-list > name Deletes the port name from port-list Displaying Friendly Port Names with Other Port Data To List All Ports or Selected Ports with Their Friendly Port Names This command lists names assigned to a specific port Syntax: show name [ port-list ] Figure 10-19.Example of Friendly Port Name Data for All Ports on the Switch Including Friendly Port Names in Per-PortStatistics Listings. A Syntax: show interface < port-number port-number Includes the friendly port name with the port’s traffic statistics listing Figure 10-21.Example of a Friendly Port Name in a Per-PortStatistics Listing Page Configuring Transceivers and Modules That Haven’t Been Inserted Transceivers Modules Syntax: module <module-num>type <module-type Page Uni-DirectionalLink Detection (UDLD) Figure 10-23.UDLD Example Configuring UDLD When configuring UDLD, keep the following considerations in mind: group’s primary port enables the feature on that port only ■ Dynamic trunking is not supported. If you want to configure a trunk group that contains ports on which UDLD is enabled, you must Enabling UDLD Changing the Keepalive Interval Changing the Keepalive Retries Configuring UDLD for Tagged Ports Viewing UDLD Information link-keepalive Figure 10-24.Example of Show Link-KeepaliveCommand show link keepalive statistics Figure 10-25.Example of Show Link-KeepaliveStatistics Command To clear UDLD statistics, enter the following command: ProCurve# clear link-keepalivestatistics show link keepalive statistics Configuration Warnings and Event Log Messages Warning Messages Table 10-3.Warning Messages caused by configuring UDLD for Tagged Ports Event Log Messages Table 10-4.UDLD Event Log Messages Page Power Over Ethernet (PoE/PoE+) Operation Page Introduction to PoE PoE Terminology Page PoE Operation Using the commands described in this chapter, you can: ■Enable or disable PoE operation on individual ports ■Monitor PoE status and performance per module Configure a PD Support lower Power Priority Operation When Is Power Allocation Prioritized How Is Power Allocation Prioritized Configuring PoE Operation Disabling or Re-EnablingPoE Port Operation Enabling Support for Pre-StandardDevices Configuring the PoE Port Priority Level Syntax: interface < port-list > power-over-ethernet[ critical | high | low ] •Critical: Specifies the highest-priorityPoE support for •High: Specifies the second priority PoE support for Table 11-1.Example of PoE Priority Operation on a PoE Module PoE Priority With Two or More Modules Critical Low Controlling PoE Allocation Syntax: [no] int <port-list> poe-allocate-by[usage | class | value] usage: The automatic allocation by a PD usage class: Manually Configuring PoE Power Levels poe allocate-by value ProCurve(config)# int A6 poe-allocate-byvalue Configuring PoE Redundancy (Chassis Switches Only) Syntax: [no] power-over-ethernetredundancy [n+1 | full] Allows you to set the amount of power held in reserve for redundancy The no option means that all available power can be allocated to PDs Default: No PoE redundancy enforced Changing the Threshold for Generating a Power Notice You can configure one of the following thresholds: Syntax: power-over-ethernet[slot < slot-id-range >] threshold < 1 - 99 [slot slot-id-range ProCurve(config)# power-over-ethernetthreshold Slot B POE usage has exceeded threshold of 70% Syntax: power-over-ethernet[slot <slot-id-range>]threshold <1 - 99 (Continued) Slot B POE usage is below threshold of 70% threshold ProCurve(config)# power-over-ethernetslot d threshold PoE/PoE+ Allocation Using LLDP Information LLDP with PoE poe-lldp-detect Displaying the Switch’s Global PoE Power Status Syntax: s Displays the switch’s global PoE power status, including: •Total Remaining Power: The amount of PoE power still available <port-list>: Figure 11-3.Example of show power-over-ethernetCommand Output Displaying PoE Status on All Ports Yes usage, class, value) •Detection Status: For example, show power-over-ethernetbrief displays this output: brief Figure 11-4.Example of show power-over-ethernetbrief Command Output You can also show the PoE information by slot: Figure 11-5.Showing the PoE Information by Slot Displaying the PoE Status on Specific Ports Syntax: show power-over-ethernet <port-list •Allocate by: How PoE is allocated (usage, class, value) A6-A7 Figure 11-6.Example of Show Power-Over-Ethernet< port-list > Output Planning and Implementing a PoE Configuration Support Manuals Power Requirements Assigning PoE Ports to VLANs Applying Security Features to PoE Configurations Assigning Priority Policies to PoE Traffic Table 11-3.Classifiers for Prioritizing Outbound Packets PoE Event Log Messages “Informational” PoE Event-LogMessages Slot <slot-id > POE usage is below configured threshold of < 1 - 99 >% port <port-id > applying power to PD “Warning” PoE Event-LogMessages chassis Port <port-id > PD Denied power due to insufficient power allocation Port <port-id> PD Invalid Signature <port-id Page Port Trunking Page Figure 12-1.Conceptual Example of Port Trunking All port trunk links must be point to-point non-trunking Port Security Restriction re-connect the ports L A C P N o t e Port Trunk Features and Operation The switches covered in this guide offer these options for port trunking: ■LACP: IEEE 802.3ad—page ■Trunk: Non-Protocol—page Trunk Configuration Methods ProCurve(config) int c1-c4lacp active ProCurve(config)# no int c1-c4lacp Removes the ports from the trunk ProCurve(config)# int c1-c4lacp passive Table 12-2.Trunk Configuration Protocols Table 12-3.General Operating Rules for Port Trunks Auto-10 Figure 12-2.Recommended Port Mode Setting for LACP Dyn1 (for an LACP dynamic trunk) or Figure 12-3.Example of a Port Trunk in a Spanning Tree Listing show ip igmp Important Menu: Viewing and Configuring a Static Trunk Group 1.Follow the procedures in the Important note above 2.From the Main Menu, Select: 2.Port/Trunk Settings Figure 12-4.Example of the Menu Screen for Configuring a Port Trunk Group Figure 12-5.Example of the Configuration for a Two-PortTrunk Group –LACP –Trunk (the default type if you do not specify a type) LACP Trunk) CLI: Viewing and Configuring Port Trunk Groups Trunk Status and Configuration Commands Using the CLI To View Port Trunks Listing Static Trunk Type and Group for All Ports or for Selected Figure 12-6.Example Listing Specific Ports Belonging to Static Trunks Figure 12-7.Example of a Show Trunk Listing Without Specifying Ports Listing Static LACP and Dynamic LACP Trunk Data Figure 12-8.Example of a Show LACP Listing Dynamic LACP Standby Links Using the CLI To Configure a Static or Dynamic Trunk Configuring a Static Trunk or Static LACP Trunk Group Syntax: trunk < port-list > < trk1 ... trk144> < trunk | lacp Configures the specified static trunk type with the group name of Trk2 ProCurve(config)# trunk c4-c6trk2 trunk Active and LACP passive without first removing LACP operation from the port.) Web: Viewing Existing Port Trunk Trunk Group Operation Using LACP Auto-100 Auto-1000 10FDx 100FDx Table 12-4.LACP Trunk Types Page Default Port Operation ProCurve> show lacp Table 12-5.LACP Port Status Data LACP Notes and Restrictions 802.1X (Port-BasedAccess Control) Configured on a Port. To main ProCurve(config)# aaa port-accessauthenticator b1 LACP has been disabled on 802.1x port(s) ProCurve(config)# int b1 lacp passive Changing Trunking Methods Static LACP Trunks VLANs and Dynamic LACP Forbid If you want to use LACP for a trunk on a Figure 12-11.Blocked Ports with LACP Half-Duplexand/or Different Port Speeds Not Allowed in LACP Trunks ■If the port is a 10-gigabitport ■If a port is set to LACP Active, you cannot configure it to HDx ) LACP, but any ports configured as standby LACP links will be ignored Distributed Trunking Figure 12-13.Example of Distributed Trunking Configuration Figure 12-14.Exampleof Distributed Trunking Distributed Trunking Interconnect Protocol (DTIP) Configuring Distributed Trunking ISC Port Configuration The no form of the command removes the ISC interface configuration Distributed Trunking Port Configuration Distributed trunking ports must be configured manually Displaying Distributed Trunking Information show lacp distributed Syntax: show lacp [distributed] Displays information about distributed trunks and LACP status Figure 12-16.Exampleof the Output for the show lacp distributed Command Maximum DT Trunks and Links Supported Table 12-1.Maximum DT Trunks and Links Max Number Forwarding Traffic with Distributed Trunking and Spanning Tree Forwarding Broadcast, Multicast, and Unknown Traffic Upstream Forwarding Unicast Traffic Downstream (to the Server) Forwarding Broadcast, Multicast, and Unknown Traffic Downstream (to the Server) A B DT1 DT2 Distributed Trunking Restrictions There are several restrictions with distributed trunking Only servers are supported as Distributed Trunking Devices (DTDs) A distributed trunk can span a maximum of two switches Meshing and DT switches are mutually exclusive Trunk Group Operation Using the “Trunk” Option How the Switch Lists Trunk Data Dynamic LACP Trunk Group: Appears in the output from the CLI show lacp command Outbound Traffic Distribution Across Trunked Links Figure 12-18.Example of Single Path Traffic through a Trunk Figure 12-19.Example of Port-TrunkedNetwork Page Page Port Traffic Controls Page This chapter includes: Rate-Limiting: Jumbo Frames: Rate-Limiting All Traffic Rate-Limiting Configuring Rate-Limiting The mode using bits per second (bps) in releases before K.12.XX has been replaced by the kilobits per second (kbps) mode. Switches that have config out — kbps — Notes: The •Rate-limitingdoes not apply to trunked ports (including meshed ports) > disable Displaying the Current Rate-LimitConfiguration Figure 13-1.Example of Listing the Rate-LimitConfiguration To view RADIUS-assigned rate-limitinformation, use one of the following command options: show port-access web-basedclients < port-list > detailed Figure 13-2.Example of Rate-LimitSettings Listed in the “show config” Output Operating Notes for Rate-Limiting , regardless of traffic priority < port-list >: Operation is not allowed for a trunked port Monitoring (Mirroring) If monitoring is configured, packets dropped by Optimum Optimum occurs with ICMP Rate-Limiting all) Spoofed Ping: Guidelines for Configuring ICMP Rate-Limiting Figure 13-3.Example of ICMP Rate-Limiting Configuring ICMP Rate-Limiting kbps <0-10000000>: traffic in kilobits per second 0: This value causes an interface to drop all incoming ICMP traffic, and is not recommended. Refer to the Caution on Using Both ICMP Rate-Limitingand All-Traffic Rate-Limitingon the Same Interface The ICMP traffic If at a given moment: ■Inbound ICMP traffic on port “X” is using 1% of the port’s bandwidth, and ■Inbound traffic of all types on port “X” demands 61% of the ports’s bandwidth Figure 13-4.Example of Listing the Rate-LimitConfiguration Interface support: Page Page Determining the Switch Port Number Used in ICMP Port Reset Commands: walkmib ifDescr ProCurve# walkmib ifDescr ifDescr.48 = B22 ifDescr.49 = B23 ifDescr.50 = B24 Configuring Inbound Rate-Limitingfor Broadcast and Multicast Traffic Figure 13-6.Example of Inbound Broadcast Rate-limitingof 50% on Port Figure 13-7.Example of Inbound Multicast Rate-limitingof 20% on Port To disable rate-limitingfor a port enter the no form of the command Figure 13-8.Example of Disabling Inbound Multicast Rate-limitingfor Port ■This rate-limitingoption does not limit unicast traffic ■This option does not include outbound multicast rate-limiting Guaranteed Minimum Bandwidth (GMB) GMB Operation Page fying a minimum bandwidth for a high-priorityqueue but not specifying a configured to allocate a minimum bandwidth of 80% for outbound high starves lower-priorityqueues that do not have a minimum configured but will likely cause delays in the delivery of the lower-prioritytraffic interface band width-min show bandwidth output Table 13-2.Default GMB Percentage Allocations per QoS Queue Configuration For more information on queue configuration and the associated default (QoS): Managing Bandwidth More Effectively” in the Advanced Traffic ” in the Management Guide for your switch Configuring Guaranteed Minimum Bandwidth for %> <queue7%> <queue8%>] 1.Queue 8 (high priority) 2.Queue 7 (high priority) 3.Queue 6 (medium priority) 4.Queue 5 (medium priority) Page Displaying the Current Guaranteed Minimum Bandwidth Configuration Figure 13-9.Example of Listing the Guaranteed Minimum Bandwidth Figure 13-10.Example of GMB Settings Listed in the “show config” Output GMB Operating Notes Impact of QoS Queue Configuration on GMB commands. Changing Jumbo Frames Jumbo Frame: Jumbo VLAN: MTU Maximum Transmission Unit) Operating Rules Switch Meshing: GVRP Operation: Port Adds and Moves: Jumbo Traffic Sources: Configuring Jumbo Frame Operation Overview jumbo Execute Figure 13-11.Example Listing of Static VLANs To Show Jumbo Status Per VLAN Syntax: show vlans ports < port-list Jumbo Figure 13-12.Example of Listing the VLAN Memberships for a Range of Ports Syntax: show vlans < vid Figure 13-13.Example of Listing the Port Membership and Jumbo Status for a < vid [no] Configuring a Maximum Frame Size GLOBAL frame-size configured as Syntax: jumbo ip-mtu<size max-frame-size Default: 9198 bytes Operating Notes for Jumbo Traffic-Handling The switch allows flow control and jumbo frame capability to co-existon a port Figure 13-14.Forwarding Jumbo Frames Through Non-JumboPorts Troubleshooting A VLAN is configured to allow jumbo frames, but one or more ports drops all inbound jumbo frames speed-duplex show interfaces brief < port-list CLI: Viewing and Configuring SNMP Community Names General Steps for Configuring SNMP Notifications Configuring an SNMP Trap Receiver Configuring SNMPv3 Notifications Managing Network Security Notifications CLI-ConfiguredsFlow with Multiple Instances Viewing sFlow Configuration and Status LLDP-MED (Media-Endpoint-Discovery) LLDP-MEDTopology Change Notification Displaying Switch Information Available for Outbound Using SNMP Tools To Manage the Switch products index Network Management SNMP Management Features SNMP management features on the switch include: ■SNMP version 1, version 2c, or version 3 over IP ■Security via configuration of SNMP communities (page 14-11) ■Security via authentication and privacy for SNMP Version 3 access Configuring for SNMP Version 3 Access to the Switch SNMP Version 3 Commands SNMP version 3 (SNMPv3) adds some new commands to the CLI for MD5 authentication and DES privacy You may (optionally) restrict access to only SNMPv3 agents by using the the snmpv3 restricted-access command N o t e : S N M P V e r s i o n I n i t i a l U s e r s user with SHA authentication and DES privacy show snmpv3 user that requires either feature, the user will not be able to access the switch security group name to the list of known users with the snmpv3 user command Figure 14-2.Adding SNMPv3 Users and Displaying SNMPv3 Configuration SNMPv3 User Commands Listing Users Assigning Users to Groups snmpv3 group Figure 14-3.Example of Assigning Users to Groups SNMPv3 Group Commands Syntax: [no] snmpv3 group Manager Read View ■Discovery View – Access limited to samplingProbe MIB Discovery View SNMPv3 Communities snmpv3 community index_name Figure 14-4.Assigning a Community to a Group Access Level SNMP Community Features SNMP level view, and either restricted or unrestricted write access compatible with your network Menu: Viewing and Configuring non-SNMPversion Figure 14-5.The SNMP Communities Screen (Default Values) 2.Press [A] (for Add) to display the following screen: Add Figure 14-6.The SNMP Add or Edit Screen Need Help Figure 14-7.Example of the SNMP Community Listing with Two Communities ProCurve# show snmp-serverpublic Page SNMP Notifications Supported Notifications ■Advance Traffic Management Guide: •Loop protection •Spanning Tree (STP, RSTP, MSTP) ■Access Security Guide: •MAC lockdown Trap receivers: trap receiver Fixed or host Syntax: snmp-serverhost <ipv4-addr | ipv6-addr><community name Table 14-1.Security Levels for Event Log Messages Sent as Traps with an IP address of 10.28.227.130 to receive only "critical" event log messages, you can enter the following command: critical for the same management station retries: request if no SNMP response is received. Default: before resending the inform request. Default: 15 seconds The retries and timeout values are not used to send trap requests retries timeout command: Figure 14-8.Display of SNMPv2c Inform Configuration Configuring SNMPv3 Notifications snmpv3 notify no snmpv3 notify <notify_name snmpv3 targetaddress params taglist snmpv3 targetaddress params snmpv3 params taglist snmpv3 params user sec-model msg-processing < sec-model< ver1 | ver2c | ver3 ver3 Figure 14-9.Example of an SNMPv3 Notification Configuration Managing Network Security Notifications ■“Configuring an SNMP Trap Receiver” on page ■“Configuring SNMPv3 Notifications” on page ■Dynamic IP Lockdown hardware resources consumed enable traps •login-failure-mgr sends a trap for a failed login with a manager password •password-change-mgr sends a trap when a manager password is reset traps Figure 14-10.Display of Configured Network Security Notifications Enabling Link-ChangeTraps link-change Syntax: [no] snmp-serverenable traps link-change<port-list> [all] port-list snmp server response-source trap-source pv6 addr Default: Interface IP address loopback <0-7 Figure 14-11.Display of Source IP Address Configuration Displaying SNMP Notification Configuration Use the show snmp-server command to display the currently configured: ■Management stations (trap receivers) ■Settings for network security notifications and link-changetraps Figure 14-12.Display of SNMP Notification Configuration Configuring Listening Mode Advanced Management: RMON The following RMON groups are supported: ■Ethernet Statistics (except the numbers of packets of different frame sizes) ■Alarm ■History (of the supported Ethernet statistics) no sflow Viewing sFlow Configuration and Status status via the CLI Syntax: show sflow agent Syntax: show sflow <receiver instance> destination show sflow agent ProCurve# show sflow agent Version 1.3;HP;K.11.40 Agent Address instance [port-list] ProCurve# show sflow 2 sampling-polling A1-A4 Port | Sampling LLDP (Link-LayerDiscovery Protocol) Provides an extension to LLDP and is designed to support VoIP deployments enabled as a prerequisite to LLDP-MEDoperation An SNMP utility can progressively discover LLDP devices in a network by: Adjacent Device: Refer to “Neighbor or Neighbor Device” Adjacent Device: Advertisement: See LLDPDU Active Port: LLDP: Link Layer Discovery Protocol: LLDP: LLDP Neighbor: LLDPDU (LLDP Data Unit): LLDP-MED(Link Layer Discover Protocol Media Endpoint MIB ten-digit General LLDP Operation LLDP-MED Packet Boundaries in a Network Topology 14-42) Enable or Disable LLDP-MED Change the Frequency of LLDP Packet Transmission to Neighbor Devices Transmit and Receive Mode Page Remote Management Address Debug Logging debug lldp Options for Reading LLDP Information Collected by the Switch ■Using the walkmib command to display a listing of the LLDP MIB objects LLDP and LLDP-MEDStandards Compatibility The operation covered by this section is compatible with these standards: ■IEEE P802.1AB LLDP Operating Rules Port Trunking xxx.xxx.xxx.xxx: This IP address is not configured or is a DHCP address Spanning-Tree Blocking Configuring LLDP Operation show lldp config [no] lldp run lldp refresh-interval lldp holdtime-multiplier show lldp config Figure 14-16.Example of Viewing the General LLDP Configuration Displaying Port Configuration Details. This command displays the port specific configuration, including Syntax show lldp config < port-list Displays the LLDP port-specificconfiguration for all ports in Figure 14-17.Example of Per-PortConfiguration Display delay-interval holdtime-multiplier holdtime-interval ProCurve(config)# lldp holdtime-multiplier2 Changing the Delay Interval Between Advertisements Generated by Syntax setmib lldpTxDelay.0 -i< 1 - 8192 Inconsistent value Figure 14-18.Example of Changing the Transmit-DelayInterval Syntax setmib lldpReinitDelay.0 -i< 1 - 10 ProCurve(config)# setmib lldpreinitdelay.0 Configuring SNMP Notification Support Enabling LLDP Data Change Notification for SNMP Trap Receivers Syntax [ no ] lldp enable-notification< port-list port-list For example, this command enables SNMP notification on ports 1 - 5: ProCurve(config)# lldp enable-notification tx_rx Mandatory Data ■Chassis Type (TLV subelement) ■Chassis ID (TLV) ■Port Type (TLV subelement) ■Port ID (TLV) Optional Data ■port description (TLV) ■system name (TLV) ■system description (TLV) ■system capabilities (TLV) Configuring Support for Port Speed and Duplex Advertisements Syntax: [ no ] lldp config < port-list > dot3TlvEnable macphy_config LLDP-MED (Media-Endpoint-Discovery) ■plug-and-playprovisioning for MED-capable,VoIP endpoint devices simplified ■detailed VoIP endpoint data inventory readable via SNMP from the switch Figure 14-19.Example of LLDP-MEDNetwork Elements LLDP-MED Endpoint Support able to use the following network policy elements configured on the client port •voice VLAN ID •802.1p (Layer 2) QoS •Diffserv codepoint (DSCP) (Layer 3) QoS ■discover and advertise device location data learned from the switch Operational Support LLDP-MEDTopology Change Notification Page LLDP-MEDFast Start Control (Range: 1 - 10 seconds; Default: 5 seconds) Advertising Device Capability, Network Policy, PoE Status and Location Data ■LLDP-MEDcapabilities: This TLV enables the switch to determine: •whether a connected endpoint device supports LLDP-MED dot3TlvEnable macphy_config command on page Network Policy Advertisements. Network policy advertisements are Network Policy Advertisements intended for real-timevoice and video applications, and include these TLV subelements: Enabling or Disabling medTlvEnable. In the default LLDP-MED configuration, the TLVs controlled by medTlvEnable are enabled Syntax: [ no ] lldp config < port-list > medTlvEnable < medTlv medTlv Enables or disables advertisement of the following TLVs on the specified ports: Page PoE Advertisements power type: power source power priority: power value: ELIN (Emergency Location Identification Number): coordinate-based location: Syntax: [ no ] lldp config < port-list > medPortLocation < Address-Type Address-Type — Continued— •3 = city •6 = street (name) •25 = building name (Range: 0 - 255) For a sample listing of CA-TYPE specifiers, refer to table 14-4on page Configuring Coordinate-BasedLocations. Latitude, longitude, and the application. A further source of information on this topic is RFC 3825 Dynamic Host Configuration Protocol Option for Coordinate-based Location Configuration Information dependent. Refer to the documentation provided with the endpoint device Table 14-4.Some Location Codes Used in CA-TYPEFields Location Element Code Figure 14-20.Example of a Civic Address Configuration Displaying Advertisement Data Displaying Switch Information Available for Outbound Syntax show lldp info local-device[ port-list ] •PortType •PortId •PortDesc lldp config Displaying the Current Port Speed and Duplex Configuration on a Page Figure 14-23.Example of a Global Listing of Discovered Devices Displaying LLDP Statistics Syntax show lldp stats [ port-list ] Global LLDP Counters: Shows the elapsed time since a neighbor was last added or deleted “Neighbor Maximum” on page NumFramesRecvd: < port- list NumFramesSent: NumFramesDiscarded: Frames Invalid: LLDP Operating Notes Neighbor Maximum LLDP Packet Forwarding: LLDP advertises only one IP address even if multiple IP addresses are configured by > ipAddrEnable on a given port LLDP and CDP Data Management LLDP and CDP Neighbor Data Page CDP Operation and Commands SNMP utility enabled/disabled both globally on the switch and on a per-portbasis Syntax: show cdp Lists the switch’s global and per-portCDP configuration The following example shows the default CDP configuration Figure 14-28.Example of Show CDP with the Default CDP Configuration Page Syntax: [no] cdp run Enables or disables CDP read-onlyoperation on the switch. (Default: Enabled) For example, to disable CDP read-onlyon the switch: ProCurve(config)# no cdp run When CDP is disabled: Page Redundancy (Switches 8200zl) Disabling Redundancy with Two Modules Present Disabling Redundancy With Only One Module Present Page Secondary Image Selftest Switchover How the Management Modules Interact Using Redundant Management Displaying Redundancy Status Enabling or Disabling Redundant Management You can enable or disable redundant management using this command: Syntax: [no] redundancy management-module Figure 15-2.Example of Enabling Redundancy command displays “Mgmt Redundancy” as disabled. The standby 2 remains the active management module ProCurve recommends that you leave redundancy enabled. If the active over and may have an old configuration since file synchronization has not Directing the Standby Module to Become Active redundancy switchover Figure 15-4.An Example of the Redundancy Switchover Command Setting the Active Management Module for Next Boot The <specified module> is not present or is in failed state Figure 15-5.Setting a Management Module to be Active on the Next Boot active-management Page Enabling and Disabling Fabric Modules Syntax: redundancy fabric-module[1 | 2] [enable | disable] Figure 15-7.Example of Disabling a Fabric Module Management Module Switchover Events that Cause a Switchover MM Rese MM Shutdown boot active Resetting the Management Module MM Reset Figure 15-8.The MM Reset Button on the 8200zl Management Module Hotswapping Management Modules Hotswapping Out the Active Management Module MM Shut down Figure 15-9.The MM Shutdown Button When the Standby Module is not Available Hotswapping In a Management Module ■ The hotswapped module must pass selftest no redundancy management-module Software Version Mismatch Between Active Downloading a New Software Version File Synchronization after Downloading Table 15-1.Example of Upgrading Software Version K.12.03 to Version K.12.04 Potential Software Version Mismatches After Downloading Figure 15-10.Booting the Standby Management Module to Secondary Flash If you have booted one module out of primary flash and one module out of and Hotswapped Module” on page 15-16 for more information Additionally, if a switchover occurs, or if you reboot to make the standby standby module When you enter the show redundancy command and a software version Page Turning Off Redundant Management Disabling Redundancy with Two Modules Present Next Boot” on page in the event of a hardware failure of the first management module Figure 15-12 shows that redundant management was disabled Disabling Redundancy With Only One Module Present ProCurve(config)# redundancy management-module ProCurve(config)# redundancy active-managementstandby The standby management module becomes the active management module Displaying Management Information Active Management Module Commands Show Modules ■System Support Modules (SSM)—identification,including serial number Mini-GBICS—a Figure 15-14.Example of show redundancy Command Show Flash Figure 15-15.Example of Show Flash Command Show Version Figure 15-16.Example of Show Version Command when Redundancy is Enabled Figure 15-17.Example of show version Command when Redundancy is Disabled Show Log show log -r Figure 15-18.An Example of the Show Log Command Output Standby Management Module Commands Figure 15-19.Example of Show Redundancy Command for Standby Module Figure 15-20.Example of Show Flash Command for Standby Module Figure 15-21.Example of Show Version Command for Standby Module Existing CLI Commands Affected by Redundant Management Several existing commands have changes related to redundant management Boot Command The boot command has these options Page Figure 15-23.Example Showing boot Command with Default Flash set to Secondary files can be specified as the default boot policy. For more information on multiple configuration files and how they are used, see “Multiple this guide Setting the Default Flash for Boot Syntax: boot set-defaultflash <primary | secondary primary: secondary: Reload Command routine Figure 15-25.Example of Reload Command with Redundancy Enabled Additional Commands Affected by Redundant Management The other existing commands operate with redundant management as shown below Page Using the Web Browser for Redundant Management Using the ProCurve Web Browser Interface Identity Page Overview Page ■Which module is the active module and which is the standby module ■Version of software running on each management module ■The SystemUp Time since the last reboot Redundancy Status Page Device View Page Device View Configuration Figure 15-29.Device View Showing Two Management Modules Management Module LED Behavior Active (Actv) LED Behavior Figure 15-30.The Actv LED on the Management Module Table 15-2.Actv (Active) LED Behavior for Management Modules Standby Led Behavior Logging Messages Log File Syntax: show logging Displays log events show logging Crash Files crash-log and copy crash-data slot-id: Figure 15-32.An Example of the System Boot Log File Notes on How the Active Module is Determined The entire boot decision process works as follows: 1.If there is only one management module, that is the active management module Diagram of Decision Process Figure 15-33.Active Module Decision Flow Chart at Boot Event Log Messages Page Page File Transfers TFTP: Copying a Software Image to a Remote Host . . . . . . . . . A-27 Serially Connected PC or UNIX Workstation . . . . . . . . . . . . . . . A-27 USB: Copying a Software Image to a USB Device . . . . . . . . . . . A-28 USB: Copying a Configuration File to a USB Device . . . . . . . . . A-34 USB: Copying a Configuration File from a USB Device . . . . . . A-34 A-3 Downloading Switch Software A-4 General Software Download Rules Using TFTP To Download Software from a Server ■The TFTP server is accessible to the switch via IP Before you use the procedure, do the following: A-5 Download OS Figure A-1.Example of a Download OS (Software) Screen (Default Values) TFTP Server ecute Figure A-2.Example of the Download OS (Software) Screen During a Download Validating and writing system software to FLASH b.Check the Firmware revision line Figure A-3.Example of Message for Download Failure A-7 show log tftp Remote File Name Figure A-4.Example of the Command to Download an OS (Switch Software) Validating and Writing System Software to FLASH … Boots from the selected flash (For more on these commands, refer to “Rebooting the Switch” on page 6-19.) To confirm that the software downloaded correctly, execute no tftp client server Menu interface “Download OS” screen become unavailable switch’s configuration boot system flash primary Syntax: auto-tftp <ip-addr > <filename auto tftp Using Secure Copy and SFTP SCP channels third-partyapplication software client that supports the SFTP and/or SCP functions. Some examples of software that supports SFTP and SCP are differences in the way these clients work, so be sure you also download the The SCP/SFTP Process Disable TFTP and Auto-TFTPfor Enhanced Security ; J8697 Configuration Editor; Created on release #K.11.XX hostname "ProCurve" module 1 type J8702A module 2 type J702A vlan name "DEFAULT_VLAN" untagged A1-A24,B1-B24 Figure A-5.Example of Switch Configuration with SFTP Enabled Operating rules are: A-14 Figure A-6.Using the Menu Interface To Disable TFTP While SFTP is enabled, TFTP and SFTP must be disabled before enabling tftp SFTP must be disabled before enabling auto-tftp Command Options $HOME/.ssh/known_hosts SCP/SFTP Operating Notes IP file transfer not enabled on the switch A-16 Page Troubleshooting SSH, SFTP, and SCP Operations SFTP clients will print out on their console in use to display them on the user console Broken SSH Connection. If an ssh connection is broken at the wrong Broken SSH Connection (SSH, SCP, or SFTP) A-18 ssh: read error Bad file number, session aborted I 01 01/90 00:06:11 00636 ssh: sftp session from ::ffff:10.0.12.35 W 01/01/90 00:06:26 00641 ssh: 01/90 00:09:54 00637 ssh: scp session from ::ffff:10.0.12.35 W 01/01/90 Using Xmodem to Download Switch Software From a PC or UNIX Workstation The switch is connected via the Console ■The switch software is stored on a disk drive in the PC Send File ransfer Continue reboot of system? : No 1.General System Information Firmware revision Using USB to Transfer Files to and from the Switch Auxiliary Port dir ■ The USB port supports connection to a single USB device. USB hubs to add more ports are not supported Release Notes for information on supported devices Using USB to Download Switch Software Switch-to-SwitchDownload A-24 Menu: Switch-to-SwitchDownload to Primary Flash 7. Download OS /os/secondary Downloading from Primary Only Syntax: copy tftp flash < ip-addr > flash [ primary | secondary ] [oobm] A-26 Using PCM+ to Update Switch Software Copying Software Images Using the CLI commands described in this section, you can copy software images from the switch to another device using tftp, xmodem, or usb flash, refer to Chapter 6, “Switch Memory and Configuration” TFTP: Copying a Software Image to a Remote Host Transferring Switch Configurations Using the CLI commands described in this section, you can copy switch replace an ACL in the switch configuration described in the section on Using Secure Copy and SFTP on page A-12 keys, and other security credentials in the running config file. For more sw8200 ProCurve# copy startup-configtftp 10.28.227.105 d:\configs\sw8200 A-30 ProCurve# copy tftp startup-config10.28.227.105 d:\configs\sw8200 TFTP: Copying a Customized Command File to a Switch show-tech show tech custom A-31 Syntax: copy tftp show-tech<ipv4 or ipv6 address> <filename> [oobm] Copy a customized command file to the switch Figure A-10.Example of Using the copy tftp show-techCommand to Upload a Customized Command File Syntax: show tech custom Executes the commands found in a custom file instead of the hard-codedlist Figure A-11.Example of the show tech custom Command Page A-34 USB: Copying a Configuration File to a USB Device For example, to copy the startup configuration file to a USB flash drive: Procurve# copy startup-configusb procurve-config procurve-config USB: Copying a Configuration File from a USB Device Transferring ACL Command Files TFTP: Uploading an ACL Command File from a TFTP Server Syntax: copy tftp command-file< ip-addr > < filename.txt > < unix | pc > [oobm] filename <ip-addr > = The IP address of a TFTP server available to the switch vlan10_in.txt 2.Copied the file to a TFTP server at ProCurve(config)# copy tftp command-file18.38.124.16 vlan10_in.txt pc The switch displays this message: Running configuration may change, do you want to continue [y/n] Xmodem: Uploading an ACL Command File from a Serially Connected PC or UNIX Workstation Syntax: copy xmodem command-file< unix | pc USB: Uploading an ACL Command File from a USB Device Syntax: copy usb command-file< filename.txt > < unix | pc USB ■Serially connected PC or UNIX workstation via Xmodem Xmodem A-39 Copying Command Output to a Destination Device Figure A-13.Example of Sending Command Output to a File on an Attached PC A-40 Copying Event Log Output to a Destination Device copy event-logxmodem <filename For example, to copy the event log to a PC connected to the switch: Figure A-14.Example of Sending Event Log Content to a File on an Attached PC Copying Crash Data Content to a Destination Device A-41 copy crash-data [<slot-id | mm>] xmodem For example, to copy the switch’s crash data to a file in a PC: Figure A-15.Example of Copying Switch Crash Data Content to a PC When you are using redundant management, the Page Page Enabling or Disabling the USB Port Figure A-17.Example of show usb-portCommand Output on version K.13.59 and later Figure A-18.Example of show usb-portCommand Output on version K.14.XX Behavior of Autorun When USB Port is Disabled Software Versions K.13.XX Operation Software Version K.14.XX Operation A-46 Using USB Autorun The overall USB autorun solution requires the following components: The network management application ProCurve Manager Plus ■A non-proprietaryUSB flash drive 2.Deploy the AutoRun file to a USB flash drive (If the AutoRun file has been signed or encrypted) Enable 5.Insert the USB flash drive into the switch’s USB auxiliary port 6.Remove the USB device from the USB port (Optional) Transfer the ‘result file’ and ‘report file’ to a AutoRun Status Files Report file(s) (.xml Result file(s) (.txt Manager documentation for details) been executed after the USB flash drive was removed from the switch Configuring Autorun on the Switch Syntax: [no] autorun [encryption-key <key-string>| secure-mode] Enables/disables USB autorun on the switch Use the secure-mode keyword to enable or disable secure mode for autorun Default: Enabled (or Disabled if a password has been set) crypto key zeorize autorun Autorun and Configuring Passwords autorun Viewing Autorun Configuration Information show autorun Monitoring and Analyzing Switch Operation B-26 B-27 B-29 B-32 B-33 Page Status: ■Counters: Display details of traffic volume on individual ports (page B-15) Counters: Event Log Configurable trap receivers: Status and Counters Data to the console. Telnet access to the switch is available in the Device View window under the Configuration tab Menu Access To Status and Counters 1. Status and Counters Figure B-1.The Status and Counters Menu General System Information Menu Access Figure B-2.Example of General Switch Information CLI Access to System Information Figure B-3.Example of Command Results for show system chassislocate Command Figure B-4.Example of System Fan Status Figure B-5.Example of Switch System Information Task Monitor—CollectingProcessor Data task-monitor cpu taskusage taskUsageShow Switch Management Address Information 1 Status and Counters … 2. Switch Management Address Information This screen displays addresses that are important for management of the address for the entire switch. Refer to the online Help for details existing on the switch as a result of GVRP operation.) chapter of the Advanced Traffic Management Guide for your switch chapter of the Module Information Menu: Displaying Port Status 1.Status and Counters … 3.Module Information Figure B-8.Example of Module Information in the Menu Interface show modules Figure B-9.Example of the show modules Command Output does not display as the ports are fixed and not part of any module Port Status B-14 Figure B-11.Example of Port Status on the Menu Interface Web Access 1.Click on the Status tab Viewing Port and Trunk Group Statistics and Flow Control Status B-15 ■A detailed summary of traffic on a selected port or trunk group You can also reset the counters for a specific port “snapshot” of port or trunk group statistics at a particular moment N o t e o n R e s e t does not affect the cumulative values in the actual hardware counters. (In to the accumulated values in the hardware counters B-16 Menu Access to Port and Trunk Statistics 4.Port Counters Figure B-12.Example of Port Counters on the Menu Interface how Details Figure B-13.Example of the Display for Show details on a Selected Port Reset To Display the Port Counter Summary Report To Display a Detailed Traffic Summary for Specific Ports To Reset the Port Counters clear statistics global clear statistics Viewing the Switch’s MAC Address Tables These features help you to view: ■The port on which each MAC address was learned Menu Access to the MAC Address Views and Searches B-19 Page Page CLI Access for MAC Address Views and Searches Spanning Tree Protocol (MSTP) Information CLI Access to MSTP Data Syntax: show spanning-tree Figure B-17.Output from show spanning-treeCommand B-23 Internet Group Management Protocol (IGMP) Status For example, suppose that show ip igmp listed an IGMP group address of 224.0.1.22.You could get additional data on that group by executing the following: Figure B-18.Example of IGMP Group Data VLAN Information The switch uses the CLI to display the following VLAN status: For example, suppose that your switch has the following VLANs: Ports VLAN Listing the VLAN ID (VID) and Status for Specific Ports Figure B-20.Example of VLAN Listing for Specific Ports Listing Individual VLAN Status Figure B-21.Example of Port Listing for an Individual VLAN Web Browser Interface Status Information Figure B-22.Example of a Web Browser Interface Status Overview Screen Traffic Mirroring Traffic mirroring provides the following benefits: ■Allows you to monitor the traffic flow on specific source interfaces Mirroring destinations local C o n f i g u r a t i o n N o t e s Tr a f f i c S e l e c t i o n Selecting mirrored traffic inbound and outbound Mirroring Terminology local mirroring session A remote mirroring session means that: means that: •The monitored interface (A1) and exit port (B7) are on different switches Figure B-23.Local and Remote Sessions Showing Mirroring Terms Destination : Exit Port Host Direction-Based IDS: ing session are on the same switch source switch on which the inbound and/or outbound traffic to be mir rored originates, configured with one of the interface monitor or vlan interface monitor Mirrored Traffic Destinations Local Destinations Remote Destinations remote ■ 3500yl Criteria for Selecting Mirrored Traffic Mirroring Session Limits Mirroring Sessions ■You can reduce the risk of oversubscribing a single exit port by: •Directing traffic from different session sources to multiple exit ports Mirroring Configuration Table B-1.Mirroring Configuration Options Using the CLI, you can configure all mirroring options on a switch except Remote Mirroring Endpoint and Intermediate Devices The exit port for a mirroring destination must be an individual port, and ■A switch mirrors traffic on static trunks, but not on dynamic LACP trunks Migration to Release K.12.xx ■A legacy mirroring configuration on a port or VLAN interface maps to session Traffic-selection and ■In a legacy mirroring configuration, a local exit port is applied to session Figure B-24.Mirroring Configuration in “show run” Output in Release K.13.xx mirror name "test-10"remote ip 10.10.10.1 8010 class ipv4 “100MirrorClass” Using the Menu or Web Interface To Configure Local Mirroring Menu and Web Interface Limits ■any combination of source port(s), trunk(s), and/or a mesh ■one static, source VLAN interface The Menu and Web interfaces also have these limits: 3. Network Monitoring Port Figure B-26.The Default Network Mirroring Configuration Screen Monitoring Port Figure B-27.How To Select a Local Exit Port Ports: Use for mirroring ports, static trunks, or the mesh Ports: VLAN: Use for mirroring a VLAN 7.Do one of the following: Action CLI: Configuring Local and Remote Mirroring ■The same switch as the source interface (local mirroring) ■ “Local Mirroring Overview” on page B-44 ■ “Remote Mirroring Overview” on page B-46 (The remote switch must be chapter.) name command to configure the session B-44 Page Configure a Mirroring Policy to Select Inbound Traffic (Page B-66) class < ipv4 | ipv6 > < classname classname [no] [seq-number]< match | ignore > < ip-protocol > < source-address precedence Caution Configure the Mirroring Destination on a Remote Switch (Page B-50): IP Address and UDP Port on Source Switch IP Address and Exit Port on Remote Switch mirror endpoint ip > port 1. Determine the Mirroring Session and Destination or leaves the source switch ■ The unique UDP port number to use for the session on the source switch (The recommended port range is from 7933 to 65535.) these port numbers for mirroring can result in an interruption of other IP 2.Configure a Mirroring Destination on a Remote Switch Configuring a Destination Switch in a Remote Mirroring Session B-50 no mirror endpoint ip < src-ip > < src-udp-port > < dst-ip This command is used on a destination switch to configure Caution: mirroring endpoint support for a given session if there are source switches currently configured to mirror traffic to the endpoint address you configure on the source switch for the remote 3.Configure a Mirroring Session on the Source Switch B-52 For a local mirroring session, enter the mirror port “1. Determine the Mirroring Session and Destination” on page B-49 Syntax: mirror < 1 - 4 > port < exit-port-# > [name < name-str >] no mirror < 1- 4 src-ip 4.Configure the Monitored Traffic in a Mirror Session Traffic Selection Options ■Interface type •Port, trunk, and/or mesh •VLAN K.14.01 and greater Only inbound IPv4 or IPv6 traffic selected with a ■“Selecting All Inbound/Outbound Traffic to Mirror” on page B-57 ■“Selecting Inbound Traffic Using an ACL (Deprecated)” on page B-62 ■“Selecting Inbound/Outbound Traffic Using a MAC Address” on page B-63 Selecting All Inbound/Outbound Traffic to Mirror Port Interface with Traffic Direction as the Selection Criteria port/trunk/mesh monitor all < in | out | both >: For the interface specified by in: Mirrors entering traffic out: Mirrors exiting traffic out both: Mirrors traffic entering and exiting no-tag-added Figure B-28.Mirroring Commands with the no-tag-addedOption ProCurve# show monitor The MIB object hpicfBridge- DontTagWithVlan is used to implement the no-tag-added Operating Notes Cannot monitor more than one logical port with no-tag-addedoption vlan Uses the direction of traffic on the specified to select traffic to mirror. Refer to the syntax description on B-57 (If you enter the Selecting Inbound Traffic Using an ACL (Deprecated) Selecting Inbound/Outbound Traffic Using a MAC Address src dest no monitor mac dest mirror monitor mac mirror 1 2 3 traffsrc4 [name R e s t r i c t i o n s monitor mac 111111-222222src mirror monitor mac 111111-222222dest mirror Selecting Inbound Traffic Using Advanced Classifier-BasedMirroring ■Support for mirroring both IPv4 and IPv6 traffic The ability to ■The mirroring of outbound traffic exiting the switch ■The use of meshed ports as monitored (source) interfaces If a mirroring session is configured to use a Classifier-BasedMirroring Configuration B-67 Context: Syntax: [no] class < ipv4 | ipv6 > <classname ignore default-class Page session Prerequisite class action session-number Restriction action Advanced Traffic Manage ment Guide a port or VLAN interface, the switch immediately starts to use the traffic selection criteria and exit port to mirror traffic to the destination device connected to each exit port no interface no vlan a1, b4, d3 a1-a5 ■show class < class-name ■show policy < mirror-policy-name show policy ■show policy resources show statistics policy B-74 Applying Multiple Mirroring Sessions to an Interface All inbound and outbound traffic on Ports b1, b2, and b3 is mirrored in session ■Only selected voice traffic on Port b1 is mirrored in session Figure B-32.Example of Applying Multiple Sessions to the Same Interface B-75 Displaying a Mirroring Configuration Displaying All Mirroring Sessions Configured on the Switch Syntax: show monitor Mirroring is currently disabled Sessions: Lists the four configurable sessions on the switch Sources: Policy: UDP Source Addr: UDP port: UDP Dest Addr: show monitor | name Type: show monitor endpoint ProCurve(config)# show monitor endpoint Session: Session Name: Displays the name of the session, if configured Session Name: Mirroring Destination: Direction: Figure B-35.Configuring a Remote Mirroring Session and Monitored Source ProCurve_8200(config)# show monitor Session: 2 Session Name: test-10 Policy: no policy relationship exists Figure B-38.Displaying a MAC-basedMirroring Session ■Session number: ■Session name: Detail ■Mirrored traffic is sent to exit port B3 Session: 1 Session Name: Detail Displaying Information on a Classifier-BasedMirroring Session. In mirrorAdminTraffic roCurve(config Source Figure B-41.Displaying a Classifier-basedPolicy in a Local Mirroring Session Figure B-42.“show class” Output for a Mirroring Policy Figure B-43.“show policy” Output for a Mirroring Policy Figure B-44.“show statistics policy” Output for a Mirroring Policy Displaying Resource Usage for Mirroring Policies Syntax: show policy resources show qos resources access-list B-85 Viewing the Mirroring Configurations in the Running Configuration File ;J8697A Configuration Editor; Created on release #K.12.XX max-vlans300 no ip address exit Figure B-47.Displaying Remote Mirroring Endpoints in the Running Configuration B-86 Mirroring Configuration Examples Example: Local Mirroring Using Traffic-DirectionCriteria 1.Configure the local mirroring session, including the exit port 2.Configure the monitored source interfaces for the session Figure B-48.Local Mirroring Topology Figure B-50.Sample Topology in a Remote Mirroring Session Switch-C(config)#mirror 10.10.10.119 930010.10.30.2 port a15 Switch-C(config)#mirror endpoint 10.10.20.145930010.10.30.2 port a15 B-88 Figure B-52.Configuring a Classifier-BasedPolicy on Source Switch A 4.On source switch B, repeat Steps 2 and 3: B-89 Switch-B(config)#vlan 20 service-policymirrorTCP in Figure B-53.Configuring a Classifier-BasedPolicy on Source Switch B Example: Remote Mirroring Using Traffic-DirectionCriteria B-90 Figure B-54.Sample Topology for Remote Mirroring from a Port Interface Switch-C(config)#mirror endpoint ip 10.10.10.119 port b10 Figure B-55.Configuring a Remote Mirroring Endpoint mirror 2 remote ip 10.10.10.119 9400 Maximum Supported Frame Size The IPv4 encapsulation of mirrored traffic adds a 54-byteheader to each sion Unit) allowed in the network, the frame is dropped dropped. Also, remote mirroring does not allow downstream devices in a mirroring path to fragment mirrored frames Table B-2.Maximum Frame Sizes for Mirroring B-93 Effect of Downstream VLAN Tagging on Untagged Mirrored Traffic Figure B-57.Effect of Downstream VLAN Tagging on the MTU for Mirrored Traffic B-94 Operating Notes for Traffic Mirroring Mirroring and Spanning Tree: Tagged and Untagged Frames: no tag-added Inbound Mirrored IPv4-EncapsulatedFrames are Not Mirrored: Switch Operation as Both Destination and Source: < port > monitor B-96 Troubleshooting Traffic Mirroring • The configured remote exit port must not be a member of a trunk or mesh source to the destination • On the remote destination (endpoint) switch, the IP addresses of the remote exit port and the switch can belong to different VLANs B-98 Troubleshooting Example of Event Counter Operation Displaying a Debug/Syslog Configuration C-2 DNS Resolver Page Troubleshooting Approaches Use these approaches to diagnose switch problems: Check the switch LEDs for indications of proper switch operation: Use ProCurve Manager to help isolate problems and recommend solu tions •Port Utilization Graph Browser or Telnet Access Problems Cannot access the web browser interface: 2. Switch Configuration … 2.Switch Management Address Information also check the DHCP/Bootp server configuration to verify correct IP addressing Cannot Telnet into the switch console from a station on the network: Inbound Telnet Enabled Unusual Network Activity General Problems The network runs slow; processes fail; users cannot access servers or other devices •Turn on Spanning Tree Protocol to block redundant links (i.e. topology loops) 802.1Q Prioritization Problems Ports configured for non-defaultprioritization (level 1 - 7) are not performing the specified action ACL Problems C-9 Figure C-1.Indication that Routing Is Enabled management access If you need to configure IP routing, execute the ip routing command ip routing itself. Also, the switch applies assigned ACLs only at the point where Error (Invalid input) when entering an IP address Figure C-2.Examples of Correctly and Incorrectly Specifying a Single Host Apparent failure to log all “Deny” Matches log deny any Routing Through a Gateway on the Switch Fails Remote Gateway Case Figure C-3.Example of ACE Blocking an Entire Subnet C-12 Figure C-4.Example of Inadvertently Blocking a Gateway Local Gateway Case 2.Permit authorized traffic 3.Deny any unauthorized traffic that you have not already denied in step C-13 IGMP-RelatedProblems LACP-RelatedProblems Port-BasedAccess Control (802.1X)-RelatedProblems The supplicant statistics listing shows multiple ports with the same authenticator MAC address The 802.1X is not active on the switch. After you execute , all ports configured with RADIUS server fails to respond to a request for service, even though show radius key. If the switch already has a Figure C-6.Displaying Encryption Keys show port- access authenticator QoS-RelatedProblems Radius-RelatedProblems The switch does not receive a response to RADIUS authentication Figure C-7.Examples of Global and Unique Encryption Keys Spanning-TreeProtocol (MSTP) and Fast-Uplink Problems tunity to evaluate MSTP performance in your network. Because incorrect Broadcast Storms Appearing in the Network. This can occur when the loop to be detected SSH-RelatedProblems pub-key file PEM-formatted key into an Page TACACS-RelatedProblems Event Log tacacs-server C-22 ■The account has expired aaa authentication num-attempts C-23 TimeP, SNTP, or Gateway Problems The Switch Cannot Find the Time Server or the Configured Gateway VLAN-RelatedProblems Monitor Port None of the devices assigned to one or more VLANs on an 802.1Q Figure C-8.Example of Correct VLAN Port Assignments on a Link C-25 Figure C-9.Example of Duplicate MAC Address Fan Failure Using the Event Log for Troubleshooting Switch Problems Reboot the switch by choosing the Event Log Entries Severity Date Date Time is the time in the format hh:mm:ss when an entry is recorded in the log Time Event Number log-number C-29 C-30 C-31 C-32 C-33 C-34 Menu: Displaying and Navigating in the Event Log Event Log Figure C-11.Example of an Event Log Display Table C-1.Event Log Control Keys C-35 CLI: Displaying the Event Log Examples CLI: Clearing Event Log Entries clear logging CLI: Turning Event Numbering On Using Log Throttling to Reduce Duplicate Event Log and SNMP Messages Log Throttle Periods Example of Log Throttling W 10/01/06 09:00:33 PIM:No IP address configured on VID 100 (1) Figure C-12.Example of the First Instance of an Event Message and Counter C-38 W 10/01/06 09:28:42 PIM:No IP address configured on VID 100 (8) Figure C-13.Example of Duplicate Messages Over Multiple Log Throttling Periods C-39 Example of Event Counter Operation Suppose the switch detects the following after a reboot: Table C-2.How the Duplicate Message Counter Increments C-40 Debug/Syslog Operation Debug/Syslog Messaging Debug/Syslog Destination Devices debug destination ■Up to six Syslog servers Debug/Syslog Configuration Commands C-42 Figure C-15.Summary of Debug/Syslog Configuration Commands page C-57)is supported on the following switch models: Series 6400cl switches 6200yl Switch 6600 switch Configuring Debug/Syslog Operation logging facility no debug event 5. If you configure system-moduleand/or severity-levelvalues to filter Event messages to configured debug destinations (Syslog servers and/or CLI session) all Event Log messages, enter one or both of the following commands: Figure C-16.Sample Output of show debug Command C-46 logging severity Example Debug logging of ACL and user C-48 C-49 Debug Command show statistics < aclv4 | aclv6 Syntax: [no] debug < debug-type > (Continued) (Continued) If no Syslog server address is configured and you enter the adj — event — dd— Database descriptions hello — Hello messages hello — lsa — Link-stateadvertisements lsr — Link-staterequests dhcpv6-client[events | packet]: Displays DHCPv6 client event and packet data [forwarding]: Displays IPv6 forwarding messages [forwarding]: [nd]: Displays debug messages for IPv6 neighbor discovery [nd]: ProCurve# debug destination session Logging Command By specifying both a severity level and system module, you can use both configured settings to filter the Event Log messages you want to use to troubleshoot switch or network error conditions power recycle. The debug settings and destinations configured in your Configuring a Syslog Server syslog-ip-addr C-55 Syntax: [no] logging < syslog-ip-addr no debug destination logging debug destination logging C-56 Syntax: [no] logging facility < facility-name facility-name Adding a Description for a Syslog Server (IPv4 only) configured for syslog using the CLI or SNMP toring of syslog for SNMP (RFC 3164 supported) C-57 Adding a Priority Description severity system module parameters either through the CLI or with SNMP Configuring the Severity Level for Event Log Messages Sent to a Syslog Server highest to lowest): Major: A fatal error condition has occurred on the switch Major: Operating Notes for Debug and Syslog C-60 ■Debug commands do not affect normal message output to the Event Log debug event ■Ensure that your Syslog servers accept Debug messages Duplicate IP addresses are not stored in the list of syslog servers C-61 Diagnostic Tools Diagnostic Features C-62 Port Auto-Negotiation Ensure that the switch port and the port on the attached If the attached Ping and Link Tests be IEEE 802.3-compliant Figure C-21.Link and Ping Test Screen on the Web Browser Interface Successes Failures C-64 Number of Packets to Send CLI: Ping Test Sends ICMP echo requests to determine if another device is alive ping6 <ip-address| hostname source <ip-addr| hostname data-size <0-65471 data-fill <0-1024 Figure C-22.Examples of Ping Tests Link Tests Traceroute Command Ctrl traceroute6 <ip-address| hostname The IP address or hostname of the device to which to send the traceroute traceroute A Low Maxttl Causes Traceroute To Halt Before Reaching the Destination Address. For example, executing traceroute with its default Destination Address C-68 Figure C-24.Example of a Completed Traceroute Enquiry maxttl Figure C-25.Example of Incomplete Traceroute Due to Low Maxttl Setting C-69 Common reasons for Traceroute failing to reach a destination include: Figure C-26.Example of Traceroute Failing to Reach the Destination Address C-70 Viewing Switch Configuration and Operation CLI: Viewing the Startup or Running Configuration File Web: Viewing the Configuration File Diagnostics 2.Click on [Configuration Report] CLI: Viewing a Summary of Switch Operational Data Figure C-27shows sample output from the show tech command Figure C-27.Example of Show Tech Command copy show tech Saving show tech Command Output to a Text File C-73 Transfer | Capture Text Figure C-28.Capture Text window of the Hyperterminal Application Figure C-29.Entering a Path and Filename for Saving show tech Output [Start] Transfer | Capture Text | Stop Customizing show tech Command Output To customize the information displayed with the show tech command: copy “show system” slot-id ip-addr remote-file unix command-file acl-filename .txt copy usb CLI: Viewing More Information on Switch Operation show history show system-information show version show interfaces show exclude begin: Figure C-30.Example of Pattern Matching with Include Option Figure C-31.Example of Pattern Matching with Exclude Option C-80 Figure C-32.Example of Pattern Matching with Begin Option show arp CLI: Useful Commands for Troubleshooting Sessions Syntax: alias show ip ssh command Restoring the Factory-Default Configuration CLI: Resetting to the Factory-DefaultConfiguration Clear/Reset: Resetting to the Factory-DefaultConfiguration Restoring a Flash Image Call Disconnect ii.Select File | Properties vi.Select Call | Connect File Figure C-34.Example of Xmodem Download in Progress DNS Resolver Host Name — evergreen.trees.org accounts015 sales021 Basic Operation ■When the switch is configured with both of the following: •the IP address of a DNS server available to the switch •the domain suffix of a domain available to the configured DNS server then: Configuring and Using DNS Resolution with DNS-CompatibleCommands Configuring a DNS Entry Syntax: [no] ip dns server-addresspriority < 1 - 3 > < ip-addr •the relative priority of the DNS server when multiple servers are configured •the IP address of the DNS server C-90 Example Using DNS Names with Ping and Traceroute Figure C-37.Example Network Domain Entity: Identity: docserver Figure C-38.Configuring Switch “A” in FigureC-37To Support DNS Resolution 37 as a target: Viewing the Current DNS Configuration show run ProCurve# show ip IP Routing : Disabled Gateway : Switch-Initiated C-94 Event Log Messages Message Meaning Locator LED (Locating a Switch) Syntax: chassislocate [blink | on | off] Locates a switch by using the blue Locate LED on the front panel blink <1-1440 on <1-1440 MAC Address Management Page Determining MAC Addresses Use the menu interface Use the CLI Menu: Viewing the Switch’s MAC Addresses The Management Address Information screen lists the MAC addresses for: ■ Base switch (default VLAN; VID = 1) ■ Any additional VLANs configured on the switch Also, the Base MAC address appears on a label on the back of the switch CLI: Viewing the Port and VLAN MAC Addresses uses the first 24 MAC addresses in the allotment, and so-on (All VLANs in the switch have the same MAC address.) walkmib in the switch, regardless of which VLAN you select Figure D-2.Example of Port MAC Address Assignments on a Switch D-6 Viewing the MAC Addresses of Connected Devices MAC address < mac-addr > not found mac-address D-8 Monitoring Resources Viewing Information on Resource Usage Policy Enforcement Engine When the following features are configured globally or •ACLs •QoS configurations that use the following commands: qos device-priority –QoS application port through the CLI using qos tcp-port or qos udp-port tcp-port –VLAN QoS Policies through the CLI using service-policy Displaying Current Resource Usage show resources policy Syntax: show <qos | access-list| policy> resources ■There is authenticated client usage of IDM resources on ports E-5 in/out bcast/mcast qos priority qos dscp qos protocol When Insufficient Resources Are Available E-8 Daylight Savings Time on ProCurve Switches Middle Europe and Portugal: Southern Hemisphere: Western Europe: Figure F-1.Menu Interface with “User-Defined”Daylight Time Rule Option ■If the configured day is a Sunday, the time changes at 2am on that day This is true for both the “Beginning day” and the “Ending day” F-3 F-4 Subject Maximum G-1 G-2 Switch Licensing The procedure for installing a licensed feature into a switch is: licenses hardware-id <license_type ProCurve# licenses hardware-idpremium 5.Reboot the switch. For example: Power-SavingFeatures ■Turn slot power on or off ■Turn LED power on or off using a timer ■Slot auto low power mode The modules support the power-savingfeatures as indicated in the table below Configuring the Power-SavingOptions savepower Configuring the Savepower module Option module Figure I-1.Example of savepower module Command slot-id duration <[HH:]MM recur recur Default: disabled Figure I-2.Example of Setting a Time and Duration for savepower led Command Configuring the Savepower port-low-pwrOption Figure I-3.Example of savepower port-low-powerCommand for Slot C Show Savepower Commands Show Savepower Module show save- power module Figure I-4.Example of Output for show savepower module Command Show Savepower Port-low-pwr show savepower port-low-pwr Figure I-5.Example of Output for show savepower port-low-pwrCommand Figure I-6.Example of Output for show savepower led Command J-1 Concepts Management communications with a managed switch can be: ■in band—throughthe networked data ports of the switch out of Figure J-1.Management ports Table J-1.Switch Management Ports Example Figure J-2.Network out-of-bandmanagement in a data center J-4 OOBM and Switch Applications J-5 Tasks OOBM Configuration OOBM Context Syntax: oobm OOBM Enable/disable From the OOBM context: enable disable From the general configuration context: Enables or disables networked out-of-band-managementon the switch OOBM Port Enable/disable OOBM Port Speed Control OOBM IPv4 Address Configuration [no] ip address [dhcp-bootp| ip-address/mask-length] ip-address/mask-length [no] oobm ip address [dhcp-bootp| ip-address/mask-length] Configures an IPv4 address for the switch’s OOBM interface OOBM Show Commands Show OOBM Show OOBM IP Configuration show oobm ip Show OOBM ARP Information show oobm arp Application Server Commands Default value is both for all servers Telnet: Management and Configuration Guide, page SSH: Application Client Commands Figure J-3.Example data center J-16 Index Symbols Numerics 2 – Index Page 4 – Index Page 6 – Index Page source IP address … Page 10 – Index Page 12 – Index Page 14 – Index Page 16 – Index begin option … C-79 18 – Index Page 20 – Index Page 22 – Index