Page 1 2610 2610-PWR ProCurve Switches R.11.XX www.procurve.com Management and Configuration Guide...
Page 3 ProCurve Switch 2610 Series Switch 2610-PWR Series Management and Configuration Guide December 2007...
Page 4 The only warranties for HP products and services are set forth in the express warranty statements accompanying (J9085A) such products and services.
Page 5: Table Of Contents
IP Addressing ..........1-6 To Set Up and Install the Switch in Your Network ....1-6 2 Selecting a Management Interface Contents .
Page 6 Rebooting the Switch ........
Page 7 Displaying the Current Flash Image Data ..... . 6-13 Switch Software Downloads ....... . . 6-15...
Page 8 Rebooting the Switch ........
Page 9 Web: Configuring IP Addressing ......8-11 How IP Addressing Affects Switch Operation ....8-11 DHCP/Bootp Operation .
Page 10 CLI: Viewing and Configuring TimeP ......9-16 SNTP Unicast Time Polling with Multiple SNTP Servers ... . . 9-21 Address Prioritization .
Page 11 Viewing PoE Configuration and Status ......11-10 Displaying the Switch’s Global PoE Power Status ....11-10...
Page 12 Trunk Group Operation Using the “Trunk” Option ....12-21 How the Switch Lists Trunk Data ......12-21 Outbound Traffic Distribution Across Trunked Links .
Page 13 LLDP Configuration Options ....... . 13-31 Options for Reading LLDP Information Collected by the Switch . . 13-34 LLDP Standards Compatibility .
Page 14 Overview ........... . . A-2 Downloading Switch Software ........A-2 General Switch Software Download Rules .
Page 15 CLI Access ..........B-6 Switch Management Address Information ..... . B-7 Menu Access .
Page 16 Debug Types ......... . C-26 Configuring the Switch To Send Debug Messages to One or More SyslogD Servers .
Page 17 Overview ........... . . D-2 Determining MAC Addresses in the Switch ......D-2 Menu: Viewing the Switch’s MAC Addresses .
Page 18 xvi...
Page 19: Product Documentation
Product manuals. Printed Publications The two publications listed below are printed and shipped with your switch. The latest version of each is also available in PDF format on the ProCurve Web site, as described in the Note at the top of this page.
Page 20: Software Feature Index
Product Documentation Software Feature Index For the software manual set supporting your switch model, the following feature index indicates which manual to consult for information on a given software feature. (Note that some software features are not supported on all switch models.)
Page 21 Feature File Transfers Friendly Port Names GVRP IGMP Interface Access (Telnet, Console/Serial, Web) Jumbo Packets IP Addressing IP Routing LACP Link LLDP LLDP-MED MAC Address Management MAC Lockdown MAC Lockout MAC-based Authentication Monitoring and Analysis Multicast Filtering Multiple Configuration Files Network Management Applications (LLDP, SNMP) Passwords Ping...
Page 22 Product Documentation Feature Port-Based Access Control Port-Based Priority (802.1Q) Power over Ethernet (PoE) Quality of Service (QoS) RADIUS ACLs RADIUS Authentication and Accounting Routing Secure Copy sFlow SFTP SNMP Software Downloads (SCP/SFTP, TFTP, Xmodem) Source-Port Filters Spanning Tree (STP, RSTP, MSTP) SSH (Secure Shell) Encryption SSL (Secure Socket Layer) Stack Management (Stacking)
Page 23 Feature VLANs Web-based Authentication Xmodem Management and Advanced Traffic Configuration Management Product Documentation Access Security Guide...
Page 24 Product Documentation xxii...
Page 25 IP Addressing ..........1-6 To Set Up and Install the Switch in Your Network ....1-6...
Page 26: Getting Started
This guide uses the following conventions for command syntax and displayed information. Feature Descriptions by Model In cases where a software feature is not available in all of the switch models covered by this guide, the section heading specifically indicates which product or product series offer the feature.
Page 27: Command Prompts
> indicates that you must provide one or more port numbers: Syntax: aaa port-access authenticator < port-list > Command Prompts In the default configuration, your switch displays the following CLI prompt: ProCurve Switch 2610# To simplify recognition, this guide uses ProCurve to represent command prompts for all models.
Page 28: Port Identity Examples
“1”, “3-5”, “15”, etc. Sources for More Information For additional information about switch operation and features not covered in this guide, consult the following sources: For information on which product manual to consult on a given ■...
Page 29 For information on specific features in the Web browser interface, ■ use the online help. For information on Help options, see “Online Help for the Web Browser Interface” on page 5-1. For further information on ProCurve Networking switch technology, ■ visit the ProCurve website at: www.procurve.com...
Page 30: Need Only A Quick Start
Need Only a Quick Start? IP Addressing If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using multiple VLANs, ProCurve recommends that you use the Switch Setup screen to quickly configure IP addressing.
Page 31: Contents
Selecting a Management Interface Contents Overview ............2-2 Advantages of Using the Menu Interface .
Page 32: Selecting A Management Interface
VT-100/ANSI console built into the switch—page 2-4 ■ Web browser interface --a switch interface offering status information and a subset of switch commands through a standard web browser (such as Netscape Navigator or Microsoft Internet Explorer)—page 2-5 ProCurve Manager (PCM)—a windows-based network management ■...
Page 33: Advantages Of Using The Menu Interface
• Software downloads ■ Offers out-of-band access (through the RS-232 connection) to the switch, so network bottlenecks, crashes, lack of configured or correct IP address, and network downtime do not slow or prevent access ■ Enables Telnet (in-band) access to the menu functionality.
Page 34: Advantages Of Using The Cli
ProCurve# ProCurve(config)# ProCurve(<context>)# Figure 2-2. Command Prompt Examples ■ Provides access to the complete set of the switch configuration, perfor mance, and diagnostic features. ■ Offers out-of-band access (through the RS-232 connection) or Telnet (in band) access. Enables quick, detailed system configuration and management access to ■...
Page 35: Advantages Of Using The Web Browser Interface
Advantages of Using the Web Browser Interface Figure 2-3. Example of the Web Browser Interface Easy access to the switch from anywhere on the network ■ ■ Familiar browser interface--locations of window objects consistent with commonly used browsers, uses mouse clicking for navigation, no terminal setup ■...
Page 36: Advantages Of Using Procurve Manager Or Procurve Manager Plus
Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus Advantages of Using ProCurve Manager or ProCurve Manager Plus You can operate ProCurve Manager and ProCurve Manager Plus (PCM and PCM+) from a PC on the network to monitor traffic, manage your hubs and switches, and proactively recommend network changes to increase network uptime and optimize performance.
Page 37 Advantages of Using ProCurve Manager or ProCurve Manager Plus Extended RMON and sFlow, users can monitor overall traffic levels, segments with the highest traffic, or even the top users within a network segment. • Group and Policy Management: Changes in configuration are tracked and logged, and archived configurations can be applied to one or many devices.
Page 38 Selecting a Management Interface Advantages of Using ProCurve Manager or ProCurve Manager Plus...
Page 39: Contents
Rebooting the Switch ........
Page 40: Using The Menu Interface
Event Log, and the Operator level in the CLI. After you configure passwords on the switch and log off of the interface, access to the menu interface (and the CLI and web browser interface) will require entry of either the Manager or Operator password.
Page 41: Starting And Ending A Menu Session
To enter the CLI from the Menu interface, select Starting and Ending a Menu Session You can access the menu interface using any of the following: A direct serial connection to the switch’s console port, as described in the ■ installation guide you received with the switch ■...
Page 42: How To Start A Menu Interface Session
1. Use one of these methods to connect to the switch: • • (You can also use the stack Commander if the switch is a stack member). 2. Do one of the following: • •...
Page 43: How To End A Menu Session And Exit From The Console
3-7). N o t e To configure the switch to start with the menu interface instead of the CLI, go to the Manager level prompt in the CLI, enter the setup command, and in the resulting display, change the Logon Default parameter to Menu. For more information, see the Installation and Getting Started Guide you received with the switch.
Page 44 Telnet session. 2. If you have made configuration changes that require a switch reboot— that is, if an asterisk (*) appears next to a configured item or next to Switch Configuration in the Main Menu: a. Return to the Main Menu.
Page 45: Main Menu Features
The Main Menu gives you access to these Menu interface features: ■ Status and Counters: Provides access to display screens showing switch information, port status and counters, port and VLAN address tables, and spanning tree information. (See Appendix B, “Monitoring and Analyzing Switch Operation”.) Switch Configuration: Provides access to configuration screens for ■...
Page 46 (broadcast domain). See the chapter on stack management in the Advanced Traffic Management Guide. ■ Logout: Closes the Menu interface and console session, and disconnects Telnet access to the switch. (See “How to End a Menu Session and Exit from the Console” on page 3-5).)
Page 47: Screen Structure And Navigation
Screen Structure and Navigation Menu interface screens include these three elements: ■ Parameter fields and/or read-only information such as statistics Navigation and configuration actions, such as Save, Edit, and Cancel ■ ■ Help line to describe navigation options, individual parameters, and read- only data For example, in the following System Information screen: Screen title –...
Page 48 (or flash) memory, and it is therefore not necessary to reboot the switch after making these changes. But if an asterisk appears next to any menu item you reconfigure, the switch will not activate or save the change for that item until you reboot the switch.
Page 49 To get Help on individual parameter descriptions. In most screens there is a Help option in the Actions line. Whenever any of the items in the Actions line is highlighted, press For example: Highlight on any item in the Actions line indicates that the Actions line is active.
Page 50: Rebooting The Switch
To Reboot the switch, use the Reboot Switch option in the Main Menu. (Note that the Reboot Switch option is not available if you log on in Operator mode; that is, if you enter an Operator password instead of a manager password at the password prompt.)
Page 51 If you make configuration changes in the menu interface that require a reboot, the switch displays an asterisk (*) next to the menu item in which the change has been made. For example, if you change and save the value for the...
Page 52: Menu Features List
Run Setup Stacking • • • • • Logout 3-14 General System Information Switch Management Address Information Port Status Port Counters Address Table Port Address Table Spanning Tree Information System Information Port/Trunk Settings Network Monitoring Port Spanning Tree Operation IP Configuration...
Page 53: Where To Go From Here
Option: To use the Run Setup option To use the ProCurve Stack Manager To view and monitor switch status and Appendix B, “Monitoring and Analyzing Switch counters To learn how to configure and use passwords and other security features switch.
Page 54 Using the Menu Interface Where To Go From Here 3-16...
Page 55: Using The Command Line Interface (Cli)
Using the Command Line Interface (CLI) Contents Overview ............4-2 Accessing the CLI .
Page 56: Overview
Overview The CLI is a text-based command interface for configuring and monitoring the switch. The CLI gives you access to the switch’s full set of commands while providing the same password protection that is used in the web browser interface and the menu interface.
Page 57: Privilege Levels At Logon
Access Security Guide for your switch.) When you use the CLI to log on to the switch, and passwords are set, you will be prompted to enter a password. For example: Password Prompt Figure 4-1.
Page 58: Privilege Level Operation
A ">" character delimits the Operator-level prompt. For example: ProCurve> _ When using enable to move to the Manager level, the switch prompts you for the Manager password if one has already been configured. 1. Operator Level 2.
Page 59: Manager Privileges
Global Configuration level: Provides all Operator and Manager level privileges, and enables you to make configuration changes to any of the switch’s software features. The prompt for the Global Configuration level includes the system name and "(config)". To select this level, enter the config command at the Manager prompt.
Page 60 Execute context-specific configuration commands, such as a particular VLAN or switch port. This is useful for shortening the command strings you type, and for entering a series of commands for the same context. For a list of available commands, enter ? at...
Page 61: How To Move Between Levels
ProCurve# Moving Between the CLI and the Menu Interface. When moving between interfaces, the switch retains the current privilege level (Manager or Operator). That is, if you are at the Operator level in the menu and select the Command Line Interface (CLI) option from the Main Menu, the CLI prompt appears at the Operator level.
Page 62: Listing Commands And Command Options
If you subsequently execute write memory in the CLI, then the switch also stores “Y” as the IP address for VLAN 1 in the startup-config file. (For more on the startup-config and running config files, see Chapter 6, “Switch Memory and Configuration”.)
Page 63 Typing ? at the Manager level produces this listing: When - - MORE - - appears, use the Space bar or [Return] to list additional commands. Figure 4-4. Example of the Manager-Level Command Listing When - - MORE - - appears, there are more commands in the listing. To list the next set of commands, press the Space bar.
Page 64: Command Option Displays
Using the Command Line Interface (CLI) Using the CLI telnet terminal ProCurve(config)# t As mentioned above, if you type part of a command word and press CLI completes the current word (if you have typed enough of the word for the CLI to distinguish it from other possibilities), including hyphenated exten...
Page 65: Displaying Cli "Help
Help summaries for both the Operator and Manager levels, and so on. Syntax: help For example, to list the Operator-Level commands with their purposes: Using the Command Line Interface (CLI) Using the CLI This example displays the command options for configuring the switch’s console settings. 4-11...
Page 66 Using the Command Line Interface (CLI) Using the CLI Figure 4-6. Example of Context-Sensitive Command-List Help Displaying Help for an Individual Command. You can display Help for any command that is available at the current context level by entering enough of the command string to identify the command, along with help.
Page 67: Configuration Commands And The Context Configuration Modes
Figure 4-8. Example of Help for a Specific Instance of a Command Note that trying to list the help for an individual command from a privilege level that does not include that command results in an error message. For example, trying to list the help for the interface command while at the global configuration level produces this result: ProCurve# interface help Invalid input: interface...
Page 68 Using the Command Line Interface (CLI) Using the CLI ProCurve(eth-C5-C8)#? ProCurve(eth-C5-C8)#? The remaining commands in the listing are Manager, Operator, and context commands. Figure 4-9. Context-Specific Commands Affecting Port Context 4-14 Lists the commands you can use in the port or static trunk context, plus the Manager, Operator, and context commands you can...
Page 69 VLAN, plus Manager and Operator commands. The prompt for this mode includes the VLAN ID of the selected VLAN. For example, if you had already configured a VLAN with an ID of 100 in the switch: ProCurve(config)# vlan 100...
Page 70: Cli Control And Editing
Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing Keystrokes [Ctrl] [A] [Ctrl] [B] [Ctrl] [C] [Ctrl] [D] [Ctrl] [E] [Ctrl] [F] [Ctrl] [K] [Ctrl] [L] [Ctrl] [N] [Ctrl] [P] [Ctrl] [U] [Ctrl] [W] [Esc] [B] [Esc] [D] [Esc] [F] [Delete]...
Page 71: Using The Web Browser Interface
General Features ..........5-3 Starting a Web Browser Interface Session with the Switch ... . 5-4 Using a Standalone Web Browser in a PC or UNIX Workstation .
Page 72: Overview
Using the Web Browser Interface Overview Overview The Web browser interface built into the switch lets you easily access the switch from a browser-based PC on your network. This lets you do the following: Optimize your network uptime by using the Alert Log and other diagnostic ■...
Page 73: General Features
General Features The switch includes these web browser interface features: Switch Configuration: • Ports • VLANs and Primary VLAN • Fault detection • Port monitoring (mirroring) • System information • Enable/Disable Multicast Filtering (IGMP) and Spanning Tree • • Stacking •...
Page 74: Starting A Web Browser Interface Session With The Switch
1. Ensure that the Java information on this topic, refer to your browser’s online Help. 2. Use the web browser to access the switch. If your network includes a Domain Name Server (DNS), your switch’s IP address may have a name associated with it (for example, switch5308) that you can type in the Location or Address field instead of the IP address.
Page 75: Using Procurve Manager (Pcm) Or Procurve Manager Plus (Pcm+)
ProCurve Manager and ProCurve Manager Plus are designed for installation on a network management workstation. For this reason, the system require ments are different from the system requirements for accessing the switch’s web browser interface from a non-management PC or workstation. For ProCurve PCM and PCM+ requirements, refer to the information provided with the software.
Page 76 Starting a Web Browser Interface Session with the Switch Alert Figure 5-1. Example of Status Overview Screen N o t e The above screen appears somewhat different if the switch is configured as a stack Commander. For an example, see figure 2-3 on page 2-5. First-Time Install Alert...
Page 77: Tasks For Your First Web Browser Interface Session
Set access to the web browser interface online help Viewing the “First Time Install” Window When you access the switch’s web browser interface for the first time, the Alert log contains a “First Time Install” alert, as shown in figure 5-2. This gives...
Page 78: Creating Usernames And Passwords In The Browser Interface
Creating Usernames and Passwords in the Browser Interface You may want to create both a username and password to create access security for your switch. There are two levels of access to the interface that can be controlled by setting user names and passwords: ■...
Page 79 Passwords you assign in the web browser interface will overwrite previous passwords assigned in either the web browser interface, the Command Prompt, or the switch console. That is, the most recently assigned passwords are the switch’s passwords, regardless of which interface was used to assign the string.
Page 80: Using The Passwords
The manager and operator passwords are used to control access to all switch interfaces. Once set, you will be prompted to supply the password every time you try to access the switch through any of its interfaces. The password you enter determines the capability you have during that session: Entering the manager password gives you full read/write capabilities ■...
Page 81: Online Help For The Web Browser Interface
The Help Button Figure 5-5. The Help Button Context-sensitive help is provided for the screen you are on. Help can be downloaded onto any local server from: www.hp.com/rnd/device_help/download.htm Instructions are included in the web page. 5-11...
Page 82: Support/Mgmt Urls Feature
3. Enter one of the following (or use the default setting): – The URL for the support information source you want the switch to access when you click on the web browser interface Support tab. The default is the URL for the ProCurve Networking home page.
Page 83: Support Url
Using the Web Browser Interface Support/Mgmt URLs Feature Support URL This is the site that the switch accesses when you click on the Support tab on the web browser interface. The default URL is: www.procurve.com which is the web site for ProCurve’s networking products.
Page 84: Status Reporting Features
Using the Web Browser Interface Status Reporting Features Status Reporting Features Browser elements covered in this section include: The Overview window (below) ■ ■ Port utilization and status (page 5-15) ■ The Alert log (page 5-18) The Status bar (page 5-20) ■...
Page 85: The Port Utilization And Status Displays
The Port Utilization and Status Displays The Port Utilization and Status displays show an overview of the status of the switch and the amount of network activity on each port. The following figure shows a sample reading of the Port Utilization and Port Status.
Page 86 Using the Web Browser Interface Status Reporting Features % Error Pkts Rx: All error packets received by the port. (This indicator ■ is a reddish color on many systems.) Although errors received on a port are not propagated to the rest of the network, a consistently high number of errors on a specific port may indicate a problem on the device or network segment connected to the indicated port.
Page 87: Port Status
Note that the Port Fault-Disabled symbol will be displayed in the legend only if one or more of the ports is in that status. See appendix B, “Monitoring and Analyzing Switch Opera tion” for more information.
Page 88: The Alert Log
The web browser interface Alert Log, shown in the lower half of the screen, shows a list of network occurrences, or alerts, that were detected by the switch. Typical alerts are Broadcast Storm, indicating an excessive number of broadcasts received on a port, and Problem Cable, indicating a faulty cable. For more information on alerts, see “Alert Types and Detailed Views”...
Page 89: Alert Types And Detailed Views
N o t e When troubleshooting the sources of alerts, it may be helpful to check the switch’s Port Status and Port Counter windows and the Event Log in the console interface. By double clicking on Alert Entries, the web browser interface displays a Detail View or separate window detailing information about the events.
Page 90: The Status Bar
Using the Web Browser Interface Status Reporting Features Figure 5-13.Example of Alert Log Detail View The Status Bar The Status Bar is displayed in the upper left corner of the web browser interface screen. Figure 5-14 shows an expanded view of the status bar. Figure 5-14.
Page 91: Setting Fault Detection Policy
Green Normal Activity Yellow Warning Critical System Name. The name you have configured for the switch by using ■ Identity screen, system name command, or the switch console System Information screen. ■ Most Critical Alert Description. A brief description of the earliest, unacknowledged alert with the current highest severity in the Alert Log, appearing in the right portion of the Status Bar.
Page 92 Log Network Problems is High Sensitivity. The Fault Detection settings are: ■ High Sensitivity. This policy directs the switch to send all alerts to the Alert Log. This setting is most effective on networks that have none or few problems.
Page 93 Never. Disables the Alert Log and transmission of alerts (traps) to the ■ management server (in cases where a network management tool such as ProCurve Manager is in use). Use this option when you don’t want to use the Alert Log. The Fault Detection Window also contains three Change Control Buttons: ■...
Page 94 Using the Web Browser Interface Status Reporting Features 5-24...
Page 95: Switch Memory And Configuration
Displaying the Current Flash Image Data ..... . 6-13 Switch Software Downloads ....... . . 6-15 Local Switch Software Replacement and Removal .
Page 96 Switch Memory and Configuration Contents Transferring Startup-Config Files To or From a Remote Server ..6-35 TFTP: Copying a Configuration File to a Remote Host ..6-35 TFTP: Copying a Configuration File from a Remote Host ..6-36 Xmodem: Copying a Configuration File to a Serially Connected Host .
Page 97: Overview
■ How the switch provides software options through primary/secondary flash image options How to use the switch’s primary and secondary flash options, including ■ displaying flash information, booting or restarting the switch, and other topics Overview of Configuration File...
Page 98 Running Config File: Exists in volatile memory and controls switch ■ operation. If no configuration changes have been made in the CLI since the switch was last booted, the running-config file is identical to the startup-config file. ■ Startup-config File: Exists in flash (non-volatile) memory and is used to preserve the most recently-saved configuration as the "permanent"...
Page 99 CLI to the Menu interface without first using write memory to save the change to the startup-config file, then the switch prompts you to save the change. For example, if you use the CLI to create VLAN 20, and then select the menu interface, VLAN 20 is configured in the running-config file, but not in the startup-config file.
Page 100: Using The Cli To Implement Configuration Changes
How To Use the CLI To Reconfigure Switch Features. Use this proce dure to permanently change the switch configuration (that is, to enter a change in the startup-config file). 1. Use the appropriate CLI commands to reconfigure the desired switch parameters.
Page 101 For example, the default port mode setting is auto. Suppose that your network uses Cat 3 wiring and you want to connect the switch to another autosensing device capable of 100 Mbps operation. Because 100 Mbps over Cat 3 wiring...
Page 102 (figure 6-2, above) to save the change to the startup-config file. That is, if you use the CLI to change a parameter setting, but then reboot the switch from either the CLI or the menu interface without first executing the write memory command in the CLI, the current startup-config file will replace the running-config file, and any changes in the running-config file will be lost.
Page 103: Using The Menu And Web Browser Interfaces To Implement Configuration Changes
Interfaces To Implement Configuration Changes The menu and web browser interfaces offer these advantages: Quick, easy menu or window access to a subset of switch configuration ■ features (See the “Menu Features List” on page 3-14 and the web browser “General Features”...
Page 104: Using Save And Cancel In The Menu Interface
Saves your changes to the startup-config file. If you decide not to save and implement the changes in the screen, select Cancel to discard them and continue switch operation with the current oper ation. For example, suppose you have made the changes shown below in the...
Page 105: Rebooting From The Menu Interface
To Reboot the switch, use the Reboot Switch option in the Main Menu. (Note that the Reboot Switch option is not available if you log on in Operator mode, that is, if you enter an Operator password instead of a manager password at the password prompt.)
Page 106: Configuration Changes Using The Web Browser Interface
Rebooting To Activate Configuration Changes. Configuration changes for most parameters become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the Maximum VLANs to support parameter (To access these parameters, go to the Main menu and select 2. Switch Configuration, then 8.
Page 107: Using Primary And Secondary Flash Image Options
For example, you can copy a problem image into Secondary flash for later analysis and place another, proven image in Primary flash to run your system. The switch can use only one image at a time.
Page 108 Switch Memory and Configuration Using Primary and Secondary Flash Image Options For example, if the switch is using a software version of R.01.01 stored in Primary flash, show version produces the following: ProCurve(config)# show version Image stamp: Boot Image: Figure 6-7. Example Showing the Identity of the Current Flash Image Determining Whether the Flash Images Are Different Versions.
Page 109: Switch Software Downloads
In the unlikely event that the primary image is corrupted, as a result of an interruption, the switch will reboot from secondary Using Primary and Secondary Flash Image Options...
Page 110: Local Switch Software Replacement And Removal
In this case, the switch will not have a valid flash image in either flash location, but will continue running on a temporary flash image in RAM. Do not reboot the switch. Instead, immediately download another valid flash image to primary or secondary flash.
Page 111 (secondary or primary). If the switch has only one flash image loaded (in either primary or secondary flash) and you erase that image, then the switch does not have a software image stored in flash.
Page 112: Rebooting The Switch
1. First verify that a usable flash image exists in secondary flash. The most reliable way to ensure this is to reboot the switch from the flash image you want to retain. For example, if you are planning to erase the primary...
Page 113 Syntax: boot For example, to boot the switch from primary flash with pending configuration changes in the running-config file: Figure 6-13. Example of Boot Command (Default Primary Flash) In the above example, typing either a y or n at the second prompt initiates the reboot operation.
Page 114 Boot from secondary flash. Booting from the Current Software Version. Reload reboots the switch from the flash image on which the switch is currently running, and saves to the startup-config file any configuration changes currently in the running config file. Because reload bypasses some subsystem self-tests, the switch reboots faster than if you use either of the boot command options.
Page 115 When entering a reload at or reload after command, a prompt will appear to confirm the command before it can be processed by the switch. For the reload at command, if mm/dd/yy are left blank, the current day is assumed.
Page 116: Operating Notes
In this case, the software simply assigns factory-default values to the parameters controlling the new features. Simi larly, If you create a startup-config file while using a version “Y” of the switch software, and then reboot the switch with an earlier software version “X” that does not include all of the features found in “Y”, the software simply ignores...
Page 117: Multiple Configuration Files
Figure 6-17. Optional Reboot Process While you can still use remote storage for startup-config files, you can now maintain multiple startup-config files on the switch and choose which version to use for a reboot policy or an individual reboot. This choice of which configuration file to use for the startup-config at reboot provides the following new options: ■...
Page 118: General Operation
You can use the startup-config in any of the memory slots. Boot Options. With multiple startup-config files in the switch you can spec ify a policy for the switch to use upon reboot. The options include: ■ Use the designated startup-config file with either or both reboot paths...
Page 119 2. Use the CLI to make configuration changes in the running-config file, and then execute write mem. The result is that the startup-config file used to reboot the switch is modified by the actions in step 2. Active Startup-Config File:...
Page 120: Listing And Displaying Startup-Config Files
Below 6-27 show config files This command displays the available startup-config files on the switch and the current use of each file. id: Identifies the memory slot for each startup-config file available on the switch. act: An asterisk ( ) in this column indicates that the corresponding startup-config file is currently in use.
Page 121: Displaying The Content Of A Specific Startup-Config File
As this example shows, you must reconfigure either the primary or the secondary boot path if you want to boot the switch using the startup-config file in another memory slot. (You can also change the above filenames. Refer to “Renaming an Existing Startup-Config File”...
Page 122 The operator wants to ensure that in case of a need to reboot by pressing the Reset button, or if a power failure occurs, the switch will automatically reboot with the minimal startup-config file in memory slot 1. Since a reboot due to 6-28 startup-default [ primary | secondary ] config <...
Page 123 Reset button or to a power cycle always uses the software version in primary flash, the operator needs to configure the switch to always boot from primary flash with the startup-config file named minconfig (in memory slot 1). Also, whenever the switch boots from secondary flash, the operator also wants the startup-config named newconfig to be used.
Page 124: Managing Startup-Config Files In The Switch
Renaming an Existing Startup-Config File Syntax: Creating a New Startup-Config File The switch allows up to three startup-config files. You can create a new startup-config file if there is an empty memory slot or if you want to replace one startup-config file with another.
Page 125 With two such versions in place, you can easily reboot the switch with the correct startup-config file for either software version. • If the destination startup-config file already exists, it is overwritten by the content of the source startup-config file.
Page 126 Figure 6-21. Example of Creating and Assigning a New Startup-Config File N o t e You can also generate a new startup-config file by booting the switch from a flash memory location from which you have erased the currently assigned startup-config file.
Page 127: Erasing A Startup-Config File
Erasing a Startup-Config File You can erase any of the startup-config files in the switch’s memory slots. In some cases, erasing a file causes the switch to generate a new, default- configuration file for the affected memory slot. Syntax: erase < config < filename >> | startup-config >...
Page 128: Using The Clear + Reset Button Combination To Reset The Switch To Its Default Configuration
Figure 6-22. Example of Erasing a Non-Active Startup-Config File With the same memory configuration as is shown in the bottom portion of figure 6-22, executing erase startup-config boots the switch from primary flash, resulting in a new file named minconfig in the same memory slot. The new file contains the default configuration for the software version currently in pri...
Page 129: Transferring Startup-Config Files To Or From A Remote Server
“TFTP: Copying a Configuration File to a Remote Host” on page A-19. For example, the following command copies a startup-config file named test 01 from the switch to a (UNIX) TFTP server at IP address 10.10.28.14: ProCurve(config)# copy config test-01 tftp 10.10.28.14 test-01.txt unix...
Page 130: Tftp: Copying A Configuration File From A Remote Host
Use this command to download a configuration file from a TFTP server to the switch. Note: This command requires an empty memory slot in the switch. If there are no empty memory slots, the CLI displays the following message: Unable to copy configuration to "< filename >".
Page 131: Xmodem: Copying A Configuration From A Serially
< dest-file > < pc | unix > Use this command to download a configuration file from an Xmodem host to the switch. For more on using Xmodem to copy a file from a serially connected host, refer to “Xmodem: Copying a Configuration File from a Serially Connected PC or Unix Workstation”...
Page 132 Switch Memory and Configuration Multiple Configuration Files 6-38...
Page 133: Interface Access And System Information
Interface Access and System Information Contents Overview ............7-2 Interface Access: Console/Serial Link, Web, and Telnet .
Page 134: Overview
Use the CLI kill command to terminate a remote session ■ ■ View and modify switch system information For help on how to actually use the interfaces built into the switch, refer to: ■ Chapter 2, “Using the Menu Interface” ■...
Page 135: Interface Access: Console/Serial Link, Web, And Telnet
Access Security Guide for your switch. You can also simply block unauthorized access via the web browser interface or Telnet (as described in this section) and install the switch in a locked environment.
Page 136: Menu: Modifying The Interface Access
■ To Access the Interface Access Parameters: From the Main Menu, Select... 2. Switch Configuration... Figure 7-1. The Default Interface Access Parameters Available in the Menu Interface 2. Press 3. Use the arrow keys ([v], [^], [<], [>]) to move to the parameters you want to change.
Page 137: Cli: Modifying The Interface Access
Listing the Current Console/Serial Link Configuration. The following command lists the current interface access parameter settings. Syntax: This example shows the switch’s default console/serial configuration. Interface Access Enable/Disable Console Control Options Figure 7-2. Listing of Show Console Command Reconfigure Inbound Telnet Access.
Page 138 Syntax: N o t e If you change the Baud Rate or Flow Control settings for the switch, you should make the corresponding changes in your console access device. Oth erwise, you may lose connectivity between the switch and your terminal emulator due to differences between the terminal and switch settings for these two parameters.
Page 139 For example, to use one command to configure the switch with the following: ■ VT100 operation ■ 19,200 baud No flow control ■ ■ 10-minute inactivity time ■ Critical log events you would use the following command sequence: Figure 7-3. Example of Executing the Console Command with Multiple Parameters You can also execute a series of console commands and then save the configuration and boot the switch.
Page 140 Interface Access: Console/Serial Link, Web, and Telnet CLI Local Terminal Mode. To enable temporary and non-disruptive changes to the terminal mode without forcing a change in the switch’s terminal mode configuration, use the console local-terminal command. This command dynamically changes only the console session from which it is executed.
Page 141: Denying Interface Access By Terminating Remote
Syntax: kill [<session-number>] For example, if you are using the switch’s serial port for a console session and want to terminate a currently active Telnet session, you would do the follow ing: Figure 7-5.
Page 142: System Information
MAC Age Interval: The number of seconds a MAC address the switch has learned remains in the switch’s address table before being aged out (deleted).
Page 143: Menu: Viewing And Configuring System Information
Menu: Viewing and Configuring System Information To access the system information parameters: From the Main Menu, Select... 2. Switch Configuration... Figure 7-6. The System Information Configuration Screen (Default Values) N o t e To help simplify administration, it is recommended that you configure System Name to a character string that is meaningful within your system.
Page 144: Cli: Viewing And Configuring System Information
Listing the Current System Information. This command lists the current system information settings. Syntax: This example shows the switch’s default console configuration. Figure 7-7. Example of CLI System Information Listing 7-12 below below below page 7-14...
Page 145 Syntax: Both fields allow up to 255 characters. For example, to name the switch “Blue” with “Ext-4474” as the system contact, and “North-Data-Room” as the location: Figure 7-8. System Information Listing After Executing the Preceding Commands Interface Access and System Information hostname <name-string>...
Page 146 Also, executing time without param eters lists the switch’s time of day and date. Note that the CLI uses a 24-hour clock scheme; that is, hour (hh) values from 1 p.m. to midnight are input as 13 - 24, respectively.
Page 147: Web: Configuring System Parameters
Click on System Info. Enter the data you want in the displayed fields. Implement your new data by clicking on Apply Changes. To access the web-based help provided for the switch, click on browser screen. Interface Access and System Information...
Page 148 Interface Access and System Information System Information 7-16...
Page 149: Contents
Web: Configuring IP Addressing ......8-11 How IP Addressing Affects Switch Operation ....8-11 IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads .
Page 150: Configuring Ip Addressing
However, to enable specific management access and control through your network, you will need IP addressing. Table 8-1 on page 8-12 shows the switch features that depend on IP addressing to operate.
Page 151: Ip Configuration
VLANs. The gateway value is the IP address of the next-hop gateway node for the switch, which is used if the requested destina tion address is not on a local subnet/VLAN. If the switch does not have a manually-configured default gateway and DHCP/Bootp is configured on the primary VLAN, then the default gateway value provided by the DHCP or Bootp server will be used.
Page 152: Just Want A Quick Start With Ip Addressing
(64 seconds) is adequate. Just Want a Quick Start with IP Addressing? If you just want to give the switch an IP address so that it can communicate on your network, or if you are not using VLANs, ProCurve recommends that you use the Switch Setup screen to quickly configure IP addressing.
Page 153: Ip Addressing In A Stacking Environment
The IP addressing used in the switch should be compatible with your ■ network. That is, the IP address must be unique and the subnet mask must be appropriate for your IP network. ■ If you change the IP address through either Telnet access or the web browser interface, the connection to the switch will be lost.
Page 154 Figure 8-1. E xample of the IP Service Configuration Screen without Multiple 2. Press 3. If the switch needs to access a router, for example, to reach off-subnet destinations, select the Default Gateway field and enter the IP address of the gateway router.
Page 155: Cli: Configuring Ip Address, Gateway, And Time-To-Live (Ttl)
8-11 Viewing the Current IP Configuration. The following command displays the IP addressing for each VLAN configured in the switch. If only the DEFAULT_VLAN exists, then its IP configuration applies to all ports in the switch. Where multiple VLANs are configured, the IP addressing is listed per VLAN.
Page 156 ID of the VLAN for which you are configuring IP addressing or go to the context configuration level for that VLAN. (If you are not using VLANs on the switch—that is, if the only VLAN is the default VLAN—then the VLAN ID is always “1”.) N o t e The default IP address setting for the DEFAULT_VLAN is DHCP/Bootp.
Page 157 Configure Multiple IP Addresses on a VLAN (Multinetting). You can configure one primary IP address per VLAN and up to seven secondary IP addresses for the same VLAN. That is, the switch enables you to assign up to eight networks to a VLAN.
Page 158 IP address from a VLAN, the next sequential secondary IP address becomes the primary address. If you later re-enter the former primary IP address, the switch configures it as a secondary address. Thus, if you need to change the primary IP address in a subnetted VLAN, you must remove the secondary IP addresses configured for that VLAN before you replace the primary address.
Page 159: Web: Configuring Ip Addressing
Refer to chapter 16, “IP Routing Features”, for more information. Configure Time-To-Live (TTL). Use this command at the Global config prompt to set the time that a packet outbound from the switch can exist on the network. The default setting is 64 seconds. Syntax: ip ttl <number-of-seconds>...
Page 160: Dhcp/Bootp Operation
DHCP/Bootp Operation Overview. DHCP/Bootp is used to provide configuration data from a DHCP or Bootp server to the switch. This data can be the IP address, subnet mask, default gateway, Timep Server address, and TFTP server address. If a TFTP server address is provided, this allows the switch to TFTP a previously saved configuration file from the TFTP server to the switch.
Page 161 If the switch is initially configured for DHCP/Bootp operation (the default), or if it is rebooted with this configuration, it immediately begins sending request packets on the network. If the switch does not receive a reply to its DHCP/Bootp requests, it continues to periodically send request packets, but with decreasing frequency.
Page 162 Bootp Database Record Entries. A minimal entry in the Bootp table file /etc/bootptab to update an IP address and subnet mask to the switch or a VLAN configured in the switch would be similar to this entry:...
Page 163: Network Preparations For Configuring Dhcp/Bootp
T144 N o t e The above Bootp table entry is a sample that will work for the switch when the appropriate addresses and file names are used. Network Preparations for Configuring DHCP/Bootp In its default configuration, the switch is configured for DHCP/Bootp opera...
Page 164: Ip Preserve: Retaining Vlan-1 Ip Addressing Across Configuration
IP Preserve enables you to copy a configuration file to multiple switches that use the same operating-system software while retaining the individual IP address and subnet mask on VLAN 1 in each switch, and the Gateway IP address assigned to the switch. This enables you to distribute the same configuration file to multiple switches without overwriting their individual IP addresses.
Page 165 Entering "ip preserve" in the last line of a configuration file implements IP Preserve when the file is downloaded to the switch and the switch reboots. Figure 8-6. Example of Implementing IP Preserve in a Switch Configuration File For example, consider Figure 8-7: TFTP Server config.
Page 166 Figure 8-8. Configuration File in TFTP Server, with DHCP/Bootp Specified as the IP Addressing Source If you apply this configuration file to figure 8-7, switches 1 - 3 will still retain their manually assigned IP addressing. However, switch 4 will be configured with the IP addressing included in the file.
Page 167 IP addressing instructions are in the configuration file. ■ If the switch did not receive its most recent VLAN 1 IP addressing from a DHCP/Bootp server, it retains its current IP addressing when it downloads the configuration file.
Page 168 Configuring IP Addressing IP Preserve: Retaining VLAN-1 IP Addressing Across Configuration File Downloads 8-20...
Page 169: Contents
Time Protocol Operation ......... 9-3 General Steps for Running a Time Protocol on the Switch ..9-3 Disabling Time Synchronization .
Page 170: Time Protocols
TimeP, with the TimeP mode itself set to TimeP Time Synchronization You can either manually assign the switch to use a TimeP server or use DHCP to assign the TimeP server. In either case, the switch can get its time synchro...
Page 171: Overview: Selecting A Time Synchronization Protocol Or Turning Off Time Protocol Operation
Poll Interval expires three consecutive times without an update received from the first-detected server. Note To use Broadcast mode, the switch and the SNTP server must be in the same subnet. Unicast Mode: The switch requests a time update from the config...
Page 172: Disabling Time Synchronization
SNTP: Viewing, Selecting, and Configuring Note that simply selecting a time synchronization protocol does not enable that protocol on the switch unless you also enable the protocol itself (step 2, above). For example, in the factory-default configuration, TimeP is the selected time synchronization method.
Page 173: Menu: Viewing And Configuring Sntp
The Default. SNTP does not operate, even if specified by the Menu interface Time Sync Method parameter or the CLI timesync command. Unicast Directs the switch to poll a specific server for SNTP time synchronization. Requires at least one server address. Broadcast Directs the switch to acquire its time synchronization from data broadcast by any SNTP server to the network broadcast address.
Page 174 Time Protocols SNTP: Viewing, Selecting, and Configuring Figure 9-1. The System Information Screen (Default Values) 2. Press 3. Use [v] to move the cursor to the 4. Use the Space bar to select to the 5. Do one of the following: •...
Page 175 Enter the IP address of the SNTP server you want the switch to use for time synchronization. Note: This step replaces any previously configured server IP address. If you will be using backup SNTP servers (requires use of the CLI), then “SNTP Unicast Time Polling with Multiple SNTP Servers”...
Page 176: Cli: Viewing And Configuring Sntp
None) and the SNTP configuration, even if SNTP is not the selected time protocol. Syntax: For example, if you configured the switch with SNTP as the time synchroni zation method, then enabled SNTP in broadcast mode with the default poll interval, Figure 9-2.
Page 177: Configuring (Enabling Or Disabling) The Sntp Mode
Configuring (Enabling or Disabling) the SNTP Mode Enabling the SNTP mode means to configure it for either broadcast or unicast mode. Remember that to run SNTP as the switch’s time synchronization protocol, you must also select SNTP as the time synchronization method by using the CLI parameter).
Page 178 SNTP. However, for Unicast operation, you must also specify the IP address of at least one SNTP server. The switch allows up to three unicast servers. You can use the Menu interface or the CLI to configure one server or to replace an existing Unicast server with another.
Page 179 N o t e Deleting an SNTP server when only one is configured disables SNTP unicast operation. For example, to select SNTP and configure it with unicast mode and an SNTP server at 10.28.227.141 with the default server version (3) and default poll interval (720 seconds): ProCurve(config)# timesync sntp ProCurve(config)# sntp unicast...
Page 180 Configuration. The recommended method for disabling time synchroniza tion is to use the configuration. Syntax: For example, suppose SNTP is running as the switch’s time synchronization protocol, with interval. You would halt time synchronization with this command: ProCurve(config)# no timesync...
Page 181 SNTP mode as disabled. Syntax: For example, if the switch is running SNTP in Unicast mode with an SNTP server at 10.28.227.141 and a server version of 3 (the default), the SNTP configuration as shown below, and disables time synchronization on the switch.
Page 182: Timep: Viewing, Selecting, And Configuring
IP address via DHCP. If the switch receives a server address, it polls the server for updates according to the Timep poll interval. If the switch does not receive a Timep server IP address, it cannot perform time synchronization updates.
Page 183: Menu: Viewing And Configuring Timep
Menu: Viewing and Configuring TimeP To View, Enable, and Modify the TimeP Protocol: 1. From the Main Menu, select: 2. Switch Configuration... Figure 9-9. The System Information Screen (Default Values) 2. Press 3. Use [v] to move the cursor to the 4. If...
Page 184: Cli: Viewing And Configuring Timep
Use the Space bar to select the i. Press [>] to move the cursor to the ii. Enter the IP address of the TimeP server you want the switch to use for time synchronization. Note: This step replaces any previously configured TimeP server IP address.
Page 185: Viewing The Current Timep Configuration
None) and the TimeP configuration, even if SNTP is not the selected time protocol. Syntax: For example, if you configure the switch with TimeP as the time synchroniza tion method, then enable TimeP in DHCP mode with the default poll interval, show timep Figure 9-10.
Page 186: Configuring (Enabling Or Disabling) The Timep Mode
Configuring (Enabling or Disabling) the TimeP Mode Enabling the TimeP mode means to configure it for either broadcast or unicast mode. Remember that to run TimeP as the switch’s time synchronization protocol, you must also select TimeP as the time synchronization method by using the CLI timesync command (or the Menu interface parameter).
Page 187 Enabling Timep in Manual Mode. Like DHCP mode, configuring TimeP for Manual mode enables TimeP. However, for manual operation, you must also specify the IP address of the TimeP server. (The switch allows only one TimeP server.) To enable the TimeP protocol: Syntax:...
Page 188 Figure 9-13. Example of Configuring Timep for Manual Operation Changing the TimeP Poll Interval. This command lets you specify how long the switch waits between time polling intervals. The default is 720 minutes and the range is 1 to 9999 minutes. (This parameter is separate from the poll interval parameter used for SNTP operation.)
Page 189: Sntp Unicast Time Polling With Multiple Sntp Servers
Server Address parameter in the menu interface, or the primary server in a list of up to three SNTP servers configured using the CLI. If the switch does not receive a response from the primary server after three consecutive polling intervals, the switch tries the next server (if any) in the list.
Page 190: Adding And Deleting Sntp Server Addresses
Figure 9-16. Example of SNTP Server Address Prioritization N o t e If there are already three SNTP server addresses configured on the switch, and you want to use the CLI to replace one of the existing addresses with a new one, you must delete the unwanted address before you configure the new one.
Page 191: Menu Interface Operation With Multiple Sntp Server Addresses
Same Tertiary (This address still has the highest decimal value.) SNTP Messages in the Event Log If an SNTP time change of more than three seconds occurs, the switch’s event log records the change. SNTP time changes of less than three seconds do not appear in the Event Log.
Page 192 Time Protocols SNTP Messages in the Event Log 9-24...
Page 193: Port Status And Basic Configuration
Port Status and Basic Configuration Contents Overview ........... . . 10-3 Viewing Port Status and Configuring Port Parameters .
Page 194 Port Status and Basic Configuration Contents Configuring and Viewing Port-Based Priority ....10-31 Messages Related to Prioritization ......10-32 Troubleshooting Prioritization .
Page 195: Overview
Feature viewing port status configuring ports Note On Connecting If the switch either fails to show a link between an installed transceiver and Transceivers to another device, or demonstrates errors or other unexpected behavior on the Fixed-Configuration link, check the port configuration on both devices for a speed and/or duplex Devices (mode) mismatch.
Page 196 IEEE 802.3u “Auto Negotiation” standard for 100Base-T networks. If the other device does not comply with the 802.3u standard, or is not set to Auto, then the port configuration on the switch must be manually set to match the port configuration on the other device.
Page 197 • Auto (default): Senses speed and negotiates with the port at the other end of the link for port operation (MDI-X or MDI). To see what the switch negotiates for the Auto setting, use the CLI show interfaces brief command or the “ 3. Port Status” option under “1. Status and Counters” in the menu interface.
Page 198: Menu: Viewing Port Status And Configuring Port Parameters
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters Status or Description Parameter Group Menu Interface: Specifies the static trunk group, if any, to which a port belongs. (menu) show lacp CLI: Appears in the Trunk Group Note: An LACP trunk requires a full-duplex link.
Page 199 The menu interface uses the same screen for configuring both individual ports and port trunk groups. For information on port trunk groups, see Chapter 12, “Port Trunking” . From the Main Menu, Select: 2. Switch Configuration... Viewing Port Status and Configuring Port Parameters Enabled Status...
Page 200: Cli: Viewing Port Status And Configuring Port Parameters
Using the CLI To View Port Status Use the following commands to display port status and configuration: show interfaces brief: Lists the full status and configuration for all ports ■ on the switch. 10-8 below page 10-9 page 10-10...
Page 201 Lists a subset of the data shown by the show ■ interfaces command (above); that is, only the enabled/disabled, mode, and flow control status for all ports on the switch. Syntax: show interfaces [ brief | config ] Table 10-2. Comparing the "Show Interfaces” Command Options*...
Page 202: Displaying Spanning Tree Configuration Details
Port Status and Basic Configuration Viewing Port Status and Configuring Port Parameters Displaying Spanning Tree Configuration Details To view detailed statistics on spanning tree operation for different ports, use the show spanning-tree command. Syntax: show spanning-tree <port-list> detail You can also use this command to view spanning tree parameters on a static trunk (see page 12-7).
Page 203: Using The Cli To Configure A Broadcast Limit
Syntax: broadcast-limit < 0 . . 99 > For example, to configure a broadcast limit of 20% for all ports on the switch: ProCurve(config)# int 5-6 broadcast-limit 20 Command will take effect after saving configuration and reboot...
Page 204: Configuring Auto-Mdix
MDI port. If you connect a copper port using a straight-through cable to a port on ■ an end node, such as a server or PC, that uses MDI ports, the switch port automatically operates as an MDI-X port. 10-12 Displays the startup-config file.
Page 205: Manual Auto-Mdix Override
For more information on MDI-X, refer to the appendix titled “Switch Ports and Network Cables” in the Installation and Getting Started Guide for your switch. Manual Auto-MDIX Override If you require control over the MDI/MDI-X feature you can set the switch to either of two non-default modes: ■ Manual MDI Manual MDI-X ■...
Page 206 MDI mode the port was using. If a port on a given switch has not detected a link to another device since the last reboot, this command lists the MDI mode to which the port is currently configured.
Page 207: Viewing Transceiver Status
1. Copper ports in auto-negotiation still default to auto-mdix mode. 2. Copper ports in forced speed/duplex default to mdix mode. The default is auto-mdix. If the switch is reset to the factory defaults, these ports are configured as auto-mdix. Use the following CLI command to change the setting for individual ports: interface <...
Page 208 Part number—Allows you to determine the manufacturer for a spec ified transceiver and revision number. Check: www.hp.com/rnd/device_help/2_inform for more info. | Part # | 2157-2345...
Page 209: Web: Viewing Port Status And Configuring Port Parameters
The Maximum Transmission Unit (MTU) is the maximum size IP frame the switch can receive for Layer 2 frames inbound on a port. The switch drops any inbound frames larger than the MTU allowed on the port. On ports operating at 10 Mbps or 100 Mbps, the MTU is fixed at 1522 bytes.
Page 210: Terminology
MTU (Maximum Transmission Unit): This is the maximum-size IP frame the switch can receive for Layer 2 frames inbound on a port. The switch allows jumbo frames of up to 9220 bytes. Standard MTU: An IP frame of 1522 bytes in size. (This size includes 4 bytes for the VLAN tag.)
Page 211: Configuring Jumbo Frame Operation
VLANs. For example, if VLAN 10 (without jumbos enabled) and VLAN 20 (with jumbos enabled) are both configured on a switch, and port 1 belongs to both VLANs, then port 1 can receive jumbo traffic from devices on either VLAN. For a method to allow only some ports in a VLAN to receive jumbo traffic, refer to “Operating Notes for...
Page 212: Viewing The Current Jumbo Configuration
Figure 10-9. Example Listing of Static VLANs To Show Jumbo Status Per VLAN Syntax: show vlans ports < port-list > 10-20 Lists the static VLANs configured on the switch and includes a Jumbo column to indicate which VLANs are configured to support inbound jumbo traffic. All ports belonging to a jumbo-enabled VLAN can receive jumbo traffic.
Page 213 Figure 10-10. Example of Listing the VLAN Memberships for a Range of Ports Syntax: show vlans < vid > This command shows port membership and jumbo configuration for the specified < vid >. Figure 10-11. Example of Listing the Port Membership and Jumbo Status for a VLAN Port Status and Basic Configuration Jumbo Frames...
Page 214: Enabling Or Disabling Jumbo Traffic On A Vlan
VLAN can receive incoming frames of up to 1522 bytes in length. When the switch applies the jumbo MTU (9220 bytes) to a VLAN, all ports in that VLAN can receive incoming frames of up to 9220 bytes in length.
Page 215 A solution is to create a third VLAN with the sole purpose of enabling jumbo traffic on the desired ports, while leaving the other ports on the switch disabled for jumbo traffic. That is: VLAN 100...
Page 216: Troubleshooting
< port-list > A non-jumbo port is generating “Excessive undersize/giant frames” messages in the Event Log. The switch can transmit outbound jumbo traf fic on any port, regardless of whether the port belongs to a jumbo VLAN. In...
Page 217: Qos Passthrough Mode
“high” priority queue. ■ Any 802.1p tagging on a received packet, or any tag added to a received packet by the switch via its QoS configuration, will be preserved as it is transmitted from the switch. Port Status and Basic Configuration...
Page 218: Priority Mapping With And Without Qos Passthrough Mode
Note As stated earlier, use of this QoS-Passthrough-Mode feature generally assumes that QoS tagged frames are not being sent through the switch. The receipt of priority 6 or 7 packets may in fact suffer packet drops depending on the traffic load of non-priority 6 or 7 packets.
Page 219 ProCurve(config)# write memory ProCurve(config)# reload This command can be enabled and disabled only from the switch's CLI. QoS Passthrough Mode cannot be enabled or disabled through either the switch's menu or web browser interfaces. Once enabled, this feature adds qos-passthrough-mode to the switch’s startup...
Page 220: Configuring Port-Based Priority For Incoming Packets
Traffic received in tagged VLAN packets carries a specific 802.1p priority level (0 - 7) that the switch recognizes and uses to assign packet priority at the outbound port. With the default port-based priority, the switch handles traffic received in untagged packets as “Normal”...
Page 221: Outbound Port Queues And Packet Priority Settings
If the outbound port is not configured as a tagged member of the VLAN, then the tag is stripped from the packet, which then exits from the switch without a priority setting. Outbound Port Queues and Packet Priority Settings...
Page 222: Operating Rules For Port-Based Priority
An untagged packet coming into the switch on port A10 and leaving the switch through any other port configured as a tagged VLAN member would leave the switch as a tagged packet with a priority level of 1. A tagged packet with an 802.1p priority setting of 0 (zero) coming into the ■...
Page 223: Configuring And Viewing Port-Based Priority
Settings to Device Queues” on page 10-29.) ■ If a packet leaves the switch through an outbound port configured as an untagged member of the packet’s VLAN, then the packet leaves the switch without a VLAN tag and thus without an 802.1p priority setting.
Page 224: Messages Related To Prioritization
Port Status and Basic Configuration Configuring Port-Based Priority for Incoming Packets For example, suppose you wanted to configure ports A10 -A12 on the switch to prioritize all untagged, inbound VLAN traffic as “Low” (priority level = 1; refer to table 10-3 on page 10-29).
Page 225: Using Friendly (Optional) Port Names
■ At either the global or context configuration level you can assign a unique name to any port on the switch. You can also assign the same name to multiple ports. The friendly port names you configure appear in the output of the show ■...
Page 226: Configuring Friendly Port Names
Syntax: interface <port-list> name <port-name-string> Configuring a Single Port Name. Suppose that you have connected port A3 on the switch to Bill Smith’s workstation, and want to assign Bill’s name and workstation IP address (10.25.101.73) as a port name for port A3: Figure 10-15.
Page 227: Displaying Friendly Port Names With Other Port Data
[port-list] Lists the friendly port name with its corresponding port number and port type. The show name command alone lists this data for all ports on the switch. Port Status and Basic Configuration Using Friendly (Optional) Port Names...
Page 228 Using Friendly (Optional) Port Names For example: Figure 10-17. Example of Friendly Port Name Data for All Ports on the Switch Figure 10-18. Example of Friendly Port Name Data for Specific Ports on the Switch Including Friendly Port Names in Per-Port Statistics Listings. A friendly port name configured to a port is automatically included when you display the port’s statistics output.
Page 229 Figure 10-19. Example of a Friendly Port Name in a Per-Port Statistics Listing For a given port, if a friendly port name does not exist in the running-config file, the Name line in the above command output appears as: Name not assigned To Search the Configuration for Ports with Friendly Port Names.
Page 230 Port Status and Basic Configuration Using Friendly (Optional) Port Names For example, if you configure port A1 with a friendly port name: Figure 10-20. Example Listing of the Startup-Config File with a Friendly Port Name Configured (and Saved) 10-38 This command sequence saves the friendly port name for port A1 in the startup...
Page 231: Uni-Directional Link Detection (Udld)
ProCurve switches remains undetected. As a result, each switch continue to send traffic on the ports connected to the failed link. When UDLD is enabled on the trunk ports on each ProCurve switch, the switches detect the failed link, block the ports connected to the failed link, and use the remaining ports in the trunk group to forward the traffic.
Page 232: Configuring Udld
UDLD-enabled port. When a port is blocked by UDLD, the event is recorded in the switch log or via an SNMP trap (if configured); and other port blocking protocols, like spanning tree or meshing, will not use the bad link to load balance packets.
Page 233: Enabling Udld
The following commands allow you to configure UDLD via the CLI. Syntax: [no] interface <port-list> link-keepalive Enables UDLD on a port or range of ports. To disable the feature, enter the no form of the command. Default: UDLD disabled Syntax: link-keepalive interval <interval> Determines the time interval to send UDLD control packets.
Page 234: Changing The Keepalive Interval
Uni-Directional Link Detection (UDLD) N o t e When at least one port is UDLD-enabled, the switch will forward out UDLD packets that arrive on non-UDLD-configured ports out of all other non-UDLD configured ports in the same vlan. That is, UDLD control packets will “pass through”...
Page 235: Viewing Udld Information
Syntax: clear link-keepalive statistics Displays all the ports that are enabled for link-keepalive. Displays detailed statistics for the UDLD-enabled ports on the switch. Clears UDLD statistics. This command clears the packets sent, packets received, and transitions counters in the show link...
Page 236 Figure 10-22. Example of Show Link-Keepalive Command 10-44 Keepalive Interval: 1 sec Keepalive Adjacent Status Switch 00d9d-f9b700 01560-7b1600 off-line failure Port 4 is connected, but is blocked off-line due to a link-keepalive failure Port 5 has been disabled by the System Administrator.
Page 237 To display detailed UDLD information for specific ports, enter the show link keepalive statistics command. For example: ProCurve(config)# show link-keepalive statistics Port: Current State: Udld Packets Sent: Udld Packets Received: 1000 Port Blocking: Port: Current State: Udld Packets Sent: Udld Packets Received: 450 Port Blocking: Port: Current State:...
Page 238: Configuration Warnings And Event Log Messages
VLAN configuration. Note: If you are configuring the switch via SNMP with the same problematic VLAN configuration choices, the above warning messages will also be logged in the switch’s event log. Event Log Messages. The following table shows the event log messages that may be generated once UDLD has been enabled on a port.
Page 239: Power Over Ethernet (Poe) Operation
Viewing PoE Configuration and Status ......11-10 Displaying the Switch’s Global PoE Power Status ....11-10 Displaying an Overview of PoE Status on All Ports .
Page 240: Overview
The switches provision their 10/100Base-TX ports with power for PoE applications compatible with the IEEE 802.3af standard. The PoE ports on your switch support both standard networking links and PoE links. Thus, you can connect either a non-PoE device or a powered device (PD) to a PoE-enabled port without reconfiguring the port.
Page 241: Related Publications
PoE ports on a switch. See also “RPS” below. Maintenance Power Signature; the signal a PD sends to the switch to indicate that the PD is connected and requires power. Refer to Figure 11-4 on page 14.
Page 242: Power Availability And Provisioning
PoE power to support the PD’s operation. Unneeded power becomes available for supporting other PD connections. Thus, while 15.4 watts must be available for the switch to begin supplying power to a port with a PD connected, 15.4 watts per port is not continually required if the connected PD requires less power.
Page 243: Power Priority
However, if the PD power demand oversubscribes the available power, then the switch prioritizes the power allocation to the ports that present a PD power demand. This causes the switch to remove power from one or more lower-priority ports to meet the power demand on other, higher-priority ports.
Page 244 Power Over Ethernet (PoE) Operation Power Availability and Provisioning Port Priority Configuration Command Setting 9 - 12 High This priority class receives power only if all PDs on ports with a Critical priority setting are receiving full power. If there is not enough power to provision PDs on all ports with a High priority, then no power goes to ports with a Low priority.
Page 245: Configuring Poe Operation
Configuring PoE Operation By default, PoE support is enabled on the switch’s 10/100Base-TX ports, with the power priority set to Low and the power threshold set to 80 (%). The following commands allow you to adjust these settings. Syntax: power threshold < 1 - 99 >...
Page 246: Cycling Power On A Port
Cycling Power on a Port Simply disabling a PoE port does not affect power delivery through that port. To cycle the power on a PD receiving power from a PoE port on the switch, disable, then re-enable the power to that port.
Page 247: Poe For Pre-802.3Af-Standard Pds
(non-standard) IP phones. Note When the switch is in legacy detection mode, the detection signature range is expanded beyond the IEEE specification. This allows non-compliant devices to be powered.
Page 248 Power Over Ethernet (PoE) Operation Configuring PoE Operation For information on the meaning of other power status parameters, refer to “Viewing PoE Configuration and Status” on page 11-11. 11-10...
Page 249: Viewing Poe Configuration And Status
• Power In Use: Lists the amount of PoE power presently in use. • Operational Status: Indicates whether PoE power is available on the switch. (Default: On ; shows Off if PoE power is not available. Shows Faulty if internal or external PoE power is oversubscribed or faulty.)
Page 250: Displaying An Overview Of Poe Status On All Ports
– Disabled: PoE support is disabled on the port. To re-enable, refer to “Configuring PoE Operation” on page 11-7. – Fault: The switch detects a problem with the connected PD. • Power Class: Shows the 802.3af power class of the PD detected on the indicated port (as configured by the user on the PD device).
Page 251: Displaying The Poe Status On Specific Ports
PoE support, refer to “Configuring PoE Operation” on page 11-7. – Fault: The switch detects a problem with the connected PD. • Over Current Cnt: Shows the number of times a connected PD has attempted to draw more than 15.4 watts. Each occurrence generates an Event Log message.
Page 252: Planning And Implementing A Poe Configuration
VLAN reserved for telephone traffic. Applying Security Features to PoE Configurations You can utilize security features built into the switch to control device or user access to the network through PoE ports in the same way as non-PoE ports.
Page 253: Poe Event Log Messages
MAC Address Security: Using Port Security, you can configure each ■ switch port with a unique list of up to eight MAC addresses for devices that are authorized to access the network through that port. For more information, refer to the chapter titled “Configuring and Monitoring Port Security”...
Page 254 Ext Power Supply failure: < fault-type > Failures: 11-16 Indicates that POE usage in the switch or indicated slot (if the switch includes module slots) has decreased below the threshold specified by the last execution of the global power threshold <1 - 99>...
Page 255 < 1 - 99 > command. (Note that the switch also generates an SNMP trap for this event.) Port <...
Page 256 Power Over Ethernet (PoE) Operation PoE Event Log Messages 11-18...
Page 257: Contents
Trunk Group Operation Using the “Trunk” Option ....12-21 How the Switch Lists Trunk Data ......12-21 Outbound Traffic Distribution Across Trunked Links .
Page 258: Port Trunking
Port Trunking Support Ports per trunk (maximum) Trunks per switch (maximum) A trunk group is a set of ports configured as members of the same port trunk. Note that the ports in a trunk group do not have to be consecutive. For...
Page 259: Port Connections And Configuration
LACP (IEEE 802.3ad—page 12-15) Trunk (non-protocol—page 12-21) ■ The ProCurve 2610-24 switch supports twelve trunk groups of up to eight ports each. The ProCurve 2610-48 supports twenty-four trunk groups of up to eight ports each. (Using the Link Aggregation Control Protocol—LACP—option, you can include standby trunked ports in addition to the maximum of four actively trunking ports.)
Page 260: Trunk Configuration Methods
LACP also operates with Auto-10, Auto-100, and Auto-1000 (if negotia tion selects FDx); 10FDx, 100FDx, and 1000FDx settings. Fault Tolerance: If a link in a port trunk fails, the switch redistributes traffic originally destined for that link to the remaining links in the trunk. The trunk remains operable as long as there is at least one link in operation.
Page 261 – You are unsure which type of trunk to use, or the device to which you want to create a trunk link is using an unknown trunking protocol. – You want to use a monitor port on the switch to monitor traffic on a trunk. Refer to “Trunk Group Operation Using the “Trunk” Option” on page 12-21.
Page 262 Table 12-3. General Operating Rules for Port Trunks Media: All ports on both ends of a trunk group must have the same media type and mode (speed and duplex). The switch blocks any trunked links that do not conform to this rule. (For the switches covered in this guide, ProCurve recommends...
Page 263 IP Multicast Protocol (IGMP): A static trunk of any type appears in the IGMP configuration display, and you can configure IGMP for a static trunk in the same way that you would configure IGMP on a non-trunked port. (Note that the switch lists the trunk by name—such as Trk1—and does not list the individual ports in the trunk.) Also, creating a new trunk...
Page 264: Menu: Viewing And Configuring A Static Trunk Group
Important Configure port trunking before you connect the trunked links to another switch, routing switch, or server. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured. See “Using the CLI To Configure Ports”...
Page 265 – Trunk (the default type if you do not specify a type) All ports in the same trunk group on the same switch must have the same Type (LACP or Trunk). 7. When you are finished assigning ports to the trunk group, press [Enter], then [S] (for Save) and return to the Main Menu.
Page 266: Cli: Viewing And Configuring A Static Or Dynamic
Using the CLI To View Port Trunks You can list the trunk type and group for all ports on the switch or for selected ports. You can also list LACP-only status information for LACP-configured ports. Listing Static Trunk Type and Group for All Ports or Selected Ports.
Page 267 Using a port list specifies, for switch ports in a static trunk group, only the ports you want to view. In this case, the command specifies ports A5 through A7. However, because port A6 is not in a static trunk group, it does not appear...
Page 268: Using The Cli To Configure A Static Or Dynamic Trunk Group
Port Trunking Port Status and Configuration Listing Static LACP and Dynamic LACP Trunk Data. This command lists data for only the LACP-configured ports. Syntax: In the following example, ports A1 and A2 have been previously configured for a static LACP trunk. (For more on “Active”, see table 12-5 on page 12-18.) Figure 12-6.
Page 269 On the 2610-24 switch you can configure up to twelve port trunk groups having up to eight links each (with additional standby links if you’re using dynamic LACP). On the 2610-48 switch you can configure up to twenty-four port trunk groups having up to eight links each.
Page 270 Enabling a Dynamic LACP Trunk Group. In the default port configura tion, all ports on the switch are set to LACP Passive. However, to enable the switch to automatically form a trunk group that is dynamic on both ends of the link, the ports on one end of a set of links must be LACP Active.
Page 271: Web: Viewing Existing Port Trunk Groups
Click on the Status tab. Click on Port Status. Trunk Group Operation Using LACP The switch can automatically configure a dynamic LACP trunk group or you can manually configure a static LACP trunk group. N o t e LACP requires full-duplex (FDx) links of the same media type (10/100Base-T, 100FX, etc.) and the same speed, and enforces speed and duplex conformance...
Page 272 Port Trunking Port Status and Configuration LACP trunk status commands include: Trunk Display Method show lacp show trunk Port/Trunk Settings screen in menu interface Thus, to display a listing of dynamic LACP trunk ports, you must use the show lacp command. N o t e Dynamic LACP trunks operate only in the default VLAN (unless GVRP is enabled and Forbid is used to prevent the trunked ports from joining the default...
Page 273 Standby Links: A maximum of eight operating links are allowed in the trunk, but, with dynamic LACP, you can configure one or more backup links that the switch automatically activates if a primary link fails. To configure a link as a standby for an existing dynamic LACP trunk, ensure that the ports in the standby link are configured the same as either of the above examples.
Page 274: Default Port Operation
Standby: The port is configured for dynamic LACP trunking to another device, but the maximum number of ports for the Dynamic trunk to that device has already been reached on either the switch itself or the other device. This port will remain in reserve, or “standby” unless LACP detects that another, active link in the trunk has become disabled, blocked, or down.
Page 275: Lacp Notes And Restrictions
Meaning LACP Partner Yes: LACP is enabled on both ends of the link. No: LACP is enabled on the switch, but either LACP is not enabled or the link has not been detected on the opposite device. LACP Status Success: LACP is enabled on the port, detects and synchronizes with a device on the other end of the link, and can move traffic across the link.
Page 276 Trunk Group” on page 12-12.) VLANs and Dynamic LACP. A dynamic LACP trunk operates only in the default VLAN (unless you have enabled GVRP on the switch and use Forbid to prevent the ports from joining the default VLAN). ■...
Page 277: Trunk Group Operation Using The "Trunk" Option
If a port is already a member of a static or dynamic LACP trunk, you cannot configure it to HDx. If a port is already set to HDx, the switch does not allow you to configure ■ it for a static or dynamic LACP trunk.
Page 278: Outbound Traffic Distribution Across Trunked Links
Likewise, the switch distributes traffic for the same destination address but from different source addresses through different links.
Page 279 Broadcasts, multicasts, and floods from different source addresses are dis tributed evenly across the links. As links are added or deleted, the switch redistributes traffic across the trunk group. For example, in figure 12-9 show ing a three-port trunk, traffic could be assigned as shown in table 12-6.
Page 280 Port Trunking Port Status and Configuration 12-24...
Page 281: Configuring For Network Management Applications
Trunk Group Operation Using the “Trunk” Option ....12-21 How the Switch Lists Trunk Data ......12-21 Outbound Traffic Distribution Across Trunked Links .
Page 282 LLDP Configuration Options ....... . 13-31 Options for Reading LLDP Information Collected by the Switch . . 13-34 LLDP Standards Compatibility .
Page 283: Using Snmp Tools To Manage The Switch
If you use the switch’s Authorized IP Managers and Management VLAN features, ensure that the SNMP management station and/or the choice of switch port used for SNMP access to the switch are compatible with the access controls enforced by these features. Otherwise, SNMP access to the switch will be blocked.
Page 284: Snmp Management Features
In some networks, authorized IP manager addresses are not used. In this case, all management stations using the correct community name may access the switch with the View and Access levels that have been set for that community. 13-4 Version 1 traps RMON www.procurve.com...
Page 285: Configuring For Snmp Version 3 Access To The Switch
User and community name may access the switch with the View and Access levels that have been set for that community. If you want to restrict access to one or more specific nodes, you can use the switch’s IP Authorized Manager feature.
Page 286: Snmp Version 3 Commands
SNMP trap generation, and threshold setting). Syntax: [no] snmpv3 enable 13-6 Enable and disable the switch for access from SNMPv3 agents. This includes the creation of the initial user record. [no] snmpv3 only Enables or disables restrictions to access from only SNMPv3 agents.
Page 287: Snmpv3 Enable
SNMPv3 Enable The snmpv3 enable command starts a dialog that performs three functions: enabling the switch to receive SNMPv3 messages, configuring the initial users, and, optionally, to restrict non version-3 messages to “read only”. Figure 13-1 shows and example of this dialog.
Page 288: Snmp Version 3 Users
Using SNMP Tools To Manage the Switch SNMP Version 3 Users The second step to using SNMPv3 on the switch is to configure the users that you assign to different groups. To establish users on the switch: b. Assign users to Security Groups based on their security model.
Page 289 A SNMPv3 access Group should only use the ver3 security model. Authentication is set to Md5 and the password is authpass Using SNMP Tools To Manage the Switch snmpv3 user Add user Network Admin with no Authentication or Privacy...
Page 290 Adding a user without authentication and/or privacy to a group that requires it will cause the user to not be able to access the switch. You should only add users to the group that is appropriate for their security parameters...
Page 291: Group Access Levels
N o t e All access groups and views are predefined on the switch. There is no method to modify or add groups or views to those that are pre-defined on the switch. Configuring for Network Management Applications Using SNMP Tools To Manage the Switch...
Page 292: Snmp Communities
SNMP Communities SNMP commuities are supported by the switch to allow management application that use version 2c or version 1 to access the switch. The communities are mapped to Group Access Levels that are used for version 2c or version 1 support. For more information see “Group Access Levels” on page 13-11.
Page 293 SNMP communities, each with either an operator-level or a manager- level view, and either restricted or unrestricted write access. Using SNMP requires that the switch have an IP address and subnet mask compatible with your network. Configuring for Network Management Applications...
Page 294: Menu: Viewing And Configuring Non-Snmp Version 3 Communities
Deleting or changing the community named “public” prevents network management applications (such as auto-discovery, traffic monitoring, SNMP trap generation, and threshold setting) from operating in the switch. (Changing or deleting the “public” name also generates an Event Log message.) If security for network management is a concern, it is recommended that you change the write access for the “public”...
Page 295 [Tab] key to move from one field to the next.) 4. Press [Enter], then [S] (for Save). Configuring for Network Management Applications Using SNMP Tools To Manage the Switch Type the value for this field. Use the Space bar to select...
Page 296: Cli: Viewing And Configuring Snmp Community Names
— see “SNMP Notification and Traps” on page 13-18). Syntax: This example lists the data for all communities in a switch; that is, both the default ProCurve "public" community name and another community named "blue-team".
Page 297 Configures a new community name. If you do not also specify operator or manager, the switch automatically assigns the community to the operator MIB view. If you do not specify restricted or unrestricted, the switch automatically assigns the community to restricted (read-only) access. The no form uses only the <community-name >...
Page 298: Snmp Notification And Traps
Configuring for Network Management Applications Using SNMP Tools To Manage the Switch SNMP Notification and Traps The switches covered in this guide support the SNMPv3 notification process. They also support version 1or version 2c traps. For more information on version 1 or version 2c traps, see “Trap Features” on page 13-20. The SNMPv3 notification process allows for the messages passed to be authenticated and encrypted if you choose.
Page 299 If ver3 is used and sec-model is ver3 then you must select a security services level (< noauth | auth | priv >) params value matches params name. Using SNMP Tools To Manage the Switch tagvalue taglist matches value. 13-19...
Page 300: Trap Features
From the CLI you can configure up to ten SNMP trap receivers to receive SNMP traps from the switch. As an option, you can also configure the switch to send Event Log messages as traps. CLI:...
Page 301: Configuring Trap Receivers
“SNMP Communities” on page 13-12). Syntax: show snmp-server In the next example, the show snmp-server command shows that the switch has been previously configured to send SNMP traps to management stations belonging to the “public”, “red-team”, and “blue-team” communities.
Page 302: Enabling And Configuring Snmp Inform
However, no traps will be sent to that trap receiver until the community to which it belongs has been configured on the switch. Syntax: snmp-server host < community-string > < ip-address >...
Page 303 Trap Pdu Source-IP Information Selection Policy : Default rfc1517 Figure 13-10. Example Showing SNMP informs Option Enabled Configuring for Network Management Applications Unrestricted Community Events Sent Notify Type Retry Timeout guest Using SNMP Tools To Manage the Switch inform 13-23...
Page 304: Sending Event Log Messages As Traps
If you do not specify the event level ([<none | all | non-info | critical | debug>]) then the switch does not send event log messages as traps. "Well-Known" traps and threshold traps (if configured) will still be sent.
Page 305: Advanced Management: Rmon
■ History (of the supported Ethernet statistics) Event ■ The RMON agent automatically runs in the switch. Use the RMON management station on your network to enable or disable specific RMON traps and events. CLI-Configured sFlow with Multiple Instances For switches covered in this guide, sFlow can be configured via the CLI for up to three distinct sFlow instances.
Page 306: Configuring Sflow
— The central data collector that gathers datagrams from sFlow-enabled switch ports on the network. The data collector decodes the packet headers and other information to present detailed Layer 2 to Layer 7 usage statistics.
Page 307: Viewing Sflow Configuration And Status
Syntax: show sflow <receiver instance> destination Syntax: show sflow <receiver instance> sampling-polling <port-list/range> The show sflow agent command displays read-only switch agent information. The version information shows the sFlow version, MIB support and software versions; the agent address is typically the ip address of the first vlan config...
Page 308 The show sflow <instance> sampling-polling [port-list] command displays infor mation about sFlow sampling and polling on the switch. You can specify a list or range of ports for which to view sampling information.
Page 309: Lldp (Link-Layer Discovery Protocol)
To standardize device discovery on all ProCurve switches, LLDP has been implemented while offering limited read-only support for CDP as documented in this manual. For current information on your switch model, consult the latest Release Notes (available on the ProCurve Networking web site).
Page 310: Lldp Terminology
LLDP Neighbor: An LLDP device that is either directly connected to another LLDP device or connected to that device by another, non-LLDP Layer 2 device (such as a hub) Note that an 802.1D-compliant switch does not forward LLDP data packets even if it is not LLDP-aware.
Page 311: General Lldp Operation
LLDP Configuration Options Enable or Disable LLDP on the Switch. In the default configuration, LLDP is globally enabled on the switch. To prevent transmission or receipt of LLDP traffic, you can disable LLDP operation (page 13-38). Change the Frequency of LLDP Packet Transmission to Neighbor Devices.
Page 312 Disable (disable): This setting disables LLDP packet transmissions and ■ reception on a port. In this state, the switch does not use the port for either learning about LLDP neighbors or informing LLDP neighbors of its pres ence. SNMP Notification. You can enable the switch to send a notification to any configured SNMP trap receiver(s) when the switch detects a remote LLDP data change on an LLDP-enabled port (page 13-41).
Page 313 Subelement of the Remote-Management-Address TLV. Subelement of the System Capability TLV. Populated with data captured internally by the switch. For more on these data types, refer to the IEEE 802.1AB-2005 Standard. Remote Management Address. The switch always includes an IP address in its LLDP advertisements.
Page 314: Options For Reading Lldp Information Collected By The Switch
Using an SNMP application that is designed to query the Neighbors ■ MIB for LLDP data to use in device discovery and topology mapping. (This includes CDP data the switch has read and mapped to the LLDP counterpart.) Using the walkmib command to display a listing of the LLDP MIB ■...
Page 315: Lldp Operating Rules
You can override the default operation by configuring the port to advertise any IP address that is manually configured on the switch, even if the port does not belong to the VLAN configured with the selected IP address (page 13-43).
Page 316: Lldp Operation And Commands
In the default configuration, LLDP is enabled and in both transmit and receive mode on all active ports. The LLDP configuration includes global settings that apply to all active ports on the switch, and per-port settings that affect only the operation of the specified ports.
Page 317 For example, show lldp config produces the following display when the switch is in the default LLDP configuration: Figure 13-15. Example of Viewing the General LLDP Configuration Displaying Port Configuration Details. This command displays the port- specific configuration, including .
Page 318: Configuring Global Lldp Packet Controls
(Refer to page 13-43: “Configuring a Remote Management Address for Outbound LLDP Advertisements” Enables or disables LLDP operation on the switch. The no form of the command, regardless of individual LLDP port configurations, prevents the switch from transmitting outbound LLDP advertisements, and causes the switch to drop all LLDP advertisements received from other devices.
Page 319 For example, if the refresh-interval on the switch is 15 seconds and the holdtime-multiplier is at the default, the Time-to-Live for advertisements transmitted from the switch is 60 seconds (4 x 15). To reduce the Time-to-Live, you could lower the holdtime-interval to 2, which would result in a Time-to- Live of 30 seconds.
Page 320 Value or Status Changes to the LLDP MIB. The switch uses a delay- interval setting to delay transmitting successive advertisements resulting from these LLDP MIB changes. If a switch is subject to frequent changes to its LLDP MIB, lengthening this interval can reduce the frequency of successive advertisements.
Page 321: Configuring Snmp Notification Support
LLDP neighbor. (Default: Disabled) For information on configuring trap receivers in the switch, refer to the chapter titled “Configuring for Network Management Applications” in the Management and Configuration Guide for your switch.
Page 322 = 60 13-42 Globally changes the interval between successive traps generated by the switch. If multiple traps are generated in the specified interval, only the first trap will be sent. The remaining traps will be suppressed. (A network management application can periodically check the switch MIB to detect any missed change notification traps.
Page 323: Configuring Per-Port Lldp Transmit And Receive Modes
Configuring LLDP Per-Port Advertisement Content In the default LLDP configuration, outbound advertisements from each port on the switch include both the mandatory and the optional data listed in the next two subsections. Mandatory Data. An active LLDP port on the switch always includes the mandatory data in its outbound advertisements.
Page 324 LLDP advertisements. Note that optional data types, when enabled, are populated with data internal to the switch; that is, you cannot use LLDP commands to configure their actual content. ■...
Page 325: Displaying Advertisement Data
Also includes information on whether the capabilities are enabled. For example, if you wanted to exclude the system name from the outbound LLDP advertisements for all ports on a 2626 switch, you would use this command: ProCurve(config)# no lldp config 1-26 basicTlvEnable...
Page 326: Displaying Switch Information Available For Outbound
LLDP (Link-Layer Discovery Protocol) Displaying Switch Information Available for Outbound Advertisements These commands display the current switch information that will be used to populate outbound LLDP advertisements. Syntax show lldp info local-device [ port-list ] For example, in the default configuration, the switch information currently available for outbound LLDP advertisements appears similar to the display in figure 13-18 on page page 13-47.
Page 327 LLDP-configurable IP addresses on the switch. (Only manually-configured IP addresses are LLDP-configurable.) If the switch has only an IP address from a DHCP or Bootp server, then the Management Address field is empty (because there are no LLDP configurable IP addresses available). For more on this topic, refer to “Remote Management...
Page 328 – Multiple devices are connected to the switch through a hub. Discovering the same device on multiple ports indicates that the remote device may be connected to the switch in one of the following ways: – Through different VLANS using separate links. (This applies to switches that use the same MAC address for all configured VLANs.)
Page 329 Figure 13-21. Example of a Per-Port Listing of Advertisements Received from an LLDP Device N o t e With both LLDP and (read-only) CDP enabled on a switch port, the port can read both LLDP and CDP advertisements, and stores both types of data in its neighbor database.
Page 330: Displaying Lldp Statistics
Displaying LLDP Statistics LLDP statistics are available on both a global and a per-port levels. Rebooting the switch resets the LLDP statistics counters to zero. Disabling the transmit and/or receive capability on a port “freezes” the related port counters at their current values.
Page 331 This could be caused by a basic management TLV from a later LLDP version than the one currently running on the switch. TLVs Discarded: Shows the total number of LLDP TLVs discarded for any reason.
Page 332 Configuring for Network Management Applications LLDP (Link-Layer Discovery Protocol) Figure 13-22. Example of a Global LLDP Statistics Display Figure 13-23. Example of a Per-Port LLDP Statistics Display 13-52 Counters showing frames sent on a port but no frames received on that port indicates an active link with a device that either has LLDP disabled...
Page 333: Lldp Operating Notes
Neighbor Maximum. The neighbors table in the switch supports as many neighbors as there are ports on the switch. The switch can support multiple neighbors connected through a hub on a given port, but if the switch neighbor maximum is reached, advertisements from additional neighbors on the same or other ports will not be stored in the neighbors table unless some existing neighbors time-out or are removed.
Page 334: Lldp And Cdp Data Management
(ProCurve switches do not generate CDP packets.) LLDP and CDP Neighbor Data With both LLDP and (read-only) CDP enabled on a switch port, the port can read both LLDP and CDP advertisements, and stores the data from both types of advertisements in its neighbor database.
Page 335 However, if the chassis and port ID information in the two types of advertisements is the same, the LLDP information overwrites the CDP data for the same neighbor device on the same port.
Page 336: Cdp Operation And Commands
(The hold time for any data entry in the switch’s CDP Neighbors table is configured in the device transmitting the CDP packet, and cannot be controlled in the switch receiving the packet.) A switch reviews the list of CDP neighbor entries...
Page 337 Viewing the Switch’s Current CDP Neighbors Table. Devices are listed by the port on which they were detected. Syntax: show cdp neighbors Figure 13-25 lists two CDP devices that the switch has detected by receiving their CDP packets. Figure 13-25. Example of CDP Neighbors Table Listing...
Page 338 LLDP (Link-Layer Discovery Protocol) Enabling CDP Operation. Enabling CDP operation (the default) on the switch causes the switch to add entries to its CDP Neighbors table for any CDP packets it receives from other neighboring CDP devices. Disabling CDP Operation. Disabling CDP operation clears the switch’s CDP Neighbors table and causes the switch to drop inbound CDP packets from other devices without entering the data in the CDP Neighbors table.
Page 339 Overview ........... . . A-2 Downloading Switch Software ........A-2 General Switch Software Download Rules .
Page 340: Overview
For information on how switch memory operates, including primary and secondary flash, see Chapter 6, “Switch Memory and Configuration”. N o t e In the switch console interface, the switch software is referred to as the OS, for switch “operating system”. Downloading Switch Software ProCurve Networking periodically provides switch software updates through the ProCurve website (www.procurve.com).
Page 341: General Switch Software Download Rules
In the unlikely event that the primary image is corrupted (which may occur if a download is interrupted by a power failure), the switch goes into boot ROM mode. In this case, use the boot ROM console to download a new switch software image to primary flash.
Page 342: Menu: Tftp Download From A Server To Primary Flash
4. In the TFTP Server field, type in the IP address of the TFTP server in which the switch software file has been stored. 5. In the Remote File Name field, type the name of the switch software file. If you are using a UNIX system, remember that the filename is case-sensi...
Page 343 Figure A-2. Example of the Download OS Screen During a Download A “progress” bar indicates the progress of the download. When the entire switch software file has been received, all activity on the switch halts and you will see Validating and writing system software to FLASH...
Page 344: Cli: Tftp Download From A Server To Primary Or Secondary Flash
System software written to FLASH. You will need to reboot to activate. At this point, use the boot command to reboot the switch and activate the software you just downloaded: ProCurve # boot (For more on these commands, refer to “Rebooting the Switch” on page 6-18.)
Page 345: Using Secure Copy And Sftp
For some situations you may want to use a secure method to issue commands or copy files to the switch. By opening a secure, encrypted SSH session you can then use a third-party software application to take advantage of Secure Copy (SCP) and Secure ftp (SFTP).
Page 346: How It Works
SCP (secure copy) is an implementation of the BSD rcp (Berkeley UNIX remote copy) command tunneled through an SSH connection. SCP is used to copy files to and from the switch when security is required. SCP works with both SSH v1 and SSH v2. Be aware that the most third-party software application clients that support SCP use SSHv1.
Page 347: The Scp/Sftp Process
If you have already done it once you should not need to do it a second time. 2. To enable secure file transfer on the switch (once you have an SSH session established between the switch and your computer), open a terminal...
Page 348: Authentication
TACACS+ for authenticating a secure Telnet SSH session on the switch, you cannot enable SCP or SFTP. Also, if SCP or SFTP is enabled on the switch, you cannot enable TACACS+ authentication for a secure Telnet SSH. The...
Page 349: Workstation
Once you have configured your switch for secure file transfers with SCP and SFTP, files can be copied to or from the switch in a secure (encrypted) environment and TFTP is no longer necessary. Using Xmodem to Download Switch Software From a...
Page 350: Cli: Xmodem Download From A Pc Or Unix Workstation To Primary Or Secondary Flash
Click on the Send button. The download will then commence. It can take several minutes, depend ing on the baud rate set in the switch and in your terminal emulator. 6. After the primary flash memory has been updated with the new operating system, you must reboot the switch to implement the newly downloaded software.
Page 351 Note that if you do not specify the flash destination, the Xmodem download defaults to primary flash. For example, to download a switch software file named G0103.swi from a PC (running a terminal emulator program such as HyperTerminal) to primary flash: 1. Execute the following command in the CLI:...
Page 352: Switch-To-Switch Download
7. Download OS screen. 2. Ensure that the Method parameter is set to TFTP (the default). 3. In the TFTP Server field, enter the IP address of the remote switch contain ing the switch software you want to download.
Page 353: Cli: Switch-To-Switch Downloads
Check the Firmware revision line. CLI: Switch-To-Switch Downloads You can download a switch software file between two switches that use the same code base and which are connected on your LAN. To do so, use a copy tftp command from the destination switch.The options for this CLI feature...
Page 354: Using Procurve Manager Plus To Update Switch Software
If you do not specify either a primary or secondary flash location for the destination, the download automatically goes to primary flash. For example, to download switch software from secondary flash in a switch with an IP address of 10.28.227.103 to the secondary flash in the destination switch, you would execute the following command in the destination switch’s...
Page 355: Troubleshooting Tftp Downloads
Figure A-7. Example of Message for Download Failure To find more information on the cause of a download failure, examine the messages in the switch’s Event Log by executing this CLI command: ProCurve# show log tftp (For more on the Event Log, see “Using Logging To Identify Problem Sources”...
Page 356: Transferring Switch Configurations
File Transfers Transferring Switch Configurations For a Unix TFTP server, the file permissions for the switch software file ■ do not allow the file to be copied. ■ Another console session (through either a direct connection to a terminal device or through Telnet) was already running when you started the session in which the download was attempted.
Page 357 Xmodem: Copying a Configuration File from the Switch to a Serially Connected PC or Unix Workstation. To use this method, the switch must be connected via the serial port to a PC or Unix workstation to which you want to copy the configuration file. You will need to: ■...
Page 358 Transferring Switch Configurations Xmodem: Copying a Configuration File from a Serially Connected PC or Unix Workstation. To use this method, the switch must be connected via the serial port to a PC or Unix workstation on which is stored the configuration file you want to copy.
Page 359: Copying Diagnostic Data To A Remote Host, Pc, Or Unix Workstation
Copying Diagnostic Data to a Remote Host, PC, or Unix Workstation You can use the CLI to copy the following types of switch data to a text file in a management device: ■ Command Output: Sends the output of a switch CLI command as a file on the destination device.
Page 360: Copying Event Log Output To A Destination Device
This command uses TFTP or Xmodem to copy the Event Log content to a PC or UNIX workstation on the network. Syntax: For example, to copy the event log to a PC connected to the switch: At this point, press and start the...
Page 361: Copying Crash Log Data Content To A Destination Device
This command uses TFTP or Xmodem to copy the Crash Log content to a PC or UNIX workstation on the network. You can copy individual slot information or the master switch information. If you do not specify either, the command defaults to the master data.
Page 362 File Transfers Copying Diagnostic Data to a Remote Host, PC, or Unix Workstation A-24...
Page 363: Contents
General System Information ....... . . B-6 Switch Management Address Information ..... . B-7 Module Information .
Page 364 Monitoring and Analyzing Switch Operation Contents Menu: Configuring Port and Static Trunk Monitoring ... B-24 CLI: Configuring Port and Static Trunk Monitoring ... . . B-26...
Page 365: Overview
Status | Overview screen of the web browser interface (page 5-6). ■ Configurable trap receivers: Uses SNMP to enable management sta tions on your network to receive SNMP traps from the switch (“SNMP Notification and Traps” on page 13-18). ■...
Page 366: Status And Counters Data
N o t e You can access all console screens from the web browser interface via Telnet to the console. Telnet access to the switch is available in the Device View window under the Configuration tab. Status or Counters Type...
Page 367: Menu Access To Status And Counters
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access To Status and Counters Beginning at the Main Menu, display the Status and Counters menu by select ing: 1. Status and Counters Figure B-1. The Status and Counters Menu Each of the above menu items accesses the read-only screens described on the following pages.
Page 368: General System Information
Menu Access From the console Main Menu, select: 1. Status and Counters Figure B-2. Example of General Switch Information This screen dynamically indicates how individual switch resources are being used. See the online Help for details. CLI Access Syntax: 1. General System Information...
Page 369: Switch Management Address Information
Figure B-3. Example of Management Address Information with VLANs Configured This screen displays addresses that are important for management of the switch. If multiple VLANs are not configured, this screen displays a single IP address for the entire switch. See the online Help for details.
Page 370: Module Information
Monitoring and Analyzing Switch Operation Status and Counters Data Module Information Use this feature to determine which slots have modules installed and which type(s) of modules are installed. Menu: Displaying Port Status From the Main Menu, select: 1. Status and Counters . . .
Page 371: Port Status
1. Status and Counters . . . 4. Port Status Figure B-5. Example of Port Status on the Menu Interface CLI Access Syntax: show interfaces brief Web Access Click on the Status tab. Click on Port Status. Monitoring and Analyzing Switch Operation Status and Counters Data...
Page 372: Viewing Port And Trunk Group Statistics And Flow Control Status
These features enable you to determine the traffic patterns for each port since the last reboot or reset of the switch. You can display: A general report of traffic on all LAN ports and trunk groups in the switch, ■...
Page 373: Menu Access To Port And Trunk Statistics
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to Port and Trunk Statistics To access this screen from the Main Menu, select: 1. Status and Counters . . . 4. Port Counters Figure B-6. Example of Port Counters on the Menu Interface To view details about the traffic on a particular port, use the [v] key to highlight that port number, then select Show Details.
Page 374: Cli Access To Port And Trunk Group Statistics
CLI Access To Port and Trunk Group Statistics To Display the Port Counter Summary Report. This command provides an overview of port activity for all ports on the switch. Syntax: To Display a Detailed Traffic Summary for Specific Ports. This com...
Page 375: Menu Access To The Mac Address Views And Searches
Menu Access to the MAC Address Views and Searches Per-VLAN MAC-Address Viewing and Searching. This feature lets you determine which switch port on a selected VLAN is being used to communi cate with a specific device on the network. The per-VLAN listing includes: The MAC addresses that the switch has learned from network devices ■...
Page 376 Enter MAC address: _ 2. Type the MAC address you want to locate and press and port number are highlighted if found. If the switch does not find the MAC address on the currently selected VLAN, it leaves the MAC address listing empty.
Page 377: Cli Access For Mac Address Views And Searches
(for Search), to display the following prompt: Enter MAC address: _ 2. Type the MAC address you want to locate and press is highlighted if found. If the switch does not find the address, it leaves the MAC address listing empty. 3. Press (for Prev page) to return to the previous per-port listing.
Page 378 C-19 To Find the Port On Which the Switch Learned a Specific MAC Address. For example, to find the port on which the switch learns a MAC address of 080009-21ae84: Figure B-11. List the Port on which the Switch Deleted a MAC Address...
Page 379: Spanning Tree Protocol (Stp) Information
1. Status and Counters . . . 8. Spanning Tree Information STP must be enabled on the switch to display the following data: Figure B-12. Example of Spanning Tree Information Use this screen to determine current switch-level STP parameter settings and statistics.
Page 380: Cli Access To Stp Data
Monitoring and Analyzing Switch Operation Status and Counters Data Figure B-13. Example of STP Port Information CLI Access to STP Data This option lists the STP configuration, root data, and per-port data (cost, priority, state, and designated bridge). Syntax: ProCurve> show spanning-tree...
Page 381: Internet Group Management Protocol (Igmp) Status
Internet Group Management Protocol (IGMP) Status The switch uses the CLI to display the following IGMP status on a per-VLAN basis: Show Command Output show ip igmp Global command listing IGMP status for all VLANs configured in the switch: • VLAN ID (VID) and name •...
Page 382: Vlan Information
Monitoring and Analyzing Switch Operation Status and Counters Data VLAN Information The switch uses the CLI to display the following VLAN status: Syntax: Syntax: For example, suppose that your switch has the following VLANs: Ports 1 - 12 1, 2 3, 4 The next three figures show how you could list data on the above VLANs.
Page 383 Listing the VLAN ID (VID) and Status for ALL VLANs in the Switch. Figure B-15. Example of VLAN Listing for the Entire Switch Listing the VLAN ID (VID) and Status for Specific Ports. Because ports A1 and A2 are not members of VLAN...
Page 384: Web Browser Interface Status Information
As the title implies, it provides an overview of the status of the switch, including summary graphs indicating the network utili zation on each of the switch ports, symbolic port status indicators, and the Alert Log, which informs you of any problems that may have occurred on the switch.
Page 385: Port And Static Trunk Monitoring Features
You can designate a port for monitoring inbound (ingress) and outbound (egress) traffic of other ports and of static trunks on the switch. The switch monitors the network activity by copying all inbound and outbound traffic on the specified interfaces to the designated monitoring port, to which a network analyzer can be attached.
Page 386: Menu: Configuring Port And Static Trunk Monitoring
Port and Static Trunk Monitoring Features Menu: Configuring Port and Static Trunk Monitoring This procedure describes configuring the switch for monitoring when moni toring is disabled. (If monitoring has already been enabled, the screens will appear differently than shown in this procedure.) 1. From the Console Main Menu, Select:...
Page 387 Save) to save your changes and exit from the screen. 9. Return to the Main Menu. Monitoring and Analyzing Switch Operation Port and Static Trunk Monitoring Features Move the cursor to the Monitoring Port parameter. Port where monitored traffic exits the switch. , then press [Enter] (for B-25...
Page 388: Cli: Configuring Port And Static Trunk Monitoring
Syntax: For example, if you assign port A6 as the monitoring port and configure the switch to monitor ports A1 - A3, show monitor displays the following: Figure B-21. Example of Monitored Port Listing Configuring the Monitor Port. This command assigns or removes a mon...
Page 389 Figure B-22. Examples of Selecting Ports and Static Trunks as Monitoring Sources Figure B-23. Examples of Removing Ports as Monitoring Sources Monitoring and Analyzing Switch Operation Port and Static Trunk Monitoring Features These two commands...
Page 390: Web: Configuring Port Monitoring
Monitoring and Analyzing Switch Operation Port and Static Trunk Monitoring Features Web: Configuring Port Monitoring To enable port monitoring: Click on the Configuration tab. Click on Monitor Port. To monitor one or more ports. b. Select the port(s) to monitor.
Page 391: Contents
Debug Types ......... . C-26 Configuring the Switch To Send Debug Messages to One or More SyslogD Servers .
Page 392 Web: Viewing the Configuration File ..... . C-37 Listing Switch Configuration and Operation Details for Help in Troubleshooting ......C-38 Using the CLI .
Page 393: Overview
■ Check the switch LEDs – The LEDs on the switch are a fundamental diagnostic tool. They provide indications of proper switch operation and of any hardware faults that may have occurred: •...
Page 394 • Web Browser Interface – Use the Port Utilization Graph and Alert Log in the web browser interface included in the switch to help isolate problems. See Chapter 5, “Using the Web Browser Interface” for operating information. These tools are available through the web browser interface: –...
Page 395: Browser Or Telnet Access Problems
DHCP/Bootp server configuration to verify correct IP addressing. If you are using DHCP to acquire the IP address for the switch, the IP ■ address “lease time” may have expired so that the IP address has changed.
Page 396 Note: If DHCP/Bootp is used to configure the switch, see the Note, above. ■ If you are using DHCP to acquire the IP address for the switch, the IP address “lease time” may have expired so that the IP address has changed.
Page 397: Unusual Network Activity
Network activity that fails to meet accepted norms may indicate a hardware problem with one or more of the network components, possibly including the switch. Such problems can also be caused by a network loop or simply too much traffic for the network as it is currently designed and implemented.
Page 398: Prioritization Problems
IP Multicast (IGMP) Traffic That Is Directed By IGMP Does Not Reach IGMP Hosts or a Multicast Router Connected to a Port. IGMP must be enabled on the switch and the affected port must be configured for “Auto” or “Forward” operation.
Page 399: Lacp-Related Problems
Filter Traffic. The IGMP feature does not operate if the switch or VLAN does not have an IP address configured manually or obtained through DHCP/ Bootp. To verify whether an IP address is configured for the switch or VLAN, do either of the following: ■...
Page 400 Unusual Network Activity There can be several reasons for not receiving a response to an authentication request. Do the following: Use ping to ensure that the switch has access to the configured RADIUS ■ servers. Verify that the switch is using the correct encryption key (RADIUS secret ■...
Page 401 (RADIUS secret key) the switch is using is correct for the server being contacted. If the switch has only a global key configured, then it either must match the server key or you must configure a server-specific key.
Page 402 Unusual Network Activity Figure C-2. Example of How To List the Global and Server-Specific Radius Also, ensure that the switch port used to access the RADIUS server is not blocked by an 802.1X configuration on that port. For example, show port- access authenticator <...
Page 403: Radius-Related Problems
IP address is correctly configured in the switch. Use show radius to verify that the encryption key the switch is using is correct for the server being contacted. If the switch has only a global key configured, then it either must match the server key or you must configure a server-specific key.
Page 404: Spanning-Tree Protocol (Stp) And Fast-Uplink Problems
Return the values (2 seconds and 20 seconds, respectively, on a switch). A “downlink” port is connected to a switch that is further away (in hop ■ count) from the root device than the switch port on which fast-uplink STP is configured.
Page 405: Ssh-Related Problems
(use 'crypto' command). then you need to generate an SSH key pair for the switch. To do so, execute crypto key generate. (Refer to “2. Generating the Switch’s Public and Private Key Pair”...
Page 406: Stacking-Related Problems
Event Log. When troubleshooting TACACS+ operation, check the switch’s Event Log for indications of problem areas. All Users Are Locked Out of Access to the Switch. If the switch is func tioning properly, but no username/password pairs result in console or Telnet access to the switch, the problem may be due to how the TACACS+ server and/or the switch are configured.
Page 407 Disconnect the switch from network access to any TACACS+ servers ■ and then log in to the switch using either Telnet or direct console port access. Because the switch cannot access a TACACS+ server, it will default to local authentication. You can then use the switch’s local Operator or Manager username/password pair to log on.
Page 408: Timep, Sntp, Or Gateway Problems
System Allows Fewer Login Attempts than Specified in the Switch Configuration. Your TACACS+ server application may be configured to allow fewer login attempts than you have configured in the switch with the aaa authentication num-attempts command. TimeP, SNTP, or Gateway Problems The Switch Cannot Find the Time Server or the Configured Gateway .
Page 409 2. Similarly, if VLAN_2 (VID=2) is configured as “Tagged on the link port on switch “A”, then it must also be configured as “Tagged” on the link port on switch “B”. Make sure that the VLAN ID (VID) is the same on both switches.
Page 410 One symptom is that a duplicate MAC address appears in the Port Address Table of one port, and then later appears on another port. While the switch has multiple forwarding databases, and thus does not have this problem, some switches with a single forwarding database...
Page 411: Using Logging To Identify Problem Sources
The event log window contains 14 log entry lines and can be positioned to any location in the log. The event log will be erased if power to the switch is interrupted. Troubleshooting Using Logging To Identify Problem Sources...
Page 412 Troubleshooting Using Logging To Identify Problem Sources (The event log is not erased by using the Reboot Switch command in the Main Menu.) Table C-1.Event Log System Modules Module Event Description addrMgr Address table chassis switch hardware bootp bootp addressing...
Page 413: Menu: Entering And Navigating In The Event Log
Menu: Entering and Navigating in the Event Log From the Main Menu, select Event Log. Log Status Line Figure C-7. Example of an Event Log Display The log status line at the bottom of the display identifies where in the sequence of event messages the display is currently positioned.
Page 414: Cli
Using Logging To Identify Problem Sources CLI: Using the CLI, you can list ■ Events recorded since the last boot of the switch ■ All events recorded Event entries containing a specific keyword, either since the last boot or ■...
Page 415: Debug And Syslog Operation
Actions you can perform with Debug and Syslog operation include: Configure the switch to send Event Log messages to one or more SyslogD ■ servers. Included is the option to send the messages to the user log facility (default) on the configured servers, or to another log facility.
Page 416: Debug Types
Troubleshooting Using Logging To Identify Problem Sources Debug Types This section describes the types of debug messages the switch can send to configured debug destinations. Syntax: [no] debug < debug-type > C-26 Configures the switch to send all debug types to the config...
Page 417: Configuring The Switch To Send Debug Messages To One Or More Syslogd Servers
Configuring the Switch To Send Debug Messages to One or More SyslogD Servers Use the logging command to configure the switch to send Syslog messages to a SyslogD server, or to remove a SyslogD server from the switch configuration. Syntax: [no] logging <...
Page 418 Troubleshooting Using Logging To Identify Problem Sources For example, on a switch where there are no SyslogD servers configured, you would do the following to configure SyslogD servers 18.120.38.155 and 18.120.43.125 and automatically enable Syslog logging (with user as the default logging facility): ProCurve(config)# logging 18.120.38.155...
Page 419 Syslog log ging is currently disabled with one or more SyslogD servers configured, this command enables Syslog log ging on the switch. The show config command output includes the SyslogD server IP addresses currently con figured in the startup-config file.
Page 420 18.120.38.155. Also shows that the logging facility is set to user (the default), and that session logging is enabled.) Disables Syslog logging (but retains the Syslog IP address in the switch configuration). Does not affect Session logging. Shows Syslog (Destination) logging now disabled.
Page 421 ■ Syslog messages the switch generates carry the configured facility. All Syslog messages resulting from debug operation carry a “debug” severity. If you configure the switch to transmit debug messages to a SyslogD Troubleshooting Using Logging To Identify Problem Sources...
Page 422: Diagnostic Tools
When a link LED does not light (indicating loss of link between two devices), the most common reason is a failure of port auto-negotiation between the connecting ports. If a link LED fails to light when you connect the switch to a port on another device, do the following: 1. Ensure that the switch port and the port on the attached end-node are...
Page 423: Ping And Link Tests
To respond to a Ping test or a Link test, the device you are trying to reach must be IEEE 802.3-compliant. Ping Test. This is a test of the path between the switch and another device on the same or another IP network that can respond to IP packets (ICMP Echo Requests).
Page 424: Web: Executing Ping Or Link Tests
Destination IP/MAC Address is the network address of the target, or destination, device to which you want to test a connection with the switch. An IP address is in the X.X.X.X format where X is a decimal number between 0 and 255. A MAC address is made up of 12 hexadecimal digits, for example, 0060b0-080400.
Page 425: Cli: Ping Or Link Tests
Number of Packets to Send is the number of times you want the switch to attempt to test a connection. Timeout in Seconds is the number of seconds to allow per attempt to test a connection before determining that the current attempt has failed.
Page 426 Troubleshooting Diagnostic Tools Link Tests. You can issue single or multiple link tests with varying repeti tions and timeout periods. The defaults are: ■ Repetitions: 1 (1 - 999) Timeout: 5 seconds (1 - 256 seconds) ■ Syntax: Basic Link Test Link Test with Repetitions Link Test with...
Page 427: Displaying The Configuration File
Displaying the Configuration File The complete switch configuration is contained in a file that you can browse from either the web browser interface or the CLI. It may be useful in some troubleshooting scenarios to view the switch configuration. CLI: Viewing the Configuration File Using the CLI, you can display either the running configuration or the startup configuration.
Page 428: Listing Switch Configuration And Operation Details For Help In Troubleshooting
Troubleshooting Diagnostic Tools Listing Switch Configuration and Operation Details for Help in Troubleshooting The show tech command outputs, in a single listing, switch operating and running configuration details from several internal switch sources, including: ■ Image stamp (software version data) Running configuration ■...
Page 429 In Hyperterminal, click on Figure C-16. The Capture Text window of the Hypertext Application Used with 2. In the Figure C-17. Example of a Path and Filename for Creating a Text File from show 3. Click 4. Execute ProCurve# show tech a. Each time the resulting listing halts and displays -- MORE --, press the b. When the CLI prompt appears, the show tech listing is complete.
Page 430: Cli Administrative And Troubleshooting Commands
4-1. Syntax: Traceroute Command The traceroute command enables you to trace the route from the switch to a host address. This command outputs information for each (router) hop between the switch and the destination address. Note that every time you execute traceroute, it uses the same default settings unless you specify otherwise for that instance of the command.
Page 431 [timeout < 1-120 >] For the current instance of traceroute, changes the timeout period the switch waits for each probe of a hop in the route. For any instance of traceroute, if you want a timeout value other than the default, you must specify that value. (Default: 5 seconds) [probes <...
Page 432 ■ Hosts configured to avoid responding C-42 Intermediate router hops with the time taken for the switch to receive acknowledgement of each probe reaching each router. The asterisk indicates there was a timeout on the second probe to the third...
Page 433 Executing traceroute where the route becomes blocked or otherwise fails results in an output marked by timeouts for all probes beyond the last detected hop. For example with a maximum hop count of 7 (maxttl = 7), where the route becomes blocked or otherwise fails, the output appears similar to this: At hop 3, the first and third probes timed out...
Page 434: Restoring The Factory-Default Configuration
2. Continue to press the Clear button while releasing the Reset button. 3. When the Self Test LED begins to flash, release the Clear button. The switch will then complete its self test and begin operating with the configuration restored to the factory default settings.
Page 435: Restoring A Flash Image
Restoring a Flash Image The switch can lose its operating system if either the primary or secondary flash image location is empty or contains a corrupted OS file and an operator uses the erase flash command to erase a good OS image file from the opposite flash location.
Page 436 Restoring a Flash Image 4. Since the OS file is large, you can increase the speed of the download by changing the switch console and terminal emulator baud rates to a high speed. For example: b. Change the terminal emulator baud rate to match the switch speed: 5. Start the Console Download utility by typing do at the =>...
Page 437 Figure C-21. Example of Xmodem Download in Progress 8. When the download completes, the switch reboots from primary flash using the OS image you downloaded in the preceding steps, plus the most recent startup-config file. Troubleshooting Restoring a Flash Image...
Page 438 Troubleshooting Restoring a Flash Image C-48...
Page 439: Contents
Overview ........... . . D-2 Determining MAC Addresses in the Switch ......D-2 Menu: Viewing the Switch’s MAC Addresses .
Page 440: Overview
MAC address assigned to any non-default VLAN you have configured on the switch. N o t e The switch’s base MAC address is used for the default VLAN (VID = 1) that is always available on the switch. One Base MAC address assigned to the default VLAN (VID = 1)
Page 441: Menu: Viewing The Switch's Mac Addresses
■ Any additional VLANs configured on the switch. Also, the Base MAC address appears on a label on the back of the switch. N o t e The Base MAC address is used by the first (default) VLAN in the switch. This is usually the VLAN named “DEFAULT_VLAN”...
Page 442: Cli: Viewing The Port And Vlan Mac Addresses
This procedure displays the MAC addresses for all ports and existing VLANs in the switch, regardless of which VLAN you select. 1. If the switch is at the CLI Operator level, use the enable command to enter the Manager level of the CLI.
Page 443 Figure D-1. Example of Port MAC Address Assignments MAC Address Management Determining MAC Addresses in the Switch ifPhysAddress.1 - 6:Ports A1 - A6 in Slot 1 (Addresses 7 - 24 in slot 1 and 25 - 48 in slot 2 are unused.)
Page 444: Viewing The Mac Addresses Of Connected Devices
MAC address was detected. [ port-list ] Lists the MAC addresses of the devices the switch has detected, on the specified port(s). [ mac-addr ] Lists the port on which the switch detects the specified MAC address.
Page 445 To list the MAC addresses of devices the switch has detected, use the show mac-address command. For example: ProCurve# show mac-address Status and Counters - Port Address Table MAC Address Located on Port ------------- -------------- - 0001e6-09620c 11 0001e7-61d4c0 12...
Page 446 MAC Address Management Viewing the MAC Addresses of Connected Devices D-8...
Page 447: E Daylight Savings Time On Procurve Switches
Daylight Savings Time on ProCurve Switches Configuring Daylight Savings Time This information applies to the following ProCurve switches: • 2512 • 2524 • 2610 • 2610-PWR • 4108gl • 2626 • 2650 • 2626-PWR • 5304xl • 2650-PWR • 5308xl ProCurve switches provide a way to automatically adjust the system clock for Daylight Savings Time (DST) changes.
Page 448 Daylight Savings Time on ProCurve Switches Configuring Daylight Savings Time Canada and Continental US: • • Middle Europe and Portugal: • • Southern Hemisphere: • • Western Europe: • • A sixth option named "User defined" allows you to customize the DST config uration by entering the beginning month and date plus the ending month and date for the time change.
Page 449 Before configuring a "User defined" Daylight Time Rule, it is important to understand how the switch treats the entries. The switch knows which dates are Sundays, and uses an algorithm to determine on which date to change the system clock, given the configured "Beginning day" and "Ending day": ■...
Page 450 Daylight Savings Time on ProCurve Switches Configuring Daylight Savings Time E-4...
Page 451 Index Symbols => prompt … C-45 Numerics 802.1x LLDP blocked … 13-35 802.1X effect, LLDP … 13-53 802.3u auto negotiation standard … 10-4 access manager … 13-13 operator … 13-13 Actions line … 3-9, 3-10, 3-11 location on screen … 3-9 address table, port …...
Page 452 comparing startup to running … 6-6 console … 7-3 copying … A-18 download … A-3 factory default … 6-9, 8-2 IP … 8-3 network monitoring … B-23 permanent … 6-7 permanent change defined … 6-5 port … 10-1, 12-1 port trunk groups … 10-1, 12-1 quick …...
Page 453 … C-33 disclaimer … 1-ii DNS name … 5-4 Domain Name Server … 5-4 download switch-to-switch … A-14 troubleshooting … A-17 Xmodem … A-11 download OS … A-14 download, TFTP … A-3, A-4 downstream device (QoS) effect of priority settings …...
Page 454 statistics … B-19 inactivity timeout … 7-4 Inbound Telnet Enabled parameter … C-6 Inconsistent value … 13-40 inform requests … 13-22 invalid input … 4-13 CLI access … 8-7 configuration … 8-3 DHCP/Bootp … 8-3 duplicate address … C-7 duplicate address, DHCP network … C-7 effect when address not used …...
Page 455 LLDP 802.1D-compliant switch … 13-53 802.1x blocking … 13-35 802.1X effect … 13-53 active port … 13-30 advertisement … 13-30 advertisement content … 13-43 advertisement data … 13-45 advertisement, mandatory data … 13-43 advertisement, optional data … 13-44 advertisements, delay interval … 13-40...
Page 456 … 3-10 MIB … 13-4 MIB file, location on web site … 13-4 MIB listing … 13-4 MIB, HP proprietary … 13-4 MIB, standard … 13-4 mirroring See port monitoring. monitoring links between ports … 10-39 monitoring traffic …...
Page 457 event log messages … 11-14 operation on ProCurve switches … 11-2 planning and implementation … 11-13 port priority … 11-5 power supplies … 11-3 pre standard detect … 11-10 pre-802.3af-standard devices … 11-9 pre-std-detect … 11-9 priority class … 11-3 supporting legacy devices …...
Page 458 … 7-9 reset … 3-12, 6-11 Reset button restoring factory default configuration … C-44 reset port counters … B-10 resetting the switch factory default reset … C-44 restricted access … 13-14 restricted write access … 13-13 RFC See MIB.
Page 459 … 8-9 support changing default URL … 5-13 URL … 5-12 URL Window … 5-12 switch console See console. switch setup menu … 3-8 switch software See OS. switch-to-switch download … A-14 Syslog facility, user … C-31 See debug logging.
Page 460 … C-33 restoring factory default configuration … C-44 spanning tree … C-14 SSH … C-15 switch won’t reboot, shows => prompt … C-45 unusual network activity … C-7 using the event log … C-21 web browser access problems … C-5 trunk See port trunk.
Page 461 support … 5-12, 5-13 user name, using for browser or console access … 5-8, 5-10 users, SNMPv3 See SNMPv3. using the passwords … 5-10 utilization, port … 5-15 version, OS … A-5, A-12, A-15 view transceiver status … 10-15 VLAN … 8-4, C-20, D-2 address …...
Page 462 12 – Index...

This manual is also suitable for:

Procurve 2610-24 Procurve 2610-48 Procurve 2610-24-pwr Procurve 2610-48-pwr Procurve 2610-24/12-pwr

HP ProCurve 2610-PWR Management And Configuration Manual

1 Getting Started

4 Using the Command Line Interface (CLI)

5 Using the Web Browser Interface

6 Switch Memory and Configuration

7 Interface Access and System Information

8 Configuring IP Addressing

9 Time Protocols

10 Port Status and Basic Configuration

11 Power over Ethernet (Poe) Operation

12 Port Trunking

13 Configuring for Network Management Applications

Quick Links

Troubleshooting

Related Manuals for HP ProCurve 2610-PWR

Summary of Contents for HP ProCurve 2610-PWR