Page
Page
HP ProCurve
3500 Switches
3500yl Switches
5400zl Switches
6200yl Switch
Page
Product Documentation
1 Getting Started
2 Selecting a Management Interface
3 Using the Menu Interface
4 Using the Command Line Interface (CLI)
5 Using the ProCurve Web Browser Interface
6 Switch Memory and Configuration
Viewing the Startup-ConfigFile Status with Multiple
Using the Clear + Reset Button Combination To Reset the
Xmodem: Copying a Configuration File to a Serially
Xmodem: Copying a Configuration from a Serially
7 Interface Access and System Information
8 Configuring IP Addressing
9 Time Protocols
10 Port Status and Configuration
11 Power Over Ethernet (PoE/PoE+) Operation
12 Port Trunking
13 Port Traffic Controls
14 Configuring for Network Management Applications
Menu: Viewing and Configuring non-SNMPversion
15 Redundancy (Switches 8200zl)
Software Version Mismatch Between Active
Potential Software Version Mismatches
Downloading a Software Version
Serially if the Management Module is Corrupted
Management Module LED Behavior
A File Transfers
Xmodem: Copying a Software Image from the Switch to a
Xmodem: Copying a Configuration File from a Serially
USB: Uploading an ACL Command File from a USB Device . . A-38
Copying Diagnostic Data to a Remote
B Monitoring and Analyzing Switch Operation
2. Configure a Mirroring Destination on a Remote Switch . . . . . . . B-50
3. Configure a Mirroring Session on the Source Switch . . . . . . . . . . B-52
C Troubleshooting
Using Log Throttling to Reduce Duplicate Event
Debug/Syslog Operation
Configuring the Severity Level for Event Log
Configuring the System Module Used to Select the Event Log
Messages Sent to a Syslog Server
Web: Executing Ping or Link Tests
Saving show tech Command Output to a Text File
D MAC Address Management
E Monitoring Resources
FDaylight Savings Time on ProCurve Switches
GScalability: IP Address, VLAN, and Routing Maximum Values
HSwitch Licensing
JNetwork Out-of-BandManagement (OOBM) for the 6600 Switch
Index
Product Documentation
Software Feature Index
and MLD Snooping), refer to the IPv6 Configuration Guide
included on all switches
the HP ProCurve 6200yl switches.)
Premium License Software
Page
Page
Page
Page
Page
Page
Getting Started
Introduction
www.hp.com/go/ procurve/manuals
Conventions
Command Syntax Statements
copy tftp
Command Prompts
ProCurve 8212zl#
ProCurve
(You can use the hostname command to change the text in the CLI prompt.)
hostname
Sources for More Information
below, including Release Notes covering recently added features, visit the
■ Software Release Notes—ReleaseNotes are posted on the HP ProCurve
•new features and how to configure and use them
•software management, including downloading software to the switch
Page
Getting Documentation From the Web
www.hp.com/go/ procurve/manuals
Online Help
Menu Interface
Figure 1-2.Online Help for Menu Interface
help
Figure 1-3.Example of CLI Help
Web Browser Interface
Figure 1-4.Web Browser Interface Online Help
Need Only a Quick Start
IP Addressing
setup
8.Run Setup
To Set Up and Install the Switch in Your
Selecting a Management Interface
Understanding Management Interfaces
Menu
ProCurve Manager
(PCM)—
ProCurve Manager Plus
Advantages of Using the Menu Interface
Figure 2-1.Example of the Console Interface Display
Provides quick, easy management access
to a
menu-driven
Advantages of Using the CLI
Figure 2-2.Command Prompt Examples
General Benefits
Information on Using the CLI
Advantages of Using the Web Browser
Interface
■Display of acceptable ranges of values available in configuration list boxes
Advantages of Using ProCurve Manager or ProCurve Manager Plus
Figure 2-4.Example of the Home Page for ProCurve Manager Plus
Page
Device Software Updates:
Custom Login Banners for the Console and Web Browser Interfaces
■Telnet
■serial connection
■SSHv2
■Web browser
show banner motd
Syntax: banner motd < delimiter
delimiter
no banner motd
<banner-text-string
Figure 2-5.Example of Configuring a Login Banner
show running
Figure 2-6.Example of show banner motd Output
Figure 2-7.The Current Banner Appears in the Switch’s Running-ConfigFile
Figure 2-8.Example of CLI Result of the Login Banner Configuration
Operating Notes
no banner motd
ssh version
1-or-2
Warning: SSH version has been set to
1-or-2
Page
Using the Menu Interface
This chapter describes the following features:
■Overview of the Menu Interface (page 3-2)
■Starting and ending a Menu session (page 3-3)
■The Main Menu (page 3-7)
■Screen structure and navigation (page 3-9)
Starting and Ending a Menu Session
You can access the menu interface using any of the following:
How To Start a Menu Interface Session
1.Use one of these methods to connect to the switch:
•A PC terminal emulator or terminal
•Telnet
2.Do one of the following:
How To End a Menu Session and Exit from the Console:
Switch Configuration
Figure 3-2.Example Indication of a Configuration Change Requiring a Reboot
Reboot Switch
Main Menu Features
Figure 3-3.The Main Menu View with Manager Privileges
The Main Menu gives you access to these Menu interface features:
Status and Counters:
Switch Configuration:
Reboot Switch:
Download OS:
Run Setup:
Logout:
Screen Structure and Navigation
Menu interface screens include these three elements:
■Parameter fields and/or read-onlyinformation such as statistics
■Navigation and configuration actions, such as Save, Edit, and Cancel
For example, in the following System Information screen:
Table 3-1.How To Navigate in the Menu Interface
In most screens there is a
Help
option in the
Figure 3-5.Example Showing How To Display Help
9.)
Rebooting the Switch
Figure 3-6.The Reboot Switch Option in the Main Menu
Rebooting To Activate Configuration Changes
. (To access this parameter, go to the Main Menu and select:
2.Switch Configuration
8.VLAN Menu
Maximum VLANs to support
Menu Features List
Where To Go From Here
Page
Using the Command Line Interface (CLI)
Accessing the CLI
Command Line (CLI)
Using the CLI
Privilege Levels at Logon
Figure 4-1.Example of CLI Log-OnScreen with Password(s) Set
ProCurve#
C a u t i o n
Privilege Level Operation
Operator Privileges
Manager Privileges
Figure 4-2.Access Sequence for Privilege Levels
Operator Privileges
config
ProCurve(config)#
Context Configuration level:
ProCurve(eth-1)#
ProCurve(vlan-10)#
Table 4-1.Privilege Level Hierarchy
How To Move Between Levels
Password:
# config
(vlan-10)#
interface e
Listing Commands and Command Options
Listing Commands Available at Any Privilege Level
Typing ? at the Manager level produces this listing:
Figure 4-4.Exampleof the Manager-LevelCommand Listing
- - MORE
ProCurve(config)# t [Tab] tacacs-server telnet-server
time timesync trunk telnet terminal traceroute ProCurve(config)# t
ProCurve(config)# port-[Tab]
Figure 4-5.Example of How To List the Options for a Specific Command
Displaying CLI “Help”
Displaying Command-ListHelp
Syntax: help
help
Figure 4-6.Example of Context-Sensitive Command-ListHelp
Figure 4-7.Exampleof How To Display Help for a Specific Command
Configuration Commands and the Context Configuration Modes
Port or
Trunk-Group
Context
ProCurve(config)# interface c3-c6
Figure 4-8. Context-SpecificCommands Affecting Port Context
VLAN Context
ProCurve(config)# vlan
Command executed at configuration level to enter VLAN 100 context
ProCurve(vlan-100)#
Resulting prompt showing VLAN 100 context
CLI Control and Editing
Executing a Prior Command—Redo
The redo command executes a prior command in the history list
Syntax: redo [number | command-str]
Re-executesa command from history. Executes the last command by default
For example:
Using a Command Alias
alias
name:
command:
show interface custom
show alias
Figure 4-13.Example of Alias Commands and Their Configurations
CLI Shortcut Keystrokes
Using the ProCurve Web Browser Interface
Page
■Optimize your network uptime by using the Alert Log and other diagnostic tools
■Make configuration changes to the switch
■Maintain security by configuring usernames and passwords
This chapter covers the following:
web-management
Web Agent Enabled
No
General Features
Starting a Web Browser Interface Session with the Switch
You can start a web browser session in the following ways:
•Directly connected to your network
•Connected through remote access to your network
■Using a network management station running ProCurve Manager on your network
Using ProCurve Manager (PCM) or
ProCurve Manager Plus (PCM+)
This procedure assumes that:
Make sure the Java
listing under
Figure 5-1.Example of Status Overview Screen
Tasks for Your First ProCurve Web
Browser Interface Session
■Review the “First Time Install” window
■Set Manager and Operator passwords
■Set access to the web browser interface online help
Security: Creating Usernames and Passwords
in the Browser Interface
rity Guide for your switch
Operator Setting
Manager Setting
Figure 5-3.TheDevice Passwords Window
secure access to the device
Device Passwords
Entering a User Name and Password
Figure 5-4.Example of the Password Prompt in the Web Browser Interface
Using a User Name
If You Lose the Password
Online Help for the Web Browser Interface
Figure 5-5.TheHelp Button
Support/Mgmt URLs Feature
■Support URL – A support information site for your switch
Support URL
■Management Server URL – The web site for web browser online Help
Management Server URL
Support URL
Support
Help and the Management Server URL
Management Server URL
www.hp.com/rnd/device_help
Using the PCM Server for Switch Web Help
Go to the ProCurve Support web site to get the Device Help files:
www.hp.com//rnd/device_help
2.Copy the Web help files to the PCM server, under:
http://15.29.37.12.8040/rnd/device_help
Status Reporting Features
Browser elements covered in this section include:
■The Overview window (below)
■Port utilization and status (page 5-18)
■The Alert log (page 5-21)
The Port Utilization and Status Displays
Figure 5-9.The Graphs Area
Port Utilization
% Unicast Rx & All Tx:
Maximum Activity Indicator:
Utilization Guideline
To change the amount of bandwidth the Port Utilization bar graph
Figure 5-10.Changing the Graph Area Scale
Hold the mouse cursor over any of the bars in the graph, and a
Figure 5-11.Display of Numerical Values for the Bar
Port Status
Figure 5-12.The Port Status Indicators and Legend
Port Connected
Port Not Connected
The Alert Log
Figure 5-13.Example of the Alert Log
Each alert has the following fields of information:
■Alert – The specific event identification
Alert
Acknowledge Event
Delete Event
Cancel
Status Indicators
Setting Fault Detection Policy
Figure 5-15.The Fault Detection Window
Log Network Problems
High Sensitivity
Medium Sensitivity
Low Sensitivity
Never
Page
Switch Memory and Configuration
Changing or Overriding the Reboot Configuration Policy
Renaming an Existing Startup-ConfigFile
Transferring Startup-ConfigFiles To or From a Remote Server
TFTP: Copying a Configuration File to a Remote Host
TFTP: Copying a Configuration File from a Remote Host
Configuration File Management
running-config
Figure 6-1.Conceptual Illustration of Switch Memory Operation
Running Config File:
Startup-config
File:
Any of the following actions boots the switch:
• Executing the boot or the reload command in the CLI
• Executing the boot command in the menu interface
Page
Show config
How To Use the CLI To Reconfigure Switch Features
file)
file
Using the CLI To Implement
Configuration Changes
The CLI offers these capabilities:
■Access to the full set of switch configuration features
■The option of testing configuration changes before making them perma nent
auto-10
How To Cancel Changes You Have Made to the Running-ConfigFile
Update the
ProCurve(config)# interface e 1 disable ProCurve(config)# boot
Device will be rebooted, do you want to continue [y/n]? y
Figure 6-2.Boot Prompt for an Unsaved Configuration
How To Reset the startup-configand running-configFiles to the
Factory Default Configuration. This command reboots the switch
Factory Default Configuration
with the factory-defaultstartup configuration
ProCurve(config)# erase startup-config
Using the Menu and Web Browser
Interfaces To Implement Configuration
Changes
The menu and web browser interfaces offer these advantages:
■Quick, easy menu or window access to a subset of switch configuration features
Rebooting from the Menu Interface
■Terminates the current session and performs a reset of the operating system
■Activates any configuration changes that require a reboot
Figure 6-5.The Reboot Switch Option in the Main Menu
parameter
2. Switch Configuration
8. VLAN Menu
Figure 6-6.Indication of a Configuration Change Requiring a Reboot
Web: Implementing Configuration Changes
config file and the startup-configfile
browser interface
Using Primary and Secondary Flash
Image Options
Displaying the Current Flash Image Data
show version
Figure 6-7.Example Showing the Identity of the Current Flash Image
Figure 6-8.Example Showing Different Flash Image Versions
Determining Which Flash Image Versions Are Installed. The show ver
Figure 6-9.Determining the Software Version in Primary and Secondary Flash
Switch Software Downloads
Table 6-1.Primary/Secondary Memory Access
xmodem
usb
Download Interruptions
Local Switch Software Replacement and Removal
Copying a Switch Software Image from One Flash Location to
Syntax: copy flash flash <destination flash
destination flash
where: destination flash = primary or secondary:
Caution:
No Undo
Syntax: erase flash < primary | secondary
For example, to erase the software image in primary flash, do the following:
ProCurve# boot system flash secondary
Rebooting the Switch
Operating Notes about Booting
Default Boot Source
boot system flash [primary | secondary]
flash [primary | secondary]
reload at 1:00
mm/dd
mm/dd
Boot and Reload Command Comparison
Table 6-2.Comparing the Boot and Reload Commands
The reload command
Setting the Default Flash
flash
Syntax: boot set-defaultflash [primary |secondary]
boot set- default
boot system flash <primary | secondary
Syntax: boot [system [flash <primary | secondary>] [config FILENAME]
Note
system:
Figure 6-16.Example of Boot Command with Secondary Flash Option
Syntax: [no] fastboot
Enables the fastboot option
The no option disables the feature
Syntax: show fastboot
Syntax: reload
Scheduled Reload
at:
The no form of the command removes a pending reboot request
For more details and examples, see below
The scheduled reload feature removes the requirement to physically reboot
Multiple Configuration Files
A fixed reboot policy using a specific
■Overriding the current reboot policy on a per-instancebasis
Figure 6-19.Optional Reboot Process
General Operation
The switch uses three memory “slots”, with identity
) numbers of
, and
Boot Options
backupConfig
Use the CLI to make configuration changes in the
Transitioning to Multiple Configuration Files
Assigns the filename
oldConfig
Saves a copy of the existing
Listing and Displaying Startup-ConfigFiles
Viewing the Startup-ConfigFile Status with Multiple
Configuration Enabled
Syntax: show config files
id:
Changing or Overriding the Reboot Configuration Policy
You can boot the switch using any available startup-configfile
■The active configuration file
Syntax: startup-default[ primary | secondary ] config < filename
Specifies a boot configuration policy option:
config
boot system flash
For example, suppose:
minconfig
newconfig
Managing Startup-ConfigFiles in the Switch
Renaming an Existing Startup-ConfigFile
Unable to copy configuration to “< target-filename >”
Figure 6-22.Example of Using One Startup-ConfigFile for Both Primary and
Secondary Flash
flash memory location from which you have erased the currently assigned
Erasing a Startup-ConfigFile
startup-config:
erase
erase config
Figure 6-24.Example of Erasing a Non-Active Startup-ConfigFile
config1
Figure 6-25.Example of Clear + Reset Result
Transferring Startup-ConfigFiles To or From a Remote Server
TFTP: Copying a Configuration File to a Remote Host
src-file
remote
file
test
TFTP: Copying a Configuration File from a Remote Host
Unable to copy configuration to "< filename
erase config <filename
test 01.txt
copy
config
> xmodem
Xmodem: Copying a Configuration from a Serially
copy xmodem
Automatic Configuration Update with DHCP Option
■One or more DHCP servers with Option 66 are enabled
■One or more TFTP servers has the desired configuration file
CLI Command
The command to enable the configuration update using Option 66 is:
Possible Scenarios for Updating the Configuration File
Log Messages
“Invalid IP address <ip-address>received for DHCP Option 66”
Page
Interface Access and System Information
This chapter describes how to:
■View and modify the configuration for switch interface access
■Use the CLI kill command to terminate a remote session
kill
■View and modify switch system information
For help on how to actually use the interfaces built into the switch, refer to:
■Chapter 3, “Using the Menu Interface”
■Chapter 4, “Using the Command Line Interface (CLI)”
Interface Access: Console/Serial Link, Web, and Inbound Telnet
Interface Access Features
Menu: Modifying the Interface Access
To Access the Interface Access Parameters:
2.Switch Configuration
1.System Information
CLI: Modifying the Interface Access
Interface Access Commands Used in This Section
Listing the Current Console/Serial Link Configuration. This com
mand lists the current interface access parameter settings
Syntax: show console
Outbound Telnet to Another Device. This feature operates indepen
show telnet
Page
Reconfigure the Console/Serial Link Settings. You can reconfigure one
Syntax: console
Figure 7-4.Example of Executing the Console Command with Multiple Parameters
control and baud-rate,are the same on both management modules. There
cannot be individual settings for each management module
You can also execute a series of console commands and then save the
configuration and boot the switch. For example:
Denying Interface Access by Terminating Remote Management Sessions
show ip ssh
Kill
System Information
System Information Features
System Name:
System Contact and Location:
MAC Age Time:
Menu: Viewing and Configuring System Information
Figure 7-7.The System Information Configuration Screen (Default Values)
CLI: Viewing and Configuring System Information
System Information Commands Used in This Section
Listing the Current System Information. This command lists the current
Figure 7-8.Example of CLI System Information Listing
Configure a System Name, Contact, and Location for the Switch. To
Figure 7-9.System Information Listing After Executing the Preceding Commands
show running, show config
show system information
Figure 7-10.Menu Screen Showing System Information
Page
Configure the Time and Date
Syntax: time [ hh:mm [ :ss ]] [ mm/dd/ [ yy ] yy ]
mm/dd
For example, to set the switch to 9:45 a.m. on November 17, 2002:
Web: Configuring System Parameters
In the web browser interface, you can enter the following system information:
■System Name
■System Location
■System Contact
Configuring IP Addressing
IP Configuration
IP Configuration Features
Page
Just Want a Quick Start with IP Addressing
setup
ProCurve# setup
# setup
■Select 8. Run Setup in the Main Menu of the menu interface
Menu: Configuring IP Address, Gateway, and Time-To-Live (TTL)
To manually enter an IP address, subnet mask, set the
IP Config
Manual
To use DHCP or Bootp, use the menu interface to ensure that the
Figure 8-1.Example of the IP Service Configuration Screen without Multiple
VLANs Configured
Default Gateway
Default TTL
DHCP/ Bootp
CLI: Configuring IP Address, Gateway, and Time-To
Live (TTL)
IP Commands Used in This Section
Viewing the Current IP Configuration
Syntax: show ip
Page
The fol lowing is supported:
■Up to 2000 IP addresses for the switch
■Up to 32 IP addresses for the same VLAN
■Up to 512 IP VLANs, that is, VLANs on which you can configure IP addresses
Figure 8-4.Example of Configuring and Displaying a Multinetted VLAN
If you then wanted to multinet the default VLAN, you would do the following:
Figure 8-5.Example of Multinetting on the Default VLAN
command to display the full IP address listing for multinetted VLANs
then enter the new address
to replace a manually configured default gateway.)
Syntax: ip default-gateway < ip-address
Web: Configuring IP Addressing
You can use the web browser interface to access IP addressing only if the
switch already has an IP address that is reachable through your network
1. Click on the Configuration tab
on [?] to access the web-basedhelp available for the switch
Table 8-1.Features Available With and Without IP Addressing on the Switch
DHCP/Bootp Operation
the network
servers
DHCP or Bootp
it continues to periodically send request packets, but with decreasing fre
and a Bootp configuration is that an IP address assignment from a DHCP
addressing provided by the server may be different each time the switch
address assignment for the switch by doing either of the following:
Bootp Database Record Entries
/etc/bootptab
8212switch:
ht=ether:
ha=0030c1123456:
Network Preparations for Configuring DHCP/Bootp
■For Bootp operation:
•The necessary network connections are in place
•The Bootp server is accessible from the switch
■For DHCP operation:
Loopback Interfaces
lo0
lo1
lo2
lo3
Configuring a Loopback Interface
interface loopback
Figure 8-6.Example of a Loopback Interface Configuration
lo7
Displaying Loopback Interface Configurations
show ip route
Figure 8-8.Example of show ip route Command Output
IP Preserve: Retaining VLAN-1IP
Addressing Across Configuration File
Downloads
Operating Rules for IP Preserve
ip preserve
Enabling IP Preserve
Figure 8-9.Example of Implementing IP Preserve in a Configuration File
For example, consider figure 8-10:
Figure 8-10.Example of IP Preserve Operation with Multiple Series Switches
Page
To summarize the IP Preserve effect on IP addressing:
Configuring a Single Source IP Address
Specifying the Source IP Address
source-interface
loopback
vlan-id
address
ip-address
The Source IP Selection Policy
show ip source- interface status
Page
Displaying the Source IP Interface Information
Figure 8-17.Example of the Data Displayed for Source IP Interface Status
Figure 8-18.Example of show ip source-interfaceCommand Output
Syntax: show ip source-interfacedetail [radius | tacacs | syslog]
Figure 8-19.Example of Detailed Information Displayed for Each Protocol
Page
Error Messages
Time Protocols
Viewing the Current TimeP Configuration
Configuring (Enabling or Disabling) the TimeP Mode
Notes
■SNTP Time Protocol Operation
■Timep Time Protocol Operation
TimeP Time Synchronization
SNTP Time Synchronization
SNTP provides two operating modes:
Unicast Mode:
sntp server
General Steps for Running a Time Protocol on the Switch:
1.Select the time synchronization protocol: SNTP or TimeP (the default)
TimeP
SNTP: Viewing, Selecting, and
Configuring
Table 9-1.SNTP Parameters
Menu: Viewing and Configuring SNTP
To View, Enable, and Modify SNTP Time Protocol:
1. From the Main Menu, select:
2. Switch Configuration
1. System Information
Figure 9-1.The System Information Screen (Default Values)
SNTP Mode
5.Do one of the following:
Use the Space bar to select the
Broadcast
Server Version
iv.Press [>] to move the cursor to the Poll Interval field, then go to step
Figure 9-3.SNTP Configuration Fields for SNTP Configured with Unicast Mode
Page
Syntax: show management
Configuring (Enabling or Disabling) the SNTP Mode
sntp < broadcast | unicast
Syntax:
Selects SNTP as the time synchronization method
Syntax: sntp broadcast
Configures broadcast as the SNTP mode
broadcast
Time synchronization is in the
■You want to:
1.View the current time synchronization
2.Select SNTP as the time synchronization mode
Page
Figure 9-8.Example of Configuring SNTP for Unicast Operation
Figure 9-9.Example of Specifying the SNTP Protocol Version Number
Changing the SNTP Poll Interval
Syntax: sntp poll-interval< 30..720
For example, to change the poll interval to 300 seconds:
ProCurve(config)# sntp poll-interval300
Syntax: sntp server priority <1 - 3> <ip-address
SNTP Client Authentication
Requirements
SNTP Client Authentication Support
timesync sntp
key-value
SNTP Server Authentication Support
The following must be performed on the SNTP server:
authentication-mode
The no version of the command deletes the authentication key
Default: No default keys are configured on the switch
key-id: A numeric key identifier in the range of 1 4,294,967,295
key-id:
trusted
Enter the following command to configure a key-id as trusted
priority
<version-num>:
Figure 9-13.Example of Associating a Key-Idwith a Specific Server
Enabling SNTP Client Authentication
sntp authentication
Broadcast:
Displaying SNTP Configuration Information
Figure 9-14.Example of SNTP Configuration Information
show sntp authentication
Figure 9-15.Example of show sntp authentication Command Output
sntp statistics
Figure 9-16.Example of SNTP Authentication Statistical Information
Saving Configuration Files and the
Include-CredentialsCommand
include-credentials
show running config
Figure 9-17.Example of Configuration File with SNTP Authentication Information
Page
TimeP: Viewing, Selecting, and
Page
Page
Page
Page
Page
Page
Page
Page
SNTP Unicast Time Polling with Multiple
SNTP Servers
Displaying All SNTP Server Addresses Configured on the Switch
show management
Figure 9-28.Example of How To List All SNTP Servers Configured on the Switch
Menu: Operation with Multiple SNTP Server Addresses
Port Status and Configuration
Page
Viewing Port Status and Configuring Port
Parameters
Port Status and Configuration Features
Transceivers to
Devices
Table 10-1.Status and Parameters for Each Port Type
Page
Menu: Port Configuration
From the menu interface, you can view and change the port configuration
1.Status and Counters
4.Port Status
Figure 10-1.Example of a Switch Port Status Screen
Using the Menu To Configure Ports
2. Port/Trunk Settings
Figure 10-2.Example of Port/Trunk Settings with a Trunk Group Configured
Enabled
[Enter]
CLI: Viewing Port Status and Configuring Port
Parameters
Port Status and Configuration Commands
Viewing Port Status and Configuration
brief:
Figure 10-3.Example of Show Interfaces Brief Command Listing
show interfaces config
Figure 10-4.Example of a Show Interfaces Config Command Listing
Customizing the Show Interfaces Command
custom
Syntax: show interfaces custom [port-list] column-list
Select the information that you want to display. Parameters include:
■port name
■type
■vlan
Figure 10-6.Example of the Custom show interfaces Command
characters and you specify Name:2, the Name field displays 4 characters
line; if you exceed this limit an error displays
Error Messages
show int custom
Viewing Port Utilization Statistics
show interface
port-utilization
Figure 10-7.Example of a Show Interface Port-UtilizationCommand Listing
Viewing Transceiver Status
show tech transceivers
Figure 10-8.Example of Show Tech Transceivers Command
non-operational
Enabling or Disabling Ports and Configuring Port Mode
auto
int
int
For example, to configure port C5 for auto-10-100,enter this command:
ProCurve(config)# int c5 speed-duplex auto-10-100
Enabling or Disabling the USB Port
Figure 10-11.Example of show usb-portCommand Output on version K.14.XX
Behavior of Autorun When USB Port is Disabled
Software Versions K.13.XX Operation
5 volt power to the USB port remains on even after the USB port has been
Enabling or Disabling Flow Control
mode must be set to Auto (the default)
Figure 10-12.Example of Configuring Flow Control for a Series of Ports
Figure 10-13.Example Continued from Figure
Figure 10-14.Example Continued from Figure
Configuring a Broadcast Limit on the Switch
ProCurve(config)#int B1
ProCurve(int B1)# broadcast-limit1
Syntax: broadcast-limit <0-99
broadcast-limit
Configuring ProCurve Auto-MDIX
■10/100-TXxl module ports
■100/1000-Txl module ports
■10/100/1000-Txl module ports
Manual Override
Table 10-2.Cable Types for Auto and Manual MDI/MDI-XSettings
Syntax: interface < port-list > mdix-mode< auto-mdix| mdi | mdix
auto-mdix
mdi
mdix
Syntax: show interfaces config
Lists the current per-port Auto/MDI/MDI-Xconfiguration
Web: Viewing Port Status and Configuring Port
Using Friendly (Optional) Port Names
Show
augments
does not replace
Configuring and Operating Rules for Friendly Port Names
Configuring Friendly Port Names
Syntax: interface < port-list > name < port-name-string
Assigns a port name to port-list
Syntax: no interface < port-list > name
Deletes the port name from port-list
Displaying Friendly Port Names with Other Port Data
To List All Ports or Selected Ports with Their Friendly Port Names
This command lists names assigned to a specific port
Syntax: show name [ port-list ]
Figure 10-19.Example of Friendly Port Name Data for All Ports on the Switch
Including Friendly Port Names in Per-PortStatistics Listings. A
Syntax: show interface < port-number
port-number
Includes the friendly port name with the port’s traffic statistics listing
Figure 10-21.Example of a Friendly Port Name in a Per-PortStatistics Listing
Page
Configuring Transceivers and Modules That Haven’t
Been Inserted
Transceivers
Modules
Syntax: module <module-num>type <module-type
Page
Uni-DirectionalLink Detection (UDLD)
Figure 10-23.UDLD Example
Configuring UDLD
When configuring UDLD, keep the following considerations in mind:
group’s primary port enables the feature on that port only
■ Dynamic trunking is not supported. If you want to configure a trunk
group that contains ports on which UDLD is enabled, you must
Enabling UDLD
Changing the Keepalive Interval
Changing the Keepalive Retries
Configuring UDLD for Tagged Ports
Viewing UDLD Information
link-keepalive
Figure 10-24.Example of Show Link-KeepaliveCommand
show link keepalive statistics
Figure 10-25.Example of Show Link-KeepaliveStatistics Command
To clear UDLD statistics, enter the following command:
ProCurve# clear link-keepalivestatistics
show link keepalive statistics
Configuration Warnings and Event Log Messages
Warning Messages
Table 10-3.Warning Messages caused by configuring UDLD for Tagged Ports
Event Log Messages
Table 10-4.UDLD Event Log Messages
Page
Power Over Ethernet (PoE/PoE+) Operation
Page
Introduction to PoE
PoE Terminology
Page
PoE Operation
Using the commands described in this chapter, you can:
■Enable or disable PoE operation on individual ports
■Monitor PoE status and performance per module
Configure a
PD Support
lower
Power Priority Operation
When Is Power Allocation Prioritized
How Is Power Allocation Prioritized
Configuring PoE Operation
Disabling or Re-EnablingPoE Port Operation
Enabling Support for Pre-StandardDevices
Configuring the PoE Port Priority Level
Syntax: interface < port-list > power-over-ethernet[ critical | high | low ]
•Critical: Specifies the highest-priorityPoE support for
•High: Specifies the second priority PoE support for
Table 11-1.Example of PoE Priority Operation on a PoE Module
PoE Priority With Two or More Modules
Critical
Low
Controlling PoE Allocation
Syntax: [no] int <port-list> poe-allocate-by[usage | class | value]
usage: The automatic allocation by a PD
usage
class:
Manually Configuring PoE Power Levels
poe
allocate-by
value
ProCurve(config)# int A6 poe-allocate-byvalue
Configuring PoE Redundancy (Chassis Switches Only)
Syntax: [no] power-over-ethernetredundancy [n+1 | full]
Allows you to set the amount of power held in reserve for redundancy
The no option means that all available power can be allocated to PDs
Default: No PoE redundancy enforced
Changing the Threshold for Generating a Power Notice
You can configure one of the following thresholds:
Syntax: power-over-ethernet[slot < slot-id-range >] threshold < 1 - 99
[slot
slot-id-range
ProCurve(config)# power-over-ethernetthreshold
Slot B POE usage has exceeded threshold of 70%
Syntax: power-over-ethernet[slot <slot-id-range>]threshold <1 - 99
(Continued)
Slot B POE usage is below threshold of 70%
threshold
ProCurve(config)# power-over-ethernetslot d threshold
PoE/PoE+ Allocation Using LLDP Information
LLDP with PoE
poe-lldp-detect
Displaying the Switch’s Global PoE Power Status
Syntax: s
Displays the switch’s global PoE power status, including:
•Total Remaining Power: The amount of PoE power still available
<port-list>:
Figure 11-3.Example of show power-over-ethernetCommand Output
Displaying PoE Status on All Ports
Yes
usage, class, value)
•Detection Status:
For example, show power-over-ethernetbrief displays this output:
brief
Figure 11-4.Example of show power-over-ethernetbrief Command Output
You can also show the PoE information by slot:
Figure 11-5.Showing the PoE Information by Slot
Displaying the PoE Status on Specific Ports
Syntax: show power-over-ethernet <port-list
•Allocate by: How PoE is allocated (usage, class, value)
A6-A7
Figure 11-6.Example of Show Power-Over-Ethernet< port-list > Output
Planning and Implementing a PoE Configuration
Support
Manuals
Power Requirements
Assigning PoE Ports to VLANs
Applying Security Features to PoE Configurations
Assigning Priority Policies to PoE Traffic
Table 11-3.Classifiers for Prioritizing Outbound Packets
PoE Event Log Messages
“Informational” PoE Event-LogMessages
Slot <slot-id > POE usage is below
configured threshold of < 1 - 99 >%
port <port-id > applying power to PD
“Warning” PoE Event-LogMessages
chassis
Port <port-id > PD Denied power due to insufficient power allocation
Port <port-id> PD Invalid Signature
<port-id
Page
Port Trunking
Page
Figure 12-1.Conceptual Example of Port Trunking
All port trunk links must be point
to-point
non-trunking
Port Security Restriction
re-connect
the ports
L A C P N o t e
Port Trunk Features and Operation
The switches covered in this guide offer these options for port trunking:
■LACP: IEEE 802.3ad—page
■Trunk: Non-Protocol—page
Trunk Configuration Methods
ProCurve(config) int c1-c4lacp active
ProCurve(config)# no int c1-c4lacp
Removes the ports from the trunk
ProCurve(config)# int c1-c4lacp passive
Table 12-2.Trunk Configuration Protocols
Table 12-3.General Operating Rules for Port Trunks
Auto-10
Figure 12-2.Recommended Port Mode Setting for LACP
Dyn1
(for an LACP dynamic trunk) or
Figure 12-3.Example of a Port Trunk in a Spanning Tree Listing
show ip igmp
Important
Menu: Viewing and Configuring a Static Trunk Group
1.Follow the procedures in the Important note above
2.From the Main Menu, Select:
2.Port/Trunk Settings
Figure 12-4.Example of the Menu Screen for Configuring a Port Trunk Group
Figure 12-5.Example of the Configuration for a Two-PortTrunk Group
–LACP
–Trunk (the default type if you do not specify a type)
LACP
Trunk)
CLI: Viewing and Configuring Port Trunk
Groups
Trunk Status and Configuration Commands
Using the CLI To View Port Trunks
Listing Static Trunk Type and Group for All Ports or for Selected
Figure 12-6.Example Listing Specific Ports Belonging to Static Trunks
Figure 12-7.Example of a Show Trunk Listing Without Specifying Ports
Listing Static LACP and Dynamic LACP Trunk Data
Figure 12-8.Example of a Show LACP Listing
Dynamic LACP Standby Links
Using the CLI To Configure a Static or Dynamic Trunk
Configuring a Static Trunk or Static LACP Trunk Group
Syntax: trunk < port-list > < trk1 ... trk144> < trunk | lacp
Configures the specified static trunk type
with the group name of Trk2
ProCurve(config)# trunk c4-c6trk2 trunk
Active
and LACP
passive
without first removing LACP operation from the port.)
Web: Viewing Existing Port Trunk
Trunk Group Operation Using LACP
Auto-100
Auto-1000
10FDx
100FDx
Table 12-4.LACP Trunk Types
Page
Default Port Operation
ProCurve> show lacp
Table 12-5.LACP Port Status Data
LACP Notes and Restrictions
802.1X (Port-BasedAccess Control) Configured on a Port. To main
ProCurve(config)# aaa port-accessauthenticator b1
LACP has been disabled on 802.1x port(s)
ProCurve(config)# int b1 lacp passive
Changing Trunking Methods
Static LACP Trunks
VLANs and Dynamic LACP
Forbid
If you want to use LACP for a trunk on a
Figure 12-11.Blocked Ports with LACP
Half-Duplexand/or Different Port Speeds Not Allowed in LACP
Trunks
■If the port is a 10-gigabitport
■If a port is set to LACP Active, you cannot configure it to HDx
) LACP, but any ports configured as standby LACP links will be ignored
Distributed Trunking
Figure 12-13.Example of Distributed Trunking Configuration
Figure 12-14.Exampleof Distributed Trunking
Distributed Trunking Interconnect Protocol (DTIP)
Configuring Distributed Trunking
ISC Port Configuration
The no form of the command removes the ISC interface configuration
Distributed Trunking Port Configuration
Distributed trunking ports must be configured manually
Displaying Distributed Trunking Information
show lacp distributed
Syntax: show lacp [distributed]
Displays information about distributed trunks and LACP status
Figure 12-16.Exampleof the Output for the show lacp distributed Command
Maximum DT Trunks and Links Supported
Table 12-1.Maximum DT Trunks and Links
Max Number
Forwarding Traffic with Distributed Trunking and
Spanning Tree
Forwarding Broadcast, Multicast, and
Unknown Traffic Upstream
Forwarding Unicast Traffic Downstream (to the Server)
Forwarding Broadcast, Multicast, and Unknown Traffic Downstream (to the Server)
A B
DT1
DT2
Distributed Trunking Restrictions
There are several restrictions with distributed trunking
Only servers are supported as Distributed Trunking Devices (DTDs)
A distributed trunk can span a maximum of two switches
Meshing and DT switches are mutually exclusive
Trunk Group Operation Using the
“Trunk” Option
How the Switch Lists Trunk Data
Dynamic LACP Trunk Group: Appears in the output from the CLI show lacp command
Outbound Traffic Distribution Across Trunked Links
Figure 12-18.Example of Single Path Traffic through a Trunk
Figure 12-19.Example of Port-TrunkedNetwork
Page
Page
Port Traffic Controls
Page
This chapter includes:
Rate-Limiting:
Jumbo Frames:
Rate-Limiting
All Traffic Rate-Limiting
Configuring Rate-Limiting
The mode using bits per second (bps) in releases before K.12.XX has been
replaced by the kilobits per second (kbps) mode. Switches that have config
out —
kbps —
Notes:
The
•Rate-limitingdoes not apply to trunked ports (including meshed ports)
> disable
Displaying the Current Rate-LimitConfiguration
Figure 13-1.Example of Listing the Rate-LimitConfiguration
To view RADIUS-assigned rate-limitinformation, use one of the following
command options:
show port-access
web-basedclients < port-list > detailed
Figure 13-2.Example of Rate-LimitSettings Listed in the “show config” Output
Operating Notes for Rate-Limiting
, regardless of traffic priority
< port-list >: Operation is not allowed for a trunked port
Monitoring (Mirroring)
If monitoring is configured, packets dropped by
Optimum
Optimum
occurs with
ICMP Rate-Limiting
all)
Spoofed Ping:
Guidelines for Configuring ICMP Rate-Limiting
Figure 13-3.Example of ICMP Rate-Limiting
Configuring ICMP Rate-Limiting
kbps
<0-10000000>:
traffic in kilobits per second
0: This value causes an interface to drop all incoming ICMP
traffic, and is not recommended. Refer to the Caution on
Using Both ICMP Rate-Limitingand All-Traffic Rate-Limitingon the Same Interface
The ICMP traffic
If at a given moment:
■Inbound ICMP traffic on port “X” is using 1% of the port’s bandwidth, and
■Inbound traffic of all types on port “X” demands 61% of the ports’s bandwidth
Figure 13-4.Example of Listing the Rate-LimitConfiguration
Interface support:
Page
Page
Determining the Switch Port Number Used in ICMP Port Reset
Commands:
walkmib ifDescr
ProCurve# walkmib ifDescr
ifDescr.48 = B22 ifDescr.49 = B23 ifDescr.50 = B24
Configuring Inbound Rate-Limitingfor Broadcast and Multicast Traffic
Figure 13-6.Example of Inbound Broadcast Rate-limitingof 50% on Port
Figure 13-7.Example of Inbound Multicast Rate-limitingof 20% on Port
To disable rate-limitingfor a port enter the no form of the command
Figure 13-8.Example of Disabling Inbound Multicast Rate-limitingfor Port
■This rate-limitingoption does not limit unicast traffic
■This option does not include outbound multicast rate-limiting
Guaranteed Minimum Bandwidth (GMB)
GMB Operation
Page
fying a minimum bandwidth for a high-priorityqueue but not specifying a
configured to allocate a minimum bandwidth of 80% for outbound high
starves lower-priorityqueues that do not have a minimum configured
but will likely cause delays in the delivery of the lower-prioritytraffic
interface band
width-min
show bandwidth output
Table 13-2.Default GMB Percentage Allocations per QoS Queue Configuration
For more information on queue configuration and the associated default
(QoS): Managing Bandwidth More Effectively” in the Advanced Traffic
” in the
Management Guide for your switch
Configuring Guaranteed Minimum Bandwidth for
%> <queue7%> <queue8%>]
1.Queue 8 (high priority)
2.Queue 7 (high priority)
3.Queue 6 (medium priority)
4.Queue 5 (medium priority)
Page
Displaying the Current Guaranteed Minimum Bandwidth
Configuration
Figure 13-9.Example of Listing the Guaranteed Minimum Bandwidth
Figure 13-10.Example of GMB Settings Listed in the “show config” Output
GMB Operating Notes
Impact of QoS Queue Configuration on GMB commands. Changing
Jumbo Frames
Jumbo Frame:
Jumbo VLAN:
MTU
Maximum Transmission Unit)
Operating Rules
Switch Meshing:
GVRP Operation:
Port Adds and Moves:
Jumbo Traffic Sources:
Configuring Jumbo Frame Operation
Overview
jumbo
Execute
Figure 13-11.Example Listing of Static VLANs To Show Jumbo Status Per VLAN
Syntax: show vlans ports < port-list
Jumbo
Figure 13-12.Example of Listing the VLAN Memberships for a Range of Ports
Syntax: show vlans < vid
Figure 13-13.Example of Listing the Port Membership and Jumbo Status for a
< vid
[no]
Configuring a Maximum Frame Size
GLOBAL
frame-size
configured as
Syntax: jumbo ip-mtu<size
max-frame-size
Default: 9198 bytes
Operating Notes for Jumbo Traffic-Handling
The switch allows flow control and jumbo frame capability to co-existon a port
Figure 13-14.Forwarding Jumbo Frames Through Non-JumboPorts
Troubleshooting
A VLAN is configured to allow jumbo frames, but one or more ports
drops all inbound jumbo frames
speed-duplex
show interfaces brief < port-list
CLI: Viewing and Configuring SNMP Community Names
General Steps for Configuring SNMP Notifications
Configuring an SNMP Trap Receiver
Configuring SNMPv3 Notifications
Managing Network Security Notifications
CLI-ConfiguredsFlow with Multiple Instances
Viewing sFlow Configuration and Status
LLDP-MED (Media-Endpoint-Discovery)
LLDP-MEDTopology Change Notification
Displaying Switch Information Available for Outbound
Using SNMP Tools To Manage the Switch
products index
Network Management
SNMP Management Features
SNMP management features on the switch include:
■SNMP version 1, version 2c, or version 3 over IP
■Security via configuration of SNMP communities (page 14-11)
■Security via authentication and privacy for SNMP Version 3 access
Configuring for SNMP Version 3 Access to the Switch
SNMP Version 3 Commands
SNMP version 3 (SNMPv3) adds some new commands to the CLI for
MD5 authentication and DES privacy
You may (optionally) restrict access to only SNMPv3 agents by using the
the snmpv3 restricted-access command
N o t e :
S N M P
V e r s i o n
I n i t i a l U s e r s
user with SHA authentication and DES privacy
show snmpv3 user
that requires either feature, the user will not be able to access the switch
security group
name to the list of known users with the snmpv3 user command
Figure 14-2.Adding SNMPv3 Users and Displaying SNMPv3 Configuration
SNMPv3 User Commands
Listing Users
Assigning Users to Groups
snmpv3 group
Figure 14-3.Example of Assigning Users to Groups
SNMPv3 Group Commands
Syntax: [no] snmpv3 group
Manager Read View
■Discovery View – Access limited to samplingProbe MIB
Discovery View
SNMPv3 Communities
snmpv3 community
index_name
Figure 14-4.Assigning a Community to a Group Access Level
SNMP Community Features
SNMP
level view, and either restricted or unrestricted write access
compatible with your network
Menu: Viewing and Configuring non-SNMPversion
Figure 14-5.The SNMP Communities Screen (Default Values)
2.Press [A] (for Add) to display the following screen:
Add
Figure 14-6.The SNMP Add or Edit Screen
Need Help
Figure 14-7.Example of the SNMP Community Listing with Two Communities
ProCurve# show snmp-serverpublic
Page
SNMP Notifications
Supported Notifications
■Advance Traffic Management Guide:
•Loop protection
•Spanning Tree (STP, RSTP, MSTP)
■Access Security Guide:
•MAC lockdown
Trap receivers:
trap receiver
Fixed or
host
Syntax: snmp-serverhost <ipv4-addr | ipv6-addr><community name
Table 14-1.Security Levels for Event Log Messages Sent as Traps
with an IP address of 10.28.227.130 to receive only "critical" event log
messages, you can enter the following command:
critical
for the same management station
retries:
request if no SNMP response is received. Default:
before resending the inform request. Default: 15 seconds
The retries and timeout values are not used to send trap requests
retries
timeout
command:
Figure 14-8.Display of SNMPv2c Inform Configuration
Configuring SNMPv3 Notifications
snmpv3 notify
no snmpv3 notify
<notify_name
snmpv3 targetaddress params taglist
snmpv3 targetaddress
params
snmpv3 params
taglist
snmpv3 params user
sec-model
msg-processing
< sec-model< ver1 | ver2c | ver3
ver3
Figure 14-9.Example of an SNMPv3 Notification Configuration
Managing Network Security Notifications
■“Configuring an SNMP Trap Receiver” on page
■“Configuring SNMPv3 Notifications” on page
■Dynamic IP Lockdown hardware resources consumed
enable traps
•login-failure-mgr sends a trap for a failed login with a manager password
•password-change-mgr sends a trap when a manager password is reset
traps
Figure 14-10.Display of Configured Network Security Notifications
Enabling Link-ChangeTraps
link-change
Syntax: [no] snmp-serverenable traps link-change<port-list> [all]
port-list
snmp server
response-source
trap-source
pv6 addr
Default: Interface IP address
loopback
<0-7
Figure 14-11.Display of Source IP Address Configuration
Displaying SNMP Notification Configuration
Use the show snmp-server command to display the currently configured:
■Management stations (trap receivers)
■Settings for network security notifications and link-changetraps
Figure 14-12.Display of SNMP Notification Configuration
Configuring Listening Mode
Advanced Management: RMON
The following RMON groups are supported:
■Ethernet Statistics (except the numbers of packets of different frame sizes)
■Alarm
■History (of the supported Ethernet statistics)
no sflow
Viewing sFlow Configuration and Status
status via the CLI
Syntax: show sflow agent
Syntax: show sflow <receiver instance> destination
show sflow agent
ProCurve# show sflow agent
Version
1.3;HP;K.11.40
Agent Address
instance
[port-list]
ProCurve# show sflow 2 sampling-polling A1-A4
Port
| Sampling
LLDP (Link-LayerDiscovery Protocol)
Provides an extension to LLDP and is designed to support VoIP deployments
enabled as a prerequisite to LLDP-MEDoperation
An SNMP utility can progressively discover LLDP devices in a network by:
Adjacent Device: Refer to “Neighbor or Neighbor Device”
Adjacent Device:
Advertisement: See LLDPDU
Active Port:
LLDP: Link Layer Discovery Protocol:
LLDP:
LLDP Neighbor:
LLDPDU (LLDP Data Unit):
LLDP-MED(Link Layer Discover Protocol Media Endpoint
MIB
ten-digit
General LLDP Operation
LLDP-MED
Packet Boundaries in a Network Topology
14-42)
Enable or Disable
LLDP-MED
Change the Frequency of LLDP Packet Transmission to Neighbor
Devices
Transmit and Receive Mode
Page
Remote Management Address
Debug Logging
debug lldp
Options for Reading LLDP Information Collected by the Switch
■Using the walkmib command to display a listing of the LLDP MIB objects
LLDP and LLDP-MEDStandards Compatibility
The operation covered by this section is compatible with these standards:
■IEEE P802.1AB
LLDP Operating Rules
Port Trunking
xxx.xxx.xxx.xxx: This IP address is not configured or is a DHCP address
Spanning-Tree
Blocking
Configuring LLDP Operation
show lldp config
[no] lldp run
lldp refresh-interval
lldp holdtime-multiplier
show lldp config
Figure 14-16.Example of Viewing the General LLDP Configuration
Displaying Port Configuration Details. This command displays the port
specific configuration, including
Syntax show lldp config < port-list
Displays the LLDP port-specificconfiguration for all ports in
Figure 14-17.Example of Per-PortConfiguration Display
delay-interval
holdtime-multiplier
holdtime-interval
ProCurve(config)# lldp holdtime-multiplier2
Changing the Delay Interval Between Advertisements Generated by
Syntax setmib lldpTxDelay.0 -i< 1 - 8192
Inconsistent value
Figure 14-18.Example of Changing the Transmit-DelayInterval
Syntax setmib lldpReinitDelay.0 -i< 1 - 10
ProCurve(config)# setmib lldpreinitdelay.0
Configuring SNMP Notification Support
Enabling LLDP Data Change Notification for SNMP Trap Receivers
Syntax [ no ] lldp enable-notification< port-list
port-list
For example, this command enables SNMP notification on ports 1 - 5:
ProCurve(config)# lldp enable-notification
tx_rx
Mandatory Data
■Chassis Type (TLV subelement)
■Chassis ID (TLV)
■Port Type (TLV subelement)
■Port ID (TLV)
Optional Data
■port description (TLV)
■system name (TLV)
■system description (TLV)
■system capabilities (TLV)
Configuring Support for Port Speed and Duplex
Advertisements
Syntax: [ no ] lldp config < port-list > dot3TlvEnable macphy_config
LLDP-MED (Media-Endpoint-Discovery)
■plug-and-playprovisioning for MED-capable,VoIP endpoint devices
simplified
■detailed VoIP endpoint data inventory readable via SNMP from the switch
Figure 14-19.Example of LLDP-MEDNetwork Elements
LLDP-MED
Endpoint Support
able to use the following network policy elements configured on the client port
•voice VLAN ID
•802.1p (Layer 2) QoS
•Diffserv codepoint (DSCP) (Layer 3) QoS
■discover and advertise device location data learned from the switch
Operational Support
LLDP-MEDTopology Change Notification
Page
LLDP-MEDFast Start Control
(Range: 1 - 10 seconds; Default: 5 seconds)
Advertising Device Capability, Network Policy, PoE Status and Location Data
■LLDP-MEDcapabilities: This TLV enables the switch to determine:
•whether a connected endpoint device supports LLDP-MED
dot3TlvEnable macphy_config command on page
Network Policy Advertisements. Network policy advertisements are
Network Policy Advertisements
intended for real-timevoice and video applications, and include these TLV
subelements:
Enabling or Disabling medTlvEnable. In the default LLDP-MED
configuration, the TLVs controlled by medTlvEnable are enabled
Syntax: [ no ] lldp config < port-list > medTlvEnable < medTlv
medTlv
Enables or disables advertisement of the following TLVs on the specified ports:
Page
PoE Advertisements
power type:
power source
power priority:
power value:
ELIN (Emergency Location Identification Number):
coordinate-based
location:
Syntax: [ no ] lldp config < port-list > medPortLocation < Address-Type
Address-Type
— Continued—
•3 = city
•6 = street (name)
•25 = building name (Range: 0 - 255)
For a sample listing of CA-TYPE specifiers, refer to table 14-4on page
Configuring Coordinate-BasedLocations. Latitude, longitude, and
the application. A further source of information on this topic is RFC 3825
Dynamic Host Configuration Protocol Option for Coordinate-based
Location Configuration Information
dependent. Refer to the documentation provided with the endpoint device
Table 14-4.Some Location Codes Used in CA-TYPEFields
Location Element
Code
Figure 14-20.Example of a Civic Address Configuration
Displaying Advertisement Data
Displaying Switch Information Available for Outbound
Syntax show lldp info local-device[ port-list ]
•PortType
•PortId
•PortDesc
lldp config
Displaying the Current Port Speed and Duplex Configuration on a
Page
Figure 14-23.Example of a Global Listing of Discovered Devices
Displaying LLDP Statistics
Syntax show lldp stats [ port-list ]
Global LLDP Counters:
Shows the elapsed time since a neighbor was last added or deleted
“Neighbor Maximum” on page
NumFramesRecvd:
< port- list
NumFramesSent:
NumFramesDiscarded:
Frames Invalid:
LLDP Operating Notes
Neighbor Maximum
LLDP Packet Forwarding:
LLDP advertises only one IP address
even if multiple IP addresses are configured by
> ipAddrEnable
on a given port
LLDP and CDP Data Management
LLDP and CDP Neighbor Data
Page
CDP Operation and Commands
SNMP utility
enabled/disabled both globally on the switch and on a per-portbasis
Syntax: show cdp
Lists the switch’s global and per-portCDP configuration
The following example shows the default CDP configuration
Figure 14-28.Example of Show CDP with the Default CDP Configuration
Page
Syntax: [no] cdp run
Enables or disables CDP read-onlyoperation on the switch. (Default: Enabled)
For example, to disable CDP read-onlyon the switch:
ProCurve(config)# no cdp run
When CDP is disabled:
Page
Redundancy (Switches 8200zl)
Disabling Redundancy with Two Modules Present
Disabling Redundancy With Only One Module Present
Page
Secondary Image
Selftest
Switchover
How the Management Modules Interact
Using Redundant Management
Displaying Redundancy Status
Enabling or Disabling Redundant Management
You can enable or disable redundant management using this command:
Syntax: [no] redundancy management-module
Figure 15-2.Example of Enabling Redundancy
command displays “Mgmt Redundancy” as disabled. The standby
2 remains the active management module
ProCurve recommends that you leave redundancy enabled. If the active
over and may have an old configuration since file synchronization has not
Directing the Standby Module to Become Active
redundancy switchover
Figure 15-4.An Example of the Redundancy Switchover Command
Setting the Active Management Module for Next Boot
The <specified module> is not present or is in failed state
Figure 15-5.Setting a Management Module to be Active on the Next Boot
active-management
Page
Enabling and Disabling Fabric Modules
Syntax: redundancy fabric-module[1 | 2] [enable | disable]
Figure 15-7.Example of Disabling a Fabric Module
Management Module Switchover
Events that Cause a Switchover
MM Rese
MM Shutdown
boot active
Resetting the Management Module
MM Reset
Figure 15-8.The MM Reset Button on the 8200zl Management Module
Hotswapping Management Modules
Hotswapping Out the Active Management Module
MM Shut down
Figure 15-9.The MM Shutdown Button
When the Standby Module is not Available
Hotswapping In a Management Module
■ The hotswapped module must pass selftest
no redundancy
management-module
Software Version Mismatch Between Active
Downloading a New Software Version
File Synchronization after Downloading
Table 15-1.Example of Upgrading Software Version K.12.03 to Version K.12.04
Potential Software Version Mismatches
After Downloading
Figure 15-10.Booting the Standby Management Module to Secondary Flash
If you have booted one module out of primary flash and one module out of
and Hotswapped Module” on page 15-16 for more information
Additionally, if a switchover occurs, or if you reboot to make the standby
standby module
When you enter the show redundancy command and a software version
Page
Turning Off Redundant Management
Disabling Redundancy with Two Modules Present
Next Boot” on page
in the event of a hardware failure of the first management module
Figure 15-12 shows that redundant management was disabled
Disabling Redundancy With Only One Module Present
ProCurve(config)# redundancy management-module
ProCurve(config)# redundancy active-managementstandby
The standby management module becomes the active management module
Displaying Management Information
Active Management Module Commands
Show Modules
■System Support Modules (SSM)—identification,including serial number
Mini-GBICS—a
Figure 15-14.Example of show redundancy Command
Show Flash
Figure 15-15.Example of Show Flash Command
Show Version
Figure 15-16.Example of Show Version Command when Redundancy is Enabled
Figure 15-17.Example of show version Command when Redundancy is Disabled
Show Log
show log -r
Figure 15-18.An Example of the Show Log Command Output
Standby Management Module Commands
Figure 15-19.Example of Show Redundancy Command for Standby Module
Figure 15-20.Example of Show Flash Command for Standby Module
Figure 15-21.Example of Show Version Command for Standby Module
Existing CLI Commands Affected by Redundant Management
Several existing commands have changes related to redundant management
Boot Command
The boot command has these options
Page
Figure 15-23.Example Showing boot Command with Default Flash set to Secondary
files can be specified as the default boot policy. For more information on
multiple configuration files and how they are used, see “Multiple
this guide
Setting the Default Flash for Boot
Syntax: boot set-defaultflash <primary | secondary
primary:
secondary:
Reload Command
routine
Figure 15-25.Example of Reload Command with Redundancy Enabled
Additional Commands Affected by Redundant
Management
The other existing commands operate with redundant management as shown below
Page
Using the Web Browser for Redundant
Management
Using the ProCurve Web Browser Interface
Identity Page
Overview Page
■Which module is the active module and which is the standby module
■Version of software running on each management module
■The SystemUp Time since the last reboot
Redundancy Status Page
Device View Page
Device View
Configuration
Figure 15-29.Device View Showing Two Management Modules
Management Module LED Behavior
Active (Actv) LED Behavior
Figure 15-30.The Actv LED on the Management Module
Table 15-2.Actv (Active) LED Behavior for Management Modules
Standby Led Behavior
Logging Messages
Log File
Syntax: show logging
Displays log events
show logging
Crash Files
crash-log
and copy
crash-data
slot-id:
Figure 15-32.An Example of the System Boot Log File
Notes on How the Active Module is Determined
The entire boot decision process works as follows:
1.If there is only one management module, that is the active management module
Diagram of Decision Process
Figure 15-33.Active Module Decision Flow Chart at Boot
Event Log Messages
Page
Page
File Transfers
TFTP: Copying a Software Image to a Remote Host . . . . . . . . . A-27
Serially Connected PC or UNIX Workstation . . . . . . . . . . . . . . . A-27
USB: Copying a Software Image to a USB Device . . . . . . . . . . . A-28
USB: Copying a Configuration File to a USB Device . . . . . . . . . A-34
USB: Copying a Configuration File from a USB Device . . . . . . A-34
A-3
Downloading Switch Software
A-4
General Software Download Rules
Using TFTP To Download Software from a Server
■The TFTP server is accessible to the switch via IP
Before you use the procedure, do the following:
A-5
Download OS
Figure A-1.Example of a Download OS (Software) Screen (Default Values)
TFTP Server
ecute
Figure A-2.Example of the Download OS (Software) Screen During a Download
Validating and writing system software to FLASH
b.Check the Firmware revision line
Figure A-3.Example of Message for Download Failure
A-7
show log tftp
Remote File Name
Figure A-4.Example of the Command to Download an OS (Switch Software)
Validating and Writing System Software to FLASH …
Boots from the selected flash
(For more on these commands, refer to “Rebooting the Switch” on page 6-19.)
To confirm that the software downloaded correctly, execute
no tftp
client
server
Menu interface “Download OS” screen become unavailable
switch’s configuration
boot system flash primary
Syntax: auto-tftp <ip-addr > <filename
auto tftp
Using Secure Copy and SFTP
SCP channels
third-partyapplication software client that supports the SFTP and/or SCP
functions. Some examples of software that supports SFTP and SCP are
differences in the way these clients work, so be sure you also download the
The SCP/SFTP Process
Disable TFTP and Auto-TFTPfor Enhanced Security
; J8697 Configuration Editor; Created on release #K.11.XX
hostname "ProCurve" module 1 type J8702A module 2 type J702A vlan
name "DEFAULT_VLAN" untagged A1-A24,B1-B24
Figure A-5.Example of Switch Configuration with SFTP Enabled
Operating rules are:
A-14
Figure A-6.Using the Menu Interface To Disable TFTP
While SFTP is enabled, TFTP and
SFTP must be disabled before enabling tftp
SFTP must be disabled before enabling auto-tftp
Command Options
$HOME/.ssh/known_hosts
SCP/SFTP Operating Notes
IP file transfer not enabled on the switch
A-16
Page
Troubleshooting SSH, SFTP, and SCP Operations
SFTP clients will print out on their console
in use to display them on the user console
Broken SSH Connection. If an ssh connection is broken at the wrong
Broken SSH Connection
(SSH, SCP, or SFTP)
A-18
ssh: read error Bad file number, session aborted I 01
01/90 00:06:11 00636 ssh: sftp session from
::ffff:10.0.12.35 W 01/01/90 00:06:26 00641 ssh:
01/90 00:09:54 00637 ssh: scp session from
::ffff:10.0.12.35 W 01/01/90
Using Xmodem to Download Switch Software From a PC or UNIX Workstation
The switch is connected via the Console
■The switch software is stored on a disk drive in the PC
Send File
ransfer
Continue reboot of system? : No
1.General System Information
Firmware revision
Using USB to Transfer Files to and from the Switch
Auxiliary Port
dir
■ The USB port supports connection to a single USB device. USB hubs to
add more ports are not supported
Release Notes for information on supported devices
Using USB to Download Switch Software
Switch-to-SwitchDownload
A-24
Menu: Switch-to-SwitchDownload to Primary Flash
7. Download OS
/os/secondary
Downloading from Primary Only
Syntax: copy tftp flash < ip-addr > flash [ primary | secondary ] [oobm]
A-26
Using PCM+ to Update Switch Software
Copying Software Images
Using the CLI commands described in this section, you can copy software
images from the switch to another device using tftp, xmodem, or usb
flash, refer to Chapter 6, “Switch Memory and Configuration”
TFTP: Copying a Software Image to a Remote Host
Transferring Switch Configurations
Using the CLI commands described in this section, you can copy switch
replace an ACL in the switch configuration
described in the section on Using Secure Copy and SFTP on page A-12
keys, and other security credentials in the running config file. For more
sw8200
ProCurve# copy startup-configtftp 10.28.227.105 d:\configs\sw8200
A-30
ProCurve# copy tftp startup-config10.28.227.105 d:\configs\sw8200
TFTP: Copying a Customized Command File to a Switch
show-tech
show tech custom
A-31
Syntax: copy tftp show-tech<ipv4 or ipv6 address> <filename> [oobm]
Copy a customized command file to the switch
Figure A-10.Example of Using the copy tftp show-techCommand to Upload a
Customized Command File
Syntax: show tech custom
Executes the commands found in a custom file instead of the hard-codedlist
Figure A-11.Example of the show tech custom Command
Page
A-34
USB: Copying a Configuration File to a USB Device
For example, to copy the startup configuration file to a USB flash drive:
Procurve# copy startup-configusb procurve-config
procurve-config
USB: Copying a Configuration File from a USB Device
Transferring ACL Command Files
TFTP: Uploading an ACL Command File from a TFTP Server
Syntax: copy tftp command-file< ip-addr > < filename.txt > < unix | pc > [oobm]
filename
<ip-addr > = The IP address of a TFTP server available to the switch
vlan10_in.txt
2.Copied the file to a TFTP server at
ProCurve(config)# copy tftp command-file18.38.124.16 vlan10_in.txt pc
The switch displays this message:
Running configuration may change, do you want to continue [y/n]
Xmodem: Uploading an ACL Command File from a Serially
Connected PC or UNIX Workstation
Syntax: copy xmodem command-file< unix | pc
USB: Uploading an ACL Command File from a USB Device
Syntax: copy usb command-file< filename.txt > < unix | pc
USB
■Serially connected PC or UNIX workstation via Xmodem
Xmodem
A-39
Copying Command Output to a Destination Device
Figure A-13.Example of Sending Command Output to a File on an Attached PC
A-40
Copying Event Log Output to a Destination Device
copy event-logxmodem <filename
For example, to copy the event log to a PC connected to the switch:
Figure A-14.Example of Sending Event Log Content to a File on an Attached PC
Copying Crash Data Content to a Destination Device
A-41
copy crash-data [<slot-id | mm>] xmodem
For example, to copy the switch’s crash data to a file in a PC:
Figure A-15.Example of Copying Switch Crash Data Content to a PC
When you are using redundant management, the
Page
Page
Enabling or Disabling the USB Port
Figure A-17.Example of show usb-portCommand Output on version K.13.59 and later
Figure A-18.Example of show usb-portCommand Output on version K.14.XX
Behavior of Autorun When USB Port is Disabled
Software Versions K.13.XX Operation
Software Version K.14.XX Operation
A-46
Using USB Autorun
The overall USB autorun solution requires the following components:
The network management application
ProCurve Manager Plus
■A non-proprietaryUSB flash drive
2.Deploy the AutoRun file to a USB flash drive
(If the AutoRun file has been signed or encrypted) Enable
5.Insert the USB flash drive into the switch’s USB auxiliary port
6.Remove the USB device from the USB port
(Optional) Transfer the ‘result file’ and ‘report file’ to a
AutoRun Status Files
Report file(s) (.xml
Result file(s) (.txt
Manager documentation for details)
been executed after the USB flash drive was removed from the switch
Configuring Autorun on the Switch
Syntax: [no] autorun [encryption-key <key-string>| secure-mode]
Enables/disables USB autorun on the switch
Use the secure-mode keyword to enable or disable secure mode for autorun
Default: Enabled (or Disabled if a password has been set)
crypto key zeorize autorun
Autorun and Configuring Passwords
autorun
Viewing Autorun Configuration Information
show autorun
Monitoring and Analyzing Switch Operation
B-26
B-27
B-29
B-32
B-33
Page
Status:
■Counters: Display details of traffic volume on individual ports (page B-15)
Counters:
Event Log
Configurable trap receivers:
Status and Counters Data
to the console. Telnet access to the switch is available in the Device View
window under the Configuration tab
Menu Access To Status and Counters
1. Status and Counters
Figure B-1.The Status and Counters Menu
General System Information
Menu Access
Figure B-2.Example of General Switch Information
CLI Access to System Information
Figure B-3.Example of Command Results for show system chassislocate
Command
Figure B-4.Example of System Fan Status
Figure B-5.Example of Switch System Information
Task Monitor—CollectingProcessor Data
task-monitor
cpu
taskusage
taskUsageShow
Switch Management Address Information
1 Status and Counters …
2. Switch Management Address Information
This screen displays addresses that are important for management of the
address for the entire switch. Refer to the online Help for details
existing on the switch as a result of GVRP operation.)
chapter of the Advanced Traffic Management Guide for your switch
chapter of the
Module Information
Menu: Displaying Port Status
1.Status and Counters …
3.Module Information
Figure B-8.Example of Module Information in the Menu Interface
show modules
Figure B-9.Example of the show modules Command Output
does not display as the ports are fixed and not part of any module
Port Status
B-14
Figure B-11.Example of Port Status on the Menu Interface
Web Access
1.Click on the Status tab
Viewing Port and Trunk Group Statistics and Flow Control Status
B-15
■A detailed summary of traffic on a selected port or trunk group
You can also reset the counters for a specific port
“snapshot” of port or trunk group statistics at a particular moment
N o t e o n R e s e t
does not affect the cumulative values in the actual hardware counters. (In
to the accumulated values in the hardware counters
B-16
Menu Access to Port and Trunk Statistics
4.Port Counters
Figure B-12.Example of Port Counters on the Menu Interface
how Details
Figure B-13.Example of the Display for Show details on a Selected Port
Reset
To Display the Port Counter Summary Report
To Display a Detailed Traffic Summary for Specific Ports
To Reset the Port Counters
clear statistics global
clear statistics
Viewing the Switch’s MAC Address Tables
These features help you to view:
■The port on which each MAC address was learned
Menu Access to the MAC Address Views and Searches
B-19
Page
Page
CLI Access for MAC Address Views and Searches
Spanning Tree Protocol (MSTP) Information
CLI Access to MSTP Data
Syntax: show spanning-tree
Figure B-17.Output from show spanning-treeCommand
B-23
Internet Group Management Protocol (IGMP) Status
For example, suppose that show ip igmp listed an IGMP group address of
224.0.1.22.You could get additional data on that group by executing the
following:
Figure B-18.Example of IGMP Group Data
VLAN Information
The switch uses the CLI to display the following VLAN status:
For example, suppose that your switch has the following VLANs:
Ports
VLAN
Listing the VLAN ID (VID) and Status for Specific Ports
Figure B-20.Example of VLAN Listing for Specific Ports
Listing Individual VLAN Status
Figure B-21.Example of Port Listing for an Individual VLAN
Web Browser Interface Status Information
Figure B-22.Example of a Web Browser Interface Status Overview Screen
Traffic Mirroring
Traffic mirroring provides the following benefits:
■Allows you to monitor the traffic flow on specific source interfaces
Mirroring destinations
local
C o n f i g u r a t i o n N o t e s
Tr a f f i c
S e l e c t i o n
Selecting mirrored traffic
inbound and outbound
Mirroring Terminology
local mirroring session
A remote mirroring session means that:
means that:
•The monitored interface (A1) and exit port (B7) are on different switches
Figure B-23.Local and Remote Sessions Showing Mirroring Terms
Destination :
Exit Port
Host
Direction-Based
IDS:
ing session are on the same switch
source switch on which the inbound and/or outbound traffic to be mir
rored originates, configured with one of the interface monitor or vlan
interface monitor
Mirrored Traffic Destinations
Local Destinations
Remote Destinations
remote
■ 3500yl
Criteria for Selecting Mirrored Traffic
Mirroring Session Limits
Mirroring Sessions
■You can reduce the risk of oversubscribing a single exit port by:
•Directing traffic from different session sources to multiple exit ports
Mirroring Configuration
Table B-1.Mirroring Configuration Options
Using the CLI, you can configure all mirroring options on a switch
except
Remote Mirroring Endpoint and Intermediate Devices
The exit port for a mirroring destination must be an individual port, and
■A switch mirrors traffic on static trunks, but not on dynamic LACP trunks
Migration to Release K.12.xx
■A legacy mirroring configuration on a port or VLAN interface maps to session
Traffic-selection
and
■In a legacy mirroring configuration, a local exit port is applied to session
Figure B-24.Mirroring Configuration in “show run” Output in Release K.13.xx
mirror
name
"test-10"remote ip 10.10.10.1 8010
class ipv4 “100MirrorClass”
Using the Menu or Web Interface To Configure Local Mirroring
Menu and Web Interface Limits
■any combination of source port(s), trunk(s), and/or a mesh
■one static, source VLAN interface
The Menu and Web interfaces also have these limits:
3. Network Monitoring Port
Figure B-26.The Default Network Mirroring Configuration Screen
Monitoring Port
Figure B-27.How To Select a Local Exit Port
Ports: Use for mirroring ports, static trunks, or the mesh
Ports:
VLAN: Use for mirroring a VLAN
7.Do one of the following:
Action
CLI: Configuring Local and Remote Mirroring
■The same switch as the source interface (local mirroring)
■ “Local Mirroring Overview” on page B-44
■ “Remote Mirroring Overview” on page B-46 (The remote switch must be
chapter.)
name
command to configure the session
B-44
Page
Configure a Mirroring Policy to Select Inbound Traffic (Page B-66)
class < ipv4 | ipv6 > < classname
classname
[no] [seq-number]< match | ignore > < ip-protocol > < source-address
precedence
Caution
Configure the Mirroring Destination on a Remote Switch (Page B-50):
IP Address and UDP Port on Source Switch
IP Address and Exit Port on Remote Switch
mirror endpoint ip
> port
1. Determine the Mirroring Session and Destination
or leaves the source switch
■ The unique UDP port number to use for the session on the source switch
(The recommended port range is from 7933 to 65535.)
these port numbers for mirroring can result in an interruption of other IP
2.Configure a Mirroring Destination on a Remote Switch
Configuring a Destination Switch in a Remote Mirroring Session
B-50
no mirror endpoint ip < src-ip > < src-udp-port > < dst-ip
This command is used on a destination switch to configure
Caution:
mirroring endpoint support for a given session if there are
source switches currently configured to mirror traffic to the
endpoint
address you configure on the source switch for the remote
3.Configure a Mirroring Session on the Source Switch
B-52
For a local mirroring session, enter the
mirror port
“1. Determine the Mirroring Session and Destination” on page
B-49
Syntax: mirror < 1 - 4 > port < exit-port-# > [name < name-str >]
no mirror < 1- 4
src-ip
4.Configure the Monitored Traffic in a Mirror Session
Traffic Selection Options
■Interface type
•Port, trunk, and/or mesh
•VLAN
K.14.01 and greater
Only inbound IPv4 or IPv6 traffic selected with a
■“Selecting All Inbound/Outbound Traffic to Mirror” on page B-57
■“Selecting Inbound Traffic Using an ACL (Deprecated)” on page B-62
■“Selecting Inbound/Outbound Traffic Using a MAC Address” on page B-63
Selecting All Inbound/Outbound Traffic to Mirror
Port Interface with Traffic Direction as the Selection Criteria
port/trunk/mesh
monitor all < in | out | both >: For the interface specified by
in: Mirrors entering traffic
out: Mirrors exiting traffic
out
both: Mirrors traffic entering and exiting
no-tag-added
Figure B-28.Mirroring Commands with the no-tag-addedOption
ProCurve# show monitor
The MIB object hpicfBridge- DontTagWithVlan is used to implement the
no-tag-added
Operating Notes
Cannot monitor more than one logical port with no-tag-addedoption
vlan
Uses the direction of traffic on the specified
to select traffic to mirror. Refer to the syntax description on
B-57
(If you enter the
Selecting Inbound Traffic Using an ACL (Deprecated)
Selecting Inbound/Outbound Traffic Using a MAC Address
src
dest
no monitor mac
dest mirror
monitor mac
mirror 1 2 3 traffsrc4
[name
R e s t r i c t i o n s
monitor mac 111111-222222src mirror
monitor mac 111111-222222dest mirror
Selecting Inbound Traffic Using Advanced
Classifier-BasedMirroring
■Support for mirroring both IPv4 and IPv6 traffic
The ability to
■The mirroring of outbound traffic exiting the switch
■The use of meshed ports as monitored (source) interfaces
If a mirroring session is configured to use a
Classifier-BasedMirroring Configuration
B-67
Context:
Syntax: [no] class < ipv4 | ipv6 > <classname
ignore
default-class
Page
session
Prerequisite
class action
session-number
Restriction
action
Advanced Traffic Manage ment Guide
a port or VLAN interface, the switch immediately starts to use the traffic
selection criteria and exit port to mirror traffic to the destination device
connected to each exit port
no interface
no vlan
a1, b4, d3
a1-a5
■show class < class-name
■show policy < mirror-policy-name
show policy
■show policy resources
show statistics policy
B-74
Applying Multiple Mirroring Sessions to an Interface
All inbound and outbound traffic on Ports b1, b2, and b3 is mirrored in session
■Only selected voice traffic on Port b1 is mirrored in session
Figure B-32.Example of Applying Multiple Sessions to the Same Interface
B-75
Displaying a Mirroring Configuration
Displaying All Mirroring Sessions Configured on the Switch
Syntax: show monitor
Mirroring is currently disabled
Sessions: Lists the four configurable sessions on the switch
Sources:
Policy:
UDP Source Addr:
UDP port:
UDP Dest Addr:
show monitor
| name
Type:
show monitor endpoint
ProCurve(config)# show monitor endpoint
Session:
Session Name: Displays the name of the session, if configured
Session Name:
Mirroring Destination:
Direction:
Figure B-35.Configuring a Remote Mirroring Session and Monitored Source
ProCurve_8200(config)# show monitor
Session: 2 Session Name: test-10
Policy: no policy relationship exists
Figure B-38.Displaying a MAC-basedMirroring Session
■Session number:
■Session name: Detail
■Mirrored traffic is sent to exit port B3
Session: 1 Session Name: Detail
Displaying Information on a Classifier-BasedMirroring Session. In
mirrorAdminTraffic
roCurve(config
Source
Figure B-41.Displaying a Classifier-basedPolicy in a Local Mirroring Session
Figure B-42.“show class” Output for a Mirroring Policy
Figure B-43.“show policy” Output for a Mirroring Policy
Figure B-44.“show statistics policy” Output for a Mirroring Policy
Displaying Resource Usage for Mirroring Policies
Syntax: show policy resources
show qos resources
access-list
B-85
Viewing the Mirroring Configurations in the Running
Configuration File
;J8697A Configuration Editor; Created on release #K.12.XX max-vlans300
no ip address exit
Figure B-47.Displaying Remote Mirroring Endpoints in the Running Configuration
B-86
Mirroring Configuration Examples
Example: Local Mirroring Using Traffic-DirectionCriteria
1.Configure the local mirroring session, including the exit port
2.Configure the monitored source interfaces for the session
Figure B-48.Local Mirroring Topology
Figure B-50.Sample Topology in a Remote Mirroring Session
Switch-C(config)#mirror
10.10.10.119 930010.10.30.2 port a15
Switch-C(config)#mirror endpoint 10.10.20.145930010.10.30.2 port a15
B-88
Figure B-52.Configuring a Classifier-BasedPolicy on Source Switch A
4.On source switch B, repeat Steps 2 and 3:
B-89
Switch-B(config)#vlan 20 service-policymirrorTCP in
Figure B-53.Configuring a Classifier-BasedPolicy on Source Switch B
Example: Remote Mirroring Using Traffic-DirectionCriteria
B-90
Figure B-54.Sample Topology for Remote Mirroring from a Port Interface
Switch-C(config)#mirror endpoint ip 10.10.10.119
port b10
Figure B-55.Configuring a Remote Mirroring Endpoint
mirror 2 remote ip 10.10.10.119 9400
Maximum Supported Frame Size
The IPv4 encapsulation of mirrored traffic adds a 54-byteheader to each
sion Unit) allowed in the network, the frame is dropped
dropped. Also, remote mirroring does not allow downstream devices in a
mirroring path to fragment mirrored frames
Table B-2.Maximum Frame Sizes for Mirroring
B-93
Effect of Downstream VLAN Tagging on Untagged
Mirrored Traffic
Figure B-57.Effect of Downstream VLAN Tagging on the MTU for Mirrored Traffic
B-94
Operating Notes for Traffic Mirroring
Mirroring and Spanning Tree:
Tagged and Untagged Frames:
no
tag-added
Inbound Mirrored IPv4-EncapsulatedFrames are Not Mirrored:
Switch Operation as Both Destination and Source:
< port > monitor
B-96
Troubleshooting Traffic Mirroring
• The configured remote exit port must not be a member of a trunk or mesh
source to the destination
• On the remote destination (endpoint) switch, the IP addresses of the
remote exit port and the switch can belong to different VLANs
B-98
Troubleshooting
Example of Event Counter Operation
Displaying a Debug/Syslog Configuration
C-2
DNS Resolver
Page
Troubleshooting Approaches
Use these approaches to diagnose switch problems:
Check the switch LEDs for indications of proper switch operation:
Use ProCurve Manager to help isolate problems and recommend solu tions
•Port Utilization Graph
Browser or Telnet Access Problems
Cannot access the web browser interface:
2. Switch Configuration …
2.Switch Management Address Information
also check the DHCP/Bootp server configuration to verify correct IP addressing
Cannot Telnet into the switch console from a station on the network:
Inbound Telnet Enabled
Unusual Network Activity
General Problems
The network runs slow; processes fail; users cannot access servers or
other devices
•Turn on Spanning Tree Protocol to block redundant links (i.e. topology loops)
802.1Q Prioritization Problems
Ports configured for non-defaultprioritization (level 1 - 7) are not
performing the specified action
ACL Problems
C-9
Figure C-1.Indication that Routing Is Enabled
management access
If you need to configure IP routing, execute the ip routing command
ip routing
itself. Also, the switch applies assigned ACLs only at the point where
Error (Invalid input) when entering an IP address
Figure C-2.Examples of Correctly and Incorrectly Specifying a Single Host
Apparent failure to log all “Deny” Matches
log
deny any
Routing Through a Gateway on the Switch Fails
Remote Gateway Case
Figure C-3.Example of ACE Blocking an Entire Subnet
C-12
Figure C-4.Example of Inadvertently Blocking a Gateway
Local Gateway Case
2.Permit authorized traffic
3.Deny any unauthorized traffic that you have not already denied in step
C-13
IGMP-RelatedProblems
LACP-RelatedProblems
Port-BasedAccess Control (802.1X)-RelatedProblems
The supplicant statistics listing shows multiple ports with the same
authenticator MAC address
The
802.1X is not active on the switch. After you execute
, all ports configured with
RADIUS server fails to respond to a request for service, even though
show radius
key. If the switch already has a
Figure C-6.Displaying Encryption Keys
show port- access authenticator
QoS-RelatedProblems
Radius-RelatedProblems
The switch does not receive a response to RADIUS authentication
Figure C-7.Examples of Global and Unique Encryption Keys
Spanning-TreeProtocol (MSTP) and Fast-Uplink
Problems
tunity to evaluate MSTP performance in your network. Because incorrect
Broadcast Storms Appearing in the Network. This can occur when
the loop to be detected
SSH-RelatedProblems
pub-key
file
PEM-formatted
key into an
Page
TACACS-RelatedProblems
Event Log
tacacs-server
C-22
■The account has expired
aaa authentication
num-attempts
C-23
TimeP, SNTP, or Gateway Problems
The Switch Cannot Find the Time Server or the Configured Gateway
VLAN-RelatedProblems
Monitor Port
None of the devices assigned to one or more VLANs on an 802.1Q
Figure C-8.Example of Correct VLAN Port Assignments on a Link
C-25
Figure C-9.Example of Duplicate MAC Address
Fan Failure
Using the Event Log for Troubleshooting Switch Problems
Reboot the switch by choosing the
Event Log Entries
Severity
Date
Date
Time is the time in the format hh:mm:ss when an entry is recorded in the log
Time
Event Number
log-number
C-29
C-30
C-31
C-32
C-33
C-34
Menu: Displaying and Navigating in the Event Log
Event Log
Figure C-11.Example of an Event Log Display
Table C-1.Event Log Control Keys
C-35
CLI: Displaying the Event Log
Examples
CLI: Clearing Event Log Entries
clear logging
CLI: Turning Event Numbering On
Using Log Throttling to Reduce Duplicate Event Log and SNMP Messages
Log Throttle Periods
Example of Log Throttling
W 10/01/06 09:00:33 PIM:No IP address configured on VID 100 (1)
Figure C-12.Example of the First Instance of an Event Message and Counter
C-38
W 10/01/06 09:28:42 PIM:No IP address configured on VID 100 (8)
Figure C-13.Example of Duplicate Messages Over Multiple Log Throttling Periods
C-39
Example of Event Counter Operation
Suppose the switch detects the following after a reboot:
Table C-2.How the Duplicate Message Counter Increments
C-40
Debug/Syslog Operation
Debug/Syslog Messaging
Debug/Syslog Destination Devices
debug destination
■Up to six Syslog servers
Debug/Syslog Configuration Commands
C-42
Figure C-15.Summary of Debug/Syslog Configuration Commands
page C-57)is supported on the following switch models:
Series 6400cl switches
6200yl Switch
6600 switch
Configuring Debug/Syslog Operation
logging facility
no debug event
5. If you configure system-moduleand/or severity-levelvalues to filter Event
messages to configured debug destinations (Syslog servers and/or CLI
session)
all Event Log messages, enter one or both of the following commands:
Figure C-16.Sample Output of show debug Command
C-46
logging severity
Example
Debug logging of ACL and
user
C-48
C-49
Debug Command
show statistics < aclv4 | aclv6
Syntax: [no] debug < debug-type > (Continued)
(Continued)
If no Syslog server address is configured and you enter the
adj —
event —
dd— Database descriptions hello — Hello messages
hello —
lsa — Link-stateadvertisements lsr — Link-staterequests
dhcpv6-client[events | packet]: Displays DHCPv6 client event and packet data
[forwarding]: Displays IPv6 forwarding messages
[forwarding]:
[nd]: Displays debug messages for IPv6 neighbor discovery
[nd]:
ProCurve#
debug destination session
Logging Command
By specifying both a severity level and system module, you can use both
configured settings to filter the Event Log messages you want to use to
troubleshoot switch or network error conditions
power recycle. The debug settings and destinations configured in your
Configuring a Syslog Server
syslog-ip-addr
C-55
Syntax: [no] logging < syslog-ip-addr
no debug destination logging
debug destination logging
C-56
Syntax: [no] logging facility < facility-name
facility-name
Adding a Description for a Syslog Server
(IPv4 only) configured for syslog using the CLI or SNMP
toring of syslog for SNMP (RFC 3164 supported)
C-57
Adding a Priority Description
severity
system module
parameters either through the CLI or with SNMP
Configuring the Severity Level for Event Log
Messages Sent to a Syslog Server
highest to lowest):
Major: A fatal error condition has occurred on the switch
Major:
Operating Notes for Debug and Syslog
C-60
■Debug commands do not affect normal message output to the Event Log
debug event
■Ensure that your Syslog servers accept Debug messages
Duplicate IP addresses are not stored in the list of syslog servers
C-61
Diagnostic Tools
Diagnostic Features
C-62
Port Auto-Negotiation
Ensure that the switch port and the port on the attached
If the attached
Ping and Link Tests
be IEEE 802.3-compliant
Figure C-21.Link and Ping Test Screen on the Web Browser Interface
Successes
Failures
C-64
Number of Packets to Send
CLI: Ping Test
Sends ICMP echo requests to determine if another device is alive
ping6
<ip-address| hostname
source <ip-addr| hostname
data-size <0-65471
data-fill <0-1024
Figure C-22.Examples of Ping Tests
Link Tests
Traceroute Command
Ctrl
traceroute6
<ip-address| hostname
The IP address or hostname of the device to which to send the traceroute
traceroute
A Low Maxttl Causes Traceroute To Halt Before Reaching the
Destination Address. For example, executing traceroute with its default
Destination Address
C-68
Figure C-24.Example of a Completed Traceroute Enquiry
maxttl
Figure C-25.Example of Incomplete Traceroute Due to Low Maxttl Setting
C-69
Common reasons for Traceroute failing to reach a destination include:
Figure C-26.Example of Traceroute Failing to Reach the Destination Address
C-70
Viewing Switch Configuration and Operation
CLI: Viewing the Startup or Running Configuration File
Web: Viewing the Configuration File
Diagnostics
2.Click on [Configuration Report]
CLI: Viewing a Summary of Switch Operational Data
Figure C-27shows sample output from the show tech command
Figure C-27.Example of Show Tech Command
copy show tech
Saving show tech Command Output to a Text File
C-73
Transfer | Capture Text
Figure C-28.Capture Text window of the Hyperterminal Application
Figure C-29.Entering a Path and Filename for Saving show tech Output
[Start]
Transfer | Capture Text | Stop
Customizing show tech Command Output
To customize the information displayed with the show tech command:
copy “show system”
slot-id
ip-addr
remote-file
unix
command-file
acl-filename
.txt
copy usb
CLI: Viewing More Information on Switch Operation
show history
show system-information
show version
show interfaces
show
exclude
begin:
Figure C-30.Example of Pattern Matching with Include Option
Figure C-31.Example of Pattern Matching with Exclude Option
C-80
Figure C-32.Example of Pattern Matching with Begin Option
show arp
CLI: Useful Commands for Troubleshooting Sessions
Syntax: alias
show ip ssh command
Restoring the Factory-Default
Configuration
CLI: Resetting to the Factory-DefaultConfiguration
Clear/Reset: Resetting to the Factory-DefaultConfiguration
Restoring a Flash Image
Call
Disconnect
ii.Select File | Properties
vi.Select Call | Connect
File
Figure C-34.Example of Xmodem Download in Progress
DNS Resolver
Host Name —
evergreen.trees.org
accounts015
sales021
Basic Operation
■When the switch is configured with both of the following:
•the IP address of a DNS server available to the switch
•the domain suffix of a domain available to the configured DNS server
then:
Configuring and Using DNS Resolution with
DNS-CompatibleCommands
Configuring a DNS Entry
Syntax: [no] ip dns server-addresspriority < 1 - 3 > < ip-addr
•the relative priority of the DNS server when multiple servers are configured
•the IP address of the DNS server
C-90
Example Using DNS Names with Ping and Traceroute
Figure C-37.Example Network Domain
Entity:
Identity:
docserver
Figure C-38.Configuring Switch “A” in FigureC-37To Support DNS Resolution
37 as a target:
Viewing the Current DNS Configuration
show run
ProCurve# show ip
IP Routing : Disabled
Gateway :
Switch-Initiated
C-94
Event Log Messages
Message
Meaning
Locator LED (Locating a Switch)
Syntax: chassislocate [blink | on | off]
Locates a switch by using the blue Locate LED on the front panel
blink <1-1440
on <1-1440
MAC Address Management
Page
Determining MAC Addresses
Use the menu interface
Use the CLI
Menu: Viewing the Switch’s MAC Addresses
The Management Address Information screen lists the MAC addresses for:
■ Base switch (default VLAN; VID = 1)
■ Any additional VLANs configured on the switch
Also, the Base MAC address appears on a label on the back of the switch
CLI: Viewing the Port and VLAN MAC Addresses
uses the first 24 MAC addresses in the allotment, and so-on
(All VLANs in the switch have the same MAC address.)
walkmib
in the switch, regardless of which VLAN you select
Figure D-2.Example of Port MAC Address Assignments on a Switch
D-6
Viewing the MAC Addresses of
Connected Devices
MAC address < mac-addr > not found
mac-address
D-8
Monitoring Resources
Viewing Information on Resource Usage
Policy Enforcement Engine
When the following features are configured globally or
•ACLs
•QoS configurations that use the following commands:
qos
device-priority
–QoS application port through the CLI using qos tcp-port or qos udp-port
tcp-port
–VLAN QoS Policies through the CLI using service-policy
Displaying Current Resource Usage
show resources
policy
Syntax: show <qos | access-list| policy> resources
■There is authenticated client usage of IDM resources on ports
E-5
in/out
bcast/mcast
qos priority
qos dscp
qos protocol
When Insufficient Resources Are Available
E-8
Daylight Savings Time on ProCurve Switches
Middle Europe and Portugal:
Southern Hemisphere:
Western Europe:
Figure F-1.Menu Interface with “User-Defined”Daylight Time Rule Option
■If the configured day is a Sunday, the time changes at 2am on that day
This is true for both the “Beginning day” and the “Ending day”
F-3
F-4
Subject
Maximum
G-1
G-2
Switch Licensing
The procedure for installing a licensed feature into a switch is:
licenses
hardware-id
<license_type
ProCurve# licenses hardware-idpremium
5.Reboot the switch. For example:
Power-SavingFeatures
■Turn slot power on or off
■Turn LED power on or off using a timer
■Slot auto low power mode
The modules support the power-savingfeatures as indicated in the table below
Configuring the Power-SavingOptions
savepower
Configuring the Savepower module Option
module
Figure I-1.Example of savepower module Command
slot-id
duration <[HH:]MM
recur
recur
Default: disabled
Figure I-2.Example of Setting a Time and Duration for savepower led Command
Configuring the Savepower port-low-pwrOption
Figure I-3.Example of savepower port-low-powerCommand for Slot C
Show Savepower Commands
Show Savepower Module
show save- power module
Figure I-4.Example of Output for show savepower module Command
Show Savepower Port-low-pwr
show savepower
port-low-pwr
Figure I-5.Example of Output for show savepower port-low-pwrCommand
Figure I-6.Example of Output for show savepower led Command
J-1
Concepts
Management communications with a managed switch can be:
■in band—throughthe networked data ports of the switch
out of
Figure J-1.Management ports
Table J-1.Switch Management Ports
Example
Figure J-2.Network out-of-bandmanagement in a data center
J-4
OOBM and Switch Applications
J-5
Tasks
OOBM Configuration
OOBM Context
Syntax: oobm
OOBM Enable/disable
From the OOBM context:
enable disable
From the general configuration context:
Enables or disables networked out-of-band-managementon the switch
OOBM Port Enable/disable
OOBM Port Speed Control
OOBM IPv4 Address Configuration
[no] ip address [dhcp-bootp| ip-address/mask-length]
ip-address/mask-length
[no] oobm ip address [dhcp-bootp| ip-address/mask-length]
Configures an IPv4 address for the switch’s OOBM interface
OOBM Show Commands
Show OOBM
Show OOBM IP Configuration
show oobm ip
Show OOBM ARP Information
show oobm arp
Application Server Commands
Default value is both for all servers
Telnet:
Management and Configuration Guide, page
SSH:
Application Client Commands
Figure J-3.Example data center
J-16
Index
Symbols
Numerics
2 – Index
Page
4 – Index
Page
6 – Index
Page
source IP address …
Page
10 – Index
Page
12 – Index
Page
14 – Index
Page
16 – Index
begin option … C-79
18 – Index
Page
20 – Index
Page
22 – Index
