HP Model Vehicle 6120 write-memory

Static Virtual LANs (VLANs)

Special VLAN Types

Deleting the Management VLAN

You can disable the Secure Management feature without deleting the VLAN itself. For example, either of the following commands disables the Secure Management feature in the above example:

ProCurve (config)# no management-vlan 100 ProCurve (config)# no management-vlan my_vlan

Operating Notes for Management VLANs

■

■

■

■

■

Use only a static, port-based VLAN for the Management VLAN.

The Management VLAN feature applies to both IPv4 and IPv6 traffic.

The Management VLAN does not support IGMP operation.

Routing between the Management VLAN and other VLANs is not allowed.

If there are more than 25 VLANs configured on the switch, reboot the switch after configuring the management VLAN.

■ If you implement a Management VLAN in a switch mesh environment, all meshed ports on the switch will be members of the Management VLAN.

■ Only one Management-VLAN can be active in the switch. If one Management -VLAN VID is saved in the startup-config file and you configure a different VID in the running-config file, the switch uses the running-config version until you either use the write-memorycommand or reboot the switch.

■ During a Telnet session to the switch, if you configure the Management-

	VLAN to a VID that excludes the port through which you are connected
	to the switch, you will continue to have access only until you terminate
	the session by logging out or rebooting the switch.
	■ During a web browser session to the switch, if you configure the Manage-
	ment-VLAN to a VID that excludes the port through which you are
	connected to the switch, you will continue to have access only until you
	close the browser session or rebooting the switch.

N o t e	The Management-VLAN feature does not control management access through
	a direct connection to the switch’s serial port.
	■ Enabling Spanning Tree where there are multiple links using separate

	VLANs, including the Management VLAN, between a pair of switches,
	Spanning Tree will force the blocking of one or more links. This may
	include the link carrying the Management VLAN, which will cause loss of
	management access to some devices. This can also occur where meshing
	is configured and the Management VLAN is configured on a separate link.

2-53

Contents

Page Page Page Product Documentation 1 Getting Started 2 Static Virtual LANs (VLANs) Terminology General Steps for Using VLANs 802.1Q VLAN Tagging Special VLAN Types 3 GVRP 4 Multiple Instance Spanning-TreeOperation 5Quality of Service (QoS): Managing Bandwidth More Effectively QoS Queue Configuration N o t e Page Page Page Page Page Page copy tftp ProCurve hostname Displayed Text Figure 1-1.Example of a Figure Showing a Simulated Screen Page Page Figure 1-2.Online Help for Menu Interface Figure 1-5.Button for Onboard Administrator Interface Online Help setup 8.Run Setup Page Page Page Page VLAN Features The Default VLAN: The Secure Management VLAN: Voice VLANs: Static VLAN: Dynamic VLAN Tagged Packet: Tagged VLAN: Untagged VLAN Table 2-1.Comparative Operation of Port-Basedand Protocol-BasedVLANs Table 2-2.VLAN Environments The Default VLAN Figure 2-1.Example of a Switch in the Default VLAN Configuration Figure 2-2.Example of Multiple VLANs on the Switch Protocol VLAN Environment Figure 2-3.Example of Overlapping VLANs Using the Same Server Figure 2-4.Example of Connecting Multiple VLANs Through the Same Link Introducing Tagged VLAN Technology into Networks Running Legacy (Untagged) VLANs Figure 2-5.Example of Tagged and Untagged VLAN Technology in the Same Network Figure 2-6.Comparing Per-PortVLAN Options With and Without GVRP Table 2-3. Per-PortVLAN Configuration Options - or Forbid DHCP/Bootp: Per-VLAN Features: Deleting Static VLANs: Adding or Deleting VLANs: write memory Inbound Tagged Packets: Figure 2-7.Untagged VLAN Operation Figure 2-8.Tagged VLAN Operation Table 2-4.Example of Forwarding Database Content Page The Problem The Solution Page 2.Switch Configuration 8.VLAN Menu … 1.VLAN Support Figure 2-12.The Default VLAN Support Screen [E] Maximum VLANs to support Figure 2-13.VLAN Menu Screen Indicating the Need To Reboot the Switch 8.VLAN Menu … 2.VLAN Names Figure 2-14.The Default VLAN Names Screen Add 802.1Q VLAN ID : Name : Name Figure 2-15.Example of VLAN Names Screen with a New VLAN Added 2. Switch Configuration 8. VLAN Menu … 3. VLAN Port Assignment Edit Untagged, or Forbid) Untagged VLANs Figure 2-17.Example of Port-BasedVLAN Assignments for Specific Ports VLAN Commands Maximum VLANs to support: Primary VLAN: Management VLAN: 802.1Q VLAN ID: Status: Port-Based Protocol: Dynamic: Voice: Port name: VLAN ID: Mode: Figure 2-19.Example of “Show VLAN Ports” Cumulative Listing Figure 2-20.Example of “Show VLAN Ports” Detail Listing Port Information: DEFAULT: Unknown VLAN: Figure 2-21.Example of “Show VLAN” for a Specific Static VLAN Figure 2-22.Example of “Show VLAN” for a Specific Dynamic VLAN Note: Figure 2-23.Example of Command Sequence for Changing the Number of VLANs Changing the Primary VLAN show vlans vlan [no] Figure 2-25.Example of Creating a New, Port-Based,Static VLAN show vlan VLAN already exists Page Page Figure 2-26.Example of Tagged and Untagged VLAN Port Assignments Figure 2-27.Example of VLAN ID Numbers Assigned in the VLAN Names Screen Figure 2-28.Example of Networked 802.1Q-CompliantDevices with Multiple VLANs on Some Ports Switch Switch Y Page Page Figure 2-29.Example of Potential Security Breaches Figure 2-30.Example of Management VLAN Control in a LAN Table 2-5.VLAN Membership in Figure reboot My_VLAN Figure 2-31.Illustration of Configuration Example Figure 2-32.Example of DHCP Server on Management VLAN Figure 2-33.Example of DHCP Server on Different VLAN from the Management VLAN Figure 2-34.Example of no Management VLANs Configured Figure 2-35.Example of Client on Different Management VLAN from DHCP Server Figure 2-36.Example of DHCP Server and Client on the Management VLAN write-memory Page Voice VLAN(s): Tagged/Untagged VLAN Membership: Page no vlan Page Page Page N o t e : max vlans Figure 3-1.Example of Forwarding Advertisements and Dynamic Joining Switch “D” GVRP On Figure 3-2.Example of GVRP Operation IP Addressing Table 3-1.Options for Handling “Unknown VLAN” Advertisements: show gvrp Figure 3-3.Example of GVRP Unknown VLAN Settings Page Table 3-2.Controlling VLAN Behavior on Ports with Static VLANs Page Page 2.Switch Configuration … Figure 3-4.The VLAN Support Screen (Default Configuration) Yes Unknown VLAN Figure 3-5.Example Showing Default Settings for Handling Advertisements ave GVRP Commands Used in This Section Figure 3-6.Example of “Show GVRP” Listing with GVRP Disabled Figure 3-7.Example of Show GVRP Listing with GVRP Enabled Enabling and Disabling GVRP on the Switch. This command enables Syntax: gvrp Figure 3-8.Displaying the Static and Dynamic VLANs Active on the Switch Figure 3-9.Example of Listing Showing Dynamic VLANs Configuration Page Page Page Page Page Figure 4-1.Example of a Multiple Spanning-TreeApplication C a u t i o n Figure 4-2.Example of MSTP Network with Legacy STP and RSTP Devices Connected MST Region: Internal Spanning Tree (IST): Internal Page Figure 4-3.Active Topologies Built by Three Independent MST Instances Page Connectivity within the Same MST Instance BPDU — BPDU Filtering — BPDU Protection — Bridge: Common Spanning Tree (CST): MSTP Bridge: RSTP — Spanning-tree STP — SNMP — instance vlan legacy-path cost Note on Path Cost Page Region Revision Number: spanning-tree config-revision max-hops –Force-Versionoperation: spanning-tree force-version –Forward Delay: spanning-tree forward-delay maximum-age 3.Configure MST instances spanning-treeinstance < n > vlan < vid no spanning- tree instance 5.Configure MST instance port parameters instance Page pending stp-compatible: rstp-operation: mstp-operation: force-version (Default: MSTP-operation.) 802.1t Global > hello- time < 1..10 apply: config-name: config-revision: instance: reset: Disabled admin-edge-port admin edge-port auto-edge-port auto Yes - enabled global hello- time true default) false auto: show running root- guard tcn-guard Command Syntax and Example always Figure 4-5.Example of BPDU Filter in Show Spanning Tree Configuration Command Figure 4-6.Example of BPDU Filters in the Show Configuration Command Figure 4-7.Example of BPDU Protection Enabled at the Network Edge Example interface enable period using the spanning-tree bpdu-protection-timeout command bpdu-protection Figure 4-9.Example of BPDU Filters in the Show Configuration Command spanning-tree instance vlan Switch Priority auto Page instance ist > instance ist Page apply config-name config-revision: reset config-revision pending apply ■Region name (spanning-tree config-name) ■Region revision number (spanning-tree config-revision) Page Figure 4-11.Example of Mapping VLANs on Other ProCurve Switches Page show config files Figure 4-12.An Example of the show config files Command Output Figure 4-13.A Config File for the Current Software Version is Created show flash Page Page a20-a42,trk1 Figure 4-15.Example of Common Spanning Tree Status Page Page Page show spanning-tree a20-a24,trk1config instance Figure 4-19.Example of the Configuration Listing for a Specific Instance Figure 4-20.Example of a Region-LevelConfiguration Display Figure 4-21.Example of Displaying a Pending Configuration root-history cst ist mst root-guard root- history priority instance priority Figure 4-22.Example of show spanning-tree root-historycst Command Output Figure 4-23.Example of show spanning-tree root-historyist Command Output Figure 4-24.Example of show spanning-tree root-historymsti Command Output debug- counters Figure 4-25.Example of show spanning-tree debug-countersCommand Output debug- counters instance Page ports a2-a8 a20 trk1 trk4-trk5 Page output of show spanning-tree debug-counters commands Table 4-1.MSTP Debug Command Output: Field Descriptions Page Page Table 4-2.Troubleshooting MSTP Operation On ports connected to unmanaged devices Figure 4-29.Examples of Loop Protection Enabled in Preference to STP loop-protect N o t e s interval trap to receive-action send-disable Figure 4-30.Example of Show Loop-ProtectDisplay Page Page Page Set Priority Honor Priority Change Priority Honor New Priority Set Policy 802.1p prioritization: Type-of-Service (ToS): Page Table 5-1.Port Queue Exit Priorities Page Table 5-2.QoS Priority Settings and Operation Table 5-3.Mapping Switch QoS Priority Settings to Device Queues M u l t i p l e C r i t e r i a Table 5-4.Classifier Search Order and Precedence Table 5-5.Summary of QoS Capabilities Table 5-6.Applying QoS Options to Traffic Types Defined by QoS Classifiers Page Page QoS Classifier Precedence: ToS IP-Precedence Mode: ToS Differentiated Services (Diffserv) Mode: Figure 5-3.Example of Enabling ToS IP-PrecedencePrioritization Figure 5-4.Interior Switch “B” Honors the Policy Established in Edge Switch “A” 4.Enable diff-services diff-services Page incoming-DSCP outgoing- DSCP Page Page A Differentiated Services Codepoint (DSCP): qos dscp map Figure 5-10.The ToS Codepoint and Precedence Bits Table 5-7.How the Switch Uses the ToS Configuration ToS Option: Table 5-8.ToS IP-PrecedenceBit Mappings to 802.1p Priorities qos interface Figure 5-11.Configuring and Displaying Source-PortQoS Priorities Figure 5-12.Returning a QoS-PrioritizedVLAN to “No-override”Status Steps for Creating a Policy Based on Source-PortClassifiers Page Figure 5-13.Display the Current Configuration in the DSCP Policy Table Figure 5-14.Assign Priorities to the Selected DSCPs Figure 5-15.The Completed Source-Port DSCP-PriorityConfiguration Radius Override Field ascii-string policy name, if Table The Default DSCP Policy Table > priority < 0 - 7 >) Effect of show qos classifier Table 5-10.Error Messages Generated by DSCP Policy Changes Page port-priority Page Table 5-11.Details of Packet Criteria and Restrictions for QoS Support All Switches: For Devices that Do Not Support 802.1Q Maximum QoS Configuration Entries: Table 5-12.Maximum QoS Entries Not Supported: Monitoring Shared Resources: Page Numerics