HP Model Vehicle 6120 69

Static Virtual LANs (VLANs)

Special VLAN Types

■Any ports not specifically assigned to another VLAN will remain assigned to the Default VLAN, regardless of whether it is the Primary VLAN.

Candidates for Primary VLAN include any static, port-based VLAN currently configured on the switch. (Protocol-Based VLANs and dynamic—GVRP- learned—VLANs that have not been converted to a static VLAN cannot be the Primary VLAN.) To display the current Primary VLAN, use the CLI show vlan command.

N o t e	If you configure a non-default VLAN as the Primary VLAN, you cannot delete
	that VLAN unless you first select a different VLAN to serve as primary.
	If you manually configure a gateway on the switch, it ignores any gateway
	address received via DHCP or Bootp.
	To change the Primary VLAN configuration, refer to “Changing the Primary

	VLAN” on page 2-34.

The Secure Management VLAN

Configuring a secure Management VLAN creates an isolated network for managing the ProCurve switches that support this feature. If you configure a secure Management VLAN, access to the VLAN and to the switch’s management functions (Menu, CLI, and web browser interface) is available only through ports configured as members.

■ Multiple ports on the switch can belong to the Management VLAN. This allows connections for multiple management stations you want to have access to the Management VLAN, while at the same time allowing Management VLAN links between switches configured for the same Management VLAN.

■ Only traffic from the Management VLAN can manage the switch, which means that only the workstations and PCs connected to ports belonging to the Management VLAN can manage and reconfigure the switch.

Figure 2-29illustrates use of the Management VLAN feature to support management access by a group of management workstations.

2-46

Contents

Page Page Page Product Documentation 1 Getting Started 2 Static Virtual LANs (VLANs) Terminology General Steps for Using VLANs 802.1Q VLAN Tagging Special VLAN Types 3 GVRP 4 Multiple Instance Spanning-TreeOperation 5Quality of Service (QoS): Managing Bandwidth More Effectively QoS Queue Configuration N o t e Page Page Page Page Page Page copy tftp ProCurve hostname Displayed Text Figure 1-1.Example of a Figure Showing a Simulated Screen Page Page Figure 1-2.Online Help for Menu Interface Figure 1-5.Button for Onboard Administrator Interface Online Help setup 8.Run Setup Page Page Page Page VLAN Features The Default VLAN: The Secure Management VLAN: Voice VLANs: Static VLAN: Dynamic VLAN Tagged Packet: Tagged VLAN: Untagged VLAN Table 2-1.Comparative Operation of Port-Basedand Protocol-BasedVLANs Table 2-2.VLAN Environments The Default VLAN Figure 2-1.Example of a Switch in the Default VLAN Configuration Figure 2-2.Example of Multiple VLANs on the Switch Protocol VLAN Environment Figure 2-3.Example of Overlapping VLANs Using the Same Server Figure 2-4.Example of Connecting Multiple VLANs Through the Same Link Introducing Tagged VLAN Technology into Networks Running Legacy (Untagged) VLANs Figure 2-5.Example of Tagged and Untagged VLAN Technology in the Same Network Figure 2-6.Comparing Per-PortVLAN Options With and Without GVRP Table 2-3. Per-PortVLAN Configuration Options - or Forbid DHCP/Bootp: Per-VLAN Features: Deleting Static VLANs: Adding or Deleting VLANs: write memory Inbound Tagged Packets: Figure 2-7.Untagged VLAN Operation Figure 2-8.Tagged VLAN Operation Table 2-4.Example of Forwarding Database Content Page The Problem The Solution Page 2.Switch Configuration 8.VLAN Menu … 1.VLAN Support Figure 2-12.The Default VLAN Support Screen [E] Maximum VLANs to support Figure 2-13.VLAN Menu Screen Indicating the Need To Reboot the Switch 8.VLAN Menu … 2.VLAN Names Figure 2-14.The Default VLAN Names Screen Add 802.1Q VLAN ID : Name : Name Figure 2-15.Example of VLAN Names Screen with a New VLAN Added 2. Switch Configuration 8. VLAN Menu … 3. VLAN Port Assignment Edit Untagged, or Forbid) Untagged VLANs Figure 2-17.Example of Port-BasedVLAN Assignments for Specific Ports VLAN Commands Maximum VLANs to support: Primary VLAN: Management VLAN: 802.1Q VLAN ID: Status: Port-Based Protocol: Dynamic: Voice: Port name: VLAN ID: Mode: Figure 2-19.Example of “Show VLAN Ports” Cumulative Listing Figure 2-20.Example of “Show VLAN Ports” Detail Listing Port Information: DEFAULT: Unknown VLAN: Figure 2-21.Example of “Show VLAN” for a Specific Static VLAN Figure 2-22.Example of “Show VLAN” for a Specific Dynamic VLAN Note: Figure 2-23.Example of Command Sequence for Changing the Number of VLANs Changing the Primary VLAN show vlans vlan [no] Figure 2-25.Example of Creating a New, Port-Based,Static VLAN show vlan VLAN already exists Page Page Figure 2-26.Example of Tagged and Untagged VLAN Port Assignments Figure 2-27.Example of VLAN ID Numbers Assigned in the VLAN Names Screen Figure 2-28.Example of Networked 802.1Q-CompliantDevices with Multiple VLANs on Some Ports Switch Switch Y Page Page Figure 2-29.Example of Potential Security Breaches Figure 2-30.Example of Management VLAN Control in a LAN Table 2-5.VLAN Membership in Figure reboot My_VLAN Figure 2-31.Illustration of Configuration Example Figure 2-32.Example of DHCP Server on Management VLAN Figure 2-33.Example of DHCP Server on Different VLAN from the Management VLAN Figure 2-34.Example of no Management VLANs Configured Figure 2-35.Example of Client on Different Management VLAN from DHCP Server Figure 2-36.Example of DHCP Server and Client on the Management VLAN write-memory Page Voice VLAN(s): Tagged/Untagged VLAN Membership: Page no vlan Page Page Page N o t e : max vlans Figure 3-1.Example of Forwarding Advertisements and Dynamic Joining Switch “D” GVRP On Figure 3-2.Example of GVRP Operation IP Addressing Table 3-1.Options for Handling “Unknown VLAN” Advertisements: show gvrp Figure 3-3.Example of GVRP Unknown VLAN Settings Page Table 3-2.Controlling VLAN Behavior on Ports with Static VLANs Page Page 2.Switch Configuration … Figure 3-4.The VLAN Support Screen (Default Configuration) Yes Unknown VLAN Figure 3-5.Example Showing Default Settings for Handling Advertisements ave GVRP Commands Used in This Section Figure 3-6.Example of “Show GVRP” Listing with GVRP Disabled Figure 3-7.Example of Show GVRP Listing with GVRP Enabled Enabling and Disabling GVRP on the Switch. This command enables Syntax: gvrp Figure 3-8.Displaying the Static and Dynamic VLANs Active on the Switch Figure 3-9.Example of Listing Showing Dynamic VLANs Configuration Page Page Page Page Page Figure 4-1.Example of a Multiple Spanning-TreeApplication C a u t i o n Figure 4-2.Example of MSTP Network with Legacy STP and RSTP Devices Connected MST Region: Internal Spanning Tree (IST): Internal Page Figure 4-3.Active Topologies Built by Three Independent MST Instances Page Connectivity within the Same MST Instance BPDU — BPDU Filtering — BPDU Protection — Bridge: Common Spanning Tree (CST): MSTP Bridge: RSTP — Spanning-tree STP — SNMP — instance vlan legacy-path cost Note on Path Cost Page Region Revision Number: spanning-tree config-revision max-hops –Force-Versionoperation: spanning-tree force-version –Forward Delay: spanning-tree forward-delay maximum-age 3.Configure MST instances spanning-treeinstance < n > vlan < vid no spanning- tree instance 5.Configure MST instance port parameters instance Page pending stp-compatible: rstp-operation: mstp-operation: force-version (Default: MSTP-operation.) 802.1t Global > hello- time < 1..10 apply: config-name: config-revision: instance: reset: Disabled admin-edge-port admin edge-port auto-edge-port auto Yes - enabled global hello- time true default) false auto: show running root- guard tcn-guard Command Syntax and Example always Figure 4-5.Example of BPDU Filter in Show Spanning Tree Configuration Command Figure 4-6.Example of BPDU Filters in the Show Configuration Command Figure 4-7.Example of BPDU Protection Enabled at the Network Edge Example interface enable period using the spanning-tree bpdu-protection-timeout command bpdu-protection Figure 4-9.Example of BPDU Filters in the Show Configuration Command spanning-tree instance vlan Switch Priority auto Page instance ist > instance ist Page apply config-name config-revision: reset config-revision pending apply ■Region name (spanning-tree config-name) ■Region revision number (spanning-tree config-revision) Page Figure 4-11.Example of Mapping VLANs on Other ProCurve Switches Page show config files Figure 4-12.An Example of the show config files Command Output Figure 4-13.A Config File for the Current Software Version is Created show flash Page Page a20-a42,trk1 Figure 4-15.Example of Common Spanning Tree Status Page Page Page show spanning-tree a20-a24,trk1config instance Figure 4-19.Example of the Configuration Listing for a Specific Instance Figure 4-20.Example of a Region-LevelConfiguration Display Figure 4-21.Example of Displaying a Pending Configuration root-history cst ist mst root-guard root- history priority instance priority Figure 4-22.Example of show spanning-tree root-historycst Command Output Figure 4-23.Example of show spanning-tree root-historyist Command Output Figure 4-24.Example of show spanning-tree root-historymsti Command Output debug- counters Figure 4-25.Example of show spanning-tree debug-countersCommand Output debug- counters instance Page ports a2-a8 a20 trk1 trk4-trk5 Page output of show spanning-tree debug-counters commands Table 4-1.MSTP Debug Command Output: Field Descriptions Page Page Table 4-2.Troubleshooting MSTP Operation On ports connected to unmanaged devices Figure 4-29.Examples of Loop Protection Enabled in Preference to STP loop-protect N o t e s interval trap to receive-action send-disable Figure 4-30.Example of Show Loop-ProtectDisplay Page Page Page Set Priority Honor Priority Change Priority Honor New Priority Set Policy 802.1p prioritization: Type-of-Service (ToS): Page Table 5-1.Port Queue Exit Priorities Page Table 5-2.QoS Priority Settings and Operation Table 5-3.Mapping Switch QoS Priority Settings to Device Queues M u l t i p l e C r i t e r i a Table 5-4.Classifier Search Order and Precedence Table 5-5.Summary of QoS Capabilities Table 5-6.Applying QoS Options to Traffic Types Defined by QoS Classifiers Page Page QoS Classifier Precedence: ToS IP-Precedence Mode: ToS Differentiated Services (Diffserv) Mode: Figure 5-3.Example of Enabling ToS IP-PrecedencePrioritization Figure 5-4.Interior Switch “B” Honors the Policy Established in Edge Switch “A” 4.Enable diff-services diff-services Page incoming-DSCP outgoing- DSCP Page Page A Differentiated Services Codepoint (DSCP): qos dscp map Figure 5-10.The ToS Codepoint and Precedence Bits Table 5-7.How the Switch Uses the ToS Configuration ToS Option: Table 5-8.ToS IP-PrecedenceBit Mappings to 802.1p Priorities qos interface Figure 5-11.Configuring and Displaying Source-PortQoS Priorities Figure 5-12.Returning a QoS-PrioritizedVLAN to “No-override”Status Steps for Creating a Policy Based on Source-PortClassifiers Page Figure 5-13.Display the Current Configuration in the DSCP Policy Table Figure 5-14.Assign Priorities to the Selected DSCPs Figure 5-15.The Completed Source-Port DSCP-PriorityConfiguration Radius Override Field ascii-string policy name, if Table The Default DSCP Policy Table > priority < 0 - 7 >) Effect of show qos classifier Table 5-10.Error Messages Generated by DSCP Policy Changes Page port-priority Page Table 5-11.Details of Packet Criteria and Restrictions for QoS Support All Switches: For Devices that Do Not Support 802.1Q Maximum QoS Configuration Entries: Table 5-12.Maximum QoS Entries Not Supported: Monitoring Shared Resources: Page Numerics